PRIVACy POLICY

Paner Kereskedelmi és Szolgáltató Limited Company (hereafter: the Company) pays careful attention during the processing of their customers personal data, to follow the laws and regulations set by; Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation) is hereafter referred to as the GDPR Regulation, Act V of 2013, Act CXII of 2011 on the right to information self-determination and freedom of information (hereafter Infotv.), Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Commercial Advertising and the provisions of other applicable legislation governing the protection of personal data, in accordance with the practice established during the activities of the National Data Protection and Freedom of Information Authority (NAIH) and the Data Protection Commissioner. As a data controller, Paner Kft. acknowledges the content of this statement as obligatory and ensures that its data management related to their services complies with the rules set out in this document.

1. controller:

Paner Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság

Registered address:     7100 Szekszárd, Holub u. 1. fsz/1.

Phone number:       +36 70 433 0134

Website:        paner.hu

E-mail:          info@paner.hu

Tax number:    25733817-2-17

2. PROCESSING OF PERSONAL DATA: THE PURPOSE, LAWFUL BASIS, DURATION AND METHOD OF PROCESSING AND THE SCOPE OF THE PERSONAL DATA BEING PROCESSED.

2.1. Data processing of private individuals who are representatives of business partners, customers, service providers and subcontractors.

Purpose of processing: To keep in contact with business partners.

Scope of data: Name, telephone number, e-mail.

Lawful Basis for processing Legitimate interest of the processor. GDPR article 6 (1)(f).

Duration of processing: Up to 5 years after the expiry of the contract.

Method of processing: On paper and digitally.

2.2. Data Processing for invoicing purposes issued to private individuals

Purpose of processing: Fulfillment of tax and accounting obligations

Type of personal data processed: Name, address.

Legal basis for processing: Fulfillment of a legal obligation.

Duration of processing: 8 years after issuing the invoice.

Method of processing: On paper and digitally.

2.3 Data Processing for Services offered to private individuals

Purpose of processing: Fulfillment of contract and to keep in contact with customers.

Type of personal data processed: Name, address, telephone number, e-mail address.

Legal basis for processing: Consent of the Data subject. GDPR Article 6 (1)(a)

Duration of processing: Until consent is withdrawn.

Method of processing: On paper and digitally.

2.4. Data processing of visitors to the the website

The Company runs a website called paner.hu. Read more information about the Cookies we use in our Cookie Policy.

Purpose of processing: Whilst visitors view the website we check that our services are functioning correctly and record any suspicious activities on our site.

Type of personal data processed: Date, time, IP address, codes of the pages visited, information regarding the visitor’s browser.

Legal basis for processing: Consent of the Data subject.

Duration of processing: 30 days after viewing the website.

Method of processing: Digitally.

2.5. Data Processing of individuals contacting the Company by e-mail.

Purpose of processing: Responding to requests.

Type of personal data processed: Name, e-mail address, date and other personal data provided by the data subject.

Legal basis for processing: Consent of the Data subject. GDPR Article 6 (1)(a)

Duration of processing: Until consent is withdrawn.

Method of processing: Digitally.

2.6. Data management on the Company’s Facebook page.

The Company uses Facebook to inform interested parties and to promote the company’s services.

Purpose of processing: Promote the Company’s services.

Type of personal data processed: Name, picture.

Legal basis for processing: Consent of the Data subject. GDPR Article 6 (1)(a)

Duration of processing: Until consent is withdrawn.

Method of processing: Digitally.

Additional information: The Company does not process personal data uploaded by visitors.

2.7. Data Processing for accountancy purposes.

Purpose of processing: Fulfillment of tax and accounting obligations.

Type of personal data processed:

  • According to the Accounting Act: name, address, signature, tax number.
  • According to the Personal Income Tax Act: unique self-employed card number, tax identification number.

Legal basis for processing: Fulfillment of a legal obligation.

Duration of processing: 8 years after the termination of contract that has provided the legal basis for processing.

Method of processing: Digitally and on paper.

2.8. Data Processing for job application purposes.

Purpose of processing: Finding suitable applicants for advertised positions.

Type of personal data processed: name, date of birth, place of birth, address, education and qualifications, picture, phone number, e-mail address, any other information provided by the applicant.

Legal basis for processing: Consent of the Data subject. GDPR Article 6 (1)(a).

Duration of processing: Until the position is filled, not selected applicant’s information will be deleted.

Method of processing: Digitally and on paper.

3. SOURCE OF PERSONAL DATA

Directly from the person concerned.

4. WHO ARE OUR DATA PROCESSORS.

Subcontractors and other processors who perform tasks necessary to achieve the purpose of data management are entitled to access the personal data we process. Individuals, processors, or subcontractors acting on behalf of, or in the interests of, the controller must not disclose the data or transfer it to third parties without prior authorisation. Data processors are aware of the provisions of this privacy statement and acknowledge that they are bound by it.

Our company has a contractual relationship with data processors working in the following fields:

Magyar Hosting Kft. – Webhosting

Registered address:    1132 Budapest, Viktor Hugó u. 18-22.

Phone number:    +36 1 700 2323

E-mail:  info@mhosting.hu

Website:  mhosting.hu

Privacy Policy:    https://www.mhosting.hu/adatvedelem

Alisca-Ingatlan Tanácsadó és Könyvelő Iroda Kft.

Registered address::    7100 Szekszárd, Mátyás király utca 8.

Phone number:    +36 74 508 730

E-mail:    konteplussz@gmail.com

UNIQA Biztosító Zrt.

Registered address:    1134 Budapest, Róbert Károly Krt. 70-74.
Phone number:    +36 1 /20/30/70 544-5555
E-mail:    adatvedelem@uniqa.hu
Website:    uniqa.hu
Privacy Policy:    https://www.uniqa.hu/documents/20182/85338/gdpr-tajekoztato

AXEL Professional Softwares Kft. – számlázó program szolgáltatás

Registered address:    6000 Kecskemét, Dobó I. Krt. 13. III./11.
Phone number: +36 1 510 0750
E-mail:    info@axel-professional.hu
Website:    https://www.axel-szamlazo-program.hu
Privacy Policy:    https://www.axel-szamlazo-program.hu/adatkezeles-szabalyzat

Klinix Kft. – szellőzőrendszer fertőtlenítés

Registered address:    7100 Szekszárd, Holub u. 1.

E-mail:    info@klinix.hu

Website:    klinix.hu

Privacy Policy:    https://www.klinix.hu/adatvedelmi-nyilatkozat/

UniCredit Bank Hungary Zrt. – Banki szolgáltatások

Registered address:    1054 Budapest, Szabadság tér 5-6.

Mailing address:    1242 Budapest, Pf. 386

Phone number:    +36 1 353 3200

E-mail:    adatkezeles@unicreditgroup.hu

Website:    unicreditbank.hu

Privacy Policy:    https://www.unicreditbank.hu/hu/rolunk/hasznos_informaciok/penzugyi_informaciok/tajekoztato_az_adatkezelesrol.html

5. RECIPIENTS of DATA TRANSMISSION

Name:    Nemzeti Adó és Vámhivatal

Registered address:    1054 Budapest, Széchenyi út 2.

Phone number:    +36 1 428 5100

Website:    nav.gov.hu

Privacy Policy:    http://nav.gov.hu/nav/adatvedelem/adatvedelem.html

6. WHO CAN ACCESS THE DATA WE PROCESS

Subcontractors and employees of Paner Kft. involved in data management and data processing are authorised to process data limited to the extent of performing their job.

 

Exceptions to the above are official and court inquiries that Paner Kft. fulfills in accordance with the legislation in force.

RIGHTS OF DATA SUBJECTS

Data subjects may request information on the processing of their personal data, as well as request the correction of their personal data, – with the exception of mandatory data processing – deletion, revocation, restriction of data processing, exercise his or her right of data portability and have the right to object.

1. Transparency - The right to be informed.

At the request of the data subject, the Company shall take appropriate measures to provide the data subject with all the data held, and any information relating to the processing of personal data, in a concise, transparent, comprehensible and easily accessible form and in a clear and comprehensible manner.  In particular:

  • the identity and contact details of the controller.
  • the purpose and the legal basis for the processing.
  • if the data processing is based on a “legitimate interest”, what these legitimate interests are.
  • recipients of personal data.
  • appropriate safeguards for data transfers outside the EU.
  • the planned duration of the data processing.
  • the data subject’s right to request the controller to access, rectify, delete, or restrict, the processing of personal data concerning him or her, and to object to the processing of such personal data, and also the data subject’s right to data portability.
  • the right to lodge a complaint with the supervisory authority.
  • whether the provision of data is a precondition for the conclusion of the contract and the possible consequences of non-provision of data.
  • details regarding possible automated decision making, including profiling.

2. The right of access.

a) The data controller is obliged to provide the data subject with a copy of the personal data that is being processed, free of charge. For additional copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. If the application was submitted electronically by the data subject, the information shall be provided in a widely used electronic format. All this must not adversely affect the rights and freedoms of others.

 

b) The right to be informed in writing (e-mail, letter) at info@paner.hu or 7100 Szekszárd, Holub u. 1 fsz/1.

 

c) Upon request, information may be provided in person to the data subject upon proof of identity.

3. The right to certification.

The data subject may request the correction of inaccurate personal data processed by the company and the completion of incomplete data.

4. The right to erasure.

a) The data subject has the right to request from the company, to have his or her data deleted without undue delay if one of the following reasons exists:

  • Personal data is no longer required for the purpose for which it was collected or processed.
  • The data subject shall withdraw the consent on which the data processing is based on and there is no other legal basis for the data processing.
  • The data subject objects to the processing and there is no overriding legitimate reason for the processing.
  • Personal data has been processed unlawfully.
  • Personal data must be deleted in order to comply with a legal obligation under EU or Member State law applicable to the controller.
  • Personal data is collected in connection with the provision of information and consumer society services.

 

b) Deletion of data may not be initiated if the processing is necessary for the following reasons:

 

c) for the purpose of exercising the right to freedom of expression and information:

  • for the purpose of exercising the right to freedom of expression and information.
  • the controller is subject to an obligation under EU or Member State law.
  • in the public interest.
  • in the field of public health.
  • for archiving, scientific and historical research.
  • to protect legal claims.

5. The right to restrict processing.

a) The data subject has the right to request restriction of processing from the controller, if:

  • the data subject disputes the accuracy of the personal data.
  • the processing is unlawful, and the data subject opposes the processing of the data.
  • the data controller no longer needs the personal data, but the data subject requires it to enforce legal claims.
  • The data subject objects against the data processing; in that case, the restriction shall apply until it is established that the legitimate reasons of the controller take precedence over those of the data subject.

 

b) If the processing is subject to a restriction, the personal data, with the exception of storage, shall be subject to the consent of the data subject:

  • in case of legal claims.
  • to protect the rights of legal persons.
  • in the overriding public interest of the European Union or of the Member State.

6. The right to data portability.

The data subject has the right to receive the personal data concerning him or her – collected by the controller – in a structured, widely used, commonly readable format and to transmit this data to another controller.

7. Rights in relation to automated decision making and profiling.

a) The data subject has the right not to be subject to purely automated data processing, including profiling, which would have a legal effect on him or her, or would be affected by it in any other way.

 

b) The above rights shall not apply if the data processing is necessary for fulfilling the contract between the data subject and the controller.

 

c) It shall be governed by EU or Member State law applicable to the controller, which shall also lay down appropriate measures to protect the rights and freedoms and legitimate interests of the data subject unless the data subject has given his or her express consent.

8. Right of withdrawal.

The data subject has the right to withdraw his or her consent at any time. Withdrawal of consent shall not affect the lawfulness of the consent-based processing prior to its withdrawal.

9. Procedural legislation

a) The controller must inform the data subject of the action taken on the request without delay, but in any case, within one month of receipt of the request. If necessary, taking into account the complexity of each request and the number of requests, this period may be extended by a further two months.

 

b) The controller shall inform the data subject of the extension of the time limit and indicate the reasons for the delay, within one month of receiving the request. If the data subject has submitted the request electronically, the information shall be provided electronically, unless the data subject requests otherwise.

 

c) If the controller does not act on the data subject’s request within one month of receipt of the request, the data subject may lodge a complaint with a supervisory authority and have the right to a judicial remedy.

 

d) The company shall provide the requested information free of charge. If the data subject’s request is unfounded or due to its repetitive nature, excessive, the controller may charge a reasonable fee for the administrative costs of completing the requested action, or refuse to act upon the request.

 

e) The controller shall inform all recipients to whom, or with whom, the personal data has been shared, of any rectification, erasure or restriction on the processing of personal data, unless this proves to be impossible or requires a disproportionate effort. At the request of the data subject, the controller shall inform him or her of the recipients.

 

f) The data controller shall make a copy of the personal data available – which is the subject of the data processing – to the data subject. For additional copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. If the data subject has submitted the request electronically, the information shall be provided in electronic format, unless the data subject requests otherwise.

10. Compensation and damages.

a) Any person who has suffered pecuniary or non-pecuniary damage as a result of a breach of the Data Protection Regulation is entitled to compensation from the controller or processor for the damage suffered. The data processor shall be liable for damages caused by the data processing only if it has not complied with the obligations specified in the law, which are specifically imposed on the data processors, or if it has disregarded or acted contrary to the data controller’s instructions.

 

b) If several data controllers or several data processors, or both the data controller and the data processor are involved in the same data management and are liable for damages caused by the data processing, each data controller and data processor shall be equally liable for the total damage.

 

c) The controller or processor shall be released from liability if it proves that they are not liable in any way for the event giving rise to the damage.

11. Right to apply to the courts

In the event of a breach of his or her rights, the data subject may bring an action against the data controller (at the discretion of the data subject according to the defendant’s domicile or the data subject’s place of residence). The court will assign a high priority to the case.

12. Data Protection Authority procedure

Complaints should be made to the National Data Protection and Freedom of Information Authority (NAIH).


Name:    Nemzeti Adatvédelmi és Információszabadság Hatóság
Address:    1055 Budapest, Falk Miska utca 9-11.
Post:    1374 Budapest, Pf.: 603.
E-mail:  ugyfelszolgalat@naih.hu
Phone number:    +36 1 391 1400