Privacy Policy

The protection of personal data is extremely important to us, which is why we describe in this Data Management information what personal data we process about you, for what purpose and legal basis. The Data Management Information also contains your rights.

Data of the Data Controller


Data controller: Vidarex Kft. (hereinafter: Data Controller)

Headquarters: 6500 Baja, Szarvas Gábor utca 10.

Company registration number: 03-09-135025

Tax number: 29271375-2-03

Website: www.vidarex.com

Email contact: [email protected]

General legislation on which data management is based

  • Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free flow of such data and on the repeal of Directive 95/46/EC (GDPR )
  • CXII of 2011. Act on the right to self-determination of information and freedom of information (Infotv.)
  • Act V of 2013 on the Civil Code (Ptk.)
  • CXXVII of 2007 Act on General Sales Tax (VAT Act)
  • Act C of 2000 on accounting (Accounting Act)
  • CLV of 1997. act on consumer protection (Fgy.tv.)
  • CXIX of 1995 Act on the handling of name and address data for the purpose of research and direct business acquisition (DM Act)
  • CVIII of 2001 Act on certain issues of electronic commercial services and services related to the information society (Eker tv.)
  • XLVIII of 2008 Act on the Basic Conditions and Certain Limitations of Economic Advertising Activities (Grt.)

Concepts


Personal data: any information relating to an identified or identifiable natural person ("Data Subject"); a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as a name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person can be identified. Such typical personal data in particular: name, address, place and time of birth, mother's name.


Data handling: any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or otherwise making available through, alignment or connection, restriction, deletion or destruction.


Data manager: the natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others; if the purposes and means of data management are determined by EU or member state law, the Data Controller or the special aspects regarding the designation of the Data Controller may also be defined by EU or member state law.


Data processor: the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the Data Controller.


Addressee: the natural or legal person, public authority, agency or any other body to whom the personal data is communicated, regardless of whether it is a third party.

Basic principles


The Data Controller takes into account the following basic principles when handling personal data, so personal data:

  • its handling must be carried out legally and fairly, as well as in a transparent manner for the Data Subject (legality, fair procedure and transparency)
  • be collected only for specific, clear and legitimate purposes, and they should not be handled in a way that is incompatible with these purposes; in accordance with Article 89 (1) of the GDPR, further data processing for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes is not considered incompatible with the original purpose (determination)
  • they must be appropriate and relevant for the purposes of data management and must be limited to what is necessary (data saving)
  • they must be accurate and, where necessary, up-to-date; all reasonable measures must be taken to immediately delete or correct personal data that is inaccurate for the purposes of data management (accuracy)
  • its storage must take place in a form that enables the identification of the Data Subjects only for the time necessary to achieve the goals of personal data management; personal data may only be stored for a longer period of time if the personal data will be processed in accordance with Article 89 (1) of the GDPR for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, the rights of the Data Subjects in this regulation and subject to the implementation of appropriate technical and organizational measures required to protect your freedoms (limited storage)
  • must be handled in such a way that adequate security of personal data is ensured through the application of appropriate technical or organizational measures, including protection against unauthorized or unlawful processing of data, accidental loss, destruction or damage (integrity and confidentiality)
  • the Data Controller is responsible for compliance with the above, and must also be able to prove this compliance (accountability)

Data management activity

Website contact

Purpose of data management
Making contact, maintaining contact
Legal basis for data management
GDPR Article 6 (1) point b): necessary to fulfill the contract or to take steps at the Data Subject's request prior to the conclusion of the contract
Categories of Data Subjects
Interested
Scope of personal data
Name, email address
Data retention period
Until the end of the 1st year after contact
Data transfer
44-49 of the GDPR. no data transfer takes place according to Articles
Recipients
The Data Controller uses Data Processor(s):
hosting provider: Amazon Web Services, Inc. (head office: 38 Avenue John F. Kennedy, L-1855, Luxembourg)

• mail system provider: Google Ireland Ltd. (headquarters: Google Building Gordon House, Barrow St, Dublin 4, Ireland)

• CRM system: HubSpot, Inc. (head office: 1 Sir John Rogerson's Quay, Dublin 2, Ireland)
Source of data
The source of the personal data is the interested party
Method and consequences of data provision
Entering the data is required. If you do not provide personal data, the Data Controller cannot contact you

Contact by email

Purpose of data management
Add contact via email
Legal basis for data management
Article 6 (1) point b) of the GDPR: necessary to fulfill the contract or to take steps at the request of the data subject prior to the conclusion of the contract
Categories of Data Subjects
Interested
Scope of personal data
Name, phone number, email address
Data retention period
Until the end of the 1st year after contact
Data transfer
44-49 of the GDPR. no data transfer takes place according to Articles
Recipients
The Data Controller uses Data Processor(s):

• mail system provider: Google Ireland Ltd. (headquarters: Google Building Gordon House, Barrow St, Dublin 4, Ireland)

• CRM system: HubSpot, Inc. (head office: 1 Sir John Rogerson's Quay, Dublin 2, Ireland)
Source of data
The source of the personal data is the interested party
Method and consequences of data provision
Entering the data is required. If you do not provide personal data, the Data Controller cannot contact you

Sending a newsletter

Purpose of data management
Sending a newsletter
Legal basis for data management
GDPR Article 6 (1) point a): consent
Categories of Data Subjects
Newsletter subscriber
Scope of personal data
Name, email address
Data retention period
Until withdrawal of consent or 30 days from the date of unsubscribing
Data transfer
44-49 of the GDPR. no data transfer takes place according to Articles
Recipients
The Data Controller uses Data Processor(s):

• hosting provider: Amazon Web Services, Inc. (head office: 38 Avenue John F. Kennedy, L-1855, Luxembourg)

• newsletter software: (MailChimp) The Rocket Science Group LLC (head office: 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, Georgia 30308)

• database provider: Dun & Bradstreet Hungary Kft. (headquarters: 1093 Budapest, Közraktár utca 30-32., company registration number: 01-09-167465)
Source of data
The source of personal data is the subscriber to the newsletter
Method and consequences of data provision
The provision of data is voluntary. If you do not provide personal data, the Data Controller cannot send you a newsletter

Service order

Purpose of data management
Service order
Legal basis for data management
Article 6(1)(b) GDPR: necessary to fulfill the contract or to take steps at the Data Subject's request prior to the conclusion of the contract
Categories of Data Subjects
Customer
Scope of personal data
Name, company name, representative/contact name, phone number, email address, installation address
Data retention period
Until the end of the 5th year following the completion or termination of the contract
Data transfer
44-49 of the GDPR. no data transfer takes place according to Articles
Recipients
The Data Controller uses Data Processor(s):

• CRM system: HubSpot, Inc. (head office: 1 Sir John Rogerson's Quay, Dublin 2, Ireland)
Source of data
The source of personal data is the customer
Method and consequences of data provision
Entering the data is required. If you do not provide personal data, the Data Controller cannot provide you with services

Use of Vidarex application

Purpose of data management
Using the Vidarex application with registration
Legal basis for data management
Article 6(1)(b) GDPR: necessary to fulfill the contract or to take steps at the Data Subject's request prior to the conclusion of the contract
Categories of Data Subjects
Customer
Scope of personal data
Surname, first name, company name, phone number, email address
Data retention period
Until the end of the 5th year following the completion or termination of the contract
Data transfer
44-49 of the GDPR. no data transfer takes place according to Articles
Recipients
The Data Controller does not use Data Processor(s).

The Data Controller uses independent Data Controller(s) to download the application:

• Google Play store: Google Ireland Ltd. (headquarters: Gordon House, Barrow Street, Dublin 4, Ireland), data management information.

• Apple Store: Apple Distribution International Ltd. (headquarters: Hollyhill Industrial Estate Hollyhill, Cork, Ireland),
data management information.
Source of data
The source of personal data is the customer
Method and consequences of data provision
Entering the data is required. If you do not provide personal data, the Data Controller cannot provide you with services

Invoicing

Purpose of data management
Issue of an invoice
Legal basis for data management
Article 6(1)(b) GDPR: necessary to fulfill the contract or to take steps at the Data Subject's request prior to the conclusion of the contract
Categories of Data Subjects
Customer
Scope of personal data
Name, address, tax number (for corporate clients), email address
Data retention period
Accounting tv. Based on § 169, paragraphs (1) and (2), 8 years
Data transfer
44-49 of the GDPR. no data transfer takes place according to Articles
Recipients
The Data Controller uses independent Data Controller(s) to download the application:

• invoicing program operated by szamlazz.hu: KBOSS.hu Kft. (headquarters: 1031 Budapest, Záhony utca 7. company registration number: 01-09-303201)

• accountant: Benefit Consulting Kft. (headquarters: 1064 Budapest, Vörösmarty utca 67., company registration number: 01-09-705615)

The Data Controller is subject to the CXXVII of 2007 on general sales tax. provides data to the National Tax and Customs Office (NAV) in accordance with point 1 of Annex No. 10 of the Act (VAT Act)
Source of data
The source of personal data is the customer
Method and consequences of data provision
Entering the data is mandatory. If you do not provide personal data, the Data Controller will not be able to fulfill its statutory invoicing obligation

Payment of service consideration

Purpose of data management
Payment of service consideration in the form of a bank transfer
Legal basis for data management
Article 6(1)(b) GDPR: necessary to fulfill the contract or to take steps at the Data Subject's request prior to the conclusion of the contract
Categories of Data Subjects
Customer
Scope of personal data
Name, company name (for corporate customers), bank account number, transfer amount, transfer time
Data retention period
Accounting tv. Based on § 169, paragraphs (1) and (2), 8 years
Data transfer
44-49 of the GDPR. no data transfer takes place according to Articles
Recipients
The Data Controller does not use Data Processor(s).

As an independent Data Controller, the Data Controller's account manager bank has access to personal data:

• Magyar Bankholding Zrt. (headquarters: 1134 Budapest, Kassák Lajos utca 18., company registration number: 01-10-140865). The Bank's information on data management is available here.
Source of data
The source of personal data is the customer
Method and consequences of data provision
Entering the data is required. If you do not provide personal data, the Data Controller cannot provide you with services

Contractual relationship


In the case of its Partners (supplier, customer) contracted with it, the Data Controller communicates and maintains a business relationship through the contact person specified in the contract.

Purpose of data management
To implement the contract between the Data Controller and the Partner as intended, maintaining communication and implementing cooperation
Legal basis for data management
GDPR Article 6 (1) point f): legitimate interest
Categories of Data Subjects
An employee of a partner (individual entrepreneur, Kft., Bt., Zrt.) as a person designated as contact person
Scope of personal data
Name, position, phone number, email address
Data retention period
Until the end of the 5th year following the completion or termination of the contract
Data transfer
44-49 of the GDPR. no data transfer takes place according to Articles
Recipients
The Data Controller does not use Data Processor(s).

• CRM system: HubSpot, Inc. (head office: 1 Sir John Rogerson's Quay, Dublin 2, Ireland)
Source of data
The source of personal data is the partner's contact person
Method and consequences of data provision
If you do not provide the necessary data, the Data Controller cannot negotiate with the Partner

Complaint handling

Purpose of data management
Dealing with any service related complaints
Legal basis for data management
Article 6 (1) point c) GDPR: fulfillment of legal obligation: CLV of 1997 on consumer protection. law
Categories of Data Subjects
Consumer
Scope of personal data
Name, address, phone number, email address, place, time, method of presenting the complaint, detailed description of the complaint, list of documents, documents and other evidence presented by the consumer
Data retention period
Fgy.tv 17/A. 3 years based on § (7).
Data transfer
44-49 of the GDPR. no data transfer takes place according to Articles
Recipients
The Data Controller does not use Data Processor(s).
Source of data
The source of personal data is the consumer as a complainant
Method and consequences of data provision
The provision of data is voluntary. If you do not provide the necessary data, the Data Controller may not be able to investigate your complaint

Website data management


The Website uses cookies.

A cookie is a file that is placed on your computer when you visit a website. A cookie is a packet of information that the server sends to the browser, and then the browser sends it back to the server with the data content determined by the server at each request. The purpose of this is to save the Internet settings of the website you are visiting, so that if you visit the same website again from the same device, the page will already remember the set parameters.


Cookies have numerous functions. Cookies are most often used to personalize ads and services, and to analyze website traffic.


According to the currently valid legislation, cookies can only be stored on your device if this is absolutely necessary, i.e. essential for the website to function, these are called "necessary cookies". The use of all other types of cookies requires your consent. You can view and set the cookies currently used on the website in the pop-up window when you enter the website.


Modern browsers allow modification of cookie settings. Some browsers automatically accept cookies by default, but this setting can also be changed to prevent automatic acceptance in the future. In case of conversion, the browser will offer the option to set cookies each time.


Given that the purpose of cookies is to support and facilitate the usability and processes of the website, if cookies are disabled, it cannot be guaranteed that you will be able to fully use all the functions of the website. In this case, the website may function differently than planned in the browser. More detailed information about the cookie settings of the following browsers:

Social media

The Data Controller is available on the social media page(s) below.The operator of the social website is considered an independent Data Controller, information on data management is available at the following links:

Community Page
Name of data controller
Contact information for data management
LinkedIn
LinkedIn Ireland Unlimited Company(head office: Wilton Plaza Wilton Place, Dublin 2, Ireland)
Twitter
Twitter, Inc. (head office: 1355 Market Street, Suite 900San Francisco 94103, California)


The Data Controller does not record or manage personal data about the user of the given social media site in its internal database and system.

Access to data


Competent employees of the Data Controller may access personal data to the extent necessary for the performance of their duties.

Data security measures


The Data Controller uses appropriate IT, technical and personal measures to protect the personal data it manages against, among other things, unauthorized access or unauthorized changes.

Rights of the Data Subject and their content related to data management

Related to data management Affected right
Content of the Data Protection Right
Right to information
/GDPR 13-14. article/
You have the right to receive information about the facts and purposes of data management at the time of obtaining your personal data. The Data Controller also provides you with additional information that is necessary to ensure fair and transparent data management, taking into account the specific circumstances and context of personal data management. You must also be informed about the fact of profiling and its consequences.
Right of access
/GDPR Article 15/
You have the right to request information on whether your personal data is being processed, and if such data processing is underway, you are entitled to know that the Data Controller:
• what personal data
• on what legal basis
• for what data management purpose
• how long you treat it
• to whom, when, on the basis of which law, to whom you provided access to your personal data or to whom you forwarded your personal data
• the source of your personal data (if you did not provide them to the Data Controller)
• whether it uses automated decision-making and its logic, including profiling.
Right to rectification
/GDPR Article 16/
You have the right to request that the Data Controller correct your inaccurate personal data or supplement your incomplete personal data. So you can request that the Data Controller change some of your personal data (for example, you can change your e-mail address or other contact details at any time).
Right to erasure ("right to be forgotten")
/GDPR Article 17/
You are entitled to request that the Data Controller delete your personal data if one of the following reasons exists:
• your personal data is no longer needed for the purpose for which it was collected or otherwise processed
• You withdraw your consent on the basis of data processing pursuant to Article 6 (1) point a) or Article 9 (2) point a) and there is no other legal basis for data processing
• You object to data processing on the basis of Article 21(1) and there is no overriding legitimate reason for data processing, or you object to data processing on the basis of Article 21(2)
• your personal data was processed illegally
• your personal data must be deleted in order to fulfill the legal obligation prescribed by EU or member state law applicable to the Data Controller
• the collection of your personal data took place in connection with the offering of services related to the information society referred to in paragraph 1 of Article 8.
Right to limitation
/GDPR Article 18/
You have the right to have the Data Controller restrict data processing at your request if one of the following reasons exists:

• You dispute the accuracy of your personal data (in this case, the limitation applies to the period that allows the Data Controller to check the accuracy of your personal data)
• the processing is unlawful and you object to the deletion of the data and instead request the restriction of its use
• The Data Controller no longer needs the personal data for the purpose of data management, but you require them to submit, enforce or defend a legal claim

You have objected to data processing in accordance with Article 21 (1) (in this case, the restriction applies to the period until it is established whether the Data Controller's legitimate reasons take precedence over your legitimate reasons).
Right to data portability
/GDPR Article 20/
You have the right to receive your personal data provided by you to a Data Controller in a segmented, widely used, machine-readable format, and you are also entitled to transmit this data to another Data Controller without being hindered by the Data Controller whose provided the personal data if:
• the data processing is based on consent according to Article 6 (1) point a) or Article 9 (2) point a) or on a contract according to Article 6 (1) point b) and
• data management is automated.

You are entitled to - if this is technically feasible - request the direct transmission of your personal data between Data Controllers.
Right to protest
/GDPR Article 21/
You have the right to object at any time to the processing of your personal data based on points e) or f) of Article 6 (1), including profiling based on the said provisions, at any time for reasons related to your own situation. In this case, the Data Controller may no longer process your personal data, unless the Data Controller proves that the data processing is justified by compelling legitimate reasons that take precedence over your interests, rights and freedoms, or that are necessary for the presentation, enforcement or defense of legal claims are connected.

If your personal data is processed for direct business acquisition, you have the right to object at any time to the processing of your personal data for this purpose, including profiling, if it is related to direct business acquisition.
Right to withdraw consent
/GDPR Article 7 (3)/

You have the right to withdraw your consent at any time. Withdrawal of consent does not affect the legality of data processing based on consent prior to withdrawal. You must be informed of this before giving your consent. Withdrawal of consent should be possible in the same simple way as giving it.


Data processing related legal remedies and their content

Legal remedy
Content of the remedy
The right to lodge a complaint with the Supervisory Authority
/GDPR Article 77/
In the event of a violation of your right to the protection of your personal data, you may submit a complaint to the following Authority:
National Data Protection and Freedom of Information Authority
registered office: 1055 Budapest, Falk Miksa utca 9-11.
mailing address: 1363 Budapest, Pf. 9.
phone: +36 (1) 391-1400
email: [email protected]
website: www.naih.hu
The right to an effective judicial remedy against the Data Controller or the Data Processor (initiation of legal proceedings)
/GDPR Article 79/
You have the right to go to court against the Data Controller or Data Processor if you experience the illegality of the processing of your personal data. The court acts out of sequence in the case. In this case, you can freely decide whether to file your claim with the competent court according to your place of residence or place of stay.
The contact details of the courts:
www.birosag.hu/torvenyszekek


Updating the Data Management Information

The Data Controller reserves the right to unilaterally modify this Data Management Information. This information may be amended especially if it is necessary due to changes in legislation, data protection official practices, business needs, or other circumstances. At the Data Subject's request, the Data Controller will send him a copy of the current information in the form agreed with him.

Baja, July 13, 2023