Data handling policy
Privacy statement of IHLS Ltd
Company name: IHLS Ltd
Location: 1015 Budapest, Széna tér 1/a
Tax identification number: 10831995-2-41
Company registration number: 01-09-263264
Published on: 2021.08.02.
IHLS Kft (head office: 1015 Budapest, Széna tér 1/a., hereinafter referred to as the Data Controller, Service Provider) acknowledges the contents of this Policy as binding on itself and undertakes to ensure that all the contents of this Policy are in compliance with the provisions of the applicable legislation and meet the requirements of it. The processing of the data necessary for the performance of the Service Provider's activities is based on the voluntary consent of the data subject. The information is permanently available on the website www.ih.hu.
This Privacy Notice is in compliance with the applicable data protection legislation, in particular with the following acts:
Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information
Act XLVIII of 2008 on the basic conditions and certain restrictions of economic advertising activities;
Act C of 2003 on electronic communications
- Interpretative provisions
For the purposes of these Rules:
data subject: any natural person who is identified or can be identified, directly or indirectly, on the basis of specified personal data;
personal data: data that can be associated with a data subject, in particular the name, the identification mark and one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of the data subject, and the inference that can be drawn from the data concerning the data subject;
consent: a voluntary and explicit indication of the data subject's wishes, based on adequate information, by which he or she signifies his or her unambiguous agreement to the processing of personal data relating to him or her, whether in full or in part;
objection: a declaration by the data subject objecting to the processing of his or her personal data and requesting the cessation of the processing or the erasure of the data processed;
data controller: the natural or legal person or unincorporated body which, alone or jointly with others, determines the purposes for which the data are processed, takes and implements decisions regarding the processing (including the means used) or has the data processed;
data controlling: any operation or set of operations which is performed upon data, regardless of the procedure used, in particular collection, recording, organisation, storage, alteration, use, consultation, disclosure, transmission, alignment or combination, blocking, erasure and destruction, as well as prevention of further use of the data, taking of photographs, audio or video recordings, and the recording of physical characteristics (e.g. fingerprints, palm prints, DNA samples, iris scans) that can identify the person;
data transfer: making data available to a specified third party;
data disclosure: making data available to any person;
data erasure: rendering data unrecognisable in such a way that it is no longer possible to retrieve it;
data marking: the marking of data with an identification mark to distinguish it;
data blocking: the marking of data with an identification mark for the purpose of limiting their further processing permanently or for a limited period of time;
data destruction: the total physical destruction of a data medium containing data;
data processing: the performance of technical tasks related to data processing operations, irrespective of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;
data processor: a natural or legal person or an unincorporated body which carries out processing of data on the basis of a contract, including a contract concluded pursuant to a legal provision;
responsible party: the public sector body which has produced the public interest data subject to mandatory disclosure by electronic means or in the course of whose activities the data was generated;
data provider: means the public sector body which, if the data controller does not publish the data itself, publishes on a website the data transmitted to it by the data controller;
data set: the set of data managed in a register;
third party: a natural or legal person or an unincorporated body other than the data subject, the controller or the processor.
- Principles of data management
Personal data may only be processed for specified purposes, for the exercise of rights and the performance of obligations. At all stages of processing, the purpose of the processing must be fulfilled and the collection and processing of data must be fair and lawful.
Only personal data that is necessary for the purpose of the processing and is adequate for the purpose shall be processed. Personal data may only be processed to the extent and for the duration necessary to achieve the purpose. Personal data may be processed if:
the data subject consents, or
it is ordered by law or, on the basis of a law, by a local government decree within the scope specified by law, for a purpose in the public interest (hereinafter referred to as "mandatory processing").
Personal data may also be processed where obtaining the data subject's consent would involve an impossible or disproportionate effort and the processing of the personal data would be
necessary for compliance with a legal obligation to which the controller is subject; or
it is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, and the pursuit of those interests is proportionate to the restriction of the right to the protection of personal data.
Where the data subject is unable to give his or her consent due to incapacity or for other reasons beyond his or her control, the personal data of the data subject may be processed to the extent necessary to protect his or her vital interests or those of another person or to prevent or protect against imminent danger to life, limb or property of a person, as long as the obstacles to consent persist.
The consent or subsequent approval of the legal representative is not required for the validity of a legal declaration of consent by a minor aged 16 or over.
If the personal data has been collected with the consent of the data subject, the controller shall, unless otherwise provided by law,
for the performance of a legal obligation to which he is subject, or
for the purposes of the legitimate interests pursued by the controller or by a third party, where such interests are proportionate to the restriction of the right to the protection of personal data, without further specific consent and even after the withdrawal of the data subject's consent.
In case of doubt, the data subject shall be presumed not to have given his or her consent.
- Scope of personal data, purpose, legal basis and duration of processing
- Processing in relation to the main activity of the controller
Purpose of the processing: personal data is processed when strictly necessary for the performance of the service provided under these General Terms and Conditions (hereinafter referred to as the "core activity"). The purpose of the processing in this case is to facilitate and fulfil orders.
Legal basis for processing: the data subject's voluntary consent.
Scope of data processed:
For the purposes of creating the contract, determining its content, amending it, monitoring its performance, invoicing the fees arising from it and enforcing claims related to it, the processing of natural personal data necessary to identify the User: name, e-mail address, address, billing name, telephone number and, in the case of a company service request, data relating to the company (e.g. tax number).
For the purpose of invoicing the fees resulting from the contract, processing natural person identification: data relating to the use of the service, address, and data relating to the time, duration and place of use of the service.
For the purpose of providing a service: personal data which is technically necessary for the provision of the service.
Duration of data processing: in case of use of the service by registration, data processing lasts until withdrawal. In the case of unregistered use of the service, the Data Controller deletes the data after 7 years following the non-existence of the contract, the termination of the contract and the invoicing.
Persons entitled to access the data: all employees of the Data Controller who are indispensable for the provision of the service may have access to the processed data in the course of the performance of the core business.
Data Controller's data:
Company name: IHLS Ltd.
Registered office: 1015 Budapest, Széna tér 1/a
Tax number: 10831995-2-41
Company registration number: 01-09-263264