The electronic website operated by Vtk Innosystem Kft. (vtkinnosystem.com) respects the rights of persons visiting the website regarding their personal data. Pursuant to the relevant provisions of the applicable legislation, by providing the data required for contacting us through the website, you consent to Vtk Innosystem Kft. processing your data as necessary within the scope of such contact, in compliance with the referenced legal requirements.
Please note that data provision is voluntary. You are entitled at any time to request information about data processing, and to request the rectification or deletion of your data by sending a letter to Vtk Innosystem Kft. at 1117 Budapest, Prielle Kornélia u. 47-49., or by e-mail to titkarsag@vtkinnosystem.com.
The privacy policy and statement available under the company’s abbreviated name on its website (hereinafter: Privacy Statement)
Name: Vtk Innosystem Kft.
address: 1117 Budapest, Prielle Kornélia u. 47-49.,
email: titkarsag@vtkinnosystem.com,
as the data controller (hereinafter: Data Controller), this Privacy Statement contains the data processing rules and privacy notice applicable to the users of the website operated by the Data Controller (hereinafter: User), regarding the processing of the personal data defined herein, in accordance with Act CXII of 2011 on informational self-determination and freedom of information (hereinafter: Info Act), and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter: GDPR).
During contact, the User provides the following personal data: the data requested and processed, generally name, e-mail address, telephone number, and, where necessary, other personal data. Data technically recorded during system operation: data of the User’s login computer generated during use of the service and recorded by the Data Controller’s system as the automatic result of technical processes. Automatically recorded data are logged automatically upon entry and exit, without any separate declaration or action by the User. Such data cannot be linked to other personal User data, except in cases required by law. Only the Data Controller has access to the data.
Data processing is carried out on the basis of the Users’ voluntary declaration made on the basis of appropriate information, which includes the Users’ express consent to the use of the personal data provided during use of the website. The legal basis for data processing is the User’s voluntary consent pursuant to Article 6(1)(a) of the GDPR. The User gives consent for each data processing activity by using the website, contacting the Data Controller, and voluntarily providing the relevant data. The purpose of data processing is to ensure communication between the User and the Data Controller. The Data Controller stores the data provided by the User in a purpose-limited manner, exclusively during and for the purpose of maintaining contact. The purpose of automatically recorded data is the preparation of statistics, the technical development of the IT system, and the protection of Users’ rights. The Data Controller does not use the personal data provided to it for purposes other than its operation. Disclosure of personal data to third parties or authorities is only possible with the User’s prior, express consent, unless otherwise mandatorily provided by law. The User providing the personal data is solely responsible for the accuracy of the personal data provided to the Data Controller. By providing any e-mail address, the User also assumes responsibility that only the User uses the service from the e-mail address provided. In view of this assumption of responsibility, all liability relating to logins made with a given e-mail address shall be borne exclusively by the User who registered that e-mail address.
The processing of personal data mandatorily provided during contact begins with the contact and lasts until the purpose is fulfilled or until deletion is requested by the User. In the case of non-mandatory and/or personal data, data processing lasts from the time the data are provided until the deletion of the relevant data. No logging takes place on the website. The above provisions do not affect the fulfilment of retention obligations specified by law, for example tax legislation, or data processing based on further consents given during contact through the website or by any other means.
The data may primarily be accessed by the designated employees of the Data Controller; however, the data are not published and are not transferred to third parties. In connection with the operation of the IT system and the handling of complaints, the Data Controller may engage external persons. Regarding the data processing activities of such external contributors, the Data Controller requests a data processing/confidentiality declaration concerning the processing of the transferred data and, where justified, concludes a data processing agreement. The Data Controller is not responsible for the other data processing practices of external contributors. The transfer and use of the User’s personal data may take place in cases mandatorily specified by applicable legislation or on the basis of the User’s consent.
Data security: a system of technical and organizational solutions against the unauthorized acquisition, modification and destruction of data.
Data processor: a natural or legal person, public authority, agency or any other body that processes personal data on behalf of the Data Controller.
Data processing: any operation or set of operations performed on personal data or data files, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, transfer, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of data processing: marking stored personal data with the aim of restricting their future processing.
Right to data portability: the data subject is entitled to request the direct transfer of their personal data between data controllers.
Data protection: the totality of principles, rules, procedures, data processing tools and methods ensuring the lawful processing of personal data and the protection of data subjects.
Data subject: any natural person who contacts or has a legal relationship with the Data Controller while providing their data, in particular a client, complainant, public-interest whistleblower, public-interest data requester, contact person of a legal entity, or newsletter subscriber.
Personal data: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, as well as by conclusions drawn from the data relating to the data subject.
Special category data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic and biometric data for the purpose of uniquely identifying a natural person, health data, and data concerning a natural person’s sex life or sexual orientation.
The User is entitled at any time to request information about the personal data relating to them processed by the Data Controller, and may modify such data at any time. The User is entitled to request the deletion of their data. At the User’s request, the Data Controller provides information about the data processed by it relating to the User, the purpose, legal basis and duration of data processing, and about who receives or has received the data and for what purpose. The Data Controller shall provide the requested information to the User in writing without delay, but no later than within 25 days of submission of the request. The User is entitled at any time to request the deletion of incorrectly recorded data. The Data Controller deletes the data within 3 working days of receipt of the request, in which case the data cannot be restored. Deletion does not apply to data processing required by law, for example accounting regulations; such data are retained by the Data Controller for the necessary period. If, in order to use the service, the User provides third-party data or intentionally false data during contact, or causes damage in any manner while using the websites, the Data Controller is entitled to enforce a claim for damages against the User. In such cases, the Data Controller shall provide all assistance within its power to the acting authorities in order to establish the identity of the infringing person.
At the request of the Data Subject, the Data Controller provides information on the facts related to data processing before data processing begins.
At the request of the Data Subject, the Data Subject may inspect the register containing their personal data, and the Data Controller shall provide the Data Subject with their personal data and information related to the processing thereof.
The Data Subject is entitled to request rectification of their personal data or supplementation thereof by means of a supplementary statement.
Upon written request, the Data Controller shall delete the personal data relating to the Data Subject if the statutory conditions for doing so are met.
The Data Subject may request in writing that the Data Controller restrict data processing if
the Data Subject disputes the accuracy of their personal data, in which case the restriction applies for the period enabling Vtk Innosystem Kft. to verify the accuracy of the personal data;
the data processing is unlawful and the Data Subject opposes deletion of the data and instead requests restriction of their use;
Vtk Innosystem Kft. no longer needs the personal data for the purpose of data processing, but the Data Subject requires them for the establishment, exercise or defence of legal claims.
The Data Subject is entitled to object to the processing of their personal data. If the Data Subject objects to data processing, the restriction applies for the period until it is established whether the legitimate grounds of the Data Controller override the legitimate grounds of the Data Subject.
The Data Subject is entitled to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used and machine-readable format, and is also entitled to transmit those data to another data controller without hindrance from the Data Controller to which the personal data have been provided, where
a) the processing is based on the Data Subject’s consent or on a contract, and
b) the processing is carried out by automated means.
The Data Subject may exercise the right to data portability if both conditions are met.
The Data Subject may initiate an investigation by the data protection authority in order to examine the lawfulness of the Data Controller’s measure if the Data Controller restricts the enforcement of the rights defined in points 1–5 or rejects the request aimed at enforcing such rights.
Authority competent to conduct the procedure: Hungarian National Authority for Data Protection and Freedom of Information
address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c;
postal address: 1530 Budapest, Pf.: 5.;
telephone number: +36 (1) 391-1400;
fax number: +36 (1) 391-1410;
e-mail address: ugyfelszolgalat@naih.hu;
The Data Subject may request the conduct of a data protection authority procedure if, in their opinion, during the processing of their personal data, the Data Controller or the data processor engaged by or acting on the instructions of the Data Controller violates the requirements concerning the processing of personal data laid down in legislation or in a binding legal act of the European Union.
The Data Subject may seek legal remedy before the competent court against the Data Controller or, in relation to data processing operations falling within the scope of the data processor’s activities, against the data processor, if, in their opinion, the Data Controller or the data processor engaged by the Data Controller processes their personal data in violation of the requirements concerning the processing of personal data laid down in legislation or in a binding legal act of the European Union.
The Data Controller pays special attention to the lawful use of the electronic mail addresses processed by it, and therefore uses them only in the manner specified below during communication. The processing of e-mail addresses primarily serves the identification of the User and the communication and answering of questions raised by the User during contact; therefore, e-mails are sent primarily for this purpose. In other cases, for example in the case of newsletter distribution, the User may separately consent to or refuse the receipt of such electronic messages.
The Data Controller’s computer system may collect data on User activity which cannot be linked to other data provided by Users during contact, nor to data generated when using other websites or services. In all cases where the Data Controller intends to use the provided data for a purpose other than the original purpose of data collection, it informs the User thereof and provides the User with the opportunity to prohibit such use. The Data Controller undertakes to ensure the security of the data and to take the technical measures that ensure that the data collected, stored and processed are protected, and shall do everything possible to prevent their destruction, unauthorized use and unauthorized alteration. The Data Controller reserves the right to amend this Privacy Statement and the privacy policy unilaterally, with prior notice to Users. After the amendment enters into force, the User accepts the provisions of the amendments by implied conduct through use of the service.