Jelentkezés

Data processing information

As the maintainer of the Szőlőszem Nursery, Két Kis Mazsola Nonprofit Kft. (hereinafter referred to as the Data Controller) and as the maintainer of the Szőlőszem Kindergarten, the Kis Mazsolák Association (hereinafter referred to as the Data Controller) uses online and offline services to inform customers.

I. General provisions

This data management notice (hereinafter: Notice) regulates and contains the rights and obligations related to the management and, where applicable, processing of personal data provided to the Data Controller, as well as other relevant provisions for the use of both online and offline services.

When processing all personal data, the Kis Mazsolák Association acts in accordance with the directly effective legal sources of the European Union and the currently effective Hungarian legislation, in particular Act CXXII of 2011 on the right to informational self-determination and freedom of information (hereinafter: Info Act) and the provisions of the EU General Data Protection Regulation (GDPR) No. 2016/679.

A Kis Mazsolák Egyesület az ügyfelektől kapott személyes adatokat bizalmasan kezeli és a biztonságos adatkezelést elősegítő minden szükséges intézkedést megtesz. A Kis Mazsolák Egyesület elkötelezett a személyes adatok védelmének biztosítása iránt. Jelen Tájékoztató elsődleges célja az, hogy Kis Mazsolák Egyesület ügyfeleinek valamennyi szükséges információt biztosítsa, mely alapján személyes adataik kezeléséről tájékozott döntést hozhatnak.

This Notice has been prepared in accordance with the provisions of the Info Act and the EU General Data Protection Regulation (GDPR) No. 2016/679. In the event of any amendment to these laws and/or the entry into force of new relevant legislation, Kis Mazsolák Egyesület reserves the right to unilaterally amend the Notice. In matters not covered by this Notice, the provisions of the Info Act shall apply.

The current version of the Notice is available at the following link: www.dev.szoloszemovi.hu/adatvedelem

The Kis Razsolák Association will publish a notice about the modification of the Information on the website of the Szőlőszem Nursery and Kindergarten.

II. Interpretative provisions

  1. data subject: any natural person identified or identifiable, directly or indirectly, on the basis of personal data;
  2. personal data: data that can be linked to the data subject – in particular the name, identification number and one or more specific physical, physiological, mental, economic, cultural or social characteristics of the data subject – and any conclusion that can be drawn from the data concerning the data subject;
  3. special data:
    1. personal data relating to racial origin, nationality, political opinion or party affiliation, religious or other ideological beliefs, membership of an interest-representative organization, sexual life,
    2. personal data relating to health status, pathological addiction, and criminal personal data;
  4. criminal personal data: personal data relating to the criminal offence or criminal proceedings, generated during or prior to criminal proceedings by bodies authorised to conduct criminal proceedings or to detect criminal offences, as well as by the penal organisation, which can be linked to the data subject and which relates to the criminal record;
  5. data of public interest: information or knowledge recorded in any way or form, which is managed by a body or person performing state or local government tasks, as well as other public tasks specified by law, and which is related to its activities or arises in connection with the performance of its public tasks, and which does not fall under the concept of personal data, regardless of the method of processing, its independent or collective nature, in particular data relating to competence, jurisdiction, organizational structure, professional activity, its evaluation including its effectiveness, the types of data held and the laws regulating its operation, as well as management and concluded contracts;
  6. data public in the public interest: all data not falling under the concept of data of public interest, the disclosure, accessibility or accessibility of which is ordered by law in the public interest;
  7. consent: a voluntary and definite indication of the data subject’s will, based on adequate information, by which he or she gives his or her unambiguous consent to the processing of personal data concerning him or her, in full or in relation to certain operations;
  8. objection: a statement by the data subject objecting to the processing of his or her personal data and requesting the termination of the processing or the deletion of the processed data;
  9. data controller: the natural or legal person or organization without legal personality who, alone or jointly with others, determines the purposes of data processing, makes and implements decisions relating to data processing (including the means used), or has them implemented by the data processor;
  10. data processing: any operation or set of operations performed on data, regardless of the procedure used, including in particular collection, recording, recording, organization, storage, alteration, use, retrieval, transmission, disclosure, alignment or combination, blocking, erasure and destruction, as well as preventing further use of the data, taking photographs, audio or video recordings, and recording physical characteristics suitable for identifying a person (e.g. fingerprints or palm prints, DNA samples, iris images);
  11. data transfer: making data available to a specific third party;
  12. disclosure: making data available to anyone;
  13. data erasure: making data unrecognizable in such a way that its recovery is no longer possible;
  14. data marking: providing data with an identification mark for the purpose of distinguishing it;
  15. data blocking: providing the data with an identification mark in order to limit its further processing permanently or for a specific period of time;
  16. data destruction: complete physical destruction of the data medium containing the data;
  17. data processing: the performance of technical tasks related to data processing operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;
  18. data processor: a natural or legal person, or an organization without legal personality, who processes data on the basis of a contract – including a contract concluded on the basis of a legal provision;
  19. data controller: the body performing public tasks that produced the data of public interest that must be published electronically, or in the course of whose operations this data was generated;
  20. data provider: the body performing a public task which – if the data controller does not publish the data itself – publishes the data provided to it by the data controller on a website;
  21. data file: the set of data managed in a register;
  22. third party: a natural or legal person or an organization without legal personality who is not the same as the data subject, the data controller or the data processor;
  23. EEA State: a Member State of the European Union and another state party to the Agreement on the European Economic Area, as well as a state whose citizen enjoys the same legal status as a citizen of a state party to the Agreement on the European Economic Area under an international treaty concluded between the European Union and its Member States and a state not party to the Agreement on the European Economic Area;
  24. third country: any state that is not an EEA state;
  25. binding organizational regulation: internal data protection regulations adopted by a data controller or group of data controllers operating in several countries, including at least one EEA state, and approved by the National Authority for Data Protection and Freedom of Information (hereinafter referred to as the Authority), binding on the data controller or group of data controllers, which ensures the protection of personal data in the event of data transfer to a third country through a unilateral commitment by the data controller or group of data controllers;
  26. data protection incident: unlawful handling or processing of personal data, in particular unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage.
  27. Minor: a person who has not reached the age of eighteen. A minor becomes an adult upon marriage.

III. Basic principles

Personal data may only be processed for specific purposes, in order to exercise rights and fulfill obligations. Data processing must comply with the purpose of data processing at all stages, and the collection and processing of data must be fair and lawful.

Only personal data that is essential for the achievement of the purpose of data processing and suitable for achieving the purpose may be processed. Personal data may only be processed to the extent and for the period necessary to achieve the purpose.

Personal data shall retain this quality during data processing as long as the relationship with the data subject can be restored. The relationship with the data subject can be restored if the data controller has the technical conditions necessary for the restoration.
During data processing, the accuracy, completeness and – if necessary with regard to the purpose of the data processing – up-to-dateness of the data must be ensured, and the data subject must be identified only for the time necessary for the purpose of the data processing.

IV. Consent to data processing

Personal data may be processed on the basis of law or if the data subject expressly consents to it. The legal basis for the processing of the recorded data is the voluntary consent of the data subjects pursuant to Section 5 (1) a) of the Info tv, and with regard to the natural personal identification data necessary for the identification of the client and the client’s address, the data processing is also based on the provisions of Section 13/A of Act CVIII of 2001.

The validity of statements containing the consent of minor natural person clients under the age of 18 and clients under guardianship that restricts their capacity to act requires the consent or approval of their legal representative.

The Data Controller does not transfer the recorded personal data to third parties other than authorities with legal authority to do so, and in particular does not do so for compensation (exclusion of database sales).

The Data Controller always obtains personal data directly from the data subject, so the source of the data is always the data subject (excluding database purchases).

The Data Controller does not process sensitive data.

The Kis Mazsolák Association hereby informs the data subjects that, pursuant to Section 6 (5) of the Info Act, if personal data was collected with the consent of the data subject, the data collected may be processed, unless otherwise provided by law, for the purpose of fulfilling a legal obligation applicable to it, or for the purpose of enforcing the legitimate interests of the data controller or a third party – if the enforcement of this interest is proportionate to the restriction of the right to the protection of personal data – without further separate consent and even after the data subject’s consent has been withdrawn.

By contacting us via the website, the customer declares and confirms that he has read this Notice and accepts its provisions as binding on him. By contacting us via the website, communicating via e-mail or providing his data and contact details in institutions maintained by the Kis Mazsolák Association, the customer consents to the Data Controller using the personal data (name, address, e-mail address, telephone number) voluntarily provided by the customer, as well as the data necessary for the performance of the service and the information related to the service (data of minors, contract period and conditions) – collectively: Data – for the following purposes: the purpose of data management is to create and perform the contract in accordance with these contractual terms and conditions.

  1. Data transfer, data processing, scope of data access
    The Data Controller declares that it only uses data voluntarily provided to the Kis Mazsolák Association in its scope of activity. The Data Controller uses the data in mandatory cooperation with public education institutions, in the form of data required by the following public education information systems.
    The data of the clients is stored in the public education information system (KIR) operated by the Office of Education, in the National Social Information System (MÜKENG), and in its offline database.
  2. Physical storage locations of data
    Your personal data (i.e. data that can be linked to your person) may be processed by us in the following way: on the one hand, technical data related to the computer you use, browser program, internet address, and pages visited are automatically generated in our computer system in connection with maintaining an internet connection, on the other hand, you can also provide your name, contact information or other data if you wish to contact us personally while using the website. Data that is technically recorded during the operation of the system: the data of the data subject’s computer that is generated during voting and that is recorded by the Data Controller’s system as an automatic result of technical processes. The automatically recorded data is automatically logged by the system upon entry or exit without a separate statement or action by the data subject. This data cannot be linked to other personal user data – except in cases required by law. Only the Data Controller has access to the data.

VIII. Data subject’s rights and remedies

The data subject may request information about the processing of his or her personal data, as well as request the correction of his or her personal data, or – with the exception of mandatory data processing – its deletion or withdrawal, and may exercise his or her right to data portability and objection in the manner indicated when the data was collected, or at the above contact details of the data controller.

VIII.1 Right to rectification

The data subject may request the correction of inaccurate personal data concerning him or her processed by the Data Controller and the completion of incomplete data.

VIII.4 Right to erasure

The data subject has the right to request that the Data Controller erase personal data concerning him or her without undue delay where one of the following reasons applies:

  • personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • the data subject withdraws his/her consent which forms the basis for the data processing, and the data processing has no further
  • other legal basis;
  • the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
  • the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
  • the personal data must be erased for compliance with a legal obligation under Union or Member State law to which the controller is subject;
  • the personal data were collected in connection with the provision of information society services.

The erasure of data cannot be initiated if the processing is necessary: ​​for the exercise of the right to freedom of expression and information; for compliance with an obligation under Union or Member State law to which the controller is subject to the processing of personal data, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for public health purposes, or for archiving, scientific and historical research purposes or statistical purposes, based on public interest; or for the establishment, exercise or defence of legal claims.

VIII.5 Right to restriction of data processing

At the request of the data subject, the Data Controller will restrict data processing if one of the following conditions is met:

  • the data subject disputes the accuracy of the personal data, in which case the restriction shall apply for a period of time that allows the accuracy of the personal data to be verified;
  • the data subject disputes the accuracy of the personal data, in which case the restriction shall apply for a period of time that allows the accuracy of the personal data to be verified;
  • the controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or
  • the data subject has objected to the processing; in this case, the restriction shall apply for the period until it is determined whether the legitimate grounds of the data controller override those of the data subject.

If processing is subject to restrictions, personal data may only be processed, with the exception of storage, with the consent of the data subject, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for important public interests of the Union or of a Member State.

VIII.6 Right to data portability

The data subject has the right to receive the personal data concerning him or her, which he or she has provided to the controller, in a structured, commonly used and machine-readable format and to transmit these data to another controller.

VIII.7 Right to object

The data subject shall have the right, on grounds relating to his or her particular situation, to object at any time to processing of personal data concerning him or her for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions. In the event of an objection, the controller shall no longer process the personal data unless there are compelling legitimate grounds for doing so which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

VIII.8 Automated decision-making in individual cases, including profiling

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

VIII.9 Right of withdrawal

The data subject has the right to withdraw their consent at any time.

VIII.10 Right to apply to court

In the event of a violation of their rights, the data subject may take legal action against the data controller. The court will proceed with the case without delay.

VIII.11 Data protection authority procedure

You can file a complaint with the National Data Protection and Freedom of Information Authority.

Name: National Data Protection and Freedom of Information Authority

Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Mailing address: 1530 Budapest, P.O. Box: 5. Telephone: 0613911400

Fax: 0613911410

E-mail: ugyfelszolgalat@naih.hu

Web: http://www.naih.hu

VIII.12 Legal remedies

The data subject/customer may request information about the processing of their personal data, as well as request the correction, blocking or – with the exception of mandatory data processing – deletion of their personal data.

Any questions, requests for information or complaints related to the data processing of the Kis Mazsolák Association will be accepted exclusively in written form, by registered mail. This must include the following data:

  • Name and mailing address
  • The exact name of the question, request for information or complaint.

Please also attach the following to the letter:

  • Photocopy of photo ID
  • Date of submission and handwritten signature
  • If you are acting on behalf of someone else, then you must have official authorization from the person concerned.

Please send registered letters with return receipt to this address:
Kis Mazsolák Egyesület Kft.
2094 Nagykovácsi,
Szeles utac 5.

IX. Other provisions

We will provide information about data processing not listed in this information when the data is collected.

We inform our clients that the court, the prosecutor, the investigating authority, the misdemeanor authority, the administrative authority, the National Data Protection and Freedom of Information Authority, the Hungarian National Bank, or other bodies authorized by law may contact the data controller to provide information, communicate or transfer data, or make documents available.

The Kis Mazsolák Association will only provide personal data to the authorities – if the authority has specified the exact purpose and scope of the data – to the extent that is absolutely necessary to achieve the purpose of the request.

X. Duration of data processing

Personal data may only be processed to the extent and for the period necessary to achieve the purpose, and only data that is essential for the purpose of data processing and suitable for achieving the purpose may be processed. Personal data is processed when contacting the website or requesting other services (e.g. institutional registration), personal data are stored until the purpose of data processing is achieved or the client requests their deletion. The duration of the processing of personal data indicated on documents subject to the retention obligation under the Accounting Act is the same as the retention period prescribed by the Accounting Act. According to the Info Act, in the event of deletion, the Kis Mazsolák Association makes the previously provided data unrecognizable, in such a way that their restoration is no longer possible.

If the client requests the deletion of their processed personal data, their registration will be deleted simultaneously with the fulfillment of this request.

XI. Data security

The Kis Mazsolák Association does everything in its power to prevent and eliminate the knowledge or access of the personal data it manages by an unauthorized person. However, given the rapid development and change of information and communication technology, and the fact that the dangers arising from the characteristics of information technology cannot be completely excluded in advance, it is possible that a third party may access, investigate or otherwise misuse the personal data managed by the Data Controller through illegal activity, in a manner unknown to the Data Controller, despite the security measures applied by the Data Controller. The Kis Mazsolák Association does not assume liability for any damages resulting from such illegal activity and for any misuse of the personal data that has come into the possession of a third party in this way.

XII. Data Protection Officer

Name: Pálmai-Csortos Linda

Phone: 06-30-641-2614

Service provider details
Data security centre
Contact
Facebook
© Copyright Szőlőszem Bölcsi és Ovi 2022 – 2023
2094 Nagykovácsi, Szeles utca 5.
+36 30 308 8033

A weboldalon cookie-kat ("sütiket") használunk, hogy a legjobb felhasználói élményt nyújthassuk látogatóinknak. A cookie beállítások igény esetén bármikor megváltoztathatók a böngésző beállításaiban.

Elfogadom Beállításaim Elutasítom
Adatvédelmi központ Adatvédelmi beállítások