HUNGARIAN FASHION AND DESIGN AGENCY LTD. (MDDÜ MAGYAR DIVAT ÉS DESIGN ÜGYNÖKSÉG NONPROFIT ZRT., Registration number: 01-10-049808, Office: H-1126 Budapest, Istenhegyi út 18, Tax number: 26338972-2-43, central e-mail address: info@hfda, central phone number: +36 30 302 6146, Represented by: Zsófia Jakab, DPO contact: Levente Papp, e-mail address: privacy@mtu.gov.hu), hereinafter Agency, Data controller is committed to respecting the rights of the visitors of its website (hereinafter: Website) to privacy and the protection of their personal data and proceeding during its operation in compliance with the General Data Protection Regulation of the European Union (hereinafter: GDPR), the Hungarian Privacy Act (hereinafter: Infotv.) and the other legal regulations, guidelines and the established data protection practice, by also taking into account the most important international recommendations on data protection.
The Agency as Data Controller, considers the contents of this legal notice binding. It undertakes to ensure that all data processing related to its services meets the requirements set out in this notice and in all applicable legislation.
THE PROCESSING ACTIVITIES OF THE AGENCY ARE IN COMPLIANCE WITH THE FOLLOWING LEGAL REGULATIONS ON DATA PROTECTION
Personal data may be processed, if
Pursuant to Article 8 (1) of the GDPR, statements of consent of data subject minors over the age of 16 shall be considered valid without the permission or subsequent approval of their legal representative, while statements of consent of data subject minors below the age of 16 are not valid without the consent of the party exercising parental supervision over the minor. The Agency has no tools to verify the accuracy and validity of the consent, its accuracy is warranted by the person granting consent.
THE PURPOSE OF DATA PROCESSING
The Agency may process your personal data for the following purposes:
If you do not wish to be contacted directly by the Agency in the future or receive newsletters from us, please send an e-mail message to leiratkozas@mtu.gov.hu, in the subject of which please indicate the words “leiratkozás” (unsubscribe) or “stop” or send a letter to the Agency’s address: 1027 Budapest, Kacsa utca 15-23. In this case, please provide your name, address and e-mail address.
We also wish to inform you that in relation to the functions linked through the icons of external providers shown on the Website (Facebook, Twitter, LinkedIn, Instagram) the Agency does not perform any processing activities, as in such cases the controller is the external company providing the service.
LAWFULNESS OF PROCESSING DATA
The legal ground processing your personal data for one or more specific purposes is your consent.
TERMS OF PROCESSING DATA
It is technically necessary to give your personal data when you subscribe to our newsletter service or when you contact us.
SCOPE OF PROCESSED DATA
Whenever you visit our Website or subscriber for the newsletter through the website, or establish a connection through the contact menu point, the Agency may request information from you, including your name and e-mail address. During the operation of the Website, the IP address of your computer is processed as technical data and we also embed cookies in your computer.
DURATION OF STORAGE OF PERSONAL DATA
The data processed with consent shall be processed until the consent is withdrawn if no other legal ground of processing applies. The withdrawal of consent does not affect the lawfulness of prior processing.
RECIPIENTS OF PERSONAL DATA AND RECIPIENT CATEGORIES
The users of the Agency and the Data Processors maintaining partner relationships and providing customer services and, in the case of technical data, the IT staff members.
DATA PROCESSORS
The Agency uses the following data processor company:
USE OF COOKIES
Similarly to other commercial websites, the Agency also uses the general technology known as cookies and webserver technical log files in order to obtain information about how the data subjects use the Website.
With the help of the cookies and webserver log files, the Agency can control the visits to the Website and adjust its contents to your personal need.
A cookie is a small information package (file) which often carries an anonymised individual ID. When you visit a website, the website asks your computer to store that file in a part of the hard disc of your computer which is expressly used to store cookies.
Each individual website you visit can send a cookie to your computer if the settings of your browser allow it. However, in order to protect your data, your browser will only allow the particular website to access only the cookie that the particular website sent to your computer, i.e., one website cannot have access to cookies embedded by other websites. In general, the browsers are configured to accept cookies.
However, if you do not wish to accept cookies, you can set up your browser to reject their acceptance. In that case, some components of the website may not function effectively when you browse on it. The cookies cannot obtain other information from the hard disc of your computer and do not carry viruses.
Used cookies on the Website:
Necessary category:
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
COOKIE NAME PROVIDER TYPE EXPIRE
language 360dbp.com http 1 year
Statistical category
Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
COOKIE NAME PROVIDER TYPE EXPIRE
_ga google http 2 years
_gat google http 1 year
_gid google http 1 day
For more information: https://support.google.com/analytics/topic/2919631?hl=hu&ref_topic=1008008
SAFETY OF THE DATA PROCESSED BY US
The Agency arranges for creating backups that are suitable according to the IT data and the technical environment of the Website. The backups are stored according to the criteria applicable to the retention period of the specific data and, thereby guaranteeing the availability of data during the retention period, after which they will be finally destroyed.
The IT system and the integrity and operability of the environment storing the data are checked with advanced monitoring techniques and the required capacities are provided constantly. The events of the IT environment are registered with complex logging functions, thus ensuring subsequent detectability and legal proof of any data breach.
We use a high broadband, redundant network environment to serve our websites, with which any load can be safely distributed among the resources. The disaster tolerability of our systems is scheduled and guaranteed, and we use organisational and technical instruments to guarantee high-level business continuity and constant services to our users.
The controlled installation of security patches and manufacturer updates that also ensure the integrity of our information systems is a key priority, thus preventing, avoiding and managing any access or harmful attempt involving the abuse of vulnerability.
We apply regular security tests to our IT environment, during which the detected errors and weaknesses are corrected because enhancing the security of our information system is a continuous task.
High-security requirements are also set for our staff, which also include confidentiality, and compliance with which is ensured with regular training. During our internal operation, we try to use well designed and controlled processes. Any personal data breach detected during our operation or reported to us is investigated transparently, with responsible and strict principles within 72 hours. The actual data breaches are all processed and recorded.
During the development of our services and IT solutions we arrange for complying with the principle of installed data protection, as data protection is a priority requirement even in the design phase.
INFORMATION REGARDING THE RIGHTS OF THE DATA SUBJECTS
The data subject may request information on the processing of their personal data, the rectification of their personal data and may also request the erasure of their personal data, with the exception of processing required by law.
Right to prior information
The data subject has the right to obtain information regarding the facts and information about the processing, prior to its start. One of the reasons why this Privacy Notice was created was to guarantee that right.
Access right
The data subject may request the Agency to:
Right to rectification
The data subject may request the Agency to rectify or supplement inaccurately or incompletely recorded personal data. Prior to the rectification of any erroneous data, the Agency may inspect the authenticity and accuracy of the data subject’s data.
Right erasure, right to be forgotten
The data subject may request the erasure of their personal data when:
The Agency is not obliged to fulfil the data subject’s request for the erasure of their personal data when the processing of the personal data is necessary and justified for the following reasons:
Data portability
The data subject may request the Agency to transfer their personal data to the party concerned in an orderly, transparent manner, legible also for information systems and to transfer the data directly to a different controller.
Right to object
For reasons relating to their own situation, the data subject may object to the processing of their personal data at any time when they believe that it is required to exercise their fundamental rights. The data subject may object to the processing of their personal data for direct marketing purposes at any time, without providing any reasoning, in which case the Agency terminates the processing within the shortest possible time.
Right to withdraw consent
The data subject can withdraw consent at any time if no other legal ground of processing applies. The withdrawal of consent does not affect the lawfulness of prior processing.
Automated individual decision-making, including profiling
The data subject has the right to excuse themselves from the force of resolutions which are based exclusively on automated processing (including profiling) and would have an effect on them or would affect them in any other way of similarly significant extent. The Agency does not operate any procedure during which it applies automated decisions.
Right to lodge a complaint with a supervisory authority
Complaints about processing may be submitted to the Hungarian National Authority for Data Protection and Freedom of Information (NAIH):
Name: Nemzeti Adatvédelmi és Információszabadság Hatóság
Office: 1055 Budapest, Falk Miksa utca 9-11.
PO box: 1363 Budapest, Pf.: 9.
Tel: +36 (30) 683-5969, +36 (30) 549-6838, +36 (1) 391 1400
Fax: +36 (1) 391-1410
Hivatali kapu: NAIH, KR ID: 429616918
E-mail: ugyfelszolgalat@naih.hu
Right to an effective judicial remedy against a supervisory authority
Without prejudice to any other administrative or non-judicial remedy, each natural or legal person shall have the right to an effective judicial remedy against a legally binding decision of a supervisory authority concerning them.
Right to an effective judicial remedy against a controller or processor
Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority pursuant (to GDPR. Article 77), each data subject shall have the right to an effective judicial remedy where he or she considers that his or her rights under this Regulation have been infringed as a result of the processing of his or her personal data in non-compliance with this Regulation.
INFORMATION TO THE DATA SUBJECT ON ANY POTENTIAL PERSONAL DATA BREACH
The Agency protects the personal and other data of the data subject in compliance with the applicable laws and regulations and in proportion to the risks, uses an advanced and reliable IT environment and selects its co-operation partners with special care. It performs its internal processes in a regulated and supervised manner in order to prevent or avoid even the smallest error, problem or incident occurring during the processing of personal data and to detect, inspect and manage any event that may still happen.
If an incident relating to personal data still occurs provenly and it is likely to impose a high risk to the rights and freedoms of the data subjects, the agency undertakes to inform the data subject and the data protection authority about the personal data breach in a manner and providing the information specified in the effective data protection regulations, without any unreasonable delay.