PRIVACY POLICY

PRIVACY POLICY

This data management information sheet regulates the data management of Moving Service Kft., as Data Controller, in connection with personal data.

The protection of your data is important to us! We respect the protection of the personal data and privacy of our website visitors and those interested in our services, therefore we only collect and manage information that is essential for the purposes defined in this information.

The use of our website and the use of our services is completely voluntary, so the processing of personal data that may be necessary for this is also voluntary, they are sent to us on the basis of consent, if necessary, we will only then handle them on the basis of the fulfillment of a contract or the fulfillment of a legal obligation.

This data management information sheet regulates the data management of the following pages:

movingservice.hu

The data management information is available from the following page:

movingservice.hu/en/data-protection

Amendments to the prospectus will take effect upon publication at the above address.

We reserve the right to unilaterally modify this Notice at any time. Thus, as Data Controllers, in the event of changes to this information, we are entitled (but not obliged) to inform the affected parties of the change by sending a system message. After this information has been amended, we will publish it visibly on our websites in a public place. We recommend that you re-read the privacy policy from time to time to learn how we protect your personal data. If you are affected, you are entitled to exercise your rights related to data management as described in this information sheet and in the laws in force at all times.

The data controller and its contact details

Our company, Moving Service Kft. (Headquarters: 1158 Budapest, Petrence u. 67., Representative: Attila Kara, Tax number: 14846599-2-42), as Data Controller, can be reached in relation to the data protection rights mentioned below at the following contact details:

Phone: ++(06 1) 783 5506

E-mail: ugyfelszolgalat@movingservice.hu

Address: 1158 Budapest, Késmárk utca 16.

Our data protection officer can be reached at the e-mail address kara.attila@movingservice.hu.

We will respond to your request without delay, but no later than within 1 month of receipt of the request, unless the legal conditions allow for a 2-month extension of the response. The data controller will inform you of the extension of the deadline, indicating the reasons for the delay, within 1 month of receiving the request.

If the data controller does not take measures following your request, it will inform you without delay, but at the latest within one month of the receipt of the request, of the reasons for the failure to take action, as well as of the fact that you can file a complaint with a supervisory authority and exercise your right to judicial redress.

Scope of our company’s activities

Our company deals with international and domestic moving, which you can find more information about on our website.

As a Data Controller, we comply with the legal requirements, we handle personal data only on the legal basis defined by law, and we comply with the basic principles regarding the handling of personal data. We have collected these legal bases and principles together with the definition of a few concepts in our data management information, so that you can find information about them here as well.

Governing Laws

When developing the provisions of the data management information sheet, we took into account the provisions of the following legislation:

• Regulation 2016/679 of the European Parliament and of the Council (“General Data Protection Regulation” or “GDPR”)
• CXII of 2011 on the right to information self-determination and freedom of information. Act (“Infotv.”)
• Act V of 2013 on the Civil Code (“Ptk.”)
• XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activity. law (“Grtv.”)
• CVIII on certain issues of electronic commercial services and information society services. law
• year LXIII. Act on the protection of personal data and the disclosure of data of public interest

When compiling the information, we also took into account the recommendation of the National Data Protection and Freedom of Information Authority on the data protection requirements of prior information.

Concept definitions

1. “personal data”: any information relating to an identified or identifiable natural person (“data subject”); a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable;
2. “data management”: any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as the collection, recording, organization, segmentation, storing, transforming or changing, querying, viewing, using, communicating by means of transmission, distribution or otherwise making available, coordination or connection, restriction, deletion or destruction;
3. “data controller”: the natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others; if the purposes and means of data management are determined by EU or member state law, the data controller or the special aspects regarding the designation of the data controller may also be determined by EU or member state law;
4. “data processor”: the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller;
5. “recipient”: the natural or legal person, public authority, agency or any other body to whom or to which the personal data is communicated, regardless of whether it is a third party. Public authorities that have access to personal data in accordance with EU or Member State law in the context of an individual investigation are not considered recipients; the management of said data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of data management;
6. “third party”: the natural or legal person, public authority, agency or any other body that is not the same as the data subject, the data controller, the data processor or the persons who, under the direct control of the data controller or data processor, are authorized to process personal data they got;
7. “consent of the data subject”: the voluntary, specific and clear declaration of the will of the data subject based on adequate information, with which the data subject indicates by means of a statement or an act clearly expressing the confirmation that he gives his consent to the processing of personal data concerning him;
8. “data protection incident”: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise handled.

Principles for handling personal data

Personal data

1. its handling must be carried out legally and fairly, as well as in a transparent manner for the data subject (“legality, fair procedure and transparency”);
2. be collected only for specific, clear and legitimate purposes, and they should not be handled in a way that is incompatible with these purposes; further data processing for the purpose of archiving in the public interest, for scientific and historical research purposes, or for statistical purposes is not considered incompatible with the original purpose (“purpose limitation”);
3. they must be appropriate and relevant for the purposes of data management and must be limited to what is necessary (“data sparing”);
4. they must be accurate and, where necessary, up-to-date; all reasonable measures must be taken to promptly delete or correct personal data that is inaccurate for the purposes of data processing (“accuracy”);
5. its storage must take place in a form that allows the identification of the data subjects only for the time necessary to achieve the goals of personal data management; personal data may only be stored for a longer period of time if the personal data will be processed for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, the appropriate technical and organizational measures prescribed in this regulation to protect the rights and freedoms of the data subjects subject to its implementation (“limited storage”);
6. must be handled in such a way that adequate security of personal data is ensured by the application of appropriate technical or organizational measures, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage of data (“integrity and confidentiality”).

The data controller is responsible for compliance with the above, and must also be able to prove this compliance (“accountability”).

Legal basis for data management

The processing of personal data is legal only if and to the extent that at least one of the following is fulfilled:

1. the data subject has given his consent to the processing of his personal data for one or more specific purposes;
2. the data processing is necessary for the fulfillment of a contract in which the data subject is one of the parties, or it is necessary for taking steps at the request of the data subject prior to the conclusion of the contract;
3. data management is necessary to fulfill the legal obligation of the data controller;
4. data processing is necessary to protect the vital interests of the data subject or another natural person;
5. data processing is in the public interest or is necessary for the execution of a task performed in the context of the exercise of public authority granted to the data controller;
6. data processing is necessary to enforce the legitimate interests of the data controller or a third party, unless these interests are overridden by the interests or fundamental rights and freedoms of the data subject that require the protection of personal data, especially if the data subject is a child.

Data management

Contact and quotation form

Stakeholders: All stakeholders who send contact forms.

Scope of processed data: We process the name, telephone number, address of the place of work, and e-mail address for contacting. In addition, managed data is the time of sending the contact form.

Legal basis for data collection: voluntary consent. The provision of data is completely voluntary, if you do not agree, you cannot send us a message and we cannot contact you. With regard to the handling of the above-mentioned data, the data subject gives his express and voluntary consent to the processing of the above-mentioned data by the express acceptance of this data management declaration after having previously read it – by ticking the relevant checkbox – and in relation to contacting and sending offers, the data subject gives his explicit and voluntary consent to contact or send an offer to the e-mail address provided by the contact or contact them by phone.

Purpose of data management: The purpose of collecting personal data (name, e-mail address, address, phone number) is to contact you, answer your questions or send you the requested offer. You can ask us questions about our services and request an offer from us using the form on the contact and request for offer page. We treat your data confidentially. Since we are interested in selling our services, we interpret the provision of your data as a prerequisite for a possible future contract. We are confident that we will satisfy you with our answer and offer, and that we will soon be able to welcome you among our contracted clients and customers.

Duration of data management, deadline for data deletion: Your data will be kept until the statute of limitations for enforcing a civil claim, which is 5 years based on current legislation. As a Data Controller, we will delete the personal data provided (name, telephone, e-mail address) if you request it.

Customer relations and other data management

If you have any questions or problems while using our services, you can contact us using the methods provided on the website (phone, e-mail, social media, etc.).

Received e-mails, messages, phone calls, on Facebook, etc. the data provided, including the name and e-mail address, as well as other voluntarily provided personal data, will be deleted after a maximum of 2 years from the date of data communication.

In the course of our service, data processing not listed in this information sheet may occur. In such cases, when the data is collected, we provide written information – in exceptional cases orally – about how, for what purpose, on what basis we will process your data during the current data collection, how long we will keep it and what rights you have in relation to data management.

We are obliged to provide information, communicate and transfer data, and make documents available in the case of an exceptional official request, or in the case of requests from other bodies based on the authorization of the law. In these cases, if the requester has indicated the exact purpose and the scope of the data, we will only disclose personal data to the extent and to the extent that is absolutely necessary to fulfill the purpose of the request.

Data for technical purposes

Stakeholders: All stakeholders using the website.

Scope of managed data: The dynamic IP address of the data subject’s computer, depending on the settings of the customer’s computer, the type of computer operating system and browser used by the data subject, the data subject’s activity on the website.

Legal basis for data collection: voluntary consent. Familiarize yourself with the data management policy before starting to use the website

Purpose of data management: The purpose of automatically recorded data on the website (log files, log files) is to create statistics, IT
We handle your personal data exclusively with data processing carried out with a computer technology device.

The use of this data, on the one hand, serves technical purposes – e.g. secure operation and subsequent control of the servers, on the other hand, the Data Controller uses this data to prepare page usage statistics and analyze user needs in order to improve the level of services. The above data are not suitable for identifying the data subjects, and the Data Controller does not combine them with other personal data.

Scope of processed data: adequacy of the data provided

The data manager does not check the personal data provided to him. The person providing the data is solely responsible for the accuracy of the data provided. When any Data Subject provides his/her e-mail address, he/she also assumes responsibility for the fact that only he/she uses the service from the given e-mail address. In view of this responsibility, all kinds of responsibility related to logins to a specified e-mail address are the sole responsibility of the user who registered the e-mail address.

If the Data Subject provided third-party data during registration to use the service, or caused damage in any way while using the website, the Data Controller is entitled to claim compensation from the Data Subject. In such a case, the Data Controller will provide all possible assistance to the acting authorities in order to establish the identity of the infringer.

Data processors used by the Data Controller

Your personal data can be managed by our employees, as well as by those data processors who have entered into a written data processing contract with us as a data controller. Your data can be processed by our employees, data processors and their direct employees only to the extent necessary to achieve the purpose of data management and for the period provided by the legal basis.

The data processors do not make independent decisions, they are only entitled to act according to the contract concluded with us as the Data Controller and the instructions received. As Data Controllers, we control the work of our data processors. Data processors are only entitled to use additional data processors with our consent.

Hosting, server provider

Activity provided by data processor: Storage service

Data processor name and contact information:

Name: MediaCenter Hungary Kft. (hereinafter Service Provider)

Headquarters: 6000 Kecskemét, Erkel Ferenc utca 5.

Postal address: 6000 Kecskemét, Erkel Ferenc utca 5.

E-mail: mediacenter@mediacenter.hu

Phone: 06 21 / 201-0505

Website: www.mediacenter.hu

The fact of the data management, the scope of the managed data: All personal data provided by the data subject.

Scope of stakeholders: All stakeholders who use the website.

Purpose of data management: Making the website available and operating it properly.

Duration of data management, deadline for data deletion: Data management lasts until the termination of the agreement between the data manager and the storage provider, or until the deletion request addressed to the storage provider by the data subject.

Legal basis for data processing: User’s consent, Infotv. Section 5 (1), Article 6 (1) point a) and CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. Act 13/A. (3) of §

Additional data controllers

Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA) – statistical services

Facebook Inc. (4 Grand Canal Square, Dublin Ireland) – statistical services

Management of cookies

We also use cookies to improve the quality of our services, to improve the user experience and to display ads that are as relevant as possible, according to your interests, by running behavior-based marketing.

Scope of processed data: unique identification number, dates, times

Stakeholders: All stakeholders visiting the website.

Purpose of data management: Identification of users and tracking of visitors.

Duration of data management: The period until the end of the relevant visitor session.

Legal basis for data management: Infotv. Section 5 (1), Article 6 (1) point a) and CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. Act 13/A. (3) of § Consent from the data subject is not required if the sole purpose of using cookies is the transmission of information via an electronic communication network or if the service provider absolutely needs it to provide a service related to the information society specifically requested by the subscriber or user.

Technical information on the management of cookies (what and where you can set if you want to disable their management):

The Data Controller’s system automatically records the IP address of the user’s computer, the starting time of the visit, and in some cases – depending on the computer’s settings – the type of browser and operating system. The data recorded in this way cannot be linked to other personal data. Data management is for statistical purposes only.

Cookies allow the website to recognize previous visitors. Cookies help to optimize the website and to design the services of the website according to the user’s habits. Cookies are also suitable for

• remember the settings, so the user does not have to record them again when he goes to a new page,
• they remember the previously entered data, so they do not have to be typed in again,
• analyze the use of the website in order to ensure that, as a result of the improvements carried out using the information obtained in this way, it functions as much as possible according to the user’s expectations, the user can easily find the information he is looking for, and
• monitor the effectiveness of our ads.

If we display various content on the website using external web services, it may result in the storage of some cookies that are not supervised by the Data Controller, so it has no influence on what data these websites and external domains collect. Information about these cookies can be found in the regulations for the specific service.

As a Data Controller, we use cookies to display advertisements to Users via Google and Facebook. Data management takes place without human intervention.

The user can set his web browser to accept all cookies, reject all, or notify the user when a cookie arrives on his machine. The setting options are usually found in the browser’s “Options” or “Settings” menu. By prohibiting the use of cookies, the User acknowledges that the operation of the website is incomplete without cookies.

The detailed information on the English website www.aboutcookies.org also helps with settings in different browsers.

Using Google Adwords conversion tracking

1. We use the online advertising program called “Google AdWords” as Data Manager, and within its framework we use Google’s conversion tracking service. Google conversion tracking is an analytics service of Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; “Google”).
2. When a User accesses a website through a Google ad, a cookie required for conversion tracking is placed on their computer. The validity of these cookies is limited and they do not contain any personal data, so the User cannot be identified by them.
3. When the User browses certain pages of the website and the cookie has not yet expired, both Google and the Data Controller can see that the User has clicked on the ad.
4. Each Google AdWords customer receives a different cookie, so they cannot be tracked through the websites of AdWords customers.
5. The information – obtained with the help of conversion tracking cookies – serves the purpose of creating conversion statistics for customers who choose AdWords conversion tracking. In this way, clients are informed about the number of users who click on their ad and are redirected to a page with a conversion tracking tag. However, they do not get access to information that could identify any user.
6. If you do not want to participate in conversion tracking, you can refuse this by disabling the installation of cookies in your browser. After that, you will not be included in the conversion tracking statistics.
7. Further information and Google’s data protection statement are available on the following page: de/policies/privacy/

In order to get to know the website’s independent visitation and other web analytics data, the Data Controller uses the Google Analytics software, therefore, in relation to this data, GoogleInc. Its privacy policy is available at https://google.com/intl/h_All/policies/privacy. The user of the Website acknowledges that by using the website, he consents to the processing of his data by Google Inc.

Application of Google Analytics

1. This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are saved on your computer, thus facilitating the analysis of the use of the website visited by the User.
2. The information created by cookies related to the website used by the User is usually sent to and stored on one of Google’s servers in the USA. By activating IP anonymization on the website, Google shortens the User’s IP address beforehand within the member states of the European Union or in other states that are parties to the Agreement on the European Economic Area.
3. The full IP address is transmitted to a Google server in the USA and shortened there only in exceptional cases. On behalf of the operator of our website, Google will use this information to evaluate how the User used the website, to prepare reports related to website activity for the website operator, and to provide additional services related to website and Internet use.
4. Within the scope of Google Analytics, the IP address transmitted by the User’s browser is not combined with other Google data. The User can prevent the storage of cookies by setting their browser accordingly, but please note that in this case, not all functions of our website may be fully usable. You can also prevent Google from collecting and processing the User’s website usage data (including IP address) through cookies by downloading and installing the browser plugin available at the following link. https://tools.google.com/dlpage/gaoptout?hl=en

Community sites

Scope of processed data: Facebook, YouTube, Instagram, etc. your registered name on social networking sites and your user’s public profile picture

Stakeholders: Those who use Facebook, YouTube, Instagram, etc. registered on social networking sites and “liked” the page.

Purpose of data collection: Maintaining contact on social networking sites, as well as displaying, sharing, and promoting certain content elements, services, and offers of the website on social networking sites.

Legal basis for data collection: voluntary consent to the processing of personal data on the given social media site

Duration of data management, deadline for data deletion: Data management takes place on social media sites, so the duration and method of data management, as well as the options for deleting and modifying data, are governed by the regulations of the given social media site.

Security of data management

We protect your data, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction and damage.

As a Data Controller, together with the operators of the server, we ensure the security of the data with technical, organizational and organizational measures that provide a level of protection appropriate to the risks associated with data management, including, among others, where appropriate:

• pseudonymization and encryption of personal data;
• ensuring the continuous confidentiality, integrity, availability and resilience of the systems and services used to manage personal data;
• in the event of a physical or technical incident, the ability to restore access to and availability of personal data in a timely manner;
• a procedure for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures taken to guarantee the security of data management.

Rights of data subjects related to data management

As a Data Subject, you can request information about the management of your personal data, as well as request the correction or deletion of your personal data, with the exception of the data management mandated by law, via the link in the footer of the newsletters or at any of our contact points.

Upon request, we provide information about the data we manage, the purpose, legal basis, duration of the data processing, the name, address (headquarters) of the data processor and its obligations related to data processing, as well as about who and for what purpose the data is or has been received.

We are obliged to provide the information in writing, in an understandable form, free of charge, as soon as possible after submitting the request, but no later than within 1 month.

We are also obliged to correct inaccurate personal data.

Personal data will be deleted if its processing is illegal, if the data subject requests it, if it is incomplete or incorrect – and this state cannot be legally corrected – provided that the deletion is not prohibited by law, if the purpose of the data management has ceased, or if the statutory period for storing the data has expired, or it has been ordered by the court or the data protection authority.

We will notify the data subject and all those to whom we previously forwarded the data for the purpose of data management about the correction and deletion. The notification will be waived if, in view of the purpose of the data management, this does not violate the legitimate interests of the data subject.

The data subject may object to the processing of his/her personal data if the processing (transmission) of the personal data is necessary solely to assert the rights or legitimate interests of the data controller, unless the data processing is ordered by law, the use or transmission of the personal data is for direct business acquisition, public opinion polls or scientific research purpose, the exercise of the right to protest is otherwise permitted by law.

As Data Controllers, we are obliged to examine the objection as soon as possible, but no later than 15 days after the submission of the request, and to inform the applicant of the result in writing, with the simultaneous suspension of data management. If the protest is justified, we will terminate the data management – including further data collection and transmission – and block the data, as well as notify all those to whom we have previously forwarded the personal data affected by the protest, and who are obliged to take action, about the protest and the measures taken based on it in order to enforce the right to protest.

Rights of data subjects

Right of access: You have the right to receive feedback from the data controller as to whether your personal data is being processed, and if such data processing is underway, you are entitled to access your personal data and the information listed in the regulation.

Right to rectification: You have the right to have inaccurate personal data corrected without undue delay upon your request. Taking into account the purpose of data management, you are entitled to request the completion of incomplete personal data, including by means of a supplementary statement.

The right to erasure: You have the right to request that the data manager delete your personal data without undue delay, and the data manager is obliged to delete your personal data without undue delay under certain conditions.

The right to be forgotten: If the data controller has disclosed personal data and is required to delete it, it will take reasonable steps, including technical measures, taking into account the available technology and the costs of implementation, to inform the data controllers that you have requested deleting the links to the personal data in question or the copy or duplicate of this personal data.

The right to restrict data processing: You have the right to have the data controller restrict data processing at your request if one of the following conditions is met:

• You dispute the accuracy of the personal data, in which case the limitation applies to the period that allows the controller to check the accuracy of the personal data;
• the data processing is unlawful and you object to the deletion of the data and instead request the restriction of its use;
• the data controller no longer needs the personal data for the purpose of data management, but you require them to submit, enforce or defend legal claims;
• You have objected to data processing; in this case, the restriction applies to the period until it is determined whether the data controller’s legitimate reasons take precedence over your legitimate reasons

The right to data portability: You have the right to receive the personal data relating to you that you have provided to a data controller in a segmented, widely used, machine-readable format, and you are also entitled to transmit this data to another data controller without being hindered by the data controller to whom the personal data was made available (…)

The right to object: You have the right to object at any time to the processing of your personal data by (…), including profiling based on the aforementioned provisions, for reasons related to your own situation.

Objection in case of direct business acquisition: If personal data is processed for the purpose of direct business acquisition, you have the right to object at any time to the processing of your personal data for this purpose, including profiling, if it is related to direct business acquisition. If you object to the processing of personal data for direct business purposes, then the personal data may no longer be processed for this purpose.

Automated decision-making in individual cases, including profiling: You have the right not to be covered by the scope of a decision based solely on automated data management, including profiling, which would have legal effects on you or similarly significantly affect you.

The previous paragraph does not apply if the decision:

• It is necessary to conclude or fulfill the contract between you and the data controller;
• it is made possible by EU or member state law applicable to the data controller, which also establishes appropriate measures for the protection of your rights and freedoms, as well as your legitimate interests; obsession
• With your express consent

Informing the data subject about the data protection incident

If the data protection incident likely entails a high risk for the rights and freedoms of natural persons, the data controller shall inform the data subject of the data protection incident without undue delay.

In the information provided to the data subject, the nature of the data protection incident must be clearly and comprehensibly described, and the name and contact information of the data protection officer or other contact person providing additional information must be provided; the likely consequences of the data protection incident must be described; the measures taken or planned by the data controller to remedy the data protection incident must be described, including, where applicable, measures aimed at mitigating any adverse consequences resulting from the data protection incident.

The data subject does not need to be informed if any of the following conditions are met:

• adequate technical and organizational protection of the data controller measures have been implemented and those measures have been applied to the data affected by the data breach, in particular measures – such as the use of encryption – that make the data unintelligible to persons not authorized to access the personal data;
• after the data protection incident, the data controller has taken additional measures to ensure that the high risk to the rights and freedoms of the data subject is unlikely to materialize in the future;
• providing information would require a disproportionate effort. In such cases, the data subjects must be informed through publicly published information, or a similar measure must be taken that ensures similarly effective information to the data subjects.

If the data controller has not yet notified the data subject of the data protection incident, the supervisory authority, after considering whether the data protection incident is likely to involve a high risk, may order the data subject to be informed.

Reporting a data protection incident to the authority

The data controller shall report the data protection incident to the competent supervisory authority without undue delay and, if possible, no later than 72 hours after becoming aware of the data protection incident, unless the data protection incident is likely to pose no risk to the rights and freedoms of natural persons. If the notification is not made within 72 hours, the reasons justifying the delay must also be attached.

Possibility of filing a complaint

If you feel that any of your rights have been violated, please contact us, we will do our best to investigate the case and compensate for the inconvenience.

You can exercise your right to file a complaint with the National Data Protection and Freedom of Information Authority:

National Data Protection and Freedom of Information Authority

1055 Budapest, Falk Miksa utca 9-11

Mailing address: 1530 Budapest, PO Box: 5.

Telephone: +36-1-391-1400

Fax: +36-1-391-1410

E-mail: ugyfelszolgalat@naih.hu