Privacy policy for data processed when sending the newsletter

Data Controller:

• Decoration&Design Ltd.
• Registered office: 2310 Szigetszentmiklós, Kántor u. 5.
• Represented by Ferenc Barna, Managing Director
• E-mail address: info@decorand.com, info@dekorakademia.hu
• Telephone: 06 24 526 888

1. The data subject may subscribe to the newsletter sending service of the Data Controller before or during the use of the services or otherwise by providing the following data.

What is the scope of the data processed and the purposes for which it is processed, as well as the legal basis and storage period?

2. 
   Scope, purpose, legal basis and storage period of the data processed:

 

Who are the stakeholders?

3.Data subjects: any natural person who wishes to receive regular information about news, promotions and discounts from the Data Controller and therefore subscribes to the newsletter service by providing their personal data.

What is the main purpose of data processing?

4. 
   The main purpose of the processing of data related to the sending of the newsletter is to regularly inform the recipient (subscribed data subject) about the latest promotions, events and news of the Data Controller (and its Partners), essentially regular advertising.

Where are the data from?

5. 
   Source of data: directly from the data subject.

Are there any data disclosures (access, transfer, transmission) to third parties?

6. 
   Disclosure of data: data will not be disclosed to third parties, unless the Data Controller entrusts a data processor with the sending of newsletters, the compilation of statistics, the management of newsletter subscriptions and unsubscriptions. In such cases, the data processor's details are included in a separate annex.

How does the Data Controller ensure data protection?

7. 
   The Data Controller shall ensure, in particular, in the context of its IT security tasks:

• a. to deny unauthorised persons access to the tools used for data management (hereinafter referred to as the 'data management system'),
• b. preventing the unauthorised reading, copying, modification or removal of data media,
• c. to prevent the unauthorised input of personal data into the processing system and the unauthorised access, modification or deletion of personal data stored in the processing system,
• d. to prevent the use of data processing systems by unauthorised persons by means of data transmission equipment,
• e. that persons authorised to use the system have access only to the personal data specified in the access authorisation,
• f. that it is possible to verify and establish to which recipients the personal data have been or may be transmitted or made available by means of a data transmission installation
• g. to ensure that it is possible to verify and establish a posteriori which personal data have been entered into the system by whom, at what time
• h. to prevent the unauthorised disclosure, copying, modification or deletion of personal data during transmission or transport of the data medium
• ensure that the data management system can be restored in the event of a malfunction.
• j. ensure that the data management system is operational, that any errors in its operation are reported and that the personal data stored cannot be altered even if the system is not functioning properly.

Is there automated decision-making, profiling?

8. 
   Automated decision-making, profiling: no such processing takes place.

What are the rights of data subjects?

9. 
   The following table shows the relationship between the data subject's rights and the legal basis, so that it is clear to the data subject what rights he or she can exercise in the event of a legal basis being used.

 

 

Right of access (Article 15 GDPR)

The data subject shall have the right to obtain from the Controller feedback as to whether or not his or her personal data are being processed and, if such processing is taking place, the right to access the personal data and information about the circumstances of the processing. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards for the transfer in accordance with Article 46. The Controller shall provide the data subject with a copy of the personal data which are the subject of the processing, if the data subject so requests.

Right to withdraw consent (Article 7 GDPR)

You have the right to withdraw your consent at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal.

Right to rectification (Article 16 GDPR)

The data subject shall have the right to obtain, at his or her request and without undue delay, the rectification of inaccurate personal data relating to him or her.

Right to object (Article 21 GDPR)

The data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data on the basis of Article 6(1)(e) or (f) of the GDPR. In such a case, the Controller may no longer process the personal data, unless it can demonstrate legitimate grounds for the processing which override the interests, rights and freedoms of the data subject.

Right to restriction of processing (Article 18 GDPR)

 
The data subject shall have the right to obtain, at his or her request, the restriction of processing by the controller if any of the conditions set out in the GDPR are met, in which case the controller shall not perform any operation on the data other than storage. If the data subject has objected to the processing; in this case, the restriction shall apply for the period until it is established whether the legitimate grounds of the controller override the legitimate grounds of the data subject.

Right to erasure (right to be forgotten) (Article 17 GDPR)

The data subject shall have the right to obtain from the controller the erasure of personal data relating to him or her without undue delay where the processing has no purpose, where consent has been withdrawn and there is no other legal basis, where there is no overriding legitimate ground for processing in the event of an objection, or where the data have been unlawfully processed in the first place, or where the data must be erased in order to comply with a legal obligation. Where the controller has disclosed the personal data and is under an obligation to erase it, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the controllers that process the data that the data subject has requested the deletion of the links to or copies or replicas of the personal data in question.

Right to data portability (Article 20 GDPR)

The data subject shall have the right to receive personal data concerning him or her which he or she has provided to the Controller in a structured, commonly used, machine-readable format and the right to transmit such data to another controller without hindrance from the controller to which he or she has provided the personal data, if legal conditions (automated processing and legal basis for consent or agreement) are met.

Where and how can data subjects request detailed information about the processing and transfer of their data, and where and how can they exercise their rights?

The Data Controller draws the attention of the data subjects to the fact that the data subjects may request information, exercise their right of access and other rights by sending a statement to the Data Controller by post (2310 Szigetszentmiklós, Kántor u. 5.) or by e-mail (info@decorand.com, info@decorakademia.hu). The Data Controller will examine and reply to the statement as soon as possible after receipt and will take the necessary steps in accordance with the statement, the Internal Privacy Policy and the law.

How to contact the authority in the event of a complaint (Article 77 GDPR):

 

• National Authority for Data Protection and Freedom of Information
• Address: 1055 Budapest, Falk Miksa utca 9-11.
• Address for correspondence: 1374 Budapest, Pf. 603.
• Phone: +36 (1) 391-1400
• Fax: +36 (1) 391-1410
• www: http://www.naih.hu
• e-mail: ugyfelszolgalat@naih.hu

For more information about your rights and details of how to complain to the Authority, please visit http://naih.hu/panaszuegyintezes-rendje.html.

In the event of a breach of your rights, you can also take your case to the courts in your place of residence and claim, among other things, damages.

You can find the court in your country of residence at https://birosag.hu/birosag-kereso.

Other

10. 
    The data subject may unsubscribe from the newsletter at any time by unsubscribing at the bottom of the e-mails and by sending an unsubscribe request to info@decorand.com.
    
    11. You can subscribe to the newsletter by post to Decoration&Design Kft., 2310 Szigetszentmiklós, Kántor u. 5.
    
    12. The Data Controller shall delete the data of the data subject who does not give a confirmatory consent from the active newsletter sending database.
    
    The Data Controller shall keep statistics on the readership of the sent newsletters by means of the clicks on the links in the newsletters.
    
    14. The Data Controller informs the data subjects that, when sending the newsletter, the Data Controller is entitled to forward to the data subjects not only its own offers, but also, directly and indirectly, those of its contracted partners.
    
    15. With regard to the data marked with *, the Data Controller draws your attention to the fact that they are essential elements of data processing, all of which are necessary for data processing.