Privacy Policy
MIGA-METALL KFT
6000 KECSKEMÉT ALSÓSZÉKTÓ TANYA 212/A
VALID:
FROM 5 DECEMBER 2024
UNTIL WITHDRAWAL
- Data of the Controller:
Company name: Miga-Metall Kft
Registered office: 6000 Kecskemét Alsószéktó tanya 212/A
Company registration number: 03-09-110713
Tax number: 13063485-2-03
Telephone number: +36203710610, +36708825486
Email address: [migametall@migametall.hu](mailto:migametall@migametall.hu)
- Purpose of the Privacy Notice:
The Controller acknowledges the contents of this legal notice as binding upon itself. The purpose of this Privacy Notice is to inform its customers, suppliers and partners about the processing of their personal data.
The Controller processes personal data exclusively in accordance with the provisions of the applicable legislation and in strict compliance with data protection rules, taking into account the principles of lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy and storage limitation.
The Controller takes all technical and organisational measures to process the personal data of its partners securely and in the manner prescribed by Regulation (EU) 2016/679 of the European Parliament and of the Council.
Accordingly, the Controller has adapted its day-to-day operations and developed its policies, registers and document templates.
The Controller’s data protection policies related to its data processing activities are available at all times at the registered office and on the website of the Controller. The Controller reserves the right to amend this notice at any time. Of course, it will inform its audience of any changes in due time.
The Controller is committed to protecting the personal data of its customers and suppliers and considers respect for its customers’ right to informational self-determination to be extremely important. The Controller treats personal data confidentially and takes all security, technical and organisational measures that guarantee the security of the data. The Controller describes its data processing practices below.
- Personal, material and temporal scope of the Privacy Notice:
The personal scope of this Privacy Notice extends to the Controller and to the natural persons whose data are included in the data processing activities covered by this notice, as well as to those persons whose rights or legitimate interests are affected by the data processing.
The material scope of this notice extends to all data processing activities carried out in the course of the Controller’s activities, with the exception of so-called internal data processing activities, such as those relating to employees, which are regulated in the Controller’s data protection policy.
This notice enters into force on the date of approval and remains valid for an indefinite period until further notice.
- Important definitions:
Personal data: any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Special categories of data: all data belonging to special categories of personal data, i.e. personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, health data or data concerning a natural person’s sex life or sexual orientation.
Processing: any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
Joint controllers: where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers.
Third party: a natural or legal person, public authority, agency or other body other than the data subject, the Controller, the Processor and the persons who, under the direct authority of the Controller or Processor, are authorised to process personal data.
Consent of the data subject: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Personal data breach: a breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or unauthorised access to, personal data transmitted, stored or otherwise processed.
Employee: Pursuant to Section 34(1) of Act I of 2012 on the Labour Code (hereinafter: Labour Code), an employee is a natural person who performs work under an employment contract. An employee also includes a natural person who performs work under an employment relationship pursuant to Act LXXV of 2010 on simplified employment, including occasional work.
- Lawful data processing by the Controller:
The processing of personal data by the Controller takes place exclusively in the following cases:
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes,
- the processing is necessary for the performance of a contract to which the data subject is party,
- the processing is necessary for compliance with a legal obligation to which the Controller is subject,
- the processing is necessary in order to protect the vital interests of the data subject or of another natural person,
- the processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party.
The Controller examines the lawfulness of data processing at every stage of its activities; it processes only such data and only for as long as it can demonstrate the purpose and legal basis of the processing. If the condition of a legal basis ceases to exist, the data processing may only continue if the Controller can demonstrate another appropriate legal basis.
The usual method of proving the legal basis is written form; even in the case of a legal basis arising from implied conduct, it must be examined whether it can subsequently be clearly proven. In case of doubt, taking reasonableness and economic considerations into account, written confirmation of data processing arising from implied conduct should be sought.
In the case of data processing based on consent, the data subject gives written consent to the processing of his or her personal data. Consent is not subject to formal requirements, but subsequent provability requires written consent in paper or electronic form.
Data processing based on compliance with a legal obligation is independent of the data subject’s consent, as the processing is determined by law.
Regardless of the mandatory nature of the data processing, the affected private individual must be informed before the start of processing that the data processing is mandatory and unavoidable, and must also be provided with clear and detailed information about all essential facts relating to the processing of his or her data.
Under the GDPR, the processing of personal data is also possible where the processing is necessary for the performance of a contract to which the private individual is party or in order to take steps at the request of the data subject prior to entering into a contract. The Controller may process personal data on the legal basis of contract performance for the purpose of concluding, performing or terminating the contract.
- Processing of personal data by the Controller:
The Controller carries out metalworking and manufacturing activities. It provides welding and locksmithing services to its customers in individual and serial production. In addition, it manufactures and trades its own products, including Kanban trolleys, Kanban systems, Kanban shelving systems and forklift impact protection. During the performance of these activities, it comes into direct or indirect contact with the personal data of natural persons. It carries out the following data processing activities:
In the case of contracts, orders and personalised offers with customers and suppliers, the Controller records the name/company name, address/registered office, telephone number, email address, tax number or company registration number of the data subject. The legal basis for the processing of personal data is the performance of the obligations undertaken in the contract (Article 6(1)(b) of the General Data Protection Regulation). The Controller processes the personal data for the purpose of fulfilling the obligations undertaken in the contract and for contact purposes. On the basis of contracts/orders concluded with customers, the Controller issues invoices to customers. The invoice contains the name/company name, address/registered office, tax number and, where applicable, the email address and telephone number of the data subject. Issuing the invoice is a legal obligation of the Controller under the Accounting Act. The legal basis for the processing of personal data appearing on the invoice is therefore compliance with a legal obligation (Article 6(1)(c) of the General Data Protection Regulation). With regard to the retention of personal data appearing on invoices, the Controller acts in accordance with legal requirements and stores such data for 5 years.
The Controller’s contractual partners may be both natural and legal persons. The establishment of a contractual relationship is, or may be, preceded by a request for quotation in person, by telephone or by email. The person making the inquiry provides his or her name, telephone number and email address, to which the Controller sends the relevant offer. If the offer is rejected, the Controller deletes the personal data of the prospective customer immediately, but no later than within 3 working days. The legal basis for the processing of personal data is the initiation of a contract (Article 6(1)(b) of the General Data Protection Regulation). If the data subject orders the requested product or service, a contractual relationship is established between the parties. Upon the establishment of the contractual relationship, the Controller obtains further personal data of private individuals, including partners and contact persons. The legal basis for data processing is the performance of the obligation undertaken in the contract (Article 6(1)(b) of the General Data Protection Regulation), and in the case of the contact person of a legal entity, the consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation). The Controller issues an invoice for the consideration of the services provided by it. The invoice contains the name/company name, address/registered office and, where applicable, the tax number of the data subject. Issuing the invoice is a legal obligation of the Controller. The legal basis for the processing of personal data appearing on the invoice is therefore compliance with a legal obligation (Article 6(1)(c) of the General Data Protection Regulation). With regard to the retention of personal data appearing on invoices, the Controller acts in accordance with legal requirements and stores such data for 5 years.
The Controller also accepts orders through its website (migametall.hu) in connection with the sale of the services it offers. Buyers may be both private individuals and legal persons. The buyer may place an order via the Controller’s website or contact the Controller online. In the case of an order, the Controller requests the buyer’s name, and in the case of legal entities also the name of the contact person, address/company name, billing and delivery address, email address and telephone number. The legal basis for the processing of personal data is the performance of contractual obligations (Article 6(1)(b) of the General Data Protection Regulation). In the case of a legal entity, the personal data of the contact person are processed on the basis of the consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation). The Controller issues an invoice for the consideration of the products distributed by it. The invoice contains the name/company name, address/registered office, tax number and, where applicable, the company registration number, registration number and, in the case of private individuals, the tax identification number of the data subject. Issuing the invoice is a legal obligation of the Controller. The legal basis for the processing of personal data appearing on the invoice is therefore compliance with a legal obligation (Article 6(1)(c) of the General Data Protection Regulation). With regard to the retention of personal data appearing on invoices, the Controller acts in accordance with legal requirements and stores such data for 5 years.
In performing its tasks, the Controller processes the email addresses and telephone numbers of its customers, suppliers and buyers for the purpose of fulfilling its contractual obligations (Article 6(1)(b) of the General Data Protection Regulation) or on the basis of their individual consent (Article 6(1)(a) of the General Data Protection Regulation).
In its work, the Controller may also have contractual relationships with subcontractors, suppliers and service providers, which also provides a basis for the processing of personal data. In this case, the legal basis for the processing of personal data is the performance of the obligation undertaken in the contract (Article 6(1)(b) of the General Data Protection Regulation), and in respect of the personal data of the contact person of a legal entity, the explicit consent of the data subject based on prior information (Article 6(1)(a) of the General Data Protection Regulation).
The Controller may also process the data of its employees. For example, if an employee requests the application of a family tax allowance, its monthly settlement, or requests additional leave in respect of his or her child, the Controller may also process the personal data of children under the age of 16. In order to apply the tax allowance for first-married couples, the personal data of the spouse are also processed. The Controller obtains the spouse’s consent for this.
Employees confirm their daily work performance by signing an attendance sheet. Working time and leave are calculated on the basis of the attendance sheet. The storage methods and retention periods applicable to employee documents apply to the attendance sheet.
The legal basis for the processing of employees’ personal data is the performance of the obligation undertaken in the contract (Article 6(1)(b) of the General Data Protection Regulation) or compliance with a legal obligation (Article 6(1)(c) of the General Data Protection Regulation).
The Controller presents its activities, services and products primarily on its own website (migametall.hu) and through its social media pages, such as LinkedIn and YouTube. The website also informs visitors of the Controller’s contact details. The websites use cookies during their operation, which also collect personal data about visitors. The legal basis for data processing is the consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation).
The Controller occasionally takes photographs or video recordings of its activities in order to promote its activities on its website or on social media platforms. If a recognisable private individual appears in the recording, the creation and use of the recording in connection with the Controller’s websites, social media pages or other appearances shall take place only with the written, prior, voluntary consent of the data subject based on appropriate information, or in the case of persons under 18 years of age, of their legal representative. It may happen that the recording is not made by the Controller, but by the customer, an employee of the Controller or an external service provider, and that person sends it to the Controller. In such cases, the Controller also obtains the written consent of the data subject, or of the legal representative, based on appropriate information, for the use of the recording. The legal basis for data processing is the consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation). In the case of crowd images, the consent of the data subject is not required for taking the recording or for using the recording taken.
The Controller also operates social media pages, including Instagram and LinkedIn, where personal data may also be processed. The Controller also promotes its activities, services and the products it distributes on its social media page. The legal basis for data processing is the consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation).
In the case of complaint handling related to the Controller’s activities, the purpose of data processing is to enable the complaint to be communicated, to identify the data subject and the complaint, to record the data that are mandatorily required by law, and to investigate the complaint and maintain contact in relation to its settlement.
In the case of a submitted complaint, its handling and the related processing of personal data are mandatory pursuant to Act CLV of 1997 on Consumer Protection. Accordingly, the legal basis for the processing of personal data is compliance with a legal obligation (Article 6(1)(c) of the General Data Protection Regulation).
The Controller keeps a record of the data processing activities described above. The register also contains the deadlines set for the deletion of personal data. The register forms an annex to this Privacy Notice.
- Processors connected to the Controller:
Where processing is carried out on behalf of the Controller, the Controller may only use processors that provide sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing meets the requirements of the General Data Protection Regulation and ensures the protection of the rights of the data subject.
By acknowledging and accepting this Privacy Policy, the data subjects agree that the Controller may transfer their personal data to the processors and joint controllers listed below.
- The processor is the accountant used by the Controller:
- Name/company name: AUDIT-WELL Kft.
- Name of contact person: Vikor Andrea
- Address/registered office: 6000 Kecskemét, Úrihegy tanya 221/C
- Email: vikandi555@gmail.com
- Telephone number: +36305397635
- The processor is the auditor used by the Controller:
- Name/company name: Sárkányné Szoták Barbara, sole entrepreneur
- Name of contact person: Sárkányné Szoták Barbara
- Address/registered office: 6000 Kecskemét, Máriahegy tanya 97/a
- Email: sarkanybarbi@gmail.com
- Telephone number: +36209287756
- Partner of the Controller in connection with invoicing:
- Name: OnLiveIT Kft.
- Address: 2370 Dabas, Bartók Béla út 90
- Email: info@onliveit.hu
- Name of contact person: Gál Sándor
- Partner of the Controller in connection with invoicing:
- Name: Számlaközpont Zrt.
- Address: 1041 Budapest, Görgey Artúr út 69-71
- Email: informacio@szamlakozpont.hu
- Name of contact person: Görög Ibolya
- The transport or forwarding company commissioned by the Controller is a processor, and in the performance of its tasks also an independent controller:
- Name: KOCSIS GYÖRGY, sole entrepreneur
- Email: kocsisgyorgy6050@gmail.com
- The company providing web hosting services for the Controller’s website is also considered a processor:
- Name/company name: Márkaépítés Profin Kft.
- Address: 6000 Kecskemét, Munkácsy M. u. 37.
- Email: office@1marketing.hu
- Website: www.1marketing.hu
- The provider of the Controller’s email system is also a processor:
- Google Ireland Limited
- Gordon House, Barrow Street, Dublin 4, Ireland
- The Controller’s security technology partner is also a processor:
- Name: LángVéd Kft.
- Address: 7763 Áta, Kossuth utca 32
- Email: iroda@langved.hu
- The processor is the developer of the websites:
- Name: Somos Media Bt.
- Address: 6000 Kecskemét, Klapka utca 19. 2/2
- Email: info@somosmedia.hu
- Contact person: Somos Bálint
- The occupational physician with whom the Controller has concluded a contract is considered both a processor and an independent controller:
- Name: HUMÁNIA QUINT EÜ Kft
- Address: 6000 Kecskemét, Szmetana utca 5.
- Contact person: Kiss-Nemesvári Fanni
- Email: drcsontosm@gmail.com
- The fire protection and occupational safety consultant with whom the Controller has concluded a contract is also considered a processor:
- Name: Nagyné Fodor Anett Mária
- Contact person: Nagyné Fodor Anett Mária
- Email: ancsee13@gmail.com
- Due to the use of Google Analytics on the Controller’s website migametall.hu, the processor is:
- Google Ireland Limited
- Gordon House, Barrow Street, Dublin 4, Ireland
- Due to the use of social media pages and social plug-ins embedded in the website, the processor and joint controller partner is Instagram:
- Facebook Ireland Ltd.
- 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
- The Controller also operates its own YouTube channel, in relation to which the processor is:
- Google Ireland Limited
- Gordon House, Barrow Street, Dublin 4, Ireland
- The Controller has its own LinkedIn page, in relation to which the processor is:
- LinkedIn Ireland Unlimited Company
- Gardner House, 2 Wilton Pl, Dublin 2, D02 CA30, Ireland
- The Controller also transfers the personal data of its customers to the National Tax and Customs Administration (NAV).
- Other processors:
- Name: Gergely Tamás
- Email: gergely.tamas@migametall.hu
- Name: PLUSFORSALE Kft
- Address: 6000 Kecskemét, Pozsonyi utca 16/a
- Email: ivanlevelei@gmail.com
- Contact person: Iván Mihály
- Data processing related to contracts concluded by the Controller:
Customer contracts:
In relation to its customers, the Controller processes the name/company name, address/registered office, telephone number, email address, tax number of the data subject, and, where applicable, the name, telephone number and email address of the contact person, customer registration number or company registration number.
The legal basis for the processing of personal data is the performance of the obligations undertaken in the contract (Article 6(1)(b) of the General Data Protection Regulation). The Controller processes the personal data for the purpose of fulfilling the obligations undertaken in the contract and for contact purposes. The Controller issues invoices to customers for the manufactured products and ordered services. The invoice contains the name/company name, address/registered office and tax number of the data subject. Issuing the invoice is a legal obligation of the Controller. The legal basis for the processing of personal data appearing on the invoice is therefore compliance with a legal obligation (Article 6(1)(c) of the General Data Protection Regulation). With regard to the retention of personal data appearing on invoices, the Controller acts in accordance with legal requirements and stores such data for 5 years.
In connection with the Controller’s technical and engineering consultancy activities, contractual partners may be both natural and legal persons. The establishment of the contractual relationship is preceded by a request for quotation, which may be received in person, by telephone, by email or through the Controller’s social media pages. The person making the inquiry provides his or her name, telephone number and email address, to which the Controller sends the relevant offer. If the offer is rejected, the Controller deletes the personal data of the prospective customer immediately, but no later than within 3 working days. The legal basis for the processing of personal data is the initiation of a contract (Article 6(1)(b) of the General Data Protection Regulation). If the data subject orders the offered service, a contractual relationship is established between the parties. Upon the establishment of the contractual relationship, the Controller obtains further personal data, including those of partners and contact persons. The legal basis for data processing is the performance of the obligation undertaken in the contract (Article 6(1)(b) of the General Data Protection Regulation), and in the case of the contact person of a legal entity, the consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation). The Controller issues an invoice for the consideration of the services provided by it. The invoice contains the name/company name, address/registered office and tax number of the data subject. Issuing the invoice is a legal obligation of the Controller. The legal basis for the processing of personal data appearing on the invoice is therefore compliance with a legal obligation (Article 6(1)(c) of the General Data Protection Regulation). With regard to the retention of personal data appearing on invoices, the Controller acts in accordance with legal requirements and stores such data for 5 years.
The Controller accepts orders for the products it distributes through its website, by email, by telephone or orally. Buyers may be both private individuals and legal persons. In the case of an order, the Controller requests or records the buyer’s name, and in the case of legal entities also the name of the contact person, address, billing and delivery address, email address and telephone number. The legal basis for the processing of personal data is the performance of contractual obligations (Article 6(1)(b) of the General Data Protection Regulation). In the case of a legal entity, the personal data of the contact person are processed on the basis of the consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation). The Controller issues an invoice for the consideration of the products it distributes. The invoice contains the name/company name, address/registered office and tax number of the data subject. Issuing the invoice is a legal obligation of the Controller. The legal basis for the processing of personal data appearing on the invoice is therefore compliance with a legal obligation (Article 6(1)(c) of the General Data Protection Regulation). With regard to the retention of personal data appearing on invoices, the Controller acts in accordance with legal requirements and stores such data for 5 years.
Supplier contracts:
The Controller may also process the contact details of its suppliers and subcontractors, including name/company name, address/registered office, email address and telephone number, and may also maintain contact with service providers and subcontractor companies. In these cases, personal data may also be processed for the purpose of maintaining contact with partners, including the personal data of the contact person, private individual or sole entrepreneur. The legal basis for the processing of personal data is the performance of the obligation undertaken in the contract (Article 6(1)(b) of the General Data Protection Regulation) or the consent of the contact person (Article 6(1)(a) of the General Data Protection Regulation).
The Controller completes a consent statement with the contact persons of companies, in which it informs them of their rights related to personal data and asks for their consent to process their data. In such cases, the legal basis for the processing of personal data is the explicit, written consent of the data subject to data processing based on appropriate information (Article 6(1)(a) of the General Data Protection Regulation). If the contract concluded with the partner has ended and there is no legal retention obligation for the storage of the data and documents, telephone numbers and email addresses are deleted. Personal data contained in contracts and invoices are also retained in accordance with legal requirements; the Controller stores such data for 5 years.
- Invoices issued to customers and the processing of personal data appearing on them:
The Controller issues an invoice to the customer for the consideration of the services provided and products sold. The invoice contains the customer’s name/company name, address/registered office and tax number. The Controller issues the invoice in order to comply with a legal obligation. The legal basis for the processing of personal data appearing on the invoice is compliance with a legal obligation (Article 6(1)(c) of the General Data Protection Regulation). Personal data recorded in this way are retained in accordance with legal requirements; the Controller stores them for 5 years.
- Retention of email addresses and telephone numbers by the Controller:
In the course of its activities, the Controller also becomes aware of the email addresses and telephone numbers of its partners, subcontractors, suppliers, customers and clients. The personal data entered into its system in this way are processed primarily for the purpose of fulfilling its contractual obligations (Article 6(1)(b) of the General Data Protection Regulation). If the contract concluded with the partner has ended and there is no legal retention obligation for the storage of the data and documents, telephone numbers and email addresses are deleted. In some cases, the Controller continues to have a legitimate interest in retaining the data; in such cases, it asks the data subject for explicit and written consent to retain his or her personal data (Article 6(1)(a) of the General Data Protection Regulation).
- Taking photographs and video recordings by the Controller:
The Controller occasionally takes photographs or video recordings, primarily in order to present its production processes and promote its activities. These recordings are shared on its social media platforms and on its website. If a recognisable private individual appears in the recording, the making and use of the recording in connection with the Controller’s websites, social media pages or other appearances requires exclusively the consent of the data subject, or in the case of persons under 18 years of age, of their legal representative. It may happen that the recording is not made by the Controller, but by the employee or an external service provider, and that person sends it to the Controller. In such cases, the Controller also obtains the written consent of the data subject, or of the legal representative, based on appropriate information, for the use of the recording. The legal basis for data processing is the consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation). In the case of crowd images, the consent of the data subject is not required for taking the recording or for using the recording taken.
If the data subject withdraws consent and requests the termination of the use of the recording or possibly the deletion of the recording, the Controller shall comply with this request without delay.
- Websites of the Controller:
The Controller presents its activities, services and the products it distributes to interested parties on its own websites (migametall.hu).
The Controller’s websites use cookies during their operation. The legal basis for the processing of personal data obtained through them is the consent of the visitor (Article 6(1)(a) of the General Data Protection Regulation). The consent of the data subject is not required if the sole purpose of using cookies is to carry out the transmission of a communication over an electronic communications network, or if this is strictly necessary for the provider of an information society service to provide a service expressly requested by the subscriber or user.
Scope of data processed during data processing: unique identification number, data, dates and times. Scope of data subjects: all data subjects/visitors who visit the website.
Purpose of data processing: identification of users’ usage habits and tracking of visitors.
The duration of data processing lasts until the end of the visit to the websites in the case of session cookies, and in other cases for a maximum of 10 years.
Employees of the Controller are authorised to access the data in accordance with the above principles, whereby they may act as potential controllers.
The data subject/visitor has the option to delete cookies in browsers under Tools/Settings, generally under privacy settings.
The website migametall.hu uses the following cookies during its operation:
Functional cookies
These cookies improve the functionality of the site by storing certain information about your settings. An example is the management of possible language versions of the website.
Analytical cookies
These cookies help us evaluate the performance of our website and improve your user experience based on these insights.
Third-party cookies
Interesting, useful content and engaging videos may also be displayed on our pages. These typically originate from Facebook and YouTube pages. Such content embedded in the website may contain various third-party cookies in exactly the same way as if the data subject/visitor visited or used the Facebook or YouTube video portal page directly.
A cookie valid until the end of the session remains on the computer only until the browser is closed. Cookies with a precise validity period, also known as persistent cookies, remain on the computer until they are deleted, but no later than until their validity period expires.
Information on cookie management by Google is available to the Controller at http://www.google.com/intl/de/policies/.
- Social media pages of the Controller:
The Controller also operates an Instagram page, where personal data processing also takes place. On this platform, the Controller promotes its activities and presents its products and services.
https://www.instagram.com/migametall.hu
The Controller also provides comprehensive personal support through the Instagram page. If you ask a question via Facebook, the Controller will endeavour to answer it as soon as possible. The data obtained on the Facebook pages and in the group are used exclusively to answer your question and not for further advertising purposes.
Purpose of using the Instagram page: advertising on social media platforms and transmission of information. Instagram may also use the data for its own purposes, including profiling the data subject and delivering targeted advertisements.
In order to contact the Controller via the Instagram page, you must log in. For this purpose, Instagram may also request, store and process personal data. The Controller has no influence over the nature, scope and processing of these data and does not receive personal data from the operator of Instagram. Further information can be found on the Instagram page.
The Controller processes the personal data of followers on the Instagram page and in the group on the basis of their consent (Article 6(1)(a) of the General Data Protection Regulation); it considers consent to have been given if the person likes, follows or comments on its pages, group or posts.
Personal data of followers are processed on Instagram pages. The data processing is carried out on the legal basis of consent granted by following the page (Article 6(1)(a) of the General Data Protection Regulation).
- Complaint management in connection with the Controller’s activities:
In the case of complaint handling related to the Controller’s activities, the purpose of data processing is to enable the complaint to be communicated, to identify the data subject and the complaint, to record the data that are mandatorily required by law, and to investigate the complaint and maintain contact in relation to its settlement.
In the case of a submitted complaint, its handling and the related processing of personal data are mandatory pursuant to Act CLV of 1997 on Consumer Protection. Accordingly, the legal basis for the processing of personal data is compliance with a legal obligation (Article 6(1)(c) of the General Data Protection Regulation).
The Controller retains the minutes taken of the complaint and a copy of the response for 5 years; on this basis, it also processes the personal data for this period.
- Security of data processing:
The Controller undertakes to ensure the security of the data, and to take and maintain the technical and organisational measures and procedural rules that ensure that the collected, stored or processed data are protected, and that prevent their destruction, unauthorised use and unauthorised alteration. It also undertakes to call upon all third parties to whom it transmits or transfers the data to comply with the requirement of data security.
The Controller ensures that unauthorised persons cannot access, publish, transmit, modify or delete the processed data. The processed data may only be accessed by the Controller and by the processor(s) used by it; it does not disclose them to third parties who are not authorised to access the data.
The Controller pays particular attention to the security of the personal data of its customers, suppliers and subcontractors. It acts in full compliance with legal provisions and requires the same from all its partners. The protection of personal data includes physical data protection, such as storing documents in a lockable room, as well as IT protection, such as the use of password protection.
The Controller stores the personal data provided by the data subject primarily on its own servers equipped with protection systems, on its own IT devices and, in the case of paper-based documents, at its registered office, properly locked away.
The data subjects acknowledge and accept that, when providing their personal data, the protection of data on the internet and in computer systems cannot be fully guaranteed. In the event of unauthorised access or data inspection, despite the efforts of the Controller, the provisions described in this policy shall apply.
- Rights of persons affected by data processing:
- Transparent information:
This Privacy Notice also serves the purpose of providing clear, concise, transparent and understandable information about the data processing activities applied by the Controller.
- Right of access:
The data subject has the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed; where that is the case, the data subject has the right of access to the personal data and to the following information:
- the purposes of processing,
- the categories of personal data concerned,
- the recipients to whom the personal data have been disclosed,
- the envisaged period for which the personal data will be stored.
Information regarding the above data may be requested from the Controller at the following address and email address:
Pull-Ker Bt. 6400 Kiskunhalas Szilády Áron utca 5-7.
Email: [drbor@szeged-ugyved.com](mailto:drbor@szeged-ugyved.com)
The Controller hereby informs you that it will respond to your request within 30 days. It will respond to access requests sent by post by postal mail, and to requests sent by email by email.
- Right to rectification:
The data subject has the right to obtain from the Controller the rectification of inaccurate personal data concerning him or her.
Information regarding the above data may be requested from the Controller at the following address and email address:
Pull-Ker Bt. 6400 Kiskunhalas Szilády Áron utca 5-7.
Email: [drbor@szeged-ugyved.com](mailto:drbor@szeged-ugyved.com)
The Controller hereby informs you that it will respond to your request within 30 days. It will respond to access requests sent by post by postal mail, and to requests sent by email by email.
- Right to erasure:
The data subject has the right to obtain from the Controller the erasure of personal data concerning him or her. The Controller is obliged, on the basis of such a request, to erase personal data where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected,
- the data subject withdraws previously given consent and there is no other legal basis for the processing,
- the data subject objects to the processing and there are no overriding legitimate grounds for the processing,
- the personal data have been unlawfully processed,
- the personal data must be erased for compliance with a legal obligation under Union or Member State law.
Information regarding the above data may be requested from the Controller at the following address and email address:
Pull-Ker Bt. 6400 Kiskunhalas Szilády Áron utca 5-7.
Email: [drbor@szeged-ugyved.com](mailto:drbor@szeged-ugyved.com)
The Controller hereby informs you that it will respond to your request within 30 days. It will respond to access requests sent by post by postal mail, and to requests sent by email by email.
- Right to restriction of processing:
The data subject has the right to obtain from the Controller restriction of processing, primarily where:
- the accuracy of the data is contested,
- the processing is unlawful, but for some reason erasure of the data is not requested.
Information regarding the above data may be requested from the Controller at the following address and email address:
Pull-Ker Bt. 6400 Kiskunhalas Szilády Áron utca 5-7.
Email: [drbor@szeged-ugyved.com](mailto:drbor@szeged-ugyved.com)
The Controller hereby informs you that it will respond to your request within 30 days. It will respond to access requests sent by post by postal mail, and to requests sent by email by email.
- Right to data portability:
The data subject has the right to receive the personal data concerning him or her in a structured, commonly used and machine-readable format, and has the right to transmit those data to another controller.
Information regarding the above data may be requested from the Controller at the following address and email address:
Pull-Ker Bt. 6400 Kiskunhalas Szilády Áron utca 5-7.
Email: [drbor@szeged-ugyved.com](mailto:drbor@szeged-ugyved.com)
The Controller hereby informs you that it will respond to your request within 30 days. It will respond to access requests sent by post by postal mail, and to requests sent by email by email.
- Right to object:
The data subject has the right, on grounds relating to his or her particular situation, to object at any time to the processing of personal data concerning him or her in the manner described in Article 21 of Regulation (EU) 2016/679 of the European Parliament and of the Council.
Information regarding the above data may be requested from the Controller at the following address and email address:
Pull-Ker Bt. 6400 Kiskunhalas Szilády Áron utca 5-7.
Email: [drbor@szeged-ugyved.com](mailto:drbor@szeged-ugyved.com)
The Controller hereby informs you that it will respond to your request within 30 days. It will respond to access requests sent by post by postal mail, and to requests sent by email by email.
- The data subject’s right in the case of automated decision-making:
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. Automated decision-making is any process or methodology in which a technical mechanism evaluates the personal characteristics of the data subject and produces legal effects concerning him or her or significantly affects him or her. The Controller does not apply IT automation suitable for profiling that has a significant effect on the rights of the data subject.
Information regarding the above data may be requested from the Controller at the following address and email address:
Pull-Ker Bt. 6400 Kiskunhalas Szilády Áron utca 5-7.
Email: [drbor@szeged-ugyved.com](mailto:drbor@szeged-ugyved.com)
The Controller hereby informs you that it will respond to your request within 30 days. It will respond to access requests sent by post by postal mail, and to requests sent by email by email.
The Controller undertakes to inform all recipients to whom personal data have been disclosed of the requests received in relation to the above rights, unless this proves impossible. It further undertakes to notify the data subject, the applicant, of the handling of the above requests and of the related decisions no later than within 30 days.
- Personal data breach:
A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or unauthorised access to, personal data transmitted, stored or otherwise processed.
In the event of a personal data breach, the breach of data security must reach a level that presents a serious risk, that is, a breach of such magnitude affecting personal data:
- by their destruction,
- by their loss,
- by their alteration,
- by their unauthorised disclosure, or
- by unauthorised access to them.
A breach occurs when any of the above events takes place; however, this does not exclude the possibility that several of them occur at the same time. This includes not only intentional, malicious conduct, but also breaches committed through negligence. Therefore, a breach occurs if it is caused by accidental or unlawful conduct.
Examples of personal data breaches include:
- illegal transmission of personal data on documents, portable devices, data carriers or in an IT system, for example by email,
- unauthorised access to an IT system or application processing personal data,
- damage to or loss of part or all of a database containing personal data,
- the unusability of part or all of an IT system due to a virus or other malware, etc.
In the event of a possible personal data breach, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons, the Controller shall notify the National Authority for Data Protection and Freedom of Information without delay. As soon as the Controller becomes aware of the breach, it is obliged to notify it without undue delay and, where feasible, not later than 72 hours after having become aware of it. If notification is not made within 72 hours, it shall be accompanied by reasons for the delay, and the required information must be provided gradually without further undue delay.
For reporting personal data breaches, the National Authority for Data Protection and Freedom of Information operates a dedicated system on its website through which notifications can be submitted electronically.
The Controller documents personal data breaches, including the facts relating to the breach, its effects and the remedial measures taken. The Controller must record the data relating to the breaches, including the causes, circumstances and scope of the personal data concerned. In addition, the effects and consequences of the breaches, as well as the measures taken to remedy them and the Controller’s conclusions, must also be included in the register, for example why the Controller considers that the breach is not notifiable, or, if notification is delayed, the reason for the delay.
It is not necessary to notify the supervisory authority of a breach that is unlikely to result in a risk to the rights and freedoms of natural persons.
If the personal data breach is likely to result in a high risk to the personal rights and freedoms of the Controller’s partners, buyers or customers, the Controller shall notify the affected partner without delay. The notification to the data subject shall describe the nature of the personal data breach in clear and plain language, and shall communicate the most important information and measures.
The data subject does not need to be notified as described above if one of the following conditions is met:
- the Controller has implemented appropriate technical and organisational protection measures and those measures were applied to the data affected by the breach, in particular measures that render the personal data unintelligible to any person who is not authorised to access them;
- the Controller has taken subsequent measures which ensure that the high risk to the rights and freedoms of the data subject is no longer likely to materialise;
- notification would involve disproportionate effort. In such a case, there shall instead be a public communication or similar measure whereby the data subjects are informed in an equally effective manner.
- Information on the relevant legislation:
- Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information;
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, the General Data Protection Regulation, GDPR;
- Act V of 2013 on the Civil Code;
- Act CXVII of 1995 on Personal Income Tax;
- Act C of 2000 on Accounting.
- Right to apply to a court:
In the event of a violation of his or her rights, the data subject may bring an action against the Controller before a court. The court shall hear the case in an expedited procedure.
- Procedure of the data protection authority:
A complaint may be submitted to the National Authority for Data Protection and Freedom of Information:
Name: National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság)
Registered office: 1055 Budapest, Falk Miksa u. 9-11.
Postal address: 1363 Budapest, Pf. 9.
Telephone: 0613911400
Fax: 0613911410
Email: [ugyfelszolgalat@naih.hu](mailto:ugyfelszolgalat@naih.hu)
Website: http://www.naih.hu
- Other provisions:
The Controller provides information at the time of data collection about data processing activities not listed in this policy. In such cases, the provisions of the applicable legislation shall govern.
The Controller hereby informs its customers that the court, the prosecutor, the investigating authority, the misdemeanour authority, the administrative authority, the National Authority for Data Protection and Freedom of Information, the Hungarian National Bank and other bodies authorised by law may contact the Controller in order to request information, the communication or transfer of data, or the provision of documents. The Controller shall disclose personal data to authorities only to the extent and to the degree strictly necessary for the purpose of the request, provided that the authority has specified the exact purpose and scope of the data.
The website of the data protection authority contains further information on the data protection rights mentioned in this Privacy Policy.
Kecskemét, 5 December 2024.
Kovács Zoltán
Managing Director, Miga-Metall Kft