DiaKont Management and Engineering Office Ltd.
March 8., 2025
(Excerpt from the Data Protection Regulation)
INTRODUCTION
DiaKont Management and Engineering Office Ltd. (hereinafter referred to as: DiaKont Ltd.),
registered office: 1042 Budapest, Árpád út 90–92. I. 19.,
company registration number: 01-09-180702,
tax number: 24756891-2-41,
representative: Enikő Sipos, managing director,
hereby informs its clients and visitors to its website that its data processing activities are subject to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46 (hereinafter referred to as: Regulation) and Act CXII of 2011 on the right to informational self-determination and freedom of information. (hereinafter referred to as: Infotv.) is carried out in accordance with the provisions of the Act.
DiaKont Ltd. reserves the right to amend this Data Management Policy (hereinafter referred to as: Policy).
DiaKont Ltd. publishes an electronic version of this Data Management Policy on the website https://www.diakont.eu/adatkezelesi-tajekoztato.html, which informs the data subjects about the purpose and legal basis of data management, the identity of those authorized to manage and process data, the duration of data management, and who may access the data. The information includes the data subject's rights related to data management and the possibilities of legal remedy.
Definitions
This Regulation uses the following key definitions in accordance with Article 4 of the Regulation. personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, a number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
data processing means any operation or set of operations which is performed on personal data or on data sets, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
restriction of processing means marking of stored personal data with a view to restricting their future processing;
profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal characteristics relating to a natural person, in particular to analyze or predict characteristics relating to performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;
pseudonymisation means the processing of personal data in such a way that the personal data can no longer be attributed to a specific natural person without the use of additional information, provided that such additional information is stored separately and organizational or technical measures are taken to ensure that the personal data cannot be attributed to an identified or identifiable natural person;
filing system means a set of personal data, whether centralized, decentralized or organized along functional or geographical lines, which is accessible on the basis of specific criteria;
controller means the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law;
processor means the natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
recipient means the natural or legal person, public authority, agency or any other body to which personal data are disclosed, whether or not a third party. Public authorities which may have access to personal data in the context of an individual investigation in accordance with Union or Member State law shall not be considered recipients; the processing of those data by such public authorities shall comply with the applicable data protection rules in accordance with the purposes of the processing;
third party means a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct control of the controller or the processor, are authorized to process personal data;
consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which the data subject, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
data breach means any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Applied legislation
a) Act IV of 1991 on the promotion of employment and the provision of benefits to the unemployed (hereinafter: Flt.)
b) Act CIII of 1993 on occupational safety and health (hereinafter: Mvt.)
c) Act LXVI of 1995 on public documents, public archives and the protection of private archival material (hereinafter: Ltv.)
d) Act CXVII of 1995 on personal income tax (hereinafter: Szja tv.)
e) Act LXXX of 1997 on persons entitled to social security benefits and private pensions, and on the coverage of these services (hereinafter: Tbj.)
f) Act LXXXI of 1997 tv on social security pension benefits (hereinafter: Tny.)
g) Act LXXXII of 1997 on private pensions and private pension funds (hereinafter: Mny.)
h) Act LXXXIII of 1997 on compulsory health insurance benefits (hereinafter: Eb.)
i) Act CLV of 1997 on consumer protection (hereinafter: Fgytv.),
j) Act LXXXIV of 1998 on family support (hereinafter: Cst.)
k) Act C of 2000 on accounting (hereinafter: Számv. tv.)
l) Act CXXXIII of 2005 on the rules of personal and property protection and private detective activities (hereinafter: SzVMt.)
m) Act CXXVII of 2007 on value added tax (hereinafter: Áfa. tv.)
n) Act LXXV of 2010 on simplified employment (hereinafter: Efo. tv.)
o) Act CXII of 2011 on the right to informational self-determination and freedom of information (hereinafter: Infotv.)
p) Act CXCI of 2011 on benefits for persons with altered working capacity and on amendments to certain acts (hereinafter: Mmtv)
q) Act I of 2012 on the Labour Code (hereinafter: Mt.)
r) Act V of 2013 on the Civil Code. (hereinafter: Ptk.)
s) Regulation 2016/679 of the European Parliament and of the Council (hereinafter: Regulation)
t) Act LII of 2017 on the implementation of financial and asset restrictive measures ordered by the European Union and the UN Security Council Act (hereinafter: Kit.)
u) Act of 2017 CL. tv. On the procedure for taxation (hereinafter: Art.)
v) Decree 33/1998. (VI. 24.) of the Minister of Public Health on the medical examination and opinion on job, professional and personal hygiene suitability (hereinafter: NM Decree)
w) Decree 19/2014. (IV. 29.) of the Minister of Economic Affairs on the procedural rules for handling warranty and guarantee claims for things sold under a contract between a consumer and a business (hereinafter: NGM Decree)
Principles of data processing
This Regulation and Article 5 of the Regulation define the following principles of data processing as mandatory provisions.
(1) Personal data
a) must be processed lawfully and fairly and in a manner transparent to the data subject (“lawfulness, fairness and transparency”);
b) must be collected only for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes; further processing for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes shall not be considered incompatible with the initial purpose in accordance with Article 89(1) (“purpose limitation”);
c) must be adequate and relevant in relation to the purposes for which the processing is carried out and limited to what is necessary (“data economy”);
d) must be accurate and, where necessary, kept up to date; every reasonable step shall be taken to ensure that personal data which are inaccurate, having regard to the purposes of the processing, are erased or rectified without delay (‘accuracy’);
(e) they shall be stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for a longer period only where the personal data are processed for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes in accordance with Article 89(1), subject to the implementation of appropriate organizational or technical measures to safeguard the rights and freedoms of data subjects (‘storage limitation’);
(f) they shall be processed in such a way that appropriate organizational or technical measures ensure the security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage (‘integrity and confidentiality’).
(2) The controller shall be responsible for compliance with paragraph (1) and shall be able to demonstrate such compliance (‘accountability’).
Ensuring the lawfulness of data processing
According to Article 6 of the Regulation
(1) The processing of personal data shall be lawful only if and to the extent that at least one of the following is met:
a) the data subject has given his or her prior and voluntary consent to the processing of his or her personal data for one or more specific purposes;
b) the processing is necessary for compliance with a legal obligation to which the controller is subject;
c) the processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract;
d) the processing is necessary to protect the vital interests of the data subject or of another natural person;
e) the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Point f) shall not apply to processing carried out by public authorities in the performance of their tasks.
Legal basis for data processing
The rules applicable to the lawfulness of data processing as a legal basis in this Policy are as set out in the Regulation.
Data processing based on the data subject’s consent
According to Article 40 of the Regulation, data processing must be based on the data subject’s consent in principle.
Article 7 of the Regulation sets out the conditions for consent:
a) Where data processing is based on consent, the controller must be able to demonstrate that the data subject has given his or her consent to the processing of his or her personal data.
b) Where the data subject gives his or her consent in a written statement which also applies to other matters, the request for consent must be presented in a manner that is clearly distinguishable from those other matters, in an intelligible and easily accessible form, using clear and plain language. Any part of such a statement containing the data subject’s consent which is in breach of this Regulation shall not be binding.
c) The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of data processing based on consent prior to its withdrawal. The data subject shall be informed of this before consent is given. The withdrawal of consent shall be made as easy as its giving.
d) When determining whether consent is voluntary, the fact that, among other things, the performance of the contract, including the provision of services, has been made conditional on the consent to the processing of personal data that is not necessary for the performance of the contract, shall be taken into account to the greatest extent possible.
Consent shall be deemed to be given if the data subject, when visiting the website, selects the consent setting or makes or accepts a statement by which the data subject unequivocally consents to the processing of his or her personal data. Pre-selected consent settings or silence on them shall not constitute consent.
Personal data processed with the data subject’s consent may be processed by DiaKont Ltd. even after the data subject’s consent has been withdrawn, if the data processing is required by a legal obligation and unless otherwise provided by law.
In the case of data processing based on consent, the data subject's consent to the processing of his or her personal data must be requested on a data request form, with the data subject being informed at the same time.
Data subjects must be informed of the purpose and legal basis of the data processing, the person authorized to process and process the data, the duration of the data processing, and who may have access to the data.
The information must also include the data subject's rights and legal remedies in relation to the data processing. By signing this declaration, you must request the data subject's consent to the processing of his or her personal data. The declaration must be kept for the duration of the data processing.
Data processing based on legitimate interests
Data processing is lawful if it is necessary to protect the vital interests of the data subject or another natural person.
Data processing is also lawful if it is necessary for the purposes of the legitimate interests pursued by DiaKont Ltd. or a third party, unless these interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular if the data subject is a child.
In this case, a so-called balancing of interests test must be carried out before data processing begins. In the test, DiaKont Ltd. must analyze whether the purpose of the data processing can be achieved without processing personal data or with processing fewer personal data, what the precise purpose and interest of DiaKont Ltd. are, what the data subjects may raise against the data processing in order to protect their rights and freedoms, why the legitimate interest of DiaKont Ltd. overrides the interests of the data subjects.
If the test establishes that DiaKont Ltd. legitimate interests override the interests of the data subjects, then the data subjects must be informed of the purpose and legal basis of the data management, the person authorized to manage and process the data, the duration of the data management, and who may access the data. The information must also include the data subject's rights and legal remedies related to the data management, and the result of the balancing of interests test. Data management can then begin. This can also be done by referring to this Data Controller's Policy, included in the contract or in the employer's information.
Data processing based on the performance of a contract
Data processing is considered lawful if it is necessary for the performance of a contract or in the context of an intention to enter into a contract to which the data subject is a party, or if it is necessary to take steps at the data subject's request prior to entering into the contract.
In the case of an employment relationship, the legal basis for processing employee data may typically be the performance of the contract (e.g. payment of wages), the fulfillment of the employer's legal obligation (e.g. tax and accounting obligations), or the legitimate interest of the employer (e.g. use of a workplace camera system) instead of consent.
Before the start of data processing, the data subject must be informed about the purpose and legal basis of the data processing, the person authorized to manage and process the data, the duration of the data processing, and who may access the data. The information must also include the data subject's rights and legal remedies related to data processing. This can also be done by referring to these Data Controller's Regulations, as included in the contract.
Data processing based on the fulfillment of a legal obligation
Data processing based on the fulfillment of a legal obligation is determined by law.
The data subject must be informed before the start of data processing that the data processing is mandatory, and the data subject must be informed of the purpose and legal basis of the data processing in relation to the processing of his/her data, the person authorized to process and manage the data, the duration of the data processing, whether DiaKont Ltd. processes the data subject's personal data based on a legal obligation applicable to him/her, and who may access the data. The information must also include the data subject's rights and legal remedies in relation to data processing.
In this case, the information may also be provided by reference to the provisions of the law. (Infotv. Section 20 (3))
Duration of data processing
The duration of data processing is determined in the description of the data processing in the case of the data subject's consent, however, if it cannot be applied due to some error or deficiency, the following rules shall apply:
a) until the purpose is achieved and the data subject's personal data is deleted, or
b) until the withdrawal of his/her permission to process his/her data and thus until his/her personal data is deleted,
c) until the execution of a court or authority's decision on deletion, or, in the absence of such provisions and other provisions of law, until the limitation period for the enforce-ability of the rights and obligations arising from the legal relationship in connection with which DiaKont Ltd. processes the personal data. According to Section 6:22 of the Ptk., the general limitation period is five years.
In the case of data processing based on a legal obligation, the relevant law determines the duration of data processing.
The duration of personal data processing related to employment records relating to legal relationships related to pension insurance is fifty years according to Section 33 (1) of the Ltv., which applies to private documents of lasting value.
The duration of personal data processing related to other labor records is five years in accordance with the general limitation period pursuant to Section 6:22 of the Ptk..
The duration of personal data processing related to the records of rehabilitation contributions of persons with altered working capacity is five years from the termination of employment pursuant to Section 23 (7) of the Mmtv.
PROCESSING OF PERSONAL DATA
Data of applicants
According to Article 6 (1) b) of the Regulation, DiaKont Ltd. processes the following personal data of applicants and candidates at the request of the data subject, on the grounds of necessity for taking steps prior to concluding a contract:
a) name of the natural person,
b) date and place of birth,
c) mother's name,
d) address,
e) qualification data,
f) photograph,
g) telephone number,
h) e-mail address,
i) CV,
j) motivation letter,
k) employer's note on the applicant (if any).
The scope of data processing: applicants.
Source of personal data: applicants' personal data.
Method of data processing: manual, partly stored on paper, partly stored electronically.
The purpose of processing personal data: assessing applications, tenders, concluding an employment contract with the selected candidate.
DiaKont Ltd. informs the data subject if he/she has not been selected for the given position, and also informs him/her about the deletion of his/her data.
Recipients of personal data and categories of recipients: managers and employees performing labor duties at DiaKont Ltd. authorized to exercise employer rights.
Duration of processing personal data: Until the application or tender is assessed, for a maximum of 90 days. The personal data of unselected applicants must be deleted. The data of those who have withdrawn their application or tender must also be deleted.
DiaKont Ltd. informs the applicant for employment about the processing of his/her personal data and the rights of the data subject regarding data processing at the same time as accepting his/her application. This may also be done by referring to the present Regulations of DiaKont Ltd.
DiaKont Ltd. informs the data subject if he/she was not selected for the given position, and also informs him/her about the deletion of his/her data.
Camera surveillance system
DiaKont Ltd. processes personal data collected by the camera surveillance system operated at its headquarters on the basis of its legitimate interest pursuant to Article 6 (1) f) of the Regulation, and Section 31 (1) of the SzVMtv.
The scope of data processing: employees, customers, visitors of DiaKont Ltd.
Source of personal data: provision of personal data by the data subjects, entering the area monitored by the camera, staying there with the consent of the prior information indicating their behavior.
Method of data processing: stored electronically.
Purpose of personal data processing: protection of life, physical integrity, business secrets and personal data, property protection, prevention and detection of violations and crimes of persons staying at the headquarters of DiaKont Ltd.
Recipients of personal data: representative and IT employee of DiaKont Ltd.
Duration of personal data processing: according to the SzVMtv. According to Section 31 (2), three working days in the absence of use.
DiaKont Ltd. prepares a separate regulation for the detailed rules of operation of the camera surveillance system, which forms an inseparable part of these Regulations. This regulation is available to the data subjects at the headquarters of DiaKont Ltd., and they can review it.
DiaKont Ltd. prepares a balancing test for data processing based on legitimate interest, which is included in the appendix to these Regulations.
Before starting data processing, DiaKont Ltd. informs the data subject about the processing of his or her personal data and about the data subject's rights related to data processing. This can also be done by means of information placed at the entry points of the area monitored by the camera, referring to these Regulations of DiaKont Ltd.
Processing of partners' data
DiaKont Ltd. processes the following personal data of the natural person who has entered into a contract with it as a buyer or supplier for the purpose of concluding, fulfilling and terminating the contract:
a) name,
b) name, place and date of birth,
c) mother's name,
d) address,
e) tax identification number (tax number),
f) entrepreneur's or primary producer's ID number,
g) ID number,
h) address (headquarters, location address),
i) telephone number,
j) e-mail address,
k) bank account number.
This data processing is also considered lawful if the data processing is necessary to take steps at the request of the data subject prior to concluding the contract.
The scope of data processing: partners of DiaKont Ltd.
The source of personal data: personal data provided by the partners.
Data processing method: manual, partly paper, partly stored electronically.
Recipients of personal data: DiaKont Ltd. representative, employees performing contact tasks, employees performing accounting and tax tasks, and data processors.
Duration of personal data processing: five years after the termination of the contract.
Before starting data processing, DiaKont Ltd. informs the data subject about the processing of their personal data and their rights related to data processing. This can also be done by referring to these Regulations of DiaKont Ltd. as included in the contract.
Request for quotation
According to Article 6 (1) b) of the Regulation, DiaKont Ltd. processes the following data subjects’
a) name,
b) address,
c) telephone number,
d) e-mail address for the purpose of requesting a quotation prior to the conclusion of a contract, on the grounds of necessity for taking steps prior to the conclusion of a contract.
The scope of data processing is as follows: the contracting authorities of DiaKont Ltd.
Source of personal data: the contracting authorities’ personal data provision.
Method of data processing: manual, partly on paper, partly stored electronically.
Recipients of personal data: the representative of DiaKont Ltd. and employees performing contact duties.
Duration of personal data processing: until the acceptance, rejection or expiry of the offer. Whichever occurs first, the personal data must be deleted and the data subject must be informed of this.
DiaKont Ltd. at the same time as accepting the request for quotation, the data subject is informed about the processing of his/her personal data and about the data subject's rights related to data processing. This may also be done by referring to these Regulations of DiaKont Ltd. included in the offer.
Contact details of the representatives of legal entity clients stipulated in the contract
According to Article 6 (1) f) of the Regulation, DiaKont Ltd. processes, on the basis of its legitimate interest and in accordance with the general limitation rules of Section 6:22 of the Ptk., the personal data of the representatives of legal entity clients (customers, suppliers) stipulated in the contract
a) the name of the natural person, contact person of the representative,
b) telephone number,
c) e-mail address.
The scope of data processing: DiaKont Ltd. clients.
Source of personal data: provided by the representative signing the contract as a client of DiaKont Ltd.
Method of data processing: manual, partly on paper, partly stored electronically.
Purpose of personal data processing: performance of the contract concluded with the partner of DiaKont Ltd., business relations.
Recipients of personal data: representatives of DiaKont Ltd., contact person, employees performing accounting and tax tasks and data processors.
The duration of the processing of personal data: five years after the business relationship or the representative capacity of the data subject has been established.
DiaKont Ltd. prepares a balancing test for data processing based on legitimate interest, which is included in the annex to this Regulation.
Before starting data processing, DiaKont Ltd. informs the data subject about the processing of his/her personal data and the data subject's rights related to data processing. This may also be done by referring to this Regulation of DiaKont Ltd., as included in the contract.
Contact details of legal entity clients stipulated in contracts
According to Article 6 (1) f) of the Regulation, DiaKont Ltd. processes, on the basis of its legitimate interest and in accordance with the general limitation rules of Section 6:22 of the Ptk., the personal data of legal entity clients (customers, suppliers) stipulated in contracts
a) the name of the natural person of the representative, contact person,
b) telephone number,
c) e-mail address.
The scope of data processing: DiaKont Ltd. clients.
Source of personal data: provided by the representative signing the contract as a client of DiaKont Ltd.
Method of data processing: manual, partly on paper, partly stored electronically.
Purpose of personal data processing: performance of the contract concluded with DiaKont Ltd.’s legal entity partner, business relations.
Recipients of personal data: DiaKont Ltd.’s representative, contact person, employees performing accounting and tax tasks and data processors.
Duration of personal data processing: as long as the business relationship or the contact person of the data subject exists.
DiaKont Ltd. prepares a balancing test for data processing based on legitimate interest, which is included in the annex to this Policy.
Before starting data processing, DiaKont Ltd. informs the data subject about the processing of their personal data and their rights related to data processing. This can also be done by referring to this Policy of DiaKont Ltd. as included in the contract.
Contact details of legal entity clients not recorded in the contract
According to Article 6 (1) a) of the Regulation, DiaKont Ltd. processes the personal data of legal entity clients (customers, suppliers) representatives and contacts in accordance with the general limitation rules of Section 6:22 of the Ptk., on the basis of the consent of the data subject,
a) the name of the natural person of the representative or contact person,
b) the telephone number,
c) the e-mail address.
The scope of data processing: DiaKont Ltd. clients.
Source of personal data: personal data provision by clients.
Method of data processing: manual, partly on paper, partly stored electronically.
The purpose of personal data processing: performance of the contract concluded with DiaKont Ltd. legal entity partner, business relations.
Recipients of personal data: employees of DiaKont Ltd. performing contact duties.
The duration of personal data processing: five years after the business relationship or the existence of the capacity of the data subject as a representative or contact person.
The data subject's consent to the processing of his or her personal data must be requested on a data request form, with the data subject being informed at the same time. Data subjects must be informed of the purpose and legal basis of the data processing, the person authorised to process and process the data, the duration of the data processing, and who may have access to the data. The information must also include the data subject's rights and legal remedies in relation to the data processing. By signing this declaration, you must request the data subject's consent to the processing of his or her personal data. The declaration must be kept for the duration of the data processing.
Fulfillment of tax and accounting obligations
DiaKont Ltd. processes the data of natural persons entering into business relations with it as buyers or suppliers as specified in the law in accordance with the Regulation (1) c) on the basis of the fulfillment of a legal obligation in order to fulfill the tax and accounting obligations prescribed by law (accounting, taxation). The processed data are based on Sections 169 and 173 of the Áfa tv.:
a) tax number,
b) name,
c) address,
and also on Section 167 (1) c) of the Számv. tv.:
a) name,
b) address,
c) designation of the person or organization ordering the economic transaction,
d) the person issuing the order and certifying the execution of the order,
e) and, depending on the organization, the signature of the auditor;
f) the recipient on the stock movement documents and cash management documents,
e) the signature of the payer on the counter-receipts,
furthermore, pursuant to Section 78/A. (3) of the Szja tv.:
a) the number of the primary producer's certificate.
The scope of data processing: DiaKont Ltd.'s clients.
The source of personal data: the clients' personal data provision.
The method of data processing: manually, stored electronically.
The recipients of personal data: DiaKont Ltd.'s employees and data processors performing tax, accounting, payroll and social security tasks.
The duration of the processing of personal data is eight years after the termination of the legal relationship that gives rise to the legal basis.
Before starting data processing, DiaKont Ltd. informs the data subject about the processing of their personal data and their rights related to data processing. This can also be done by including it in the Data Processing Information on the DiaKont Ltd. website and making it public. (Infotv., Section 20 (3))
Payer data management
According to Article (1) c) of the Regulation, DiaKont Ltd. processes the legally required personal data of those affected – employees, their family members, employees, recipients of other benefits – with whom it has a payer (Art. 7. § 31.) relationship, for the purpose of fulfilling a legal obligation (tax and contribution obligations, payroll accounting, social security and pension administration) in order to fulfill the tax and contribution obligations prescribed by law. The scope of the processed data is defined in Art. 50. §, highlighting in particular:
a) the natural person’s personal identification data (including the previous name and title),
b) gender,
c) citizenship,
d) the natural person’s tax identification number,
e) social security identification number (TAJ number).
DiaKont Ltd. may process data relating to employees' health (Szja tv. § 40) and trade union (Szja § 47 (2) b)) membership for the purpose of fulfilling tax and contribution obligations (payroll, social security administration).
The scope of data processing: employees of DiaKont Ltd., their family members, employees, recipients of other benefits
Source of personal data: personal data provision of employees.
Method of data processing: manual, stored electronically.
Recipients of personal data: employees and data processors of DiaKont Ltd. performing tax, payroll, social security (paying) tasks.
The period of processing of personal data is eight years after the termination of the legal relationship that provides the legal basis.
DiaKont Ltd. informs the data subject about the processing of his/her personal data and his/her rights related to data processing simultaneously with the conclusion of the employment contract. This can be included in the employer's information and included in the Data Management Information on the website of DiaKont Ltd. and made public. (Infotv. Section 20 (3))
Billing data
DiaKont Ltd. processes the following personal data of the natural person who has contracted with it as a customer in accordance with Article 6 (1) c) of the Regulation, in order to issue an invoice, on the basis of a legal obligation, in accordance with Section 169 of the Áfa tv.:
a) name,
d) address,
e) tax number.
DiaKont Ltd. uses the www.szamlazz.hu online service as a data processor for issuing invoices, which prepares and stores customer invoices for the duration of the contract with it.
The data processor providing the online billing service is KBOSS.hu Trading and Service Limited Liability Company.
Headquarters 1031 Budapest, Záhony utca 7.
Name of representative: János Stygár-Joó, managing director
Company registration number: 01-09-303201
Tax number: 13421739-2-41
DiaKont Ltd. provides the contact details of KBOSS.hu Trading and Service Ltd. upon request.
The data processing rules for invoicing as an online service are governed by the General Terms and Conditions available on the data processor's website (https://www.szamlazz.hu/aszf/).
The scope of data processing: DiaKont Ltd.'s clients.
Source of personal data: personal data provided by clients.
Method of data processing: manual, stored electronically.
Recipients of personal data: DiaKont Ltd.'s employees performing invoicing, accounting and taxation tasks, and data processors.
The duration of the processing of personal data: five years after the termination of the contract.
DiaKont Ltd. informs the data subject about the processing of his/her personal data and the data subject's rights related to the processing before the start of the data processing. This can be done by including it in the contract or in the Data Processing Notice on the website of DiaKont Ltd. and making it public. (Infotv. § 20 (3))
Compliance with anti-money laundering obligations
DiaKont Ltd. processes the personal data of its clients, their representatives and beneficial owners as defined in Act LIII of 2017 on the Prevention and Prevention of Money Laundering and the Financing of Terrorism (Pmt.) for the purpose of compliance with a legal obligation pursuant to (1) c) of the Regulation:
a) a) family name and first name of a natural person,
b) family name and first name at birth,
c) citizenship,
d) place and date of birth,
e) mother’s birth name,
f) address, or in the absence thereof, place of residence,
g) type and number of identification document; number of official ID card certifying address,
h) copy of the documents presented. (Pmt. § 7-9).
The scope of data processing is as follows: DiaKont Ltd. clients, representatives, agents and beneficial owners.
Source of personal data: personal data provided by clients.
Method of data processing: manual, stored on paper.
Recipients of personal data: employees of DiaKont Ltd. performing contact duties, the representative of DiaKont Ltd. and the person designated by DiaKont Ltd. in accordance with the Pmt.
The duration of personal data processing is eight years from the termination of the business relationship or the fulfillment of the transaction order. (Pmt, Section 56 (2), Section 58)
Before starting data processing, DiaKont Ltd. informs the data subject about the processing of their personal data and their rights related to data processing. This may also be done by including it in the Data Processing Information on the DiaKont Ltd. website and making it public. (Infotv., Section 20 (3))
Financial and asset restrictive measures
DiaKont Ltd. processes the following personal data of a natural person subject to the financial and asset restrictive measures ordered by the European Union and the UN Security Council pursuant to Section 16 (1) of the Act on the fulfilment of a legal obligation in order to make a notification specified in Section 4 of the Act:
a) surname and first name,
b) surname and first name at birth,
c) nationality,
d) place and date of birth,
e) mother's birth name,
f) address, or in the absence thereof, place of residence,
g) type and number of identification document
as well as the following personal data in the case of a legal person or an organization without legal personality:
a) name and position of those authorized to represent it,
b) data suitable for the identification of its delivery agent.
The scope of data processing: persons subject to financial and asset restrictions.
Source of personal data: information from supervisory bodies.
Method of data processing: manual, stored on paper.
Recipients of personal data: DiaKont Ltd. designated person according to the Pmt.
The duration of personal data processing is eight years from the date of verification (screening) of persons subject to financial and property restrictions. (Kit. § 3 (6))
Before starting data processing, DiaKont Ltd. informs the data subject about the processing of their personal data and their rights related to data processing. This may also be included in the Data Processing Information on the website of DiaKont Ltd. and made public. (Infotv. § 20 (3))
Compliance with the rules of property protection activities
DiaKont Ltd. processes the personal data pursuant to Section 15 (2) of the SzVMt. Section 15 (1) of the Act on the performance of a legal obligation pursuant to the Regulation (1) c) on contracts concluded within the framework of property protection activities in the register kept in a log certified by the police pursuant to Section 8 (5) of the following:
a) the name of the person or persons actually performing the contract,
b) the name, address or registered office of the client,
c) the date of commencement and end of the paid medical leave pursuant to Section 20, the name and stamp number of the general practitioner issuing the certificate.
The scope of data processing: DiaKont Ltd. clients.
Source of personal data: personal data provision by clients.
Method of data processing: manual, stored on paper.
Recipients of personal data: DiaKont Ltd. representative and employees performing property protection activities.
The duration of the processing of personal data is five years from the date of the last entry in the log. (SzVMt. § 15 (1))
DiaKont Ltd. informs the data subject about the processing of his/her personal data and the data subject's rights related to data processing before starting the data processing. This can also be done by including it in the Data Processing Information on the website of DiaKont Ltd. and making it public. (Infotv. § 20 (3))
Handling of warranty claims
DiaKont Ltd. processes personal data pursuant to Section 6:171 of the Ptk. and Section 4.. (1) of the NGM Decree in the course of handling warranty claims related to the services provided by it under the following legal obligations:
a) the consumer's name, address and declaration that he/she consents to the processing of his/her data recorded in the minutes as specified in the NGM Decree,
b) the name and purchase price of the movable property sold under the contract between the consumer and the business,
c) the date of performance of the contract by the business,
d) the date of notification of the defect,
e) a description of the defect,
f) the right that the consumer wishes to assert based on his/her warranty or guarantee claim, and
g) except for the case referred to in paragraph (5), the method of settling the warranty or guarantee claim or the reason for rejecting the claim or the right that is sought to be asserted based on it.
The scope of data processing: contracted clients of DiaKont Ltd.
Source of personal data: personal data provision by clients.
Method of data processing: manual, stored on paper.
Recipients of personal data: representative of DiaKont Ltd. and warranty claims administrators.
The duration of personal data processing is three years from the date of recording the minutes (NGM Decree, Section 4 (6))
Before starting data processing, DiaKont Ltd. informs the data subject about the processing of their personal data and their rights related to data processing. This can be included in the contract or in the Data Processing Information on the website of DiaKont Ltd. and made public. (Infotv. Section 20 (3))
Complaint handling
DiaKont Ltd. processes personal data pursuant to Section 17/A. (5) of the Hungarian Consumer Protection Act (Fgytv) in accordance with the legal obligation to fulfill the following obligations in relation to the quality of the services provided by it:
a) the consumer's name and address,
b) the place, time and method of submitting the complaint,
c) a detailed description of the consumer's complaint, a list of documents and other evidence presented by the consumer,
d) a statement by the company on its position regarding the consumer's complaint, if immediate investigation of the complaint is possible,
e) the signature of the person taking the minutes and - with the exception of oral complaints communicated by telephone or other electronic communication services - the consumer,
f) the place and time of taking the minutes,
g) unique identification number.
The scope of data processing: contracted customers of DiaKont Ltd.
Source of personal data: personal data provided by customers.
Method of data processing: manual, stored on paper.
Recipients of personal data: DiaKont Ltd. representative and consumer protection complaint administrators.
The duration of personal data processing is five years for complaint protocols and responses. (Fgytv. 17/A. § (7))
Before starting data processing, DiaKont Ltd. informs the data subject about the processing of their personal data and their rights related to data processing. This can be included in the contract or in the Data Processing Information on the website of DiaKont Ltd. and made public. (Infotv. 20. § (3))
DiaKont Ltd.’s website
When visiting the DiaKont Ltd. website https://www.diakont.eu, personal data is not recorded or processed, and we do not ask the visitor for their consent to provide personal data, record the data, or process and use it.
In order to facilitate the use of the website, DiaKont Ltd. uses anonymous visitor identifiers, so-called “cookies”. “Cookies” are small pieces of data that are temporarily transferred from the browser program to the hard drive of the visitor’s computer when visiting the site. The “cookies” used by DiaKont Ltd. are not suitable for recognizing the visitor’s personal data. By setting the browser program, the visitor can prevent the installation of the visitor identifier on the hard drive. Stored “cookies” can be removed from the computer at any time by deleting temporary internet files.
Google’s external servers help the independent measurement and auditing of the website’s traffic and other web analytics data by its Google Analytics system. Google Analytics is Google's analytics tool that helps website and application owners get a more accurate picture of their visitors' activities. The service may use cookies to collect information and report on statistical data about website usage without individually identifying visitors to Google. More information about cookies can be found in the Google Privacy and Terms of Service.
DiaKont Ltd. uses the Google Analytics program to generate statistics, thereby measuring the effectiveness of its campaigns. Using the program, DiaKont Ltd. receives information from the back about how many visitors have visited its website and how much time visitors have spent there. The program recognizes the visitor's IP address, so it can track whether the visitor is a returning or new visitor, and it can also track the path the visitor has taken on the website and where they have entered.
If the visitor does not want Google Analytics to measure the above data in the manner and for the purpose described, they can install the add-on that blocks this in their browser. You can opt out of tracking by Google Analytics at https://tools.google.com/dlpage/gaoptout.
Visitors can change their cookie settings via their browser. They can disable the use of cookies by activating the setting in their browser that allows them to refuse the placement of all or certain cookies. These settings are usually available in the browser's "settings" menu.
DiaKont Ltd. requests the visitor's consent to accept cookies during the first visit to the website and provides information on data processing on the website upon request.
DiaKont Ltd. informs the visitor about the use of cookies on the website in a data processing notice on the website at https://www.diakont.eu/adatkezelesi-tajekoztato.html. In this way, DiaKont Ltd. ensures that the visitor can learn at any time before and during the use of the website's services that DiaKont Ltd. for which data management purposes and which types of data are processed, including the processing of data that cannot be directly linked to the user.
Website operator
The website https://www.diakont.eu is operated by Mediagate Hosting Servicing Ltd. for the duration of the contract with it.
Registered office: 9081 Győrújbarát, Mátyás Krt. 1/A.
Representative name: Tamás Stipsits, managing director
Company registration number: 08-09-021022
Tax number: 23076196-2-08
DiaKont Ltd. provides the contact details of Mediagate Hosting Servicing Ltd. upon request.
No personal data is recorded when visiting the website, and we do not ask the User for their consent to provide personal data or to record, process or use the data.
Data management does not take place on the website.
DiaKont Ltd. Google Drive cloud storage
DiaKont Ltd. uses a cloud storage service to upload and exchange data provided electronically for the provision of services during contact with its customers and remote work.
The services of the DiaKont Ltd. Google Drive page are operated by Google LLC as a data controller.
Headquarters: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Google LLC uses cookies and JavaScript code to operate the Google Drive page; further information about the data processed by cookies is available on Google's website https://policies.google.com/technologies/types?hl=hu.
DiaKont Ltd. processes documents containing personal data uploaded by visitors to the Google Drive page in accordance with the data processing rules.
The Google Drive Privacy and General Terms and Conditions apply to visitors. It can be accessed on the website https://policies.google.com/privacy?hl=hu.
DiaKont Ltd. is not responsible for any errors, malfunctions, or problems arising from changes to the operation of Google Drive.
DiaKont Ltd. Facebook page
DiaKont Ltd. maintains a Facebook page to introduce and promote its products and services.
DiaKont Ltd. does not process personal data published by visitors on its Facebook page, and questions raised there do not constitute officially submitted complaints.
Visitors are subject to Facebook's Data Protection Policy. It can be accessed at https://www.facebook.com/about/privacy/update?ref=old_policy.
In the event of the publication of illegal or offensive content, DiaKont Ltd. may exclude the person concerned from membership or delete their comment without prior notice.
DiaKont Ltd. is not responsible for any data content or comments published by Facebook users that violate the law. DiaKont Ltd. is not responsible for any errors, malfunctions or problems arising from changes to the operation of Facebook.
DATA PROCESSING
Data processing activities
DiaKont Ltd. performs accounting and payroll data processing within the framework of TEÁOR’25 6920 accounting, auditing, and tax expert activities.
Scope of data transferred for data processing
a) in the case of accounting data processing:
for the purpose of fulfilling accounting obligations (bookkeeping, taxation), the data of the buyer and supplier natural persons specified in the law. The data processed are, based on Sections 169 and 173 of the Áfa tv.
a) tax number,
b) name,
c) address,
as well as on Section 167 (1) c) of the Számv. tv.:
a) name,
b) address,
c) designation of the person or organization ordering the economic transaction,
d) the person issuing the order and certifying the execution of the order,
e) and, depending on the organization, the signature of the auditor;
f) the recipient on the stock movement documents and cash management documents,
e) the signature of the payer on the counter-receipts,
furthermore, pursuant to Section 78/A. (3) of the Szja tv.:
a) the number of the primary producer’s certificate.
b) in the case of payroll data processing:
for the purpose of fulfilling the tax and contribution obligations prescribed by law (tax, tax advance payment, contribution determination, payroll, social security and pension administration), the personal data prescribed by law of the data subjects – employees, their family members, employees, recipients of other benefits – who are affected by the data processing (Art. 7. § 31.). The scope of the processed data is defined in Art. Section 50 of the Act defines, in particular, the following:
a) the natural person’s personal identification data (including the previous name and title),
b) gender,
c) citizenship,
d) the natural person’s tax identification number,
e) social security identification number (TAJ number),
as well as the employees’ health (Szja tv. Section 40) and trade union (Szja tv. Section 47 (2) b)) membership data.
The scope of data processing: employees and clients of DiaKont Ltd.’s clients affected by data processing.
The source of personal data: data provision by clients affected by data processing.
The method of data transfer and return: partly on paper, partly electronically.
The recipients of personal data: employees of DiaKont Ltd. performing data processing and the representative of DiaKont Ltd.
The duration of personal data processing lasts until the termination of the business relationship.
DiaKont Ltd. keeps records of data processing activities carried out on behalf of other data controllers.
Data processing guarantee
DiaKont Ltd. as a data processor guarantees that it implements organizational and technical measures to ensure compliance with the provisions of the Regulation, including the security of data processing.
During its data processing activities, DiaKont Ltd. ensures that persons authorized to access the personal data of the data subjects undertake a confidentiality obligation with respect to the personal data they learn.
DiaKont Ltd. has appropriate hardware and software tools to ensure the lawfulness of data processing and the protection of the rights of the data subjects.
DiaKont Ltd. has the legal and technical conditions for electronic communication with state bodies and authorities.
DiaKont Ltd. undertakes to provide the Client (data controller) with all information necessary to verify compliance with the legal provisions regarding the use of the data processor.
Contractual terms and conditions of data processing activities of DiaKont Ltd.
DiaKont Ltd. shall conclude a written contract with the Client (data controller) for the data processing activity.
The contract concluded by DiaKont Ltd. regarding the data processing activity shall be supplemented with the conditions relating to data processing, of which the Client (data controller) shall be informed prior to the conclusion (amendment) of the contract and shall be accepted as part of the contract.
RIGHTS OF THE DATA SUBJECT AND LEGAL REMEDIES
DiaKont Ltd. informs the data subjects of their rights below, based on the provisions of Articles 12-22 of the Regulation.
The data subject has the right to be informed in advance about the processing of his/her personal data, to have access to and information about his/her personal data already processed, and to request their correction, deletion and restriction, unless the processing of his/her personal data is mandatory under the provisions of law. The data subject may exercise the right to data portability and objection in the manner specified in this Policy or at any contact point of DiaKont Ltd.
Right to information
The data subject has the right to be informed about the facts and information related to the data processing before the data processing begins.
DiaKont Ltd. shall take appropriate measures, within the framework of this Policy and otherwise, to provide the data subject with all the information set out in Articles 13 and 14 of the Regulation regarding the processing of personal data, and to provide each information in a transparent, understandable and easily accessible manner, in accordance with the provisions of Articles 15-22 and 34 of the Regulation.
Right of access of the data subject
The data subject has the right, pursuant to Article 15 of the Regulation, to obtain from DiaKont Ltd. information on whether or not personal data concerning him or her are being processed and, where such processing is taking place, access to the personal data and the following information:
a) the purposes of the processing,
b) the categories of personal data concerned,
c) the recipients or categories of recipients to whom or to whom the personal data have been or will be disclosed, including in particular recipients in third countries or international organisations,
d) where applicable, the envisaged duration of the processing of the personal data or, where that is not possible, the criteria for determining that duration,
e) the right of the data subject to request from DiaKont Ltd. the rectification, erasure or restriction of processing of personal data concerning him or her and to object to the processing of such personal data,
f) the right to lodge a complaint with a supervisory authority;
g) where the data were not collected from the data subject, all available information on their source,
h) the fact of automated decision-making referred to in Article 22(1) and (4) of the Regulation, including profiling, and at least in such cases, intelligible information on the logic involved and the significance and foreseeable consequences of such processing for the data subject.
If personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards in place for the transfer in accordance with Article 46 of the Regulation.
DiaKont Ltd. shall provide the data subject with a copy of the personal data subject to processing. DiaKont Ltd. may charge a reasonable fee, based on the administrative costs, for any additional copies requested by the data subject. If the data subject has submitted the request electronically, the information shall be provided in a commonly used electronic format, unless the data subject requests otherwise.
Right to rectification
The data subject may request DiaKont Ltd. to rectify inaccurate personal data concerning him or her without undue delay or to complete incomplete personal data, in accordance with Article 15 of the Regulation.
Right to erasure (‘right to be forgotten’)
The data subject shall have the right, pursuant to Article 17 of the Regulation, to obtain from DiaKont Ltd. the erasure of personal data concerning him or her without undue delay, which DiaKont Ltd. shall be obliged to do without undue delay where one of the following grounds applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,
b) the data subject withdraws his or her consent to the processing pursuant to Article 6(1)(a) or Article 9(2)(a) of the Regulation and there is no other legal basis for the processing,
c) the data subject objects to the processing pursuant to Article 21(1) of the Regulation and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
d) the personal data have been processed unlawfully,
e) the personal data must be erased for compliance with a legal obligation under Union or Member State law to which the Controller is subject,
f) the personal data were collected in connection with the provision of information society services referred to in Article 8(1) of the Regulation.
The erasure of personal data cannot be requested if the processing is necessary:
a) for the exercise of the right to freedom of expression and information,
b) for compliance with an obligation under Union or Member State law to which DiaKont Ltd. is subject to processing, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in DiaKont Ltd.,
c) for reasons of public interest in the field of public health in accordance with Article 9(2)(h) and (i) and Article 9(3) of the Regulation,
d) for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes in accordance with Article 89(1) of the Regulation, where the right referred to in point 1 would likely render such processing impossible or seriously jeopardise such processing, or
e) for the establishment, exercise or defence of legal claims.
Right to restriction of processing
At the request of the data subject, DiaKont Ltd. shall, in accordance with Article 18 of the Regulation, restrict the processing of the personal data where one of the following applies:
a) the data subject contests the accuracy of the personal data, in which case the restriction shall apply for a period enabling DiaKont Ltd. to verify the accuracy of the personal data,
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead,
c) DiaKont Ltd. no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims, or
d) the data subject has objected to the processing pursuant to Article 21(1) of the Regulation, in which case the restriction shall apply for a period of time until it is determined whether the legitimate grounds of DiaKont Ltd. override those of the data subject.
If the processing is subject to restrictions pursuant to the preceding paragraph, personal data, with the exception of storage, may only be processed with the consent of the data subject, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for important public interest reasons of the Union or a Member State.
DiaKont Ltd. shall inform the data subject at whose request the processing has been restricted in advance of the lifting of the restriction on the processing.
Right to data portability
According to Article 20 of the Regulation, the data subject has the right to receive the personal data concerning him or her processed by DiaKont Ltd. in a structured, commonly used and machine-readable format and to transmit these data to another data controller.
Right to protest
According to Article 21 of the Regulation, the data subject has the right to protest, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her based on point (e) of Article 6(1) of the Regulation (processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller) or point (f) of Article 6(1) of the Regulation (processing is necessary for the pursuit of the legitimate interests of the Controller or a third party), including profiling based on those provisions.
In the event of an objection, DiaKont Ltd. shall not further process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.
DiaKont Ltd. does not process personal data for direct marketing purposes.
Automated decision-making in individual cases, including profiling
The data subject shall have the right, pursuant to Article 22 of the Regulation, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
The previous paragraph shall not apply where the decision:
a) is necessary for entering into, or the performance of, a contract between the data subject and DiaKont Ltd.,
b) is permitted by Union or Member State law applicable to DiaKont Ltd., which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or
c) is based on the data subject's explicit consent.
Withdrawal of consent
The data subject may withdraw his or her consent at any time in accordance with Articles 13-14 of the Regulation, in the case of processing based on Article 6(1)(a) or Article 9(2)(a) of the Regulation, without affecting the lawfulness of the processing based on consent prior to its withdrawal.
Informing the data subject about the data breach
DiaKont Ltd. shall, in accordance with Article 34 of the Regulation, inform the data subject about the data breach without undue delay if the data breach is likely to result in a high risk to the rights and freedoms of the data subject.
The data subject does not have to be informed as referred to in the previous paragraph if any of the following conditions are met:
a) the Data Controller has implemented appropriate organizational or technical protection measures and these measures have been applied to the data affected by the data breach, in particular those measures – such as the use of encryption – which make the data unintelligible to persons not authorised to access the personal data,
b) the Data Controller has taken additional measures following the data breach to ensure that the high risk to the rights and freedoms of the data subject referred to in point 1 is unlikely to materialise in the future,
c) the information would involve a disproportionate effort. In such cases, data subjects should be informed by means of publicly published information or similar measures should be taken to ensure that data subjects are informed in a similarly effective manner.
Right to lodge a complaint with a supervisory authority
Every data subject shall have the right, pursuant to Article 77 of the Regulation, to lodge a complaint directly with a supervisory authority if the data subject considers that the processing of personal data concerning him or her infringes the Regulation.
The supervisory authority shall inform the customer (data subject) of the progress of the complaint and its outcome, including the right to a judicial remedy pursuant to Article 78 of the Regulation.
Contact details of the supervisory authority:
National Data Protection and Freedom of Information Authority
1125 Budapest, Szilágyi Erzsébet fasor 22/c
Postal address: 1530 Budapest, Pf.: 5.
Telephone number: +36 (1) 391-1400
Fax: +36 (1) 391-1410
Website: https://www.naih.hu
E-mail: ugyfelszolgalat@naih.hu
Right to an effective judicial remedy against a supervisory authority
Every natural or legal person shall have the right to an effective judicial remedy, as provided for in Article 78 of the Regulation, against a legally binding decision of a supervisory authority concerning him or her.
Every data subject shall have the right to an effective judicial remedy where the supervisory authority competent under Article 55 or 56 of the Regulation does not deal with a complaint or does not inform the data subject of the progress or outcome of the complaint lodged under Article 77 within three months.
Procedures against the supervisory authority shall be brought before the court for the place where the supervisory authority has its registered office.
Right to an effective judicial remedy against the controller or processor
The data subject may, in accordance with Article 79 of the Regulation, bring an action against DiaKont Ltd. if his or her rights under the Regulation have been infringed as a result of the improper processing of his or her personal data.
Proceedings against DiaKont Ltd. shall be initiated before the court competent for the seat of DiaKont Ltd.
Compensation
According to Article 82 of the Regulation, the data subject is the person to whom DiaKont Ltd., as a data controller, has caused material or non-material damage by violating the provisions of the Regulation, and is entitled to compensation.
If DiaKont Ltd., as a data processor, is only liable for compensation if it has not complied with the obligations incumbent on data processors or has not acted in accordance with the instructions of the data controller.
DiaKont Ltd. is exempt from liability if it proves that it is not responsible for the damage.
Measures based on the data subject's request
DiaKont Ltd. draws the attention of the data subjects that the data subject may exercise his/her rights by sending a request to the email address info kukac diakont dot eu or by contacting any other contact point of DiaKont Ltd.
DiaKont Ltd., as the data controller, shall inform the data subject without undue delay, but in any case within 30 days of receipt of the request, of the measures taken in response to his/her request to exercise his/her rights.
If necessary, taking into account the complexity of the request and the number of requests, this deadline may be extended by another two months. The Data Controller shall inform the data subject of the extension of the deadline within one month of receipt of the request, indicating the reasons for the delay.
In the case of a request submitted by the data subject electronically, the information shall be provided electronically, if possible, unless the data subject requests otherwise.
If DiaKont Ltd. does not take action on the request of the data subject, without delay, but at the latest within one month of receipt of the request, it shall inform the data subject of the reasons for not taking action and that the data subject may lodge a complaint with a supervisory authority and exercise his/her right to a judicial remedy.
DiaKont Ltd., as the data controller, shall provide the information pursuant to Articles 13 and 14 of the Regulation and information on the data subject's rights (Articles 15-22 and 34 of the Regulation) and the action free of charge. If the data subject's request is manifestly unfounded or excessive due to its repetitive nature, it may charge a reasonable fee for the administrative costs of providing the requested information or communication or taking the requested action, or may refuse to take action on the request.
The burden of proving that the request is manifestly unfounded or excessive shall lie with the Data Controller.
If DiaKont Ltd., as the data controller, has reasonable doubts regarding the identity of the natural person submitting the request, it may request the provision of additional information necessary to confirm the identity of the data subject.
COPYRIGHT
These Terms of Use are protected by copyright. They may not be distributed, copied, modified, or adapted without the consent of the copyright owner.