1. INFORMATION
  1. Purpose of the information
  2. Definitions
  3. Principles
  1. DATA PROCESSING
  1. Purpose of data processing
  2. Legal basis for data processing
  3. Duration of data processing
  4. Data Controllers, data processors
  5. External service providers
  6. Engaging a data processor
  7. Possibility of data transfer
  8. Data security
  1. PERSONAL INFORMATION
  1. Scope of personal data processed
  2. Querying processed personal data
  3. Rectification of personal data
  4. Erasure of personal data
  5. Rights of Data Subjects
  6. Remedies
  1. USE OF COOKIES

I. INFORMATION

1. Purpose of the information

Viaplant Design Kft. (Registered seat: 2 Raoul Wallenberg utca, 1136 Budapest; Company registration number :01-09-325573) as a Data Controller (hereinafter “Data Controller”) respects the security of data of visitors to its website and has consented to be bound by the provisions of this data processing information (hereinafter “Information”). The Data Controller undertakes to manage the Personal Data it receives in the course of the operation of Data Controller’s website (https://www.viaplant.com) and related sub-pages (www.viaplant.hu, www.viaplant.ru) (hereinafter the “Website”) in accordance with the provisions of this Information and the relevant legal regulations.

The purpose of the Information is to record the order of Data Processing related to the operation of Data Controller, as well as to ensure the legal order of Data Processing and the related data protection and the enforcement of data security requirements. The scope of the Information covers the Data Processing on the Website as well as the Data Processing when you contact Viaplant Design Kft. or ask question via the Website or in any other way, including the Data Processing required for the use of the Services available through the Website.

The Information has been compiled in accordance with the existing data protection legislation, in particular, Regulation 2016/679 of the European Parliament and of the Council on the Protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation – GDPR), the Act CXII of 2011 on the Right to self-determination and freedom of information, Act XLVII of 1997 on the Processing and protection of health care and related personal data, as well as Act CLIV of 1997 on Health care.

The Data Controller revises this Information annually. The Service Provider reserves the right to unilaterally amend this Privacy Policy Statement with prior notice to the Data Subject. The Data Controller is obliged to revise the content of this Information even if a significant change in legislation enters into force or if its data protection and data processing processes and procedures change significantly. In such cases, the Data Controller shall amend this Information accordingly and publish it on its website, at the same time it draws attention to the changes. Our website is not responsible for the data processing practices of other external websites. Data Controller does not verify the personal data provided to it. The person providing the data is solely responsible for the appropriateness of the information provided. By providing the e-mail address, any Data Subject is also responsible for ensuring that only he/ she uses the service from the e-mail address provided.

Date of last udate: 22.04.2020

2. Definitions

Data Processing: performing technical tasks related to data processing operations, regardless of the method and tools used to perform the operations and the place of the application, provided that the technical task is performed on the data;

Data processor: a natural or legal person or unincorporated body who under a contract, including a contract concluded in accordance with legal provisions, processes personal data;

Data Processing: shall mean any operation or set of operations that is performed upon data, whether or not by automatic means, such as in particular collection, recording, organisation, storage, adaptation or alteration, use, retrieval, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction and blocking them from further use, photographing, sound and video recording, and the recording of physical attributes for identification purposes (such as fingerprints and palm prints, DNA samples and retinal images);

Data Controller: a natural or legal person, public authority, or unincorporated body who alone or jointly with others determines the purposes of the processing of personal data, makes decisions regarding Data Processing (including the means) and implements such decisions itself or engages a Data Processor to execute them;

 

Data transfer: disclosure of personal data to a defined third party;

Data Subject: any defined natural person identified or identifiable, directly or indirectly, on the basis of personal data;

GDPR: Regulation 2016/679 of the European Parliament and of the Council (EU) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46 (General Data Protection Regulation);

Third party: a natural or legal person or unincorporated body who is not the same as the Data Subject, the Data Controller or the Data Processor;

Authority: Hungarian National Authority for Data Protection and Freedom of Information was established in accordance with the provisions of the Constitution, in order to ensure the right of informational self-determination, freedom of information and protection of personal data, and lawful access to public data and information of public interest. It is responsible for monitoring and promoting these rights;

Consent: any freely given, specific, informed and unambiguous indication of Data Subject’s wishes by which the Data Subject, either by a statement or by a clear affirmative action, signifies agreement to personal data relating to him or her being processed -in whole or in part;

Sensitive personal data: personal data relating to racial origin, nationality, political opinion or party affiliation, religious or other philosophical beliefs, membership of a stakeholder group, sex life, personal data relating to health status, pathological passion, and criminal personal data;

Personal data: any data or information on the basis of which a natural person (Data Subject) becomes directly or indirectly identifiable;

Service: services operated by the Data Controller and provided by the Data Controller and available on the website.

3. Principles

The Data Controller processes the Personal Data in accordance with the principles of good faith and fairness, transparency as well as the existing legislation and the provisions of this Information.

The Personal Data necessary for the Services is used by the Data Controller with the consent of the Data Subject and only for the intended purpose.

Data Controller processes the Personal Data only for the purpose laid down in this Information and in the applicable legal regulations. The scope of the Personal Data processed is proportionate to the purpose of the Data Processing and may not extend beyond it.

In all cases where the Data Controller wishes to use the Personal Data for a purpose other than the purpose of the original data collection, it shall inform the Data Subject thereof and obtain the Data Subject’s prior expressed consent or provide him or her with an opportunity to prohibit the use.

The Data Controller does not verify the Personal Data provided by the Data Subject, the person providing it is solely responsible for its appropriateness.

The Data Controller ensures appropriate security of the Personal Data, takes the technical and organizational measures and establishes the procedural rules that ensure that the recorded, stored and processed data is protected, or prevent its accidental loss, unauthorized destruction or damage, unauthorized disclosure, unauthorized use and unauthorized alteration or dissemination. Data Controller calls on all third parties to whom it transfers Personal Data to discharge this obligation.

II. DATA PROCESSING

1. Purpose of data processing

The purpose of data processing operated by the Data Controller is:

  1. Facilitation the use of our website, services and products for Data Subject.
  2. Identification of Data Subject and providing liaison, general customer service and support.
  3. Identification of the Services available to the Data Subject
  4. Sending newsletters or other marketing materials, including surveys.
  5. Collecting information on the use our websites and applications, compiling statistics and analyzes based on it, and technical development of the IT system.
  6. Creating and achieving business goals.
  7. Compliance with any applicable law, protection of the rights of the Data Subjects and enforcement of the legitimate interests of the Data Controller.

Notwithstanding the above, the service provider technically related to the operation of the Services may carry out Data Processing activities on one of the websites without informing the Data Controller. Such activity does not qualify as Data Processing by the Data Controller. The Data Controller will make every effort to prevent and detect such data processing.

2. Legal basis for data processing

Legal basis for Personal Data processing is Data Subject’s freely given, prior, informed Consent. The Data Subject is entitled to withdraw his/ her Consent at any time, which withdrawal does not affect the lawfulness of the Data Processing prior to the withdrawal.

When using the Website, by providing the given Personal Data, you declare that you have read the version of this Information in force at the time of providing the data and freely, expressly consent to the use of the Personal Data provided by you or the Personal Data generated about you. You may transfer personal data in accordance with applicable data protection laws and warrant that you have an appropriate and informed Consent to the transfer of the information.

Upon entering the Website, the Data Controller shall record the IP Address of the Data Subject related to the provision of the Service, with regard to the legitimate interest of the Data Controller and for the lawful provision of the Service, without the Data Subject’s specific Consent.

The legal basis of the Data Processing in the framework of and related to the content provision may be the compelling legitimate grounds of the Data Controller in addition to the free consent of the Data Subject, and the guarantee of fundamental rights to information and expression, within the framework set by law. If the legal basis of the Data Processing is the compelling legitimate grounds of the Data Controller, the Data Controller has performed and may continue to perform the interest balancing test in accordance with the relevant provisions of the GDPR which confirms that the legitimate interest of the Data Controller related to the given Data Processing is stronger than the rights and freedoms of the Data Subject related to the Data Processing. Upon request, the Data Controller shall provide the Data Subject with information on the provisions of this paragraph in accordance with the provisions of this Information.

3.  Duration of data processing

The Data Controller manages the data of the Data Subject until the achievement of the objectives of the Data Processing described above or until the Data Subject’s consent is withdrawn or erased at the Data Subject’s request.

During the operation of the system, the data that is automatically and technically recorded will be stored in the system for a period of time that is justified from the point of view of ensuring the operation of the system. The Data Controller ensures that these automatically recorded data cannot be linked to other Personal Data, except in cases required by law.

4. Data Controllers, data processors

Data Controller: Viaplant Design Kft.

Registered seat: 2 Raoul Wallenberg utca, 1136 Budapest

Mailing address: 15 Hegedűs Gyula utca, 1136 Budapest, Hungary

Telephone:

E-mail address: viaplant@viaplant.com

Website: www.viaplant.com (www.viaplant.hu, www.viaplant.ru )

5. External service providers

IT system provider, website hosting:

Company name: Ezit Kft.

Registered seat: 18-22 Victor Hugo utca, 1132 Budapest

Telephone: +36 1 700 40 30
E-mail address: info@ezit.hu

Website: www.ezit.hu

6.           Engaging a data processor

If the Data Processing is performed by someone else on behalf of the Data Controller, the Data Controller must only use data processors who or which provide adequate guarantees for the compliance with the requirements of the Data Processing in the GDPR and for the implementation of appropriate technical and organizational measures to ensure the protection of the rights of the Data Subjects. The Data Processor shall not use any additional data processor without the prior written ad hoc or general authorization of the Data Controller.

The service of the newsletter and the related data are processed by the Mini CRM system in an automated way.

Name: MiniCRM Zrt.

Mailing address: 13-14 Madách Imre út, 1075 Budapest

Website: https://www.minicrm.hu/

7. Possibility of data transfer

The Data Controller is entitled and obliged to transfer all Personal Data in his/ her possession and duly stored by him to the competent authorities, which Personal Data are obliged to transfer by law or a final official obligation. The Data Controller cannot be held liable for such data transfer and the consequences thereof.

The Data Controller may also transfer your data to a database of a member of a group of companies outside your place of residence (country) or the Member States of the European Economic Area. The Data Controller will only transfer your data to a third-country firm, such as a data controller or a data processor, in which country an adequate level of data protection is ensured.

Contractual partners and/ or members of the group of company will not transfer your data to third parties, except for mandatory data transfers based on law.

Links to external sites: Our Website contains links to pages that provide useful information to Data Subject. The scope of this Information does not extend to external sites, the Data Controller is not liable for the data contained therein or for any damages arising from the visit or use of external sites.

8. Data security

We take the necessary measures on our Website to protect the Personal and/ or Sensitive Data transferred from your computer, thus, in particular, against unauthorized access, alteration, transfer, disclosure, erasure or destruction, as well as accidental destruction and damage, and becoming inaccessible as a result of a change in the technology used. In order to protect the data files processed electronically in the various registers, an appropriate technical solution shall be provided to ensure that the data stored in the registers, unless permitted by law, cannot be directly linked and assigned to the Data Subject.

We inform you that we use data networks with proper firewall and password protection, but please note that data transfer via the Internet cannot be completely secure or fault-free. You are responsible for the security of passwords, IDs or other special access methods, unless the damage was caused by the Data Controller’s unlawful processing of the Data Subject’s data or a breach of data security requirements.

III. PERSONAL INFORMATION

1.      Scope of personal data processed

When subscribing to the newsletter, the following information will be recorded after voluntary consent:

  1. Surname – in order to identify the Data Subject
  2. Name – in order to identify the Data Subject
  3. E-mail address – for contact purposes
  4. Speciality – identification of the available Services

During the connection established through product order forms, the following data will be recorded after voluntary consent:

  1. Name – in order to identify the Data Subject
  2. Billing name – to identify the Data Subject and provide financial service
  3. Billing address – to provide financial service
  4. E-mail address – for contact purposes
  5. Telephone number – optional data – for contact purposes

When visiting the Website, the Data Controller’s Internet server automatically registers the IP Address of the Data Subject, the operating system of his/ her device, the resolution of the content viewed, the type of browser, the pages viewed and the frequency of visits for the purposes of statistics and analysis and technical development of the IT system.  This data is analyzed with an add-on called Slimstat Analytics and/ or Google Analytics, and the data is stored on the servers of the named IT service provider at the external service providers.

We inform the Data Subjects that we only and exclusively request, collect and process personal data on the electronic data sheets of our pages, when using the applications and functions, and it is not necessary to provide sensitive data.

We draw the attention of the Data Subjects to the fact that the documents sent to us shall not contain any sensitive information. If you think that it is absolutely necessary (e.g. for the characterization and evaluation of a project) we should be informed in advance, indicating the location and the content of the data. If the Data Subjects provide us with of any sensitive data in any of the documents to be uploaded or during correspondence with us without prior notice, Viaplant Design Kft. excludes its liability.

2.      Querying processed personal data

At the Data Subject’s request, the Data Controller shall provide information on the data processed by the Data Controller or processed by the data processor entrusted by him or at his/ her disposal, and on the source, purpose, legal basis, duration of the data processed as well as name and address of the data processor and activities related to data processing. Data Controller also provides information on data protection incident, its effects and the measures taken to remedy it and – in case of transfer of personal data of the Data Subject – the legal basis and the recipient of the transfer.

The information can be requested by e-mail at viaplant@viaplant.com and by mail to the following mailing address: 15 Hegedűs Gyula utca, 1136 Budapest, in both cases with proof of identity and providing the mailing address.

The data of the visit stored on the Website may also be queried by the Data Subject HERE.

Data Subject can view and change the information provided by him/ her on the newsletter server via the “Update subscription preferences” link at the bottom of any e-newsletter.

3.      Rectification of personal data

The Data Subject is entitled to request the rectification of his/ her personal data (indicating the correct data) by e-mail to viaplant@viaplant.com and by mail to the following mailing address: 15 Hegedűs Gyula utca, 1136 Budapest, in both cases with proof of identity and providing address. The Data Controller shall immediately make the rectification in its register and notify the Data Subject in writing of this.

You can view and change the information you provide on the newsletter server via the “Update subscription preferences” link at the bottom of any e-newsletter.

4.      Erasure of personal data

Users may request the erasure or blocking of their data – in part or in full – at the e-mail address viaplant@viaplant.com or by mail at the mailing address 15 Hegedűs Gyula street, 1136 Budapest at any time, free of charge, without justification, with proof of identity and providing the mailing address. Upon receipt of the cancellation request, the Data Controller shall immediately ensure the termination of the data processing and erase the User from its register.

In addition to the above, the User can also initiate the erasure of data on the visit stored on the Website HERE.

To unsubscribe from the newsletter, the Data Subject can initiate or indicate his/ her request to unsubscribe at the link “Unsubscribe from this list” at the bottom of any e-newsletter at viaplant@viaplant.com.

5.      Rights of data subjects

  1. the right to information and the right to access under which the Data Subject is entitled to receive feedback from the Data Controller as to whether the processing of his/ her personal data is in progress. If such data processing is in progress, the Data Subject is entitled to access to the personal data and the categories of personal data concerned, the purposes of the data processing, the recipients or categories of recipients to whom the personal data have been or will be communicated (including in particular third-country recipients and international organizations). Where applicable, Data Subject is entitled to access to the intended period of storage of the personal data or, if that is not possible, the criteria for determining that period. The Data Subject is, furthermore, entilted to request the Data Controller to rectify, erase or restrict the processing of personal data concerning him and to object to the processing of such personal data; he/ she has the right to file a complaint to a supervisory authority, if the data were not collected from the Data Subject, with all available information on their source, as well as the right to access to the fact of automated decision-making (including profiling and, at least in these cases, comprehensible information on the logic used and the significance of such data processing and the expected consequences for the Data Subject).
  2. right to rectification under which the Data Subject is entitled to have inaccurate personal data concerning him/ her rectified at his/ her request without undue delay. In addition, taking into account the purpose of the data processing, the Data Subject is entitled to request the completion of incomplete personal data, inter alia, by means of a supplementary statement.
  3. right to de-referencing under which the Data Subject shall have the right that at his/ her request the Data Controller erease, without undue delay, the personal data concerning him or her processed on the basis of consent. If the Data Controller has made the personal data public and is obliged to delete it, it shall take reasonable steps (including technical measures) taking into account the available technological and implementation costs in order to inform the data controllers to erase any links to, or copies or replications of those personal data in question upon the request of the Data Subject. This is the right to „be forgotten”.
  4. right to restriction of data processing under which

the Data Subject shall have the right to obtain from the Data Controller restriction of processing, if:

the accuracy of the personal data is contested by the Data Subject;

the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;

the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims;

the Data Subject has objected to processing, in this case, the restriction applies to that period until the verification is pending whether the legitimate grounds of the Data Controller override those of the Data Subject.

  1. right to data portability under which the Data Subject is entitled to receive the personal data concerning him/ her made available to a Data Controller in a structured, commonly used and machine-readable format. Furthermore, Data Subject shall have the right to transfer such data to another controller without being hindered by the Data Controller to whom the personal data have been made available. This is provided by the Company by saving the online user account information.
  2. right to object under which the Data Subject is entitled to object at any time for reasons related to his/ her situation to the processing of his/ her  personal data in the event that the data processing is necessary for the performance of a task in the public interest or in the exercise of a public authority conferred on the Data Controller, or when the processing is necessary for the legitimate interests of the Data Controller or of a third party, or when the purpose of the processing is a direct acquisition of business. The Company shall not terminate the data processing on the basis of the protest if the data processing is justified by compelling legitimate reasons which take precedence over the interests, rights and freedoms of the Data Subject or which are related to the submission, enforcement or protection of legal claims.
  3. the Data Subject’s right not to be covered by a decision based solely on automated data processing, including profiling, which would have legal effects on him or her or would be significantly affected by him or her.

In order to exercise any of the rights mentioned above, please contact us in accordance with Section II/4 at one of the contact details set out in.

6.      Remedies

The Data Subject may request information on the processing of his/ her  personal data, as well as request the rectification of his/ her  personal data, or – with the exception of the data processing prescribed by law – its deletion in the manner indicated at the time of data collection or through the customer service of the Data Controller.

At the request of the Data Subject, the Data Controller shall provide information on the data processed by it, the purpose, legal basis, duration, name, address (registered seat) and activities related to data processing, as well as who receive or received the data and for what purpose. The Data Controller shall provide the information in writing in a comprehensible form as soon as possible after the submission of the request, but no later than within 30 days. This information is free of charge if the person requesting the information has not yet submitted a request for information on the same area to the Data Controller in the current year. In other cases, the Data Controller may charge a fee.

The Data Controller erases the personal data if its processing is illegal, the Data Subject requests it, the purpose of the data processing has ceased or the term for storing the data specified by law has expired, it has been ordered by a court or the data protection supervisor.

The Data Controller shall notify the Data Subject of the rectification and erasure, as well as all those to whom the data has previously been transfered for the purpose of data processing. It shall omit the notification if this does not harm the legitimate interests of the Data Subject with regard to the purpose of the processing.

The Data Subject may object to the processing of his or her personal data, if:

  1. the processing (transfer) of personal data is necessary only for the enforcement of the right or legitimate interest of the Data Controller or the data importer, except when the data processing is required by law;
  2. the use or transfer of personal data is for the purpose of direct business acquisition, public opinion polling or scientific research;
  3. the exercise of the right to protest is otherwise permitted by law.

With the simultaneous suspension of data processing, the Data Controller shall examine the objection as soon as possible, but not later than within 15 days from the submission of the request, and shall inform the applicant in writing of the result. If the objection is justified, the Data Controller shall terminate the data processing, including further data collection and transfer, and block the data, and notifies all those to whom the personal data affected by the objection has previously been transfered and who are obliged to take action in order to enforce the right to object.

If the Data Subject does not agree with the decision made by the Data Controller, he/ she may appeal against it to the court within 30 days of its notification.

The Data Controller may not delete the data of the Data Subject if the data processing has been ordered by law. However, the data may not be transferred to the data importer if the Data Controller has agreed to the objection or the court has established the legitimacy of the protest.

In case of violation of the rights of the Data Subject, the Data Subject may take legal action against the Data Controller. The court is giving priority in the case.

The User may file a complaint regarding the data processing directly with the National Data Protection and Freedom of Information Authority (address: 22 / c Szilágyi Erzsébet fasor, 1125 Budapest; phone: + 36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu; website: www.naih.hu).

In case of violation of the rights of the User, the User may take legal action. The trial falls within the jurisdiction of the tribunal. A suit can be filed at the court of the Data Subject’s place of residence or stay, at the choice of the Data Subject. Upon request, the Data Controller shall inform the User about the possibility and means of legal remedy.

IV. USE OF COOKIES

A cookie is a package of information sent by the Website to your computer when you visit the Website, which makes certain services of the Website more conveniently available to you. For example, you have the option of having the Website remember your e-mail address and password on the registration interface of the Website, i.e. you do not have to provide this information each time you log in, if you consent. By using cookies, your needs can be better monitored. You have the right to enable or disable cookies at any time by changing your browser settings. Because the options vary by browser, please visit your browser’s Help menu for more information or contact us for assistance.

If you do not give your consent to the use of cookies, it may result in incomplete use of certain features of the Website.

We use cookies on this site for the following reasons:

  1. to store a user session,
  2. to compile statistics,
  3. to store user settings,
  4. to store your consent to the cookies.

The following types of cookies may appear on the website:

  1. session cookies: These are essential for navigating on our website, operating key features of our website and accessing protected content. These cookies store the information needed to fill out the forms and, in some cases, the language you choose, and do not collect information about you that could identify you, be used for marketing purposes, or remember other websites you have visited. After closing the website, these cookies are automatically deleted and the session is closed.
  2. functional cookies: In order to improve the user experience, these cookies detect the means by which you opened our website and remember your previous user decisions (such as your user name, password, language, region, whether you have logged during a previous session, user changes you have made to text size, font, or other customizable elements of the website), in order that we can offer you better and more personalized features. These cookies do not track your activity on other websites and we do not use them to send you advertisements through other sites.

We sometimes display various content on our website using external web services, this may result in the storage of some cookies that we do not control, and thus, we have no control over what information these websites or external domains collect about how you use these embedded content.

If you wish to know more about the topic, there are several articles available on the internet. An example is http://www.allaboutcookies.org.