Information on data processing during registration for the purpose of extra warranty
Wellis Magyarország Zrt. (registered office: 1118 Budapest, Budaörsi út 31/C., company registration number: 01-10-048882, tax number: 25584864-2-43, e-mail: firstname.lastname@example.org, represented by: Chief Executive Officer Zolt Czafik, name and contact details of the data protection officer: Dr. Krisztián Bölcskei, available by post at the Data Controller’s registered office and by e-mail to the email@example.com address, as data controller, hereby informs you about the relevant details of data processing during registration for extra warranty and about other relevant facts:
|Data processing during registration for extra warranty|
|Purpose:||enabling access to the extra (extended) warranty by registering via the website as well as establishing and keeping contact regarding the extra warranty|
|Legal basis:||data processing is necessary in order to take the steps requested by the data subject (pursuant to Article 6 (1) b) of the GDPR)|
|Data subjects:||All natural persons who can be identified on the basis of the data provided during registration for the extra warranty|
|Source of data:||data subjects|
|Scope of the processed data||Purpose||Storage period|
|Contact details||5 years (in general limitation period)|
|name*||identification and addressing|
|phone number*||identification and keeping contact|
|Model name*||1. product identification|
|Spa seller name*|
|Spa serial number*|
|date of purchase*|
|Date of submission*||subsequent evidencing|
|Transfer of data:||it is basically not done, it can only take place to an authority, court, conciliation body or legal representative, if necessary|
|Automated decision-making, profiling:||Not done.|
|Other:||In connection with the data marked with *, the Data Controller draws the attention to the fact that they are essential elements of data processing, and all of them are necessary for data processing.
The site collects data for statistical purposes, the data are not linked to the data subject, the data are provided with voluntary consent and it is not a condition for registration for the purpose of extra warranty.
How does the Data Controller ensure data protection?
Within the scope of its tasks related to IT protection, the Data Controller shall in particular ensure the following:
- refusing access of unauthorised persons to data processing equipment (hereinafter: “data processing system”),
- preventing the unauthorised reading, copying, modification and removal of data carriers,
- preventing the unauthorised input of personal data into the data processing system and the unauthorised access, modification or erasure of personal data stored therein,
- preventing the use of data processing systems by unauthorised persons using data transfer equipment,
- that persons authorised to use the data processing system have access only to the personal data specified in the access authorisation,
- ensuring control and verification of which personal data were, or can be forwarded, or were made or can be made available to which recipient by using data transfer equipment,
- that it can be verified and established subsequently which personal data were entered into the data processing system, when and by whom
- preventing unauthorised reading, copying, modification or erasure of personal data upon data transfer or data carrier transportation
- that the data processing system can be recovered in the event of a breakdown.
- that the data processing system is operational, that errors in its operation are reported and that the stored personal data cannot be altered even by operating the malfunctioning system.
What rights do the data subjects have
- The relationship between the data subjects’ rights and the legal basis/bases is shown in the table below to make it clear to the data subjects what rights they can exercise in the case of the legal basis used.
|Right to prior information||Right of access||Right to rectification||Right of erasure||Limitation||Data portability||Objection||Withdrawal of consent|
Right of access (Article 15 of the GDPR)
The data subjects have the right to obtain feedback from the Data Controller as to whether or not their personal data are being processed, and if this is the case, they have the right to access the personal data and information about the circumstances of data processing. Where personal data are transferred to a third country or to an international organisation, the data subject has the right to be informed about the appropriate safeguards pursuant to Article 46 relating to the transfer. The Data Controller makes a copy of the personal data – that are subject to data processing – available to the data subject if requested by the data subject.
Right to withdraw consent (Article 7 of the GDPR)
The data subject has the right to withdraw their consent at any time. The withdrawal of consent shall not affect the lawfulness of processing that was carried out based on consent before its withdrawal.
Right to rectification (Article 16 of the GDPR)
The data subject has the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning him or her.
Right to object (Article 21 of the GDPR)
The data subjects have the right to object – at any time, on grounds relating to their particular situation – to the processing of their personal data based on Article 6 (1) e) or f) of the GDPR.
In this case, the Data Controller may not process the personal data further, unless it proves that the processing is justified by legitimate reasons which override the interests, rights and freedoms of the data subject.
Right to restrict data processing (Article 18 of the GDPR)
The data subject has the right to request the Data Controller to restrict data processing if any of the conditions specified in the GDPR is met, and in this case the Data Controller should not perform any operation on the data other than storage.
If the data subject objected to data processing; in this case, the restriction applies until it is established whether the Data Controller’s legitimate reasons override the data subject’s legitimate reasons.
Right to erasure (right to be forgotten) (Article 17 of the GDPR)
The data subjects have the right to ensure that the Data Controller erases the personal data concerning them without undue delay if the data processing has no purpose, they withdrew their consent and there is no other legal basis, in case of objection there is no overriding legitimate reason for data processing, or if the data have been processed unlawfully, furthermore the data must be erased in order to fulfill a legal obligation. Where the Data Controller has made the personal data public and is obliged to erase the personal data, the Data Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
Right to data portability (Article 20 of the GDPR)
The data subjects have the right to receive the personal data concerning them and made available to the Data Controller in a structured, widely used, machine-readable format as well as to transfer such data to another data controller without being hindered in this by the Data Controller to whom they provided the personal data, if the legal conditions (legal basis of automated data processing and consent or agreement) exist.
Where and how can the data subjects request detailed information on data processing and transfer, where and how can they exercise their rights?
Contact details of the authority in case of a complaint (Article 77 of the GDPR):
National Authority for Data Protection and Freedom of Information
Address: 1055 Budapest, Falk Miksa utca 9-11.
Mailing address: 1363 Budapest, Pf. 9.
Phone number: +36 (1) 391-1400
Fax: +36 (1) 391-1410
For more information on your rights and on the details of your complaint to be submitted to the authority, visit the following website: http://naih.hu/panaszuegyintezes-rendje.html.
Lezárva: 2022. 02. 07.