Menü
Send a message

Privacy Policy

Privacy Policy

  1. Purpose and scope of the Prospectus

    (1) The purpose of this Privacy Policy (hereinafter referred to as "Policy") is to set out the privacy policy of M Quality Control Ltd. biz/ website (hereinafter referred to as the "Website"), and to ensure that the constitutional principles of data protection, the right of informational self-determination and the requirements of data security are met, and that, within the framework of the law, everyone has access to his/her personal data, can understand the circumstances of their processing, and is prevented from unauthorized access, alteration and unauthorized disclosure of the data. In addition, this Notice is intended to inform data subjects about the Data Controller's data management practices.

    (2) The scope of this Notice extends to the processing of personal and sensitive data by all departments of the Controller.

  2. Governing legislation

    • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation; hereinafter "GDPR")
    • Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter "the Infotv.")
    • Act V of 2013 on the Civil Code (hereinafter referred to as "Civil Code")
    • Act CXXX of 2016 on the Code of Civil Procedure (hereinafter referred to as "CCP")
    • Act CVIII of 2001 on certain aspects of electronic commerce services and information society services.

  3. Data of the Data Controller

    The current data of the Data Controller are as follows:

    • Name: M Minőségellenőrzés Kft.
    • Registered office: 1052 Budapest, Deák Ferenc tér 3. (MEYER & LEVINSON emelet).
    • Company registration number: 01-09-323842
    • Tax number: 26318163-2-41
    • Court of registration: Fővárosi Törvényszék Cégbírósága
    • Telephone number: +36 70 571 2300
    • E-mail address: info@mquality.biz
    • Representative: Molnár Botond Managing Director

  4. Scope of the personal data processed, purpose, duration and legal title of the processing

    (1) Data subjects are obliged to provide all the data provided to the best of their knowledge and accurately.

    (2) Where the data subject does not provide his/her own personal data, the data subject shall obtain the consent of the data subject.

    (3) Where the Data Controller transfers data to processors or other third parties, the Data Controller shall keep a record of such transfers. The record of the transfer shall include the recipient of the transfer, the method and time of the transfer and the scope of the data transferred.

    (4) Data processing relating to certain activities of the Controller:

    a. Sending messages on the Website
    Legal basis for processing: data subject's consent by means of impulse
    Data processed: surname, first name, telephone number, e-mail address, subject, content of the message
    Purpose of processing: contacting the Data Controller
    Deadline for erasure: at the unilateral discretion of the Data Controller, if the message contains content which imposes a legal obligation on the Data Controller or if the Data Controller considers that it may be necessary in the future to enforce or protect his or her rights or the rights of third parties, he or she will erase the data after 5 years, otherwise within 30 days of receipt of the message
    Possible consequences of failure to communicate the data: impossibility of contact

    b. Sending a newsletter
    Legal basis for processing: data subject's consent
    Data processed: name, e-mail address, IP address
    Processing platform: electronic
    Purpose of the processing: sending an electronic newsletter to subscribers' e-mail addresses with news, special offers and promotional messages
    Time limit for erasure of data: until consent is withdrawn
    Possible consequences of not communicating the data: impossibility of receiving current news and special offers by e-mail
    Deadline for deletion of data: until consent is withdrawn
    Possible consequences of not communicating the data: impossibility of receiving the latest news and any special offers by e-mail

    c. Cookie delivery
    Legal basis for processing: legitimate interest of the Data Controller in the proper technical functioning of the Website

    Süti neve Süti típusa Tárolási idő Adatkezelés célja
    XSRF-TOKEN Primary cookie 2 hours This is necessary to protect against so-called "Cross-Site Request Forgery". The purpose of using this cookie is to prevent others from submitting a form on behalf of the user.
    wpEmojiSettingsSupports HTML Until logout or until browser is closed WordPress cookie used to store browser data.
    m_quality_session HTML 2 hours Technical cookie needed to run the site.

    d. Billing
    Legal basis for processing: fulfilment of a legal obligation
    Data processed: name; address
    Purpose of processing: to fulfil a legal obligation
    Data processor: LandA Plussz Könyvelő és Adótanácsadóadói Kft (registered office: 4200 Hajdúszoboszló, Kossuth utca 62. ; company registration number: 09-09-002839; tax number: 11153102-2-09)
    Deadline for deletion of data: 9 years after the invoice is issued
    Possible consequences of non-disclosure: there is no possibility to refuse to provide the data due to legal obligations.

  5. Rights of data subjects, remedies

    (1) Data subjects may at any time request information in writing from the Data Controller on the processing of their personal data processed by the Data Controller, may indicate their wish to erase or amend their personal data and may withdraw their consent previously given by contacting the Data Controller at the contact details provided in point 3.

    (2) The data subject may not exercise his or her right of erasure in the case of processing which is mandatory by law.

    (3) Content of the right to information: at the request of the data subject, the Controller shall provide the data subject with the information listed in Articles 13 and 14 of the GDPR and the information referred to in Articles 15 to 22 and 34 of the GDPR concerning the processing of personal data in a concise and plain language.

    (4) Content of the right of access. Where the Controller is processing data relating to the applicant, the data subject shall have the right of access to the following information:

    a. Personal data concerning him/her;
    b. the purpose(s) of the processing;
    c. the categories of personal data concerned;
    d. the persons to whom the data subject's data have been or will be disclosed;
    e. the duration of the storage of the data;
    f. the right to rectification, erasure and restriction of processing;
    g. the right to apply to a court or supervisory authority;
    h. the source of the data processed;
    i. the details and practical effects of profiling and/or automated decision-making and its use;
    j. the transfer of processed data to a third country or international organisation.

    (5) In the event of a request for data pursuant to the above, the Controller shall provide the data subject with a copy of the data processed by the Controller in accordance with the request. Upon specific request, it is possible to request the Controller to deliver the data by electronic means.

    (6) The Data Controller shall charge an administrative fee of HUF 1000,- per page for each additional copy.

    (7) The deadline for the release of the requested data is 30 days from the date of receipt of the request.

    (8) Right to rectification.

    (9) Right to erasure: If any of the following grounds apply, the Controller shall, at the request of the data subject, erase the data relating to the data subject as soon as possible and in any event within 5 working days at the latest:

    a. The data have been unlawfully processed (without legal authorisation or personal consent);
    b. the processing of the data is unnecessary for the original purpose;
    c. the data subject withdraws his or her consent to the processing and the Controller has no other legal basis for the processing;
    d. the data in question were collected in connection with the provision of information society services;
    e. the personal data must be erased in order to comply with the legal obligations of the Controller.

    (10) The erasure of the data shall not be carried out by the Controller if the processing is still necessary for any of the following purposes:

    a. Further processing is necessary for the purposes of complying with legal obligations to which the Controller is subject;
    b. necessary for the exercise of the right of reply and information;
    c. in the public interest;
    d. for archiving, scientific, research or statistical purposes;
    e. for the establishment or defence of legal claims.

    (11) Right to restriction of processing:

    a. The restriction shall apply for the period of time until the accuracy or correctness of the data in question can be verified to the satisfaction of the controller;
    b. the processing is unlawful, but the data subject requests that the data not be erased and only that the processing be restricted;
    c. the data are no longer necessary for the purposes of the processing, but the data subject requests their retention for the purpose of pursuing or defending legal claims;

    (12) Where the Controller imposes a restriction on any data processed, it shall process the data concerned during the period of the restriction only if and to the extent that:

    a. The data subject consents to this;
    b. necessary for the establishment or defence of legal claims;
    c. necessary to assert or defend the rights of another person;
    d. necessary for the pursuit of a public interest.

    (13) Right of withdrawal. In the event of such a request, the Controller shall immediately and permanently erase all data which it has processed in relation to the data subject and the further storage of which is not required by law or is not necessary for the exercise or defence of legitimate interests. The lawfulness of the processing carried out until the withdrawal of consent shall not be affected by such withdrawal.

    (14) Right to data portability. The Data Controller shall comply with the request as soon as possible and in any event within 30 days.

    (15) Automated decision-making and profiling. This right shall not apply if:

    a. the processing is necessary for entering into, or the performance of, a contract between the data subject and the controller;
    b. the data subject explicitly consents to the use of such a procedure;
    c. its use is permitted by law;
    d. necessary for the establishment or defence of legal claims.

  6. Methods of storing and securing the data

    (1) The controller shall keep the data it processes, both in paper and electronic form, at its head office.

    (2) The Data Controller's websites are physically stored by a server provider. The server provider is Rackforest Zrt. (address: 1132 Budapest, Victor Hugo utca 11, 5th floor; telephone: +36 1 211 0044; e-mail: info@rackforest.com)

    (3) The server provider only provides hosting space and does not process the data of the data subjects.

    (4) The data controller uses an IT system for its operation that ensures that the data:

    a. the integrity of the data can be verified (data integrity);
    b. authenticity is ensured (data integrity);
    c. is accessible to those entitled to have access to it (availability);
    d. protected against unauthorised access (data confidentiality).

    (5) Data protection covers in particular:

    a. unauthorised access;
    b. alteration;
    c. transmission;
    d. deletion;
    e. disclosure;
    f. accidental damage;
    g. accidental destruction;
    h. inaccessibility due to changes in the technology used.

    (6) The Data Controller shall apply a solution providing an adequate level of security in accordance with the state of the art in order to protect the electronically processed data. In assessing adequacy, particular emphasis shall be given to the level of risk involved in the processing carried out by the Data Controller. IT security shall ensure that the data stored cannot be directly attributed or linked to data subjects (unless permitted by law).

    (7) The Controller shall ensure that, in the course of its processing:

    a. the data can be accessed by the data subject when he or she needs it;
    b. only those who are entitled to have access to the information;
    c. the accuracy and integrity of the information and of the processing method are protected.

    (8) The Data Controller and any data processors it may employ shall at all times ensure the protection of its information systems against fraud, espionage, viruses, intrusions, damage and natural disasters. The Data Controller (or its processor) shall apply server-level and application-level security procedures.

    (9) Messages transmitted to the Data Controller via the Internet, in whatever form, are highly vulnerable to network threats that could lead to modification of information, access by unauthorised persons or other illegal activities. However, the Data Controller will do everything reasonably practicable and reasonable in the state of the art to prevent such threats. To this end, the systems in place are monitored to record security anomalies, to obtain evidence of a security incident and to verify the effectiveness of the precautions taken.

  7. Procedural rules

    (1) Where the controller receives a request pursuant to Articles 15 to 22 of the GDPR, the controller shall inform the data subject in writing of the action taken on the request as soon as possible and in any event within 30 days.

    (2) Where justified by the complexity of the request or other objective circumstances, the above time limit may be extended once, up to a maximum of 60 days. The Data Controller shall notify the data subject in writing of the extension of the time limit, together with the reasons for the extension.

    (3) The controller shall provide the information free of charge, unless:

    a. the data subject repeatedly requests information/action on substantially unchanged content;
    b. the request is clearly unfounded;
    c. the request is excessive.

    (4) In the cases referred to in point (3), the Controller shall be entitled to:

    a. refuse the request;
    b. to make the execution of the request subject to the payment of a reasonable fee in connection with the request.

    (5) If the applicant requests the data to be provided on paper or on an electronic storage medium (CD or DVD), the Data Controller shall provide one copy of the data concerned free of charge in the requested format (unless the chosen platform would present a disproportionate technical difficulty). For each additional copy requested, an administration fee of HUF 1,000 per page/CD-DVD shall be charged.

    (6) The Data Controller shall notify any rectification, erasure or restriction carried out by it to all persons to whom the data concerned have previously been disclosed, unless such notification would be impossible or would involve a disproportionate effort.

    (7) If the data subject so requests, the controller shall inform him or her of the persons to whom his or her data have been disclosed.

    (8) The controller shall provide its response to the request in electronic form, unless:

    a. the data subject explicitly requests otherwise and this does not entail an unreasonably high additional cost for the Controller;
    b. the Controller does not know the electronic contact details of the data subject.

  8. Compensation

    (1) Where any data subject suffers pecuniary or non-pecuniary damage as a result of a breach of the legislation on data protection, he or she shall have the right to claim compensation from the Controller and/or the processor. Where both the Controller and the processor(s) are involved in the infringement, they shall be jointly and severally liable for the damage suffered.

    (2) The processor shall be liable for the damage suffered only if it has breached the provisions of the applicable data protection legislation specifically addressed to processors or if the damage has occurred as a result of its failure to comply with the Controller's instructions.

    (3) The Controller or any processors shall be liable only if they cannot prove that they are not responsible for the event or circumstance giving rise to the damage.

  9. Remedies

    (1) If the data subject considers that his or her rights have been infringed by the Controller and/or the processors, he or she shall have the right to apply to the competent court having jurisdiction and competence under the Civil Code. The court shall rule on the matter out of turn.

    (2) If the data subject wishes to lodge a complaint regarding the processing, he or she may do so at the National Authority for Data Protection and Freedom of Information, at the following contact details.

  10. Cooperation with the authorities

    (1) The Data Controller shall, upon receipt of a formal request from the competent authorities, provide the personal data specified on a mandatory basis.

    (2) The Data Controller shall only provide data in the cases referred to in point (1) which are strictly necessary for the purpose of achieving the objective specified by the requesting authority.

    Done at Budapest, 12 March 2024.

Menü
Menü