Data management Statement for Customers
The registered user of the „Ikarus.hu” domain is Műszertechnika Holding Zrt. (company registration number: 01-10-041430, registered office: 1145 Budapest, Újvilág u 50-52), which has contractually entrusted IKARUS Global Zrt. (Cg.01-10-048449, registered office: 1145 Budapest, Újvilág utca 50-52.) with the content management of the website www.ikarus.hu.
Ikarus Global Zrt. (hereinafter referred to as “the Organisation”) manages the personal data of natural persons who provide the Organisation with their personal data, visitors to the Website, registrants of the Website or otherwise provide their personal data (hereinafter collectively referred to as “the Data Subject”) in the course of its operation and the operation of www.ikarus.hu (hereinafter referred to as “the Website”). In the context of the managing of data, the Organization hereby informs the Data Subjects of the personal data managed by it in the above-mentioned context, of its principles and practices in the processing of personal data, as well as of the ways and means of exercising the rights of the Data Subjects. By giving their consent, the Data Subject accepts the Privacy Notice and consents to the processing of their personal data as set out below.
- Identification of the organisation as data controller
Company name: Ikarus Global Zrt.
Registered office, postal address:1145 Budapest, Újvilág utca 50-52.
Tax number: 25288771-2-42
Company registration number: 01-10-048449
Web hosting Provider:
Company name: DARK NETWORKS Ltd.
Address: Hungary, 8000 Székesfehérvár, Pozsonyi út 99/C. fszt. 3.
Company name: Műszertechnika Zrt.
Company registration number: 01-10-041430,
registered office: 1145 Budapest, Újvilág u 50-52.
- Data protection legislation
In its data management practices, the Organization shall comply with the applicable laws in force at the time. The data management principles set out in this notice are in accordance with the following legislation:
– Act LXVI of 1992 on the Registration of Personal Data and Address of Citizens;
– Act CXIX of 1995 – on the processing of name and address data for the purposes of research and direct marketing (DM Act);
– Act CVIII of 2001 – on certain aspects of electronic commerce services and information society services;
– Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions on Commercial Advertising Activities (Act XLVIII of 2008)
– Act CXII of 2011 – on the Right to Informational Self-Determination and Freedom of Information (Infotv.)
– REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 (GDPR).
3.1 Personal data
Any specific data that can be associated with a natural person who is identified or can be identified, directly or indirectly, on the basis of personal data (hereinafter referred to as the data subject), in particular the name, the identification mark and one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of the data subject, and the inference that can be drawn from the data concerning the data subject.
A voluntary and explicit expression of the data subject’s wishes, based on appropriate information, by which he or she gives his or her unambiguous consent to the processing of personal data relating to him or her, whether in full or in relation to specific operations.
A statement by the data subject objecting to the processing of his or her personal data and requesting the cessation of the processing or the erasure of the processed data.
The natural or legal person or unincorporated body which, alone or jointly with others, determines the purposes for which the data are processed, takes and implements decisions regarding the processing (including the means used) or has them implemented by a processor on its behalf.
3.5 Data management
Any operation or set of operations which is performed upon the data, regardless of the procedure used, in particular any collection, recording, recording, organisation, storage, alteration, use, retrieval, disclosure, transmission, alignment or combination, blocking, erasure and destruction of data, as well as any prevention of their further use, taking of photographs, audio or video recordings, and recording of physical characteristics which can be used to identify a person (e.g. fingerprints, palm prints, DNA samples, iris scans).
3.6 Data transmission
The making available of data to a specified third party.
The making available of data to any person.
3.8 Deletion of data
The rendering of data unrecognisable in such a way that it is no longer possible to recover it;
3.9 Data retention
The marking of data with an identification mark in order to limit its further processing permanently or for a limited period of time.
3.10 Data destruction
The total physical destruction of a data medium containing data;
3.11 Data processing
The performance of technical tasks related to data processing operations, irrespective of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data.
3.12 Data processor
A natural or legal person or an unincorporated body which processes data on the basis of a contract with the controller, including a contract concluded pursuant to a legal provision. In this context, we inform you that the messages received at the e-mail address firstname.lastname@example.org are received by IKARUS GLOBAL Zrt, but depending on the content of the messages, the following members of the IKARUS group of companies may also be entitled to access the data contained in the electronic messages as data processors:
– IKARUS ELectric Zrt (Cg.07-10-001451 registered office: 8000 Székesfehérvár, Vásárhelyi út 5.)
– Ikarus Járműtechnika Kft : Cg: 07-09-002629 registered office: 8000 Székesfehérvár, Vásárhelyi út 5. 7609/25
– Electrobus Europe Zrt (cg: 01-10-049884 registered office: 1145 Budapest, Újvilág utca 50-52.)
Messages sent via the form on the website can also be sent to email@example.com. Messages received there will be stored for 2 years, but the sender may request the deletion of his/her data before this period.
3.13 Third party
A natural or legal person or an unincorporated body other than the data subject, the controller or the processor.
3.14 Third country
Any state that is not a member of the European Economic Area.
A text file that is stored on our computer by the website we visit through our internet browser software. Its function is to make surfing more convenient and personalised, as it allows us to store various personal data and passwords. The cookies can also be used for targeted/personalised advertising campaigns.
- Principles of data management
Personal data can be managed if
- a) the data subject has given his or her consent to the managing of his or her personal data for one or more specific purposes;
(b) managing is necessary for the performance of a contract to which the data subject is a party or for taking steps at the request of the data subject prior to entering into a contract;
(c) managing is necessary for compliance with a legal obligation to which the controller is subject;
(d) managing is necessary for the protection of the vital interests of the data subject or of another natural person;
(e) managinging is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(f) managing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.
Personal data may only be managed for specified purposes, for the exercise of a right or the performance of an obligation. At all stages of the managing, the purpose of the managing must be fulfilled and the collection and managing of the data must be fair and lawful.
Only personal data that is necessary for the purpose of the processing and is adequate for the purpose shall be processed. Personal data may only be processed to the extent and for the duration necessary to achieve the purpose.
The managing must ensure that the data are accurate, complete and, where necessary for the purposes for which they are managed, kept up to date, and that the data subject can be identified only for the time necessary for the purposes for which they are managed. The data subject shall be responsible for the data provided and for their accuracy, completeness and veracity. The Organisation shall not be liable for any damage resulting from the incorrectness of the data, even if it could have been aware of the incorrectness of the data. If the data provider acts on behalf of another person, the data provider shall be responsible for obtaining and proving that the data subject has provided a data protection declaration of consent in accordance with the terms of this Privacy Notice.
Personal data may be managed only with appropriate prior informed consent, unless its managing is required by law or is in the legitimate interest of the parties.
The Organisation will not disclose the personal data, that it manages to the public, will not transfer it to third parties other than the aforementioned subcontractors, and the subcontractors will not be entitled to retain the personal data transferred or to transfer it to third parties in any way.
The controller may transfer personal data to a controller or processor carrying out processing in a third country only if the data subject has given his or her explicit consent. Transfers to a Member State of the European Economic Area shall be deemed to be transfers within the territory of Hungary.
- Legal basis and purpose of management.
The handling of data is based on the voluntary consent of the data subjects. The giving of consent implies acceptance of the processing as described in the Privacy Notice.
5.1 Website visitors’ data
Purpose of data management: to ensure the functioning of the website, to monitor it, to prevent security incidents, to evaluate it afterwards.
Legal basis for data handling: § 13/A (3) of Act CVIII of 2001 on certain issues of information society services.
Data handled: date and exact time of the visit, address of the website visited, the address of the previous page visited, the IP address of the visitor, and data specific to the browser and operating system used.
Time limit for deleting data: 2 years from the date of the visit
5.2 Data collection by external organisations on the website
No personal data is collected or processed by external organisations on behalf of the Organisation.
Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043) is only entitled to process data that is not individually identifiable. The applicable data processing policy can be found at http://www.google.com/intl/hu/privacy/ (http://www.google.com/intl/hu/privacy/).
What is a cookie?
Cookies are small text files in which websites store information about visits for a specified period of time and for a specified purpose. During repeated visits, the website is able to recognise the text file, thereby identifying the previous visitor.
The primary function of cookies is to make your browsing experience more convenient and personalised, as they allow us to store various personal data and preferences. Cookies can also be used for well-targeted, personalised advertising campaigns.
Types of cookies
(1) Google Analytics
Our website makes use of the web analytics service Google Analytics provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as “Google”. Google Analytics uses its own cookies, which are also text files stored on the user’s computer, to analyse the way users use the website. The information contained in the cookie describing your use of this website is usually transmitted to and stored by Google on servers in the United States of America.
(2) Google Adwords
The website makes use of Google’s analytics service Google AdWords and the click-through tracking function as part of this service. Google AdWords places a click-through tracking cookie (also known as a click-through or conversion cookie) on the visitor’s computer hard drive when the user clicks on an advertisement served by Google. These cookies expire within 30 days and are not personally identifiable. When you visit some of our websites, Google and COMPANY NEVE may track whether you have clicked on an advertisement to reach our website.
The data collected through click-through cookies is used by Google to compile statistical analyses for users of the click-through tracking function of the AdWords service. These statistics show the total number of clicks on an advertisement served by Google and the number of visitors to our pages who opened our pages with a valid click-through cookie on their computer. We do not receive any personally identifiable information about our visitors. We are not able to combine this data with our other data to reach a conclusion about a particular user.
- Who can access the data, data transfers, data processing
The Organization, companies belonging to the Organization’s group of companies (who appear on the website), companies having a contractual relationship with the Organization (as recorded in the Register of Partner Companies and the Inventory of Data Assets) and the Organization’s internal staff are the primary recipients of the data, but they are not disclosed or transferred to third party(ies). The Organization may use a data processor for the purposes of achieving its specific objectives.
In addition to the above, the transfer of personal data concerning the Data Subject may only take place in cases that are mandatory by law or based on the Data Subject’s consent.
- Amendment of the data management policy
- Rights of users in relation to the management of their personal data
You may request information about the processing of your personal data and request the rectification or, subject to legal exceptions, the erasure of your personal data. At the data subject’s request, the Organization shall provide the data subject with information about the data processed, the purposes, legal basis and duration of the processing, the name, address (registered office) and activities of the data processor in relation to the processing, as well as the persons who receive or have received the data and the purposes for which the data are received. The controller shall provide the information in writing in an intelligible form within the shortest possible time from the date of the request, but not later than 30 days. This information shall be provided free of charge. The request for information shall be sent by e-mail to firstname.lastname@example.org and shall receive a reply within 8 working days.
The data subject may object to the management of his or her personal data by lodging a statement with the Organization, using the contact details provided in point 14, if he or she contests the lawfulness of the managing; in this case, the Organization will notify the data subject of the decision in writing. If the data subject does not agree with the decision, he or she may appeal to a court (tribunal) to enforce his or her rights, in which case the court shall act out of turn.
- Enforcement possibilities
The data subject may object to the managing of his/her personal data,
- if the handling or transfer of the personal data is necessary solely for compliance with a legal obligation to which the controller is subject or for the purposes of the legitimate interests pursued by the controller, the recipient or a third party, except in the case of mandatory handlinging;
- where the personal data are used or transmitted for direct marketing, public opinion polling or scientific research purposes; and
- in other cases specified by law.
The controller shall examine the objection within the shortest possible time from the date of the request, but not later than 15 days, decide whether the objection is justified and inform the applicant in writing of its decision. If the Organization establishes that the objection of the data subject is justified, it shall cease the processing, including further collection and further transfer of data, and block the data, and notify the objection and the action taken on the basis of the objection to all those to whom the personal data subject of the objection has previously disclosed the personal data subject of the objection and who are obliged to take measures to enforce the right to object.
If the data subject disagrees with the controller’s decision on the objection or if the controller fails to comply with the 15-day time limit for the investigation, the data subject may, within 30 days of the notification of the decision or the last day of the time limit, have recourse to the courts.
- Controller’s Declaration
The data controller acknowledges that it is bound by the contents of this notice and undertakes to ensure that its handling of data in relation to its services complies with the requirements set out in this notice.
- In relation to data management, the data subject has the following rights and remedies:
The data subject may request information from the Organisation on the handling of personal data at its contact details (e-mail: email@example.com; postal address: 1145 Budapest, Újvilág u 50-52.); in this context, the Organisation shall provide information on the data managed by it, the purpose, legal basis and duration of the handling, as well as on the legal basis and recipient of any data processing or transfer (Articles 14-15 of the Data Protection Act).
The Organisation is obliged to provide the information in writing within 25 days at the latest, which may be refused only on the basis of a reason specified by law.
The data subject may lodge a claim or complaint with the NAIH:
National Authority for Data Protection and Freedom of Information.
Data Protection and Privacy Authority (DPAI) may contact the National Data Protection Authority (NDIH) at 22/c Szilágyi Erzsébet fasor, Szilágyi Erzsébet fasor, 1125 Budapest, 1125 Budapest.
Tel.:+36 (1) 391-1400
Present Statement has been drawn up in Hungarian and English, in case of any linguistic difference the Hungarian version shall be the governing text.