Privacy Policy

1. Name of Data Controller:

LOGINFORM Ltd. (hereinafter referred to as Data Controller)
Registered office: 1135 Budapest, Lehel út 61.
Tax ID: 12986149-2-41
Data Protection Officer: Róbert Kérdő
Main email address: info@loginform.hu
Contact form: https://teszt.loginform.hu/kapcsolat

2. Purpose of the Privacy Policy:

The Data Controller undertakes that all data processing related to its activities complies with the requirements set forth in this policy and in the applicable national legislation, as well as in the legal acts of the European Union. The Data Controller reserves the right to modify or change any part of this Privacy Policy at any time.

The Data Controller shall use private data provided to it solely for the purpose for which the data owner made it available. The Data Controller does not store any personal data that was received by mistake. Personal data is never transferred to third parties, except when required by law or by an official procedure. Personal data entrusted to the Data Controller is handled carefully and protected from unauthorized use.

3. Applicable Legislation

During data processing, the Data Controller must act in accordance with the provisions of the following legislation, as set out in this policy:

⦁ Regulation (EU) 2016/679 of the European Parliament and of the Council (27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: GDPR)

⦁ Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: Infotv.).

⦁ Act V of 2013 on the Civil Code (hereinafter: Ptk.).

⦁ Act I of 2012 on the Labor Code (hereinafter: Mt.).

4. Interpretive Provisions

Definitions specified in the GDPR, among which the following concepts are highlighted in accordance with the nature of this policy:

⦁ personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

⦁ processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

⦁ controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

⦁ processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

⦁ recipient: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

⦁ third party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

⦁ filing system: any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.

⦁ personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

⦁ representative: a natural or legal person established or resident in the European Union who, designated by the controller or processor in writing pursuant to Article 27, represents the controller or processor with regard to their obligations under this Regulation.

⦁ undertaking: a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity.

⦁ data asset inventory: a document serving to assess the scope and nature of personal data processed by the Data Controller.

⦁ technical and organisational measures: procedures appropriately determined by the Data Controller, taking into account the nature, scope, context and purposes of the processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, for the purpose of ensuring and being able to demonstrate that processing of personal data is performed in accordance with the GDPR. These measures shall be reviewed and updated where necessary by the Data Controller.

5. General Legal Bases for Data Processing

The processing of personal data shall be lawful only if and to the extent that at least one of the following legal bases applies:

⦁ The data subject has given consent to the processing of his or her personal data for one or more specific purposes (hereinafter: consent-based data processing).

⦁ Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (hereinafter: contract-based data processing).

⦁ Processing is necessary for compliance with a legal obligation to which the Data Controller is subject (hereinafter: legal obligation-based data processing).

⦁ Processing is necessary in order to protect the vital interests of the data subject or of another natural person (hereinafter: vital interest-based data processing).

⦁ Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller (hereinafter: public authority-based data processing).

⦁ Processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child (hereinafter: legitimate interest-based data processing).

⦁ The Data Controller always processes a given set of personal data based on only one legal basis. The legal basis for data processing may change during the processing.

6. Scope of Personal Data Processed:

The Data Controller’s website processes the following types of personal data:

⦁ Personal data provided during form submission: Personal data received by the Data Controller after filling out forms on this website is used for the purposes for which authorization was requested during the form submission. See also the section on Planned Use and Retention Period of Processed Data.

⦁ Personal data provided via email: Personal data received by the Data Controller during email inquiries is used for the purposes authorized by the sender of the email, or for which the Data Controller drew attention when providing the email address. See also the section on Planned Use and Retention Period of Processed Data.

⦁ Cookies: The Data Controller uses cookies to maintain and develop its services available at loginform.hu, and to enhance user experience. Cookies are small text files placed on the user’s device by the browser, performing identification and information gathering. A cookie consists of a unique string of numbers and primarily serves to distinguish between computers and other devices downloading the website. Types:

⦁ Essential cookies: Without these, the essential services of the website would not be able to function properly.

⦁ Functional cookies: These allow the website to remember certain previously entered data, such as your personal settings.

The Data Controller uses the Google Analytics system to examine visitor habits during visits to loginform.hu; data retention is unlimited. You can opt out of the Google Analytics service at the following link: https://tools.google.com/dlpage/gaoptout

The Data Controller does not sell, rent, or otherwise distribute information collected by cookies to third parties, except to the extent necessary to provide services for which you have previously and voluntarily provided this information.

You can also manage cookie settings for your computer in your browser. Settings for managing cookies in the most commonly used browsers:
Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=hu
Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Internet Explorer: https://support.microsoft.com/hu-hu/help/17442/windows-internet-explorer-delete-manage-cookies

7. Use and Retention Period of Data Processed on the Website

Data provided on the website is retained as long as required by law, or otherwise for a maximum of 10 years.
Requests for personal data deletion within the specified periods can be made by sending the personal data (at a minimum, name and email address for identification purposes) to info@loginform.hu. In this context, personal data stored by the Data Controller will be deleted – unless the Data Controller is legally obliged to retain it.

8. Data Security

The Data Controller selects and operates the IT tools used during the provision of the service for the processing of personal data in such a way that the processed data:

⦁ is accessible to those authorized (availability);
⦁ its authenticity and authentication are ensured (authenticity of data processing);
⦁ its integrity can be verified (data integrity);
⦁ is protected against unauthorized access (confidentiality of data).
The Data Controller protects data with appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction.
The Data Controller ensures the security of data processing with technical, organizational, and institutional measures that provide a level of protection appropriate to the risks associated with data processing.

During data processing, the Data Controller maintains
⦁ confidentiality: protecting information so that only authorized persons can access it;
⦁ integrity: protecting the accuracy and completeness of the information and the processing method;
⦁ availability: ensuring that when an authorized user needs it, they can indeed access the desired information, and the related tools are available.

9. Rights of the Data Subject and Their Enforcement

In accordance with the provisions of the GDPR, the Data Controller provides the following to data subjects:
Right to Information
⦁ The right to information applies to the data subject in relation to all legal bases for data processing.
⦁ The Data Controller provides information to data subjects in a concise, transparent, intelligible, and easily accessible form, using clear and plain language.
⦁ Information must be provided in writing or by other means – including, where appropriate, electronic means.
Information at the Data Subject’s Request
⦁ The Data Controller shall provide information to the data subject without undue delay, and in any event within 30 days of receipt of the request, regarding the measures taken in response to a data subject’s request concerning other data subject rights.
⦁ Where necessary, taking into account the complexity and number of the requests, that period may be extended by a further 60 days. The Data Controller shall inform the data subject of any such extension within 30 days of receipt of the request, together with the reasons for the delay. If the data subject makes the request by electronic means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.
⦁ Information and actions shall be provided free of charge.
⦁ Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the Data Controller may, taking into account the administrative costs of providing the information or communication or taking the action requested: charge a reasonable fee, or refuse to act on the request.
⦁ The burden of demonstrating that the request is manifestly unfounded or excessive shall be on the Data Controller.

Mandatory Information

⦁ If the Data Controller obtained the data directly from the data subject (including, in particular, clients), the Data Controller shall in any case provide information on the following:
a) the identity and contact details of the undertaking – if any – and its representative;
b) the contact details of the data protection officer, where applicable;
c) the purposes of the intended processing of personal data and the legal basis for the processing;
d) where processing is based on legitimate interests, the legitimate interests pursued by the Data Controller or by a third party;
e) the recipients or categories of recipients of the personal data, where applicable;
f) where applicable, the fact that the Data Controller intends to transfer personal data to a third country or international organisation;
⦁ At the time of the first collection of personal data, the Data Controller shall also inform data subjects of the following, in addition to the above:
a) the period for which the personal data will be stored;
b) the existence of the right to request from the Data Controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject, and to object to processing as well as the right to data portability, in cases of data processing tied to certain legal bases;
c) the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
d) the right to lodge a complaint with a supervisory authority (National Authority for Data Protection and Freedom of Information, hereinafter: Authority or NAIH);
e) whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data.
⦁ If the Data Controller intends to further process personal data for a purpose other than that for which the personal data were collected, the Data Controller shall provide the data subject prior to that further processing with information on that other purpose and with all relevant further information.
⦁ Information relating to the processing of personal data is published and updated by the Data Controller on its website (under the title “Privacy Policy”) in a manner that is easy to find and accessible to everyone.
Right of Access
⦁ The right of access applies to the data subject in relation to all legal bases for data processing.
⦁ The data subject shall have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipient to whom the personal data have been or will be disclosed by the Data Controller;
d) where possible, the envisaged period for which the personal data will be stored;
e) the existence of the right to request from the Data Controller rectification or erasure of personal data or restriction of processing concerning the data subject or to object to such processing, in cases of data processing tied to certain legal bases;
f) the right to lodge a complaint with a supervisory authority;
g) where the personal data are not collected from the data subject, any available information as to their source;
h) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
⦁ The Data Controller shall provide a copy of the personal data undergoing processing.
⦁ For any further copies requested by the data subject, the Data Controller may charge a reasonable fee based on administrative costs, the amount of which is specified in the Data Controller’s pricing policy, other policies, or other documents.

Right to Rectification

⦁ The right to rectification applies to the data subject in relation to all legal bases for data processing.
The Data Controller shall, upon request by the data subject, rectify inaccurate personal data concerning the data subject without undue delay. The data subject has the right to request the completion of incomplete personal data, including by means of providing a supplementary statement.

Right to erasure (right to be forgotten)

The right to erasure (right to be forgotten) does not automatically apply to the data subject in respect of all data processing based on any legal ground.
The Data Controller shall erase personal data concerning the data subject without undue delay if one of the following grounds applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) the data subject withdraws consent on which the processing is based (in the case of consent-based data processing) and where there is no other legal ground for the processing;
c) the data subject objects to the processing, and there are no overriding legitimate grounds for the processing in cases of legal grounds for processing (processing based on public authority or legitimate interest)
d) the personal data have been unlawfully processed;
e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject;
The Data Controller shall not comply with the data subject’s request for erasure if the processing is necessary for compliance with a legal obligation requiring processing of personal data to which the Data Controller is subject.
If a request for erasure is received by the Data Controller, the Data Controller shall first verify whether the request for erasure genuinely originates from the entitled person. To this end, the Data Controller may request data serving to identify the contract between the data subject and the Data Controller (e.g., contract number, date of contract), the identification number of the document issued by the Data Controller to the data subject, or the provision of personal identification data recorded about the data subject (however, the Data Controller may not request additional data for identification that it does not record about the data subject).
If the Data Controller must comply with the request for erasure, it shall take all necessary steps to ensure that the personal data are erased from all databases.
The Data Controller shall inform all recipients to whom the personal data have been disclosed of the obligation to erase.
Right to restriction of processing
The right to restriction of processing applies to the data subject in respect of all legal grounds for data processing.
The Data Controller shall restrict processing at the request of the data subject if one of the following applies:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the Data Controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or
f) the data subject has objected to processing in cases of legal grounds for processing (processing based on public authority or legitimate interest); in this case, the restriction applies for the period until it is verified whether the legitimate grounds of the Data Controller override those of the data subject.
If processing is restricted based on the previous point, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
The Data Controller shall inform all recipients to whom the personal data have been disclosed of the obligation.

Right to object

The right to object applies to the data subject in cases of data processing based on public authority or legitimate interest.
Where the data subject objects to the processing, the Data Controller shall no longer process the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing.
If the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

Right to data portability
The right to data portability applies to the data subject in cases of consent-based or contract-based data processing, if the data processing is carried out by automated means.

The Data Controller shall ensure that the data subject receives the personal data concerning him or her, which he or she has provided to the Data Controller, in a structured, commonly used and machine-readable format, and has the right to transmit those data to another controller.

10. Data Protection Authority Procedure

Complaints can be filed with the National Authority for Data Protection and Freedom of Information:
Name: National Authority for Data Protection and Freedom of Information
Registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, Pf.: 5.
Phone: 06-1-391-1400
Fax: 06-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu

11. Data transfer, data processing, scope of persons with access to data

Personal data received by the Data Controller through this website in any form may be accessed by the Data Controller’s employees who possess the rights related to use and legal basis.

12. Other provisions

Information on data processing not listed in this policy will be provided at the time of data collection. We inform our clients that the court, the prosecutor, the investigating authority, the misdemeanour authority, the administrative authority, the National Authority for Data Protection and Freedom of Information, the Hungarian National Bank, and other bodies authorized by law may contact the data controller for information, data disclosure, transfer, or provision of documents.
The Data Controller shall only disclose personal data to authorities – provided the authority has specified the exact purpose and scope of the data – to the extent strictly necessary to achieve the purpose of the request.

13. Entry into force and final provisions

This policy shall enter into force on May 25, 2018.