Website Datasheet Documentation
This information note is related to the data processing of our site. By using this website, you consent to the processing of your personal data as described in the provided notice.
1. Controller
IROTI Industries Kft.
Hungary, 4200 Hajduszoboszlo, Ferto utca 73., Tamas Biro ceo)
EU VAT: HU27453418
CRN: 09 09 033278
Phone number: +36-30-698-59-09
Email address: info@iroti.hu
Website: https://iroti.hu
2. Information about using cookies
About cookies:
The Data Controller uses so-called cookies when visiting the website. The information package consists of letters and numbers that our website sends to your browser with the aim of saving certain settings, facilitating the usage of our website and contributing to the collection of some relevant, statistical information about our visitors.
Legal background and legal basis of cookies: The background of data management are the provisions of the law Act CXII. of 2011 on the right of self-determination of information and freedom of information and the Act (Information Law) CVIII of 2001 on electronic commercial services and services related to the information society. The legal basis for data management is your consent in accordance with the Information Law, Section 5 (1) point a).
Cookies strictly necessary for operation: These cookies are essential for the use of the website and enable the use of the basic functions of the website. In the absence of these, many functions of the site will not be available to you. The lifetime of these types of cookies is limited to the duration of the session.
Cookies for improving the user experience: These cookies collect information about the user’s usage of the website, for example, which pages are visited most often or what error message is received from the website. These cookies do not collect information that identifies the visitor, that means they work with completely general, anonymous information. We use the data obtained from these to improve the performance of the website. The lifetime of these types of cookies is limited to the duration of the session.
RTB personalized retargeting cookies: May appear to previous visitors or users when browsing other websites in the Google Display Network or searching for terms related to your products.
If you do not accept the use of cookies, certain functions will not be available to you. You can find more information on deleting cookies through the following links:
Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11
Firefox: https://support.mozilla.org/hu/kb/sutik-informacio-amelyet-weboldalak-tarolnak-szami
Chrome: https://support.google.com/chrome/answer/95647?hl=en
3. Purpose of personal data processing
The purpose of processing personal data is for communication, requesting a quote, ordering services, fulfilling requests, and improving the user experience.
4. Scope of processed data
Name, delivery/billing address, email address, phone number (for contact), and other information related to the performance of the contract and the services provided (e.g., invoicing).
5. Legal basis of data processing
The legal basis for processing billing data necessary for the performance of the contract is the fulfillment of a legal obligation applicable to the Data Controller (GDPR Article 6(1)(c)), as mandated by Section 169 of the Value Added Tax Act.
6. Period of storage of personal data
The data will be retained until the withdrawal of consent or, if no contract is concluded following the message exchange, until the response to the message or the fulfillment of the User’s request. The Data Controller will delete the data processed for this purpose after responding to the message or fulfilling the request. In cases where multiple related message exchanges occur for information sharing, the Data Controller will delete the data upon the completion of the information exchange or after fulfilling the request.
The retention period for invoice-related data is 8 years, as per Section 169(2) of the Accounting Act.
7. Engaging another processor
Maxer Hosting Kft.
HU 9021 Győr, Arany János utca 31.
CRN: 08-09-013763
VAT.: 13670452-2-08
Email: adatvedelem@maxer.hu
8. Circle of persons entitled to know the data
Co-workers of the controller who processes purchase orders.
9. Rights of data subjects
GDPR includes your data protection rights and legal remedies in detail. You can anytime request information on your data, you can anytime request the rectification, erasure or restriction of processing your data, you can object against data processing (contact data) based on legitimate interest. Below the most important provisions are summarized.
Right to information: If the controller processes personal data concerning you, the controller shall provide you with information, even if you do not request this, such as the most important characteristics of data processing, the purposes, legal basis, period of data processing, the person and contact details of the controller and its representative (in the case of transfer to third countries with reference to the appropriate or suitable safeguards), in the case of data processing based on legitimate interest about the legitimate interest of the controller and/or the third party, and your rights and legal remedies related to data processing (including the right to submit a complaint with the supervisory authority), if you do not yet possess that information. The controller provides you with the information by making the present information note available to you.
Right to access: You shall have the right to receive a feedback from the controller concerning whether your personal data are being processed or not and if they are being processed, you shall have the right to obtain access to the personal data and specific pieces of information in connection with the data processing including the purpose of data processing, the categories of personal data of the data subject, the recipients of personal data, the (planned) period of data processing, the rights and legal remedies of the data subject and in the case of data gathered from the data subject the pieces of information referring to the source thereof. On your request, the controller provides you with a copy of the personal data undergoing processing. The controller may charge you with a reasonable fee for further copies requested by you that are based on administrative costs. The right to obtain a copy may not adversely affect the rights and freedoms of others. You shall be informed about the possibility of obtaining a copy, its form, its possible costs and other details by the controller on your request.
Right to rectification: You shall have the right to make the data processor rectify the inaccurate personal data concerning you without undue delay. Taking into account the purpose of the data processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure: You shall have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay if specific conditions apply. Among others, if the controller shall erase your personal data on your request if the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed; you withdraw consent to which the processing is based and there are no overriding legitimate grounds for the processing; or your personal data have been unlawfully processed; you object against the processing and there are no legitimate reasons for the processing; the deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject; the personal data have been collected in relation to the offer of information society services.
Right to restriction of processing: You have the right to require the controller to restrict processing if one of the following conditions applies: a) you dispute the accuracy of your personal data; in which case processing may be restricted during the period it takes for the controller to verify the accuracy of the data; b) the processing is unlawful and you object against the deletion of the personal data and request a restriction of the use of the personal data instead; c) the controller no longer needs the personal data for the purposes of processing, but you need them to establish, exercise or defend legal claims; or d) you have objected against the data processing for the period until it is determined that the legitimate interests of the controller overrides your legitimate interests. In case the processing of your personal data was subject to restriction, and notwithstanding their storage, such data shall only be processed with your consent or for the establishment, exercise, or defense of claims or for the procurement of the protection of rights of a natural or legal person or for purposes of an important public interest of the European Union or a member state. In case the restriction of processing has been executed in accordance with the above, you shall be informed by the controller prior to the cancellation of such restriction.
Right to object: you have the right to object against data processing (contact data) based on legitimate interest. In such a case the controller may keep processing your data, if the controller can demonstrate compelling legitimate grounds for the processing which override your legitimate interests.
Right to complain: The controller provides the requested information without undue delay but within one month from the receipt of the request at the latest about the measures taken based on your request related to your rights listed previously. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The controller informs you as to any such extension within one month as of receipt of the request, stating the reasons for the delay. If the controller does not take action on your request, the controller shall inform you without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of you lodging a complaint with the competent data protection supervisory authority (in Hungary the Hungarian National Authority for Data Protection, NAIH) and you can be seeking a judicial remedy. (Contact details of NAIH: 1125 Budapest, Szilágyi Erzsébet fasor 22/C., Tel: +36 1391 1400, E-mail: ugyfelszolgalat@naih.hu) In the event of violation of your rights, you may seek ruling from a court. The proceedings fall within the jurisdiction of the General Court (Regional court in Hungary). If requested by the data subject, the action may also be brought before the general court in whose jurisdiction the home address or temporary residence of the data subject is located. You may claim any damage caused to you as a result of unlawful processing (including any breach of data security measures) from the controller liable for the damage caused.
10. Transfers of personal data to a third country or an international organization
Not appropriate.
11. Automated decision-making, profiling
Not appropriate.
12. Data security measures
The controller shall plan and perform data processing so that the privacy of the data subjects is protected when applying the provisions of the GDPR and other provisions related to data processing. The controller ensures the security of the data, furthermore, takes technical and organizational measures and establishes the procedural rules necessary to enforce GDPR and other data protection and confidentiality regulations. The data is protected using the appropriate actions, particularly against unauthorized access, alteration, forwarding, disclosure, deletion or destruction as well as accidental destruction and damage, furthermore becoming inaccessible due to the change in the applied technique. In this, the company shall store the personal data of the data subject in a password-protected and/or encrypted database. The company shall provide a risk-proportionate level of protection of data via firewalls and antivirus programs. It monitors data protection incidents continuously. The controller stores the completed questionnaires on its own server electronically.