1.1. The Buffalo Logistic Group Kft. (hereinafter as Data controller) shall attend to act in the course of the control of the personal data of the natural person (hereinafter as: Data subject) in accordance with the Regulation Nr. 2016/679 of the European Parliament and the Council (hereinafter as: Regulation), the Act CXII of 2011. on the right to informational self determination and freedom of information (Infotv.), as well as other provisions of laws in effects regarding the control of personal data, in line with data protection practice formulated as a result of the activity of the National Data Protection Authority (NAIH) and the commissioner for data protection, taking the significant international recommendation into consideration as well.
1.2. Data controller:
● acknowledges the content of the present legal notice as obligatory for itself
● undertakes to make sure that all the data controls related to its activity are in accordance with the provisions of the present document, the national legislation in effect, as well as in the legal acts of the European Union
● undertakes to control the data provided to itself by the time of the consent to data control, and carries out all security, technical and organizational measures, which will guarantee the security of the data
1.4. Data controller is entitled to storage the provided personal data for maximum 1 year from the providing, after which it shall delete such data ultimately.
1.5. Should any further request is submitted to Data controller by the customer, the period of data control shall commence from that time in accordance with the above mentioned.
2. Data of Data controller
Company name: Buffalo Logistic Group Kft.
Seat: 2724 Újlengyel, Petőfi utca 48.
Registration number: 13 09 194909
Tax number: 13910686-2-13
Central phone number: +36 1 473 1209
Central e-mail address: firstname.lastname@example.org
3. The personal date controlled by Data controller
For the contact and the consent to the data control the providing of the following data is required (the providing of the data marked with a * sign is mandatory):
● Phone number
4. The purpose, methods and legal grounds of data control
4.1. The data control activities of Data controller are based on voluntary consent or they are prescribed by the law. The data subjects are entitled to revoke this consent in any segments of the data control in the case if the data control is based on voluntary consent. In some cases, the control, storage and forwarding of some of the provided data is made mandatory by the legal provisions, about which we will inform our clients separately. Hereby we call the attentions of the persons providing the data that if the data provided is not their own personal data, it is their obligation to acquire the consent of the data subject.
4.2. The control of the personal data may take place in order to fulfill and obligation prescribed by the law of the European Union and the Hungarian law.
4.3. In some given cases, Data controller is entitled to control the personal data of Data subject for the purpose of the enforcement of the rightful interest of Data controller or a third party. In that case Data controller shall make a so-called test of interests, which records and examines whether the rightful interest of Data controller proportionally restricts the right of Data subject to the protection of personal data, its privacy or rather how to maintain a balance between the interests of Data controller and Data subject.
4.4. Should Data controller collect the data from the Data subject and the Data subject does not provide or only partially provides the data controlled based on the legal ground referred to hereinabove, then the probable consequence of the providing of the data may be the inability to take the given measure of Data controller.
4.5. The persons entitled to gain access to the data:
● managing director of Data controller: Dr. Rézműves Ildikó
● the employees of Data controller
4.6. The personal data provided shall only be stored and controlled by Data controller, no third party has any access to them, the personal data will not be handed over to any other person than Data controller, except for the case, if that shall take place based on rightful reasons that may be enforced, which have priority over the rightful interests , rights and liberties of data subject, or which are related to the presentation, enforcement and protection of legal claims.
4.7. The principles of data control are in accordance with the laws of data protection in effect, with special regards to the following:
● Act CXII. of 2011. (Infotv.) - on the right to informational self determination and freedom of information
● Regulation Nr. 2016/679 of the European Parliament and the Council (EU) (April 27, 2016.) – on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR)
● Act V. of 2013. – Civil Code
● Act. C of 2000. – on accountancy (Accountancy Act.)
5.1. The server system of the website implement small portion of data, the so-called cookies on the computer of the user which will be reactivated during a subsequent visit of the website. Should the browser send a cookie saved before, the service provider managing the cookie is able to connect the given visit of the user with its previous visit, however only regarding the own content of the service provider.
5.2. The cookies:
● store technical data about the visitor of the website and its tools
● memorize the individual settings of the visitors of the website
● make the use of website easier
● provide a high-quality user experience
5.3. The so-called session cookies which are necessary are used for the purpose of providing the visitors the exquisite and smooth (to an extent it is possible) browsing of the website and the use of all of its functions. The cookie stored in the browser is available for maximum 2 hours in case of default settings, however, the system serving the website may lengthen the availability period of the cookie depending on the active use of the website.
5.4. The website may use the cookies of Google Analytics, as a third party. The Google Analytics – with the use of its services aimed for statistical purpose – collects information about the way the visitors use the websites. The data will be used for the purpose of the development of the homepage and the increase in the user experience. These cookies will remain on the visitors computer or any other tools used for browsing, in the browser used until the end of their availability or until their deletion by the visitor.
6. The rights of Data subject and their enforcement
6.1. The Data subject may request information about the control of its personal data, and the correction of the personal data, or rather – except for the data control prescribed by the law
– the erasure and revocation of its personal data, and make use of its rights of data portability and objection in a way it is indicated by the time of the providing of the data, or at the contacts of Data controller.
6.2. Right to information
The data control may only take place, if the Data subject gives a univocal confirmation, i.e. written – including the electronic – or oral declaration made voluntarily, exact, based on information to the personal data of the natural person. The consent shall extend to all data control activity carried out for the identical purpose of purposes. If the data control serves more purposes simultaneously, then the consent shall be provided with regards to all data control purposes. In order to consider the consent being based on information, the Data subject shall be at least aware of the person of the Data controller and the purpose of the Data control.
The natural person shall be informed about the risks, rules, guarantees and rights in connection with the control of personal data, as well as about the fact how it is allowed to make use of the rights it is entitled to in connection with the control of the personal data. The Data controller shall not preserve the personal data exclusively for the purpose to answer the potential requests.
6.3. Right to access, rectification and erasure
The collection, use and the methods of data control and how access is gained to the data as well as in connection that how the data is controlled or will be controlled shall be transparent to Data subject. All reasonable measure shall be taken to rectify or erase the unpunctual personal data. The personal data shall be controlled in a way, which may provide its safety on a sufficient level as well as its confidential control, in order to, among others to prevent the unauthorized access to the personal data and the equipment used for the control of personal data, and their unauthorized use.
Data subject is entitled to gain access to the personal data related to it, as well as to make use of this right in a simplified way, within reasonable time periods, for the purpose of declaring and controlling the legality of the data control. The Data subject is entitled especially to request the erasure of the personal data and to prevent the further data control, if the collection of the personal data or the control of the data in any other way is not required in connection with the original purpose of the data control, or data subjects revoked their consent to the data control, or the data control is not in accordance with the Regulation in any other aspect.
If the request of access and/or rectification is submitted to Data controller in writing – including the electronic submission - , Data controller shall provide the information in a clear form in the proper extent within one month of the submission of request the latest.
6.4. The right to data portability
Data subject is entitled to receive the data provided to Data controller by itself in a format being well-proportioned, widely use, readable by computer and to provide them to another Data controller.
6.5. The right to objection and revocation
Data subject is entitled to object due to any reasons being in connection with its own situation any data control taking place for public purpose or the data control used for the carry out of activities in the framework of public competence transferred to Data controller.
, or against the data control carried out for the purpose enforcing the interests of Data controller or a third party, including the profiling based on the provisions referred to hereinabove. Data subject is entitled to revoke the consent given any time. In case of objection or revocation, Data controller is not entitled to control the personal data further, except for the case, if the data control is justified by rightful reasons to be enforced, which have priority over the interests, rights and liberties of Data subject, or which are related to to the submission, enforcement and protection of legal claims.
6.6. Enforcement of legal claims
The enforcements of data subject’s claims shall be enforced based on the Act CXII of 2011. on the right to informational self determination and freedom of information (Infotv.), and the Act. V. of 2013. (Civil Code) before the courts, as well is entitled to request assistance from the National Data Protection and Information Freedom Authority in any matters related to the control of its personal data.
In case of a breach of law, data subject is entitled to remedies before courts. In order to enforce its rights of remedies before courts, Data subject is entitled to act against Data controller in connection with data control measures, if Data controller, or a data controller acting based on Data controller’s assignment or its ruling controls the personal data in breach of the law, or the legal provision of the European Union with regards to the data control.
6.7. Procedure of the data protection authority
Name: Nemzeti Adatvédelmi és Információszabadság Hatóság
Seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Correspondence address: 1530 Budapest, Pf.: 5.
Telephone: +36 (1) 391 1400
Fax: +36 (1) 391 1410
7. Other provisions
July 15, 2020.