Oldal kiválasztása

 

The Gbl Partners LLC. (hereinafter referred to as the Data Controller), as the operator of the website available at the www.gblpartners.com domain name (hereinafter referred to as the Website), hereby publishes information on the data processing carried out in the framework of the services available on the Website.

Visitors to the Website (hereinafter referred to as Users) accept all the terms and conditions set forth in this Privacy Notice (hereinafter referred to as the Notice). Therefore, we ask that you carefully read this Notice before using the Website.

 

  1. Data Controller Information

The data controller is Gbl Partners LLC.

Registered Office:            1052 Budapest, Képíró street 9., Hungary
Tax Number:                     14728259-2-41
Email Address:                  info@gblpartners.com
Phone:                                +36 30 228 1866

 

  1. Information on Specific Data Processing Activities

a.) Contact

Scope of Data Processed:
On the Website, the User has the opportunity to provide their data in order to contact the Data Controller, receive information about the Data Controller’s products and services, or obtain assistance regarding orders. The following personal data may be provided during the contact process:
● Full name;
● Email address;
● Message

Purpose of Data Processing:
To provide information about the Data Controller’s products, services, and activities, to facilitate contact and communication with Users interested in the Data Controller’s products and services, to inform Users, and to manage feedback related to the Data Controller’s activities.

Duration of Data Processing:
The Data Controller processes personal data for up to 30 days from the conclusion of bilateral communication between the Data Controller and the User, or until the User requests the deletion of their data or withdraws their consent to the processing of their personal data.

Legal Basis of Data Processing:
User consent under Article 6(1)(a) of the GDPR.

 

b.) Complaint Handling

Scope of Data Processed:
●  In case of a written complaint:

  • Name;
  • Mailing address or email address;
  • Subject and content of the complaint.
  • In case of an oral complaint or a verbal complaint communicated by phone, if the complaint could not be resolved immediately, the Data Controller records a protocol that contains the following data:
  • Name;
  • Address;
  • Place, time, method, subject, and content of the complaint;
  • Unique identification number of the complaint.

Purpose of Data Processing:
For Users qualifying as consumers, the purpose of data processing is to handle complaints received verbally, by phone, in writing, or via email to the Data Controller, to ensure the traceability of the complainant’s identity, the exact time of complaint submission, the content of the complaint, and to document the Data Controller’s communication regarding the complaint.

Legal Basis of Data Processing:
Section 17/B of Act CLV of 1997 on Consumer Protection.

Duration of Data Processing:
Under Section 17/B of Act CLV of 1997 on Consumer Protection, the Data Controller is required to retain the protocol of oral complaints, the written complaint, and the response to it for 5 years.

 

  1. Persons Authorized to Access Personal Data, Data Processing

The Data Controller and the Data Processors engaged by it are entitled to access personal data in accordance with the applicable laws and regulations.

The data processing is carried out by the following data processors acting on behalf of the Data Controller:

  • Data of the hosting service provider:

Profitárhely Kft.
Address:                                             6000 Kecskemét, Szolnoki street 23., Hungary
Email address:                                  ugyfelszolgalat@profitarhely.hu
Purpose of data processing:        Provision of hosting necessary for the operation of the Website, operation of the Website.

The Data Controller reserves the right to involve additional data processors in the future for data processing purposes. In such cases, Users will be informed through the amendment of this Notice.

In the absence of an explicit legal provision, the Data Controller will only transfer personal identification data to third parties with the explicit consent of the respective User.

 

  1. User Rights

Access to Personal Data

At the User’s request, the Data Controller shall provide information on whether it processes the User’s personal data, and if so, it shall grant access to the personal data and provide information on the following:

  • The purpose(s) of data processing;
    ● The types of personal data processed;
    ● In case of the transfer of the User’s personal data, the legal basis and the recipient(s) of the data transfer;
    ● The planned duration of data processing;
    ● The User’s rights related to the rectification, deletion, and restriction of processing of personal data, as well as the right to object to the processing of personal data;
    ● The possibility to contact the Authority;
    ● The source of the data;
    ● Essential information on profiling;
    ● The names, addresses, and activities related to data processing of the data processors.

The Data Controller shall provide a copy of the personal data subject to processing to the User free of charge. For any additional copies requested by the User, the Data Controller may charge a reasonable fee based on administrative costs. If the User submitted the request electronically, the information shall be provided in a widely used electronic format unless the User requests otherwise.

The Data Controller shall provide the information requested by the User in an intelligible form without undue delay, but no later than within one month of receiving the request. The User may submit a request for access via the contact details specified in Section 1.

Rectification of Processed Data

The User may request the Data Controller (via the contact details specified in Section 1) to rectify inaccurate personal data and to complete incomplete data, taking into account the purpose of the data processing. The Data Controller shall carry out the rectification without undue delay.

 

Deletion of Processed Data (Right to be Forgotten), Blocking

The User may request that the Data Controller delete their personal data without undue delay, and the Data Controller is obliged to delete the personal data relating to the User without undue delay if one of the following reasons applies:

  1. a) the personal data are no longer necessary for the purpose for which they were collected or otherwise processed;
    b) the User withdraws their consent and there is no other legal basis for the processing;
    c) the User objects to the processing of their personal data;
    d) the personal data have been processed unlawfully;
    e) the personal data must be deleted to comply with a legal obligation under Union or Member State law to which the Data Controller is subject;
    f) the personal data were collected in relation to the offering of information society services to children based on consent.

If the Data Controller has made the personal data public (made it available to third parties) and is obliged to delete the data based on the above, it shall take reasonable steps, including technical measures, considering available technology and implementation costs, to inform other data controllers processing the personal data that the User has requested the deletion of links to, or copies or replications of, such personal data.

Personal data do not have to be deleted if the processing is necessary:

  • for exercising the right of freedom of expression and information;
    ● for compliance with a legal obligation under Union or Member State law to which the Data Controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
    ● for reasons of public interest in the area of public health;
    ● for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, where the right to deletion is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
    ● for the establishment, exercise, or defense of legal claims.

 

Restriction of Data Processing

The User has the right to request that the Data Controller restrict the processing of personal data instead of rectification or deletion if one of the following conditions is met:

  • The User disputes the accuracy of the personal data; in this case, the restriction applies for a period that allows the Data Controller to verify the accuracy of the personal data;
    ● The processing is unlawful, and the User opposes the deletion of the data and requests the restriction of their use instead;
    ● The Data Controller no longer needs the personal data for processing purposes, but the User requires them for the establishment, exercise, or defense of legal claims; or
    ● The User has objected to the processing; in this case, the restriction applies for the period during which it is verified whether the legitimate grounds of the Data Controller override those of the User.

If processing has been restricted, such personal data, with the exception of storage, may only be processed with the User’s consent, for the establishment, exercise, or defense of legal claims, for the protection of the rights of another natural or legal person, or for important public interest reasons of the Union or a Member State.
The Data Controller shall inform the User who requested the restriction before lifting the restriction on processing.

Notification Obligation Related to the Rectification or Deletion of Personal Data or Restriction of Processing

The Data Controller shall communicate any rectification or deletion of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The Data Controller shall inform the User about those recipients if the User requests it.

Right to Data Portability

The User has the right to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used, and machine-readable format, and has the right to transmit those data to another controller. If the User requests, the Data Controller will export the processed data in PDF and/or CSV format.

Right to Object

The User may object to the processing of their personal data if the data processing is:
● necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
● necessary for the purposes of the legitimate interests pursued by the Data Controller or a third party;
● based on profiling.

If the User objects to processing, the Data Controller shall no longer process the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the User, or for the establishment, exercise, or defense of legal claims.

If personal data are processed for direct marketing purposes, including profiling related to such direct marketing, the User has the right to object at any time to processing of personal data concerning them for such marketing. If the User objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

 

Data Controller’s Actions in Relation to the User’s Request

The Data Controller shall inform the User without undue delay, but at the latest within one month from the receipt of the request, about the actions taken in response to requests for access, rectification, deletion, restriction, objection, and data portability. If necessary, considering the complexity of the request and the number of requests, this deadline may be extended by a further two months. The Data Controller shall inform the User of any such extension within one month of receipt of the request, along with the reasons for the delay. If the User has submitted the request electronically, the information shall be provided electronically, if possible, unless the User requests otherwise.

If the Data Controller does not take action based on the User’s request, the Data Controller shall inform the User without delay, but at the latest within one month of receiving the request, of the reasons for not taking action and of the possibility for the User to lodge a complaint with a supervisory authority and seek judicial remedy.

Upon the User’s request, information, notifications, and actions taken based on the request shall be provided free of charge. If the User’s request is manifestly unfounded or excessive, particularly due to its repetitive nature, the Data Controller may charge a reasonable fee, considering the administrative costs of providing the requested information or notification or taking the requested action, or refuse to act on the request. The burden of proving the manifestly unfounded or excessive nature of the request lies with the Data Controller.

 

  1. Data Security

The Data Controller commits to ensuring the security of data and will take the necessary technical and organizational measures and develop procedural rules to ensure that the data collected, stored, and processed are protected, and to prevent their destruction, unauthorized use, and unauthorized alteration. The Data Controller also commits to requiring any third party to whom it transmits or transfers data based on User consent to comply with data security requirements.

The Data Controller ensures that unauthorized persons cannot access, disclose, transmit, modify, or delete the processed data. Only the Data Controller, its employees, and the Data Processors engaged by it are authorized to access the data, and the Data Controller will not transfer the data to any third party not entitled to access the data. The Data Controller will take all reasonable measures to prevent accidental damage or destruction of data.

The Data Controller imposes the above obligations on all employees involved in the data processing activities.

The User acknowledges and accepts that by providing personal data on the Website, despite the Data Controller’s use of advanced security tools to prevent unauthorized access to or unauthorized retrieval of data, the complete protection of data on the Internet cannot be guaranteed. In the event of unauthorized access or data acquisition despite our efforts, the Data Controller is not liable for such data acquisition, unauthorized access, or any damage that may occur to the User for these reasons.

Furthermore, the User may provide personal data to third parties who may use it for unlawful purposes or in unlawful ways.

 

  1. Handling and Reporting of Data Protection Incidents

A data protection incident is defined as any event involving the illegal handling or processing of personal data managed, transmitted, stored, or processed by the Data Controller. This includes, but is not limited to, unauthorized or accidental access, alteration, disclosure, deletion, loss, destruction, or accidental damage of personal data.

Reporting to the Authority: The Data Controller must report the data protection incident to the National Authority for Data Protection and Freedom of Information (NAIH) without undue delay and no later than 72 hours after becoming aware of the incident, unless the Data Controller can demonstrate that the incident is unlikely to result in a risk to the rights and freedoms of individuals. If the report cannot be made within 72 hours, the reasons for the delay must be provided, and the required information may be provided in phases without further undue delay. The report to the NAIH must include at least the following information:

  • The nature of the data protection incident, including the number and categories of affected individuals and personal data.
  • The name and contact details of the Data Controller.
  • The likely consequences of the data protection incident.
  • The measures taken or planned to address, mitigate, or remedy the incident.

Notification to Affected Individuals: The Data Controller must inform the affected individuals of the data protection incident within 72 hours of detecting it, via the Data Controller’s website. The notification must include at least the details specified in this section.

Record-Keeping: The Data Controller maintains a record of data protection incidents to monitor the measures taken and inform affected individuals. The record includes:

  • The scope of the affected personal data.
  • The scope and number of affected individuals.
  • The date of the data protection incident.
  • The circumstances and effects of the data protection incident.
  • The measures taken to address the data protection incident.

The records will be kept for 5 years from the date of detection of the data protection incident.

 

  1. Legal Remedies

The Data Controller is committed to ensuring that personal data processing complies with applicable laws. If the User believes that their rights have not been met, they may contact the Data Controller using the contact details provided in section 1.

If the User believes their right to personal data protection has been violated, they may seek legal remedies through the appropriate authorities:

  • National Authority for Data Protection and Freedom of Information (NAIH) (Address: 1055 Budapest, Falk Miksa street 9-11; Email: ugyfelszolgalat@naih.hu; Website: www.naih.hu)
  • Court.

 

  1. Other Provisions

This Privacy Notice is governed by Hungarian law, specifically Act CXII of 2011 on Informational Self-Determination and Freedom of Information, as well as Act CVIII of 2001 on Electronic Commerce and Certain Issues of Information Society Services, and the General Data Protection Regulation (GDPR).

 

September 1, 2024.

GBL Partners Kft. (Data Controller)