If you would like to change or withdraw your consent for Flow Dry Technology to access, record and manage your profile, please send an email to firstname.lastname@example.org.
1. IntroductionThe Data Controller (“Controller”) respects your rights relating to personality, and therefore has prepared this Notice, which is also available on the Controller’s official website.
1.1 Personal scope of the NoticeThis Privacy Notice applies to all natural persons whose data are processed by the Controller, except for any processing that is related to employment.
1.2 Material scope of the NoticeThis Privacy Notice covers the majority of the Controller’s processing activities. However, the Controller reserves the right to issue separate privacy notices in special cases, concerning a smaller number of data subjects.
2. the Controller’s detailsController: Flow Dry Kft registered office: 2900 Komárom, Lovarda tér 4. company registration number: 11-09-009671 represented by: Rahul Deshmukh tax number: 13150583-2-11 the privacy contact person is available at: email@example.com
3. Laws and principles
3.1 The Controller is subject to the following laws in relation to processing
- GDPR (General Data Protection Regulation) - REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC
- Privacy Act - Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information, and the laws adopted for its implementation
- Act CVIII of 2001 on Certain Issues of Electronic Commerce Activities and Information Society Services;
- Act V of 2013 on the Civil Code of Hungary;
- Act CL of 2017 on the Rules of Taxation, and the laws adopted for its implementation;
- Act C of 2000 on Accounting, and the laws adopted for its implementation;
- Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities;
- Act CXXXIII of 2005 on Security Services and the Activities of Private Investigators.
- Section 155 of Act C of 2003 on Electronic Communications
- DIRECTIVE 2002/58/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (“Directive on privacy and electronic communications”)
3.2 The Controller shall comply with the following principles in relation to data processing
- The Controller will only process personal data for the purposes and duration defined herein. The Controller will only process personal data that is indispensable for the purpose of data management and is suitable for attaining that purpose.
- The personal data obtained by the Controller in the course of processing may only become known to those persons engaged or employed by the Controller whose task is related to the processing in question.
4. definitions“personal data”: Any information relating to a natural person (“data subject”) (e.g. name, number, location data, online identifier, one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person); “sensitive data”: These include personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation; “data concerning health”: means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveals information about his or her health status; “data subject”: an identifiable natural person to whom the given personal data relates. (Such as: a website visitor, a person subscribing to newsletter, a person applying for an advertised job) “processing”: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; “controller”: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; “data process”: shall mean performing technical tasks in connection with data processing operations; “processor”: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller (for the controller, according to the controller’s instructions and under the controller’s decisions); “profiling”: means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements; “third party”: means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data; “consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
5. processing activities
5.1 Visiting the website
5.1.1 Automatically recorded dataIf you visit our website, certain data about your devices (e.g. laptop, PC, phone, tablet) will be automatically recorded. Such data include the IP address, the date and time of the visit, the pages visited, the website where you came from, the type of the browser used, the type of the operating system, and the name and address of the internet service provider. During the visit, the web server for the website automatically logs the data to be recorded, without any separate declaration or act on your part. The system automatically generates statistical data from this data. We use this information solely in aggregate and processed form, in order to correct any errors in our services, to improve their quality, and for statistical purposes.
The purpose of processing: To control the operation of the service and to prepare statistics. In the case of abuse, the data can also be used – in cooperation with the visitors’ internet provider and the authorities – to find out the source of the abuse.
Legal ground for the processing: Section 13/A (3) of Act CVIII of 2001 on Certain Issues of Electronic Commerce Activities and Information Society Services.
Duration of processing: 60 days from visiting the website.
5.1.2 Cookies and similar technologiesWhat are cookies?
How can I enable or disable cookies?
Most online browsers accept cookies automatically, but visitors can delete or reject them. As each browser is different, you can set your preferences individually, using the browser’s toolkit. If you do not want to enable any cookies from our website, you can change your web browser’s settings so that you receive notifications of the cookies sent, or you can simply reject all cookies. You can also delete the cookies stored on your computer or mobile device at any time. For more information regarding the relevant settings, check your browser’s Help menu. Please note that should you decide to disable cookies, some functions of the website may become unavailable to you.
Legal ground for the processing: Your consent
The purposes of the processing:
- To improve user experience by storing personal settings
- During your visit, the system identifies you as an individual user with the help of normal cookies to remember your language settings and login status.
- Anonymous statistical log
- During each of your visits, the website’s analytical software stores anonymous, normal cookies that enable us to find out how many people visited the website, and which contents and information they were interested in. We store all analytical information without names (or other personal data) and use it for our technical or marketing purposes. This lets us know e.g. how many visitors the website has a month. However, we do not know our visitors’ names. We use the analytical tools of the following service providers for the above described purpose, along with the related cookies:
- “Google Analytics”: You can reach the service provider’s privacy principles and policy by clicking on the following link:
- “Mixpanel”: You can reach the service provider’s privacy principles and policy by clicking on the following link:
- “Hotjar”: You can reach the service provider’s privacy principles and policy by clicking on the following link:
- “Hubspot”: You can reach the service provider’s privacy principles and policy by clicking on the following link:
Duration of processing:
There are two types of cookies: session cookies and persistent cookies. Both types are stored in the browser until they are deleted by the user.
- Session cookies are only stored on the computer, notebook or mobile device temporarily, until you leave the given website. These cookies help the system remember certain information so that you do not have to provide or complete it again. The validity of session cookies is limited to the user’s current session, and they aim to prevent data loss (such as during the completion of a longer form). Upon finishing the session or closing the browser, this type of cookie is automatically deleted from the visitor’s computer.
- Persistent cookies are stored on the computer, notebook or mobile device even after leaving the website. These cookies help the website recognise you as a recurring visitor. Persistent cookies are suitable to identify you through the server side ID – user matching, and therefore they are necessary for proper operations in each case where the user’s identification is indispensable (such as in a web store, internet bank or for webmail). Persistent cookies themselves do not contain personal data and are only suitable to identify the user if linked to data stored in the server database. The risk inherent in these cookies lies in that they actually identify the browser and not the user. Thus, if someone logs in to a web store at a public place (e.g. in a net café or library) and fails to log out upon leaving, someone else may access this same web store in the original user’s name in an unauthorised way later if they use the same computer.
5.1.3 Social network cookiesYou may also find social network functionalities on our website in certain cases. The operational methodologies associated with these functions enable them to read cookies and, in certain cases, to place the social network cookies on your device. These cookies may enable the sending of personalised advertisements. We, as the Controller, do not have access to these cookies nor to the data they collect, but we would like to inform you about these elements and ask for your permission to use them. Accordingly, social network cookies from the following service providers may appear on the website:
- Facebook - You can reach the service provider’s privacy principles and policy by clicking on the following link:
5.1.4 References and linksOur website may contain links which are not operated by the Controller and that are only provided to visitors for information purposes. The Controller has no influence on the content or security of the websites operated by the partner companies, and so we do not assume liability for the same. Please read the privacy notices on the visited websites before providing your data in any form on the site(s) in question.
5.2 FacebookYou can find us on Facebook as Flow Dry Technology Inc. Facebooks user can subscribe to our news feed on the Flow Dry Technology Inc. page by clicking on the “like” button on the page, and can unsubscribe by clicking on the “dislike” button on this same page, and can delete any unwanted news appearing on the wall by using the wall’s settings.
Legal ground for the processing: Your consent.
The purpose of processing: To inform you about current information, products, our news, as well as to send awareness raising articles and materials.
Duration of processing: Our news will only appear in your news feed if you want it to.
To find information about Facebook’s processing practices, please visit Facebook’s privacy and data policy at https://www.facebook.com/about/privacy/update.
5.3 ContactYou may contact us through any of our contact points (via website form, email, Facebook, phone, post or in person). In such a case, we assume that you have given your consent to process the personal data you have shared with us.
The purpose of processing: to keep contact with the inquiring person, and to answer their question(s) and/or fulfil their request(s).
Legal ground for the processing: your consent
The categories of personal data processed: name, email address, phone number
Duration of processing: We delete any messages and personal data received after responding to any question, request or complaint. However, if necessary for reasons of taxation or accounting, or to protect the Controller’s or the inquirer’s rights or interests, they may be archived and stored for the necessary duration (which is decided individually in each case).
5.4 Sending newsletters or advertising materialsDescription of processing: When authorized by you, we provide information about our products and services to you as a potential customer by sending ad hoc newsletters or advertising materials.
The purpose of processing: to carry out marketing activity to inform you
Legal ground for the processing:
- Consent (legal basis: Article 6(1)(a) of the GDPR) if you have given your consent to us to send you newsletters or other marketing information. Please note that you can withdraw your consent any time. OR
- Legitimate interest (the legitimate interest of the Controller, Article 6(1)(f) of the GDPR), if we have previously obtained your data in a lawful manner (e.g. you have already purchased something from us). In this case, we shall inform you about the new purpose for the processing (marketing activity) and the legal basis for it when we first contact you. Please note that you can object to such processing any time, in which case we will discontinue the processing.
Duration of processing:
- If the legal basis is consent: the data are processed until you withdraw your consent
- If the legal basis is legitimate interest: the data are processed until you object to the processing
5.5 Workforce recruitmentDescription of data processing: Data processing applies to potential new employees for as long as the selection process lasts. Upon completion of the selection process, this data processing objective ends. Data of the applicants not hired will be erased from our systems unless you – either on your own initiative or at our request – give your consent to the continued processing of your personal data in the hopes of the later conclusion of an employment contract.
The purpose of processing: selection and hiring of new employees
Legal ground for the processing:
- Your voluntary consent given by conduct. Consent given by conduct includes that you have applied to a job advertisement and/or have sent your CV. Please note that you can withdraw your consent at any time, in which case the hiring process will discontinue, we will stop processing your data and delete it.
- Legitimate interest, if we have received your data from a recruitment agency (the legitimate interest of the Controller, Article 6(1)(f) of the GDPR). Please note that you can object to such processing at any time, in which case the hiring process will discontinue, we will stop processing your data and will delete it.
Duration of processing:
- 1. If the legal basis is consent: the data is processed until you withdraw your consent or the purpose for the processing ceases to exist (e.g. the selection process is closed, the defined duration of processing expired) – whichever occurs first.
- 2. If the legal basis is legitimate interest: the data is processed until you notify us of your objection to processing or the purpose of processing ceases to exist (e.g. the selection process is closed, the defined duration of processing expired) – whichever occurs first.
5.6 Participants in the implementation of contracts between legal entitiesDescription of processing: in the course of the performance of contracts concluded between the Controller and other legal entities it is usually necessary to process the personal data of the contracting party’s (company, other organisation) employees, agents or subcontractors with a view to perform the contract. Personal data is provided to us by your employer (principal) or we obtain them from you directly.
The purpose of processing: keeping contact with a view to perform the contract between the legal entities, and, in the case of activities performed at the Controller, the protection of the controller’s interests in security.
Legal ground for the processing:
- 2. Your consent, if we (the Controller) obtain the personal data from you directly. Please note that you can withdraw your consent at any time, in which case we will stop processing and or managing your data and will erase it. Please also note that in such a case all further communication or performance of work will become impossible.
- 3. Legitimate interest, if we have received your data from your employer or principal (the legitimate interest of the Controller, Article 6(1)(f) of the GDPR). Please note that you can object to such processing at any time, in which case we will consult your employer (principal) and will decide to accept of reject the objection on the basis thereof. In the case of rejection you can exercise the remedies available to you, see: section 6.9.
- 1. If the legal basis is consent: the data is processed until you withdraw your consent or the purpose of processing ceases to exist (the contract has been performed).
- 2. If the legal basis is legitimate interest: the data is processed until you notify us of your objection to processing and that is accepted by the controller, or the purpose of processing ceases to exist (the contract has been performed).
5.7 Video surveillanceAt certain sites, the Controller operates video surveillance systems to ensure the security of persons and property. Video surveillance is indicated at the site by a pictogram and a warning. You can find further information about data processing in relation to video surveillance on-site at the given location.
5.8 Visitors recordsAt certain sites, the Controller records the data of visitors to ensure the security of persons and property. You can find further information about data processing in relation to visitors’ records on-site at the given location.
5.9 Automated decision-making and profilingThe Controller does not perform automated decision-making and/or profiling.
6. Your rightsYou have the following rights, as detailed below, in relation to the processing of your data. If you wish to exercise your rights, please contact us through one of the following channels: address: Flow Dry Kft, 2900 Komárom, Lovarda tér 4. email address: firstname.lastname@example.org Identification Before fulfilling your request, we have to identify you for each case. If we cannot identify you, unfortunately we cannot fulfil your request. Answering the request After identifying you, we will provide information in relation to your request in writing, electronically or, if you so request, verbally. Please note that if you have submitted your request electronically, we will answer it electronically. Of course, you have the opportunity to request another method in this case. Deadline for administration We will inform you about the measures taken pursuant to your request within 1 (one) month of our receipt of the request. That period may be extended by 2 (two) further months where necessary, taking into account the complexity and number of the requests, of which we will inform you within the original one-month deadline. We shall also inform you about any failure to take measures within the one-month deadline for administration. In such a case, you may file a complaint with NAIH (Hungarian National Authority for Data Protection and Freedom of Information) and may seek remedy from the court. The fee for administration The information and action requested is free of charge. Exemptions may be made when requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character. In such a case, we may charge a fee or deny the fulfilment of the request.
6.1 You may withdraw your consentWhere processing is based on your consent, you have the right to withdraw your consent at any time (Article 7 of GDPR). In such a case, we will erase your personal data in relation to the given processing without undue delay after receipt of the corresponding notification.
6.2 You may request information (access)You have the right to obtain information as to whether or not personal data concerning you are being processed (Article 15 of the GDPR), and if so:
- What is the purpose thereof?
- Exactly what data is being processed?
- Who are the recipients to whom these are transferred?
- For how long is this data stored?
- What rights and remedies do you have in this connection?
- From what source did we obtain your data?
- Do we perform automated decision-making concerning you, using your personal data? In such cases, you may also request information about the logic (method) involved, as well as the significance and the envisaged consequences of such processing.
- If you have found that your personal data is transferred to an international organisation or to a third country (a non-EU Member State), you shall have the right to be informed of the appropriate safeguards relating to the processing.
- You may request a copy of your personal data undergoing processing. (For any further copies requested by you, we may charge a fee based on administrative costs.)
6.3 You may request rectificationYou may request that we rectify or complete any inaccurate or incomplete personal data concerning you (Article 16 of the GDPR).
6.4 You may request the erasure of your personal dataYou may request the erasure of personal data concerning you (Article 17 of the GDPR) if:
- The personal data is no longer necessary in relation to the purposes for which we processed them;
- Processing is based solely on your consent;
- It is found that we have processed the personal data unlawfully; and/or
- EU or national law so requires;
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by the Union or a Member State’s law to which the controller is subject;
- for reasons of public interest in the area of public health;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in as much as the erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defence of legal claims.
6.5 You may request the restriction of processingYou may request the restriction of processing (Article 18 of the GDPR) where one of the following applies:
- You contest the accuracy of the personal data; in such a case, restriction applies for a period enabling us to verify the accuracy of the personal data;
- The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
- We no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims;
- You have objected to processing; in such a case, restriction applies pending the verification whether the legitimate grounds of the Controller to process the data override your request.
6.6 You have the right to receive your personal data (right to data portability)You have the right to receive the personal data processed by us concerning you (Article 20 of the GDPR) in a machine-readable format, and have the right to transmit (or make us transmit) those data to another controller where the processing is based exclusively on your consent or on a contract concluded with you or in your interest and is carried out by automated means. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller. It shall be without prejudice to the right to erasure, and shall not adversely affect the rights and liberties of others.
6.7 You may object to the processing of your personal dataYou may object to the processing of your personal data (Article 21 of the GDPR) where:
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, including profiling based on these grounds;
- Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on this ground;
- The personal data is processed for direct marketing purposes (you may also object to profiling in this respect); In such a case we shall erase the personal data
- The personal data is processed for scientific or historical research purposes or statistical purposes. In such a case, we shall erase the personal data unless the processing is necessary for the performance of a task carried out for reasons of public interest.
6.8 Rights related to automated decision-making, including profilingYou have the right not to be subject to a decision based solely on automated processing, including profiling (Article 22 of the GDPR), which produces legal effects concerning you or similarly significantly affects you. The above shall not apply if the decision:
- is necessary for entering into, or the performance of, a contract (to be) concluded with you;
- is authorised by a Union or Member State law that also lays down suitable measures to safeguard your rights, liberties and legitimate interests;
- is based on your explicit consent.
6.9 Legal remedies
6.9.1 You may file a complaint with NAIHIf you consider that the processing of the personal data concerning you is contrary to the provisions of the Data Protection Regulation, you shall have the right to file a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH).
President: dr. Attila Péterfalvi
mailing address: 1534 Budapest, Pf.: 834
address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
email address: email@example.com
6.9.2 You may have recourse to a courtIf you consider that the processing of the personal data concerning you is contrary to the provisions of the Data Protection Regulation, and therefore your rights specified in the Data Protection Regulation have been violated, you shall have the right to pursue recourse to court. The action shall be heard by the competent regional court. If so requested by the data subject, the action may be brought before the regional court in whose jurisdiction the data subject’s home address or temporary residence is located. Any person otherwise lacking legal capacity to be a party to legal proceedings may also be involved in such actions. The Authority may intervene to assist the data subject in being the successful party in the action. The court procedure shall be governed by Title XII of Part Three in Book Two (Sections 2:51 - 2:54) of Act V of 2013 on the Civil Code of Hungary as well as the other legal provisions applicable to court procedures, in addition to the provisions of the Data Protection Regulation.
6.9.3 Compensation and restitutionIf the Controller causes damage as a result of unlawful processing of the data subject’s data or violates the data subject’s rights relating to personal privacy, the Controller shall be liable to pay restitution. The Controller shall be released from liability for damages and from paying restitution if it demonstrates that the damage or the violation of the data subject’s rights relating to personality were brought about by reasons beyond its data processing activity.
7. Security of personal dataTaking into account the state of the art, the costs of implementation and the nature of processing as well as the risk for the rights and liberties of natural persons, we will do our best to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. We shall always process the personal data confidentially, with restricted access, encryption, maximum possible resilience, and by ensuring that they can be recovered in case of problems. We regularly test our system to guarantee security. In assessing the appropriate level of security, we take account of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. We do everything to ensure that any person acting under our authority who has access to personal data does not process them except on our instructions, unless they are required to do so by Union or Member State law.
8. ProcessorsWe use the following processors to carry out data processing:
|Activity||Name / Company name||Registered office|
|Website operator||Flow Dry Technology Ltd.||379 Albert Rd. Brookville, Ohio|
|Company providing accounting and payroll services||BÁZIS KÖNYVELŐ IRODA KFT||2900 KOMÁROM, LAKTANYA KÖZ 30/A|
|Couriers||Couriers||Address of couriers|