Introduction

VÁV UNION KFT. (registered office: 1112 Budapest, Kőérberki út 36., cg: 01-09-074877, tax number: 10506136-2-43, represented by Dániel Varga, Managing Director, hereinafter referred to as the “Service Provider”) hereby submits to the following information.

The primary purpose of this Information Notice is to provide VÁV UNION KFT.’s customers/users with all the necessary information to enable them to make an informed decision about the processing of their personal data.

The Service Provider’s purpose in providing this Privacy Policy is to define the scope of the personal data processed by the Service Provider, the method of data processing, to ensure compliance with the constitutional principles of data protection and the requirements of data security, and to prevent unauthorized access to, alteration of, and unauthorized disclosure or use of the User’s data.

The Service Provider shall treat the personal data received from the Users confidentially and shall take all necessary measures to facilitate secure data management.

The Service Provider is committed to ensuring the protection of personal data.

The processing of personal data is based on the voluntary and duly informed declaration of the users of the contents of the website www.vavunion.hu, which contains the express consent of the users to the use of their personal data provided during the use of the website.

In view of the above, the following information is provided in accordance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation) (27 April 2016).

This Privacy Notice governs the processing of personal data that VÁV UNION KFT has become aware of in the course of its activities.

The Privacy Notice is available on the following page: link

Amendments to this information will enter into force upon publication at the above address

The data controller and contact details:

The name of the service provider is VÁV UNION KFT.
Represented by Dániel Varga, managing director

Headquarters of the service provider (and place of complaint handling):

1112 Budapest, Kőérberki út 36

The contact details of the service provider, the e-mail address regularly used for contacting customers:

vavunion@vavunion.hu

Telephone: +36 1 310 5150

Company registration number:  01-09-074877

Tax number: 10506136-2-43

Name of registering authority: Fővárosi Törvényszék Cégbírósága

Language of the contract: Hungarian

Name, address, e-mail address of the hosting provider:

Flash’4 kft., 1113 Budapest, Bocskai út 77-79, info@flash4.hu

Whistleblower attorney: dr. Nóra Megyesi

Contact: bejelentes.vavunion@filep-ugyved.com

Definitions of terms

‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

‘processing’ means any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

‘controller’ means a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law;

‘processor’ means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of a controller;

‘recipient’ means a natural or legal person, public authority, agency or any other body to whom or with which personal data are disclosed, whether or not a third party. Public authorities which may have access to personal data in the context of an individual investigation in accordance with Union or Member State law are not recipients; the processing of those data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;

‘consent of the data subject’ means a freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she signifies, by a statement or by an act expressing his or her unambiguous consent, that he or she signifies his or her agreement to the processing of personal data relating to him or her;

‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed.

Principles governing the processing of personal data

Personal data:

The processing must be lawful, fair and transparent for the data subject (“lawfulness, fairness and transparency”);

be collected only for specified, explicit and legitimate purposes and not processed in a way incompatible with those purposes; further processing for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes shall not be considered incompatible with the original purposes in accordance with Article 89(1) (‘purpose limitation’);

the processing must be adequate, relevant and limited to what is necessary for the purposes for which it is intended (‘data minimisation’);

be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that personal data which are inaccurate for the purposes for which they are processed are erased or rectified without undue delay (‘accuracy’);

it must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be kept for longer periods only if the personal data will be processed for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1), subject to the implementation of appropriate technical and organisational measures as provided for in this Regulation to safeguard the rights and freedoms of data subjects (‘limited storage’);

processing must be carried out in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage (‘integrity and confidentiality’), by implementing appropriate technical or organisational measures.

The controller is responsible for compliance with the above and must be able to demonstrate such compliance (“accountability”).

Data management

Hosting provider

1. Activity provided by the data processor: Hosting
2. Name and contact details of the data processor:
   Flash’4 kft., 1113 Budapest, Bocskai út 77-79, info@flash4.hu.
3. Fact of processing, scope of data processed: all personal data provided by the data subject.
4. Data subjects: all data subjects using the website.
5. Purpose of the processing: to make the website available and to ensure its proper functioning.
6. Duration of data processing, time limit for erasure of data: until the termination of the agreement between the controller and the hosting provider or until the data subject’s request for erasure to the hosting provider.
7. Legal basis for data processing: the consent of the User, the legal basis for the termination of the data processing or the cancellation of the service provider’s account. Article 5(1), Article 6(1)(a) and Article 13/A(3) of Act CVIII of 2001 on certain aspects of electronic commerce services and information society services.