Information
Privacy Policy
INFORMATION
about the general handling of natural persons’ data by the contractor,
and about the rights of the person concerned
(Effective from 20.11.2021)
INTRODUCTION
Kalandpart LTD (registered office: 1194 Budapest, Kiss János altábornagy u 32; corporate registration number: 01-09-297281; tax number: 12543386-2-43; hereinafter: the “Company”) intends to ensure the implementation of the General Data Protection Legislation (further referred to as GDPR) and the Law of 2011 CXII, 2011 on information self-determination and freedom of information (hereinafter: “Information Act”).by creating this Information brochure.
With this information, the Contractor fulfills its legal obligation, which is available at the registered office / site of the Data Controller.
CHAPTER 1.
NAME OF DATA CONTROLLER
Name of data controller: Kalandpart Ltd.
(hereinafter: Data Controller / Contractor)
Headquarter: 1194 Budapest, Kiss János altábornagy u 32.
Location: 3386 Sarud Kossuth u 2 (Sulyom Landscape Restaurant)
Tax number: 12543386-2-43
Data Protection Officer: The Contractor is not required to apply for a DPO
CHAPTER 2.
DATA PROCESSORS
A data processor is a natural or legal person, public authority, agency or any other body that processes personal data on behalf of the Data Controller. The use of a data processor does not require the prior consent of the data subject, but requires his or her information on this.
The names of data processors are contained in Chapter I of the Contractor's Privacy Policy. Currently, the Contractor employs a data processor for accounting / taxation / payroll accounting and web hosting services, who - up to the content of the existing contract - handle the personal data necessary for the provision of the service on their own computer equipment.
CHAPTER 3.
INFORMATION ON CERTAIN DATA PROCESSES
According to the main data management activities of the data controller, the data management purposes are presented below:
The data controller performs the following main data processing in connection with his / her membership, employment and employees.
· Labor and personnel records
· Data management related to employee aptitude tests
· Data management related to the control of assets provided by the employer
· Data management relating to the registration of accidents at work-related diseases
· Data management related to camera surveillance systems at the workplace
· Managing members’ and owner’s information
The data controller performs the following main data processing in connection with its existing civil law contracts and its contractual partners, as well as other services without a contract.
· Customer data: management and registration of the data of contracted partners and contacts
· Data management for certain separate (non-contractual) services.
The data controller performs the following main data processing in order to fulfill its legal obligation.
· Data management for tax and accounting purposes
· Payer data management
· Data management related to the maintenance of road registers
· Data management for records of permanent value according to the Archives Act
CHAPTER 4.
In-house camera surveillance data management
4.1.The Contractor shall use an electronic surveillance system in the area, premises (eg restaurant, shop) used for the activity for the protection of human life, physical integrity, personal liberty, protection of dangerous substances and protection of property, which also allows direct observation / recording and storage. Based on this, anyone’s personal behavior, that is recorded by the camera, can also be considered as personal data. The data controller shall not use camera surveillance in an area or room where the surveillance may violate human dignity. The Contractor shall operate the camera system himself.
He places a clearly visible warning sign (figure, pictogram) and written information on the fact that cameras have been used in a given area,
Legal basis for data processing for these purposes: Enforcing the legitimate interests of the contractor. The location of the cameras is shown in the table below:
Cam. Place of cam. Observed area The purpose of the placement
1. Protection of property, protection of human life, physical integrity, trade secrets
2. Protection of property, protection of human life, physical integrity, trade secrets
3. Protection of property, protection of human life, physical integrity, trade secrets
4. Protection of property, protection of human life, physical integrity, trade secrets
5. Protection of property, protection of human life, physical integrity, trade secrets
6. Protection of property, protection of human life, physical integrity, trade secrets
7. Protection of property, protection of human life, physical integrity, trade secrets
4.2. Informing visitors, customers and guests
In the public part of the private area, images of third parties (customers, visitors, guests) entering the monitored area can be taken and managed with their consent. Consent shall be deemed to be granted. Indicative behavior is in particular, if the natural person enters the area in spite of the fact that there are warning signs (Figures, pictograms, etc.) about the fact of cameras being in use. The cameras also record your behavior in the area / lanes monitored by the camera.
The purpose of this data management is described in Section 4.1. is based on the voluntary consent of the data subject.
4.3. Storing time of camera recordings
Recorded images can be stored for a maximum of 30 (thirty) business days when not in use. Use is considered to be the use of the recorded image and other personal data as evidence in court or other official proceedings.
4.4. Location for storing camera recordings
Electronic storage equipment operated at the headquarters of the data controller.
The Contractor and the member / employee authorized by him / her are entitled to view the recording in addition to those authorized by law for the purpose of detecting violations and verifying the operation of the system.
Data security measures
· The monitor for viewing / reviewing images must be positioned so that the monitor image cannot be seen by anyone other than the authorized person.
· Surveillance and retrieval of stored images may only be carried out for the purpose of detecting infringements and initiating measures to eliminate them.
· Camera images cannot be recorded on a device other than the central recording unit.
· The camera storage device should be stored in a safe place, preferably in an enclosed space.
· Access to stored images can only be done in a secure way, so that the person who is handling the data can be identified (login with user name, unique password, creation of access authorization levels).
· Reviewing and saving created images should be documented.
· Access to stored images shall be terminated immediately if the reason for entitlement ceases.
· The recordings are stored in a separate storage location on the recorder and are not backed up separately.
· Upon detection of an offense, the recording of the offense shall be stored, and the necessary official proceedings shall be initiated immediately, at the same time informing the authority that an image of the offense has been taken.
4.7. Information on the rights of the person concerned and enforcement of rights
A person whose right or legitimate interest is affected by the recording of the data of the image recording may request that the Data Controller does not destroy or delete it – this can be requested within three
working days from the recording of the image. The rights of the data subject are described in detail in chapter 7 of this document.
CHAPTER 5.
DATA PROCESSING ON THE CONTRACTOR 'S WEBSITE
The rules of this chapter shall apply to data processing on the Data Controller's website. The data controller and the operator of the website / hosting on its behalf ensure that the data management on the website also complies with these rules.
Concepts:
Visitor: the natural person who accesses the website without registration.
User: the natural person who registers on the website, provides his / her personal data and uses the services of the website.
· Visitor data management - information on the use of cookies
The visitor to the website must be informed about the use of cookies on the website and consent must be sought. Depending on the type of cookie, the range of data affected by cookies during the visit may include the IP address used by the visitor, the type of browser, the characteristics of the operating system of the device used to browse (eg language set), the time of the visit, the page visited , feature or service, action, click.
The purpose of data management is to ensure the functional operation and use of the website, to ensure the access to the website services, to increase the efficiency of the service, to increase the user experience, to make the website more convenient, to analyze the website, to place and display advertisements.
The legal basis for data processing is the voluntary consent of the data subject - the visitor - which he/she can give or reject by marking “I accept” in the cookie bar on the website. The selection is made by clicking on "I accept" and saving the selection. By saving, we store his/her selection and ensure that the user uses the website accordingly. Please note that if one refuses to use cookies, some features of this site may not work correctly. The data management information can be accessed via a link to the "More" button.
As of 13 / A. § (3) of 2001 CVIII on certain issues in electronic commerce services and information society services (E-Commerce Act), the website provider may process the personal data that are technically essential for the provision of the service in order to provide the service. If the other conditions are the same, the service provider must choose and in all cases operate the means used in the provision of the information society service in such a way that the processing of personal data takes place only when absolutely necessary for the provision of the service and other statutory purposes. , however, even in this case only to the extent and for the time necessary.
Recipients of data: Data controller and its employees, data processing staff of the IT service provider, in the case of third-party cookies, also the third party.
Duration of data storage: according to the browser's cookie settings.
Further information on cookies
A cookie is a piece of data that a website one visits sends to a browser running on a visitor's device (computer, tablet, mobile, etc.) so that it can store and later load the content from the same website. Cookies can have limited validity (e.g: until the browser is closed), or they can be valid without an ending. It is not the user who is identified by cookies, but the device or browser used by him. However, through this, also the person can be identified. The user is not always aware of this, but he can be followed by the website operator or another (third party) service provider whose content is embedded in the site (eg Facebook, Google Analytics), thereby a profile is created about him, in which case the content of the cookie is considered personal data.
The types of cookies are usually distinguished according to their performed functions, or the purpose of their use, there is no uniform terminology for this, and there may be overlaps between the listed groups.
1. Technically essential cookies. These are also called session cookies or functional cookies. Without them, the site would simply not function properly. They provide the minimum conditions necessary for the website to work. These are needed to identify the user, e.g. to manage whether they signed in, what they put in the cart, etc. This is typically the storage of a session-id, the rest of the data is stored on the server, making it more secure. Other terminology calls a session cookie any cookie that is deleted when you exit the browser (a session is a use of the browser from start to close). The duration of the processing of these cookies only applies to the current visit of user, this type of cookies is automatically deleted from your computer when the session is closed or the browser is closed.
2. Useful Cookies: These are also called in several ways: analytical, analytical page development or statistics cookies. These cookies remember the user's choices, such as how the user wants to see the page. These types of cookies essentially represent the configuration data stored in the cookie.
3. Advertising and social media cookies. These are also called performance cookies, experience cookies, marketing cookies. They do not have much to do with “performance”, they are usually called cookies that collect information about the user's behavior, time spent, clicks on the website they are visiting. They are also related to social media. These are typically third party applications (e.g. Google Analytics, AdWords, Facebook Like Box or Yandex.ru cookies). These are suitable for profiling a visitor. In the case of such cookies, data may also be transferred to a third country - acceptance of the use of cookies also means the user's consent to the transfer of data to the third country.
· Learn more about Google Analytics cookies here: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
· Learn more about Google AdWords cookies here: https://support.google.com/adwords/answer/2407785?hl=en_US
· Learn more about Facebook cookies here https://www.2343ec78a04c6ea9d80806345d31fd78-gdprlock/policies/cookies/
Acceptance and authorization of the use of cookies is not mandatory. You can reset your browser to reject all cookies or to indicate when a cookie is being sent. Although most browsers automatically accept cookies by default, they can usually be changed to prevent them from being accepted automatically and to offer you a choice each time.
You can find information about the cookie settings of the most popular browsers at the links below · Google Chrome: https://support.google.com/accounts/answer/61416?hl=en_US · Firefox:https://support.mozilla.org/en/kb/sutik-engedelyezese-es-tiltasa-amit-weboldak-haszn · Microsoft Internet Explorer 11: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11 · Microsoft Internet Explorer 10: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-10-win-7 · Microsoft Internet Explorer 9: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-9 · Microsoft Internet Explorer 8: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-8 · Microsoft Edge: http://windows.microsoft.com/en-us/windows-10/edge-privacy-faq · Safari: https://support.apple.com/en-us/HT201265
Each website uses cookies with different intensities, it is possible that a website does not use it because it is not necessary for its operation or uses it only minimally.
· Data management related to registration on the website and to newsletter service
The website does not have a registration or newsletter service or features with the same content.
· Data management related to the Contact menu item of the website
People concerned: visitors of the website who send a message using the Contact menu item.
Managed data: name, e-mail address, as well as other unsolicited data provided by the user in the message, which can be additional personal data e.g. phone number.
The purpose of data management: to ensure that the visitor contacts the Data Controller, to perform customer service (asking for information or an offer), to handle complaints, to provide information on the operation of the website, to analyze the website.
Legal basis for data processing: the data subject's consent, which is given by reading the data management information, voluntarily providing his / her data and checking the box in front of his / her data management statement and sending the message. It is forbidden to check the box in advance. Before sending a message, the data management information must be made available via a link.
The recipients of the data who may have access to this data are: Data Management Employees, the data processor providing the web hosting.
Duration of data storage: 360 days after the first contact with user.
CHAPTER 6.
DATA SECURITY MEASURES
The Data Controller has taken the technical and organizational measures and established the procedural rules necessary for the enforcement of the Decree and the Information Act in order to ensure the security of personal data with regard to all its purposes and legal basis. The controller shall take appropriate measures to protect the data against accidental or unlawful destruction, loss, alteration, damage, unauthorized disclosure or unauthorized access.
CHAPTER 7.
INFORMATION ON THE RIGHTS OF THE PERSON CONCERNED
Summary of the rights of the data subject
1. Facilitate transparent information, communication and the exercise of the data subject's rights
2. Right to prior information - if personal data is collected from the data subject
3. Informing the data subject and the information to be provided if the personal data have not been obtained from him / her by the Data Controller
4. Right of access of the data subject
5. Right to rectification
6. Right of cancellation ("right to be forgotten")
7. Right to restrict data processing
8. Obligation to notify the rectification or erasure of personal data or the restriction of data processing
9. Right to data portability
10. Right to protest
11. Automated decision making in individual cases, including profiling
12. Restrictions
13. Inform the data subject about the data protection incident
14. Right to complain to a supervisory authority (right to an official remedy)
15. Right to an effective judicial remedy against a supervisory authority
16. Right to an effective judicial remedy against the controller
The rights of the data subject in detail and in full:
1. Facilitate transparent information, communication and the exercise of the data subject's rights
1.1.The controller shall provide the data subject with all information relating to the processing of personal data and all such information in a concise, transparent, comprehensible and easily accessible form, in a clear and comprehensible manner, in particular for any information addressed to children. The information shall be provided in writing or by other means, including, where appropriate, by electronic means. Oral information may be provided at the request of the data subject, provided that the identity of the data subject has been otherwise established.
1.2. The controller must facilitate the exercise of the data subject's rights.
1.3.The controller shall, without undue delay and in any case within one month of receipt of the request, inform the data subject of the action taken on his / her request to exercise his / her rights. This period may be extended by a further two months under the conditions laid down in the Regulation. which the data subject must be informed of.
1.4. If the Data Controller fails to take action on the data subject's request, it shall inform the data subject without delay, but no later than one month after receipt of the request, of the reasons for the non-action and of the data subject's right to appeal to a supervisory authority.
1.5. The data controller shall provide the information and information and action on the rights of the data subject free of charge, however, a fee may be charged in the cases provided for in the Regulation.
2. Right to prior information - if personal data is collected from the data subject
2.1.The data subject shall have the right to be informed of the facts and information relating to the processing prior to the commencement of the processing. In this context, the data subject shall be informed:
· the identity and contact details of the controller and his representative,
· the contact details of the Data Protection Officer (if any),
· the purpose of the intended processing of personal data and the legal basis for the processing,
· in the case of data processing based on the enforcement of a legitimate interest, the legitimate interests of the Data Controller or a third party,
· the recipients of the personal data to whom the personal data are disclosed and the categories of recipients (if any);
· where applicable, the fact that the Data Controller intends to transfer the personal data to a third country or to an international organization.
2.2. In order to ensure fair and transparent data management, the Data Controller shall provide the data subject with the following additional information:
· the period for which the personal data will be stored or, if that is not possible, the criteria for determining that period;
· the right of the data subject to request from the Data Controller access to, rectification, erasure or restriction of the processing of personal data concerning him or her and to object to the processing of such personal data and the right of the data subject to data portability;
· in the case of data processing based on the consent of the data subject, that the right to withdraw the consent at any time does not affect the lawfulness of the data processing carried out on the basis of the consent prior to the withdrawal;
· the right to lodge a complaint with the supervisory authority;
· whether the provision of personal data is based on a law or a contractual obligation or a precondition for concluding a contract, and whether the data subject is obliged to provide the personal data, as well as the possible consequences of not providing the data;
· The fact of automated decision-making, including profiling, and at least the logic used in these cases, and understandable information on the significance of such data processing and the expected consequences for the data subject.
2.3. If the Data Controller wishes to carry out further data processing on personal data for a purpose other than the purpose for which they were collected, it must inform the data subject of this different purpose and any relevant additional information prior to the further data processing.
3. Informing the data subject and the information to be provided if the personal data have not been obtained from him or her by the controller
3.1.If the Data Controller has not obtained the personal data from the data subject, the data subject shall be provided to the Data Controller no later than within one month from the receipt of the personal data; if the personal data are used for the purpose of contacting the data subject, at least at the time of the first contact with the data subject; or, if the data are expected to be disclosed to another recipient, at the latest at the time of the first communication of personal data, the facts and information set out in the previous point, the categories of personal data concerned and the source and, where applicable, public access from sources.
3.2. The additional rules are governed by point 2 above (Right to Prior Information).
4. The data subject 's right of access
4.1. The data subject has the right to receive feedback from the Data Controller as to whether the processing of his / her personal data is in progress and, if such data processing is in progress, he / she has the right to access the personal data and related information.
4.2. If personal data are transferred to a third country or to an international organization, the data subject is entitled to be informed of the appropriate guarantees for the transfer under the Regulation.
4.3.The data controller shall provide the data subject with a copy of the personal data which are the subject of the data processing. The Data Controller may charge a reasonable fee based on administrative costs for additional copies requested by the data subject.
5. Right to rectification
5.1. The data subject has the right to have inaccurate personal data concerning him / her rectified at his / her request without undue delay.
5.2. Taking into account the purpose of the data processing, the data subject has the right to request that the incomplete personal data be supplemented, inter alia, by means of a supplementary statement.
6. Right of cancellation ("right to be forgotten")
6.1. The data subject has the right to delete the personal data concerning him / her without undue delay upon his / her request, and the Data Controller is obliged to delete the personal data concerning the data subject without undue delay if
· personal data are no longer required for the purpose for which they were collected or otherwise processed;
· the data subject withdraws his or her consent on which the processing is based and there is no other legal basis for the processing;
· the data subject objects to the processing of the data and there is no overriding legitimate reason for the processing,
· personal data have been processed unlawfully;
· personal data must be deleted in order to comply with a legal obligation under Union or Member State law applicable to the Data Controller;
· personal data were collected in connection with the provision of information society services directly to children.
6.2. The right of cancellation cannot be exercised if data processing is required
· for the purpose of exercising the right to freedom of expression and information;
· to fulfill an obligation under EU or Member State law applicable to the controller (eg to keep the data for 30 years according to the relevant legal requirement) or to perform a task in the public interest or in the exercise of a public authority conferred on the controller;
· on grounds of public interest in the field of public health;
· for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, where the right of erasure would be likely to make such processing impossible or seriously jeopardize; obsession
· to file, enforce or defend legal claims.
7. Right to restrict data processing
7.1. Where data processing is restricted, such personal data may be processed, with the exception of storage, only with the consent of the data subject or for the purpose of bringing, enforcing or protecting legal claims or protecting the rights of another natural or legal person or in the important public interest of the Union or a Member State.
7.2. The data subject has the right to restrict the data processing at the request of the Data Controller if one of the following is met:
· the data subject disputes the accuracy of the personal data, in which case the restriction applies to the period of time that allows the Data Controller to verify the accuracy of the personal data;
· the processing is unlawful and the data subject opposes the deletion of the data and instead requests that their use be restricted;
· the Data Controller no longer needs the personal data for the purpose of data processing, but the data subject requests them in order to submit, enforce or protect legal claims; obsession
· the data subject has objected to the processing; in this case, the restriction shall apply for the period until it is determined whether the legitimate reasons of the Data Controller take precedence over the legitimate reasons of the data subject.
7.3. The data subject shall be informed in advance of the lifting of the restriction on data processing.
8. Obligation to notify the rectification or erasure of personal data or the restriction of data processing
The controller shall inform all recipients to whom or with whom the personal data have been communicated of any rectification, erasure or restriction on the processing of the data, unless this proves impossible or requires a disproportionate effort. Upon request, the Data Controller shall inform the data subject about these recipients.
9. The right to data portability
9.1. Subject to the conditions set out in the Regulation, the data subject is entitled to receive personal data concerning him / her made available to a Data Controller in a structured, widely used machine-readable format and to transfer such data to another Data Controller without being hindered by the Data Controller to whom you have made the personal data available, if
1. (a) the processing is based on consent or contract; and
2. (b) the processing is carried out in an automated manner.
9.2.The data subject may also request the direct transfer of personal data between data controllers. The exercise of the right to data portability should not infringe Article 17 of the Regulation (right of erasure / forgetting). The right to data portability shall not apply if the processing is necessary for the performance of a task in the public interest or in the exercise of the public authority conferred on the Data Controller. This right must not adversely affect the rights and freedoms of others.
10. Right to protest
10.1.The data subject shall have the right, at any time, to object to the processing of his or her personal data in the public interest, in the performance of a public task or in a legitimate interest, including profiling based on those provisions. In this case, the Data Controller may not further process the personal data, unless the Data Controller demonstrates that the data processing is justified by compelling legitimate reasons which take precedence over the interests, rights and freedoms of the data subject or which are necessary to bring, enforce or protect legal claims. are related. As part of the interest balance test, the Data Controller explores the content of the legitimate interest and examines how the enforcement of the legitimate interest affects the interests of the data subject or his or her fundamental rights and freedoms. It must then be considered whether the latter takes precedence over the legitimate interest of the Data Controller, especially if the child concerned. If the interests of the data subject require the protection of personal data during the consideration - the data processing may not be continued.
10.2.Where personal data are processed for the purpose of direct business acquisition, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for that purpose, including profiling, in so far as it relates to direct business acquisition. If the data subject objects to the processing of personal data for the purpose of direct business acquisition, the personal data may no longer be processed for that purpose.
10.3. These rights shall be explicitly brought to the attention of the data subject at the latest at the time of first contact and shall be clearly and separately separated from any other information.
10.4. The data subject may also exercise the right to protest by automated means.
10.5. Where personal data are processed for scientific and historical research or statistical purposes, the data subject shall have the right to object to the processing of personal data concerning him or her on grounds relating to his or her situation, unless the processing is necessary for the performance of a task carried out in the public interest.
11. Automated decision making in individual cases, including profiling
11.1. The data subject shall have the right not to be covered by a decision based solely on automated data processing, including profiling, which would have a legal effect on him or her or a significant effect on him or her.
11.2. This right shall not apply if the decision:
1. a) necessary for the conclusion / performance of the contract between the data subject and the Data Controller;
2. (b) is governed by Union or Member State law applicable to the controller, which also lays down appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; obsession
3. (c) is based on the e
11.3. In the cases referred to in points (a) and (c) above, the Data Controller shall take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, including at least the right of the data subject to request, intervene and oppose the decision. file an objection.
12. Restrictions
EU or national law applicable to the controller may restrict the scope of rights and obligations by legislative measures, provided that the restriction respects the essential content of fundamental rights and freedoms. The conditions for this restriction are set out in Article 23 of the Regulation.
13. Informing the data subject about the data protection incident
13.1.If the data protection incident is likely to pose a high risk to the rights and freedoms of natural persons, the Data Controller shall inform the data subject of the data protection incident without undue delay. This information shall clearly and intelligibly describe the nature of the data protection incident and shall include at least the following:
· the name and contact details of the Data Protection Officer (if any) or other contact person for further information;
· the likely consequences of the data protection incident;
· Measures taken or planned by the controller to remedy the data protection incident, including, where appropriate, measures to mitigate any adverse consequences arising from the data protection incident.
13.2. The data subject need not be informed if any of the following conditions are met:
· the data controller has implemented appropriate technical and organizational protection measures and these measures have been applied to the data affected by the data protection incident, in particular measures such as the use of encryption which make the data incomprehensible to persons not authorized to access personal data ;
· the controller has taken additional measures following the data protection incident to ensure that the high risk to the data subject's rights and freedoms is no longer likely to materialize;
· the information would require a disproportionate effort. In such cases, data subjects shall be informed through publicly available information or a similar measure shall be taken to ensure that data subjects are informed in an equally effective manner.
14. Right to lodge a complaint / appeal with the supervisory authority)
The data subject has the right to lodge a complaint with the supervisory authority if, in his or her opinion, the processing of personal data concerning him or her violates the Decree / Infotv. The supervisory authority shall keep the client informed of the progress of the complaint and of the outcome thereof, including the right of the client to seek legal redress. The National Data Protection and Freedom of Information Authority (NAIH) in Hungary can make a specific report, legal remedy or complaint. Availability:
· Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22 / C
· Postal address: 1530 Budapest, Pf. 5.
· Phone: +36 1 3911400
· Fax: +36 1 3911410
· e-mail: ugyfelszolgalat@naih.hu
· website: http://www.naih.hu
15. Right to an effective judicial remedy against the supervisory authority
15.1. Without prejudice to other administrative or non-judicial remedies, all natural and legal persons shall have the right to an effective judicial remedy against a legally binding decision of the supervisory authority.
15.2.Without prejudice to other administrative or non-judicial remedies, any data subject shall have the right to an effective judicial remedy if the competent supervisory authority does not deal with the complaint or does not inform the data subject within three months of the progress or outcome of the complaint. Proceedings against the supervisory authority shall be brought before the court of the seat of the supervisory authority.
15.3. Where proceedings are instituted against a decision of the supervisory authority in respect of which the Board has previously issued an opinion or decision under the consistency mechanism, the supervisory authority shall send that opinion or decision to the court.
16. Right to an effective judicial remedy against the controller
16.1. Without prejudice to any available administrative or non-judicial remedies, including the right to lodge a complaint with the supervisory authority, any person concerned shall have the right to an effective judicial remedy if he or she considers that his or her personal data, the Regulation / Infotv. rights under national law.
16.2.Proceedings against the controller shall be brought before the courts of the Member State where the controller is established. Such proceedings may also be instituted before a court of the Member State in which the data subject has his habitual residence, unless the controller is a public authority of a Member State acting in its official capacity.
Sarud, November 20, 2021