Data processing information related to Write us menu
Data processing information related to the “Write us” menu of the www.mammut.hu website which is under the right of disposal of Mammut Management Kft.
Mammut Management Kft., as the beneficiary of the www.mammut.hu website acts as controller in respect of the personal data related to this website. If you visit our website and contact us by using the “Write us” menu at www.mammut.hu/kapcsolat in order to obtain information, your personal data will be processed. We give you the following information about the processing of your personal data.
Data of the Controller
Company name: Mammut Management Kft. Registered seat: 1024 Budapest, Lövőház utca 2-6., Hungary Registration number: 01 09 304362 Phone number: +36 1 345 8000 e-mail: firstname.lastname@example.org
hereinafter the Controller or Mammut Kft.
Major laws applicable during data processing:
Regulation (EU) 2016/679 of the European Parliament and of the Council is about the protection of natural persons with regard to the processing of personal data and on the free movement of such data.1
Act V of 2013 on the Civil Code;
Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (hereinafter the Info Act);
Act VI of 1998 on the ratification of Strasbourg Convention of 28 January 1981 for the Protection of Individuals with regard to Automatic Processing of Personal Data
Data to be Processed
If you contact us for information by completing the message form in the “Write us” menu of our website, your personal data to be processed are as follows:
- name (given name, surname)
- email address
- and any further personal data given by you in the “message” field.
In the interest of successful contact and to enable the sending of message to the Controller and receive a response, giving the above-mentioned data is required. However, giving data depends on your decision, in other words, you can decide not to give your above-mentioned personal data; in this case, however, you will not be able to send us a message in this form.
Legal basis and purpose of data processing
If you contact us for information as mentioned above, your consent will be the legal basis for processing.
In this case, the purpose of processing is the collection of data necessary for contacting you so that we can provide you information as requested about the Controller’s business services and operation. Your personal data can be accessed by the Controller’s agents responsible for customer service tasks, for the above purposes.
Period of processing
The Controller will process your personal data until you withdraw your consent or for a maximum of 3 months after receiving the data/message. If the message sent by you includes information related to the enforcement of legal claims or the fulfillment of obligations (e.g. violation of rights by or related to the services of the Controller’s agent and the enforcement of related claims, e.g. compensation), the Controller will retain your above-mentioned data until the statutory lapse period for the enforcement of such rights or the fulfillment of such obligations.
By completing the fields and form of the “Write us” menu (name, email address, message) and sending it to the Controller, you consent to the processing of your personal data for the above-mentioned period of 3 months.
Please note that you can withdraw your consent at any time, even within the said 3-month period, by a request to the Controller as follows:
- in person at the Controller’s address: 1024 Budapest, Lövőház utca 2-6., Hungary, or at
- by email sent to: email@example.com
After the withdrawal of your consent, the Controller shall promptly delete all your data if the processing has no other legal basis (e.g. enforcement of legitimate claims as mentioned above). The withdrawal of consent does not affect the legitimacy of data processing performed previously based on your consent.
Otherwise, the Controller shall delete your personal data without further notice upon the lapse of the said 3 months.
Cases of transfer and forwarding of processed personal data
In cases defined by law the Controller is entitled and obliged to forward your personal data processed by it to the competent regulatory authorities or to the body authorized to proceed, in order to enforce legal claims.
Protection of processed personal data
When elaborating the technical and procedural rules of processing operations, the Controller lays a great emphasis on ensuring proper physical and information technology protection for your data. The applied measures are primarily intended to avoid and prevent unauthorized access to, unauthorized alteration, forwarding, disclosure, deletion of or damage to the processed data. The Controller selects the means and measures used in processing in view of this. Further, the Controller ensures that only authorized persons may access the processed data and the authenticity of the processed data and that they are not altered.
Data subject’s rights related to processing
In relation to the processing of your personal data by the Controller, you are entitled to:
- receive proper and transparent information, including feedback from the Controller whether your personal data are being processed;
- ask to correct your incorrect personal data;
- ask to delete your processed personal data if processing is exclusively based on your consent or if the data are no longer needed for the purpose of their collection or if processing is illegitimate;
- exercise your right to data portability, in other words, to receive your personal data in a widely used machine-readable form, forward or ask to forward them to other controllers, provided that processing is automatized and is based on contract or consent, further, that exercising such rights does not prejudice the legitimate rights or freedoms of others;
- ask to limit the processing of your personal data (for example, in cases where the accuracy of your processed data is disputed or processing may be illegitimate until the clarification of such circumstances);
- protest against the processing of your personal data (for example, when processing is based on the enforcement of the legitimate interests of the controller or a third party), further, to withdraw your consent at any time,
- to turn to the supervisory authorities or courts in case of processing thought to be illegitimate.
Data subjects’ rights
access to personal data: the data subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, to access the following information:
- categories of processed personal data,
- purposes of the processing,
- recipients to whom your personal data has been or will be disclosed,
- envisaged period for which the personal data will be stored, or the criteria used to determine the period,
- the source of the data if not collected from the data subject,
- rights to turn to the supervisory authority (complaint),
- if automated decision-making or profiling is performed during processing, its fact, logic, or expected consequences to you.
right to correct: the data subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her, or to have incomplete data completed, including by means of providing a supplementary statement.
right to delete personal data: the data subject shall have the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay and the Controller shall have the obligation to erase personal data without undue delay if:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; or
- the data subject withdraws consent, and where there is no other legal ground for the processing; or
- the data subject objects to the processing and there are no overriding legitimate grounds for the processing; or
- the personal data have been unlawfully processed; or
- the personal data have to be erased for compliance with a legal obligation to which the Controller is subject;
- the collection of personal data is needed in relation to the offer of information society services (e.g. on-line marketing, online gambling).
There could be important reasons and interests that enable the processing of the data subject’s data even if he or she has protested against it (such as exercising the right of the freedom of expression and information, or if needed for the submission, enforcement or protection of legal claims).
Right to restriction of processing: The data subject shall have the right to obtain from the Controller restriction of processing if:
- the accuracy of the personal data is contested by the subject (in this case, limitation is for a period enabling the Controller to verify the accuracy of the personal data); or
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; or
- the Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims; or
- the data subject has objected to processing (in this case, restriction applies until it is verified whether the legitimate grounds of the Controller override those of the data subject);
During the limitation period, no processing other than data storage can be performed, except for cases of important public interest or the protection of the rights of persons.
Right to data portability: the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller. The subject shall have this right of processing based on his or her consent or on a contract, and is automated. The exercising of this right shall not adversely affect the rights and freedoms of others.
Right to protest: if processing is based on legitimate interest to be enforced by the controller, the data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her. In such cases, the Controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Right to judicial remedy
If you believe that your rights have been injured by the processing of your personal data by the Controller, and your questions and comments regarding this have not been answered or have not been answered in time or properly, you are entitled to lodge a complaint to the competent supervisory authority.
Data of the competent supervisory authority:
Name: Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH) [National Authority for Data Protection and Freedom] Address: 1125. Budapest, Szilágyi Erzsébet fasor 22c, Hungary e-mail: firstname.lastname@example.org Telephone: +36 1 391 1400
Further, you are entitled to turn to the courts with jurisdiction at your residence if you believe that the Controller processes your personal data in violation of the provisions of the relevant laws or the compulsory legal act of the European Union.
If you plan to turn to the supervisory authority or court, please first contact the Controller as it is in possession of the information necessary to respond to your questions or request for judicial remedy.
Our company is committed to complying with the principles of legitimate, transparent or fair data processing; therefore, in situations considered to violate your rights, we shall take immediate action to clarify any questions and remedy the established violation, and we shall inform you within a maximum of 1 month of the relevant actions taken and answer your questions about processing made to the Controller.
- GDPR is available in English at the following website: https://eur-lex.europa.eu/legal-content/EN/TXT/ELI/?eliuri=eli:reg:2016:679:oj The terms in this data processing information have the meaning defined in Article 4, Definitions of the GDPR.