Data protection

DATA PROTECTION

The operator of xmeditor.hu website, the X-Meditor Ltd. (9023 Győr, Csaba u. 21., furthermore the Service provider, controller), as controller acknowledges the content of the present legal notice as binding. The controller takes liability that all of its activities concerning data processing comply with the provisions set forth in the governing law and in this regulation.

X-Meditor Ltd is committed to protect the personal data of its partners, and highlights the importance of respecting the rights to informational self-determination of its clients. X-Meditor Ltd., as the operator and data controller of this website handles the personal information confidentially, and ensures all the safety, technical and organizational measures to guarantee data safety.
In this document the operator provides information about its data processing principles, the regulations and the activities related to the data processed by the website. The data protection principles regarding the operation of the website are in compliance with the governing law on data protection, in particular with the following ones:
Regulation (EU) 2016/79 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
Act CXII of 2011 – on Informational Self-Determination and Freedom of Information (hereinafter Privacy Act);
Act CVIII of 2001 – on Certain Issues of Electronic Commerce Services and Information Society Services (Electronic commerce service Act);
Act XLVIII of 2008 – on Essential Conditions of and Certain Limitations to Business Advertising Activity (Business Advertising Activity Act).

1., Terms and definitions
1.1. data subject: any natural person who can be identified directly or indirectly, in particular by reference to a personal identifier;
1.2. personal data: any information relating to data subject – in particular the name, an identification number, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, or any deduction drawn from them related to the data subject;
1.3. consent: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
1.4. objection: the declaration in which the data subject raises objections to the processing of his/her personal data and calls for the termination of data processing or the deletion of the processed data;
1.5. data controller: is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes of the processing of personal data, makes the decisions related to data processing (including the applied means), or has it fulfilled by a commissioned data processor;
1.6. data processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, blocking erasure or destruction, and blocking them from further use, photographing, sound and video recording, and the recording of physical attributes for identification purposes (such as fingerprints and palm prints, DNA samples and retinal images);
1.7. data transmission: to make the data available to a specific third party;
1.8. disclosure: to make the data accessible to anyone;
1.9. deletion: the process of making data unrecognizable in order to prevent data restoration;
1.10. data identification: supply the data with identification marks in order to distinguish the data;
1.11. data blocking: labelling the data with identification marking in order to limit data processing permanently or for a specific time;
1.12. data destruction: complete physical destruction of media containing data;
1.13. technical manipulation of data: the technical operations involved in data processing irrespective of the method and instruments employed for such operations and the venue where it takes place provided that such technical operations are carried out on the data;
1.14. processor: means a natural or legal person, public authority, agency or other body which processes data in behalf of the controller;
1.15. third party: means natural or legal person, public authority, agency or body other than the data subject, controller or processor;
1.16. third country: any state which is not an EEA state.

2., Data processing principles for the operation of the website A
Personal data processing is lawful where
a) the data subject has given his/her consent for data processing, or
b) it is prescribed by the law or – authorized by the law, within the scope set forth thereof – by the municipality for public interest (mandatory data processing).
Data processing is also possible if the attainment of the data subject’s consent is impossible, or it would entail disproportionate cost, and the data processing is necessary in order to be in compliance with the legal obligations to which the data controller is subject, or it is required in order to enforce the legitimate interests of the data processor or third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
If the data have been recorded with the consent of the data subject, the recorded data shall be processed by the controller
a) in order to comply with the legal obligations to which the controller is subject, or
b) in order to enforce the legitimate interests of the data processor or the third party, if these interests are proportionate with the restrictions of the rights to the protection of personal data, without specific further consent from the data subject, and even subsequently the withdrawal of the consent of the data subject.
Personal data shall be processed exclusively in order to fulfil a certain objective or to comply with legal obligations. Each stage of data processing shall comply with these objectives, furthermore the data recording and processing shall be fair.
Exclusively such personal data can be processed that are necessary and suitable for the fulfilment of the objective only to such an extent and duration that considered to be undisputedly necessary for that aim. Personal data shall be processed exclusively with the data subject’s consent after profound information.
Before data recording the data subject shall be informed whether data processing is based on personal consent or it is legally binding. The data subject must be informed – clearly, comprehensively and in details – about all the facts concerning his/her personal data processing, in particular about the objective, the legal ground of data processing, the legal entity authorized for data processing and controlling, the duration of data processing, and about the fact that the controller processes the data subject’s personal date based on his/her consent in order to comply with the legal obligation it is subject to or in order to enforce the legitimate interests of a third party, and about those who may legal entities that may be entitled to get familiar with these data. Information shall cover the rights of the data subject and his/her available remedies.
During data processing the accuracy, completeness of the data shall be ensured; the data subject shall be identifiable only until the duration of data processing.
Personal data shall only be transferred to a data processor or controller conducting data processing in a third country where the data subject exclusively gives his/her consent, or the conditions of data processing set forth above are fulfilled, and the safety of the personal data transferred to a third country can be ensured during processing. Data transmission to EEA states shall be regarded as if data transmission had been fulfilled in Hungary.

3., Scope of processed data, features of data processing
The data handling operations of xmeditor.hu website is based on voluntary personal consent. In certain cases, the scope of processing, storage and transmission of the provided data shall be defined by legal obligations, of which the visitors, users shall be informed separately.

3/1. The data of the visitors of xmeditor.hu website
The objective of data processing: in order to check the operation of the service, and in order to prevent abuse the storage space provider of the website records visitors’ data while visiting the site. The legal ground for data processing: the consent of the data subject and the concerning Art. 13/a. (3) of Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services. The scope of the processed data: date, time, IP address of the user’s computer, the name of the visited site, the name of the previously visited site, data regarding the operation system and the browser of the user.

The Google Analytics web analytical software and its external server helps to measure and audit the visits of the website and of other web analytic data. About processing the measurement data further information is available at www.google-analytics.com.
In order to provide tailor-made service the external service providers place a so called small data package on the user’s computer, i.e cookie. If the browser sends back a previously saved cookie, the concerning service provider has the chance to connect the actual visit of the visitor to the previous ones, exclusively regarding own contents.
The so called web beacons are not applied at xmeditor.hu website.

3/2. Data regarding contact, application and information request at xmeditor.hu website.
The objective of data processing: contacting, contact keeping, information request.
The legal ground for data processing: voluntary consent of the data subject.
The scope of the processed data: name, e-mail address, telephone number, subject of the message, text of the message, date and time, personal data provided by the data subject.
The scope of the processed data: termination of data processing or withdrawal of consent.

Deletion or modification of personal data can be initiated via the following channels:
► Postal address: X-Meditor Ltd. 9002 Győr Pf. 156.,
► E-mail address: info@xmeditor.hu

Data protection rights of the users and their rights to exercise: The rights and obligations of the user are defined by Art. 14-21. of Privacy Act. The user has the right to receive information in accordance with the law, as well the right to ask for the deletion, modification or blocking of his/her data. The rights and obligations set forth in the concerning Act are described in details at the following website: http://njt.hu/cgi_bin/njt_doc.cgi?docid=139257.296244 (14-21. §)

Possibilities for legal remedies: The possibilities for legal remedies of the data subject (set forth in Art. 22-23.Privacy Act) are described in details at the following web site: http://njt.hu/cgi_bin/njt_doc.cgi?docid=139257.296244

More detailed description about data processing can be obtained from the controller of the website at the following e-mail address: info@xmeditor.hu, or at the Hungarian National Authority for Data Protection and Freedom of Information (Seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/c, Postal number: 1530 Budapest, Pf.: 5., Phone:+36 (1) 391-1400).

4., Storage of personal data, data processing
The IT tools and storage solutions of X-Meditor Ltd. can be found at its headquarter (9023 Győr, Csaba u. 21.)

5., Data of controller, contact details
Name: X-Meditor Ltd. and the employees employed by the company, responsible for the fulfilment of the concerning contract
Seat: 9023 Győr, Csaba u. 21.
Online contact: info@xmeditor.hu

6., Data of processer, contact details
Name: X-Meditor Ltd. and the employees employed by the company, responsible for the fulfilment of the concerning contract.
Seat: 9023 Győr, Csaba u. 21.
Online contact: info@xmeditor.hu

7., Possibilities for legal remedies
In order to get legal remedy or to lodge a complaint the data subject can turn to Hungarian National Authority for Data Protection and Freedom of Information. Availabilities:
Hungarian National Authority for Data Protection and Freedom of Information
1024 Budapest, Szilágyi Erzsébet fasor 22/C.
Web site: http://www.naih.hu