3100 Salgótarján, Ruhagyári road 32.
Surveying Doors and Windows
+36 30 089 2397
Castellum Hotel Hollókő
3176 Hollókő, Sport street 14.
+36 21 3000 500
FORT-BAU Construction, Trade and Service Private Limited Company
1074 Budapest, Dohány street 29.
Company registration number: 01-10-140991
Tax number: 28763291-2-42
Hosting provider: webtar.hu
FORT-BAU Zrt. (Hereinafter FORT-BAU Zrt., Service provider, data controller, Company), as data controller, acknowledges the content of this legal notice as binding on it.
It undertakes that all data processing related to its activities complies with the requirements set out in these regulations and the applicable legislation.
FORT-BAU Zrt. Reserves the right to change this prospectus at any time. Of course, you will notify your partners in good time of any changes.
FORT-BAU Zrt. Is committed to the protection of the personal data of its customers and partners, and considers the respect of its customers' right to information self-determination to be of paramount importance. The Data Controller treats personal data confidentially and takes all security, technical and organizational measures that guarantee the security of the data.
FORT-BAU Zrt. Describes its data management principles below, presents the expectations it has set for itself and complies with itself as a data controller. Its data management principles are in line with existing data protection legislation, in particular:
3. COMPANY INFORMATION
The data and contact details of our company are the following:
Name: FORT-BAU Plc.
Registered office: 1074 Budapest Dohány utca 29.
Company registration number: 01-10-140991
Tax number: 28763291-2-42
Phone number: 32/512700
Representative of the data controller: József Kovács
Data protection officer: Mónika Végh, email@example.com
4. SCOPE OF PERSONAL DATA, PURPOSE, TITLE AND DURATION OF DATA PROCESSING
We would like to draw the attention of informants to FORT-BAU Zrt. That if they do not provide their own personal data, the informant is obliged to obtain the consent of the data subject.
We provide the following information about each of our data processing.
4.1. Data management related to suppliers and subcontractors
The purpose of this prospectus is to present the Company's data management activities in relation to subcontractors / suppliers.
The purpose of data management: supplier and partner management, contractual relations
Legal basis for data processing: legitimate interest of the controller - - Article 6 (1) (f) GDPR
Scope of personal data processed: name of contact person; e-mail address, telephone number
Duration of data management: contracts concluded with the supplier / subcontractor resp. 3 years from the end of the warranty period (if applicable)
Recipients of personal data: The data controller will not pass on the data obtained to third parties, with the exception of the data processor (s) indicated in point 7. The recorded data may only be accessed by the employees of the Data Controller and the designated colleagues of the data processor (s).
Indication of a legitimate interest: It is in the legitimate interest of our company to handle the data. - Management of the establishment, performance and termination of a contractual relationship with a supplier / subcontractor.
The Company's contracted subcontractors / suppliers are involved
5. OTHER DATA PROCESSES
Information on data processing not listed in this prospectus will be provided at the time of data collection. We would like to inform our clients that certain authorities, public bodies and courts may contact our company for the purpose of disclosing personal data. Our company will only provide personal data to these bodies, provided that the exact purpose and scope of the data has been indicated, to the extent and to the extent strictly necessary to achieve the purpose of the request and if the execution of the request is required by law.
6. TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY OR INTERNATIONAL ORGANIZATION
Our company does not transfer your personal data above to any third country or international organization.
7. INFORMATION ON THE USE OF THE DATA PROCESSOR
During the processing, the data controller shall transmit the data to the data processor (s) contracted by the company for the performance of the contract
Categories of recipients: accounting / bookkeeping service provider, IT support / system administrator service provider
8. METHOD OF STORAGE OF PERSONAL DATA, SECURITY OF DATA PROCESSING
Our computer systems and other data storage locations are located at the headquarters and on the servers provided by the data processor. Our company selects and operates the IT tools used to manage personal data during the provision of the service in such a way that the processed data:
We pay special attention to data security, take the technical and organizational measures and establish the procedural rules necessary to enforce the guarantees under the GDPR. Data shall be protected by appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction, damage and inaccessibility due to changes in the technology used.
Our company's and our partners' IT systems and networks are protected from computer-assisted fraud, computer viruses, computer hacking, and denial-of-service attacks. The operator also ensures security through server-level and application-level protection procedures. Daily data backup resolved. In order to avoid data protection incidents, our company takes all possible measures, in the event of such an incident - in accordance with our incident management policy - we take immediate action to minimize the risks and eliminate the damage.
9. RIGHTS OF STAKEHOLDERS, REMEDIES
The data subject may request information on the processing of his / her personal data, as well as request the correction or deletion or revocation of his / her personal data, exercise his / her right to carry data and protest in the manner indicated at the time of data collection or at the above-mentioned contact details of the data controller.
The rights and legal remedies of the data subject are set out in Act CXII of 2011. Act and EU Regulation 2016/679 are defined below and communicated to stakeholders.
Right of information, or “right of access” of the data subject: Act CXII of 2011. The Data Controller shall provide information at the request of the data subject pursuant to Article 15 of the Act and EU Regulation 2016/679
The information is free of charge if the person requesting the information has not yet submitted a request for information to the Data Controller for the same data set in the current year. In other cases, reimbursement may be established. Reimbursement of costs already paid shall be reimbursed if the data have been processed unlawfully or if a request for information has led to a correction.
6. The Data Controller draws the attention of the data subjects to the fact that the information must be refused in accordance with Article CXII of 2011. according to the law,
The data controller is obliged to notify the National Data Protection and Freedom of Information Authority of rejected requests for information by 31 January of the year following the year in question.
Right of rectification: The data subject has the right to have inaccurate personal data concerning him / her rectified at his / her request without undue delay. Taking into account the purpose of the data processing, the data subject has the right to request that the incomplete personal data be supplemented, inter alia, by means of a supplementary statement. However, if the personal data does not correspond to reality and the personal data corresponding to reality is available to the Data Controller, the Personal Data must be corrected by the Data Controller without the request of the data subject. Right of erasure, also known as "right to be forgotten": The data subject has the right to have his / her personal data deleted without undue delay at his / her request, and the data controller is obliged to delete the personal data of the data subject without undue delay. , if not excluded by mandatory data management.
In addition to the above, the Data Controller is obliged to delete the data in accordance with Article CXII. and Regulation (EU) 2016/679 of the European Parliament and of the Council, if
In the event that the Data Controller discloses personal data for any reason and is required to delete it in accordance with the above, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform other data controllers. that the data subject has requested the deletion of the links to the personal data in question or of a copy or duplicate of that personal data. The Data Controller draws the attention of data subjects to the limitations of the right to delete or the "right to forget" arising from the EU Regulation, which are the following:
Right to restrict or block data processing: The data subject has the right to restrict data processing at the request of the Data Controller. If, on the basis of the information available to it, it is suspected that the deletion would harm the legitimate interests of the data subject, the data shall be blocked. Personal data blocked in this way may only be processed for as long as the purpose of the data processing, which precluded the deletion of personal data, exists. If the data subject disputes the accuracy and correctness of the personal data, but the inaccuracy or inaccuracy of the disputed personal data cannot be clearly established, the data shall be blocked. In this case, the restriction applies to the period of time that allows the Data Controller to verify the accuracy of the personal data.
According to an EU regulation, data must be blocked if
If the processing is subject to a restriction (blocking), such personal data, with the exception of storage, shall be subject to the consent of the data subject or to the submission, enforcement or protection of legal claims or the protection of the rights of another natural or legal person can be treated. The Data Controller hereby draws the attention of the data subjects to the fact that the right of the data subject to rectification, erasure and blocking may be restricted by law for the external and internal security of the state, such as national defense, national security, prevention or prosecution of criminal offenses, economic or financial interest of the municipality, the significant economic or financial interest of the European Union and disciplinary and ethical breaches in or to protect the rights of others.
The controller shall, without undue delay and within a maximum of 30 days of receipt of the request, inform the data subject of the request and / or correct the data and / or delete and / or restrict (block) the data or take other action in accordance with the request, if there is no reason to rule it out.
The Data Controller shall notify the data subject in writing of the rectification, deletion or restriction of data processing, as well as to all those to whom the data has previously been transferred for the purpose of data management. Upon request, the Data Controller shall inform the data subject about these recipients. Notification may be omitted if it does not harm the legitimate interests of the data subject with regard to the purpose of the processing, or if the information proves impossible or requires a disproportionate effort. The data controller is also obliged to notify the data subject in writing if the data subject's exercise cannot be exercised for any reason, and is obliged to indicate precisely the factual and legal reason and the legal remedies open to the data subject: to the court and to the National Data Protection and Freedom of Information.
The “right to data portability”: The data subject has the right to
When exercising the right to data portability, the data subject shall have the right, if technically feasible, to request the direct transfer of personal data between data controllers. In view of the data processing performed by the Data Controller, the conditions for exercising the right of data portability are not fulfilled (there is no automated data processing), therefore the data subject cannot exercise this right.
Right to protest: The data subject may object to the processing of his or her personal data, including profiling, if
The data subject may object to the application of Article 21 (3) of EU Regulation 2016/679. against the processing of personal data for the purpose of direct business acquisition, in which case the personal data may no longer be processed for this purpose. Where personal data are processed for scientific and historical research or statistical purposes, the data subject shall have the right to object to the processing of personal data concerning him or her on grounds relating to his or her situation, unless the processing is necessary for the performance of a task carried out in the public interest. With the simultaneous suspension of data processing, the Data Controller shall examine the protest within the shortest time from the submission of the request, but not later than within 30 days, and shall inform the applicant in writing of the result. If the applicant's objection is substantiated, the Data Controller shall terminate the data processing, including further data collection and data transfer, and block the data, as well as notify all persons to whom the personal data affected by the objection have previously been transferred, and shall notify the who are obliged to take action to enforce the right to protest.
If the data subject does not agree with the decision of the Data Controller, or the Data Controller fails to comply with the referred deadline, he / she is entitled to apply to a court within 30 days of its notification. The data subject has the right to object to automated decision-making. Judicial Enforcement: The person concerned can go to court if their rights are violated. The court is acting out of turn in the case. The Data Controller is obliged to prove that the data processing complies with the provisions of the law.
In case of violation of the right to information self-determination, you can file a complaint or complaint with:
National Authority for Data Protection and Freedom of Information
Address: 1125 Budapest, Szilágyi Erzsébet avenue 22 / c
Phone: +36 (1) 391-1400, Fax: +36 (1) 391-1410