Head office

 

3100 Salgótarján, Ruhagyári road 32.

+36-32/512-700

fortbau@fortbau.hu

 

 

Surveying Doors and Windows

 

+36-32/512-700

+36 30 089 2397

nyilaszaro@fortbau.hu

 

 

Castellum Hotel Hollókő

 

3176 Hollókő, Sport street 14.

+36 21 3000 500

castellum@hotelholloko.hu

 

 

FORT-BAU Construction, Trade and Service Private Limited Company

 

Registered office:

1074 Budapest, Dohány street 29.

 

Sites:

1. 3100 Salgótarján, Ruhagyári road 32. (Center, factory)
2. 3176 Hollókő, Sport road 14. (Castellum Hotel Hollókő)

 

Contact information:

+36-32/512-700

fortbau@fortbau.hu

 

Company registration number: 01-10-140991

Tax number: 28763291-2-42

 

Hosting provider: webtar.hu

1. INTRODUCTION

 

FORT-BAU Zrt. (Hereinafter FORT-BAU Zrt., Service provider, data controller, Company), as data controller, acknowledges the content of this legal notice as binding on it.

 

It undertakes that all data processing related to its activities complies with the requirements set out in these regulations and the applicable legislation.

 

FORT-BAU Zrt. Reserves the right to change this prospectus at any time. Of course, you will notify your partners in good time of any changes.

 

FORT-BAU Zrt. Is committed to the protection of the personal data of its customers and partners, and considers the respect of its customers' right to information self-determination to be of paramount importance. The Data Controller treats personal data confidentially and takes all security, technical and organizational measures that guarantee the security of the data.

 

FORT-BAU Zrt. Describes its data management principles below, presents the expectations it has set for itself and complies with itself as a data controller. Its data management principles are in line with existing data protection legislation, in particular:

 

• 2011 CXII. Act on the Right to Self-Determination of Information and Freedom of Information;

• Act V of 2013 - on the Civil Code ;

• Act C of 2000 - on Accounting (Act on Accounting);

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46 ( General Data Protection Regulation (hereinafter "GDPR")

 

2. DEFINITIONS

 

• data subject: any natural person identified or identifiable, directly or indirectly, on the basis of personal data;

• personal data: data which can be contacted with the data subject, in particular the name, identification mark and knowledge of one or more physical, physiological, mental, economic, cultural or social identities of the data subject and the inferences to be drawn therefrom concerning the data subject;

• consent: the voluntary and firm expression of a wish by a data subject, based on appropriate information, giving his or her unambiguous consent to the processing of personal data concerning him or her, in whole or in part;

• "controller" means the natural or legal person, or any entity without legal personality, which alone or jointly with others determines the purposes for which the data are processed, makes decisions concerning the processing (including the means used) or executes them with the processor;

•  data management: any operation or set of operations on data, irrespective of the procedure used, in particular the collection, recording, recording, systematisation, storage, alteration, use, consultation, transmission, disclosure, coordination or aggregation, blocking, erasure and destruction of data, and to prevent further use of the data, to take photographs, sound or images and to record physical characteristics capable of identifying the person (eg fingerprint or palm print, DNA sample, iris image);

• data transfer: making the data available to a specific third party;

• disclosure: making data available to anyone;

• data erasure: making data unrecognizable in such a way that it is no longer possible to recover it;

• data processing: the performance of technical tasks related to data management operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;

• data processor: a natural or legal person or an organization without legal personality who carries out the processing of data on the basis of a contract, including a contract concluded on the basis of a provision of law.

 

3. COMPANY INFORMATION

 

The data and contact details of our company are the following:

 

Name: FORT-BAU Plc.

Registered office: 1074 Budapest Dohány utca 29.

Company registration number: 01-10-140991

Tax number: 28763291-2-42

Phone number: 32/512700

E-mail: fortbau@toldinet.hu

Representative of the data controller: József Kovács

Data protection officer: Mónika Végh, fortbau@toldinet.hu

 

4. SCOPE OF PERSONAL DATA, PURPOSE, TITLE AND DURATION OF DATA PROCESSING

 

We would like to draw the attention of informants to FORT-BAU Zrt. That if they do not provide their own personal data, the informant is obliged to obtain the consent of the data subject.

 

We provide the following information about each of our data processing.

 

4.1. Data management related to suppliers and subcontractors

 

The purpose of this prospectus is to present the Company's data management activities in relation to subcontractors / suppliers.

 

The purpose of data management: supplier and partner management, contractual relations

 

Legal basis for data processing: legitimate interest of the controller - - Article 6 (1) (f) GDPR

 

Scope of personal data processed: name of contact person; e-mail address, telephone number

 

Duration of data management: contracts concluded with the supplier / subcontractor resp. 3 years from the end of the warranty period (if applicable)

 

Recipients of personal data: The data controller will not pass on the data obtained to third parties, with the exception of the data processor (s) indicated in point 7. The recorded data may only be accessed by the employees of the Data Controller and the designated colleagues of the data processor (s).

 

Indication of a legitimate interest: It is in the legitimate interest of our company to handle the data. - Management of the establishment, performance and termination of a contractual relationship with a supplier / subcontractor.

 

Stakeholders:

The Company's contracted subcontractors / suppliers are involved

 

5. OTHER DATA PROCESSES

 

Information on data processing not listed in this prospectus will be provided at the time of data collection. We would like to inform our clients that certain authorities, public bodies and courts may contact our company for the purpose of disclosing personal data. Our company will only provide personal data to these bodies, provided that the exact purpose and scope of the data has been indicated, to the extent and to the extent strictly necessary to achieve the purpose of the request and if the execution of the request is required by law.

 

6. TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY OR INTERNATIONAL ORGANIZATION

 

Our company does not transfer your personal data above to any third country or international organization.

 

7. INFORMATION ON THE USE OF THE DATA PROCESSOR

 

During the processing, the data controller shall transmit the data to the data processor (s) contracted by the company for the performance of the contract

Categories of recipients: accounting / bookkeeping service provider, IT support / system administrator service provider

 

 

8. METHOD OF STORAGE OF PERSONAL DATA, SECURITY OF DATA PROCESSING

 

Our computer systems and other data storage locations are located at the headquarters and on the servers provided by the data processor. Our company selects and operates the IT tools used to manage personal data during the provision of the service in such a way that the processed data:

 

1. accessible to those entitled to it (availability);
2. authenticity and authentication are ensured (authenticity of data management);
3. its invariability can be verified (data integrity);
4. be protected against unauthorized access (data confidentiality).

 

We pay special attention to data security, take the technical and organizational measures and establish the procedural rules necessary to enforce the guarantees under the GDPR. Data shall be protected by appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction, damage and inaccessibility due to changes in the technology used.

 

Our company's and our partners' IT systems and networks are protected from computer-assisted fraud, computer viruses, computer hacking, and denial-of-service attacks. The operator also ensures security through server-level and application-level protection procedures. Daily data backup resolved. In order to avoid data protection incidents, our company takes all possible measures, in the event of such an incident - in accordance with our incident management policy - we take immediate action to minimize the risks and eliminate the damage.

 

9. RIGHTS OF STAKEHOLDERS, REMEDIES

 

The data subject may request information on the processing of his / her personal data, as well as request the correction or deletion or revocation of his / her personal data, exercise his / her right to carry data and protest in the manner indicated at the time of data collection or at the above-mentioned contact details of the data controller.

 

The rights and legal remedies of the data subject are set out in Act CXII of 2011. Act and EU Regulation 2016/679 are defined below and communicated to stakeholders.

 

Right of information, or “right of access” of the data subject: Act CXII of 2011. The Data Controller shall provide information at the request of the data subject pursuant to Article 15 of the Act and EU Regulation 2016/679

 

• the data it processes and the categories of personal data it processes,
• the purpose of the data processing,
• the legal basis for data processing,
• on the duration of data processing,
• where applicable, the period for which the data will be stored or, if that is not possible, the criteria for determining that period,
• where applicable, if the data were not collected from the data subject, all available information on their source,
• where appropriate, automated decision-making, including profiling, and the logic and comprehensible information on the significance of such data processing and the expected consequences for the data subject,
• the data of the data processor, if you have used a data processor, i. the circumstances of the data protection incident, its effects and the measures taken to deal with it, and
• in the case of a transfer of personal data of the data subject, the legal basis, purpose and recipient of the transfer.

 

The information is free of charge if the person requesting the information has not yet submitted a request for information to the Data Controller for the same data set in the current year. In other cases, reimbursement may be established. Reimbursement of costs already paid shall be reimbursed if the data have been processed unlawfully or if a request for information has led to a correction.

 

6. The Data Controller draws the attention of the data subjects to the fact that the information must be refused in accordance with Article CXII of 2011. according to the law,

 

1. if, pursuant to a law, an international treaty or a binding act of the European Union, the Data Controller receives personal data in such a way that the data controller indicates at the same time as the data transfer the restriction of the data subject's rights or other restrictions.
2. external and internal security of the State, such as national defense, national security, the prevention or prosecution of criminal offenses, the security of the execution of sentences and the economic or financial interest of the State or municipality, for the prevention and detection of disciplinary and ethical breaches of labor law and health and safety at work, including in all cases control and supervision, and for the protection of the rights of the data subject or others.

 

The data controller is obliged to notify the National Data Protection and Freedom of Information Authority of rejected requests for information by 31 January of the year following the year in question.

 

Right of rectification: The data subject has the right to have inaccurate personal data concerning him / her rectified at his / her request without undue delay. Taking into account the purpose of the data processing, the data subject has the right to request that the incomplete personal data be supplemented, inter alia, by means of a supplementary statement. However, if the personal data does not correspond to reality and the personal data corresponding to reality is available to the Data Controller, the Personal Data must be corrected by the Data Controller without the request of the data subject. Right of erasure, also known as "right to be forgotten": The data subject has the right to have his / her personal data deleted without undue delay at his / her request, and the data controller is obliged to delete the personal data of the data subject without undue delay. , if not excluded by mandatory data management.

 

In addition to the above, the Data Controller is obliged to delete the data in accordance with Article CXII. and Regulation (EU) 2016/679 of the European Parliament and of the Council, if

 

• the processing of the data is unlawful;
• the data is incomplete or incorrect - and this condition cannot be legally remedied - provided that deletion is not precluded by law;
• the purpose of data processing has ceased or the term for the storage of data specified by law has expired;
• it has been ordered by a court or the Authority.
• personal data are no longer required for the purpose for which they were collected or otherwise processed;
• the data subject objects to the processing and there is no overriding legitimate reason for the processing;
• personal data must be deleted in order to fulfill a legal obligation imposed on the Data Controller by law;
• the personal data were collected in connection with the provision of information society services directly to children as referred to in Article 8 (1) of EU Regulation 2016/679.

 

In the event that the Data Controller discloses personal data for any reason and is required to delete it in accordance with the above, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform other data controllers. that the data subject has requested the deletion of the links to the personal data in question or of a copy or duplicate of that personal data. The Data Controller draws the attention of data subjects to the limitations of the right to delete or the "right to forget" arising from the EU Regulation, which are the following:

 

1. the exercise of the right to freedom of expression and information;
2. the fulfillment of an obligation under Union or Member State law governing the processing of personal data or the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
3. public interest in the field of public health;
4. in accordance with Article 89 (1) of EU Regulation 2016/679, for the purposes of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, where the right of erasure would be likely to make it impossible or seriously jeopardize such processing; obsession
5. filing, enforcing or defending legal claims.

 

 

Right to restrict or block data processing: The data subject has the right to restrict data processing at the request of the Data Controller. If, on the basis of the information available to it, it is suspected that the deletion would harm the legitimate interests of the data subject, the data shall be blocked. Personal data blocked in this way may only be processed for as long as the purpose of the data processing, which precluded the deletion of personal data, exists. If the data subject disputes the accuracy and correctness of the personal data, but the inaccuracy or inaccuracy of the disputed personal data cannot be clearly established, the data shall be blocked. In this case, the restriction applies to the period of time that allows the Data Controller to verify the accuracy of the personal data.

 

According to an EU regulation, data must be blocked if

 

1. the processing is unlawful and the data subject opposes the deletion of the data and instead requests that their use be restricted;
2. the Data Controller no longer needs the personal data for the purpose of data processing, but the data subject requests them in order to submit, enforce or protect legal claims; obsession
3. the data subject has objected to the processing; in this case, the restriction shall apply for the period until it is determined whether the legitimate reasons of the Data Controller take precedence over the legitimate reasons of the data subject.

 

If the processing is subject to a restriction (blocking), such personal data, with the exception of storage, shall be subject to the consent of the data subject or to the submission, enforcement or protection of legal claims or the protection of the rights of another natural or legal person can be treated. The Data Controller hereby draws the attention of the data subjects to the fact that the right of the data subject to rectification, erasure and blocking may be restricted by law for the external and internal security of the state, such as national defense, national security, prevention or prosecution of criminal offenses, economic or financial interest of the municipality, the significant economic or financial interest of the European Union and disciplinary and ethical breaches in or to protect the rights of others.

 

The controller shall, without undue delay and within a maximum of 30 days of receipt of the request, inform the data subject of the request and / or correct the data and / or delete and / or restrict (block) the data or take other action in accordance with the request, if there is no reason to rule it out.

 

The Data Controller shall notify the data subject in writing of the rectification, deletion or restriction of data processing, as well as to all those to whom the data has previously been transferred for the purpose of data management. Upon request, the Data Controller shall inform the data subject about these recipients. Notification may be omitted if it does not harm the legitimate interests of the data subject with regard to the purpose of the processing, or if the information proves impossible or requires a disproportionate effort. The data controller is also obliged to notify the data subject in writing if the data subject's exercise cannot be exercised for any reason, and is obliged to indicate precisely the factual and legal reason and the legal remedies open to the data subject: to the court and to the National Data Protection and Freedom of Information.

 

The “right to data portability”: The data subject has the right to

 

1. receive the personal data concerning him / her, which he / she makes available to the Data Controller in a structured, widely used, machine-readable format, and is entitled to:
2. transfer such data to another controller, without prejudice to the controller to whom the personal data have been made available, if:

 

1. data management is based on consent; and
2. data management is automated.

 

When exercising the right to data portability, the data subject shall have the right, if technically feasible, to request the direct transfer of personal data between data controllers. In view of the data processing performed by the Data Controller, the conditions for exercising the right of data portability are not fulfilled (there is no automated data processing), therefore the data subject cannot exercise this right.

 

Right to protest: The data subject may object to the processing of his or her personal data, including profiling, if

 

• the processing (transfer) of personal data is necessary only for the enforcement of the right or legitimate interest of the Data Controller or the data recipient, except in the case of mandatory data processing;
• the use or transfer of personal data is for the purpose of direct business acquisition, public opinion polling or scientific research;
• the exercise of the right to protest is otherwise permitted by law.

 

The data subject may object to the application of Article 21 (3) of EU Regulation 2016/679. against the processing of personal data for the purpose of direct business acquisition, in which case the personal data may no longer be processed for this purpose. Where personal data are processed for scientific and historical research or statistical purposes, the data subject shall have the right to object to the processing of personal data concerning him or her on grounds relating to his or her situation, unless the processing is necessary for the performance of a task carried out in the public interest. With the simultaneous suspension of data processing, the Data Controller shall examine the protest within the shortest time from the submission of the request, but not later than within 30 days, and shall inform the applicant in writing of the result. If the applicant's objection is substantiated, the Data Controller shall terminate the data processing, including further data collection and data transfer, and block the data, as well as notify all persons to whom the personal data affected by the objection have previously been transferred, and shall notify the who are obliged to take action to enforce the right to protest.

 

If the data subject does not agree with the decision of the Data Controller, or the Data Controller fails to comply with the referred deadline, he / she is entitled to apply to a court within 30 days of its notification. The data subject has the right to object to automated decision-making. Judicial Enforcement: The person concerned can go to court if their rights are violated. The court is acting out of turn in the case. The Data Controller is obliged to prove that the data processing complies with the provisions of the law.

 

In case of violation of the right to information self-determination, you can file a complaint or complaint with:

 

National Authority for Data Protection and Freedom of Information

Address: 1125 Budapest, Szilágyi Erzsébet avenue 22 / c

Phone: +36 (1) 391-1400, Fax: +36 (1) 391-1410

Web: www.naih.hu

e-mail: ugyfelszolgalat@naih.hu