Data Handling Information and Data Security Policy. PIM Professional Industrial Measurement Technology Trade and Service Limited Liability Company (2040 Budaörs, Szabadság út 143. -1/3, company registration number: 01 09 718263, tax number: 13090465-2-13), (hereinafter: Data Controller) summarizes in this Data Handling and Data Security Policy the data protection and data handling principles applied by them and the data protection and data handling policy of the Data Controller.
This data handling information and policy is a modification and supplement of the data handling information registered under the previous NAIH-83855/2015 by PIM Kft. into Data Handling and Data Security Policy, in accordance with Act CXII of 2011 on informational self-determination and freedom of information, as well as Regulation (EU) 2016/679 of the European Union - in effect from 2018.05.25 - on general data protection.
The conditions, principles, and rules included in this policy apply to data collection and data handling processes related to the Data Controller's business activities (providing services and handling product deliveries), the storage and handling of personal data of employees and contractual partners (companies, sole proprietors) employed by the Data Controller, and to the websites operated by them.
The policy can be accessed at the following link: http://www.pim-kft.hu/adatvedelem
Modifications to the policy come into effect upon publication at the above address.
1. Infotv.: Act CXII of 2011 on informational self-determination and freedom of information;
2. GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data,
3. Data Subject/Concerned Person: any identified or identifiable natural person based on specific personal data - directly or indirectly;
4. Personal Data: any information relating to an identified or identifiable natural person; any information that can identify a natural person directly or indirectly;
5. Special Data: data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation, as well as criminal personal data.
6. Health Data: special data concerning the physical or mental health of a natural person, including data on health services provided to the data subject, if they contain information about the health status of the data subject.
7. Consent: the voluntary and unequivocal expression of the data subject's will, based on appropriate information, by which they give their unmistakable consent to the processing of their personal data - whether comprehensive or relating to specific operations; In case of doubt, it is the Controller who must prove that consent has been given.
8. Objection: the data subject's statement objecting to the processing of their personal data, requesting the termination of data processing or the deletion of processed data; It can also be interpreted as the withdrawal or denial of consent.
9. Data Controller: the natural or legal person, or organization without legal personality, who independently or jointly with others determines the purpose of data processing, makes and executes decisions regarding data processing (including the means used), or has it carried out by a data processor appointed by them (based on the Information Act); the natural or legal person, public authority, agency, or any other body that independently or jointly determines the purposes and means of processing personal data; where the purposes and means of processing are determined by Union or Member State law, the Data Controller or the criteria for appointing the Data Controller may also be determined by Union or Member State law (GDPR).
10. Data Processing: any operation or set of operations performed on data, regardless of the method used, including collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or making available, alignment or combination, restriction, erasure, or destruction of data, as well as preventing further use of data, taking a photograph, sound or image recording, and recording physical attributes suitable for identifying a person (e.g., fingerprints, DNA samples, iris scans) (based on the Information Act); any operation or set of operations performed on personal data or datasets, whether by automated or non-automated means, including collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or making available in any other form, alignment or combination, restriction, erasure, or destruction (GDPR).
11. Data Transmission: making data accessible to a specific third party;
12. Disclosure: making data accessible to anyone;
13. Data Erasure: making data unrecognizable in a way that their restoration is no longer possible;
14. Data Destruction: complete physical destruction of the data carrier containing the data;
15. Data Processing: performing technical tasks related to data processing, regardless of the method and tool used for the operations, and the location of the application, provided that the technical task is performed on the data;
16. Data Processor: the natural or legal person, or organization without legal personality, who processes data based on a contract with the Data Controller - including contracting based on legal provisions;
17. Data Controller: the public authority that has produced the public data that must be mandatory published electronically, or whose operation has generated this data;
18. Data Provider: the public authority that, if the Data Controller does not publish the data themselves, publishes the data provided by the Data Controller on a website;
19. Data Set: the set of data managed in a register;
20. Third Party: a natural or legal person, or organization without legal personality, who is not the data subject, the Data Controller, or the Data Processor;
21. Data Breach: the unlawful processing or handling of personal data, including unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as accidental destruction and damage.
22. Right to data portability: the data subject is entitled to receive the data provided by them to the Data Controller in a structured, widely used, machine-readable format - and is entitled to transmit it to another Data Controller - may request the direct transmission of data to another Data Controller - if technically feasible, except if the data processing is carried out for reasons of public interest or the exercise of official authority. This regulation is an institution that reinforces the control over one's own data, which can be exercised when data processing is done automatically, and the Data Controller processes the data based on the consent of the data subject or on a contractual basis.
Pursuant to Section 20 (1) of Act CXII of 2011 on informational self-determination and freedom of information, as well as the General Data Protection Regulation adopted under number 2016/679 of the European Union, it is required to inform the Data Subject (hereinafter: Data Subject) before the commencement of data processing whether the data processing is based on consent or is mandatory. The data subject must be clearly and comprehensively informed before the start of data processing about all facts related to the processing of their data, especially about the purpose and legal basis of data processing, the persons authorized to carry out data processing and data processing, and the duration of data processing. The data subject must also be informed in accordance with Section 6 (1) of the Information Act that personal data may be processed even if obtaining the data subject's consent is impossible or would involve disproportionate costs, and the processing of personal data is necessary for the fulfillment of a legal obligation incumbent on the Data Controller, or is necessary for the exercise of the legitimate interests of the Data Controller or a third party, provided that the exercise of this interest is proportionate to the restriction of the right to the protection of personal data.
The information must also cover the data subject's rights related to data processing and their options for legal remedies. If it is impossible or would involve disproportionate costs to inform the data subjects personally (such as in the case of a website), the information may be provided by disclosing the following information: a) the fact of data collection, b) the categories of data subjects, c) the purpose of data collection, d) the duration of data processing, e) the identity of persons authorized to access the data, f) explanation of the data subject's rights related to data processing and legal remedies, and g) if the data processing is subject to registration in the data protection register, the registration number of the data processing.
1. Personal data may be processed if the Data Subject consents to it, or if a law or - based on the authorization of a law, to the extent specified therein - a local government decree orders it for a purpose based on public interest.
2. Personal data may be processed even if obtaining the data subject's consent is impossible or would involve disproportionate costs, and the processing of personal data is necessary a) for the fulfillment of a legal obligation incumbent on the Data Controller, or b) for the exercise of the legitimate interests of the Data Controller or a third party, provided that the exercise of this interest is proportionate to the restriction of the right to the protection of personal data.
3. If due to the incapacity of the data subject to act or for other unavoidable reasons, it is impossible for them to give their consent, then to the extent necessary to protect their own or another person's vital interests, as well as to avert or prevent an immediate danger threatening the life, physical integrity, or property of individuals, personal data of the data subject may be processed during the existence of obstacles to obtaining consent.
4. The consent statement containing the consent of a minor data subject who has reached the age of 16 does not require the consent or subsequent approval of their legal representative to be valid.
5. If the purpose of data processing based on consent is the performance of a contract concluded with the data controller, the contract must contain all information that the data subject needs to know regarding the processing of personal data, including in particular the definition of the data to be processed, the duration of data processing, the purpose of use, the fact of data transfer, recipients, and the use of data processors. The contract must unequivocally state that by signing it, the data subject consents to the processing of their data as specified in the contract.
6. If personal data has been collected with the consent of the data subject, the data controller may process the collected data without further separate consent for the purpose of fulfilling a legal obligation concerning the data subject, or for asserting the legitimate interest of the data controller or a third party, if the assertion of this interest is proportionate to the restriction of the right to personal data protection, and may also process it after the withdrawal of the data subject's consent.
1. Personal data may only be processed for specified purposes, in the exercise of rights and the fulfillment of obligations. At all stages of data processing, it must comply with the purpose of data processing, and the collection and processing of data must be fair and lawful.
2. Only personal data that is essential for achieving the purpose of data processing, and suitable for achieving that purpose, may be processed. Personal data may only be processed to the extent and for the duration necessary to achieve the purpose.
Personal data must retain its quality throughout the data processing until a connection with the data subject can be restored. A connection with the data subject can be restored if the data controller has the technical conditions necessary for restoration.
Data accuracy, completeness, and, if necessary for the purpose of data processing, timeliness must be ensured during data processing, as well as ensuring that the data subject can only be identified for the time necessary for data processing.
The policy applies to all employees and all workers involved in work for PIM Ltd. (hereinafter: Data Controller) employed on any legal basis, who through their work are considered or may be considered as Data Controllers. The policy also applies to natural persons who are in any kind of (employment or civil law) contractual relationship with the Data Controller and whose personal data processing is mandatory due to work or contract fulfillment (data subjects).
The terms, principles, and rules contained in this policy apply to data collection and data processing processes related to the Data Controller's business activities (providing services and processing product deliveries), the storage and processing of personal data of employees and contractual partners (companies, sole proprietors) employed by the Data Controller, and the websites operated by the Data Controller*. *)
This data processing information regulates the data processing of the following websites: www.pim-kft.hu, www.pim-ltd.hu, www.termokamera.hu, www.razogep-shaker.hu, and www.egyensulyozas.hu. The above content requirements are valid for these websites and do not apply to websites operated by third parties, even if these websites are directly accessible from the aforementioned websites. Data processing takes place exclusively in Hungary, with no data transfer abroad or any other activities related to personal data that would fall under the restrictions of Act CXII of 2011 on informational self-determination and freedom of information, or the General Data Protection Regulation (EU) 2016/679. This data protection and security policy is the internal regulation of the Data Controller, which defines the general responsibilities and rights of the employer as the Data Controller and the employees in their respective positions based on legal requirements. Compliance with the provisions of the policy is mandatory for all parties involved in the job position, as well as for the employer as the Data Controller. Violation of the provisions in the policy may result in legal consequences as defined by the relevant laws.
1. Pursuant to Act No. CXII of 2011 on informational self-determination and freedom of information, Section 20 (1), as well as the General Data Protection Regulation adopted under EU 2016/679, the following must be determined regarding data processing during course registration and request for quotation: a) fact of data collection, b) scope of data subjects, c) purpose of data collection, d) duration of data processing, e) identity of data controllers authorized to access the data, f) explanation of data subjects' rights related to data processing.
2. Fact of data collection, scope of processed data: first and last name; email address; landline and/or mobile phone number; fax number; company name; company address; requested course, service, or product; date of registration/request for quotation; IP address at the time of registration/request for quotation (if done through the website).
3. Scope of data subjects: All data subjects registering or requesting a quotation via email, phone, or website.
4. Purpose of data collection: The data controller processes personal data of data subjects for the purpose of providing services or establishing a delivery contract, determining its content, monitoring its performance, handling requests for quotation, and course registrations.
5. Duration of data processing, deadline for data deletion: Data processing is carried out until the end of the business relationship or contract with the data subject, or until a request from the data subject to do so. Except in the case of accounting documents, as the Accounting Act of 2000 (Act C of 2000) stipulates that such data must be retained for 8 years. Accounting documents supporting accounting directly and indirectly (including general ledger accounts, analytical, or detailed records) must be kept in a readable form for at least 8 years, retrievable based on accounting notes.
6. Identity of potential data controllers authorized to access the data: Personal data may be processed by the data controller's employees, while respecting the above principles.
7. Explanation of data subjects' rights related to data processing: Data subjects can initiate the deletion or modification of personal data by postal mail to 2040 Budaörs, Szabadág út 143. -1/3., or by email to pim@pim-kft.hu.
8. The data controller does not transmit data unless required by law.
9. Legal basis for data processing: Consent of the data subject, Section 5 (1) of the Information Act, and Section 13/A (3) of Act CVIII of 2001 on electronic commerce services and services related to the information society: The data controller may process personal data necessary for providing the service. The data controller, under identical conditions, must select and operate tools used in providing services related to the information society in a way that personal data is processed only when absolutely necessary for providing the service and fulfilling other purposes defined in this law, and even then, only to the necessary extent and duration.
1. The data controller may process personal data necessary for its business activities - providing services and handling product deliveries. The data controller, under identical conditions, must select and operate tools used in providing services related to the information society in a way that personal data is processed only when absolutely necessary for providing the service and fulfilling other purposes defined in the Elker Act, and even then, only to the necessary extent and duration.
2. The Data Controller may only process data related to its business activities for any other purpose - especially to increase the efficiency of its services, to deliver electronic advertisements or other targeted content to the data subject, for market research purposes - with the prior determination of the data processing purpose and based on the consent of the data subject.
3. The data subject must be able to prohibit data processing before and during the use of services related to the information society.
4. The processed data must be deleted if the contract is not concluded or terminated, unless a storage obligation in accordance with accounting law arises in the latter case. Data must be deleted if the data processing purpose has ceased, or the Data Subject so decides. In the absence of a different provision in the law, data deletion must be carried out without delay.
5. The Data Controller must ensure that the Data Subject can at any time, before and during the use of services related to the information society, be informed about the data processing purposes and types of data processed by the Data Controller, including the processing of data that cannot be directly linked to the data subject.
1. Pursuant to Section 20 (1) of Act CXII of 2011 on informational self-determination and freedom of information, the following must be determined regarding the data processing of cookies on the website: a) the fact of data collection, b) the scope of data subjects, c) the purpose of data collection, d) the duration of data processing, e) the identity of data controllers authorized to access the data, f) explanation of the data subjects' rights related to data processing.
2. Websites operated by the Data Controller do not use cookies, therefore the definitions listed in the aforementioned law are not necessary.
The Data Controller measures website traffic data using the Google Analytics service. Data is transmitted during the use of the service. The transmitted data is not suitable for identifying the data subjects. More information about Google's privacy principles can be found here: http://www.google.hu/policies/privacy/ads/
1. Pursuant to Section 6 of Act XLVIII of 2008 on the basic conditions and certain restrictions of economic advertising activities, the Data Subject may give prior and explicit consent for the Data Controller to contact them with advertising offers and other materials at the email address provided during registration.
2. Furthermore, the Data Subject, bearing in mind the provisions of this information, may consent to the Data Controller processing their personal data necessary for sending advertising offers.
3. The Data Controller does not send unsolicited commercial messages, and the Data Subject may unsubscribe from receiving offers without restriction or justification, free of charge. In this case, the Data Controller deletes all personal data necessary for sending commercial messages from its records and does not contact the Data Subject with further advertising offers. The Data Subject can unsubscribe from ads by clicking on the link in the message.
4. Pursuant to Section 20 (1) of Act CXII of 2011 on informational self-determination and freedom of information, the following must be determined regarding the data processing of newsletter sending: a) the fact of data collection, b) the scope of data subjects, c) the purpose of data collection, d) the duration of data processing, e) the identity of data controllers authorized to access the data, f) explanation of the data subjects' rights related to data processing.
5. The fact of data processing, the scope of processed data: company name, name, email address, date, time.
6. Scope of data subjects: All Data Subjects subscribing to the newsletter or expressly consenting to receive newsletters via email.
7. Purpose of data processing: sending electronic communications containing advertisements to the Data Subject, providing information about current events, products, promotions, new features, etc.
8. Duration of data processing, deadline for data deletion: data processing lasts until the consent is withdrawn, i.e., until unsubscribing.
9. Identity of possible data controllers authorized to access the data: Personal data may be processed by the Data Controller's employees, while respecting the above principles.
10. Description of the data subject's rights related to data processing: The data subject can unsubscribe from the newsletter at any time free of charge.
11. Legal basis for data processing: the data subject's voluntary consent, Section 5 (1) of Act No. CXII of 2011 on Informational Self-Determination and Freedom of Information, and Section 6 (5) of Act No. XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Commercial Advertising: The advertiser, the advertising service provider, or the publisher of the advertisement - within the scope defined in the consent - keep a record of the personal data of the persons making the consenting statements. The data recorded in this register - relating to the recipient of the advertisement - may only be processed in accordance with the consent statement until its withdrawal, and may only be transferred to a third party with the prior consent of the data subject.
1. Based on Section 20 (1) of Act No. CXII of 2011 on Informational Self-Determination and Freedom of Information, the following must be determined in the context of data processing activities on the website:
a) the fact of data collection, b) the circle of data subjects, c) the purpose of data collection, d) the duration of data processing, e) the identity of possible data processors authorized to access the data, f) description of the data subject's rights related to data processing.
2. The fact of data processing, the scope of processed data. Username, email address, IP address used at the time of registration.
3. Circle of data subjects: All Data Subjects initiating the download of protected professional materials and software from the website.
4. Purpose of data processing: Prevention of unauthorized downloads (Copyright infringement).
5. Duration of data processing, deadline for data deletion: Until the Data Subject's request.
6. Identity of possible data processors authorized to access the data: The personal data can be processed by the Data Controller's employees, while respecting the above principles.
7. Description of the data subject's rights related to data processing: The Data Subject can request the deletion or modification of personal data by post to 143 Szabadság út, -1/3, 2040 Budaörs, or by email to pim@pim-kft.hu.
1. The Data Controller is obliged to design and carry out data processing operations in a way that ensures the protection of the data subjects' privacy.
2. The Data Controller, as well as the data processor in its scope of activities, must ensure the security of data, take technical and organizational measures, and establish procedural rules necessary to enforce the provisions of the Information Act and other data and confidentiality regulations.
3. Data must be protected with appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as against accidental destruction and damage, and against becoming inaccessible due to changes in the technology used.
4. Adequate technical solutions must be implemented to protect electronically managed data files in different registers to ensure that the data stored in the registers - unless permitted by law - cannot be directly linked and attributed to the data subjects.
5. During the automated processing of personal data, the data controller and the data processor must take additional measures to a. prevent unauthorized data entry; b. prevent the use of automatic data processing systems by unauthorized persons through data transmission equipment; c. ensure traceability and determinability of which organizations have transmitted or can transmit the personal data using data transmission equipment; d. ensure traceability and determinability of which personal data, when, and by whom were entered into the automatic data processing systems; e. ensure the recoverability of installed systems in case of malfunctions and f. ensure that errors occurring during automated processing are reported.
6. When determining and implementing measures to ensure the security of data, both the Data Controller and the Data Processor must take into account the current state of technology. Among several possible data processing solutions, the one that provides a higher level of protection for personal data must be chosen, unless it would represent a disproportionate difficulty for the data controller.
7. Handling of data protection incidents: a) As soon as the Data Controller becomes aware of a data protection incident, it must report it without undue delay, preferably within 72 hours of becoming aware of it, to the relevant supervisory authority, unless it can demonstrate in accordance with the principle of accountability that the data protection incident is unlikely to result in a risk to the rights and freedoms of natural persons. If the report cannot be made within 72 hours, in addition to disclosing the reason for the delay, the required information must also be provided in parts without further undue delay. b) The Data Subject must be informed by the Data Controller without undue delay if the data protection incident is likely to pose a high risk to the rights and freedoms of natural persons, in order for the Data Subject to take necessary precautions. The information provided must include a description of the nature of the data protection incident and suggestions on how to mitigate adverse effects on the affected natural person. Information to the data subjects must be provided as soon as possible within the bounds of reasonableness, in close cooperation with the supervisory or law enforcement authority, and in compliance with guidance provided by it or other relevant authorities.
1. The Data Subject may request the Data Controller to provide information on the processing of their personal data, request correction of their personal data, and request the deletion or blocking of their personal data, except for mandatory data processing.
2. Upon request of the Data Subject, the data controller shall provide information on the data processed by the Data Subject or by the data processor appointed by the Data Subject, including their source, purpose, legal basis, duration, the name and address of the data processor, and its activities related to data processing, and - in case of transmission of personal data - the legal basis and recipient of the data transfer.
3. For the purpose of verifying the legality of data transfers and informing the Data Subject, the Data Controller maintains a record of data transfers, which includes the date of transmission of the personal data it manages, the legal basis and recipient of the data transfer, the definition of the transferred personal data scope, and other data specified in the legislation prescribing data processing.
4. The Data Controller must provide information to the Data Subject in a clear and understandable manner, in writing, within the shortest possible time from the submission of the request, but no later than 30 days, upon the Data Subject's request. The information is provided free of charge.
5. Upon request of the Data Subject, the Data Controller provides information on the data it manages, including their source, purpose, legal basis, duration, the possible name and address of the data processor, and its activities related to data processing, and - in case of transmission of personal data - the legal basis and recipient of the data transfer. The Data Controller provides the information in writing, in a clear and understandable manner, within the shortest possible time from the submission of the request, but no later than 30 days. The information is provided free of charge.
6. If the personal data is inaccurate, the Data Controller corrects the personal data if the correct personal data is available to the Data Controller.
7. Instead of deletion, the Data Controller blocks the personal data if requested by the Data Subject or if, based on the available information, it can be assumed that deletion would violate the legitimate interests of the Data Subject. The blocked personal data may only be processed as long as the data processing purpose that prevented the deletion of personal data exists.
8. The Data Controller shall erase personal data if its processing is unlawful, the Data Subject requests it, the processed data is incomplete or inaccurate - and this condition cannot be lawfully remedied - provided that deletion is not excluded by law, the purpose of data processing has ceased, or the deadline for data storage defined by law has expired, it has been ordered by a court or by the National Authority for Data Protection and Freedom of Information.
9. The Data Controller shall mark the personal data it processes if the data subject disputes its accuracy or correctness, but the inaccuracy or incorrectness of the disputed personal data cannot be clearly established.
10. The data subject, as well as those to whom the data was previously transmitted for the purpose of data processing, must be informed of the correction, blocking, marking, and deletion. Notification may be omitted if it does not harm the legitimate interests of the data subject in view of the purpose of data processing.
11. If the Data Controller does not comply with the data subject's request for correction, blocking, or deletion, within 30 days of receiving the request, it shall communicate in writing the factual and legal reasons for rejecting the request for correction, blocking, or deletion. In case of rejection of the request for correction, deletion, or blocking, the data controller shall inform the data subject about the possibility of judicial remedy and the option to contact the Authority.
1. The Data Subject may object to the processing of personal data if a) the processing or transmission of personal data is necessary solely for the fulfillment of a legal obligation applicable to the Data Controller, or for the legitimate interests pursued by the Data Controller, the data recipient, or a third party, except where data processing is required by law; b) the use or transmission of personal data is for marketing, public opinion research, or scientific research purposes; c) in other cases specified by law.
2. The Data Controller shall examine the objection within the shortest possible time from the submission of the request, but no later than 15 days, make a decision on its justification, and inform the requester in writing of the decision. If the Data Controller determines the justification of the data subject's objection, it shall cease data processing - including further data collection and transfer - and block the data, as well as inform those to whom the personal data affected by the objection was previously transmitted, and who are obliged to take action to enforce the right to object.
3. If the Data Subject does not agree with the decision made by the Data Controller, they may appeal to the court within 30 days of its notification. The court shall proceed with the case without delay.
4. Any possible infringement by the Data Controller can be reported to the National Authority for Data Protection and Freedom of Information: National Authority for Data Protection and Freedom of Information 1125 Budapest, Szilágyi Erzsébet fasor 22/C. Mailing address: 1530 Budapest, P.O. Box: 5. Phone: +36-1-391-1400 Fax: +36-1-391-1410 Email: ugyfelszolgalat@naih.hu
1. The Data Controller is obliged to prove that data processing complies with the provisions of the law. The legality of data transmission must be proven by the data recipient.
2. The adjudication of the case falls within the jurisdiction of the court. The lawsuit can be initiated before the court of the place of residence or stay of the data subject, according to the choice of the data subject.
3. Any person who does not have legal capacity in litigation may also be a party to the lawsuit. The Authority may intervene in the lawsuit to protect the interests of the data subject.
4. If the court grants the request, the Data Controller shall be obliged to provide information, correct, block, delete the data, annul the decision made by automated data processing, consider the data subject's right to object, and release the data requested by the data recipient.
5. If the court rejects the data recipient's request, the Data Controller must delete the personal data of the data subject within 3 days from the notification of the judgment. The Data Controller must delete the data even if the data recipient does not go to court within the specified deadline.
6. The court may order the publication of its judgment - by disclosing the identifying data of the data controller - if the interests of data protection and the protected rights of a larger number of data subjects require it.
1. If the data controller causes damage to another person by unlawfully processing the data of the data subject or by breaching the requirements of data security, they are obliged to compensate for it.
2. If the data controller violates the data subject's right to personality by unlawfully processing the data of the data subject or by breaching the requirements of data security, the data subject may claim damages from the data controller.
3. The data controller is liable to the data subject for the damage caused by the data processor and must also pay damages to the data subject for the violation of the right to personality caused by the data processor. The data controller is relieved of liability for the damage caused and the obligation to pay damages if they prove that the damage or the violation of the data subject's right to personality was caused by an unavoidable external factor beyond the scope of data processing.
4. Damage does not have to be compensated for, and damages cannot be claimed to the extent that the damage or the violation of the right to personality caused by the damage or the violation of the right to personality resulted from intentional or grossly negligent behavior of the data subject.
When preparing the Data Processing and Data Security Policy, we took into account the following laws:
This Policy shall enter into force on August 1, 2020, replacing the data processing information of PIM Ltd. registered under the number NAIH-83855/2015. The provisions of this Policy must also be applied to ongoing cases.
Budaörs, August 1, 2020.
Copyright © PIM Professzionális Ipari Méréstechnika Kft.
2026 | Minden jog fenntartva
Impresszum | Adatkezelés