GDPR | Avreporter Energy Ma

Privacy Policy of KONSYS Industrial and Service Limited Liability Company

In accordance with Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), KONSYS Industrial and Service Limited Liability Company (hereinafter referred to as the Data Controller) provides the following information to the data subjects regarding the processing of personal data:

1. Data Controller's Information

Name: KONsys Industrial and Service Limited Liability Company
Headquarters: 9084 Győrság, Rákóczi Ferenc u. 73.
Email: korodi.judit@konsys.hu
Website: www.konsys.hu

2. Applicable Laws

Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, GDPR)
Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Infotv.)
ePrivacy Directive (ePD): Governing privacy in electronic communications, particularly cookies and other types of online tracking.

3. Information on Data Processing

3.1. Personal Data Processing by the Data Controller

3.1.1. Personal data processing for client record management purposes

Purpose of data processing: Ensuring the fulfillment of services available on the Data Controller's website (e.g., request for quotation), enabling necessary client identification.
Legal basis for data processing: Article 6(1)(a) of the GDPR, based on the consent of the data subject.
Storage period of personal data: Until the consent of the data subject is withdrawn.
Categories of personal data processed: name, phone number, email address, company name, login name, password.
Source of personal data: directly from the data subject.
Scope of data subjects: Natural persons who are business partners of the Data Controller or contact persons of legal entity business partners of the Data Controller.

3.1.2. Personal data processing for providing newsletter services

Purpose of data processing: Sending commercial emails, including newsletters with current information, promotions, and business offers from the Data Controller and its partners, to interested parties/clients/partners.
Legal basis for data processing: Article 6(1)(a) of the GDPR, based on the consent of the data subject.
Storage period of personal data: Until the consent of the data subject is withdrawn.
Categories of personal data processed: email address.
Source of personal data: directly from the data subject.
Scope of data subjects: Natural persons who are business partners of the Data Controller or contact persons of legal entity business partners of the Data Controller.

3.1.3. Processing of contact data of contractual partners

Purpose of data processing: Maintaining contact with business and contractual partners in order to fulfill contracts or requests for quotations.
Legal basis for data processing:

For business partners of the Data Controller or legal entity contractual partners: the legitimate interest of the partner under Article 6(1)(f) of the GDPR.
For natural person contractual partners of the Data Controller: the interest related to contract/request fulfillment under Article 6(1)(b) of the GDPR.

Storage period of personal data:

For business partners of the Data Controller: 5 years from the first contact.
For contractual partners of the Data Controller: For the duration of the contract and, in the absence of other legal provisions, for 9 years after the termination of the contract.

Categories of personal data processed: name, phone number, email address, company name.
Source of personal data: Proposals, contracts sent to the Data Controller, or directly from the data subjects.
Scope of data subjects: Natural persons who are business partners of the Data Controller or contact persons of legal entity business partners of the Data Controller.

3.2. Information on automated decision-making and profiling

The Data Controller does not engage in automated decision-making or profiling.

3.3. If there is a recipient

The term "Recipient" refers to any natural or legal person, public authority, agency, or other body to whom or with whom personal data are disclosed, whether or not it is a third party. Public authorities that may receive personal data in the context of a specific inquiry in accordance with Union or Member State law are not considered recipients.

3.4. Who may access your personal data?

Personal data will not be disclosed to third parties except in cases specified in this Privacy Policy or as required by law, court, or regulatory authority decisions.

3.5. Data Security Measures

The Data Controller stores personal data provided by the data subject at its headquarters or at a location provided by the Data Processor. The Data Controller implements appropriate information security measures to protect personal data against unauthorized access and alteration.

4. Your Rights as a Data Subject

4.1. Right of Access (Article 15 GDPR)

The data subject has the right to access their personal data and to obtain information on:

The purposes of data processing;
The categories of personal data concerned;
The recipients or categories of recipients to whom the personal data has been or will be disclosed;
The planned retention period for the personal data;
The right to request the rectification or erasure of personal data, or the restriction of processing, or to object to processing;
The right to lodge a complaint with a supervisory authority;
The source of the data, if it was not collected from the data subject.

4.2. Right to Rectification (Article 16 GDPR)

The data subject has the right to request the rectification of inaccurate personal data.

4.3. Right to Erasure (Article 17 GDPR)

The data subject has the right to request the erasure of personal data if:

The processing is unlawful;
The data subject withdraws their consent, and there is no other legal basis for processing;
The purpose of processing no longer applies.

4.4. Right to Restriction of Processing (Article 18 GDPR)

The data subject has the right to request the restriction of processing if:

The accuracy of the data is contested by the data subject;
The processing is unlawful, and the data subject opposes the erasure of data.

4.5. Right to Object (Article 21 GDPR)

The data subject has the right to object to the processing of their personal data.

4.6. Right to Data Portability (Article 20 GDPR)

The data subject has the right to receive their personal data in a machine-readable format or request the transfer of such data to another data controller.

4.7. Exercising Data Subject Rights

Data subjects may exercise their rights by contacting the Data Controller through the following means:

Email: korodi.judit@konsys.hu
Postal address: 9084 Győrság, Rákóczi Ferenc u. 73.

5. Right to Legal Remedy

The data subject has the right to lodge a complaint with the supervisory authority if they believe that the processing of their personal data is unlawful:

National Authority for Data Protection and Freedom of Information
Address: 1055 Budapest, Falk Miksa u. 9-11.
Website: www.naih.hu

6. Data Protection Organization and Responsibility

KONSYS Industrial and Service Limited Liability Company is committed to strictly adhering to data protection regulations. Since our activities do not require the appointment of a Data Protection Officer (DPO) — as we are not a public authority, we do not process special categories of personal data in large quantities, and we do not conduct large-scale regular and systematic monitoring of personal data — compliance with GDPR is ensured directly under the supervision of the company's management.

7. Contact and Legal Compliance

If you have any questions about our data protection practices or wish to exercise your rights concerning your personal data, please contact us at the following contact details: