Privacy Policy (in english)

Privacy Policy (in english)


Data protection statement

Name: Swiss Electronic Kft

Registered office: H-1141 Budapest, Cinkotai út 91/C

Reg No.: 01-09-184732

Tax number: 23592298-2-42

Represented by: Gábor Hekker and Eszter Kovácsné Olaszy with independent signature

E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

Phone: +36 1 784 88 35

Purpose and scope of the Prospectus

Swiss Electronic Ltd processes, processes and stores personal data that may come into its possession in the course of its activities for the purposes specified by law.

The purpose of the Information Notice is to set out the legal regime of the records kept by the Data Controller and to ensure compliance with the constitutional principles of data protection, the right to informational self-determination and the requirements of data security. It also aims to set out the data protection and data management principles applied by the Data Controller, the Data Controller's data protection and data management policy, which the Data Controller acknowledges as binding on it.

The purpose of the Information Notice is to ensure that the activities of Swiss Electronic Ltd. comply in practice with the legal provisions on data protection by applying and operating the provisions of this Information Notice, to ensure the enforcement of fundamental rights to the protection of personal data as defined in the data management, and to ensure compliance with data security requirements.

Definitions:

Personal data: any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Special categories of personal data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade-union membership, genetic data and biometric data revealing the individual's identity, health data and personal data concerning the sexual life or sexual orientation of natural persons.

Data processing: any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, regardless of the procedures used, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

Transfer: the making available of data to a specified third party.

Disclosure: making data available to any person.

Deletion: rendering data unrecognisable in such a way that it is no longer possible to retrieve it.

Filing system: a set of personal data, structured in any way, centralised, decentralised or structured according to functional or geographical criteria, which is accessible on the basis of specific criteria.

Controller: the person who, alone or jointly with others, determines the purposes and means of the processing.

Processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.

Data Subject: any specified natural person who is identified or can be identified, directly or indirectly, on the basis of personal data.

Recipient: a natural or legal person, public authority, agency or any other body to whom or with which personal data are disclosed, whether or not a third party.

Third party: a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Consent of the data subject: a freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she signifies, by a statement or by an unambiguous act of affirmation, his or her agreement to the processing of personal data concerning him or her.

Data Breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

E-mail: electronic mail. The name refers to the method of writing or transmission, which takes place entirely by electronic means using computer networks.

Internet: the Internet (Internetworking System) is a worldwide network of computer networks (known as a meta network) that spans the globe, connecting government, military, commercial, business, educational, research, and other institutions, as well as individual users.

Web page, Web site, Web portal, Web site: an electronic platform for displaying and communicating information, typically located on servers (Web servers) connected to the Internet. These pages have a unique address (link), which can be entered into a browser application to navigate to the page. The technology of Web pages allows you to jump back and forth (hypertext) between individual content elements and links.

Cookies: a program component used to provide convenience features on websites. There are two basic types. One is stored on your own computer, the other is stored on the server side, the so-called session cookie. For data management purposes, the handling of the session cookie should be regulated. Websites should inform and declare to visitors the use of cookies.

Electronic newsletter: an electronic letter, transactional, promotional or other campaign information, typically generated automatically and sent by an application to the e-mail address of a subscriber to a mailing list.

Principles of data processing

Swiss Electronic Kft is committed to protecting the personal data of data subjects and attaches great importance to respecting the right of data subjects to self-determination. The personal data collected will be treated confidentially and in accordance with data protection legislation. In addition, it takes all technical and organisational measures to ensure the secure storage of data.

Personal data may only be processed for specific purposes, for the exercise of a right or the performance of an obligation. At all stages of processing, the purpose of the processing must be fulfilled and the collection and processing of data must be fair and lawful.

Only personal data that is necessary for the purpose of the processing and is adequate for the purpose shall be processed. Personal data may only be processed to the extent and for the duration necessary to achieve the purpose.

The personal data shall retain this quality during the processing for as long as the relationship with the data subject can be re-established. The link with the data subject may be re-established if the controller has the technical conditions necessary for such re-establishment.

Possible legal grounds and purposes of processing

Personal data may be processed if at least one of the following conditions is met:

  • the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
    the processing is necessary for the performance of a contract to which the data subject is a party or is necessary for the purposes of taking steps at the request of the data subject prior to entering into a contract;
    processing is necessary for compliance with a legal obligation to which the controller is subject;
    processing is necessary for the protection of the vital interests of the data subject or of another natural person;
    processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
    processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.

Security of data processing

The Data Controller shall design and implement processing operations in such a way as to ensure the protection of the privacy of data subjects when applying the law and other rules applicable to processing.

The Data Controller or, in the context of its activities, the data processor, shall ensure the security of the data and shall take the technical and organisational measures and establish the rules of procedure necessary to ensure compliance with the law.

Appropriate measures must be taken to protect the data against unauthorised access, alteration, disclosure, disclosure, deletion or destruction, accidental destruction or accidental damage and against inaccessibility resulting from changes in the technology used.

In order to protect the electronically managed data files in the different registers, appropriate technical arrangements should be in place to ensure that the data stored in the registers cannot be directly linked and attributed to the data subject.

The controller and the processor should take into account the state of the art when defining and implementing measures to ensure the security of the data. The choice between several possible processing solutions should be made which ensure a higher level of protection of personal data, unless this would impose a disproportionate burden on the controller.

The controller and the processor shall implement appropriate technical and organisational measures, taking into account the state of the art and the cost of implementation, the nature, scope, context and purposes of the processing and the varying degrees of probability and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of data security appropriate to the level of risk, including, where appropriate:

pseudonymisation and encryption of personal data;
ensuring the continued confidentiality, integrity, availability and resilience of the systems and services used to process personal data;
in the event of a physical or technical incident, the ability to restore access to and availability of personal data in a timely manner;
a procedure for regularly testing, assessing and evaluating the effectiveness of the technical and organisational measures taken to ensure the security of data processing.
Swiss Electronic Ltd's computer equipment, systems, data storage rooms and facilities are located at the premises of Swiss Electronic Ltd.

To the best of Swiss Electronic Ltd's knowledge and the current state of the art, the computer equipment and computer systems used are considered to be protected from unauthorized access, data theft, deletion, alteration, accidental destruction, and unintentional disclosure.

Swiss Electronic Ltd will ensure that the data is protected in accordance with the technical level available at the time and that the data cannot be directly linked and attributed to the data subject, unless otherwise provided by law.

The Swiss Electronic Kft operates a web platform (website, web page, web site) under its own domain name for the presentation and advertising of its products and services.

The storage of personal data in connection with the operation of the website:

www.tarhelypark.hu

Hosting and server provider: Websupport Magyarország Kft.
Tax number: 25138205-2-41
Company registration number: 01-09-381419
Community Tax Number: HU25138205.

Office address:
1132 Budapest, Victor Hugo utca 18-22.

Email address: This email address is being protected from spambots. You need JavaScript enabled to view it.

Websupport Magyarország Kft. stores the data, it is not entitled to process them

The Data Controller declares that it has taken appropriate security measures to protect personal data against unauthorised access, alteration, disclosure, transmission, disclosure, deletion or destruction, accidental destruction or accidental damage, and against inaccessibility resulting from changes in the technology used.

Legal basis for processing: Article 6(1)(c) and (f) and Article 13/A(3) of Act CVIII of 2001 on certain aspects of electronic commerce services and information society services.

Transfer of data to third parties

"third party" means a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data;

Third party data controllers process the personal data we disclose on their own behalf and in accordance with their own privacy policies.

Swiss Electronic Ltd processes the personal data of its clients' customers, as a third party, within the legal framework and as specified in the engagement contracts.

Swiss Electronic Ltd. does not transfer the data of its own clientele to third parties!

 

Information on the use of cookies

 

What is a cookie?

The Data Controller uses so-called cookies when you visit the website. A cookie is a set of information consisting of letters and numbers that our website sends to your browser in order to save certain settings, facilitate the use of our website and help us to collect some relevant, statistical information about our visitors. Cookies do not contain any personal information and are not used to identify an individual user. Cookies often contain a unique identifier - a secret, randomly generated sequence of numbers - that is stored on your device. Some cookies are deleted after you close the website, and some are stored on your computer for a longer period of time.

 

Legal background and legal basis for cookies:

The legal basis for the processing of cookies is the General Data Protection Regulation (GDPR), Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (Infotv.) and Act CVIII of 2001 on certain aspects of electronic commerce services and information society services. Article 5(1)(a) of the GDPR.

 

Main features of the cookies used by the website:

Session cookie: These cookies are activated temporarily during the browser session, i.e. from the moment the user opens the browser window until the moment it is closed. Once the browser is closed, all session cookies are deleted. No personal data is stored in session cookies.

The site uses the following cookie, which is necessary for its operation.

Purpose: to record the user's status during browsing

Security cookie: security cookies are used to authenticate users, prevent misuse of login credentials, and to protect user data from unauthorized persons.

Google Adwords cookie: when someone visits our site, the visitor's cookie ID is added to our remarketing list. Google uses cookies, such as NID and SID cookies, to customise the ads you see in Google products, such as Google Search. It uses such cookies, for example, to remember your recent searches, your previous interactions with advertisements from individual advertisers or search results, and your visits to advertisers' websites. The AdWords conversion tracking feature uses cookies. To track ad sales and other conversions, cookies are saved on a user's computer when they click on an ad. Some common uses of cookies include: selecting ads based on what is relevant for a particular user, improving campaign performance reporting, and avoiding displaying ads that the user has already viewed (Processor: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.)

Google Analytics cookie: The service may use cookies to collect information and report statistics about website usage without individually identifying visitors to Google. The main cookie used by Google Analytics is the "__ga, _gat, _gid" cookie. In addition to generating reports on website usage statistics, Google Analytics, together with some of the advertising cookies described above, may also be used to display more relevant ads in Google products (such as Google Search) and across the web (data processor: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.)

1P_JAR cookie: this cookie provides information about how the end user uses the website and any advertising that the end user may have seen before visiting the website.

__Secure-HSID: For security purposes, this cookie stores a digitally signed and encrypted record of the user's Google Account ID and most recent login credentials, which allows Google to authenticate users, prevent fraudulent use of login credentials, and protect user data from unauthorized parties. It can also be used for targeting purposes to display relevant and personalised advertising content.

__Secure-SSID: Used to store information about your website usage and any ads you may have seen before visiting the site, and to help Google properties customize ads by remembering recent searches, past interactions with an advertiser's ads, or search results and visits to an advertiser's site.

__Secure-APISID: Used for targeting purposes to profile the interests of website visitors to display relevant and personalized Google ads.

__Secure-3PSID: Used for targeting purposes to profile the interests of website visitors to display relevant and personalised Google ads.

ANID: Used for targeting purposes to profile the interests of website visitors to display relevant and personalised Google ads.

SIDCC: Used to store information about your website usage and any ads you may have seen before visiting the site, and to help Google properties customize ads by remembering recent searches, past interactions with an advertiser's ads, or search results and visitors to an advertiser's site.

SID: For security purposes, to store a digitally signed and encrypted record of a user's Google Account ID and most recent login time, allowing Google to authenticate users, prevent fraudulent use of login credentials, and protect user data from unauthorized parties. It can also be used for targeting purposes to display relevant and personalised advertising content.

HSID: Used for security purposes to store a digitally signed and encrypted record of a user's Google Account ID and most recent login time, which allows Google to authenticate users, prevent fraudulent use of login credentials and protect user data from unauthorised parties. It can also be used for targeting purposes to display relevant and personalised advertising content.

SSID: Used to store information about your website usage and any ads you may have seen before visiting the site, and to help Google properties customize ads by remembering recent searches, past interactions with an advertiser's ads, or search results and visits to an advertiser's site.

APISID: Used for targeting purposes to profile the interests of website visitors to display relevant and personalised Google ads.

SAPISID: Used for targeting purposes to profile the interests of website visitors to display relevant and personalised Google ads.

_secure-3PAPISID: Used for targeting purposes to profile the interests of website visitors to display relevant and personalised Google ads.

_secure-3PSIDCC: Used for targeting purposes to profile the interests of website visitors to display relevant and personalised Google ads. Expiry date: 2 years.

Cookie Consent: used to store user cookie login preferences.

NID: A cookie containing preferences that the browser sends to Google Sites. The NID cookie contains a unique identifier that enables Google to remember a number of preferences for a particular user, such as preferred language, number of results to display in a search, etc. Personal data processed in this way is deleted after 180 days.

OTZ: Google uses cookies, such as OTZ cookies, to help you personalise the ads on Google's properties such as Google Search. Cookies.

_cfduid: Cookies associated with websites that use CloudFlare to speed up page load times. CloudFlare says it is used to override security restrictions based on the IP address of the visitor. It does not contain user identification information.

mf_has_cookie: Functional cookie, allows the website to provide enhanced functionality and personalization. If you do not enable this cookie, some or all of the website's services will not function properly.

Facebook pixel (Facebook cookie). The Facebook remarketing pixel tracking code is used to display personalised offers and ads to website visitors on Facebook. The Facebook remarketing list is not personally identifiable (fr, tr).

For more information about the Facebook Pixel / Facebook Account, please visit https://www.facebook.com/business/help/651294705016616

(Data Processor: Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, Phone: +1 650-543-4800.)

The logged data will be stored for up to 1 year from the date of logging (where the retention period is different, the retention period is indicated).

You can delete the cookies set by www.xoda-water.com from your device at any time using your browser. For details on how to delete or manage cookies, please refer to the help section of your browser. You can also use your browser to block cookies or request a notification each time your browser receives a new cookie. Blocking cookies may technically prevent you from using our website.

If you do not accept cookies, certain features will not be available to you. For more information on how to delete cookies, please see the links below:

Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11

Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer

Chrome: https://support.google.com/chrome/answer/95647?hl=en

Edge: Settings -> Advanced settings -> Cookies ("Allow cookies" / "Block all cookies" / "Block only external cookies" or F12 - Troubleshooting - Cookies

Purpose, method and duration of processing:

The processing of data is based on the voluntary and explicit consent of the users of the content of the website www.xoda-water.com, in that the data they provide during their visit to and use of the website is used for the purposes of the ongoing relationship between the users of the website's services and the data controller and for public research.

The purpose of the processing is to ensure the provision of the services available under the URL www.xoda-water.com, to operate an information platform, to compile statistics and to deal with queries received through the website.

The storage of visitor statistics is for statistical purposes only.

The data controller will not use personal data for purposes other than those indicated. The processing of the data thus provided is subject to the voluntary consent of the user.

Data processed in the course of enquiries, contact and requests for quotations:

You can contact us using any of the contact details on our website or send us a message using the form. The personal data you provide when contacting us will only be used to contact you and will not be passed on to third parties.

Purpose of processing:

To inform interested parties, to provide a quotation.

Legal basis for processing:

In the case of enquiries, requests for information or quotations, the processing is based on voluntary consent in accordance with the EU General Data Protection Regulation (GDPR) and Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Infotv.).

Scope of data processed:

We process the following data that you voluntarily provide when contacting us:

Name
telephone number
e-mail address
comment

Duration of data processing:

We process your personal data for different periods of time depending on the nature of the contact.

In the case of enquiries and contacts, we will not retain the data after the necessary information has been provided, unless a legitimate claim can be made for the purpose of the ad hoc contact, in which case we may retain it for a maximum of 5 years for the purpose of its justification.

In the case of a quotation, the minimum period of data retention is the period during which the offer is binding (Civil Code, § 6:65)

In the case of a business relationship, the data will be retained for a maximum period of 8 years.

Billing

Purpose of processing: issuing an invoice for the service.

Data to be processed: name, billing address, e-mail address, telephone number.

Legal basis for processing: processing necessary for the performance of a contract or for taking steps prior to the conclusion of a contract (Article 6(b) GDPR)

Duration of processing: 8 years

E-mail customer service

Purpose of processing: support of customers using the service, information of interested parties.

Data processed: name, e-mail address, message (optional: telephone number)

Legal basis for processing: processing necessary for the performance of a contract or for pre-contractual steps (Article 6(b) GDPR)

Duration of data processing: 90 days from the last contact in the case of a non-customer, 8 years from the last business relationship in the case of a business partner.

Frequently asked questions

On our website, we provide an opportunity for our customers to contact us directly via our website for answers to frequently asked questions, as well as with their own questions.

The personal data stored in this way:

email address

Legal basis for processing: voluntary consent of the data subject (GDPR 6(a))

Duration of processing: after the necessary information has been provided, the data will no longer be kept.

Photos on the website

On our website we have placed photos of our webshop fulfilment activities for information purposes. However, some of the photos also show our employees.

We take great care to ensure that the content of the images published on our website does not infringe the privacy rights or legitimate interests of others and that we have permission and authorisation to use them lawfully in all cases.

Purpose of data processing:

To inform visitors to our website www.xoda-water.com

Legal basis for processing:

The processing is based on voluntary consent in accordance with the EU General Data Protection Regulation (GDPR) and Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (Infotv.) and the Civil Code.

Scope of data processed:

Identifiable, recognizable images of natural persons in the recordings.

Duration of data processing:

Until the data subject's consent is withdrawn or until the content is deleted from our website.

Swiss Electronic Ltd. is not responsible for any previous pages that have been deleted but archived with the help of Internet search engines. The removal of these pages is the responsibility of the search site operator.

Images and videos displayed on our Facebook page

We regularly report news about our webshop fulfilment service on our Facebook page.

We take particular care to ensure that the content of images and videos published on our Facebook page does not infringe the privacy rights or legitimate interests of others and that we have permission and authorisation to use them lawfully in all cases.

Purpose of processing:

To inform visitors to our Facebook page.

Legal basis for processing:

Processing is based on voluntary consent in accordance with the EU General Data Protection Regulation (GDPR) and Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (Infotv.) and the Civil Code.

Scope of data processed:

Identifiable, recognizable images of natural persons in the recordings.

Duration of data processing:

Until the data subject's consent is withdrawn or until the content is deleted from our website.

Data Processor: Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland

Swiss Electronic Ltd cannot be held responsible for any of its pages that have been deleted but archived by the Internet search engines. Removal of these pages is the responsibility of the search site operator.

Enforcement:

You can request information about the processing of your data at any time by contacting us at the contact details above.

You can also request the rectification of your data at any time if you find that, for example, you have provided it incorrectly or it has been incorrectly or incompletely recorded.

You may also request the deletion of your data, and if there are no legal obstacles to this, we will comply with your request without delay (otherwise we will inform you of the reasons for refusing to delete your data).

Only our staff will have access to the data you have provided.

The data controller does not control the data provided by the user, and the user is solely responsible for their accuracy and correctness.

The data controller shall treat all data and facts concerning users as confidential and shall use them exclusively for the development of its services and for its own research and statistics. The publication of these statements may only take place in a form that does not allow the individual identification of each user.

The data processing of ww.xoda.hu shall be carried out in accordance with the legal provisions in force at the time and the data protection rules set out in this Policy, and shall be used exclusively in the course of its activities, and shall not be transferred to any other natural or private person without the user's consent. The only exceptions to this rule are data disclosures based on legal obligations and the use of data in aggregate statistical form, which does not include the name or any other identifiable data of the user.

If the Data Controller intends to use the data provided for purposes other than those set out in this Privacy Policy, it will duly inform the user at the e-mail address provided and obtain his/her prior explicit consent and provide the user with the possibility to prohibit any other use of the data.

Given that the User's disclosure is voluntary and free of any external influence, we may process his/her data until the User prohibits it in writing to This email address is being protected from spambots. You need JavaScript enabled to view it., in which case the deletion from the register will be completed within 48 hours. The same contact details will also be used to notify any changes to the data, which will also be carried out within 48 hours.

Swiss Electronic Ltd cannot be held responsible for any of its pages which have been deleted but archived by the Internet search engines. The removal of these pages is the responsibility of the search site operator.

Data protection incident

The Data Controller declares that it has implemented appropriate security measures to protect personal data against, in particular, unauthorised access, alteration, disclosure, transmission, disclosure, deletion or destruction, accidental destruction or accidental damage and inaccessibility resulting from changes in the technology used.

The Data Controller shall ensure that the data it processes are accessible only to authorised persons, including through IT and work organisation measures and internal security measures.

However, the Data Controller shall also inform the data subjects of the fact that data transmissions by any means using the Internet are exposed and vulnerable to attacks with unlawful or fraudulent purposes, even when using state-of-the-art security measures, software and systems providing the best protection. The computers used by the Data Controller's employees and contributors are protected by a unique password and are equipped with firewalls and anti-virus software to prevent unauthorised access and intrusions.

The data controller shall notify the data protection incident to the competent supervisory authority (National Authority for Data Protection and Freedom of Information address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c; phone: +36-1-391-1400; e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.; website: www.naih.hu) without undue delay and, if possible, no later than 72 hours after the data protection incident has come to its attention, unless the data protection incident is unlikely to pose a risk to the rights and freedoms of natural persons.

The data subject does not need to be informed if any of the following is true:

the controller has implemented appropriate technical and organisational protection measures and those measures have been applied in relation to the data concerned by the data protection incident, in particular measures such as the use of encryption which render the data unintelligible to persons not authorised to access the personal data,
the controller has taken additional measures following the personal data breach to ensure that the high risk to the rights and freedoms of the data subject is no longer likely to materialise,
disclosure would require a disproportionate effort. In such cases, the data subjects should be informed by means of publicly disclosed information or by means of a similar measure which ensures that the data subjects are similarly informed.
Description of rights in relation to data processing:

Pursuant to Article 15 of the GDPR, a data subject may request access to personal data relating to him or her as follows:

The data subject has the right to receive feedback from the controller as to whether or not his or her personal data are being processed and, if such processing is ongoing, the right to access the personal data and the following information:

a) the purposes of the processing;
(b) the categories of personal data concerned;
(c) the recipients or categories of recipients to whom or which the personal data have been or will be disclosed, including in particular recipients in third countries or international organisations;
(d) where applicable, the envisaged duration of the storage of the personal data or, where this is not possible, the criteria for determining that duration;
(e) the right of the data subject to obtain from the controller the rectification, erasure or restriction of the processing of personal data concerning him or her and to object to the processing of such personal data;
(f) the right to lodge a complaint with a supervisory authority;
(g) where the data have not been collected from the data subject, any available information concerning their source;
(h) the fact of automated decision-making, including profiling, and, at least in those cases, the logic used and clear information on the significance of such processing and its likely consequences for the data subject.
The Data Controller shall provide the data subject with a copy of the personal data which are the subject of the processing. For additional copies requested by the data subject, the Controller may charge a reasonable fee based on administrative costs. Where the data subject has made the request by electronic means, the information shall be provided in a commonly used electronic format, unless the data subject requests otherwise. The right to request a copy should not adversely affect the rights and freedoms of others.

Pursuant to Article 16 of the GDPR, the data subject has the right to obtain from the controller the rectification of personal data relating to him or her.

If the data subject so requests, the Controller shall correct inaccurate personal data relating to him or her without undue delay. Having regard to the purposes of the processing, the data subject shall have the right to obtain the rectification of incomplete personal data, including by means of a supplementary declaration.

Pursuant to Article 17 of the GDPR, the data subject has the right to obtain from the Controller the erasure of personal data relating to him or her as follows:

The data subject shall have the right to obtain from the Controller the erasure of personal data relating to him or her and the Controller shall be obliged to erase personal data relating to the data subject without undue delay where one of the following grounds applies:

(a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
(b) the data subject withdraws the consent on the basis of which the processing was carried out and there is no other legal basis for the processing;
(c) the data subject objects to processing for reasons of public interest, in the exercise of official authority or in the legitimate interest of the controller (third party) and there are no overriding legitimate grounds for the processing or the data subject objects to processing for direct marketing purposes;
d) the personal data have been unlawfully processed;
(e) the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
(f) the personal data have been collected in connection with the provision of information society services.
Where the controller has disclosed the personal data and is required to erase it pursuant to paragraph 1, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the controllers that process the data that the data subject has requested the deletion of the links to or copies or replicas of the personal data in question.

The Data Subject's right to erasure may be limited only if the following exceptions in the GDPR apply, i.e. if the above grounds apply, the continued retention of the personal data may be considered lawful:

a) where the exercise of the right to freedom of expression and information, or
b) to comply with a legal obligation, or
(c) the performance of a task carried out in the public interest; or
(d) in the exercise of official authority vested in the controller; or
(e) where it is in the public interest in the field of public health,
(f) for archiving purposes in the public interest; or
(g) for scientific or historical research purposes or for statistical purposes; or
(h) where necessary for the establishment, exercise or defence of legal claims.
Pursuant to Article 18 of the GDPR, the data subject shall have the right to obtain from the controller the restriction of the processing of personal data concerning him or her, as follows:

The data subject shall have the right to obtain, at his or her request, the restriction of processing by the controller where one of the following conditions is met:

the data subject contests the accuracy of the personal data, in which case the restriction shall apply for a period of time which allows the Controller to verify the accuracy of the personal data;
the processing is unlawful and the data subject opposes the erasure of the data and requests instead the restriction of their use;
the controller no longer needs the personal data for the purposes of the processing but the data subject requires them for the establishment, exercise or defence of legal claims; or
the data subject has objected to processing in the public interest, in the exercise of official authority or in the legitimate interests of the controller (third party), in which case the restriction shall apply for a period of time until it is established whether the legitimate grounds of the controller override the legitimate grounds of the data subject.
Where processing is subject to a restriction on the basis of the above, such personal data may be processed, except for storage, only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the Union or of a Member State.

The controller shall inform the data subject at whose request the processing has been restricted in advance of the lifting of the restriction.

Pursuant to Article 21 of the GDPR, the data subject shall have the right to object to the processing of personal data concerning him or her by the Controller as follows:

The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to processing of his or her personal data in the public interest, in the exercise of official authority or for the legitimate interests of the controller (third party), including profiling based on such processing. In such a case, the Controller may no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such purposes, including profiling, where it is related to direct marketing. If the data subject objects to the processing of personal data for direct marketing purposes, the personal data may no longer be processed for those purposes.

The right to object shall be explicitly brought to the attention of the data subject at the latest at the time of the first contact with the data subject and the information shall be clearly displayed and separated from any other information.

In the context of the use of information society services and by way of derogation from Directive 2002/58/EC, the data subject may exercise the right to object by automated means based on technical specifications.

Where personal data are processed for scientific or historical research purposes or statistical purposes, the data subject should have the right to object, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

Pursuant to Article 20 of the GDPR, the data subject has the right to the portability of personal data relating to him or her as follows:

The data subject shall have the right to obtain the personal data relating to him or her which he or she has provided to a controller in a structured, commonly used, machine-readable format and the right to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided, if:

where the legal basis for the processing is the consent of the Data Subject or the performance of a contract with the Data Subject
and the processing is carried out by automated means.
In exercising the right to data portability, the data subject has the right to request, where technically feasible, the direct transfer of personal data between controllers.

The exercise of the right to data portability shall be without prejudice to the right to erasure. The right to data portability shall not apply where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

The right to data portability shall not adversely affect the rights and freedoms of others.

Pursuant to Article 7(3) of the GDPR, the data subject has the right to withdraw consent to the processing of his or her personal data at any time, as follows:

The data subject has the right to withdraw his or her consent at any time. At any time, the data subject may withdraw consent at any time. The right to withdraw consent does not affect the right to the processing of personal data that has not been obtained prior to the withdrawal of consent.

Within five years of the death of the data subject, the rights to which the deceased person is entitled under the law during his or her lifetime may be exercised by a person authorised by the data subject by means of an administrative arrangement or a declaration in a public or private document having full probative value made with the controller.

In the absence of a declaration by the data subject, his or her close relative within the meaning of the Civil Code shall be entitled to exercise certain rights of the deceased during his or her lifetime.

Remedies

If the Data Subject considers that the Data Controller has violated a legal provision on data processing or has not complied with a request, he or she may initiate proceedings before the National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c, postal address: 1530 Budapest, PO Box 5, telephone: +36 (1) 391-1400, fax: +36 (1) 391-1410, e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it., URL: http://naih.hu) to have the alleged unlawful processing stopped.

The Data Subject may also take the Data Controller to court in case of infringement of his/her rights or if the Data Controller has not complied with a request. The court shall hear the case out of turn. The court shall have jurisdiction to rule on the case.

If, in connection with the Swiss Electronic Ltd site, you become aware that the legal provisions on data processing have been infringed or that a request has not been complied with, your personal data will be processed by Facebook Ireland Ltd. The Irish Data Protection Authority has the power to act on this matter, so you can complain to the Irish Data Protection Commission, 21 Fitzwilliam Square, South

Dublin 2, D02 RD28, Ireland).

 

Swiss Electronic welcomes all visitors to the website it has created and manages. The Xoda water dispenser business is owned by Swiss Electronic Ltd. All content on the site is copyrighted and all details may be used only with permission. The xoda water dispenser logo is a registered trademark of Swiss Electronic Ltd.

Our website is governed by Hungarian law.