+36 (66) 520 980 sales@loxtop.com

PRIVACY POLICY

Data Protection and Data Processing Information

Dear Visitor,

We would like to inform you that from 25th May 2018, based on the Directive 2016/679 of the European Parliament and Council (EU) (hereinafter referred to as: General Data Protection Regulation or GDPR) on the protection of personal data of natural persons and free flow of such data as well as the abrogation of the Directive 95/46/EC, regarding the regulation of data protection matters, all over Europe and in all sectors, this directive overrules effective legal provisions. Consequently, in Hungary, regarding data protection matters, the standard directive will not be 2011. CXII. Informative rights of self-determination and freedom of information but it will be GDPR.

Contents of this document:

  1. Basic Principles
  2. Key concepts
  3. Legal basis for data processing
  4. Scope of data handled
  5. Duration of data processing
  6. Method of data processing
  7. Storage of data
  8. Data processor
  9. Contacting
  10. Data processing on website
  11. Legal remedies
  12. Data Protection Authority procedures, notification of breaches
  13. Provision transposing into legislation
  14. Basic Principles

The most important aim of GDPR is to standardize member state regulations which have been different earlier, this way creating the possibility to make a system of regulations which is more standardized on European level, in all industrial and service providing sectors.

The most important objective of the legislative authority is to ensure a high level and effective protection of the rights of the parties affected regarding data processing, and, to motivate organizations doing data handling and data processing to operate accordingly and transparently (regarding data protection).

LoxTop LLC (hereinafter referred to as: The Enterprise) undertakes to meet all requirements laid down in this document and effective legal acts regarding the processing of data.

The Enterprise, for the protection of the data of its committed clients and partners, handles personal data confidentially and makes every security, technical and organizational measure to guarantee the security of these data.

2. Key concepts

  • Data Processor: a natural or legal person or an organization not containing a legal personality, who or what determines the target of data processing on its own or together with others, the tool used for data processing, and makes related decisions and executes measures or has some other data processor execute them.
  • Person concerned:  a natural person, identified or identifiable directly or indirectly by personal data;
  • Consent of person concerned:the person concerned states their will definitely voluntarily, specifically and based on sufficient information, of which the person concerned indicates through a statement or an act unambiguously showing confirmation that they give consent of the processing of their personal data as regard their persons;
  • Data files: all data processed in a filing system;
  • Data processing:carrying out technical tasks related to data procession operations, regardless of the methods and tools used for the completion of operations and the location of application, provided that the technical tasks are carried out on the data;
  • Data processor:a natural or legal person or organization not having a legal personality who or what, based on its contract made with the processor of data, including making contracts based on the directions of the directive, carries out the processing of the data;
  • Data processing:regardless of the applied procedure, any operation carried out on the data or all of these operations, therefore especially the collection, recording, registration, classification, storage, modification, usage, query, forwarding, publication, synchronization, linking, blockage, deletion and termination, and the prevention of further usage of the data;
  • Data forwarding:making the data available for a specified third person;
  • Publication:making the data available for anyone;
  • Deletion of data:making the data unidentifiable in a way that they cannot be restored any more;
  • Blockage of data:providing the data with identification marking, with the purpose of restricting its further processing permanently or for a specified period of time;
  • Destruction of data:the full physical destruction of the data storage unit containing the data;
  • Data protection incident: the illegal treatment or processing of dada, unauthorized access, publication, forwarding, deletion, damage or destruction;
  • IP address:in all networks which have communication based on a TCP/IP protocol, the server computers have an IP address, that is an identification number, which make it possible to identify the given computer through the network.   All computers linked to a network have an IP address, through which it can be identified;
  • Personal dada:data which can be linked to the person concerned – especially their name, ID sign, or knowledge regarding one or more of their physical, physiological, mental, economic, cultural or social identity – and consequences which can be drawn from the data, regarding the person concerned;
  • Natural person identification datafirst and last name of the person concerned, birth, mother’s name, place and date of birth;
  • Objection:a statement of the person concerned in which they disapprove of the processing of their personal data and request the termination of data processing and the deletion of the data processed;
  • cookie:  a file (usually a text file) which gets to the hard disk of the user through the browser, which distinctly identifies the user at the next visit;
  • National Data Protection and Freedom of Information Authority (Hungarian abbreviation: NAIH), its legal status and tasks are determined in §38. of the Info. Act (hereinafter referred to as: Authority)
  1. Legal basis of data processing

The Enterprise processes data from its partners and other persons concerned only within the framework of authorizations determined in prevailing legal provisions applicable to its activities.

All data are considered personal data which can be linked to the person concerned.

Data may be received by the Enterprise basically for the following reasons:

  • Based on measures of legal provisions of data processing connected to the creation of contractual relationships (for example the accounting law for the issuing of invoices);
  • If data processing is provided for by law,
  • The voluntary, informed, explicit and definite consent of the person concerned, with which they give a consent for the processing of their data by the Enterprise, according to the principles of this Policy (for example to be able to get commercial offers).

The Enterprise carries on its activities based on the following legal provisions during data processing:

  • Year 2011. Act CXII. On rights of informative self-determination and freedom of information
  • Year 2005. Act CXXXIII. On the regulations of protection of property and individuals as well as those of private detective activities
  • Year 2013. V. On Civil Code
  • Year 2000. C. On accounting
  • Year 1997. Act CLV. On consumer protection
  • Year 1995. Act CXVII. On personal revenue tax
  • Year 1993. Act XCIII. On occupational safety
  • Year 2012. Act I. On labor code
  • Year 2001. Act CVIII. On certain matters regarding electronic commercial services and services related to information society
  1. Scope of data handled

Data handled by the Enterprise: company name, contact person/name of person concerned, their corporate/business telephone numbers, their corporate/business e-mail addresses, their corporate/business mailing addresses, date and time of contacting the party, IP address of the computer of the person concerned, data related to their browser and the address of the website visited.

Data processing operations carried out on the data are basically with the aim of communication (such as offers or making of invoices). There is no automatic profiling.

  1. Duration of data processing

Data provided to the Enterprise are entitled to be stored with the purposes laid down in this informative document and until the withdrawal of consent of the person concerned, or until it is given in the relevant legal provision.

6. Method of data processing

The Enterprise processes data electronically and/or on hard copy, manually.

7. Storage of data

The Enterprise ensures the safe storage of the data according to the measures of legal provisions at all times.

The data retention locations and computerized systems are found at its premises as well as related servers.

The Enterprise selects and operates applied IT tools during the processing of personal data through the process of service providing so that the data processed are:

  • Available for the persons authorized;
  • Their accuracy and authorization is ensured;
  • Their unchanged quality can be verified;
  • They are protected against unauthorized access.
  1. Data processor

The Enterprise does not apply external data processor or cloud provider, personal data treated by them are processed by themselves. Data are to be accessed by government organizations or entities (such as the tax authority checking online invoices).

  1. Contacting

Data to be provided by the Partner at requests for quotation or other business contacting, for example:

  • Name
  • Company name
  • e-mail address,
  • Invoicing address (billing name, street, street address, city, postal code),
  • Telephone number
  1. Data processing on website

The website of the Enterprise (www.loxtop.com) and the information provided by them can be accessed by any visitor. During the visit to the website the hosting service provider registers visitor data to control the operation of the service and to prevent misuse and to ensure normal operation. The aim of registration is collecting information regarding the usage of the website, and the preparation of visitor and internet usage stats and analyses. External service providers place cookies on user computers so that they are able to link actual visits by users to earlier ones. The user is able to reject the usage of cookies in a popup window.

  1. Legal remedies

The person concerned can ask for information on the processing of their personal data, and may ask for the correction of their personal data, and – except for compulsory data processing – the deletion or blocking of their persona data in a way that is indicated at the collecting of the data.

The data processor has 30 days to delete, block, and correct the personal data. Provided the data processor does not complete the request of the person concerned to correct, block or delete data, it provides the reasons for rejection in writing within 30 days.

The Enterprise informs the person concerned and everyone that they forwarded the data earlier with the purpose of data processing, about correction, blocking, marking or deletion. The Enterprise does not inform if this does not infringe the legitimate interests of the person concerned, concerning data processing purposes.

  1. Data Protection Authority procedures, notification of breaches

The breach of judicial confidentiality or the rights of the person concerned, and remarks, you can make a statement at the following contact details or can apply to authorities listed below:

  • Courthouse Gyula: 5700 Gyula, Béke sugárút 38.
  • National Data Protection and Freedom of Information Authority: 1530 Budapest, Szilágyi Erzsébet fasor 22/C
  • LoxTop LLC 1114 Budapest, Bartók Béla út 75. II/2.

14. Provision transposing into legislation

    This Privacy Policy is published on the website of LoxTop LLC (www.loxtop.com).

    The Enterprise may at any time unilaterally amend this Privacy Policy. Current policy is available at the website of the Enterprise.