Maform Kft. (further on referred to as the Provider) does not handle data of visitors. Users (further on referred to as the Concerned) when operating on the website www.maform.hu and www.maformdesign.com (further on referred to as the Website) have the option to give personal data to Provider. The Website can be used without providing any personal information by the Concerned.
In connection with data management, the Provider hereby informs the Concerned about the personal data on the Website handled by them, principles and practice of data management as well as ways and possibilities of practicing rights of the Concerned.
1. The purpose of data management
The Provider only stores and handles data provided by the Concerned for specific purposes: fulfilling the request of the Concerned to receive news about Provider, fulfilling the request of the Concerned to book a meeting with the Provider.
The Provider shall and may not use the provided personal data for purposes other than stated above. Providing any third party or the authorities with personal data is only possible with the prior and expressed consent of the Concerned, unless there is a legally binding law with a different ruling.
In every case when the Provider wishes to use the provided data for purposes other than the original data collection, the Provider shall inform the Concerned about it, and acquire their prior and expressed consent, or provides them with the opportunity to ban the usage of the data.
2. The legal ground of data management
Data management is done on voluntary declaration of the users of the Website, which is based on sufficiently provided information. This declaration includes the expressed consent of the Concerned so that their personal data be used during the usage of the Website.
Data management by the Provider is done in accordance with the General Data Protection Regulation (GDPR - EU 2016/679) and Act CXII of 2011(further on referred to as Info Act) on Informational Self-determination and the Freedom of Information, Section 5 point (1) a) on the basis of the voluntary consent of the Concerned "Personal data may be processed under the following circumstances: a) when the data subject has given his consent" and on the basis of Act CVIII of 2001 on certain issues of electronic commerce services and information society services.
The Provider shall not inspect the validity of the provided personal data. The validity of the provided personal data is the sole responsibility of the person providing them; the Concerned party of the contract. Upon providing their e-mail address, they shall take responsibility that only they use the service from the given e-mail address. With regards to this responsibility, all kinds of responsibility in connection with the entries from that e-mail address shall lie upon the Concerned who registered that e-mail address.
3. Naming the Provider as data manager
Company name: Maform Kft.
Seat, mailing address: 1116 Budapest, Hauszmann Alajos utca 2.
Tax number: HU14600270-2-43
Company registry number: 01-09-181322
Registering Court: Budapest Metropolitan Court as Court of Registration
Legal reasons for data management: request by Concerned
4. Time span of data management
Data management of the data provided compulsorily upon registration begins at registration and lasts until its deletion. In the case of non-compulsory data, data management lasts from the providing of the data until the deletion of the given data upon request. Deletion of registration may be done at any time after sending a request for deletion. After receiving the request, the Provider shall delete the personal data from its system.
The logged data is stored for 12 months from the date of logging.
The above provisions do not affect the fulfillment of storing obligations stated in legislations (such as accounting legislations) or the data management based on further consents given during the registration to the Website or any other way.
5. The scope of managed personal data
Registration and data provided during ordering
To order on the Website, the Concerned is to fill out an ordering form, during which they are to provide compulsorily the following pieces of information for the provider to be able to fulfill the order:
- Last name,
- First name,
- E-mail address,
The HTML code of the Website may include references (links) independent from the Provider, coming from or pointing to external servers. The providers of these links, due to the direct connection to their servers, are able to collect user information. Provider can not oversee or receive data collected by other parties.
The newsletter includes direct marketing elements and advertising. During the use of the newsletter service, the Provider uses the information provided by the Concerned.
6. The scope of persons receiving the data, data transmission and data-processing
Primarily the provider and internal employees of the Provider are entitled to come to know the data; however, they shall not be published or given to any third party.
The Provider may hire a data processor (such as a system operator, a transportation company or an accountant) in the scope of fulfilling the orders or settling the accounts. The Provider is not responsible for the data management routine of these external actors.
Name of data managers:
- Mailchimp, The Rocket Science Group: news letters
- Acuity Scheduling INC.: booking meetings
Beyond the above, data transmission of personal information about the Concerned may only be done based on the consent of the Concerned or in cases legally binding by law.
7. Rights of the Concerned and legal enforcement options
7.1 The right to information
The Concerned shall be entitled at any time to request information about personal data regarding them managed by the Provider. Moreover, the Concerned can modify any piece of personal information, except the e-mail address provided during the registration, at any time in their account on the Website.
The Provider shall give information upon request from the Concerned about personal data about concerning/regarding the Concerned, the purpose of data management, its claim legal ground, time duration and that who will receive or have received their data and for what purpose. The Provider shall give the requested information in writing within 30 days after from the date of submitting the request.
The Concerned may turn to the employee of the Provider in connection with any question or observation remark about data management using the below given contact information.
7.2 The Concerned may request the deletion, correction or blocking of their data
The Concerned shall be entitled to request the correction or deletion of the incorrectly recorded data at any time using any of the below given contact information. The Provider shall delete them within 5 working days after from the receipt of the request; in this case, the data will not be recoverable. The deletion does not apply to data management necessary by legislation (such as accounting rules); those shall be kept preserved by the Provider for as long as necessary.
Furthermore, the Concerned may request the blocking of their data. The Provider shall block the personal data if the Concerned requests this or if it can be assumed by on the basis of the available information that the deletion would violate the rightful interests of the Concerned. The personal data blocked in this way may only be managed as long as the data management purpose which ruled out the deletion of the personal data is valid.
The Concerned and all those to whom the data was transmitted to for data management earlier must be informed about the correction, blocking or deletion. The notification may be omitted if it does not violate the rightful interest of the Concerned in point view of the purpose of data management.
If the data manager does not fulfill the request of the Concerned for correction, blocking or deletion, the Provider shall state give them written information about the factual and legal reasons for the refusal of the request for correction, blocking or deletion within 30 days after from receiving the receipt of the request, in writing.
7.3 The Concerned may object against managing of their personal data
The Concerned may object against managing of their personal data. The Provider shall examine the objection within the shortest possible period of time, but a maximum of 15 days, after from its submission, then and makes a decision about its grounding if it is well-founded, and informs the petitioner in writing.
The Concerned may exercise their rights at the contacts using the contact information indicated in point 3:
7.4 The Concerned may enforce their rights, based on the Information Act and the Civil Code (Act V of 2013) and the General Data Protection Regulation (GDPR - EU 2016/679), by turning to
1. Hungarian National Authority for Data Protection and Freedom of Information (1125 Budapest, Szilágyi Erzsébet fasor 22/c.; www.naih.hu) or 2. a court.
If the Concerned, in order to use the service, provided the information of a third party during the registration or caused any damage while using the Website, the Provider is entitled to ask the Concerned for compensation. In such a case, the provider shall give all possible help to the acting authorities so that they can determine the identity of the wrong-doer.
8. Using the e-mail addresses
The Provider shall pay particular attention to the legality of the use of e-mail addresses managed by them, so they only use them to send (information or advertisement) e-mail messages in ways defined as follows.
The management of e-mail addresses is primarily for identifying the Concerned and keeping contact during fulfillment of the services, so e-mails will primarily be sent to this effect. In the case of a news letter subscription the e-mail provided by the Concerned will only be used to send new letter only from the Provider. Any newsletter or meeting request are withdraw able by an e-mail to the Provider or with using the unsubscribe option given in every automatic e-mail.
9. Data safety
The Provider engages itself to ensure the security of the data and to take the technical measures that ensure that the recorded, stored, and treated data be protected, and shall do everything in order to prevent their destruction, unauthorized use or unauthorized change. They also engage themselves to call any third party to whom may forward or transfer the data to fulfill their obligations of this sort/kind.
10. Other terms
The Provider reserves the right to unilaterally modify the present Privacy Notice after prior notification of the Concerned. After the modification comes into effect, the Concerned accepts the content of the modified Privacy Notice by the use of the Website as an implied conduct.
The present Privacy Notice is valid from 2018.05.24.