You are here

Privacy Policy

Privacy Policy

I understand and accept the terms

 

Privacy Policy

CE Glass Üveg-és Gépipari Zrt.

Data Protection Provisions

CE Glass Üveg-és Gépipari Zrt. (abbreviated name: CE Glass Zrt.), as the controller, the owner and the operator of the website www.ceglass.eu hereby declares that all the data collected through the use of its provided services are always handled according to the current valid Hungarian and European Union regulations, laws and etchical requirements and it takes all the necessary technical and organizational measures for the proper and safe handling of datas in all cases.

Furthermore, CE Glass Üveg-és Gépipari Zrt. declares that it handles the personal data and other information of its visitors and registered users with utmost confidentiality.

The data and/or information logged and collected are handled confidentially and are used only for providing services. The purpose of data logging is to record the data regarding the visits to the website.

Data logging and information collection of www.ceglass.eu is done exclusively by CE Glass Üveg-és Gépipari Zrt., the collected information is never shared with third party, unless with the express consent of the person concerned.

In case a competent authority requests CE Glass Üveg-és Gépipari Zrt. to hand over data, CE Glass Üveg-és Gépipari Zrt. will be obliged to hand over personal data, if all necessary conditions thereto exist.

The privacy policy of Glass Üveg-és Gépipari Zrt conforms to the laws and regulations information security, especially to the following:

Act CXII of 2011 on informational self-determination and freedom of information;

Act CVIII of 2001. on certain issues of electronic commerce activities and information society services.

Act XLVIII of 2008 on the essential conditions and certain limitations of business advertising activity

Act LXVI of 1992 on keeping a record of personal data and addresss of civilians; additionally, statute 146/1993. (X. 26.) on enforcing the aforementioned Act;

Act CXIX of 1995 on handling names and addresses for the purpose of surveys and direct marketing;

2016/679 EU Regulation of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

The Data Controller undertakes to comply with this Policy unilaterally and requests that its Customers also accept the terms of the Policy. The data controller reserves the right to change the privacy policy, in which case the amended policy is publicly disclosed.

Definitions:

personal data: any data that may be associated with any (identified or identifiable) natural person (hereinafter referred to as person concerned), the deduction from the data to the person concerned. Personal data preserves this quality until its relation can be restored with the affected person. A person is in particular considered identifiable if he or she can be identified - directly or indirectly – by name, identification mark, or one or more physical, physiological, mental, economic, cultural or social identity of a person;

special data: a) personal data regarding racial and national belonging, political opinion or voting preferances, religious or other beliefs, membership in certain groups of representation of interest, sexual habits and orientation, 

b) personal data regarding personal health, addiction and criminal records;

approval: voluntary and explicit expression of the will of the affected party that is based on proper and sufficient knowledge, and with which said party gives their irrevocable consent to the full or partial – that is, regarding certain activities – use and handling of their personal data; 

objection: statement by the affected party objecting to the use of their personal data and requesting the termination of said use, and deletion of personal data; 

controller: natural or legal person, or an organization with no legal personage, who/which independently or in cooperation with other parties define(s) the aim of the data usage, make(s) decisions regarding such use (including the means and tools) and performs those, or makes the processor perform them;

data use or handling: any activity or group of activities performed on the data, independent of the nature of activity, especially data collection, recording, filing, storing, changing, use, requesting, transferring, publishing, synchronizing or merging, restriction, deletion or destruction, blocking of further use of data, taking pictures or making voice- and/or image recordings, and creating records suitable for personal identification, such as finger- or palmprints, DNA-sample, iris recognition;

transferring data: making the data accessible to a specific third party;

publishing data: making the data publicly accesible;

deleting data: removing data in such a manner that no recovery is possible

data protection: protecting the data by password to limit or block its usage permanently or temporarily;

destruction of data: complete physical destruction of the storage device containing the data;

data processing: performing the technical tasks relating to data handling, independent of the method or tools used to perform the tasks and the place of application, provided that the technical task is performed on the data itself;

processor: natural or legal person, or an organization with no legal personage, who/which, based on a legal contract, – including legal contracts made in accordance with legal provisions – performs the the handling of data;

Data designation: providing data identification in order to distinguish it

Data file: all data processed in one register

third party: natural or legal person, or an organization with no legal personage who/that is not the same as the affected party, the controller or the processor;

EEA-state: the Member State of the European Union and the State party of the Agreement on the European Economic Area, and the State, the citizen of which has the same legal status  as the citizen of the State party of the Agreement on the European Economic Area on the basis of the international treaty between the European Union and its Member States and the non-member State party of the Agreement on the European Economic Area;

privacy incident: unlawful treatment or processing of personal data, including especially unauthorized access, alteration, transmission, disclosure, deletion or destruction, and incidental destruction or damage.

Personal data may be used only if the affected party has given their consent to it, of if it is required by law or – under such requirement by a law, within the specified scope – by regulation of a local government

Special data may be used only if the affected party has given their consent in writing, or the fulfilment of a constitutional right neccesitates it, or it is mandated by law to ensure national security, crime prevention,  or law enforecement and other cases.

For the public good, it may be required by law – by specifying explicitly the scope of data – to make personal data public. In every other case, the consent of the affected party, and in the case of special data, written consent, is necessary to make it public. In case of doubt, it must be surmised that the affected party had not given consent.

It must be surmised that consent was given by the affected party in the case of data revealed by them during a public appearance, or in case of data handed over by him for the purpose of disclosure.

Consent may be given in a written contractual agreement by the affected party, for the purpose of performing the contract. In this case the contractual agreement must contain every piece of information which the affected party must be aware of regarding the use of personal data, in accordance with this law. The contract must clearly and explicitly state that the affected party, by signing the contract, consents to the use of their personal data in accordance with the contents of the contract.

The consent of the person concerned to the treatment of his or her data shall be presumed in the procedure initiated on the request of the person concerned. The attention of the person concerned should be invoked for this fact.

The right to the protection of personal data and the personal rights of the affected party – in case the law makes no difference – must not be impaired or diminished by other interests connected to data use, including the publicity of data of general interest.

 

Assigned purpose and legal base of data use 

Personal data may only be used for specific purposes, that is, for exercising rights and fulfilling obligations. The use of data must conform to this purpose at all times.

Only that personal data may be used which is crucial for fulfilling the purpose of the data use, adequate for fulfilling said purpose, and only in the quantity and for the period necessary for fulfilling the purpose.

The affected party must be informed clearly and thoroughly about all the details of the data use, especially about the purpose of it and its legal base, the identity of the person authorized to control and process the data, the length of the data use, and for whom is the data accessible. The affected party must also be informed about their rights and right to remedy regarding the data use.

The legal basis for customer data management is to complete the contracts with our clients

In case when the personal data (eg name, e-mail address) of the contact persons are disclosed in the contracts between the data controller and the clients, the legal basis for data handling is the legitimate interest of the data controller and his / her third party/client, completing the contracts.

Contact details of the natural person representatives of legal person customers, buyers, suppliers

The personal data handled is the name, address, phone number, e-mail address of the natural person
The title of data management is the performance of the contract, the legitimate interest.
The purpose of data management is to complete the contract and maintain business relations. Personal recipients and categories of recipients: Employees who perform tasks related to customer service, accounting, taxing, claim management and data processors.
Duration of personal data storage: 5 years after the business relationship or the status of the person concerned to represent cease to exist.

Data handling of non-legal entity customers, buyers and suppliers
The range of personal data handled:
- name
- tax number
- Entrepreneur ID number
- seat address and branch address
- phonenumber
- e-mail address
- bank account number
The title of data management is the performance of the contract, the legitimate interest.
The purpose of data management is to complete the contract and maintain business relations. Personal recipients and categories of recipients: Employees who perform tasks related to customer service, accounting, taxing, claim management and data processors.
Duration of personal data storage: 5 years after the business relationship or the status of the person concerned to represent cease to exist.

Transferring data, connecting data use: 

Personal data may only be transferred, and seperate data uses connected if the affected party has given their consent, or it is admissible by law, and the legal conditions for the use of data are effective for each and every piece of personal data.

 

Transferring data abroad 

Personal data (including special data) may only be transferred from the country – regardless of the storage device or the method of transfer – to a data processor or controller residing in another country if

a)                            the affected party has expressly given their consent, or it is legally admissible, and an adequate level of data protection in the other country is ensured during the use and processing of the transferred data.

b)                            Personal data may be transferred to a third country in order to comply with an International Legal Aid Treaty, for the the purpose and with the content defined in the Treaty itself.
Data transfer to a member state of EEA shall be considered as data trasfer within the Republic of Hungary.

 Data Protection and Security 

The data controller, and the data processor within its scope of activities, must ensure data security, and must also perform all the technical nad organizational task and determine the procedural provisions which are necessary to enforce the present law and other data security and confidentiality rules. Data must be especially protected against unauthorized access, modification, publishing, deletion, corruption and destruction.

Privacy policy of CE Glass Üveg-és Gépipari Zrt.: 

Data use on our site at www.ceglass.eu happens according to voluntary consent.
In every case when a user does not provide their own data, they must beforehand ask for the consent of the person affected.

Data Log 

IP address, date of visit (local time zone), type of request (GET/POST), URL visited, status code from the http server to the client, file transfer size in bytes, browser code sent by the client.

The submitted data is sent to the affected party in an e-mail. The data is not stored in any other way.

 The data log is stored for 40 days after the date of the visit. The collected data of the visits is analyzed by an external service provider, namely  www.google.com/analytics.

The Data Controller runs remarketing ads through Facebook and Google AdWards advertising systems. These providers may collect or receive data from the Data Collector ’s website and other Internet sites using cookies, web signers, and similar technologies. Using these data measurement services can be provided and ads can be targeted. Targeted ads can appear on additional websites in Facebook and Google's partner network. Remarketing lists do not include the visitor's personal information and are not personally identifiable. User can delete cookies from the user's own computer or block them from being used in the user’s browser.

Storing data, data security 

Data processor: Ikron Kft. (6724 Szeged, Pulz u. 46., email cím: info@ikron.hu

Place of storage: GTS, or Telekom Szerver Hotel (Budapest, Victor Hugo u. 18-22, 1132), and Telekom data center in Szeged (Szeged, Rókusi krt. 2–10, 6724)

The data processor of CE Glass Üveg-és Gépipari Zrt. chooses and operates the technical equipment used for data processing in a way to ensure the utmost security of the data being processed. CE Glass Zrt. and its Associates are committed to ensuring the technical security of the data on the basis of the valid regulations and laws. Only the designated employees of CE Glass Zrt. and its Associates are entitled to acquaint the data.

Rights of the affected party and their validation

The affected party may request to be informed about the use of their personal data, or request the correction of said data or (except for the data use required by law) its deletion. The affected party may request information from the data controller about the data used by them, or the data used by the data processor commissioned by them. The data controller shall, from the date of request, provide information within the shortest possible period, but within 30 days at the latest, in writing and in a generally comprehensible manner. Personal data that is inaccurate must be corrected by the data controller. Personal data must be deleted if

a) its use is against the law;

b) the affected party requests it;

c) it is incomplete or inaccurate – which cannot be remedied in a lawful manner – provided that its deletion is not against the law;

d) the purpose of the data use is not longer existant or the time period defined by law for the storage of such data has expired;

e) it is requested by a court order or a competent authority.

The controller informs the person concerned and those to whom the data was previously forwarded with the purpose of data treatment about the correction and deletion. Notification may be omitted if it does not violate the legitimate interest of the person concerned regarding the purpose of data handling.

The person concerned may object to the handling of his or her personal data if the processing (transfer) of personal data is only necessary to enforce the right or legitimate interest of the data controller or the data exporter, unless the use of data is prescribed by law.

The Data Controller shall simultaneously suspend the processing of data to examine the protest within the shortest possible time but not later than 15 days from the submission of the application and inform the applicant in writing. If the protest is warranted, the data controller shall be obliged to discontinue data processing, lock the data, and give information about the protest and the actions taken under it, to whom the personal data affected by the protest have been previously transferred and who are required to take actions in order to enforce the right to protest.

Please be noted that your personal data cannot be deleted in case its use is mandated by law. However, data cannot be transferred to its receiver in case the data controller accepts the objection of the affected party, or if a court of law accepts the objection as valid.

In case you believe your rights are infringed you can take legal action against the data processor. The court shall give priority  to the matter. The tiral will be decided by a court of law. The trial may be conducted by the court – according to the decision of the affected party – at the place of residence of the affected party.

Newsletter

The data controller can send electronic newsletters with news, offers to his partners electronically, which can be done to legal persons without its prior consent. Newsletter can not be sent without prior consent to natural persons or other persons with personal e-mail addresses. The prior consent can be withdrawn at anytime.

The data (which in this case is the e-mail address and the name) is handled until the deletion of the data is requested by the person concerned.

The data controller requires these contributions from the person concerned by e-mail.

Personal data is addressed to the IT service provider, the employees who are responsible for customer service and marketing activities.

Data handling of the applicants, applications, curricula vitae

The personal data to be handled: the name of the natural person, date of birth, place of birth, mother's name, address, photograph, phone number, email address, qualification data, CV, motivation letter.
The purpose of personal data management is to apply for an application, to conclude a contract of employment with the chosen person. The person concerned should be informed if he or she was not chosen for the job.

Legal Basis for Data Management: Contribution.

Only the senior employees, HR assistant are entitled to acquaint these data.

Duration of the storage of personal data: up to the date of application and tender. Personal data of non-selected applicants must be deleted. The employer may only keep the applications on the basis of the express, explicit and voluntary consent of the concerned party.

Contact and data of data controller 

Name: CE Glass Üveg-és Gépipari Zrt
Seat: 1087 Budapest, Könyves Kálmán krt. 76.
Site: 6763 Szatymaz, II. körzet 65.
Company registry No.: 01-10-048088
VAT: HU12723650
Phone: 70/620-2002
Mail: www.ceglass.eu 

 

Remedy

 The affected party may request information from the data processor (via the above specified e-mail address) regarding the use of their personal data, or they may request its correction, deletion or classification (except for data use mandated by law).

 The data controller shall, from the date of request, provide information within the shortest possible period, but within 30 days at the latest, in writing and in a generally comprehensible manner.

 In case the data controller violates the law, you may make a complaint at the Hungarian National Authority for Data Protection and Freedom of Information:

Hungarian National Authority for Data Protection and Freedom of Information:

1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Postal address: 1530 Budapest, Postafiók: 5.

Phone: +36 -1-391-1400

Fax: +36-1-391-1410

E-mail: ugyfelszolgalat@naih.hu

 

It is the data controller’s duty to prove that data use conforms with the legal provisions. The data receiver must prove the lawfulnes of the data transfer.