DATA MANAGEMENT INFORMATION

TERO Pergola

Effective: from 06.05.2024 until revoked

Data protection is as important to us as it is to you, so we take great care to ensure that your personal data is treated securely. That’s why we want to give you a brief overview of what data we collect, how we use it and what your rights are.

The Service Provider and the Data Controller hereby informs the persons who use the services listed in the GTC (hereinafter collectively referred to as the “Service”) provided on the website www.tero.hu (hereinafter referred to as the “Website”) and subscribe to the newsletter as Data Subjects about the related data processing in accordance with Regulation 2016/679 of the European Parliament and of the Council on the General Data Protection Regulation (hereinafter referred to as the “GDPR”).

The Data Controller shall treat the personal data of the Data Subjects confidentially and shall take all security, technical and organisational measures to ensure the security of the data, to prevent their destruction, unauthorised use and unauthorised alteration.

The Terms and Conditions applicable to the Website and the services available are available to anyone on the Website under the “Terms and Conditions” section.

This Notice is also available to anyone by clicking on the “Privacy Notice” section of the Website.

A Key terms and their meanings in this leaflet

• Rinted: a natural person identified or identifiable from any information;
• Accurate data: any information relating to an identified or identifiable natural person (the Data Subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
• Home page: tero.hu website
  
• Data Controller: a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law;
• Administration: any operation or set of operations which is performed on personal data or on sets of
  personal data, whether or not by automated means, such as collection, recording,
  organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use,
  disclosure by transmission, dissemination or otherwise making available, alignment or
  combination, restriction, erasure or destruction;
• Data processing: The performance of technical tasks related to data processing operations carried out by a controller, irrespective of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;
• Data processor: A natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
• Consent of the Data Subject: voluntary, specific and informed consent of the Data Subject, based on the and informed and unambiguous indication of the Data Subject’s willingness and consent to the processing of his/her data confirmation unambiguously expressing his or her consent to the processing of his or her personal data concerning him or her. processing of personal data concerning you;
  

Name of the Data Controller and place of processing

The operator of the Website and the provider of the Services and the data controller of the data relating thereto (hereinafter referred to as the “Controller” or “Service Provider”).

Name:  Teroline Bt.
Registered office, postal address:  3067 Felsőtold, Széchenyi utca 73.

Tax number: HU20704270

Company registration number: 12-06-006101

Court of registration: the Company: Court of the General Court of Balassagyarmat

E-mail: detty@tero.hu

Telefon: +36 20 365 5422

The place of processing is Hungary.

Circumstances of processing, legal basis, purposes and scope of processing

The Controller processes the following personal data in the following cases.

• Information about the use of cookies

The Data Controller uses so-called cookies when you visit the website. A cookie is a set of information consisting of letters and numbers that our website sends to your browser in order to save certain settings and facilitate the use of our website.

The website only uses session cookies that are essential for its operation.

Session cookies are necessary for browsing the Website and using its features. Without the use of session cookies, the smooth use of the website cannot be guaranteed.

They are valid for the duration of your visit and are automatically deleted at the end of your session or when you close your browser.

The legal basis for the processing is the legitimate interest necessary for the functioning of the Website pursuant to Article 6(1)(f) of the GDPR.

If you do not accept the use of these cookies, certain features may not be available to you.

• Data processing in connection with the functions available on the Website
  

Contact

If you have any questions or concerns about the services available on the Site or any products, you can contact us at the email address provided on the Site, by using the contact form or by telephone.

Your complaint will only be accepted in writing using the contact form or by e-mail.

You do not need to contact us in advance, but you can request a quote at any time.

Scope of data processed

Name, e-mail address or phone number, message

Purpose of the processing

Answering the question, solving the problem, traceability. Improving the customer experience.

Duration of processing

Data processing lasts until the withdrawal of consent, up to a maximum of 2 years from the date of disclosure.

Where a complaint is made and a complaint is dealt with, the retention period is the limitation period (5 years) for the purposes of retrieval and possible redress.

Legal basis for processing

Your voluntary consent, which you provide to the Data Controller by contacting us. [Processing pursuant to Article 6(1)(a) GDPR]

In case of a complaint: legitimate interest under Article 6(1)(f) GDPR.

Who is affected

The person who initiated the contact.

Subscribe to the newsletter

The Data Controller as the Service Provider sends newsletters to persons who have expressly subscribed to the newsletter

The subscriber may unsubscribe from the newsletter at any time, free of charge, without restriction and without giving any reason. You can unsubscribe by clicking on the unsubscribe link in the newsletter.

Scope of data processed

The Data Controller processes your name and e-mail address.

Purpose of the processing

Sending e-mail messages containing advertising, information about current information, products, promotions.

Duration of processing

Data processing continues until the consent is withdrawn, i.e. until the newsletter is unsubscribed.

The Data Controller will not contact the unsubscriber with further promotional offers and will delete his/her data from the register of subscribers to the newsletter.

Legal basis for processing

Your voluntary consent, which you provide to the Data Controller by subscribing to the newsletter [processing under Article 6(1)(a) of the Regulation]

Who is affected

People who subscribe to the newsletter.

Request a quote

You can request a quote on the Website or directly by e-mail.

Data processed

Required information: name, e-mail address, subject of the request.

Optional data: telephone number, other personal data provided in the message.

Purpose of data processing

Preparation and delivery of a personalised quotation.

Duration of processing

The mandatory data will be processed for 5 years in accordance with the statute of limitations under civil law.

The optionally provided data will be processed until consent is withdrawn.

Legal basis for processing

In case of mandatory data, the performance of the contract, the preparation of the contract. [Article 6(1)(b) GDPR].

The legal basis for the processing of optionally provided data is your consent [Article 6(1)(a) GDPR].

Who is affected

Persons requesting a quotation.

Consent may be withdrawn by sending a request to the Data Controller by e-mail.

Use of data processors

When processing data, the Data Controller cooperates with the following service providers as data processors, which perform the following activities:

A COOKIE MANAGEMENT SERVICE PROVIDER:

CookieYes Limited 

3 Warren Yard Warren Park,  Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom

Web: https://www.cookieyes.com/ 

https://www.cookieyes.com/dpa/

SUPPORT FOR INVOICING:

Számlázz.hu 
Company: KBOSS.hu Kft.
Website: https//www.szamlazz.hu
Email: info@szamlazz.hu
Phone: 06 30 35 44 789

SERVER PROVIDER:

Tárhely.Eu Service Provider Ltd.
Headquarters: 1144 Budapest, Ormánság utca 4. X. em. 241.

Web: https://tarhely.eu/ 

NEWSLETTER MARKETING MAILING AND EMAIL DATABASE MANAGEMENT SERVICE PROVIDER

MailerLite Limited
38 Mount Street Upper, Dublin 2, D02 PR89 Ireland

Web: mailerlite.com 

DATA PROCESSING RELATED TO THE OPERATION OF THE CRM SYSTEM

Innonest Software Ltd.,
Office: 1031 Budapest Záhony utca 7. building C.
(Graphisoft Park),

email: hello@innonest.hu

Processors shall carry out processing in accordance with the instructions of the Data Controller, shall not make any substantive decisions concerning processing, shall process personal data of which they become
aware only in accordance with the provisions of the Company, shall not process personal data for their own purposes, and shall store and retain personal data in accordance with the provisions of the Data Controller.

Processors will only have access to the personal data necessary for the performance of the indicated tasks, to the extent and for the duration necessary.

Your rights in the processing of your data

The Data Subjects are given the possibility to exercise all the rights related to the legal basis for the processing. Requests made by the Data Subject in relation to the exercise of certain rights may be made in writing:

• by e-mail to: detty@tero.hu címre írt elektronikus levélben.

During the period of processing, you have the following rights under the GDPR:

• the right to withdraw consent,
• access to personal data and information on data management,
• the right to rectification,
• to restrict processing,
• the right to erasure,
• the right to protest,
• the right to data portability.

If you wish to exercise your rights, this will involve your identification and the Data Controller will need to communicate with you. Therefore, in order to identify you, you will be required to provide personal data (but identification will only be based on data that the Controller already holds about you) and your complaints about the processing will be available on the Controller’s email account for the period of time specified in this notice in relation to complaints.

The Data Controller shall respond to complaints about data processing within 30 days at the latest.

Right to withdraw consent

You have the right to withdraw your consent to data processing at any time, in which case the data will be deleted from our systems. Please note, however, that in the case of pending orders, withdrawal may result in us not being able to contact you properly.

Access to personal data

You have the right to receive feedback from the Data Controller as to whether or not your personal data is being processed and, if it is being processed, you have the right to:

• have access to the personal data processed; and
• the following information to be provided by the Data Controller:
• the purposes of the processing;
• the categories of personal data processed about you;
• information about the recipients or categories of recipients to whom or with which the personal data have been or will be disclosed by the Controller;
• the envisaged period of storage of the personal data or, if this is not possible, the criteria for determining that period;
• your right to request the Controller to rectify, erase or restrict the processing of personal data concerning you and to object to the processing of such personal data where the processing is based on legitimate interests;
• the right to lodge a complaint with a supervisory authority;
• where the data have not been collected from you, any available information about their source; the fact of automated decision-making (if such a process is used), including profiling, and, at least in these cases, clear information about the logic used and the significance and likely consequences for you of such processing.

The purpose of exercising the right may be to ascertain and verify the lawfulness of the processing, and therefore, in the event of repeated requests for information, the Data Controller may charge reasonable
compensation for the provision of information.

Access to personal data is provided by the Data Controller by sending you, by email, the personal data and information processed after you have identified yourself.

Please indicate in your request whether you want access to your personal data or information about data management.

Right to rectification

You have the right to have inaccurate personal data relating to you corrected by the Data Controller without delay upon your request

Right to restriction of processing

You have the right to have the Controller restrict processing at your request if one of the following conditions is met:

• You contest the accuracy of the personal data, in which case the restriction applies for the period of time that allows the Controller to verify the accuracy of the personal data, if the accuracy can be established immediately, no restriction will be imposed;
• the processing is unlawful, but you object to the deletion of the data for any reason (for example, because the data are important to you for the purposes of pursuing a legal claim) and you do not request the deletion of the data but instead request the restriction of their use;
• the Controller no longer needs the personal data for the purposes for which they are processed, but you require them for the establishment, exercise or defence of legal claims; or
• You have objected to the processing, but the Data Controller may also have a legitimate interest in the processing, in which case, until it is established whether the legitimate grounds of the Data Controller prevail over your legitimate grounds, the processing shall be restricted.

If the processing is restricted, such personal data may be processed, except for storage, only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or of an important public interest of the Union or of a Member State.

The Data Controller will inform you in advance (at least 3 working days before the lifting of the restriction) about the lifting of the restriction.

Right to erasure – right to be forgotten

You have the right to obtain from the Data Controller the erasure of personal data concerning you without undue delay where one of the following grounds applies:

• the personal data are no longer necessary for the purposes for which they were collected or otherwise processed by the Controller;
• You withdraw your consent and there is no other legal basis for the processing;
• You object to processing based on legitimate interest and there is no overriding legitimate ground (i.e. legitimate interest) for processing,
• the personal data have been unlawfully processed by the Controller and this has been established on the basis of the complaint, the personal data must be erased in order to comply with a legal obligation under Union or Member State law applicable to the Controller.

If the Data Controller has disclosed personal data about you for any lawful reason and is required to delete it for any of the reasons set out above, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform other data controllers that you have requested the deletion of the links to or copies of the personal data in question.

Erasure does not apply where the processing is necessary:

to exercise the right to freedom of expression and information; to comply with an obligation under Union or Member State law to which the controller is subject to fulfil an obligation to process personal data (such as processing in the context of invoicing, where the storage of invoices is required by law); or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

to lodge, enforce or defend legal claims (e.g. if the Data Controller has a claim against you and has not yet settled it, or if a consumer or data management complaint is pending).

Right to object

You have the right to object to the processing of your personal data based on legitimate interests at any time on grounds relating to your particular situation. In such a case, the Controller may no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such purposes, including profiling, where it is related to direct marketing. If you object to the processing of your personal data for direct marketing purposes, your personal data may no longer be processed for those purposes.

Right to data portability

If the processing is automated or if the processing is based on your voluntary consent, you have the right to request the Data Controller to receive the data you have provided to the Data Controller, which the Data Controller will make available to you in xml, JSON or csv format, and if technically feasible, you may request that the Data Controller transfer the data in this format to another data controller.

Data security measures

The Data Controller declares that it has implemented appropriate security measures to protect personal data against unauthorised access, alteration, disclosure, transmission, disclosure, erasure or destruction, accidental destruction or accidental damage and inaccessibility resulting from changes in the technology used.

The Data Controller will make every effort to ensure that its Data Processors also take appropriate data security measures when working with your personal data, as far as organisational and technical possibilities allow.

Handling data protection incidents

A data breach is a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. The Data Controller shall keep a register for the purposes of monitoring the measures taken in relation to the personal data breach, informing the supervisory authority and informing the Data Subject, which shall include the scope of the personal data affected by the breach, the number and type of Data Subjects, the date of the breach, the circumstances, the effects and the measures taken to remedy the breach. If the Data Controller considers that a particular incident presents a high risk to the rights and freedoms of Data Subjects, it shall inform the Data Subject and the supervisory authority of the data protection incident without undue delay and within 72 hours of becoming aware of the data protection incident.

Remedies available

The Data Subject may exercise his/her rights by sending a request by e-mail. No rights can be exercised by telephone.

If the Data Controller has doubts about the identity of the natural person submitting the request, it may request additional information necessary to confirm the identity of the applicant.

If the Data Subject’s request is manifestly unfounded or excessive (in particular in view of its repetitive nature), the Data Controller may charge a reasonable fee for complying with the request or refuse to act. The burden of proof shall lie with the Data Controller.

The Data Subject is subject to the Info.tv., the GDPR and the Civil Code:

1. a) to the National Authority for Data Protection and Freedom of Information,

Address: 1055 Budapest, Falk Miksa utca 9-11.

Postal address: 1363 Budapest, PO Box 9

E-mail: ugyfelszolgalat@naih.hu;

Website: www.naih.hu

1. b) or, at his or her option, enforce his or her rights before the courts for the place where the defendant is domiciled or where the Data Subject resides.

Data transmission

Personal data may be accessed by the Data Controller’s employees and Data Processors in order to provide the Service and to achieve the stated purposes, to the extent necessary to achieve the purpose.

The Data Controller does not transfer personal data to third parties other than those indicated. This does not apply to any mandatory transfers required by law, which may only take place in exceptional cases.

The court, the prosecutor, the investigating authority, the law enforcement authority, the administrative authority, the National Authority for Data Protection and Freedom of Information, or other bodies authorised by law may request the Data Controller to provide information, to disclose or transfer data, or to provide documents.

The Data Controller shall verify the legal basis for each data transfer before executing each request for data
from public authorities.

Amendments to the Privacy Notice

The Data Controller reserves the right to amend this Privacy Notice in a manner that does not affect the purpose and legal basis of the processing. By using the Website after the entry into force of the amendment, you accept the amended Privacy Notice.

The Privacy Notice has been prepared with the assistance of the Consumer Friendly Terms and Conditions Generator.