Present data management guidance informs regarding data management activity of Szintetika Ltd (registration no.: 08-09-002364, headquarters: HU-9023 Győr, Mészáros L. street. 5.; tax no.: 10671478-2-08), based on the company’s data management provisions, so that this complies with the European Parliament and Commission’s regulation no.2016/679 – regarding protection of personal data of natural persons (herein the Provision) and regulation no. CXII / 2011 (herein Infotv.) regarding the right of information autonomy and freedom of information.
The scope of present document is to inform natural persons being in contact with the company, about the management of their personal data and the internal rules and dispositions. The guidance is public on the company’s official website (gdpr.szintetikapartner.hu).
The above-mentioned document refers to entrepreneurs and self-employed as natural persons, so this is valid for them as well. Thus, not valid for legal persons and their data.
1. Contact data of representatives (natural persons) of legal person’s partners, customers, transporters:
2. Contact and such data of representatives (natural persons) of legal person’s partners, customers, transporters which are necessary for Szintetika in order to be able to process or accept documents like invoice, credit note or any other commercial document.
3. We handle the curriculum vitae, applications of contestants for a job, the personal data contained in employee notes made during the interviews.
4. Periodically we prepare newsletters with our discounts, company news and send it to subscribed partners via e-mail or post. The legal basis of newsletter sending is in any case the written or electronically sent consent of these wholesale partners.
5. For our detail sales partners we use a B2B purchase order and information system. This web-based system imports and exports each data from our SAP system, so there is no separate data management on the web. The web-based system may be used only with password and has user-levels, so partner data may be accessed only by employees who have this right, specified at points 1 and 2.
6. For presenting and promoting our exclusive collection, we use an informative website on domains: www.interiart.hu and www.interiart.eu. The site contains the contact data (address, e-mail and phone no.) of our partners (personal or legal) who have the whole collection. Every interested person may have access to these data.
7. We also present and promote our products, services on our site www.facebook.com/interiart.hu as well. Data protection and services provisions of Facebook apply on the visitors of this site. We do not handle personal data posted by visitors. Questions or comments posted on Facebook do not counts as officially sent complaint. In case of illicit or insulting content publication, we have the right to exclude the particular member, without any question and to delete the comment. We do not assume any responsibility for any, offending data contents, published by users or errors, malfunctions due to Facebook operation.
8. If our products are not delivered by our sales representatives, or these are not taken over personally, certain personal data has to be given to the courier company. These personal data may not be other than: delivery address, e-mail and telephone number. Protection of personal data is assured, as the contracted courier companies comply with European Union provisions regarding personal data as well. We declare that we do not create profiles, do not make automatic data handling during data processing or decision taking based on the gathered data. Our company gathers personal data only for purposes and on the legal basis specified herein.
9. Our data is stored and protected against random or illicit damage, loss, change or illegal access on and with high-performance modern technology, available and affordable for little- and middle companies. Our informatic system is protected by antivirus and firewall. Personal data stored in our company is handled as confidential data, our employees have confidentiality obligation regarding these. The range of personal data accessed by employees is limited by authorisation levels.
10. Data protection incidents, like random or illicit damage of the handled data, loss, change or illegal access of these may happen. Such may be: loss of company laptop, tablet or phone, discard, illicit copy, forward of documents containing wage or other reports info, server or network violation, virus attack. Everything has to be done to prevent such cases. Employees have to report to management any sign of data protection incident or any event which may lead to it. Data protection incidents or safety lacks may be signalled by anybody at the company’s central phone number or e-mail address. The reported incident will be investigated immediately by the particular employees, partners (e.g. the contracted informatic services company). It will be investigated if personal data is involved and the data owners informed, if the case. Damage restore is made as soon as possible.
11. In the above cases mentioned, affected persons have the right to become guidelines regarding handling of their personal data. They may send written request to firstname.lastname@example.org or per post, asking for info regarding handling of their personal data, or may ask in the same way for deletion, update or limitation of these data. Rights and obligations specified in the provision, may be limited by union or member state legal measures, as mentioned in the Provision, chapter 5, paragraph 23. The party affected has the right to complain at supervisory authority.
12. Measures taken based on requests regarding personal data handling of the affected party are to be informed within 1 month. Depending on the complexity or high number of requests, processing may be extended with another 2 months. Affected party will be informed within the first month. Measures are without any fee, as specified in the Provision. If the request is clearly baseless, or -many times repeated- so exaggerated, a fee of 10.000 HUF will be charged, informing the causes lead to this.
If we have doubts regarding identity of the person making the request, we may ask for further information for personal identification.