Privacy Policy

PRIVACY NOTICE

Gift Supplying Center Ltd. (hereinafter referred to as the "Data Controller"), in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation – "GDPR") and Act CXII of 2011 on Informational Self-Determination and Freedom of Information, hereby provides the following information to natural persons who provide personal data to the Data Controller.

1. Details of the Data Controller

Company name: Gift Supplying Center Ltd.
Registered office and mailing address: 1095 Budapest, Soroksári út 115. Building E, 3rd floor, Hungary
Tax number: 12734894-2-43
Company registration number: 01-09-700886
Registering authority: Company Court of the Budapest Metropolitan Court
Phone: +36 1 302 2584
Website: https://www.reklamtargyellato.hu/
Email: zf@reklamtargyellato.hu
Contact person: Zoltán Fonyó

Scope of Processed Data

The following data provided by the data subject:

• name*
• address*
• tax number* / tax identification number
• telephone number*
• e-mail address*

Purpose of Data Processing

The Data Controller processes the personal data made available to it for the purpose of concluding the contract, determining and modifying its content, monitoring its performance, and enforcing claims related thereto.

Legal Basis for Data Processing

The legal basis for data processing is the conclusion and performance of a contract pursuant to Article 6(1)(b) of the GDPR.

Data Retention Period

The Data Controller retains the personal data for the duration of the contract concluded with the data subject and, following its termination, at most until the expiry of the limitation period for the enforcement of claims.

2. Scope of Processed Data

The following data provided by the data subject for the establishment of an employment relationship:

• name*
• place of residence*
• mother's name*
• place of birth*
• date of birth*

Purpose of Data Processing

The Data Controller processes the personal data made available to it for the purpose of concluding the contract, determining and modifying its content, monitoring its performance, and enforcing claims related thereto.

Legal Basis for Data Processing

The legal basis for data processing is the conclusion and performance of a contract pursuant to Article 6(1)(b) of the GDPR.

Data Retention Period

The Data Controller retains the personal data for the duration of the contract concluded with the data subject and, following its termination, at most until the expiry of the limitation period for the enforcement of claims.

Scope of Processed Data

The following data provided by the data subject in connection with the employment relationship:

• name*
• birth name*
• place of residence*
• place of birth*
• date of birth*
• mother's name*
• tax identification number*
• social security identification number*

Purpose of Data Processing

The Data Controller processes the personal data made available to it in order to fulfil its obligations prescribed by the applicable tax and accounting legislation.

Legal Basis for Data Processing

The legal basis for data processing is the performance of a legal obligation to which the Data Controller is subject, pursuant to Article 6(1)(c) of the GDPR.

Data Retention Period

The Data Controller retains the personal data for the duration of the contract concluded with the data subject and, following its termination, for the period required to fulfil its legal obligations, at most until the expiry of the retention period prescribed by the applicable tax and accounting legislation.

2.1 Client-related data (service users)

Pursuant to Article 6(1) GDPR, processing shall be lawful only if and to the extent that at least one of the following applies:

a) the data subject has given consent to the processing of personal data for one or more specific purposes;
b) processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract;
c) processing is necessary for compliance with a legal obligation to which the Data Controller is subject.

Personal data marked with * are mandatory for the conclusion of the contract.

2.2 Employees

Personal data marked with * are mandatory for the establishment of the employment relationship.

2.3 Website visitors and cookies

With regard to individuals visiting https://www.giftsupplying.hu/ and making declarations related to cookies:

Personal data marked with * are a prerequisite for using the website.

The Data Controller informs data subjects that profiling may occur through cookies if the user expressly consents by clicking the "ACCEPT" button on the cookie banner.

3. Access to Data and Data Transfers

Personal data provided to the Data Controller may only be accessed by the Data Controller for the purposes described above.

Data may be transferred to processors and, where required by law, to the Hungarian Tax Authority (NAV).

Scope of Processed Data

Purpose of Data Processing

Legal Basis for Data Processing

Data Retention Period

4. Data Security Measures

Personal data are stored in a cloud-based CRM system on the service provider's server.

The Data Controller implements appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction.

Access to the CRM system is secured through a valid subscription agreement and requires a username and password known only to authorized personnel.

Physical security is ensured through controlled key-based access systems. Only authorized persons possess access keys.

The Data Controller protects data through firewalls, antivirus software, encryption mechanisms, content filtering, and other technical and procedural safeguards.

Electronic and paper-based data are accessible only to authorized personnel using password-protected devices located in locked premises. Access to premises is electronically logged.

Incorrectly received personal data are promptly identified and destroyed where unnecessary.

5. Data Processors

The Data Controller uses the following processors:

Hosting provider:
Dotroll Kft. (1148 Budapest, Fogarasi út 3-5., Hungary)

Accounting service provider:
Istvánné Kecskés (sole trader), 1143 Budapest, Stefánia út 29. 1/2., Hungary

Payroll service provider:
Orsolya Nagy-Lóki, 1223 Budapest, Erdőd u. 4/2., Hungary

CRM provider:
MiniCRM Zrt., 1075 Budapest, Madách Imre út 13-14., Hungary

The Data Controller only engages processors that provide sufficient guarantees of GDPR compliance.

6. Rights of Data Subjects

Data subjects have the following rights under the GDPR:

• Right to withdraw consent
• Right to information
• Right of access
• Right to rectification
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to object
• Right to data portability

Requests are assessed without undue delay and no later than 25 days from submission.

Services related to exercising rights are free of charge, except in cases of repetitive or unfounded requests.

Right to Lodge a Complaint with a Supervisory Authority

Data subjects may file a complaint with:

National Authority for Data Protection and Freedom of Information (NAIH)
Address: 1055 Budapest, Falk Miksa utca 9-11., Hungary
Postal address: 1363 Budapest, Pf. 9.
Phone: +36 (1) 391-1400
Email: ugyfelszolgalat@naih.hu
Website: https://www.naih.hu

Right to Judicial Remedy

Data subjects may initiate civil proceedings before the competent court in case of unlawful data processing. Proceedings may also be initiated before the court of the data subject's place of residence.

Court list: https://birosag.hu/torvenyszekek

Budapest, 12 March 2024

Gift Supplying Center Ltd.