I. Privacy notice
About Makerspace Kft.’s data processing activity of the given personal data at the „makersredbox.com” website
Makerspace Központi Digitális Közösségi Alkotóműhely Korlátolt Felelősségű Társaság
Registered seat: Hungary, 2724 Újlengyel, Ady Endre utca 41.,
Registration number: 13-09-184329,
Tax number: 25821868-2-13
Represented by individually: Sándor Zakor and Csaba Fazekas CEOs),
as Data Controllers of personal data (hereinafter referred to as the: „Data Controllers”) with the present notice informs Data Subjects about its data processing activity under the title of the notice, about measures being made in connection with the protection of personal data in possession of the Data Controller, and about the possibilities of the Data Subject to obtain redress.
The purpose of the privacy notice is to provide appropriate information for the Data Subjects about rights and obligations in connection with processing their personal data. Under the notice, circumstances of personal data processing become ascertainable for the Data Subjects, under which they are able to make a well-founded decision about giving their consent to data processing.
The Data Controllers created their data processing principles considering the provisions of the law in effect, with special regard to the following:
Act CXII. of 2011, on Informational Self-determination and Freedom of Information,
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (of 27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation),
Act. V. of 2013 on the Civil Code,
Act XLVIII. of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities,
Act CXXXVI. of 2007 on the Prevention and Impeding of Money Laundering and Terrorism Financing,
Act C. of 2000 on Accounting,
Act CVIII. of 2001 on certain issues of electronic commerce services and information society services.
Definitions found in the present notice shall be interpreted by the following:
• Data Controller: Makerspace Kft.
• Data Subject: that person, whose personal data is being processed by the Data Controllers.
• Personal data: any information or data relating to the Data Subject; or any data from which the Data Subject can be identified, or conclusion to the Data Subject can be drawn.
1.2. Commitments Of The Data Controllers
Data Controllers commit that all of their data processing activity meet the requirements of the provisions in the present privacy notice, national law in effect, and the legal acts of the European Union.
Data Controllers commit that all of their data processing activity meet the requirements of the provisions in the present privacy notice, national law in effect, and the legal acts of the European Union. www.makersredbox.com/privacy website.
Data Controllers are entitled to modify the Privacy notice without the consent of the Data Subject. In such case the Data Controllers inform the Data Subject about the modification at www.makersredbox.com website, at least 8 days prior to the date of effect. The Data Subject is considered to accept the amended Privacy notice by using the services of the Data Controllers after date of effect.
1.2.1. Data Controllers are committed to the protection of Data Subject’s personal data and attach great importance to the respect of Data Subject’s right to informational self-determination. Data Controllers process the Personal Data confidentially and take all security, technical and organizational measures that guarantee the security of Personal Data. This Privacy Notice contains the Data Controllers’ processing practices.
1.2.2. Data Controllers’ data processing is based on the legal basises determined in the GDPR and its limited to their purpose.
1.2.3. Data Controllers undertake to inform the Data Subjects in a clear, unequivocal way prior to any recording, handling and processing of Personal Data, which includes information about the method, the purpose, and the principles of the processing.
1.2.4. If Data Controllers intend to further process the Personal Data for a purpose other than that for which the Personal Data were obtained, the Data Controllers provide the Data Subject with information on that other purpose and asks for prior consent to further processing, also provide an opportunity to the restriction of further processing.
II. Data Controller, Data of the Data Protection Officer
Name of the Data Controller: Makerspace Kft.
Registered seat and postal address: Hungary, 2724 Újlengyel, Ady Endre utca 41.
Registration authority: Commercial Court of the Capital Court
Registration number: Cg. 13-09-184329
Tax number: 25821868-2-13
E-mail address: firstname.lastname@example.org
On-call help desk number: +36 70 5270550
Place and contact of the complaint handling service:
e-mail address: email@example.com
On workdays between 10.00 a.m.- 16.00 p.m.
III. Legal base and purpose of the processing, the processed set of data, term of the processing, the ones, who are eligible to get to know the personal data
3.1. Legal Base And Purpose Of The Processing
Processing of the Data Controllers under Article 6. Section 1. GDPR shall be based on the following legal bases:
Voluntary consent of the Data Subject: Data Subject has given consent to the processing of his or her personal data for one or more specific purposes;
Performance of contract: processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract;
Compliance with legal obligation: processing is necessary for compliance with a legal obligation to which the controller is subject;
Legitimate interest of the controller: processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of personal data, in particular where the Data Subject is a child.
3.1.1. At data processing which is based on voluntary consent of the Data Subject, he or she shall have the right to withdraw his or her consent at any time.
3.1.2. Legally incapacitated and limited capacitated minor shall not render service through the system of the Data Controllers.
3.1.3. In certain case the processing, storage and transmission of the personal data is obligatory by law, about these cases we inform the Data Subjects.
3.1.4. We shall call the attention of those, who are reporting data to the Data Controllers, that in case they are not reporting their own personal data, the Data Controllers shall have the consent of the Data Subject.
3.2. Electronical Newsletter
3.2.1. Purpose of the data processing:
Sending email newsletters with advertisement to the interested ones.
3.2.2. Legal base of the data processing:
Voluntary consent of the Data Subject, Article 6., Section 1., point a) GDPR.
3.2.3. Set of data under process:
name, email address
3.2.4. Erasure deadline of the data:
Data Controllers are processing data until the use of the data for such purpose is prohibited by the Data Subject by unsubscribe. Data Subject can unsubscribe with the unsubscribe link found at the bottom of the newsletter, or at the newsletter section of the website. Erasure of personal data is performed within 10 workdays after receiving the erasure request from the Data Subject.
The Data Controllers in order to perform purchase transaction and serve the clients customized, place a small data package (so called the « cookie ») at the computer of the Data Subject. The task of the cookie is to collect information about visitors and their devices; they remember the individual settings of the visitors, so that it can be used during online transactions, the visitor does not have to type data again; they make it easier to use the website and provide a quality user experience. If the web browser send back a previously saved cookie, it makes it possible for the Data Controllers who handle the cookie to join the actual visit of the Data Subject, but only in connection with its own content.
During visiting the website, the Data Subject can give his consent to the use of the cookies on his computer and make the Data Controllers access to them by clicking on the cookie warning button at the log in website.
3.3.1. Purpose of the data processing:
To identify and differentiate the Data Subjects, identify the actual work session of the users, to store the given data during actual work session, to prevent loss of data, to identify and monitor users.
3.3.2. Legal basis of the data processing:
Voluntary consent of the Data Subject, Article 6., Section 1., point a) GDPR.
3.3.3. Set of data under process:
identification number, date, and previously visited website
3.4. Other Data Processing
About those data processing, which are not indicated in the present privacy notice, we inform the Data Subject simultaneously with the recording of the data. We inform our customers, that the court, the prosecutor, the investigative authority, the offence authority, the public administration authority, the Hungarian National Authority for Data Protection and Freedom of Information and other bodies which are authorized by law may require certain data, information or documents from the Data Controllers. Data Controllers – when the authority indicated the purpose and the set of data properly – only deliver those personal data, which are essential to fulfil the request of the authority.
Data Controllers do not check the given personal data. For the compliance of the data only the person is liable, who gives the data. Users are liable for the access of their email address, which is given to the Data Controllers to contact the user. According to this, the user, who registered the certain email address is the only responsible for the access to that email account. In case user does not report their own personal data, they shall provide the consent of the Data Subject.
Other data transfers are exclusively based on the preliminary and properly informed consent of the Data Subject.
3.5. Data Subject’s Rights
3.5.1. Right to information:
The controller shall take appropriate measures to provide any information referred to in Articles 13 and 14 and any communication under Articles 15 to 22 and 34 relating to processing to the Data Subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language. The Data Subject shall require information through contact details mentioned in the Article II. of this Privacy Notice. When requested by the Data Subject, the information may be provided orally, provided that the identity of the Data Subject is proven by other means.
3.5.2. Right of access by the Data Subject
The Data Subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
– the purposes of the processing;
– the categories of personal data concerned;
– the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
– the envisaged period for which the personal data will be stored
– the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the Data Subject or to object to such processing;
– the right to lodge a complaint with a supervisory authority;
– information about the source of the personal data;
– the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject.
The request for information by e-mail shall be considered trustworthy only via the registered e-mail address of the Data Subject. The request for information must be sent to the following address: firstname.lastname@example.org. If personal data are transferred to a third country or to an international organisation, the Data Subject shall have the right to be informed of the appropriate safeguards relating to the transfer. The Data Controllers shall provide a copy of the personal data undergoing processing. For any further copies requested by the Data Subject, the controller may charge a reasonable fee based on administrative costs. Where the Data Subject makes the request by electronic means, the information shall be provided in electronic form. The Data Controllers provide the information within a maximum of one month from the date of receipt of the request.
3.5.3. Right to rectification
The Data Subject is entitled to obtain from the controller the rectification of inaccurate and completion of deficient personal data concerning him or her via the e-mail address of the Controller mentioned in Article II. of the Privacy Notice.
If the personal data is inaccurate, and the appropriate personal data is available, the Data Controllers shall perform the rectification.
3.5.4. Right to erasure
The Data Subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
– the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
– the Data Subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing;
– the Data Subject objects to the processing and there are no overriding legitimate grounds for the processing,
– the personal data have been unlawfully processed;
– the personal data have to be erased for compliance with a legal obligation in European Union or EU Member State law to which the controller is subject;
– the personal data have been collected in relation to the offer of information society services
In case of erasure or modification of the personal data, the former data shall no longer be restored.
The erasure shall not be performed if the processing is necessary regarding to the following cases: there exists a legal obligation which requires processing by European Union or EU Member State law to which the Data Controllers are subject; or the processing is necessary regarding to the establishment, exercise or defence of the Data Controllers’ legal claims and interests.
3.5.5. Right to restriction of processing
The Data Subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
– the accuracy of the personal data is contested by the Data Subject, for a period enabling the controller to verify the accuracy of the personal data;
– the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;
– the controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims;
– the Data Subject has objected to processing, pending the verification whether the legitimate grounds of the controller override those of the Data Subject.
3.5.6. Right to data portability
The Data Subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
3.5.7. Right to object
The Data Subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defense of legal claims. Where personal data are processed for direct marketing purposes, the Data Subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the Data Subject objects to processing direct marketing purposes, the personal data shall no longer be processed for such purposes.
3.5.8. Automated individual decision-making, including profiling
The Data Subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. The Data Subject is not entitled to exercise the above right if the decision:
– is necessary for entering into, or performance of, a contract between the Data Subject and the Data Controllers;
– is authorised by European Union or EU Member State law to which the controller is subject and which also lays down suitable measures to safeguard the Data Subject’s rights and freedoms and legitimate interests; or
– is based on the Data Subject’s explicit consent.
3.5.9 Right to withdraw
The Data Subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
3.6. Possibilities For Enforcement Of Claims:
3.6.1. With your questions and comments, please feel free to contact with the colleague of the Data Controllers at email@example.com e-mail address.
3.6.2. Right to judicial remedy:
In case the Data Subject considers that his or her rights under GDPR have been infringed, each Data Subject has the right to an effective judicial remedy against the Data Controllers. The court is dealing with such case with priority.
3.6.3. Proceeding of the data protection authority:
Data Subject have the right to lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information.
Name: Hungarian National Authority for Data Protection and Freedom of Information
Seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Postal address: 1530 Budapest, Pf.: 5.