fbpx

Data Management and Privacy Policy

Home / Data Management and Privacy Policy

Introduction

These data management and privacy guidelines outline how we handle your personal data, whether you are our customer, supplier, or simply browsing our website. It explains how we collect and use your personal data while ensuring compliance with legal obligations.

These data management and privacy guidelines apply to visitors to our website, as well as our suppliers and customers. If you are an employee of Autoleder KFT, the data management guidelines for Autoleder KFT employees, accessible on the Autoleder KFT intranet network, apply to you.

These guidelines do not cover websites, services, and data processing of providers that are linked within the scope of these guidelines. The personal data processing provisions of the third-party data protection guidelines governing such services are applicable, and Autoleder KFT, as the data controller, assumes no responsibility for these processes.

Please read this information carefully to understand how we handle your personal data and to be aware of your rights regarding data processing. Additionally, note that we may update our privacy guidelines from time to time. To stay informed, please revisit this page, as any modifications will be posted here.

Publisher and Data Controller:

Company Name: Autoleder KFT

Registered Office: 2730 Albertirsa, Gróf Széchenyi street 22.

Company Registration Number: 13-09-145815

Tax Identification Number: 23286577-2-13

Representative: Horvath Peter

Phone: +36 (30) 220 7751

Email: ledexinterior@gmail.com

Website: https://www.ledexinterior.com/

(hereinafter referred to as: https://www.ledexinterior.com/)

Data Protection Officer: Pursuant to Article 37 of the General Data Protection Regulation (GDPR), we are not obliged to appoint a data protection officer.

Data Protection Requests: If you have any requests or questions regarding data processing, you can send your request by mail or electronically to the address or email provided above. We will respond promptly, but no later than 30 days from the date of your request, to the address you specify.

Data Processing: https://www.ledexinterior.com/ engages a data processor for the maintenance and operation of the website, who provides IT services (hosting service) and, within the framework of our contract, stores the personal data provided on the website on the server.

Name and Contact Information of the Data Processor:

Company Name: Tárhely.Eu Szolgáltató Kft.

Registered Office: 1144 Budapest, Ormánság street 4. X. floor. 241. door

Company Registration Number: 01-09-909968

Tax Identification Number: 14571332-2-42

Representative: Current CEO

Phone: +36 1 789-2-789

Email: utalas@tarhely.eu

Website: https://tarhely.eu/

 

 

Foreign Data Transfer: We aim to ensure that your data is stored and transmitted securely. Therefore, we only transfer data outside the European Economic Area (EEA) (including the member states of the European Union, Norway, Iceland, and Liechtenstein) if it complies with data protection laws, and the method of transmission provides adequate protection for your data.

General Data Management Purposes

We conduct data processing in accordance with legal provisions for the following purposes:

  • Customer data for providing services on https://www.ledexinterior.com/: to fulfill legal and contractual obligations and maintain customer relations.
  • Supplier data for cooperation and fulfillment of legal and contractual obligations.
  • Management of contact data for partners.
  • Marketing activities for potential customers.
  • Data management for employees and applicants.
  • Internal administration.

What Personal Data Do We Collect?

Management of contractual partner data – record of customers and suppliers:

For the performance of the contract, https://www.ledexinterior.com/ processes the name, date of birth, mother's name, address, tax identification number, tax ID, ID card number, residence, headquarters, telephone number, email address, website, and bank account number of the natural person who has entered into a contract with it. This data processing is lawful even if carried out before the conclusion of the contract, as necessary steps at the request of the data subject.

Legal Basis: Legitimate interest-based data processing

Recipients of Personal Data: Employees responsible for customer service, accounting, tax-related tasks, and processors of https://www.ledexinterior.com/.

Storage Period of Personal Data: 5 (five) years after the termination of the contract.

Contact details of legal entity clients, natural persons representing suppliers:

The protection of legal entities' data does not generally extend to personal data. However, in cases where the transactions of legal entities involve the personal data of natural persons, such as the contact details specified in the contract, the following data of contact persons are collected for legal entity clients and suppliers: Name, position, telephone number, email address, online identifier.

Legal Basis: Consent of the data subject

Purpose of Personal Data Processing: To fulfill the contract with the legal entity partner of https://www.ledexinterior.com/ and for business communication.

Recipients of Personal Data: Employees responsible for customer service at https://www.ledexinterior.com/.

Storage Period of Personal Data: Up to 5 (five) years after the existence of the business relationship or the status of the representative.

Website User Data:

Limited data is collected about visitors to https://www.ledexinterior.com/ to enhance the user experience and manage provided services. This includes information such as the usage pattern of the website, frequency of visits, and the times when the website is most popular.

Cookie Information:

A "cookie" is information stored on your computer's hard drive that records navigation on a website. Cookies can be used for traffic analysis, advertising, and marketing purposes. Almost every website uses cookies, but they are not harmful to your system. If you want to control or modify the types of cookies you accept, you can usually do so in your browser settings.

 

Using Cookies, we track how you use our website. This helps us in developing and improving the website and our services based on the needs and preferences of visitors.

Data processed during visits include:

  • IP address used by the visitor,
  • Browser type,
  • Characteristics of the device operating system used for browsing,
  • Visit timestamp,
  • Visited (sub)page, feature, or service,
  • Clicks.

We retain the above data for a maximum of 90 (ninety) days and primarily use it for investigating security incidents.

Cookies Used on the Website

  • Technically Essential Session Cookies
  • Purpose of Data Processing: Ensuring the proper functioning of the website. These cookies are necessary for visitors to browse the website smoothly, use its functions seamlessly, and access services available on the website. This includes remembering actions performed by the visitor on specific pages or identifying a logged-in user during a visit. The data processing duration for these cookies is solely for the current visit, and this type of cookie is automatically deleted from the visitor's computer after the session concludes or the browser is closed.
  • Legal Basis: Paragraph (3) of Section 13/A of Act CVIII of 2001 on certain issues of electronic commerce services and information society services, which allows the service provider to process personal data that is technically essential for providing the service.
  • Usage Facilitating Cookies
  • These cookies remember user choices, such as how the user prefers to view the website. Essentially, these cookies store setting data in the cookie.
  • Legal Basis: Visitor's consent.
  • Purpose of Data Processing: Enhancing service efficiency, improving user experience, making website usage more convenient. This data is stored on the visitor's computer, allowing the website to access and recognize the visitor.
  • Performance Ensuring Cookies
  • These cookies collect information about the user's behavior within the visited website, the time spent, and clicks. Typically, these are applications of third parties (e.g., Google Analytics, AdWords).
  • Legal Basis: User's consent.
  • Purpose of Data Processing: Analyzing the website, sending advertising offers.
  • How Do We Collect Personal Data?

We collect personal data in two main ways:

  • Personal data provided directly by you.
  • Personal data automatically collected: We collect data automatically through cookies when you visit our website, based on your browser's cookie settings. We also collect data when you contact us through the website, such as using the chat function.
  • Who Do We Share Personal Data With?

We may share personal data with various individuals for various reasons and in various ways, falling into the following categories:

  • Members of the https://www.ledexinterior.com/ company group;
  • Authorities if we reasonably believe that laws or other regulations require us to share the data (e.g., due to a request from the tax authority or in anticipation of a legal dispute);
  • Service providers acting as third parties on our behalf (including external consultants, business partners, and advisers, such as lawyers, auditors, and accountants, technical support functions, and IT consultants);
  • Outsourced IT service providers and document storage service providers, where appropriate processing agreements (or similar) are in place;
  • Marketing technology platforms.
  • How Do We Protect Personal Data?

We are committed to taking all reasonable and necessary steps to protect stored personal information against abuse, data loss, or unauthorized access. We ensure this through various required technical and organizational measures, including actions to handle potential breaches of data security. If you suspect abuse, data loss, or unauthorized access to your personal information, please notify us immediately.

Payment

  • Rights of the Data Subject

One of the main objectives of the General Data Protection Regulation (GDPR) is to safeguard and clarify the data protection rights of EU citizens. This means that you retain certain rights regarding your data, even if you have provided us with information. These rights are detailed below.

Summary of the Data Subject's Rights:

  • Transparent information, communication, and facilitation of the exercise of the data subject's rights.
  • Right to prior information - if personal data is collected directly from the data subject.
  • Information to be provided to the data subject if personal data is not obtained from them by the data controller.
  • Right of access by the data subject.
  • Right to rectification.
  • Right to erasure ("right to be forgotten").
  • Right to restriction of processing.
  • Notification obligation regarding rectification or erasure of personal data or restriction of processing.
  • Right to data portability.
  • Right to object.
  • Automated individual decision-making, including profiling.
  • Restrictions.
  • Information to the data subject about data breaches.
  • Right to lodge a complaint with a supervisory authority (right to appeal to a supervisory authority).
  • Right to an effective judicial remedy against a supervisory authority.
  • Right to an effective judicial remedy against the controller or processor.

 

Rights of the Data Subject in Detail:

  • Transparent Information, Communication, and Facilitation of the Exercise of Data Subject Rights
  • 1.1. The data controller must provide the data subject with all information and every communication related to the processing of personal data in a concise, transparent, understandable, and easily accessible form, formulated clearly and comprehensibly. This applies particularly to any information addressed to children. Information should be provided in writing or by other means, including electronic means if applicable. Upon the request of the data subject, verbal information may be given, provided that the identity of the data subject has been verified. The data controller must facilitate the exercise of the data subject's rights.
  • 1.2. The data controller informs the data subject of measures taken in response to the exercise of their rights without undue delay, and in any case, within one month from the receipt of the request. This deadline can be extended by an additional 2 (two) months under conditions specified in the GDPR, and the data subject must be informed about it.
  • 1.3. If the data controller takes no action on the data subject's request, they must inform the data subject, without undue delay and no later than one month from the receipt of the request, of the reasons for not taking action, as well as the right to lodge a complaint with a supervisory authority and the right to judicial remedy.
  • 1.4. The provision of information and communication about the data subject's rights and the measures taken must be provided free of charge, except in cases specified in the GDPR. Detailed rules are outlined in Article 12 of the GDPR.
  • Right to Pre-Information - If Personal Data is Collected from the Data Subject
  • 2.1. The data subject is entitled to receive information about facts and details related to data processing before it starts. The data subject should be informed about:
  • a) The identity and contact details of the data controller and their representative,
  • b) Contact details of the data protection officer (if applicable),
  • c) The purpose of the planned processing of personal data and the legal basis for processing,
  • d) In the case of processing based on legitimate interests, the legitimate interests pursued by the data controller or a third party,
  • e) Recipients or categories of recipients of the personal data, and if applicable, whether the data will be transferred to a third country or international organization.
  • 2.2. To ensure fair and transparent processing, the data controller must inform the data subject of additional information, including:
  • a) The storage period of personal data or, if not possible, the criteria used to determine that period,
  • b) The data subject's right to request access, rectification, erasure, or restriction of processing, and the right to object,
  • c) The right to withdraw consent at any time if the processing is based on consent,
  • d) The right to lodge a complaint with a supervisory authority,
  • e) Whether the provision of personal data is a statutory or contractual requirement or a requirement necessary to enter into a contract, as well as the possible consequences of not providing the data,
  • f) Information about automated decision-making, including profiling, and relevant information on the logic used, the significance, and the envisaged consequences for the data subject.
  • 2.3. If the data controller intends to further process personal data for a purpose other than that for which it was collected, the data subject must be informed about this new purpose and any relevant additional information. Detailed rules are outlined in Article 13 of the GDPR.
  • Information to the Data Subject and Provision of Information if the Personal Data was not Obtained from the Data Subject
  • 3.1. If the data controller did not obtain personal data from the data subject, the data subject must be informed by the data controller within one month of obtaining the personal data. If the personal data is used for communication with the data subject, this information must be provided at the latest during the first contact with the data subject, or if the data is expected to be disclosed to other recipients, at the latest when the personal data is first disclosed, including the facts and information mentioned in points 2-3 above, as well as the categories of personal data and, if applicable, the source of the personal data and whether it came from publicly accessible sources.
  • 3.2. Further rules follow those mentioned in point 2 (Right to Pre-Information). Detailed rules are outlined in Article 14 of the GDPR.
  • Right of Access by the Data Subject
  • 4.1. The data subject is entitled to receive confirmation from the data controller as to whether personal data concerning them is being processed, and if so, they have the right to access their personal data and the related information mentioned in points 2 and 3 above.
  • 4.2. If personal data is transferred to a third country or an international organization, the data subject has the right to be informed about the transfer and the appropriate safeguards under Article 46 of the GDPR.
  • 4.3. The data controller must provide the data subject with a copy of the personal data being processed. For additional copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs.
  • Detailed rules are outlined in Article 15 of the GDPR.
  • Right to Rectification
  • 5.1. The data subject has the right to request the data controller to rectify inaccurate personal data without undue delay.
  • 5.2. Considering the purpose of data processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary statement.
  • Detailed rules are outlined in Article 16 of the GDPR.
  • Right to Erasure ("Right to be Forgotten")
  • 6.1. The data subject has the right to request the data controller to erase their personal data without undue delay, and the data controller is obligated to erase the personal data without undue delay if:
  • a) The personal data is no longer necessary for the purposes for which it was collected or otherwise processed,
  • b) The data subject withdraws consent on which the processing is based, and there is no other legal ground for the processing,
  • c) The data subject objects to the processing, and there are no overriding legitimate grounds for the processing,
  • d) The personal data has been unlawfully processed,
  • e) The personal data must be erased for compliance with a legal obligation under EU or Member State law to which the data controller is subject,
  • f) The personal data has been collected in relation to the offer of information society services directly to a child.

 

 

Rights of the data subject in detail:

Transparent information, communication, and facilitation of the data subject's rights

1.1. The data controller must provide the data subject with all information and every communication regarding the processing of personal data in a concise, transparent, clear, and easily accessible form, formulated in a clear and understandable manner, especially in the case of any information addressed to children. The information should be provided in writing or by other means, including, where appropriate, electronic means. Upon request, verbal information may also be provided, provided that the identity of the data subject has been otherwise verified. The data controller must facilitate the exercise of the data subject's rights.

1.2. The data controller shall promptly, but in any case, within one month from the receipt of the request, inform the data subject of the measures taken in response to the exercise of their rights. This deadline can be extended by an additional 2 (two) months with the conditions set out in the GDPR, of which the data subject must be informed.

1.3. If the data controller does not take measures based on the data subject's request, it shall inform the data subject, without undue delay and no later than 1 (one) month from the receipt of the request, of the reasons for the lack of action and that the data subject may lodge a complaint with a supervisory authority and exercise their right to judicial remedy.

1.4. The data controller provides information and communication about the data subject's rights and the actions taken free of charge, except in cases specified in the GDPR, where a fee may be charged. Detailed rules are contained in Article 12 of the GDPR.

Right to information in case of collection from the data subject

2.1. The data subject has the right to be informed of the facts and information related to data processing before the commencement of processing. In this regard, the data subject must be informed:

a) about the identity and contact details of the data controller and its representative,

b) the contact details of the data protection officer (if any),

c) the purpose of the planned processing of personal data and the legal basis for the processing,

d) in the case of processing based on the legitimate interests of the data controller or a third party, about the legitimate interests pursued by the data controller or the third party,

e) about the recipients or categories of recipients of the personal data, and, if applicable, whether the data controller intends to transfer personal data to a third country or international organization.

2.2. To ensure fair and transparent processing of data, the data controller must inform the data subject about the following additional information:

a) the duration of the storage of personal data or, if not possible, the criteria used to determine that period,

b) the right of the data subject to request access, rectification, erasure, or restriction of processing, and the right to object to such processing, as well as the right to data portability,

c) in the case of processing based on consent, the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal,

d) the right to lodge a complaint with a supervisory authority,

e) whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and the possible consequences of not providing such data,

f) information about automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

2.3. If the data controller intends to further process personal data for a purpose other than that for which the data was collected, it must inform the data subject about this different purpose and any relevant additional information before further processing. The detailed rules are contained in Article 13 of the GDPR.

Notification to the data subject and information to be provided if personal data are not obtained from the data subject

3.1. If the data controller did not obtain personal data from the data subject, it must inform the data subject within one month from the acquisition of the personal data; if the personal data are used for communicating with the data subject, at the latest at the time of the first contact with the data subject; or if the data is expected to be disclosed to other recipients, at the latest when the personal data are first disclosed, about the facts and information listed in points 2 and 3 above, and, where applicable, about the categories of personal data concerned and the source of the personal data, including whether the data comes from publicly accessible sources.

3.2. The rules described in point 2 (right to information in case of collection from the data subject) apply to the above.

The detailed rules are contained in Article 14 of the GDPR.

Right of access by the data subject

4.1. The data subject has the right to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, and, if so, access to the personal data and the information related to points 2 and 3 above.

4.2. If personal data is transferred to a third country or an international organization, the data subject has the right to be informed about the transfer, including the appropriate safeguards under Article 46 of the GDPR.

4.3. The data controller must provide the data subject with a copy of the personal data undergoing processing. For additional copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs.

The detailed rules are contained in Article 15 of the GDPR.

Right to rectification

5.1. The data subject has the right to request the data controller to rectify inaccurate personal data concerning them without undue delay.

5.2. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of providing a supplementary statement.

The detailed rules are contained in Article 16 of the GDPR.

Right to erasure ("right to be forgotten")

6.1. The data subject has the right to request the data controller to erase their personal data without undue delay, and the data controller is obliged to erase the personal data without undue delay if:

a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

b) the data subject withdraws consent on which the processing is based, and there is no other legal ground for the processing;

c) the data subject objects to the processing, and there are no overriding legitimate grounds for the processing;

d) the personal data have been unlawfully processed;

e) the erasure of personal data is required for compliance with a legal obligation in Union or Member State law to which the data controller is subject;

f) the personal data have been collected in relation to the offer of information society services directly to a child.

6.2. The right to erasure cannot be enforced if the processing is necessary for:

a) exercising the right of freedom of expression and information;

b) compliance with a legal obligation to which the data controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority;

c) reasons of public interest in the area of public health;

d) archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, where erasure is likely to render impossible or seriously impair the achievement of the objectives

 

Limitations

The rights and obligations (Articles 12-22, 34, and 5) applicable to the data controller or processor may be restricted by legislative measures of the European Union or Member States if the restriction respects the essential content of fundamental rights and freedoms. Detailed rules are provided in Article 23 of the GDPR.

Information of the Data Subject about Data Breach

13.1. If a data breach is likely to result in a high risk to the rights and freedoms of natural persons, the data controller must promptly inform the data subject about the data breach. This information must be clear and easily understandable, detailing the nature of the data breach, and must include at least the following:

a) The name and contact details of the data protection officer or another contact point providing further information;

b) A description of the likely consequences of the data breach;

c) Measures taken or planned by the data controller to address the data breach, including, where applicable, measures to mitigate any possible adverse effects.

13.2. The data subject is not to be informed if:

a) The data controller has implemented appropriate technical and organizational protection measures, such as encryption, making the data unintelligible to unauthorized persons;

b) Subsequent measures have been taken to ensure that the high risk to the rights and freedoms of the data subject is likely not to materialize;

c) Notification would involve disproportionate effort. In such cases, the data subjects must be informed through publicly available information or similar measures ensuring equally effective notification.

Detailed rules can be found in Article 34 of the GDPR.

Right to Lodge a Complaint with the Supervisory Authority (Right to Administrative Remedy)

The data subject has the right to lodge a complaint with a supervisory authority—particularly in the Member State of their habitual residence, place of work, or the alleged infringement—where the data subject considers that the processing of personal data relating to them infringes the Regulation. The supervisory authority to which the complaint has been lodged must inform the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy.

Detailed rules are provided in Article 77 of the GDPR.

Right to an Effective Judicial Remedy against a Supervisory Authority

15.1. Without prejudice to any available administrative or non-judicial remedy, every natural or legal person has the right to an effective judicial remedy against a legally binding decision of a supervisory authority.

15.2. Without prejudice to any available administrative or non-judicial remedy, every data subject has the right to an effective judicial remedy if the competent supervisory authority does not handle a complaint, or within three months does not inform the data subject of the progress or outcome of the complaint.

15.3. Proceedings against a supervisory authority shall be brought before the courts of the Member State where the supervisory authority is established.

15.4. If proceedings are initiated against a decision of a supervisory authority for which the Board has previously issued an opinion or made a decision within the consistency mechanism, the supervisory authority must forward this opinion or decision to the court.

Detailed rules are contained in Article 78 of the GDPR.

Right to an Effective Judicial Remedy against the Data Controller or Processor

16.1. Without prejudice to any available administrative or non-judicial remedies, including the right to lodge a complaint with the supervisory authority, every data subject has the right to an effective judicial remedy when they consider that their rights under this Regulation have been infringed as a result of the processing of their personal data not in compliance with this Regulation.

16.2. Proceedings against the data controller or processor shall be brought before the courts of the Member State where the data controller or processor has an establishment. Alternatively, such proceedings may be brought before the courts of the Member State where the data subject has his or her habitual residence, unless the data controller or processor is a public authority acting in the exercise of its public powers.

Detailed rules are contained in Article 79 of the GDPR.

Remedial Information

In Hungary, the data protection supervisory authority is:

National Authority for Data Protection and Freedom of Information

Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C

Email: ugyfelszolgalat@naih.hu.

For legal proceedings: The adjudication of data protection cases falls within the competence of the court. The case can be brought before the court of the Member State where the data subject has their habitual residence or domicile, as chosen by the data subject.

Date: September 1, 2022