Data protection statement

Data Protection Policy

Privacy Notice

Summary
We only collect and process personal data in compliance with applicable laws.
We only send direct marketing letters on the basis of specific consent but we may send system messages without such consent.
We store data with utmost security.
We only disclose personal data to third parties with the data subject’s consent..
We provide information to anyone regarding their stored data and you can also request erasure of your data.

Introduction
EBEPLAN Industrial Equipment Ltd.. (registered office: 9700 Szombathely, Pinkafői u. 20. tax number: 11317032-2-18), (hereinafter referred to as “Ebeplan” or the “controller”) subjects itself to this Privacy Notice.
Section 20 (1) of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information provides that prior to data processing being initiated the data subject (in this case the website user, hereinafter referred to as the “User”) shall be informed whether his or her consent is required or processing is mandatory.
Before processing operations are carried out the data subject shall be clearly and elaborately informed of all aspects concerning the processing of his or her personal data, such as the purpose for which the data is required and the legal grounds, the person entitled to control the data and to carry out the processing and of the duration of the proposed processing operation.
Pursuant to Section 6 (1) of the Privacy Act, the data subject must also be informed that personal data may be processed also if obtaining the data subject’s consent is impossible or it would give rise to disproportionate costs, and the processing of personal data is necessary:
for compliance with a legal obligation pertaining to the data controller, or
the purposes of the legitimate interests pursued by the controller or by a third party, and enforcing these interests is considered proportionate to the limitation of the right for the protection of personal data.
Such information shall also include the data subject's rights related to data processing and the ways of seeking legal remedy.

If the provision of personal information to the data subjects proves impossible or would involve disproportionate costs, the obligation of information may be satisfied by the public disclosure of the following:
a) an indication of the fact that data is being collected;
b) the data subjects targeted;
c) the purpose of data collection;
d) the duration of the proposed processing operation;
e) the potential data controllers with the right of access;
f) the right of data subjects and remedies available relating to data processing; and
g) where the processing operation has to be registered, the number assigned in the data protection register.
This Privacy Notice regulates the data processing of the following website: http://ebeplan.hu and is based on the above content requirement. The Privacy Notice is available at the following page: http://ebeplan.hu/energiatechnika/adatvedelmi-nyilatkozat
Any amendments to this Privacy Notice shall become effective when published on the above site.

Definitions and interpretation (§3)
1. data subject/User: any natural person who is either directly or indirectly identified or identifiable based on specific personal data;
2. personal data: any data that can be connected to the data subject - in particular the data subject’s name, identification number and any knowledge characteristic of the data subject’s physical, physiological, mental, economic, cultural or social identity and any conclusion that can be drawn from the data regarding the data subject;
3. controller: the natural or legal person, or unincorporated organisation with no legal personality who or which, alone or jointly with others, determines the purposes of the processing of personal data, brings and implements the decisions related to processing (including the means used) or has them implemented by the data processor engaged by it;
4. processing: regardless of the applied procedure, any operation or set of operations which is performed on personal data, such as collection, recording, organisation, storage, adaptation or alteration, use, retrieval, disclosure by transmission, dissemination, alignment or combination, restriction, erasure or destruction or the prevention of further use of the data, preparation of photos, audio or video recordings and recording physical attributes (e.g. finger or hand prints, DNA samples, iris image);
5. data processing: performance of the technical tasks related to processing operations, regardless of the method and means applied for the implementation of the operations and the place of application, provided that the technical task is performed on the data;
6. processor: a natural or legal person, or organisation with no legal personality who or which processes personal data on behalf of the controller based on contract - including contracts based on a statutory provision;
7. personal data breach: unlawful processing of personal data, in particular unauthorised, or access to, alteration, transmission, disclosure, erasure or destruction as well as accidental destruction and injury of personal data.

Data processing related to website operation
1. Pursuant to Section 20 (1) of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information, within the scope of processing for the operation of the website the following must be specified:

a) an indication of the fact that data is being collected;
b) the data subjects targeted;
c) the purpose of data collection;
d) the duration of the proposed processing operation;
e) the potential data controllers with the right of access;
f) the rights of data subjects relating to data processing.

2. The fact of data collection, the set of data being processed and the purposes of data processing
Personal data     The purpose of data processing
First name and family name    Required for contact
E-mail address    Keeping contact
Telephone number    Keeping contact
Time of registration    Implementation of technical operation
IP address at time of registration    Implementation of technical operation
For e-mail addresses it is not necessary that they contain personal data.
3. Data subjects targeted All data subjects registered on the website web page.
4. The duration of the processing, deadline for erasure of data: Immediately upon deletion of registration. With the exception of accounting receipts, as Section 169 (2) of Act C of 2000 on Accounting this data must be kept for 8 years.
The accounting documents underlying the accounting records directly or indirectly (including ledger accounts, analytical records and registers) shall be retained for minimum 8 years, shall be legible and retrievable by means of the code of reference indicated in the accounting records.
5. The potential data controllers with the right of access; The personal data may be processed by the sales and marketing staff of the controller, respecting the above principles.
6. The rights of data subjects relating to data processing: The data subject can request erasure or modification of personal data concerning him or her as follows:
- via e-mail sent to ebeplan@ebeplan.hu.

7. Legal basis of processing: the User’s consent, Section 5 (1) of the Privacy Act and Section 13/A (3) of Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (the “E-Commerce Act”):

Service providers shall be authorized to process personal data in connection with providing the service, to the extent absolutely necessary for technical reasons. Where all relevant conditions remain unaltered, service providers shall install equipment for the provision of information society services - and operate under all circumstances - with facilities to ensure that the processing of personal data takes place only when it is absolutely necessary for providing the services and to meet the objectives set out in this Act; however, under no circumstances may they exceed the extent required in terms of time and volume.

Data processors
Hosting service provider

1. Activity performed by data processor: Hosting service
2. Name and contact details of data processor:
Webmark Europe Kft.
Offices and mailing address: 8913, Egervár, Széchenyi utca 50.
Contact person: Attila Joós, Managing Director
E-mail: ugyfel@webmark.hu
3. The fact of data processing, the set of data being processed: All the personal data provided by the data subject.
4. Data subjects targeted: All data subjects using the website.
5. Purpose of processing: Access to and proper operation of the website.
6. The duration of the processing, deadline for erasure of data: Immediately upon deletion of registration. With the exception of accounting receipts, as Section 169 (2) of Act C of 2000 on Accounting this data must be kept for 8 years.
The accounting documents underlying the accounting records directly or indirectly (including ledger accounts, analytical records and registers) shall be retained for minimum 8 years, shall be legible and retrievable by means of the code of reference indicated in the accounting records.
7. Legal basis of processing: the User’s consent, Section 5 (1) of the Privacy Act and Section 13/A (3) of Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services.

Processing of cookies
1.    Pursuant to Section 20 (1) of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information, within the scope of cookie processing of the website the following must be specified:
a) an indication of the fact that data is being collected;
b) the data subjects targeted;
c) the purpose of data collection;
d) the duration of the proposed processing operation;
e) the potential data controllers with the right of access;
f) the rights of data subjects relating to data processing.
2.    The fact of data processing, the set of data being processed: Individual identifier, dates, times
3.    Data subjects targeted: All data subjects visiting the website.
4.    Purpose of processing: Identification of users, registration of the “shopping basket” and tracking of visitors.
5.    The duration of the processing, deadline for erasure of data: The website the following erasure
Cookie message: deleted after 3 months.
6.    The potential data controllers with the right of access: The data controller does not process personal data through the use of cookies.
7.    The rights of data subjects relating to data processing: Data subjects have the possibility to delete cookies from in the Tools/Settings menu of their browser, usually under the menu item Data protection.
8.    Legal basis of data processing No consent is necessary from the data subject where the exclusive purpose of the use of cookies is to forward messages through the electronic communication network or if the operator requires it for providing the service connected with information society that has been expressly requested by the user or subscriber..

Use of Google Adwords conversion tracking
1. The controller uses the “Google AdWords” online advertising program, within the framework of which it employs Google’s conversion tracking service. Google conversion tracking is Google Inc.’s analytical service (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google“).
2. When the User reaches a website through a Google ad, a cookie required for conversion tracking is placed on the user’s computer. The validity of these cookies is limited and they contain no personal data so the User cannot be identified through them.
3. When the User browses a certain page of the website and the cookie has not yet expired, then both Google and the data controller can see that the User clicked on the ad.
4. Each Google AdWords client gets another cookie, so they cannot be tracked on through the websites of AdWords clients.
5. The purpose of the information obtained with the help of conversion tracking cookies is to prepare conversion statistics for the clients who opted for AdWords conversion tracking. This way, clients receive information on the number of users forwarded to the page with a conversion tracking label who clicked on their ad. However, they do not have access to any information with which they can identify any user.
6. If you do not wish to participate in conversion tracking, you can reject it by disallowing the installation of cookies in your browser. Thereafter, you will not appear in the conversion tracking statistics.
7. For further information and Google’s Privacy Policy please click here: www.google.de/policies/privacy/

Application of Google Analytics.
1. This website uses the Google Analytics application, which is the web analytics service of Google; Inc. (“Google”). Google Analytics uses so-called “cookies” i.e. text files, which are saved on your computer, thereby helping the analysis of the use of the website by the User.
2. The information generated with the cookies related to the website used by the User are usually stored on one of Google’s servers in the USA. With the activation of IP-anonimisation on the website, Google previously shortens the User’s IP address within the Member States of the European Union or in other states that are party to the agreement on the European Economic Area.
3. The entire IP address is only forwarded to Google’s server in the USA and then shortened there in exceptional cases. On behalf of the operator of this website Google will use this information to analyse how the User used the website, furthermore to prepare reports for the operator of the website regarding website activity and to perform additional services related to website and internet usage.
4. Within the framework of Google Analytics the IP address forwarded by the User’s browser is not linked to Google’s other data. The User can prevent cookie storage by changing browser settings, however, please note that disabling cookies may render some functions of this website to be unavailable. You can prevent Google from collecting and processing the data related to the User’s website usage by the cookies (including the IP address), if you download and install the browser plugin from the following link. https://tools.google.com/dlpage/gaoptout?hl=hu

Customer relations and other processing
1. If any questions arise during use of the controller’s services or if the data subject experiences any problems, the User can contact the data controller in the manner provided on the website (telephone, e-mail, social media sites, etc.).
2. The data controller deletes the received e-mails, messages, data provided by telephone or on Facebook, etc. with the name and e-mail address of the inquirer and any other voluntarily given personal data within no more than 2 years from the data supply.
3. We will provide information on any data processing not listed in this Privacy Notice when recording the data.
4. Upon the request of an authority or a request by another body based on an authorisation granted by statute, the Operator is required to provide information, disclose and transfer data and make documents available.
5. In such case, the Operator provides personal data to the requester, where such request contains the exact purpose and the set of data requested only to the extent that it is essential for the realisation of the purpose of the request.

Data Security (§ 7)
1. The controller plans and executes data processing operations such as to ensure the protection of the data subjects’ privacy.
2. The controller ensures the security of the data (password and anti-virus protection), implements the technical and organisational measures and formulates the procedural rules that are necessary for the enforcement of data protection and privacy rules included in the Privacy Act and other regulations.
3. The controller protects the data with adequate measures, in particular from
unauthorised access,
alteration,
data transfer,
disclosure,
erasure or destruction,
accidental destruction or damage,
becoming inaccessible due to a change in applied technology.
4. The controller shall ensure with an adequate technical solution that the data stored in the records should not be directly linkable to the data subject.
5. In order to prevent unauthorised access to, alteration and unauthorised disclosure, or use of the data, the controller shall ensure:
•    development and operation of an appropriate IT and technical environment,
•    controlled selection and supervision of its staff participating in the service provision,
•    issuance of detailed operation, risk management and service procedures.
6. Based on the above, the operator ensures in respect of the data processed by that
    it is available only to authorised persons,
•    its authenticity and authentication are ensured,
•    it is certifiably unaltered.
7. The IT system of the controller and its web hosting service provider protect against, inter alia
•    IT fraud,
•    espionage,
•    computer viruses,
•    spam,
•    hacks,
•    and other attacks.
8. The data controller carries out the following specific data security measures:
•    Closed source CMS,
•    Own operation and infrastructure,
•    Everything is password protected.

Data subject rights
1. The data subject may request from the operator that it provide information on the processing of personal data, it may request the rectification of its personal data and, with the exception of mandatory data processing, it may request the erasure or blocking of its personal data.
2. At the request of the data subject the data controller provides information regarding the data concerning the data subject processed by the controller or the data processor engaged by it, the source thereof, the purpose, legal grounds, duration of data processing, the name and address of the data processor and its activities related to data processing, the circumstances and effects of the personal data breach and of the measures taken for its prevention, furthermore, where the personal data of the data subject are transferred, the legal grounds and the recipient of the data transfer.
3. Where the controller has an internal data protection officer, through such data protection officer, the controller shall maintain a record of controlling the measures related to the personal data breach and for informing the data subject, which record contains the set of personal data involved, the data subjects involved in the personal data breach, the time, circumstances and effects of the personal data breach and the measures taken for its prevention and any other data specified in the law on data processing.
4. For the purpose of controlling the legitimacy of the data transfer and informing the data subject the controller maintains a record of data transfers, which record contains the time of the personal data transfer, the legal grounds and recipient of the data transfer, specification of the set of personal data transferred and any other data specified in the law on data processing.
5. At the request of the User the Operator provides information regarding the data processed by the Operator, the source thereof, the purpose, legal grounds, duration of data processing, the name and address of the data processor and its activities related to data processing, furthermore, where the personal data of the data subject are transferred, the legal grounds and the recipient of the data transfer. The Operator provides the information within the shortest possible time, but not more than 25 days from the submission of the request, in an easy to understand format. The information is free of charge.
6. Where the personal data is untrue and the data controller has the true data, the Operator rectifies the personal data.
7. Instead of erasure, the Operator blocks the personal data is that is what the User requests or if, based on the available information it can be presumed that the erasure would violate the User’s legitimate interests. Blocked personal data may be processed only until the data processing objective that excluded the erasure of the data exists.
8. The Operator erases the personal data if its processing is unlawful, the User so requests, the data processed is deficient or incorrect, and this status cannot be remedied legitimately, provided that erasure is not excluded by law, the purpose of data processing has ended or the statutory deadline for storing the data has expired, or if the court or the Hungarian National Authority for Data Protection and Freedom of Information has ordered it.
9. The controller marks the personal data processed by it if the data subject disputes its correctness or accuracy but the incorrectness or inaccuracy of the disputed personal data cannot be clearly established.
10. The data subject, and any entity to which the data were transferred earlier for processing shall be notified of the rectification, the blocking, the identification and the erasure of the data. The notification can be avoided if it does not violate the data subject’s legitimate interest in view of the purpose of the processing.
11. If the controller refuses to comply with the data subject’s request for rectification, blocking or erasure, the controller shall communicate in writing within 25 days of receipt of the request the factual or legal reasons on which the decision for refusing the request for rectification, blocking or erasure is based. Where rectification, blocking or erasure is refused, the data controller shall inform the data subject of the possibilities for seeking judicial remedy or lodging a complaint with the Authority.

Legal remedy
1. The User may object to the processing of the personal data concerning him or her, if
a) processing or transfer of personal data is necessary only for compliance with a legal obligation to which the Operator is subject or for the purposes of the legitimate interests pursued by the Operator or by a third party, except where the processing is required by law;
b) personal data are processed or transferred for direct marketing purposes, an opinion poll or scientific research;
c) in other cases specified by law.
2. The Operator shall investigate the cause of objection within the shortest possible time inside a 15-day time period, adopt a decision as to its merits and notify the data subject in writing of its decision. If, according to the findings of the Operator, the data subject’s objection is justified, the controller shall terminate all processing operations (including data collection and transfer), block the data involved and notify all recipients to whom any of these data had previously been transferred concerning the objection and the ensuing measures, upon which these recipients shall also take measures regarding the enforcement of the objection.
3. If the User disagrees with the decision taken by the Operator, the User has the right to turn to court within 30 days of the date of delivery of the decision. The court shall hear such cases in priority proceedings.
4. Complaints with regard to any violations by the controller shall be submitted to the Hungarian National Authority for Data Protection and Freedom of Information:
Hungarian National Authority for Data Protection and Freedom of Information
1125 Budapest, Szilágyi Erzsébet fasor 22/C
Mailing address: 1530 Budapest, Postafiók: 5.
Telephone no: +36 (1) -391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu

Enforcement of rights before court
1. The controller must prove that the processing complies with the provisions of the law. The data recipient must prove that the data transfer was legitimate.
2. Adjudication of the lawsuit falls within the competence of tribunals. Data subjects – at their option – may file a lawsuit with either the tribunal of their residence or of their place of stay.
3. Any person otherwise lacking legal capacity to be a party to legal proceedings may also be involved in such actions. The Authority may intervene in the action on the data subject’s behalf
4. When the court’s decision is in favour of the plaintiff, the court shall order the controller to provide the information, to rectify, block or erase the data in question, to annul the decision adopted by means of automated data-processing systems, to respect the data subject’s objection, or to disclose the data requested by the data recipient.
5. If the court rejects the petition filed by the data recipient, the controller shall be required to erase the data subject’s personal data within 3 days of delivery of the court ruling. The controller shall erase the data even if the data recipient does not file for court action within the time limit.
6. The court may order publication of its decision, indicating the identification data of the controller as well, where this is deemed necessary for reasons of data protection or in connection with the protected rights of large numbers of data subjects.

Indemnification and damages
1. If the controller violates the data subject’s personality rights by unlawful processing or by any breach of data security requirements, the data subject may demand damages from the controller.
2. The data controller shall also be liable for any damage caused by the data processor acting on its behalf and shall pay damages to the data subject for a breach of personality rights by the data processor. The controller will be exempted from liability and payment of damages if it proves that the damage or the violation of the data subject’s personality rights was caused by reasons beyond its control.
3. No compensation shall be paid where the damage or the violation of the data subject’s personality rights was caused by intentional or serious negligent conduct on the part of the data subject,
Conclusion
In the preparation of this Privacy Notice we took the following laws into account:
Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter the “Privacy Act”)
Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (in particular Section 13/A).
- Act XLVII of 2008 on the Prohibition of Unfair Commercial Practices against Consumers;
- Act XLVIII of 2008 on Essential Conditions of and Certain Limitations to Business Advertising Activity (in particular Section 6).
- Act XC of 2005 on the Freedom of Electronic Information
- Act C of 2003 on Electronic Communications (in particular Section 155);
 - Opinion 16/2011 on EASA/IAB Best Practice Recommendation on Online Behavioural Advertising
- Recommendation of the National Authority for Data Protection and Freedom of Information on preliminary information on data protection requirements