ADATKEZELÉSI TÁJÉKOZTATÓ

ON THE RIGHTS OF THE NATURAL PERSONS CONCERNED

REGARDING THE MANAGEMENT OF THEIR PERSONAL DATA

CONTENTS

INTRODUCTION

I. CHAPTER - NAME OF THE DATA CONTROLLER

II. CHAPTER - NAMES OF DATA PROCESSORS

1. Our company's IT service provider

2. Postal services, delivery, parcel delivery

III. CHAPTER - ENSURING THE LEGALITY OF DATA MANAGEMENT

4. Data management based on the consent of the data subject

5. Data management based on the fulfillment of a legal obligation

6. Promoting the rights of the data subject

IV CHAPTER - VISITORS' DATA MANAGEMENT ON THE COMPANY'S WEBSITE - INFORMATION ON THE USE OF COOKIES

V CHAPTER - INFORMATION ON THE RIGHTS OF THE PERSON CONCERNED

INTRODUCTION

On the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46 REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL ('the Regulation') provides that The controller shall take appropriate measures to ensure that the data subject is informed of the processing of personal data, provide each piece of information in a concise, transparent, comprehensible and easily accessible form, in a clear and comprehensible manner, and that the Data Controller facilitates the exercise of the data subject's rights.

The prior information obligation of the data subject on the right to information self-determination and freedom of information is set out in Act CXII of 2011. also required by law.

We comply with this legal obligation by reading the information below.

The information shall be published on the company's website or sent to the person concerned upon request.

CHAPTER I.

NAME OF DATA CONTROLLER

The publisher of this information, as well as the Data Controller:

Company name: SmartNode Ipari, Kereskedelmi és Szolgáltató Kft.

Headquarters: Lándzsa utca 21, 4030 Debrecen.

Company registration number: 09 09 026732

Tax number: 25140354-2-09

Representative: Róbert Hadházi

Phone number: +36302383279

Fax:

E-mail address: info@smartnode.hu

Website: www.smartnode.hu

(hereinafter: the Company)

II. CHAPTER

NAME OF DATA PROCESSORS

Data processor: any natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller; (Regulation Article 4 (8)

III. CHAPTER

ENSURING THE LAWFULNESS OF DATA PROCESSING

1. Data management with the consent of the data subject

(1) If the Company wishes to perform data management based on consent, the data subject's consent to the processing of his personal data must be requested with the content and information according to the data request form specified in the data management regulations.

(2) Consent is also considered if the data subject ticks a relevant box when viewing the Company's website, makes relevant technical settings when using services related to the information society, as well as any other statement or action that, in the given context, constitutes the data subject's consent and clearly indicates the planned handling of their personal data. Silence, a pre-ticked box, or inaction do not therefore constitute consent.

3. The consent shall cover all data processing activities carried out for the same purpose or purposes. If the data management serves several purposes at the same time, the consent must be given for all data management purposes.

(4) If the data subject gives his / her consent in the framework of a written statement that also applies to other matters - eg conclusion of a sales or service contract - the request for consent must be made in a way that is clearly distinguishable from these other matters, in a comprehensible and easily accessible form, in clear and simple language. Any part of such a statement containing the data subject's consent which infringes the regulation shall not be binding.

(5) The Company may not enter into the conclusion or performance of a contract for the purpose of giving consent to the processing of personal data which is not necessary for the performance of the contract.

(6) Withdrawal of consent should be as simple as giving it.

(7) If the personal data has been collected with the consent of the data subject, the data controller may, unless otherwise provided by law, process the collected data without further separate consent and after the withdrawal of the data subject's consent.

2. Data management based on the fulfillment of a legal obligation

(1) In the case of data processing based on a legal obligation, the provisions of the underlying legislation shall apply to the scope of data that can be processed, the purpose of data processing, the duration of data storage and the recipients.

(2) Data processing based on the fulfillment of a legal obligation is independent of the data subject's consent, as the data processing is defined by law. In this case, before data processing begins, the data subject must be informed that data processing is mandatory, and the data subject must be informed clearly and in detail about all the facts related to the processing of his/her data before the data processing begins, in particular the purpose and legal basis of data processing, the person authorized for data processing and data management, the duration of the data management, if the personal data of the data subject is processed by the data controller based on the applicable legal obligation, and who can access the data. The information should also cover the data subject's rights and legal remedies. In the case of mandatory data management, the information can also be provided by publishing a reference to the legal provisions containing the above information.

3. Promoting the rights of the data subject

The Company is obliged to ensure the data subject during all data management exercise of their rights.

IV. CHAPTER

VISITORS' DATA MANAGEMENT ON THE COMPANY'S WEBSITE - INFORMATION ON THE USE OF COOKIES

1. The visitor to the website must be informed about the use of cookies on the website and, with the exception of technically necessary session cookies, his / her consent must be sought.

2. General information about cookies

2.1. A cookie is a piece of data that a website you visit sends to a visitor's browser (in the form of a variable name value) so that it can be stored and later loaded by the same website. The cookie can be valid, it can be valid until the browser is closed, but it can also be valid indefinitely. Subsequently, for each HTTP (S) request, this information is also sent by the browser to the server. This modifies the data on the user's machine.

2.2. The point of the cookie is that, due to the nature of the website services, it is necessary to mark a user (e.g. that he has entered the page) and be able to handle it accordingly in the following. The danger is that the user is not always aware of this and may be able to be followed by the website operator or another service provider whose content is built into the site (eg Facebook, Google Analytics), thus creating a profile about it, in which case the content of the cookie can be considered personal data.

2.3. Types of cookies:

2.3.1. Technically essential session cookies: without which the site would simply not function, they are used to identify the user, e.g. required to manage whether you logged in, what you put in the cart, and so on. This is typically stored as a session-id, the rest of the data is stored on the server, making it more secure. It has security implications, if the session cookie value is not generated well, there is a risk of a session-hijacking attack, so it is imperative that these values are generated properly. Other terminologies call all cookies that are deleted when you exit the browser a session cookie (a session is a browser usage from start to exit).

2.3.2. Cookies facilitating use: This is how you call cookies that remember the user's choices, such as how the user wants to see the page. These types of cookies essentially represent the setting data stored in the cookie.

2.3.3. Performance cookies: although they don't have much to do with "performance", they are usually called cookies that collect information from the user about the behavior, time spent, clicks within the visited website. These are typically third party applications (e.g. Google Analytics, AdWords, or Yandex.ru cookies). These are suitable for profiling the visitor.

Learn more about Google Analytics cookies here:

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

Learn more about Google AdWords cookies here:

https://support.google.com/adwords/answer/2407785?hl=en_US

2.4. Acceptance and authorization of the use of cookies is not mandatory. You can reset your browser settings to reject all cookies or to indicate when a cookie is being sent. Although most browsers automatically accept cookies by default, they can usually be changed to prevent automatic acceptance and offer a choice each time.

You can find information about the cookie settings of the most popular browsers at the links below
• Google Chrome: https://support.google.com/accounts/answer/61416?hl=en_US
• Firefox: https://support.mozilla.org/en/kb/sutik-engedelyezese-es-tiltasa-amit-weboldak-haszn
• Microsoft Internet Explorer 11: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11
• Microsoft Internet Explorer 10: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-10-win-7
• Microsoft Internet Explorer 9: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-9
• Microsoft Internet Explorer 8: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-8
• Microsoft Edge: http://windows.microsoft.com/en-us/windows-10/edge-privacy-faq
• Safari: https://support.apple.com/hu-hu/HT201265

In addition, however, we draw attention to the fact that some website features or services may not work properly without cookies.

3. Information about the cookies used on the Company's website and the data created during the visit

3.1. Data managed during the visit: Our company's website can record and manage the following data about the visitor and the device used for browsing during the use of the website:
• the IP address used by the visitor,
• browser type,
• the operating system characteristics of the device used for browsing (set language),
• date of visit,
• the (sub) page, feature or service you are visiting.

• click.

This data is retained for up to 90 days and can be used primarily to investigate security incidents.

3.2. Cookies used on the website

3.2.1. Technically essential session cookies

The purpose of data management is to ensure the proper functioning of the website. These cookies are necessary for visitors to browse the website, to use its functions smoothly and fully, the services available through the website, such as, in particular, to note the visitor's actions on those pages or to identify the logged-in user during a visit. The duration of the data management of these cookies applies only to the visitor's current visit, this type of cookie is automatically deleted from the computer when the session ends or when the browser is closed.

The legal basis for this data management is Act CVIII of 2001 on certain issues of electronic commerce services and information society services. Act (Elkertv.) 13 / A. § (3), according to which, for the purpose of providing the service, the service provider may process the personal data that is technically absolutely necessary for the provision of the service. If the other conditions are the same, the service provider must choose and in all cases operate the tools used in the provision of services related to the information society in such a way that personal data is only processed if this is absolutely necessary for the provision of the service and the fulfillment of other objectives defined in this law necessary, but also in this case only to the extent and for the necessary time.

3.2.1. Useful cookies:

They remember the user's choices, such as how the user wants the page to appear. These types of cookies essentially represent the setting data stored in the cookie.

The legal basis for data management is the visitor's consent.

The purpose of data management: To increase the efficiency of the service, increase the user experience, make the use of the website more convenient.

This data is more on the user's computer, the website can only access and recognize it by it the visitor.

3.2.2. Performance cookies:

They collect information for the user about the behavior, time spent, clicks within the visited website. These are typically third party applications (e.g. Google Analytics, AdWords).

Legal basis for data processing: consent of the data subject.

The purpose of data management: to analyze the website, to send advertising offers.

CHAPTER V.

INFORMATION ON THE RIGHTS OF THE PERSON CONCERNED

I. The rights of the data subject in brief:

1. Transparent information, communication and facilitating the exercise of the rights of the person concerned

2. Right to prior information - if personal data is collected from the data subject

3. Informing the data subject and the information to be made available to him, if the personal data was not obtained from him by the data

controller

4. The data subject's right of access

5. Right to rectification

6. The right to erasure (“the right to be forgotten”)

7. Right to restrict data processing

8. Notification obligation related to the correction or deletion of personal data or the limitation of data management

9. The right to data portability

10. Right to protest

11. Automated decision making in individual cases, including profiling

12. Restrictions

13. Informing the data subject about the data protection incident

14. Right to complain to the supervisory authority (right to official redress)

15. The right to an effective judicial remedy against the supervisory authority

16. The right to an effective judicial remedy against the controller or the processor

II. The rights of the data subject in detail:

1. Transparent information, communication and facilitating the exercise of the rights of the person concerned

1.1. The data controller must provide the data subject with all information and every piece of information regarding the processing of personal data in a concise, transparent, understandable and easily accessible form, clearly and comprehensibly worded, especially in the case of any information addressed to children. The information must be provided in writing or in another way, including, where applicable, the electronic way. Verbal information can also be provided at the request of the data subject, provided that the identity of the data subject has been verified in another way.

1.2.The data controller must facilitate the exercise of the data subject's rights.

1.3. The data controller informs the data subject without undue delay, but in any case within one month of the receipt of the request, of the measures taken following his request to exercise his rights. This deadline can be extended by another two months under the conditions set out in the Regulation. about which the data subject must be informed.

1.4. If the data controller does not take measures following the data subject's request, it shall inform the data subject without delay, but at the latest within one month of the receipt of the request, of the reasons for the failure to take action, and of the fact that the data subject may file a complaint with a supervisory authority and exercise his right to judicial redress.

1.5. The data manager provides the information and measures about the rights of the data subject free of charge, however, in the cases described in the Regulation, a fee may be charged.

Detailed rules can be found in Article 12 of the Regulation.

2. Right to prior information - if personal data is collected from the data subject

2.1. The data subject has the right to receive information about the facts and information related to data management before the start of data management. In this context, the data subject must be informed:

a) the identity and contact details of the data controller and its representative,

b) the contact details of the Data Protection Officer (if any);

c) the purpose of the intended processing of personal data and the legal basis for the processing,

d) in the case of data management based on the assertion of a legitimate interest, on the legitimate interests of the data controller or a third

party,

e) the recipients of the personal data to whom the personal data are communicated and the categories of recipients, if any;

e) where applicable, the fact that the controller intends to transfer the personal data to a third country or to an international organization.

2.2. In order to ensure fair and transparent data management, the controller shall provide the data subject with the following additional information:

a) the period for which the personal data will be stored or, if that is not possible, the criteria for determining that period;

b) about the data subject's right to request from the data controller access to personal data concerning them, their correction, deletion or restriction of processing, and to object to the processing of such personal data, as well as the data subject's right to data portability;

c) in the case of data processing based on the consent of the data subject, the right to withdraw consent at any time, which does not affect the legality of data processing carried out on the basis of consent before the withdrawal;

d) the right to lodge a complaint to the supervisory authority;

e) whether the provision of personal data is based on a legal or contractual obligation or a precondition for the conclusion of a contract, whether the data subject is obliged to provide personal data and the possible consequences of non-disclosure;

f) the the fact of automated decision-making, including profiling, and at least the logic used in these cases, and comprehensible information on the significance of such data processing and the expected consequences for the data subject.

2.3. If the controller intends to carry out further processing of personal data for a purpose other than that for which they were collected, it must inform the data subject of this different purpose and of any relevant additional information before further processing.

The detailed rules for the right to prior information are set out in Article 13 of the Regulation.

3. The information of the data subject and the information to be made available to them, if the personal data was not obtained from them by the data controller

3.1. If the data controller did not obtain the personal data from the data subject, the data controller shall notify the subject within one month at the latest from the date of acquisition of the personal data; if the personal data is used for the purpose of contacting the data subject, at least during the first contact with the data subject; or if it is expected that the data will be communicated to another recipient, at the latest when the personal data is communicated for the first time, you must inform about the facts and information written in point 2 above, as well as the categories of the personal data concerned, as well as the source of the personal data and, where appropriate, that the data whether they come from publicly available sources.

3.2. The additional rules are governed by the previous point 2 (Right to prior information).

Detailed rules for this information are set out in Article 14 of the Regulation.

4. The data subject's right of access

4.1. The data subject has the right to receive feedback from the data controller as to whether his personal data is being processed, and if such data processing is underway, he is entitled to access the personal data and the related information written in the second and third points above. (Regulation Article 15).

4.2. If personal data is transferred to a third country or to an international organization, the data subject is entitled to be informed of the appropriate guarantees for the transfer in accordance with Article 46 of the Regulation.

4.3. The data controller must provide the data subject with a copy of the personal data that is the subject of data management. For additional copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs.

The detailed rules for the data subject's right of access are set out in Article 15 of the Decree.

5. Right to rectification

5.1. The data subject has the right to have inaccurate personal data concerning him / her corrected without undue delay at the request of the Data Controller.

5.2. Taking into account the purpose of the data management, the data subject is entitled to request the addition of incomplete personal data, among other things, by means of a supplementary statement.

These rules are contained in Article 16 of the Regulation.

6. The right to erasure ("the right to be forgotten")

6.1.The data subject has the right to request that the data controller delete the personal data concerning him without undue delay, and the data controller is obliged to delete the personal data concerning the data subject without undue delay if

(a) personal data is no longer required for the purpose for which they were collected or otherwise processed;

(b) the data subject withdraws his or her consent on which the processing is based and there is no other legal basis for the processing;

(d) personal data have been processed unlawfully;

(e) personal data must be deleted in order to fulfill a legal obligation under Union or Member State law applicable to the controller;

(f) the collection of personal data took place in connection with the offering of information society-related services offered directly to children.

6.2. The right of cancellation cannot be exercised if data management is required

(a) for the purpose of exercising the right to freedom of expression and information;

(b) for the purpose of fulfilling an obligation under EU or Member State law applicable to the data controller, or for performing a task performed in the public interest or in the context of the exercise of public authority conferred on the data controller;

(d) for archiving purposes in the public interest, for scientific and historical research purposes or for statistical purposes, where the right of erasure would be likely to make it impossible or seriously jeopardize such processing;

e) to submit, enforce or defend legal claims.

Detailed rules on the right of cancellation are set out in Article 17 of the Regulation.

7. Right to restrict data processing

7.1. Where data processing is restricted, such personal data may be processed, with the exception of storage, only with the consent of the data subject or for the purpose of making, asserting or protecting legal claims or protecting the rights of another natural or legal person or in the important public interest of the Union or a Member State.

7.2. The data subject has the right, at the request of the Data Controller to restrict the data processing if one of the following is met:

(a) the data subject disputes the accuracy of the personal data, in which case the restriction shall apply for a period which allows the Data Controller to verify the accuracy of the personal data;

(b) the processing is unlawful and the data subject opposes the erasure of the data and instead requests that their use be restricted;

c) the Data Controller no longer needs the personal data for the purpose of data processing, but the data subject requests them in order to submit, enforce or protect legal claims;

(d) the data subject has objected to the processing; in that case, the restriction shall apply for as long as it is established whether the legitimate reasons of the controller take precedence over the legitimate reasons of the data subject.

7.3. The data subject shall be informed in advance of the lifting of the restriction on data processing.

The relevant rules are set out in Article 18 of the Regulation.

8. Notification obligation related to the correction or deletion of personal data or the limitation of data management.

The data controller informs all recipients of all corrections, deletions or data management restrictions to whom the personal data was communicated, unless this proves to be impossible or requires a disproportionately large effort. At the request of the data subject, the data controller informs about these recipients.

These rules are set out in Article 19 of the Regulation.

9. The right to data portability

9.1. Under the conditions set out in the Regulation, the data subject has the right to receive personal data concerning him or her made available to a data controller in a structured, widely used machine-readable format and to transfer such data to another data controller without being hindered by the controller to whom the personal data have been made available, if

(a) the processing is based on consent or a contract; and

(b) the processing is carried out in an automated manner.

9.2. The data subject may also request the direct transfer of personal data between data controllers.

9.3. The exercise of the right to data portability must not infringe the Regulation The right of erasure ("the right to forget") shall not apply where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. This right shall not adversely affect the rights of others. rights and freedoms.

The detailed rules are set out in Article 20 of the Regulation.

10. Right to protest

10.1. The data subject has the right to object at any time for reasons related to his own situation against the processing of his personal data based on the public interest, the performance of a public task (Article 6 (1) e)) or legitimate interest (Article 6 f)), including profiling based on the aforementioned provisions too. In this case, the data controller may no longer process the personal data, unless the data controller proves that the data processing is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the data subject, or that are necessary for the presentation, enforcement or defense of legal claims.

10.2. If personal data is processed for direct business acquisition, the data subject has the right to object at any time to the processing of his personal data for this purpose, including profiling, if it is related to direct business acquisition. If the data subject objects to the processing of personal data for the purpose of direct business acquisition, then the personal data may no longer be processed for this purpose.

10.3. These rights must be specifically brought to the attention of the data subject during the first contact at the latest, and the relevant information must be displayed clearly and separately from all other information.

ed means based on technical specifications.

10.5. Where personal data is processed for scientific and historical research or statistical purposes, the data subject shall have the right to object to the processing of personal data concerning him or her on grounds relating to his or her situation, unless such processing is necessary for the performance of a task carried out in the public interest.

The relevant rules are set out in the Regulation contained in Article.

11. Automated decision making in individual cases, including profiling

11.1. The data subject shall have the right not to be covered by a decision based solely on automated data processing, including profiling, which would have legal effects on him or her or would be similarly significant.

11.2. This right shall not apply if the decision:

a) necessary for the conclusion or fulfillment of the contract between the data subject and the data controller;

b) it is made possible by Union or Member State law applicable to the controller, which also lays down appropriate measures to protect the rights and freedoms and legitimate interests of the data subject;

11.3. The former In the cases referred to in points (a) and (c), the controller shall take appropriate measures to protect the data subject's rights, freedoms and legitimate interests, including at least the data subject's right to request human intervention, to express his or her views and to object to the decision. be.

Further rules are set out in Article 22 of the Regulation.

12. Restrictions

The EU or Member State law applicable to the data controller or data processor can limit the scope of rights and obligations (Articles 12-22, Article 34, Article 5 of the Regulation) through legislative measures if the restriction respects the essential content of fundamental rights and freedoms.

The conditions for this restriction are set out in Article 23 of the Regulation.

13. Informing the data subject about the data protection incident

13.1. If the data protection incident is likely to pose a high risk to the rights and freedoms of natural persons, the controller shall inform the data subject of the data protection incident without undue delay. This information shall clearly and intelligibly describe the nature of the data protection incident and shall include at least the following:

(a) the name and contact details of the data protection officer or other contact person for further information;

(d) a description of the measures taken or planned by the controller to remedy the data protection incident, including, where appropriate, measures to mitigate any adverse consequences arising from the data protection incident.

13.2. The data subject need not be informed if any of the following conditions are met:

(a) the controller has implemented appropriate technical and organizational protection measures and these measures have been applied to the data affected by the data protection incident, in particular measures such as the use of encryption which make it incomprehensible to persons not authorized to access personal data;

(b) the controller has taken further measures following the data protection incident to ensure that the high risk to the data subject's rights and freedoms is no longer likely to materialize;

(c) the information would require a disproportionate effort. In such cases, the data subject shall be informed through publicly available information or a similar measure shall be taken to ensure that the data subject is informed in an equally effective manner.

Additional rules are set out in the Regulation Article 34.

14. The right to lodge a complaint with the supervisory authority (right to an official remedy)

The data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or suspected infringement, if he or she considers that the processing of personal data concerning him or her infringes the Regulation. The supervisory authority to which the complaint has been lodged shall keep the client informed of the progress of the proceedings in relation to the complaint and of the outcome thereof, including whether the client is entitled to a judicial remedy.

These rules are set out in Article 77 of the Regulation.

15. The right to an effective judicial remedy against the supervisory authority

15.1. Without prejudice to other administrative or non-judicial remedies, all natural and legal persons shall have the right to an effective judicial remedy against a legally binding decision of the supervisory authority.

15.2. Without prejudice to other administrative or non-judicial remedies, all data subjects shall have the right to an effective judicial remedy if the competent supervisory authority does not deal with the complaint or does not inform the data subject within three months of the progress or outcome of the complaint.

15.3. Proceedings against the supervisory authority shall be brought before a court of the Member State in which the supervisory authority has its seat.

15.4. If proceedings are initiated against a decision of the supervisory authority in relation to which the Board previously issued an opinion or made a decision within the framework of the uniformity mechanism, the supervisory authority is obliged to send this opinion or decision to the court.

These rules are set out in Article 78 of the Regulation.

16. The right to an effective judicial remedy against the controller or the processor

16.1. Without prejudice to available administrative or non-judicial remedies, including the right to complain to the supervisory authority, any data subject shall have the right to an effective judicial remedy if he or she considers that his or her personal data have been infringed under this Regulation.

16.2. Proceedings against the data controller or data processor must be initiated before the court of the Member State where the data controller or data processor operates. Such a procedure can also be initiated before the court of the Member State of the habitual residence of the person concerned, unless the data controller or the data processor is a public authority of a Member State acting in the capacity of public authority.

These rules are set out in Article 79 of the Regulation.

Dated, Debrecen, May 2016

___________________________