Medor Ltd.
Privacy Policy
MEDOR Ltd., as the operator of www.medor.hu, hereby informs the visitors of its website about the management of the data of registered users and non-registered users requesting offers (hereinafter: Users), the organizational and technical measures taken to protect them, and the users' rights of legal remedy.
1. The Data Controller
Company Name: MEDOR LTD.
Headquarters: 4400 Nyíregyháza, Akácfa u. 9/b.
Company Registration Number: 15-09-062437
Tax Number: 11248985-2-15
Representative: ZELERIK ATTILA
Phone number: +36-20-482-84-96
E-mail address: medor@medor.hu
Website: www.medor.hu
2. Purpose, Scope, and Duration of Data Processing
(hereinafter: Company or Data Controller)
| Purpose and Legal Basis of Data Processing | Scope of Managed Data | Duration of Data Processing |
|---|---|---|
| Requesting an offer from the Data Controller, through which the User requests information regarding a service on the Company's website. Legal basis: the User's consent. | User's name, e-mail address |
Until the service exists, or until the User withdraws their consent. |
3. Persons with Access to Data, Data Processors
Only the employees and contributors of the Data Controller have access to the personal data provided by users, as well as data automatically recognized due to technical operations. The Data Controller does not transfer personal data to third parties, except for its employees and contributors. This does not apply to any mandatory data transfers prescribed by law. Before executing individual official data requests, the Data Controller examines whether the legal basis for data transfer exists for each data point and, if necessary, requests the opinion of the National Authority for Data Protection and Freedom of Information. By consenting to the processing of your personal data, you also consent to the Data Controller transferring your personal data to its legal successor. If requested, the Data Controller will delete the user's personal data before transferring it to the legal successor.
4. Data Security Measures
The Data Controller makes every effort to ensure the secure management and storage of data. The managed data operates in a highly available, reliable dedicated server environment.
We inform users that electronic messages transmitted over the internet, regardless of protocol (e-mail, web, ftp, etc.), are vulnerable to network threats that lead to unfair activity, dispute of contract, or the disclosure or modification of information. To protect against such threats, the service provider takes all reasonable precautions. It monitors the systems to record any security deviations and provide evidence for any security incident. System monitoring also allows for verifying the effectiveness of the precautions taken.
5. Legal Remedy Options
The data subject may request the Data Controller at the contacts listed in point 1 to provide information about the processing of their personal data, to rectify their personal data, and to delete or block their personal data - except for mandatory data processing.
Upon the data subject's request, the Data Controller provides information about the personal data processed or managed by it, their source, the purpose, legal basis, and duration of the data processing, the name, address, and activity of the data processor related to the data processing, and - in case of transferring the data subject's personal data - the legal basis and recipient of the data transfer. The Data Controller shall provide the information in writing within 30 days of receiving the request. The information is free of charge.
The Data Controller may only refuse to inform the data subject in cases defined by law. In case of refusal, the Data Controller informs the data subject in writing based on which point of the law the refusal was made. In case of refusal, the Data Controller informs the data subject about the legal remedy options.
If the personal data is not in accordance with reality, and the correct personal data is available to the Data Controller, the Data Controller rectifies the personal data.
The personal data shall be deleted by the Data Controller if
a) its processing is unlawful;
b) the data subject requests it according to this Privacy Policy;
c) it is incomplete or incorrect - and this cannot be legally remedied - provided that deletion is not excluded by law;
d) the purpose of data processing has ceased, or the statutory deadline for data storage has expired;
e) it has been ordered by a court or competent authority.
Instead of deletion, the Data Controller locks the personal data if the data subject requests it, or if, based on the available information, it can be assumed that deletion would violate the data subject's legitimate interests. The locked personal data can only be processed as long as the data processing purpose that prevented the deletion of the personal data exists.
The Data Controller marks the personal data it processes if the data subject disputes its correctness or accuracy, but the incorrectness or inaccuracy of the disputed personal data cannot be clearly established.
The Data Controller notifies the data subject and all those to whom the personal data was previously transferred for data processing purposes about the rectification, locking, marking, and deletion. The notification can be omitted if it does not violate the legitimate interest of the data subject considering the purpose of the data processing.
If the Data Controller does not comply with the data subject's request for rectification, locking, or deletion, it shall communicate the factual and legal reasons for rejecting the request in writing within 30 days of receiving the request. In case of rejecting the request for rectification, deletion, or locking, the Data Controller informs the data subject about the legal remedy options.
The data subject may object to the processing of their personal data if
a) the processing (transfer) of personal data is solely necessary to fulfill the Data Controller's legal obligation or to enforce the legitimate interest of the Data Controller, data recipient, or third party, except in the case of mandatory data processing;
b) the use or transfer of personal data is for direct marketing, public opinion polling, or scientific research purposes;
c) in other cases defined by law.
MEDOR Ltd. - while simultaneously suspending data processing - examines the objection within the shortest possible time from the submission of the request, but no later than 15 days, and informs the applicant in writing of its result. If the objection is justified, the Data Controller terminates the data processing - including further data collection and data transfer - and locks the data, and notifies all those to whom the personal data affected by the objection was previously transferred and who are obliged to act to enforce the right to object.
If the data subject disagrees with the Data Controller's decision, they may appeal to a court within 30 days of its notification. The Data Controller must prove the legality of the data processing.
You can file a complaint with the National Authority for Data Protection and Freedom of Information claiming a legal injury or the direct threat thereof at the following contacts:
National Authority for Data Protection and Freedom of Information
Postal address: 1530 Budapest, Pf.: 5.
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
Email: ugyfelszolgalat@naih.hu
Web: www.naih.hu
6. Reservation
The Data Controller reserves the right to change its privacy policy. This may happen especially if it is made mandatory by law. Changing the data processing cannot mean processing personal data for a different purpose. The Data Controller will publish information about this on its website 15 days in advance.
Medor Ltd.
May 24, 2018