Privacy Notice

Molekuláris- Ujjlenyomat Kutató Központ Nonprofit Kft. (registered seat: 1093 Budapest, Czuczor utca 2-10., company registration number: 01-09-344208, tax number: 26775935-2-43, hereinafter: service provider, controller), as Controller, acknowledges that it is bound by the contents of this legal notice, and declares that all data processing in relation to its activities complies with the requirements set out in this policy, the applicable national legislation, in particular in Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (hereinafter: Freedom of Information Act) and its implementing decrees, as well as with the requirements set out in the legal acts of the European Union, in particular in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (hereinafter: GDPR).

This Privacy Notice covers the following domains and their subdomains:

www.cmf.hu

The Privacy Policy of the data controller in relation to its data processing is continuously available at https://cmf.hu/data-privacy/.

The Controller reserves the right to amend this Notice at any time. Data subjects will be informed of any changes in due time. If you have any questions about this Notice, please write to us and we will answer them.

The Controller is committed to protecting the personal data of the users of its websites, and attaches the utmost importance to respecting the right to informational self-determination of its customers. The Controller treats personal data confidentially and takes all security, technical and organisational measures to guarantee the security of the data.

The Controller describes its data processing practices below.

2. DATA OF THE CONTROLLER

If you would like to contact the Controller, you can contact the Controller at info@cmf.hu.

Data of the Controller:

Name: Molekuláris- Ujjlenyomat Kutató Központ Nonprofit Kft.

Registered seat: 1093 Budapest, Czuczor utca 2-10.

Tax number: 26775935-2-43

Company registration number: 01-09-344208

E-mail: info@cmf.hu

DATA PROTECTION OFFICER

On the basis of the activities carried out by the Controller and pursuant to Article 37(1) of the GDPR, a Data Protection Officer has been appointed. Data Protection Officer: Győző Karácsony (adatvedelem@cmf.hu)

3. THE PERSONAL DATA PROCESSED

3.1. TECHNICAL DATA

The Controller shall select and operate the IT tools used to process personal data in the course of providing the service in such a way that:

the data processed are accessible to authorised persons (availability);
the authenticity and verification of the data processed is ensured (authenticity of data processing);
the integrity of the data processed can be verified (data integrity);
the data processed must be protected against unauthorised access (data confidentiality).

The Controller takes appropriate measures to protect the data against unauthorised access, alteration, transmission, disclosure, erasure or destruction and against accidental destruction.

The Controller ensures the security of data processing by technical and organisational measures that provide a level of protection appropriate to the risks associated with the data processing.

During the processing, the Controller maintains confidentiality: it protects the information so that only those can access to it who are authorised to do so; integrity: it protects the accuracy and completeness of the information and the method of processing; availability: it ensures that when an authorised user needs it, he or she can actually access the information required and that the means to do so are available.

4. GENERAL GUIDELINES FOR DATA PROCESSING, NAME AND USE OF DATA PROCESSING, LEGAL BASIS AND RETENTION PERIOD

The data processing of the Controller’s activities is based on voluntary consent or on statutory authorisation. In the case of processing based on voluntary consent, data subjects may withdraw their consent at any time during the processing.

In certain cases, the processing, storage and transmission of some of the data provided is required by law, of which we will inform users of our websites separately. We draw the attention of those who provide data to the Controller to the fact that if they provide personal data which are not their own, the data provider is obliged to obtain the consent of the data subject. Its data processing principles are in accordance with the applicable data protection legislation, in particular with the provisions of the Freedom of Information Act, the GDPR, Act V of 2013 on the Civil Code, Act C of 2000 on Accounting, Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing, Act LXVI of 2011 on the State Audit Office of Hungary, Government Decree 355/2011. (XII. 30.) on the Government Control Office, and Act CXXII of 2009 on the more economical operation of publicly owned companies.

The Controller has drawn up a data map, on the basis of which the scope of the data processed, their use, the legal basis thereof and the retention period have been defined.

4.1 DATA RELATED TO ONLINE CONTACT

Personal data requested when contacting us:

Name (optional)

Email address (necessary for the contact)

Phone number (optional, for initiating a callback)

The purpose of processing, intended use of the data processed: The data will be used for the purpose of contacting you.

The legal basis for data processing is voluntary consent.

Retention period: duration of the contact or request for deletion.

4.2 DATA RELATED TO TELEPHONE CONTACT

Personal data requested when contacting us:

Name (optional)

Phone number (optional, for initiating a callback)

The purpose of processing, intended use of the data processed: The data will be used for the purpose of contacting you.

The legal basis for data processing is voluntary consent.

Retention period: duration of the contact or request for deletion.

5. PHYSICAL STORAGE LOCATIONS FOR THE DATA

Your personal data (that is the data relating to you) may enter into our processing in the following ways: in connection with maintaining an Internet connection between us, technical data referring to your computer, browser software, Internet address, and the pages visited are automatically generated in our IT systems.

The data that is automatically recorded is automatically logged by the system when logging in or out, without any special declaration or action on the part of the data subject.

This data cannot be linked to other personal data of users, except where required by law. Only the mukkozpont.hu and h4h.hu domains and their subdomains have access to the data.

6. DATA TRANSFER, DATA PROCESSING, THE PERSONS HAVING ACCESS TO THE DATA

In the framework of its business activities, the Controller uses the following processors:

Hosting:

Rackhost Zrt.

Address: 6722 Szeged, Tisza Lajos krt. 41.

Customer service: +36 1 445 1200

E-mail: info@rackhost.hu

Scope of the data collected: the content of the websites on the domain www.cmf.hu and its subdomains, emails sent to email addresses based on these domains.

Google Analytics:

Google Inc., Mountain View, California, USA

Scope of the data collected: the IP address of visitors to the www.cmf.hu website, which are anonymised and not linked to an individual.

6.1 DATA TRANSFERS TO THIRD COUNTRIES

Data is transferred to the United States of America, with which an adequacy decision was reached on 12 July 2016 (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en).

The adequacy decision also applies to the controllers Google (https://policies.google.com/privacy/frameworks).

6.2 DATA TRANSFERS TO OTP MOBIL LTD.

In case of the usage of www.cmf.hu website, personal data stored in the Controller’s database will be handed over to OTP Mobil Ltd. and is trusted as data processor. The data transferred by the data controller are the following: name, email address, phone number, billing address.

The nature and purpose of the data processing activity performed by the data processor in the SimplePay Privacy Policy can be found at the following link: http://simplepay.hu/vasarlo-aff.

7. RIGHTS AND RIGHT ENFORCEMENT OPTIONS OF DATA SUBJECTS

The data subject may request information on the processing of his or her personal data and, except for mandatory data processing, he or she may request the rectification, erasure or withdrawal of his or her personal data, and may exercise his or her right to data portability and objection in the manner indicated when the data were collected or at the above contact details of the Controller.

7.1 RIGHT OF INFORMATION

The controller takes appropriate measures to provide any information referred to in Articles 13 and 14 of the GDPR and any communication under Articles 15 to 22 and 34 of the GDPR relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language.

7.2 RIGHT OF ACCESS BY THE DATA SUBJECT

The data subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

the purposes of the processing;
the categories of personal data concerned;
the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
the envisaged period for which the personal data will be stored;
the right of rectification or erasure of personal data or restriction of processing or the right to object;
the right to lodge a complaint with a supervisory authority;
any available information as to the sources of data;
the existence of automated decision-making, including profiling and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

The Controller shall provide the information within a maximum of one month from the date of the request.

7.3 RIGHT TO RECTIFICATION

The data subject shall have the right to request the rectification of inaccurate personal data concerning him or her processed by the Controller and to have the incomplete personal data completed.

7.4 RIGHT TO ERASURE

The data subject shall have the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; the data subject withdraws consent on which the processing is based and there is no other legal ground for the processing; the data subject objects to the processing and there are no overriding legitimate grounds for the processing; the personal data have been unlawfully processed; the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject; the personal data have been collected in relation to the offer of information society services.

The erasure of data may not be initiated to the extent that processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing by Union or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller; for reasons of public interest in the area of public health, or, in the public interest, for archiving purposes, scientific or historical research purposes or statistical purposes; for the establishment, exercise or defence of legal claims.

7.5 RIGHT TO RESTRICTION OF PROCESSING

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies: the accuracy of the personal data is contested by the data subject, for a period enabling the verification of the accuracy of the personal data; the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; the controller no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or the data subject has objected to processing; pending the verification whether the legitimate grounds of the Controller override those of the data subject.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

7.6 RIGHT TO DATA PORTABILITY

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided tot he Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.

7.7 RIGHT TO OBJECT

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or for the purposes of the legitimate interests pursued by the Controller or by a third party, including profiling based on those provisions. In the event of an objection, the Controller shall no longer process the personal data unless there are compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

7.8 AUTOMATED INDIVIDUAL DECISION-MAKING, INCLUDING PROFILING

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

7.9 RIGHT TO WITHDRAW

The data subject shall have the right to withdraw his or her consent at any time.

7.10 RIGHT TO APPLY TO THE COURTS

In the event of a breach of his or her rights, the data subject may initiate court proceedings against the Controller. The court shall rule on the case in priority proceedings. 8.11 Procedure of the Data Protection Authority Complaints may be lodged with the National Authority for Data Protection and Freedom of Information:

Name: National Authority for Data Protection and Freedom of Information (in Hungarian: Nemzeti Adatvédelmi és Információszabadság Hatóság) Registered seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/C. Mailing address: 1530 Budapest, P.O. box: 5. Phone: 0613911400 Fax: 0613911410

E-mail: ugyfelszolgalat@naih.hu

Website: http://www.naih.hu

8. OTHER PROVISIONS

Information about data processing not listed in this Notice is provided at the time when the data is collected. We inform our customers that the courts, public prosecutors, investigating authorities, law enforcement authorities, public authorities, the National Authority for Data Protection and Freedom of Information, the Hungarian National Bank, or other bodies authorised by law may contact the Controller to provide information, to disclose or transfer data, or to provide documents. The Controller shall disclose to the authorities - provided that the authority has indicated the precise purpose and scope of the data - personal data only to the extent strictly necessary for the purpose of the request.