Data management policy
Information on data management by SGX-Sport Kft.
1. Introduction
SGX-Sport Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság (registration No.: 01-09-170699, tax code: 24299039-2-41, head office: 1024 Budapest, Lövőház utca 2-6. 4. em.; hereinafter: SGX-SPORT KFT.) is considered data manager in the context of collecting and receiving personal data by the company, and in this capacity it carries out data management activity in line with the principles summarized below.
In its data management activity, SGX-SPORT KFT. acts so as to comply in every respect with the national data protection regulations prevailing in Hungary and with the requirements of the regulation No. (EU) 2016/679 (GDPR) of the European Parliament and the Council.
For the protection of the personal data of its committed employees and partners, SGX-SPORT KFT. deems especially important to respect the information-related self-determination rights of its customers.
2. Definitions
The special terms used in this information have the following meanings pursuant to regulation.
Entities:
- affected person: physical person identified or identifiable;
- data manager: physical person or legal entity who specifies the objectives and tools of managing personal data;
- data processor: physical person or legal entity who handles personal data on behalf of the data manager;
- third party: physical person or legal entity who is not identical with the affected person, the data manager, the data processor, or the individuals who under the direct control of the data manager or the data processor have been authorized to handle personal data;
- data protection authority: National Privacy and Information Freedom Authority (ugyfelszolgalat@naih.hu) www.naih.hu 1125 Budapest, Szilágyi Erzsébet fasor 22/c., +36 1 391-1400). Complaints related to data protection may be filed with this entity.
Other important terms:
- personal data: any information related to physical persons identified or identifiable;
- the physical person is considered identifiable who directly or indirectly, e.g. through any particular like name, number, reference to locality, online ID, or one or several features related to physical, genetic, intellectual, economic, cultural or social identity can be identified;
- data management: operations performed on personal data or data files (e.g. collection, recording, sorting, breaking up, storage, transformation, change, inquiry, inspection, use, transmission, generation, linking, limitation, deletion);
- limitation of data management: marking of stored personal data for the limitation of their future processing;
- approval of the affected person: the voluntary and specific clear declaration of the will of the affected person based on sufficient information, in which the affected person indicates through a statement or unmistakable affirmative act that he/she agrees with the handling of the personal information related to him/her;
- data protection incident: any safety error that results in the incidental or unlawful destruction, loss, change, unlawful disclosure of personal data transmitted, stored or handled in any other way, or leads to unauthorized access to the same.
3. Legal basis of data management, rights of the affected person
Data processing is based on voluntary approval, contractual or regulatory obligation. In collecting personal data related to the affected person, at the time of obtaining the personal data SGX-SPORT KFT. shall make available to the affected person the accessibilities of the data manager and of the representative of the data manager, as minimum, as well as the purpose of the envisaged handling of the personal data and the legal title of data management. Any other supplementary information may be provided, as required, e.g. about the term of data storage, the access options of the affected person, the possibility of withdrawal of the approval, or the forum where complaints can be submitted.
The affected person has the right to receive feedback from the data manager on whether the data processing is going on, and if yes, he/she is entitled to get access to his/her personal data and to the following information. The affected person has the right of requesting the data manager to correct inaccurate data related to him/her. With regard to the purpose of data management, the affected person is entitled to request the completion of incomplete personal data. The affected person has the right of requesting the data manager to delete without unjustified delay his/her personal data and, provided that other conditions are in place, the data manager is obliged to delete the personal data concerned without unjustified delay.
The affected person is entitled to get the personal data related to him/her and provided to the data manager by him/her. The affected person is entitled to raise objection any time against the processing of his/her personal data for marketing purposes.
The affected person has the right of requesting the data manager to limit the data processing if (1) the affected person challenges the accuracy of the data, (2) the handling of data is unlawful, (3) the entity concerned has collected the data to meet legal requirements but the purpose of data management does not exist anymore, and (4) the affected person has protested against the data management.
4. Data security
The IT systems and other data retaining facilities of SGX-SPORT KFT. can be found at the central office as well as on the related servers of the company.
SGX-SPORT KFT. selects and operates the IT tools used for the handling of personal data in the course of providing its services in such a way that the managed data are accessible only for authorized persons where data authentication is ensured, their consistency can be verified so as all data are protected against unauthorized access.
SGX-SPORT KFT. safeguards the data by proper arrangements in particular against unauthorized access, change, transmission, publication, deletion or destruction as well as against incidental destruction, damage, furthermore against becoming inaccessible because of the change of the applied technique.
At the same time, the affected users are informed herewith that the electronic messages transmitted via internet are vulnerable apart from the protocol (e-mail, web, ftp, etc.) against threats implied in the network and may lead to unfair activity, challenging of the contract, or to the disclosure or modification of the information. SGX-SPORT KFT. takes all measures expected from the company to prevent such menaces.
First of all, the competent staff members of the company are primarily entitled to see the data managed by SGX-SPORT KFT., we do not transfer them to third parties but exclusively in the case of legitimate interest (e.g. debt collection), statutory obligation, or if the affected person has given his/her explicit approval to that.
5. Other provisions
30 days are available for the data manager for providing information or for deletion or correction of personal data. If the data manager does not fulfil the request, it shall notify the affected person about the reasons of refusal.
If there is any probability that a data protection incident may entail high risk within the system of SGX-SPORT KFT. concerning the rights and freedoms of physical persons, the data manager shall without unreasonable delay inform the affected person on such data protection incident.
We do not check the personal data received by the company. Exclusively the person having provided the data is responsible for the compliance of the same. Upon giving his/her e-mail address any affected person assumes responsibility for the exclusive use of the services provided through the given e-mail address.
We inform our customers that the investigation body, the data protection authority as well as other organizations with authorization may request SGX-SPORT KFT. to provide information, supply/transfer data and/or to put documents at their disposal.
In the course of visiting the www.litewellness.hu website (and its related pages) the service provider places cookies – i.e. a small file comprising a sequence of characters – on the computer of the visitor, through which his/her browser can individually be identified. Such cookies are placed onto the computer of the visitor only upon visiting subpages and record only the fact and the time of visiting the respective subpage without any other information.
The cookies placed in this way are used as follows: third-party service providers, web search engines recognize through such cookies if the user has already visited the website of SGX-SPORT KFT. earlier. If the user does not agree that Google or any other service provider measures the above information in the described way for the given purpose, the user should install in his/her browser a locking function.
SGX-SPORT KFT. does not hire data processing entities.
If you have any comment, question or concern in relation to our company, data management or services, you can contact us through the addresses displayed in our homepage.
SGX-SPORT KFT. reserves the right of modifying this data management information along with the notification of the affected users.