I. General provisions
I/1. The Operator
The present website is operated by AHI Roofing Kft. (registered seat: H-8100 Várpalota, Fehérvári út 28/14.; company registration number: 19-09-511580; e-mail: email@example.com, hereinafter referred to as the ‘Operator’, and with regard to data processing, the ‘Data Controller’). Personal data provided by users on the website are processed by the Operator.
I/2. The User
Users shall include all persons visiting the website or using the services thereof, regardless of registration. Certain services may be used by registered users only.
I/3. The scope and amendments of the Policy
If not provided otherwise herein, the scope of the Policy shall not include the services and data processing related to the promotions, sweepstakes, services, other campaigns and contents disclosed by third parties advertising or appearing otherwise on the Website. If not stipulated otherwise herein, the scope of the Policy shall not include the services and data processing of websites and service providers connected to the Website through a link figuring on the Website.
The Operator reserves the right to amend the Policy. The Operator shall inform users about previous amendments upon request. The Operator shall disclose the amended Policy and amendments shall only take effect after such disclosure. The Operator shall not be obliged to send a separate notification of the amendments to the users.
I/4. The activities of the Operator, the aim of the website
The Operator is a business association dealing with the distribution and manufacturing of Gerard roofing technology products on a professional basis; rendering its services not only in the Republic of Hungary but distributing the said products in whole Europe.
The aim of the present Website is to present to all visitors the products distributed and services rendered by the company, and at the same time, to provide information on the availability of such products and services, and the Operator and its activities.
With respect to registered users, the aim of the present Website is to provide customised information to such users.
I/5. Governing law
The Operator is a business association incorporated in the Republic of Hungary and pursuing its activities primarily under the scope of Hungarian legal regulations. Should its service activities – including advertising and distribution – range beyond the borders of the Republic of Hungary, the laws of the given country shall apply.
Where the choice of jurisdictions is made possible, the Operator declares that the laws of Hungary shall be applied.
In case the jurisdictions of different courts or authorities is made possible, the Operator declares the choice of jurisdiction of authorities and courts of Hungary.
II. Data processing
II/1. The legal basis and the principles of data processing
Personal data are processed by the Operator.
The legal basis of data processing is the voluntary consent of persons concerned. By using the Website and registering thereon, the persons concerned the present Policy. The present Policy shall qualify as proper notification provided to the persons concerned.
The Operator processes only personal data provided by the data subject, or produced in the course of the data subject’s activities relating to the Website. The Operator shall make all reasonable efforts to act in the full respect of the rights of data subjects.
All personal data are processed by the operator with the aim of rendering and developing the services of the Website. Therefore, the aim of processing personal data is the identification of data subjects, the rendering of the services, and the analysis and development of the Website. The Operator does not process data the processing of which is not necessary for the achievement of the above aims.
The Operator shall make all reasonable efforts to ensure that the following principles related to the processing of personal data are complied with completely:
- personal data may be processed with a specific aim only;
- all phases of data processing are carried out in compliance with this specific aim, including the range of data under processing;
- personal data are collected and processed in a fair and lawful manner;
- data are accurate, complete and up-to-date;
- if the identification of the data subject is not necessary, data processing shall be modified so that the identification of the data subject becomes impossible;
- the rights of data subjects are adequately respected.
II/2. The place of data processing, governing law
Data processing takes place at the Operator’s seat, branch or establishment, or at the premises of the technical data processor rendering services to the Operator under a services contract. Decisions connected to data processing are made by the Operator.
With regard to the provisions of Section I/5, the data controller is a Hungarian legal person and the place of data processing is the Republic of Hungary. Accordingly, the processing of personal data shall be governed by the legal regulations of Hungary, primarily Act LXIII of 1992 on the Protection of Personal Data and Public Access to Data of Public Interest.
In the course of data processing, the Operator respects the provisions of Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
Visiting the Website is not subject to registration, however, some part of the services is available for registered users only.
Registration can be made in the following manner:
- By importing Facebook profile; or
- By completing a registration form.
Users who are registered at “Facebook” social website can register at the Website by importing their data provided at the facebook social website to the Website of the Operator. In this case, the user has to choose using facebook profile, and then provide his/her login data and password used at the facebook social website. After this, the Website imports the data provided at the facebook social website and these data will be processed by the Operator. Later, login to the Website is carried out with the data used at the facebook social website. In case the user deletes his/her facebook profile, he/she will not be able to login to the Website. In such case, the user has to register by providing another facebook profile or by completing the registration form.
Users may register by completing the registration form. On the registration form, the provision of specific data is obligatory, and registration is not possible without providing such data. Data provided are processed by the Operator.
II/4. The purpose and main rules of the processing of personal data
The primary aim of processing the data provided at registration is the identification of users and communication with them. Further aims of data processing are the provision of the Website’s services, the development of such services, and the sending of newsletters and advertisements to users.
In the course of data processing, the Operator shall comply with the provisions of concerning legal regulations, especially that of Act LXIII of 1992 on the Protection of Personal Data and Public Access to Data of Public Interest.
The legal basis of data processing is in each case the consent given by the data subject.
The Operator reserves the right to modify the contents of the registration form, delete data fields or create new ones, especially if this becomes necessary or justified due to the demands of users or the amendment of legal regulations. The Operator shall notify users of the changes. Data provided by the users may not be modified by the Operator.
In addition to the above, certain services may require further data processing. The Operator in each case provides proper information about the details of such data processing based on the voluntary consent of users.
II/5. Access to the processed data, data transfer, the use of data
Access to the data is provided to persons acting in the Operator’s interest – thus especially agents and employees – for whom this is necessary in order to perform their activities and who are familiar with the obligations related to data processing.
The Operator may transfer or make available the data processed by it to third parties only if this has been expressly approved by the data subject or this is ordered by an act of law.
The Operator shall be entitled in compliance with the concerning legal regulations to use the services of a technical data processor for the purposes of certain technical operations. The technical data processor is only authorized to execute the decisions made by the Operator, in compliance with the instructions given by the Operator. The commissioning of a technical data processor does not affect the Operator’s liability.
In compliance with the provisions of Section II/4, the Operator uses the data provided by the user primarily for the purpose of identification, communication, the provision and development of services, and with the aim of sending newsletters and advertisements.
The Operator is entitled to use the data for statistical purposes but only in a form where they are not identifiable. The Operator is entitled to use the technical data recorded in compliance with the provisions of Section II/11 for statistical purposes.
II/6. Data processing for advertising and research
The Operator is entitled to use the availabilities provided by users (e-mail address, postal address, phone number, other identifiers used for communication) with the aim of sending electronic mails relating to the Operator, its activities and the Website with promotional purposes, newsletters relating to the service, letters containing advertisement, or sending other notifications of such kind to the user. By registering, the user gives his/her expressed consent to the Operator to attach advertisements to the notifications, newsletters and other information letters.
By the registration, the user gives his/her expressed consent to the Operator to send him/her advertisements via direct mail, and use his/her data for this purpose. The consent applies to all communications sent by e-mail, telephone, post or any other way.
The users give the Operator their consent to use for advertising purposes the data produced during the use of the Website, in the interest of sending targeted, customized offers to users.
The data processed may be used by the Operator to customise the advertising surfaces appearing on the sites that are downloaded, and to select the site to be loaded when a user exits the website. These operations are performed automatically, without human intervention, by way of a computer program.
Data under processing may be used by the Operator for the purposes of opinion poll, market research, compiling of research sample, or contacting the users in the course of the research.
II/7. The duration of data processing
The Operator shall delete the data if:
- their processing is against the law, or a legal regulation provides for such deletion;
- so requested by the data subject;
- the data are deficient or false, and this makes their use impossible;
- the purpose of data processing has outdated;
- so ordered by the Data Protection Commissioner, an authority or court.
The user may request his/her personal data to be deleted. Upon such request submitted by the data subject, the Operator’s system deletes the data in five working days. The deletion of data that are obligatory for registration results in the deletion of registration.
The deletion of personal data means making data unrecognisable in a way that the connection between the data and the data subject is impossible to be restored any more.
In case there is a contractual relationship between the user and the Operator under civil law, the regulations of civil law shall also be applied to data processing. In such case, the personal data may be processed in the interest of enforcing claims raised under civil law. In case an administrative or court procedure is started because of the unlawful act of the user, the Operator may process the data in the interest of the successful termination of such procedure.
II/8. The rights of data subjects, protection of privacy
The user is entitled to modify his/her data, and in case of false data that he/she cannot modify, to request the modification from the Operator. The user is entitled to delete his/her certain data or his/her full registration. The user may request information about the processing of his/her data. Such information may also be provided by the Operator via electronic mail.
II/9. Deletion of the registration and data upon the data subject’s request
The user may request the deletion of his/her registration. The Operator fulfils the request within five days. If the user deletes his/her registration, he/she will not be entitled to receive the services that are subject to registration.
After the registration is deleted, the Operator may use the data for statistical purposes in a form that does not allow identification; however, this does not make possible the restoring of registration later.
In case there is a doubt whether the deletion is requested by the data subject – especially, if the request for deletion is not received from the e-mail address provided by the data subject – the Operator may request the data subject to identify himself/herself properly.
II/10. Data security
The Operator shall take all reasonably necessary measures in order to ensure data security, take care for the proper protection thereof, especially against unlawful access, modification, transfer, disclosure, deletion or destruction, as well as against accidental destruction or injury.
The Operator ensures data security by taking the necessary technical and organizational measures.
II/11. Data processing for technical purposes
The Operator’s system automatically records the IP address of the user’s computer, the starting date of the visit, and in certain cases - depending on the computer’s settings – the type of the browser and the operational system. Data recorded in such a way may not be combined with other personal data. The processing of these data serves for statistical purposes only.
The service provider reserves the right to place data files (cookie) on the users’ computer.
II/12. Data protection register
The Operator has notified the Data Protection Commissioner of its data processing activities in order to be entered into the register kept by the Commissioner. After receiving the registration number, the data controller will indicate it in the present Policy.
III. Rules applicable to users
III/1. The obligations and responsibilities of users
When providing his/her data, the user shall act with reasonable care. The Operator may not be responsible for damages resulting from the lack of proper data protection on the side of the user.
The user may use the site at his/her own risk only. The Operator does not take on responsibility for damages or nuisances appearing on the user’s side as a consequence of failing to act with reasonable care when using the site. The user may make his/her data public or available for others at his/her own risk only.
When using the site, the user shall be obliged to act fairly and with due regard to the rights and interests of others.
The user shall be obliged to observe the provisions of effective legal regulations, and during the use, restrain from any activity that is unlawful or infringes the interests of other persons. Especially, but not limited to the following, the user shall be obliged to respect other people’s right to privacy, moral rights, intellectual property rights, with special respect to regulations providing for the protection of literary, scientific and artistic works, inventions, designs, utility models, trade marks and commercial marks protected by intellectual property laws. The user shall be obliged to restrain from committing offence or crime, and further, from the use of any obscene, indecent or other term or expression that may shock other people.
All users shall avoid activities hindering the normal use of the site. All users shall avoid any activity that harms the interests of the Operator. The user shall be obliged especially to:
− Restrain from disturbing or hindering the site’s operation;
− Avoid any activity that targets the acquisition or use of the Operator’s business secrets or other confidential information;
− Restrain from any communication that includes false information concerning the service;
− Avoid all activities threatening the IT security of the site;
− Forbear from any activity aiming to advertise the products or services of the user or another person.
In addition to the above, the Operator may provide for further restrictions, of which it shall notify users.
In the course of using the site, users may make public or available to others the personal data of other persons only with the consent of the data subjects concerned. Such consent is not necessary in terms of data disclosed in the course of the data subject’s public appearances, or data made public by the data subject earlier without restriction.
At registration, users may only submit their own personal data. The submission of other person’s data qualifies as unlawful data processing, and may imply the consequences of the relevant legal regulations. In case of abuse of other persons’ data, the Operator will assist authorities in investigating the infringement and identifying the perpetrator.
The restrictions stipulated in the present Section shall apply to all visitors of the site.
III/2. Procedure against users and users committing infringements
Should the user infringe the provisions of the present Policy or that of legal regulations, the Operator may delete the user’s registration. In this case, the user’s registration terminates and he/she cannot use the site’s services any longer.
In case a court procedure or the procedure of an authority may be initiated against the user based on the user’s wrongful behaviour, the Operator may, independently from deletion, store the user’s data necessary for identification as well as data concerning the infringement, and provide such data to the proceeding bodies.
In case the user infringes the rights of a third party, and such third party in entitled to initiate a procedure, the Operator may provide data to such third party, provided that such third party proves his/her lawful interest thereto.
IV. Exclusion of the Operator’s liability
IV/1. The continuity of service
The Operator undertakes to take all reasonable measures to ensure that the service is undisturbed and uninterrupted. Considering that the service provided is free of charge, the Operator does not guarantee that the service is at all times uninterrupted, and also may not be held liable for the suspension or termination of the service. The Operator will make all reasonable efforts to solve the emerging disturbances or operational problems occurring during the site’s operation, however, may not be held responsible for such disturbances or problems.
The Operator does not assume any responsibility for the behaviour of users.
The Operator takes all necessary measures for ensuring the protection of the users’ data.
IV/2. Liability for the information disclosed on the site
The Operator uses the Website for showing its own products and services. The Operator takes all reasonable measures to ensure the accuracy and completeness of the information, however, does not assume liability in case the information disclosed on the Website do not completely match with the products and services offered by the Operator.
Information disclosed on the Website does not qualify as an offer. The Operator does not undertake any liability in case products and services displayed on the Website would not be available in the future in the quantity and quality as displayed on the Website.
Information disclosed on the Website serve information purposes only, and shall not be deemed as the Operator’s contractual declarations, official notifications or instructions for use in any case.
The Operator shall not be held responsible in any way if the information disclosed on the Website differ from the information disclosed by other distributors with respect to the same products or services.
The information disclosed on the Website does not include all information regarding the use of the products and services, or equivalent with expert advice.
V. Enforcement of rights
V/1. Objections filed with the Operator
Users may turn with their complaints and objections directly to the Operator who shall take all reasonable efforts for the handling and remedy of potential infringements. The Operator examines the complaints filed with it, and notifies the user of its position and the measures taken.
V/2. Other ways of the enforcement of rights
The user may enforce his/her rights in accordance with Act LXIII of 1992 on the Protection of Personal Data and Public Access to Data of Public Interest in the following ways:
- He/she can submit complaints directly to the data controller who shall examine the complaint in accordance with Section V/1;
- He/she may object the processing of data, in which case the Data Controller has to examine the objection within 15 days, and make a decision;
- He/she can turn to the Data Protection Commissioner;
- Enforce his/her rights before the court.