Skip to Content

PRIVACY POLICY

2020.06.18. (v1.00)

1. PURPOSE OF THE PRIVACY POLICY

When using the services of eumetrology.hu , you entrust the data controller with certain personal data. The purpose of this Privacy Policy is to help data subjects understand what data the data controller collects, why it is collected, and how it is used.​

2. DATA PROTECTION PRINCIPLES

 Privacy by default

The data controller processes personal data based on the voluntary consent of the data subject, meaning that only the data provided by the data subject is stored. The data controller collects and stores only the minimum personal data necessary for performing its activities and complying with legal requirements.

Accuracy

The data controller takes all reasonable measures to ensure that inaccurate personal data is promptly deleted or rectified for the purposes of data processing.

Purpose Limitation
 ​

Personal data is collected solely for specified, explicit, and legitimate purposes, mainly for the operation of the service. The data controller does not process personal data in a manner incompatible with these purposes.

3. NAME AND CONTACT DETAILS OF THE DATA CONTROLLER

Name: EUMETROLOGY Kft.

Address: 1103 Budapest, Gyömrői út 150.

E-mail: [email protected]

Website: www.eumetrology.hu

4. NAME AND CONTACT DETAILS OF DATA PROCESSORS

Name: EUMETROLOGY Kft.

Address: 1103 Budapest, Gyömrői út 150.

E-mail: [email protected]

Website: www.eumetrology.hu

 

Name: Online ERP Hungary Kft.

Address: 1145 Budapest, Szugló utca 9-15. 5. em. 516..

E-mail: [email protected]

Website: https://www.online-erp.hu/

https://www.online-erp.hu/adatkezelesi-tajekoztato

 

Name: Microsoft Office 365 Business

Website: https://www.microsoft.com/hu-hu/

https://privacy.microsoft.com/hu-hu/privacystatement

 

Name: Google Analytics

Website: https://www.google.com/analytics/

https://support.google.com/analytics/answer/6004245?hl

5. DEFINITIONS

Data controller

A natural or legal person, public authority, agency, or other body that determines the purposes and means of the processing of personal data.

Data processing

Any operation or set of operations performed on personal data, regardless of the method applied, from collection to use and deletion.

Data subject

An identified or identifiable natural person whose personal data is processed.

Personal data

any information relating to an identified or identifiable living natural person, either directly or indirectly, and allows conclusions to be drawn about the data subject. 

Recipient

A natural or legal person or organization to whom the personal data are disclosed or have been disclosed, including recipients in third countries. 

Data retention period

The period, defined in months, after which personal data is deleted and can no longer be restored. 

Technical and organizational measures

The appropriate technical and organizational measures implemented to ensure and demonstrate that personal data processing is conducted in compliance with regulations.  

Data processor

A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the data controller. 

Consent of the data subject

A freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they signify agreement to the processing of their personal data through a statement or a clear affirmative action. 

Enterprise resource planning (ERP) system

A system that documents and manages internal and external processes of a company. EUMETROLOGY Kft. uses an ERP system operated by Online ERP Hungary Kft.

6. PURPOSES OF DATA PROCESSING

Website visitor data

Purpose of Data Processing: During browsing, the website's hosting provider records visitor data to to ensure continuous operation, maintenance, protection, development of the service, and to prevent misuse.

Categories of data subjects: Website visitors

Legal basis for data processing: Consent of the data subject

Categories of personal data: IP address, date and time of visit, data related to the visitor's operating system and browser, and visited pages

Categories of recipients: Data controller, data processor, Google Analytics web analytics tool for measuring and analyzing website statistics 

Data retention period: Up to 27 months from the visit (by Google Analytics)

 

Contact via website contact form 

Purpose of data processing: Contact, information request, information sharing

Categories of data subjects: Website visitors

Legal basis for data processing: Consent of the data subject

Categories of personal data: IP address, name, email address, phone number, company name, message content, and any additional personal data voluntarily provided by the data subject

Technical and organizational measures: Encrypted connection, incoming email protected by username and password

Categories of recipients: Data controller, data processor, Microsoft Office 365 Business for storing and managing customer data

Data retention period: Up to 60 months from the date of contact unless further business interest applies

7. TECHNICAL AND ORGANIZATIONAL MEASURES BASED ON GDPR ARTICLE 32

The data controller implements technical and organizational measures to protect the service and its users from unauthorized access, alteration, disclosure, or destruction of personal data in its possession.

Access to personal data is restricted, and only those employees and subcontractors of the data controller who need the data for processing on behalf of the data controller have access.

8. RIGHTS OF DATA SUBJECTS REGARDING THE PROCESSING OF THEIR PERSONAL DATA

The data controller strives to fulfill the rights of data subjects (as per Chapter III of the GDPR) including the right to information, access, rectification, erasure, data portability, and will respond to written requests within the legally required timeframe.

Information

Upon a written request, the data controller provides information to the data subject within 30 days about the personal data it processes, the purpose, legal basis, duration of data processing, and the names and addresses of the data processors.

Access

Upon written request, the data controller provides the data subject with a copy of their personal data undergoing processing. Additional copies requested by the data subject may incur an administrative fee.

Rectification and erasure​

Data subjects may request in writing the correction or deletion of their personal data (or part of it). The data controller responds to these requests within 8 days.

Erasure is possible if the data subject withdraws their consent and there is no other legal basis for the data processing.

Data portability

Data subjects may request in writing the transfer of their personal data provided to the data controller in a commonly used, machine-readable format.

The data controller fulfills this request within 30 days. 

Data subjects may submit these requests via email to [email protected]  or by postal mail to the data controller's address.