PRIVACY POLICY
PÓCZ WINERY PRIVACY POLICY
INTRODUCTION
József Pócz (hereinafter: Data Controller) is obligatory as a data controller
acknowledges the content of this legal notice. It is committed to its activities
all data processing in accordance with these regulations and the applicable legislation
specific expectations. Arising in connection with the data controller’s data management
data protection guidelines are continuously available at www.poczpinceszet.hu.
The Data Controller reserves the right to make this prospectus at any time
to change. Of course, you will notify your audience of any changes in a timely manner.
If you have any questions regarding this post, please email us at
our colleague will answer your question.
The Data Controller is committed to the protection of the personal data of its customers and partners, with priority
considers it important to respect its customers’ right to information self-determination. The
The data controller shall treat the personal data confidentially and shall take all
technical and organizational measures to guarantee data security. The Data Controller is
describes your data management practices below:
THE DATA MANAGER
Name: József Pócz
Headquarters: 8638 Balatonlelle, Kishegy telep 107/6.
Tax number: 50987636-2-34
Registration number: 3658016
Privacy Identifier No: NAIH-86376/2015.
Name of the court of registration: Court of Registry of the Court of Kaposvár
Phone: +36309298854
E-mail:
Website: www.poczpinceszet.hu
PRINCIPLES IN DATA MANAGEMENT
The Data Controller handles personal data only with the consent of the data subject.
The Data Controller pays special attention to the incapacitated and to the limited extent under 16 years of age
to protect minors, the personal data of children. His
their declaration requires the consent of their legal representative, except
service sections where the statement is commonplace in everyday life
data management and does not require special consideration.
If the personal data was collected with the consent of the data subject, the Data Controller is the data subject
data unless otherwise provided by law
(a) for the purpose of fulfilling a legal obligation incumbent on it, or
(b) for the protection of the legitimate interests of the controller or of a third party, where
enforcement is proportionate to the restriction of the right to the protection of personal data
without further specific consent and the withdrawal of the consent of the data subject
you can also manage it afterwards.
The Data Controller may use personal data only for specified purposes, exercise rights and obligations
to meet. The Data Controller declares that its data management is everything
and the data is collected and processed fairly
happens. The Data Controller declares that it only handles personal data that is
essential for the realization of the purpose of data management, suitable for achieving the purpose, only the purpose
to the extent and for the time necessary to achieve it.
The Data Controller declares that personal data is only based on proper information
with consent. The Data Controller shall notify the data subject before commencing data management
duly inform whether the processing is based on consent or is mandatory. The
inform the data subject in a clear, comprehensible and detailed manner by handling his or her data
all relevant facts, in particular the purpose and legal basis of the processing,
the person entitled to data processing and data processing, the duration of data processing,
the personal data of the data subject with the consent of the data subject and the
fulfillment of a legal obligation to the controller or a legitimate interest of a third party
and who can access the data. THE
information shall cover the data subject’s rights and remedies in relation to the processing
is.
The Data Controller ensures the accuracy, completeness,
up-to-date and that the data subject is only for the time necessary for the purpose of the processing
be identifiable.
TYPES OF DATA MANAGEMENT, RANGE OF PERSONAL DATA,
PURPOSE, TITLE AND DURATION OF DATA PROCESSING
The data management of the Data Controller’s activity is based on voluntary consent. Certain
However, in some cases, the handling, storage and transmission of a set of specified data
legislation, and we will notify our public separately.
We would like to draw the attention of informants to the Data Controller, if it is not personal
their obligation to obtain the consent of the data subject.
The data management principles of the Data Controller are in accordance with the data protection
legislation in force, in particular:
– Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 – a
on the protection of individuals with regard to the processing of personal data and
on the free movement of such data and repealing Regulation (EC) No 95/46
(General Data Protection Regulation, GDPR);
– 2011 CXII. Act – on the right to information self – determination and
on freedom of information (Infotv.),
– CVIII of 2001 Act – Electronic Commerce Services, as well as the
on certain issues related to information society services (Eker.tv.),
– Act C of 2003 – on electronic communications (Eht.),
DATA MANAGED DURING THE USE OF THE WEBSITE
You can use the www.poczpinceszet.hu website without entering your personal data,
accordingly, the use of the website is not covered by the general data protection regulation
spread out.
The Data Controller does not use the data generated while browsing the website in any way
stored or handled in a manner that can be linked to the specific data subject.
COOKIE MANAGEMENT OF THE www.poczpinceszet.hu WEBSITE
The operator of the www.poczpinceszet.hu website is in order to provide a customized service a
a small data packet on the user’s computer, the so-called place a cookie and read it back,
however, the use of cookies does not implement the processing of personal data.
Legal basis of data management: Eker tv. § 13 / Paragraphs (3), (4) of Directive 2002/58 / EC
the legal provisions contained in Article 5 (3) of the Directive and the Ehtv.
Pursuant to Section 155 (4), the consent of the data subject to the websites
on first entry we request and record.
The user can delete the cookie from his own computer or disable it
the use of cookies in your browser. Cookies are usually handled by browsers
In the Tools / Settings menu, under Privacy Settings, cookie or cookie
is possible under the name.
PRESENCE ON COMMUNITY SITES
The Data Manager is available on the Facebook / Instagram community portal. Data controller is
communicates with stakeholders through the social site only when it is treated
the purpose of the data set becomes relevant when the data subject is on the social site
contact the Data Controller.
Type of personal data processed: name of the public concerned, public photo, public email address, message sent via the relevant social network, evaluation by the data subject,
or the result of another operation.
The purpose of data management: the content of the website is on a social networking site
sharing, publishing, marketing. Using the social site is concerned
you can also find out about the latest promotions.
Stakeholders: Natural persons who are data controllers in the community
voluntarily follow, share, or like your pages or the content that appears on them.
Legal basis for data processing: consent of the data subject (Article 6 (1) of the GDPR Regulation)
paragraph a), Infotv. Section 5 (1), and Grt. Section 6 (5)). Affected by the
voluntarily consents to the contents of the Data Controller under the terms of the social site
by following, to your liking. Using an exemplary definition, Facebook / Instagram
the newsfeed posted on the message board on page
You can subscribe by clicking on the “like” link, and the Data Controller will consent
to post your news and offers on your own message board and located there
You can unsubscribe by clicking the “dislike” link and the message wall settings
You can delete unwanted feeds that appear on the message board.
Duration of data processing: at the request of the data subject until deleted.
Affected by the particular social site’s data management information for that particular community
page.
OTHER DATA PROCESSES
Data processing not listed in this prospectus is provided at the time of data collection
information. We inform our clients that the court, the prosecutor, the investigator
authority, the infringement authority, the administrative authority, the National Data Protection Authority and the
Freedom of information Authorized by authority or other bodies
providing information, communicating, transferring or making available documents
they may contact the controller for this purpose. The Data Controller shall provide the authorities –
if the authority has indicated the exact purpose and scope of the data, personal data
it shall issue only to the extent and for the purpose necessary to achieve the purpose of the request
essential.
The Data Controller reserves the right to use an additional data processor, which
provide information on the individual in a unique manner at the latest at the start of the processing.
DATA STORAGE
The data controller stores the personal data of the data subject on the servers operated by József Pócz.
DATA SECURITY MEASURES
The Data Controller and its data processors are the state of the art and the cost of implementation, and the
the nature, scope, circumstances and purposes of data processing and the rights of natural persons
and taking into account the varying probability and severity of the risk to his or her liberties
appropriate technical and organizational measures are taken to ensure that:
guarantee a level of data security commensurate with the level of risk.
The Data Controller manages the personal data using the IT tools provided
selects and operates that the managed data:
– accessible to those entitled to it (availability);
– its authenticity and authentication are ensured (authenticity of data management);
– its invariability can be verified (data integrity);
– be protected against unauthorized access (data confidentiality).
The Data Controller shall protect the data with appropriate measures, in particular against unauthorized persons
access, alteration, transmission, disclosure, deletion or destruction,
as well as accidental destruction, damage, and the technique used
against becoming inaccessible as a result of a change in
The Data Controller protects the data files electronically managed in its various registers
in order to ensure that the stored data – unless it is
law, they must not be directly linked to the person concerned
can be ordered.
The Data Controller shall, in view of the current state of the art, have technical, organizational and
ensure, through organizational measures, the protection of the security of data processing, which is
provides a level of protection commensurate with the risks associated with data processing.
The Data Controller retains it during data management
– confidentiality: protects information so that only those who have access to it can access it;
Integrity: protects the accuracy of the information and the method of processing, and
completeness;
– availability: ensures that when the authorized user needs
to it, really have access to the information you want and be available with it
related tools.
IT system and network of the Data Controller and its partners involved in data management
protected against computer-assisted fraud, espionage, sabotage, vandalism, fire and
floods, as well as computer viruses, computer hacking and denial of service
leading attacks. The operator is server level and application level about security
protection procedures. We inform users that the Internet
transmitted electronic messages, regardless of protocol (email, web, ftp, etc.)
they are vulnerable to network threats that are unfair
activity, dispute a contract, or disclose or modify information.
To protect against such threats, the Data Controller will do everything expected of it
precaution. The systems are monitored for any security deviations
record and provide evidence of any security incident. THE
system monitoring also allows the precautions to be taken
monitoring its effectiveness.
The Data Controller shall keep a record of any data protection incidents, indicating the data protection
the facts of the incident, its effects and the measures taken to remedy it. The
any data protection incident to the Data Controller without delay and, if possible, at the latest
72 hours after becoming aware of the privacy incident, the National will report it
Data Protection and Freedom of Information Authority unless there is a data protection incident
it is unlikely to jeopardize the rights and freedoms of natural persons
viewed. If the notification is not made within 72 hours, a delay must be attached
reasons for the justification.
RIGHTS OF THOSE CONCERNED AND ENFORCEMENT
The data subject may request information on the handling of his or her personal data as well as personal information
rectification or erasure of your data, with the exception of mandatory data processing,
may exercise the right to carry data and to protest in the manner indicated at the time of recording,
or the above contact details of the Data Controller.
10.1. Right to information
The Data Controller shall take appropriate measures to ensure that the data subject has:
referred to in Articles 13 and 14 of the GDPR
information and Articles 15 to 22. and Article 34 shall be concise, transparent,
in an intelligible and easily accessible form, worded clearly and intelligibly
provide.
10.2. The data subject ‘s right of access
The data subject has the right to receive feedback from the Data Controller that:
whether the processing of your personal data is in progress and, if such processing is in progress,
has the right to access personal data and the following information:
– the purposes of data management;
– the categories of personal data concerned;
– the recipients or categories of recipients with whom or with whom the personal data are to be transmitted
communicated or will be communicated, including in particular to third country consignees, and
international organizations;
– the intended duration of the storage of personal data;
– the right to rectify, erase or restrict data processing and to protest;
– the right to lodge a complaint with the supervisory authority;
– information on data sources;
– the fact of automated decision-making, including profiling, and the employee
logic and understandable information about what such data management is like
and what the expected consequences are for the data subject.
The Data Controller shall provide no later than one month from the submission of the request
information.
10.3. Right of rectification
The data subject may request inaccurate personal data processed by the Data Controller
correcting and supplementing incomplete data.
10.4. Right of cancellation
If one of the following reasons exists, the data subject shall have the right, at his request, to:
The data controller shall delete the personal data concerning him / her without undue delay:
Personal data are no longer required for the purpose for which they were collected or
treated differently;
– the data subject withdraws the consent on which the data processing is based and the data processing
has no other legal basis;
– the data subject objects to the processing and there is no overriding legitimate reason
data management;
– personal data have been processed unlawfully;
– personal data are required by the law of the Union or Member State applicable to the controller
to be canceled in order to fulfill an obligation;
– information society services for the collection of personal data
in connection with the offering of
Deletion of data cannot be initiated if data management is required:
– for the purpose of exercising the right to freedom of expression and information;
– Union or Member State law applicable to the controller governing the processing of personal data
or in the public interest or in the exercise of official authority vested in the controller
to perform a task performed in the exercise of a license;
– in the field of public health or archival, scientific and historical research
for statistical or statistical purposes, in the public interest;
– or to bring, assert or defend legal claims.
10.5. Right to restrict data processing
At the request of the data subject, the Data Controller shall restrict the data processing if the following conditions apply
one of the following is met:
– the data subject disputes the accuracy of the personal data, in this case the limitation to that period
which allows the accuracy of personal data to be verified;
– the processing is unlawful and the data subject opposes the deletion of the data and requests it instead
restrictions on the use of
The controller no longer needs personal data for data processing purposes, but
the data subject requests them to bring, assert or defend legal claims;
obsession
– the data subject has objected to the processing; in this case, the limitation is for that period
applies until it is established that the controller has legitimate reasons to take precedence
against the legitimate reasons of the data subject.
If the data processing is subject to restriction, the personal data, with the exception of storage, will only be
with the consent of the data subject, or for the submission, enforcement or enforcement of legal claims
to protect the rights of another natural or legal person, or
Important public interest of the Union or of a Member State.
10.6. Right to data storage
The data subject is entitled to have his / her data made available to him / her by the Data Controller
receive personal data in a structured, widely used, machine-readable format,
and transfer this data to another data controller.
10.7. Right to protest
The person concerned has the right to object at any time for reasons related to his own situation
personal data of public data or a public authority granted to the Data Controller
data management necessary for the performance of a task performed in the exercise of
necessary for the legitimate interests of the controller or a third party
including profiling based on those provisions. In the event of a protest, the
The data controller may no longer process the personal data unless it is so compelling
justified by legitimate reasons which take precedence over the interests, rights and interests of the data subject
freedoms or which are for the purpose of bringing, exercising or enforcing legal claims
related to the protection of
10.8. Automated decision making in individual cases, including profiling
The data subject has the right not to be covered by a purely automated
the scope of the decision based on data management, including profiling, which applies to it
would have legal effects or would be similarly significantly affected.
10.9. Right of withdrawal
The data subject has the right to withdraw his or her consent at any time.
10.10. Right to apply to the courts
In case of violation of his / her rights, the data subject may file a lawsuit against the Data Controller, ie a lawsuit
may institute proceedings before the court having jurisdiction over the place of residence (stay)
You can view the list by clicking on the following link: https://birosag.hu/torvenyszekek). THE
court acts out of turn in the case.
10.11. Data protection authority procedure
Complaints can be lodged with the National Data Protection and Freedom of Information Authority:
Name: National Data Protection and Freedom of Information Authority
Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22 / C.
Mailing address: 1530 Budapest, Pf .: 5.
Phone: 0613911400
Fax: 0613911410
E-mail:
Website: https://www.naih.hu
10.12. Informing the data subject about the data protection incident
If a privacy incident is likely to pose a high risk to individuals
the Data Controller shall, without undue delay, inform the
concerned about the data protection incident.
The information provided to the data subject shall clearly and intelligibly describe the
the nature of the data protection incident and shall be communicated to the Data Protection Officer or further
the name and contact details of any other contact person providing information; should be described in
the likely consequences of a data protection incident; should be described in
Measures taken or planned by the controller to remedy the data protection incident,
including, where applicable, the possible adverse consequences of a data protection incident
mitigation measures.
The data subject need not be informed if any of the following conditions are met:
The Data Controller has implemented appropriate technical and organizational security measures, and
these measures in respect of the data affected by the data protection incident
in particular measures such as the use of encryption,
for persons not entitled to access personal data
make the data incomprehensible;
– the Data Controller has taken further measures following the data protection incident which:
ensure that the high risk to the data subject’s rights and freedoms continues
unlikely to materialize;
– the information would require a disproportionate effort. In such cases, the parties concerned
by means of publicly available information or a similar measure
which ensures that those concerned are informed in an equally effective manner.
If the Data Controller has not yet notified the data subject of the data protection incident, the supervisory
authority after considering that the data protection incident is likely to be high
may require the data subject to be informed.
10.13. Compensation and damages
Any person who is proprietary as a result of a breach of the Data Protection Regulation
or suffered non-pecuniary damage, for the damage suffered from the Data Controller or the
entitled to compensation from the data processor. The data processor only belongs in that case
liability for damages caused by data processing if you have not complied with the law
obligations specifically imposed on data processors, or
The data controller has disregarded or acted contrary to the lawful instructions of the data controller.
If there are several data controllers or several data processors or both the data controller and the
data processor is involved in the same data management and is responsible for the data management
each controller or processor shall be jointly and severally liable
is liable for all damages.
The Data Controller or the Data Processor shall be released from liability if it proves that the damage
he shall not be liable in any way for the event giving rise to it.
10.14. Rules of procedure
– The Data Controller without undue delay, but in any case the application
inform the data subject within 15 months of receipt of the GDPR 15-22. article
on the action taken in response to a request under
If necessary, taking into account the complexity of the application and the number of applications, this
this period may be extended by a further two months. The extension of the deadline is
The controller shall indicate the reasons for the delay from the receipt of the request
inform the data subject within one month. If the person concerned has submitted the
the information shall be provided by electronic means, unless the data subject provides otherwise
asks.
– If the Data Controller does not take action at the request of the data subject without delay, but
shall inform the data subject no later than one month after receipt of the request
the reasons for not taking action and the possibility for the person concerned to lodge a complaint
to a supervisory authority and may exercise its right of judicial review.
– The Data Controller provides the requested information and information free of charge. If concerned
his request is manifestly unfounded or, in particular because of its repetitive nature, excessive,
data controller, subject to the provision of the requested information or information or the requested
charge a reasonable fee for the administrative costs of taking the measure, or
may refuse to act on the request.
– The Data Controller shall inform all recipients of all data performed by him
rectification, erasure or restriction of data processing with whom or with which the personal data
data has been communicated, unless this proves impossible or a disproportionate effort
need. Upon request, the Data Controller shall inform the data subject of these recipients.
– The Data Controller is a copy of the personal data that is the subject of data processing
make it available. For further copies requested by the data subject, the controller shall:
may charge a reasonable fee based on administrative costs. If concerned
submitted the application electronically, the information will be provided in electronic format
unless the person concerned requests otherwise.