Privacy notice

Factsheet a https://smartscan3d.com/ data processing in connection with this website

This document is the https://smartscan3d.com/ domain name and created and operated by the Data Controller, inter alia, for the purpose of providing website, webshop design and construction services (hereinafter referred to as the "Website"), and the applicable provisions of the applicable legislation.

The Data Controller reserves the right to unilaterally amend this Privacy Notice, provided that the amended Privacy Notice shall enter into force upon publication on the website.

Please note that this Privacy Policy only contains information related to the website, and does not contain any information related to the social networking sites of the Data Controller.

I. Data controller's data:

In applying this privacy notice, the Data Controller (hereinafter: Data Controller):

II. Data Protection Officer of the Data Controller:

The controller does not meet any of the conditions set out in Article 38(1) of the GDPR and therefore the appointment of a Data Protection Officer is not required under the applicable legislation.

III. Information on the applicable legislation

The provisions of this privacy notice are subject to the following EU and national legislation:

• REGULATION (EU) No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: GDPR)
• Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: Infotv.)
• Act CVIII of 2001 on certain aspects of electronic commerce services and information society services

IV. Definitions

In relation to this privacy notice:

• Web site: a set of web pages at a given IP address (in a given domain) that are linked by hyperlinks.
• Web page/website: a document written in HTML with closely related files on a website, defined by a unique URL.

• personal data: any information relating to an identified or identifiable natural person („data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
• Processing: any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
• controller: the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the controller's designation may also be determined by Union or Member State law;
• processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
• data subject's consent: a voluntary, specific, informed and unambiguous indication of the data subject's wishes by which he or she signifies his or her agreement to the processing of personal data concerning him or her by means of a statement or an unambiguous act of affirmation;
• data breach: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

All the definitions used by the GDPR are set out in Article 4 of the legislation, which provides https://net.jogtar.hu/jogszabaly?docid=A1600679.EUP link or by typing/pasting it into the address bar of your browser.

V. Our data processors

VI. A https://smartscan3d.com/ data processing on the website

1.Contact us via one of the contact details (phone, e-mail) provided on the Website.

• You have the possibility to contact us directly through the contact details (phone, e-mail) provided on our website for information, information, booking an appointment.
• For these purposes, we process your name, telephone number and e-mail address, as well as the personal data you provide to us in text messages and e-mails.
• The legal basis for the processing of the above data is Article 6 (1) (f) of the GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller).
• Legitimate interest of the Data Controller: to provide information about the activities of the Data Controller, to provide information, to arrange appointments.
• Category of recipients of the transfer: the Data Controller does not transfer data for this purpose.
• Time limit foreseen for deletion: 30 days after contact in case of a single contact, 30 days after the last contact in case of multiple contacts.
• We use IT tools with appropriate security solutions to protect your personal data, so that only the Data Controller has access to your data.

2. Online booking for a consultation via the form on the website

• Persons who visit the website and are interested in the services have the possibility to book an appointment with the Data Controller for a free consultation.
• For the above purposes, we process the name, e-mail address, the name of the service provided by the data subject, the date and time of the appointment booked online with the Data Controller.
• The legal basis for processing is Article 6(1)(a) of the GDPR, i.e. your consent as the data subject.

You can book an appointment after filling in the form, ticking the checkboxes “Privacy Policy” and “Consent to data processing”, accepting the form and clicking on the „Submit” button. At the same time and by ticking the checkbox, you confirm that you have read and understood the “Privacy Notice” and that you consent to the processing of your data as described in this document. If you do not want your personal data to be processed for this purpose, please contact us at the telephone or e-mail address indicated above. As a data subject, you have the right to withdraw your consent at any time, however, the withdrawal of consent does not affect the lawfulness of the processing based on consent prior to its withdrawal. Withdrawal of consent is possible by contacting the felmeres@smartscan3d.com by sending an electronic mail to our e-mail address or by sending a paper document signed by you to the Data Controller's registered office at the address indicated above. In this case, once we have received your declaration, we will no longer process your data for this purpose and will not be able to keep any date you may have booked.

• Category of recipients of the transfer: the Data Controller does not transfer data for this purpose.
• Time limit foreseen for cancellation: immediately after the consultation or cancellation of the appointment and withdrawal of consent.
• To protect your personal data, we use information technology and infocommunication tools with appropriate security solutions, so that only authorised persons have access to your data.

VII. Information about your rights as a data subject in relation to data processing

1.Right to information 

You have the right to receive from the Data Controller, prior to processing or, at the latest, immediately after the first processing operation, concise, transparent and comprehensible information on the essential aspects of processing, your rights and remedies.

This privacy notice has been drafted and published with a view to the exercise of this right.

Please note that you can exercise your other rights and remedies regarding the processing of your personal data after you have provided proof of your identity.

2. Right of access to data („right of access")

You have the right to request information from the Data Controller about the personal data concerning you that it processes, the purposes, legal basis and duration of the processing, the legal basis and recipients of any data transfers.

3. Rights to rectification (amendment), erasure, restriction (blocking) 

You have the right not only to know the personal data processed by the Data Controller, but also to request the rectification of your data that need to be clarified, and in the case of data that are not compulsorily recorded, to request their deletion or the restriction of processing.

4. Right to object 

On the basis of this right, the Data Controller may, in the event of your objection, continue to process your personal data only to the extent necessary for the purposes of the mandatory processing laid down in the applicable legislation. With regard to your non-mandatory data, the Controller will limit the processing and will investigate the objection.

Importantly, we may only continue to process your data not covered by mandatory processing if we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

If the objection is found to be justified, we will cease processing your data not covered by the mandatory processing and delete the data.

5. Right to data portability

You have the right to receive personal data concerning you that the Controller has provided to you in a structured, commonly used, machine-readable format, and the right to transmit such data to another controller without the Controller's hindrance, if:

• the processing is based on your consent or explicit consent, or
• processing is necessary for the performance of a contract to which you are a party, or
• is necessary to take the steps you have requested prior to the conclusion of the contract; and
• the processing is carried out by automated means.

In exercising this right, you have the right to request, where technically feasible, the direct transfer of your personal data between the Controller and other controllers.

The exercise of this right shall be without prejudice to your right to erasure (right to be forgotten), which shall not apply where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

This right must not adversely affect the rights and freedoms of others.

6. Your rights regarding automated decision-making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless the decision

• necessary for the conclusion or performance of a contract between you and the Controller; or
• is permitted by Union or Member State law applicable to the controller which also lays down appropriate measures to protect your rights and freedoms and legitimate interests; or
• is based on your explicit consent.

In the cases referred to in paragraphs 1 and 3, the Data Controller will take all appropriate measures to protect your rights, freedoms and legitimate interests.

the decisions referred to above may not be based on specific data, unless

• you have given your explicit consent to the processing of your personal data for one or more specific purposes, or if you have
• the processing is necessary for an important public interest, based on EU or Member State law, is proportionate to the aim pursued, respects the essential content of the right to the protection of personal data and provides for adequate and specific measures to safeguard your fundamental rights and interests; and
• appropriate measures have been taken to protect your rights, freedoms and legitimate interests.

VIII. Information on the legal remedies available to the data subject

1. If you consider that the Data Controller has not acted in accordance with the applicable law in the processing of your personal data, you, as the data subject, may bring a civil action before the competent court. The court of law shall have jurisdiction to rule on the action. The action may also be brought before the competent court in the place where the person concerned resides or is domiciled.
2. If you believe that you have been subjected to a violation of rights by the Data Controller in connection with the processing of your personal data, you may initiate an investigation or an official procedure by filing a complaint with the National Authority for Data Protection and Freedom of Information. The procedure of the Authority is free of charge and the costs of the investigation are advanced and borne by the Authority.

In the notification of an inquiry by the authority, the data subject shall indicate the information supporting the fact that he or she has sought to enforce his or her rights in relation to the processing with the controller. In the notification of the inquiry by the authority, the data subject shall indicate the particulars supporting the assertion of his or her rights in relation to the processing by the controller.

IX. Contact details of the supervisory authority: