1. Name of the controller

Company name: Expletive Pharma Kft

Limited Company

Registered office: 2143 Kistarcsa, Arany János utca 42. Hungary

Company registration number: 13-09-186254

Tax number: 23746875-2-13

Represented by: Tímea Nagyné Fogarasi

       Legal basis for data processing

The following legislation applies to the processing of customer data:

– Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC, in its current version:https://eur-lex.europa.eu/legal-content/HU/TXT/PDF/?uri=CELEX:32016R0679&from=HU

– Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: Info tv.), in force: https://net.jogtar.hu/jogszabaly?docid=A1100112.TV

– Act I of 2012 on the Labour Code (Labour Code), in force: https://net.jogtar.hu/jogszabaly?docid=A1200001.TV

  1. Information on the data processed

Scope of data processed and purpose of data processing

– Data used: Name

Purpose of processing: customer service

Legal basis for processing: necessary for the performance of a contract or for pre-contractual steps

Duration of processing: as defined in the Taxation Act

– Data used: E-mail address

Purpose of processing: Customer relationship

Legal basis for processing: Consent

Duration of processing: Withdrawal of consent by the data subject or fulfilment of the purpose (subject to the conditions set out in the Privacy Policy)

– Scope of data processed: name, title/job title, place of work, (work) e-mail address of the data subject.

– Legal basis for processing: consent pursuant to Article 6(1)(a) GDPR.

-Storage period: following the examination of the data subject’s request to the Data Controller to delete his/her personal data, his/her personal data will be deleted from the system immediately if his/her request is justified. Except in the event of legal proceedings or claims, proceedings before a court, prosecutor’s office, investigating authority, infringement authority, administrative authority, the National Authority for Data Protection and Freedom of Information or other bodies authorised by law, in which case the proceedings shall be concluded by final judgment.

-Method of storage: personal data of the data subject are stored by the Controller in electronic form.

-Transmission of data: the Controller will transmit the compliance rating to the employer for the purposes of the employer’s legitimate interest pursuant to Article 6(1)(f) of the GDPR and for the purposes of fulfilling a legal obligation pursuant to Article 6(1)(c) of the GDPR. In addition, any legal or claims enforcement, court, prosecution, investigative authority, infringement authority, administrative authority, the National Authority for Data Protection and Freedom of Information or other bodies authorised by law.

-Automated decision-making, profiling: does not take place.

III. Access to data and data security measures

  1. Access to and transfer of data

The personal data you provide may be accessed by the Data Controller’s staff in order to perform their tasks.

The Data Controller shall only transfer your personal data to other Data Controllers, public authorities in exceptional cases.

For example, where

– judicial proceedings are instituted in a case concerning you, and the court in charge of the proceedings requires the transfer of documents containing your personal data,

– the police will contact the Controller and request the transfer of documents containing your personal data for the purposes of the investigation.

  1. Data security measures

The Data Controller stores the personal data you provide on the Data Controller’s server or, where applicable, in a paper filing system.

The Controller shall take appropriate measures to protect personal data against, inter alia, unauthorised access or unauthorised alteration.

 

  1. Rights of the data subject in relation to data processing
  2. Your rights of access

You, as the data controller, have access to your personal data.

If you request feedback from the Data Controller on whether the Data Controller is processing your personal data, the Data Controller is obliged to provide you with information on:

– (a) what personal data,

– (b) on what legal basis,

– (c) the purposes for which the data are processed,

– (d) from what source,

– (e) how long it will treat.

Your right to receive feedback on whether (or not) your personal data is processed by the Data Controller,

– (a) covers personal data relating to you;

– (b) does not cover anonymous data;

– (c) does not cover personal data that is not personal to you; and

– (d) includes pseudonymised data that can be clearly linked to you.

The Controller will provide you with access to and a copy of your personal data upon your request. If you request an additional/repeat copy of your personal data, the Controller may charge a reasonable fee to cover the administrative costs incurred in connection with fulfilling the request, which fee will be borne by you.

  1. Your right to rectification

You have the right to rectification of your personal data.

This right

– (a) not include anonymous data;

– (b) personal data relating to you;

– (c) does not apply to personal data that does not relate to you; and

– (d) include pseudonymised data that can be clearly linked to you.

The Controller will correct or amend your personal data as appropriate upon your request.

  1. Right to erasure

You have the right to have your personal data erased under certain conditions.

The Controller shall delete your personal data without undue delay where

– (a) the Controller processes that personal data; and

– (b) you request the erasure of your personal data; and

– (c) the personal data are no longer necessary for the purposes for which the Controller processes the personal data.

The Controller shall delete your personal data without undue delay if

– (a) the Controller processes your personal data; and

– (b) you request the erasure of your personal data; and

– (c) you withdraw the consent on which the processing of your data was based; and

– (d) there is no other legal basis for the further processing of your data.

The Controller shall delete your personal data without undue delay if

– (a) processing is necessary for the purposes of the legitimate interests pursued by the Controller or a third party; and

– (b) you object to the Controller processing your personal data; and

– (c) a legitimate ground for processing such personal data does not override your objection.

The Controller shall delete your personal data without undue delay where

– (a) you request the erasure of your personal data; and

– (b) the processing of such data by the Controller is not unlawful; or

– (c) the erasure is mandatory under applicable law; or

– (d) your data is collected in relation to information society services.

  1. Your right to restriction of processing

You may request the restriction of the processing of your personal data.

Your right to request restriction of the processing of your personal data

– (a) not to anonymous data;

– (b) personal data relating to you;

– (c) does not cover personal data that does not relate to you; and

– (d) includes pseudonymised data that can be clearly linked to you.

The Controller will restrict the processing of your personal data for the period during which it verifies the accuracy of such data if you request the restriction of the processing of your personal data and you contest the accuracy of such data. The Controller shall restrict the processing of your personal data if you request the restriction of the processing of data whose processing is unlawful and you object to the erasure of such data.

The Controller shall restrict the processing of your personal data where

– (a) you request the restriction of the processing of your personal data; and

– (b) the Controller no longer needs those data for the purposes of its processing; and

– (c) you request your data for the establishment, exercise or defence of a legal claim.

The Controller will restrict the processing of your personal data if

– (a) you object to the processing of your personal data which is necessary for the purposes of the legitimate interests pursued by the Controller; and

– (b) you are awaiting confirmation that the Controller has legitimate grounds for processing your personal data which do not override your objection.

If the Controller restricts the processing of your personal data, it

– (a) store such personal data,

– (b) process such personal data on the basis of your consent,

– (c) process personal data for the establishment, exercise or defence of legal claims or the defence of the rights of any person.

  1. Your right to data portability

You have the right to receive personal data concerning you which you have provided to a controller in a structured, commonly used, machine-readable format and to have those data transmitted to another controller without hindrance (where technically feasible) to the controller to whom you have provided the personal data, where the processing is based on consent or is necessary for the performance of a contract and the processing is carried out by automated means.

Your right to data portability

– (a) does not extend to anonymous data;

– (b) personal data relating to you;

– (c) does not cover personal data that is not about you; and

– (d) does not cover data that is clearly pseudonymous.

  1. Deadline for processing your request as a data subject

The Data Controller shall respond to requests concerning your rights under the above without undue delay and at the latest within one month.

  1. Right to lodge a complaint

If you believe that your rights have been infringed, the Controller proposes that you initiate a conciliation procedure by contacting the Controller directly. If such conciliation does not lead to a result, or if you do not wish to engage in such an activity, you may refer the matter to the courts or the IAEA. In the event of legal proceedings, you may decide to bring such proceedings before the competent court in your place of residence or domicile.

The contact details of the NAIH are: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.; telephone: +36 1 391 1400; fax: +36 1 391 1410; e-mail: ugyfelszolgalat@naih.hu; website: www.naih.hu

  1. Amendments to this prospectus

The Data Controller reserves the right to amend this information at any time. The Data Controller will, where appropriate, inform customers of such amendments by e-mail and in any case in accordance with the applicable law.