Date controller name:

 

Data controller name:	BEFAG Parketta Kft.
Data Controller Company Registration Number:	Cg.19-09-520901
Data Controller Headquarters:	8300 Tapolca, Külterület hrsz. 0169/2
Data Controller Electronic Contact:	info@befag.hu
Data Protection Officer Headquarters:
Data Protection Officer Electronic Contact:

 

Relevant Legislation

In determining the provisions of this Information Notice, we have taken into account the following laws and related regulations, in addition to Regulation (EU) 2016/679 (GDPR) (hereinafter: Regulation):

• Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information
• Act V of 2013 on the Civil Code (Ptk.)
• Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activities (Grtv.)

Other laws and regulations mentioned in the notice are also considered.

Data Processing Rules:

The conceptual system of this information notice is consistent with the definitions in Section 3 of the Infotv.

The data controller processes personal data only for a specified purpose, in the exercise of rights and the fulfillment of obligations, to the minimum extent necessary and for the necessary duration. At all stages of data processing, the purpose must be adhered to — and if the purpose of the data processing ceases to exist or if the data processing is otherwise unlawful, the data will be deleted.

The data controller processes personal data only with the prior consent of the data subject or based on the law or legal authorization.

Before data collection, the data controller always informs the data subject of the purpose of the data processing and its legal basis.

Employees involved in data processing within the data controller's organizational units and employees of organizations involved in processing on behalf of the Company are required to keep the personal data they become aware of as business secrets. Individuals handling personal data and those with access to it are required to sign a confidentiality agreement.

The Company's employees ensure that unauthorized persons cannot view personal data during their work and that the storage and placement of personal data are designed so that it is not accessible, knowable, modifiable, or destructible by unauthorized persons.

Types of Processed Data:

MARKETING PURPOSE DATA PROCESSING

Creation and Publication of Promotional Photos and Videos

At the events organized by the Data Controller, photos and videos may be taken for later promotional purposes. The Data Controller or a data processor appointed by the Data Controller will take the recordings, and the individuals appearing in these recordings may be recognizable. The events may be open to the press, and the staff of media organizations may also take recordings. These media organizations are independent data controllers.

According to Civil Code Section 2:28 (1), the data subject's consent is required for the creation and use of images and recordings. If the event is a mass event, there is no need for consent to take the recording and use it in the case of mass recordings or public appearances.

The recordings will be published in the company's newsletter, on the company's Facebook page, website, and possibly provided to local and national media content providers.

Purpose of Data Processing: Promoting the Company’s marketing activities, strengthening its image, and the use of photos taken at events for these purposes.
Type of Processed Data: The data subject’s image and voice.
Legal Basis for Data Processing: Consent of the data subject under Section 5(1)(a) of the Infotv and Section 2:48 (1)-(2) of the Civil Code.
Recipients of Data Processing: Occasionally local and national media content providers.
Data Retention Period: Until the marketing purpose is achieved.
Method of Data Retention: Electronically.

Website Data Processing:
Anyone can access the Data Controller's website without revealing their identity or providing personal data. Non-personal information is automatically collected by the website. These data cannot be used to identify individuals, so they are not subject to data processing under the Infotv.

The website uses Google Analytics, which employs cookies. These cookies are text files placed on the visitor's computer to help analyze the use of the website. Information generated by cookies (such as the IP address) is transmitted to Google’s servers in the United States and stored there. Google does not associate the information generated by cookies with other data, meaning it does not process personal data under applicable data protection laws. Website visitors can refuse the use of cookies by adjusting their browser settings. By using this website, visitors consent to the processing of their data in the manner and for the purposes described above.

Promotional Data Processing related to Competitions, Contests, and Sweepstakes:

As part of its marketing activities, the Company organizes various contests, including drawing and photography competitions, and occasionally sweepstakes.

Personal data is processed only with the data subject's consent. The Company provides a privacy notice with a reference to this information notice in relation to the announcement of such activities. By applying, registering, or participating in the contest or sweepstakes, the data subject consents to data processing.

If the announcement allows minors to apply, individuals under the age of sixteen may only participate with the consent of their legal representative.

Purpose of Data Processing: Promotion of the Company through marketing activities, organization of contests, sweepstakes, and the use of photos taken during the announcement, results, and participants.
Type of Processed Data: The name and contact information of the applicant/contestant, optionally their school, class, and teacher’s name. In the case of applicants under 16, data provided with the legal representative’s consent.
Legal Basis for Data Processing: Consent of the data subject under Section 5(1)(a) of the Infotv.
Recipients of Data Processing: As specified in the individual privacy notice for the specific event.
Data Retention Period: Until the marketing purpose is achieved.
Method of Data Retention: Stored in the Company's physically protected office spaces, paper-based in the archives, or electronically in the document management system, accessible by those with appropriate authorization according to internal regulations.

Event Organization and Data Processing:

The Company organizes numerous events, ranging from employee and family events, competitions, tours, open days to the handover of investments. During events, participant and guest lists are recorded for safety and, if consent is given, for future invitations to similar events.

Purpose of Data Processing: Recording participants for events.
Type of Processed Data: Name, email address, event they registered for, phone number (optional), organization, and position.
Legal Basis for Data Processing: Consent of the data subject under Section 5(1)(a) of the Infotv.
Recipients of Data Processing: Potentially other organizations involved in organizing the event. These organizations will be listed in the announcement or invitation.
Data Retention Period: Until the withdrawal of consent.
Method of Data Retention: Stored in the Company's physically protected office spaces, paper-based in the archives, or electronically in the document management system, accessible by those with appropriate authorization according to internal regulations.

Contact Data Processing:

The Company operates a website that allows visitors to contact them and participate in various competitions. The contact form does not save data in the website's database, but generates an email sent to info@befag.hu, which is managed by the secretariat. Thus, the name, email address, subject, and content of the message are recorded.

Purpose of Data Processing: Communication and contact with the Company.
Type of Processed Data: Name, email address, phone number (optional), other personal data in the message subject and content.
Legal Basis for Data Processing: Consent of the data subject under Section 5(1)(a) of the Infotv.
Recipients of Data Processing: Internal employees or departments.
Data Retention Period: As specified in the filing system.
Method of Data Retention: Electronically.

Newsletter Data Processing:

Newsletters are sent to those who subscribe to the service. Upon subscribing to the newsletter, the data subject must accept the privacy notice, indicating their voluntary and informed consent.

The Data Controller ensures that an unsubscribe option is available at the bottom of every newsletter.

Purpose of Data Processing: Marketing data processing to promote BEFAG Parketta Ltd. activities.
Type of Processed Data: Name, email address.
Legal Basis for Data Processing: Consent of the data subject under Section 5(1)(a) of the Infotv.
Recipients of Data Processing: Potentially data processors listed by the Company.
Data Retention Period: Until the termination of the newsletter service or until the data subject requests deletion (unsubscribing).
Method of Data Retention: Stored in the Company’s protected office spaces, paper-based in the archives, or electronically in the document management system, accessible by those with appropriate authorization according to internal regulations.

Customer Service Data Processing:

The Company does not operate a dedicated customer service, but complaints, suggestions, and inquiries are recorded, investigated, and answered according to internal regulations.

LEGAL OBLIGATION-RELATED DATA PROCESSING

Data Processing Related to Permanent Records (Archives Law):

In order to comply with legal obligations, the Company processes personal data contained in documents considered of permanent value under Act LXVI of 1995 on Public Archives and Private Archives to ensure the preservation of these documents for future generations.

Purpose of Data Processing: Compliance with legal requirements.
Type of Processed Data: Personal data in documents of permanent value.
Legal Basis for Data Processing: Section 5(1)(a) of the Infotv and Act LXVI of 1995.
Recipients of Data Processing: According to the Archives Law.
Data Retention Period: Until transfer to the public archive.
Method of Data Retention: Stored in the Company’s physically protected office spaces, paper-based in the archives, or electronically in the document management system, accessible by those with appropriate authorization according to internal regulations.

Data Processing for Tax and Accounting Obligations Fulfillment:

The Company processes data of natural persons who enter into a business relationship with it as a customer or supplier, based on legal obligations, in order to comply with tax and accounting requirements as prescribed by law (accounting, taxation).

Purpose of data processing: Compliance with legal requirements
Processed data:
Based on §169 and §202 of Act CXXVII of 2017 on Value Added Tax (VAT Law), particularly: name, address, tax identification number, tax status.
Based on §167 of Act C of 2000 on Accounting: name, address, designation of the person or organization ordering the economic operation, the person authorizing it, and the person verifying the execution of the order, and depending on the organization, the signature of the auditor; on inventory movement documents and cash management documents, the signature of the recipient and the payer on counter receipts.
Based on Act CXVII of 1995 on Personal Income Tax: business registration number, primary producer registration number, tax identification number.

Some of the accommodation facilities operated by the Company do not qualify as business-related community or leisure accommodation and fall under Government Decree No. 173/2003 (X. 28.), meaning they are exempt from the collection of tourist tax (IFA). However, for other accommodation facilities, the Company is obliged to collect the IFA. In terms of IFA collection obligations, legislation may also require the accommodation provider to maintain a record for verification purposes, specifying the data to be recorded and the manner of storage. (At the time of the regulation’s enforcement, the local government regulations of Hungarian municipalities, such as the 10/2014 (IX. 26.) ordinance of the Municipality of Magyarpolány and 13/2013 (XI. 30.) ordinance of the Municipality of Ugod, lay down such obligations.)

Legal basis for data processing:
Act on Information (Info. tv.) §5 (1) (a), Act CXXVII of 2017, Act C of 2000, Act CXVII of 1995
Recipients of data processing: Authorities defined by law, other bodies
Data storage deadline: 8 years from invoice issuance, according to the archive plan
Data storage method: In physically protected office spaces, in paper format and in the document management system, as well as electronically in the invoicing and administrative system. Only those with the appropriate internal authorization may access the data.

---

Data Processing Related to the Execution of the EKAER Regulation:

According to Section 3 (1) of Government Decree No. 5/2015 (II. 27.) NGM on the Electronic Road Freight Control System (EKAER), road freight transport activities, such as:

a) product purchase or other imports from another EU member state to Hungary,
b) product sales or other exports from Hungary to another EU member state,
c) domestic sale of goods subject to VAT to an end user for the first time
can only be carried out by a taxable person with a valid EKAER number, as specified in Section 4 of the regulation.

A taxable person wishing to engage in road transport activities must notify the state tax and customs authority with the content specified in the EKAER regulation to obtain an EKAER number.

Purpose of data processing: Compliance with legal requirements
Processed data: According to Government Decree No. 5/2015 (II. 27.) NGM (EKAER regulation)
Legal basis for data processing: Info. tv. §5 (1) (a)
Recipients of data processing: The Company does not operate the electronic notification system; the tax authority has access to the submitted data
Data storage deadline: Archive plan
Data storage method: In physically protected office spaces, in paper format and in the document management system, as well as electronically in the administrative system. Only those with appropriate internal authorization may access the data.

---

Bill of Lading, CMR:

According to Section 22 (1) of Government Decree No. 261/2011 (XII. 7.), a motor vehicle engaged in road freight transport for a fee must carry a bill of lading during transport.

According to Section 5 (1) of Government Decree No. 120/2016 (VI. 7.) on Road Transport Contracts, if required by law or by agreement, a bill of lading with the details specified in the decree must be issued for the transport performance.

Purpose of data processing: Compliance with legal requirements
Processed data: As specified in Section 22 (2) of Government Decree No. 120/2016 (VI. 7.) and in the Geneva Convention on the International Road Transport of Goods, specifically Article 6.
Legal basis for data processing: Government Decree No. 261/2011 (XII. 7.), Article 6 of the Geneva Convention, 1971.
Recipients of data processing: Competent authority may request or inspect during control
Data storage deadline: 8 years from issuance
Data storage method: Both electronically and in paper format

---

Consumer Complaints Handling:

The consumer may orally or in writing file a complaint with the business regarding any behavior, activity, or omission directly related to the sale or marketing of goods.

Purpose of data processing: Recording, investigating, and evaluating complaints
Processed data: In case a protocol is made for a complaint, the data specified in Section 17/A (5) of the Consumer Protection Act must be included:

• Name and address of the consumer
• Place, time, and method of complaint submission
• Detailed description of the complaint, documents, and evidence presented
• Signature of the person taking the minutes and the consumer (if applicable)
• Date and time of the protocol creation.

Legal basis for data processing: Consumer Protection Act 1997, Section 17/A
Recipients of data processing: The data may be requested by supervisory authorities during inspections
Data storage deadline: The protocol and response copy must be kept for 5 years
Data storage method: Stored in paper format and electronically in the document management system with appropriate internal access control.

---

Handling of Warranty and Guarantee Claims:

Purpose of data processing: Recording, investigating, and evaluating warranty and guarantee claims
Processed data: In case a protocol is made, the protocol includes the consumer’s name and address
Legal basis for data processing: Consumer and business contract, NGM Regulation on warranty and guarantee procedures
Recipients of data processing: Supervisory authorities during inspections
Data storage deadline: 5 years
Data storage method: Stored in paper format and electronically in the document management system with appropriate internal access control.

---

Contract-related Data Processing:

For contracts related to natural person partners, personal data will be processed for preparing, concluding, and executing agreements.

Purpose of data processing: Contract signing, performance, termination, offering contract benefits
Processed data:
Data of individuals contracted as customers or suppliers, such as name, address, tax identification number, personal identification details, business registration, and other legal data required by relevant regulations.

Legal basis for data processing: Contractual obligations, legal requirements
Recipients of data processing: Data may be processed by data processors, service providers, and subcontractors
Data storage deadline: As per archive plan
Data storage method: Stored in paper format and electronically in the document management system with appropriate internal access control.

 

Data processing related to debt collection:

The Company’s outstanding receivables are initially managed internally based on the relevant internal regulations.

At the Company's decision, cases related to receivables are transferred to a law firm, an individual lawyer, or a debt collection management organization with which the Company has an individual or ongoing contractual relationship, for the purpose of managing the receivables and claims.

Purpose of data processing: Collection of outstanding receivables generated during service activities, and enforcement of other claims of the Company based on different legal grounds.

Types of processed data: The debtor's name, birth name, mother’s name, place and date of birth, address, contact information, data related to the claim, the amount of the claim, the legal basis, due date, and documents supporting these details.

Legal basis for data processing: Info Act §6 (5) c) point.

Recipients of the data processing: Law firm, individual lawyer, or possibly debt collection company contracted with the Company.

Data retention period: Until the receivable is settled or the civil law claims related to the receivable expire.

Method of data storage: The data controller stores the data in physically protected office spaces and archives, both in paper format and electronically in a document management system, with access restricted to individuals with appropriate internal permissions as per internal regulations.

Data processing related to asset protection:

Video surveillance

The data processing related to video surveillance is described in the “BEFAG Parketta Kft. – Data Processing Information on Video Surveillance.”

Entry and exit management:

The security of the BEFAG Parketta Kft. premises is provided by an external contractor who works with two personnel in 24-hour shifts. During the day, the security personnel also performs reception duties. Mainly the license plate numbers of incoming and outgoing vehicles are recorded, along with the date and time.

The reception and security service personnel are considered security guards under the 2005 Act CXXXIII (hereinafter: Security Act), and they are entitled to all rights and obligations as specified in the law.

Other data processing:

For data processing not listed in this notice, separate information will be provided at the time of data collection.

Exercising the rights of data subjects:

The data subject, based on §14 of the Info Act, is entitled to receive information from the data controller and any data processors acting on its behalf regarding the processing of their personal data. This includes:

• The right to be informed about the facts related to data processing before it begins (right to prior information).
• The right to access personal data and related information (right of access).
• The right to have personal data corrected or completed (right to rectification).
• The right to restrict the processing of personal data (right to restriction of processing).
• The right to have personal data deleted (right to erasure).

The data controller shall provide each notification in a concise, transparent, intelligible, and easily accessible form, written in clear and plain language, especially when directed towards children. The information must be provided in writing or by other means, including, where appropriate, electronically. The data subject may also request oral information, provided they sufficiently verify their identity.

The data subject has the right, according to the law, to request information about the processing of their personal data, as well as to request correction, restriction of processing, or deletion of the data (Info Act §14). Requests under this section must be reviewed and decided within the shortest possible time but no later than twenty-five days after submission. The decision must be communicated to the data subject in writing, or if submitted electronically, electronically.

Exercising the data subject's rights is free of charge, unless the data subject submits multiple requests for the same data within the same year, in which case the data controller may charge for the processing of those requests.

The Company may require reimbursement for the costs directly incurred from the data subject’s repeated and unfounded assertion of their rights.

If the Company has reasonable doubts about the identity of the individual submitting a request, it may ask for additional information to confirm the identity of the data subject.

The Company will compensate any damage caused by unlawful processing of personal data or a breach of data security requirements, as well as any compensatory damages arising from personality rights violations caused by the Company or its data processors. The data controller is not liable for the damage or compensation if it can prove that the damage or violation was caused by an unavoidable cause outside the scope of data processing.

Integrity and confidentiality:

The Company carries out personal data processing in accordance with the Info Act §4 and §25/I. It ensures the appropriate security of personal data through the application of adequate technical and organizational measures to protect it from unauthorized or unlawful processing, accidental loss, destruction, or damage. The Company uses encryption for electronic transmission of personal data.

Modification of the Information Notice:

The Company reserves the right to unilaterally modify this Information Notice. Modifications will be communicated to the Data Subjects through the Company's website.

Legal remedy:

The data subject may submit complaints related to the Company’s data processing practices to the National Authority for Data Protection and Freedom of Information (NAIH):

• Name: National Authority for Data Protection and Freedom of Information
• Headquarters: 1024 Budapest, Szilágyi Erzsébet fasor 22/C.
• Website: www.naih.hu

The data subject also has the option to approach the court for the protection of their data, which will process the case out of turn. In this case, the data subject may choose to submit their lawsuit to the court based on their permanent or temporary residence (http://birosag.hu/torvenyszekek). The court to approach can be found through the website: http://birosag.hu/ugyfelkapcsolati-portal/birosag-kereso.