DATA PROTECTION PRINCIPLES AND LEGAL TERMS

Pursuant to Act LXIII of 1992 on Personal Data Protection and Disclosure of Data of Public Interest, Auto Securit Zrt. hereby declares the following data protection principles and guidelines :

To Auto Securit plc. the protection of the clients’ personal data  and the safeguarding of the website visitors’ right to informational autonomy and privacy is a top priority.  Auto Securit is committed to managing the visitors’ personal data at all times in full compliance with the regulations governing data protection.  Auto Securit therefore treats visitors’ personal data confidentially, in concordance with legal regulations, safeguards data security and takes all necessary technical and organisational measures and develops all the procedures which are necessary to implement the stipulations of the aforementioned Act and other  respective recommendations.

Auto Securit plc.shall treat the visitors’ and users’ personal data confidentially, in accordance with the legal regulations in force.  Auto Securit engages itself to notify the website visitors in due course should there occur any change in the principles and practice of personal data management, so that they are accurately and permanently aware of the latest principles and practice followed by AutoSecurit.  Auto Securit declares that these present Legal Terms on data protection and data management always reflect the actual principle applications and the genuine legal practice. When developing these data protection principles and guidelines we took the governing legal regulations into consideration.

Auto Securit plc. engages itself to clearly and unambiguously inform the user on the manner, purpose and principles of data collection prior to collecting, recording and managing them. Auto Securit emphatically draws user’s attention to the voluntary nature of data supply in each instance when data recording and data management is not governed by law.

In case of compulsory data supply Auto Securit shall indicate the exact regulation ordering this. The person affected by this is entitled to be informed of the purpose of data management and the identity of those who will manage and process them. Information on data management can also occur through the fact that there is an act governing data acquisition occurring from pre-existing data through forwarding and linking.

In case  Auto Securit wishes to use the data for purposes different from the ones stated, the user shall be informed of this intention and their explicit consent shall be sought. In this instance the user is entitled to prohibit the intended usage.

Auto Securit plc. shall at all times comply with the limitations stipulated by law in the course of data supply, recording and management and shall inform the person in question on the procedures via electronic correspondence. Auto Securit plc. engages itself not to sanction by any means users who refuse the non-compulsory data supply.

Auto Securit plc. engages itself to ensure the safety of data by taking the necessary technical and organisational steps and by elaborating the procedures which safeguard the protection of the recorded, stored and managed data, and shall prevent their destruction, unauthorised use and unauthorised modification. Furthermore,  AutoSecurit engages itself to remind all third parties of these obligations should it opt to forward these data.

AShould any of our visitors feel that they have questions or queries stretching beyond the content of these present guidelines, or would like to clarify issues which have not been or have partly been covered, please feel free to contact our staff member in charge of personal data protection on the e-mail address below:  
vevoszolgalat@autosecurit.hu.

CONCEPTS RELATED TO PERSONAL DATA

Personal data:
Any specific, identified or identifiable data related to a living, identifiable individual carrying the possibility of identification qualifies as personal data. Throughout the process of data management personal data maintain this quality as long as there persists a restorable connection with the individual in question. The individual can especially be considered as identifiable when, directly or indirectly, they can be identified on basis of an item (eg. name, identifier) or one or several characteristic elements related to their physical, physiological, mental, economic, cultural or social characteristics or identity.

Sensitive personal data:
Personal data related to race, origin and ethnic minority, political stance, religious belief, trade union membership, physical or mental health, addiction, sexual bias and commission of offences or alleged offences.

Data management:
Regardless of the method applied, any operation or series of operations (eg. data collection, recording, filing, storing, modifying, usage, forwarding, disclosure, liaising or linking, obstructing, deleting,destruction or impeding further use) qualifies as data management. Furthermore, taking photos, making audio or video recordings or other physical characteristics suitable for identifying (eg. taking palm- or fingerprints, DNA or iris samples) also qualify as data management.

Data processing:
Performance of data processing operations and technical tasks, regardless of the means and methods applied and regardless of the place of application.

Data forwarding:
Making certain data accessible to a defined third party.

Public disclosure:
Making certain data accessible to any other person.

Data manager:
An individual or legal entity, or an organisation not bearing legal entity who/which defines the purpose of data management,makes and carries out decisions related to data management (including the choice of method ), or has a designated data processor execute them. In case of compulsory data management, the data manager and the purpose and conditions of  data management, respectively, are governed by the Data Protection Act and/or decrees issued by local authorities.

Data processor:
An individual or legal entity, or an organisation not bearing legal entity who/which performs data processing activities on the data manager’s assignment.

Deleting data:
Making data unidentifiable in such a manner as restoring is no longer possible.

THE BASIC PRINCIPLES OF HANDLING INFORMATION

Personal data can only be managed with the respective person’s consent or in cases stipulated by law or governed by local authority regulations. Out of public benefit, the law can order the disclosure of personal data by clearly designating the conditions and extent to which this can be revealed. In all other events an explicit consent, in case of sensitive data an explicit written consent is necessary. When in doubt one shall assume that the person in question has not given their consent. Consent is considered to be given in case the personal data were disclosed by the individual in question assuming the role of a public speaker and revealing the information with the purpose of being made public.

The regulations governing data management and personal data protection of users and visitors exclusively apply to individuals, as personal data can only be interpreted in relation to such persons ( based on paragraph 2.1 of Act LXIII of 1992 on Personal Data Protection and Disclosure of Data of Public Interest), therefore this present declaration is exclusively compellent to the personal data protection of individuals.

Personal data may only be managed for clearly defined purposes under submission to regulations. All and any stage of data management must be compliant with the defined purpose. Only indispensable and suitable data can be used in the process of data management.Data management can only occur for the length of time and to the extent necessary to achieve the purpose of service.

In the absence of regulations stating otherwise, personal data can only be managed with the visitor’s consent. The voluntary or compulsory nature of data supply must be stated prior to collection. In case of compulsory data supply the commanding law must be quoted. During data management data can only be used for the indicated purpose. Beside clearly stating the purpose of data management, the person(s) managing and processing these data also have to be named.

Storage of data has to be proportionate with the purpose and the length of time allotted to achieving this purpose and has to be performed in a secure manner. The data manager shall provide data security and shall take all the necessary technical and organisational steps and elaborate the procedures which are necessary to implement the respective legal regulations. Data shall particularly be protected against unauthorised access, modification, disclosure, deletion, deterioration or destruction.

Throughout data management the visitor can at any time check or ask for briefing on the content of their data, and can at any time ask for their correction, modification or deletion. The visitor can at any time modify or alter their consent to data management.Once the aim of data management has been reached, the deletion of data shall be performed according to the legal regulations. Data can only be forwarded and various data management procedures can only be connected if the visitor has consented to it or the law permits it and if data management conditions have been met in relation to each item of personal data.

Auto Securit Zrt. does not collect and does not manage personal data on children under 14 .In case the request to supply personal data on children below 14 arises on behalf of the visitor, such data can only be recorded after a proper parental or custodial consent has been put at disposal. In the absence of such authorisation we do not make a record of children’s personal data not even in case this will prevent the respective service from being delivered.

CLARIFICATIONS RELATED TO THE HANDLING OF PERSONAL DATA

Generally, when accessing  Auto Securit’s website,  our visitors can do so without having to disclose their identity or having to supply personal data. However, there are certain pages and instances when, in order to fully enjoy the benefits of Auto Securit services, the supply of certain personal data (eg. name, postal address or e-mail address) is necessary.

By data and information suitable for personal identification we mean personal data referring to living individuals by which identity can be revealed and communication can be established – to only mention name, address, mailing address, telephone number, fax number, e-mail address, social security number, VAT number, credit card information, customer profile.

Anonymous information collected by excluding the possibilty of personal identification and which cannot be related to a living individual, furthermore, demographic data which are collected without linking them to individual persons who thus become unidentifiable do not qualify as personal data. By personal data supplied by a third party – based on necessary consent - we mean data or information which are suitable for personal identification and are related to the person/visitor using our services. These data are collected and supplied by the provider through a third party, complying with the aforementioned regulations.

Under no circumstances shall Auto Securit collect sensitive personal data concerning racial, national or ethnic origin, political views or stance, religion or other belief, physical or mental health, addiction, sex life and commission of offences or alleged offences.

This present regulation is related to the protection of data put at the disposal of AutoSecurit by the visitors who do not wish to make these data public access. This regulation does not apply to cases when a person publicly discloses their personal data or part of them by their own will.

We do not supplement and do not link the personal or other data supplied by our visitors with data or information coming from other sources. Should such instance occur in the future, we will exclusively do that after we have duly informed our visitors and sought their permission. Under no circumstances shall we forward the personal data supplied by our visitors to a third party without their prior consent.

However, in order to provide full service, it is sometimes necessary to provisionally forward certain personal data – in the event of granted permission - to a third party for data management or processing purposes. For example when payment is made on-line we forward the credit card number to the bank without storing it in our system.

In case the competent authorities approach the supplier to supply personal data in a manner which is prescribed by law , Auto Securit plc – complying with its legal obligations – forwards the requested information.

MODIFYING AND DELETING PERSONAL DATA

Auto Securit ensures that the visitors access, modify and supplement their own personal data through the same communication channels and by the same means as they did  previously when putting them at our disposal. Thus we would like to ensure that our clients’ personal data remain up-to-date and accurate. In case our client intends to have their personal data deleted from our system, we will promptly fulfill this request. By doing so, the client obviously accepts that from then onwards they will no longer be able to benefit from the same services the same way as they did previously.

PLACEMENT OF ANONYMOUS VISITOR IDENTIFIERS (COOKIES)

Anonymous visitor identifiers (so-called cookies) are individualised signal series capable of identifying and storing user profile information which the providers place onto visitors’ computers. It is important to know that by itself such a signal series is unable to identify the client, it is only suitable for identifying the user’s computer. It is not necessary to give the name, the e-mail address or any other personal data, as when using such applications the provider does not ask for data anyway because the data exchange actually occurs between the two computers.In case you do not wish to be sent such identifying signals onto your computer, you have the choice to set your internet browser not to allow the placement of these.

ENSURING THE CHOICE TO SUBSCRIBE AND UNSUBSCRIBE

By complying with the existing regulations, Auto Securit engages itself to send messages or newsletters only by the clients’ prior request, and to always ensure the possibility to terminate the reception of these communicational services. Those clients who, after ordering the newsletter service offered by us, decide at any time not to receive them any longer can cancel the service by e-mail. The e-mail address can be found on the same web page where the service was ordered.

With services linked to registration or subscription, we send a welcome message to our new customers which sometimes contains useful information related to the service.Periodically and depending on their consent, we send our clients messages on our new products and services, special offers, etc. In case our clients do not wish to receive news on such offers, they can cancel them the same way and on the same channel as they initially ordered them.