PRIVACY NOTICE
HELL ENERGY Magyarország Kft. respects your privacy and is committed to protecting your personal data. The present privacy notice informs you in particular as to how we process your personal data when you use our website and tells you about your privacy rights, furthermore, how the law protects you.
When processing your personal data HELL ENERGY Magyarország Kft. fully complies with the provisions set out in particular in the 2016/679 (EU) general data protection regulation (GDPR) and the Hungarian Data Protection Act (Act CXII of 2011).
- CONTACT DATA OF THE CONTROLLER
Name: HELL ENERGY Magyarország Kft.
Seat: 1062 Budapest, Andrássy út 126.
Tax number: 13324223-4-44
Group ID: 17782263-5-44
Registration No.: 01-09-729429
Phone: +36 46 887 870
Represented by: Ernő Barabás managing director
email: info@hellenergy.hu
(hereinafter: Controller)
- PuRPOSE AND LEGAL BASIS OF THE PROCESSING, THE RETENTION PERIOD
Please find detailed information below on the data processing activities of the controller.
| Purpose of the processing | Affected data | Legal basis | Retention period |
| To manage communication with you if you contact us (providing information on our products, information requests, concluding contracts) | identity data (e.g. name, username)contact data (e.g. email, phone number)content of such communications | Art. 6 (1) b) GDPR – performance of a contract or Art. 6 (1) f) GDPR – legitimate interest of the Controller (to ensure flawless communication with the clients) | 5 years the termination of the contract or until it is necessary for the purpose of the processing (if no contract has been concluded); or until the deletion of the user account, but no more than 5 years (general statutory limitation period) |
| To administer and protect our business, Service and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | identity data (e.g. name, username)contact data (e.g. email, phone number)technical data | Art. 6 (1) f) GDPR – legitimate interest of the Controller (to carry out business, provision of IT and administrative services, network security, prevention of fraud) | until it is necessary for the purpose of the processing |
| To use data analytics to improve our website, service, marketing, customer relationships and experiences | technical datausage data | Art. 6 (1) f) GDPR – legitimate interest of the Controller (to define the relevant clients, to keep the website up-to-date, business developments, to develop our market strategy) | until it is necessary for the purpose of the processing |
| To contact you and send you via electronic means (such as e-mail, text messages, MMs, private messages etc.) newsletters, information about the goods or services of the Controller and other parties, to make suggestions and recommendations to you about goods or services that may be of interest to you | identity data (e.g. name, username)contact data (e.g. email, phone number)profile data | Art. 6 (1) a) GDPR – consent You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. | until the withdrawal of consent; or in case of inactivity, 1 year after the last activity performed with regard to the Controller |
| To make notifications/posts on social media sites you selected and to communicate with you on such platforms | identity data (e.g. name, username)contact data (e.g. email, phone number)content of the communication | Art. 6 (1) a) GDPR – consent You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. In case of communication: Art. 6 (1) f) GDPR – legitimate interest of the Controller (to ensure flawless communication with the clients) | until the withdrawal of consent but no later than 5 years as regards the communications: 5 years |
| To contact you for market research and customer satisfaction purposes and also to measure the effectiveness of marketing campaigns. | identity data (e.g. name, username)contact data (e.g. email, phone number)profile data | Art. 6 (1) f) GDPR – legitimate interest of the Controller (the protection of its business interests) | until it is necessary for the purpose of the processing |
| Complaint handling (to manage quality complaints concerning the products and services provided by the Controller, to investigate the complaints, request information, draft the minutes, and take the necessary measures) | identity data (e.g. name, username, complaint ID)contact data (e.g. email, phone number)content of the complaint | Art. 6 (1) b) GDPR – performance of a contract | 3 years (Section 17/A. (7) of Act CLV of 1997) |
| concerning certain individuals, the fulfilment of legal obligations with regard to the market abuse regulation (in particular the data processing activities – e.g. keeping a list, register – carried out to comply with the legal provisions regarding the market abuse and market manipulation, e.g. Regulation 596/2014/EU; hereinafter: MAR) | identity of the persons being aware of inside informationthe reason of listing such persons in the list of persons possessing inside informationdate and time when these persons learned the inside information | Art. 6 (1) c) GDPR – legal obligation (in particular Art. 18 of MAR) | 5 years |
In case your personal data is necessary to fulfil a legal obligation or to conclude / perform an agreement and you refuse to provide your data, then the Controller might not be able to perform the agreement (i.e. the provision of the service is not possible).
- DATA RECIPIENTS
- Data Processors
We work with companies that help us run the website and render the service. These companies provide services such as delivering customer support, home delivery and sending emails on our behalf (these are called data processors). In some cases, these companies have access to some of your personal information in order to provide services to you on our behalf. They are not permitted to use your information for their own purposes.
Data processors engaged by the Controller:
| Name | Address | Activity |
| Dialogue Creatives Kft. | 1036 Budapest, Lajos utca 48-66. | Responding to comments, posts and messages, receiving and forwarding complaints, quality complaints and data subjects’ requests to the Controller. Managing the logs on the website, development and database related tasks. |
| feat. Kft. | 1013 Budapest, Pauler utca 11./ 2. emelet | Responding to comments, posts and messages, receiving and forwarding complaints, quality complaints and data subjects’ requests to the Controller. |
| Microsoft Corporation | One Microsoft Way Redmond WA 98052-7326 | Data storage in e-mail application. |
- Disclosure to other data controllers
In other cases, we provide your data to other entities to use such data under their own name and for their own benefit. Sometimes we may need to do this to comply with a legal obligation (such as when we need to provide certain transactional, technical or identity data to the police or other authorities), and in other cases, we rely on other legal grounds, such as our legitimate interests or your consent.
Alternatively, if we have a good-faith belief that the disclosure is necessary to prevent or respond to fraud, defend our websites or applications against attacks, or protect our property and safety, our customers, users, the public, or specific companies retained to assist us to combat piracy.
- DATA TRANSFERS
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- we may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
Please do contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
- Data subjects’ rights
| Right | What does it mean? |
| Right to access | You have the right to access your personal data, including requesting information on whether we processes your data, which data are processed, etc. |
| Right to rectification | You have the right to the correction of your personal data. This enables you to ask that any incomplete or inaccurate data we hold about you be corrected. |
| Right to erasure | Subject to certain conditions and in certain cases, you have the right to the erasure of your personal data. This means that you may request that we delete your personal data that we may have processed unlawfully or where the use of your data is no longer needed for a purpose. Please keep in mind that we may not be able to meet your request for specific legal reasons that will be notified to you, if applicable. |
| Right to restriction of the processing | You may also request the restriction of the processing of your personal data. For instance, you may request that we suspend the processing of your personal where our use of the data is unlawful but you do not want us to delete it. We restrict the processing of your personal data for a period to verify the accuracy of such data if you request to obtain the restriction of the processing of your personal data, and you challenge the accuracy of such data. We restrict the processing of your personal data if you request to obtain the restriction of the processing of such data, the processing of which is unlawful, and you opposes the erasure of such data. We restrict the processing of your personal data if we do not need such data for the purposes of the processing, but you require your data for the establishment, exercise or defence of legal claims. We restrict the processing of your personal data if you object to the processing of your personal data that are necessary for the purposes of the legitimate interests that we pursue, and you wait to verify that the processing of your personal data has a legitimate ground that does not override your objection |
| Right to data portability | Where the processing of your data is either based on your consent, or is necessary for the performance of a contract, you may request the provision of your personal data that you have provided to us in a standard format, and you may also request that such data be transferred to another entity. |
| Right to object | Importantly, when we process your data on the basis of our legitimate interests you may object to such processing and request that any of those activities be stopped. In such cases we shall no longer process your personal data, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. |
| Right to withdraw your consent | You may withdraw your consent at any time (under the following contact details) where we rely on your consent for processing your data. Remember that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Email: gdpr@hellenergy.hu Per post: 1062 Budapest, Andrássy út 126.By clicking on the unsubscribe link place in the footer of each newsletter |
| Right to lodge a complaint | Without prejudice to any other administrative or judicial remedy that you may have (such as the right to claim compensation for damages suffered as a result of our breach of the GDPR), you have the right to lodge a complaint with the Hungarian Data Protection and Freedom of Information Authority (NAIH) supervisory authority, or another data protection supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The contact details of the NAIH are as follows: address: H-1363 Budapest, Pf. 9. phone: +36 1 391-1400; fax: +36 1 391 1410; e-mail: ugyfelszolgalat@naih.hu website: www.naih.hu In any case, we would highly appreciate the chance to deal with your concerns before you approach the supervisory authority above, so please contact us first if any problems. |
