Bernecker Építőipari- Fővállalkozó
ZRT.

Data Protection Notice

Valid from 27 July 2021 until revoked

I.

Purpose of the information notice

The personal data you provide via the website www.bernecker.hu (hereinafter referred to as the Website) will be used by Bernecker Építőipari- Fővállalkozó Zrt. (hereinafter referred to as the “Data Controller“).

The purpose of this notice is to summarise in a short, plain and clear way what personal data you provide to the Data Controller, for what purposes the Data Controller uses these data and for how long it processes them, and to inform you of the legal remedies and notification possibilities available to you in connection with data processing. 

The present information is addressed to customers and partners requesting to be contacted by the Data Controller and entering into a contractual relationship after the contact has been established, as well as to persons involved in the maintenance and performance of this contractual relationship (hereinafter referred to as the “Data Subject”).

The Data Controller is committed to protecting the personal data of its customers and partners, and attaches the utmost importance to respecting the right to information self-determination of all those who contact it. The Data Controller handles personal data confidentially and in accordance with the applicable national and European Union regulations and takes all security, technical and organisational measures to ensure the security of the data.

The Data Controller has issued this information for the purpose of complying with Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (hereinafter: Infotv.) and Regulation (EU) No 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: GDPR Regulation). 

II.

Contact details of the controller

• name: Bernecker Construction- General Contractor Ltd.
• head office: 1143 Budapest, Stefánia út 109. 1. floor. 3.
• e-mail: bernecker@bernecker.hu
• web address: www.bernecker.hu 

Company registration data: 

• company registration number: 01-09-685547
• court of registration: the Commercial Court of the Metropolitan Court of Budapest
• Tax number: 13626116-2-41
• statistical number: 11964768-4120-113-01.
• European unique identifier: HUOCCSZ.01-09-206120

III.

Scope of the data you provide

In the course of its activities, the Data Controller processes the following personal data:

By submitting a contact form on the website, you consent to the collection and processing of your personal data. Your consent to the processing of your personal data is voluntary. In the event of failure to give or withdrawal of consent, the contractual relationship shall not be established, maintained or performed.

The Data Controller shall inform you prior to the processing of personal data for purposes other than the above and other than the processing of personal data listed above; where the personal data are necessary for the performance of a legal obligation to which the Data Controller is subject or of a contract to which you are a party, the Data Controller shall inform you of this fact, and where the processing is based on your consent, the Data Controller shall obtain your consent in advance.

You have the right to withdraw your consent to the processing of your data at any time by sending a written statement by registered mail to the Data Controller’s headquarters or by e-mail to bernecker@bernecker.hu. 

If you withdraw your consent to the processing, this fact does not affect the lawfulness of the processing prior to the withdrawal, i.e. the Data Controller may continue processing your previously processed data if other legal conditions for doing so are met. 

IV.

Method of processing, persons accessing the personal data

The data you provide may be known and processed by employees of the Data Controller for the period specified in this Privacy Notice. 

The personal data you provide will be stored electronically by the Data Controller on a firewall-protected server, on which your personal data will be accessible by employees of the Data Controller. 

We will not transfer or disclose your personal data to any natural or legal person other than the persons specified above, with the following exceptions:  

(a) Where you have given your explicit consent to the transfer of your personal data, the transfer of personal data to third parties other than the categories of persons specified in this notice may only take place with your explicit consent, which must be obtained from you by a representative or employee of the Controller. You have the right to refuse to give your consent or to withdraw your consent at any time. 

b) For external processing: representatives of IT companies that maintain and, if necessary, repair our IT systems may have access to your personal data for the sole purpose of repairing and restoring our IT systems and ensuring their proper functioning. 

We use the following data processors in our data management activities:

In order to protect your personal data, the Data Controller uses a number of security measures to protect your data against security threats and in the event of technical disruptions in the operation of IT systems (e.g. power failure, system failure, etc.). 

In order to meet security requirements, your personal data will only be accessed by individual employees of the Data Controller, in order to ensure the secure operation of the system. The persons with such access are bound by strict confidentiality rules, the breach of which may result in severe sanctions. 

V.

Your rights regarding the processing of your personal data 

You have the right to request information about the processing of your personal data or facts relating thereto processed by the Data Controller at any time before or after the processing, in addition to the information provided in this notice.

You may at any time access the personal data you have provided to the Data Controller and request information from the Data Controller that:

1. whether there are ongoing proceedings concerning the processing of your data;
2. the purpose of the processing;
3. the categories of personal data concerned;
4. the recipients or categories of recipients to whom or which the personal data have been or will be disclosed, including in particular recipients in third countries or international organisations;
5. may request the controller to rectify, erase or restrict the processing of personal data concerning him or her and may object to the processing of such personal data;
6. lodge a complaint with a supervisory authority about the unlawfulness of the processing;
7. where the data have not been collected directly from you, any available information about their source and the duration of the processing;

and on any issues relating to data processing covered by this notice. 

In the context of the information, the Data Controller will provide you with a copy of the personal data that are the subject of the processing. Should you require additional copies beyond the information provided, please be informed that the Data Controller may charge a reasonable fee based on the administrative costs for the additional copies. If you have submitted your request electronically, the information must be provided to you in a commonly used electronic format, unless you request otherwise.

You also have the right to request the rectification of the data you have provided if it has been incorrectly recorded for any reason. The Data Controller shall correct inaccurate personal data promptly upon request. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of a supplementary declaration.

You may at any time request the Data Controller to no longer process your personal data, i.e. you may request the erasure of your personal data if one of the following grounds applies:

1. the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
2. You withdraw your consent on which the processing is based and there is no other legal basis for the processing;
3. you object to processing and there is no overriding legitimate ground for processing or you object to processing for direct marketing purposes;
4. the personal data have been unlawfully processed;
5. the personal data must be erased in order to comply with a legal obligation under Union or Member State law applicable to the Data Controller.

The Data Controller is not obliged to delete your personal data if the processing is necessary for the following reasons:

1. to exercise the right to freedom of expression and information;
2. for the purposes of complying with an obligation under Union or Member State law that requires the controller to process personal data;
3. for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes, where the exercise of the right of erasure would be likely to render impossible or seriously jeopardise such processing; or
4. to bring, enforce or defend legal claims.

Where the Controller has disclosed the personal data and is required to delete it under this Chapter, it will take reasonable steps, including the necessary technical measures, taking into account the available technology and the cost of implementation, to inform the controllers that have processed the data that you have requested the deletion of the links to or copies of the personal data in question.

The Data Controller takes a number of technical measures to ensure the secure handling of data, which provide protection against malicious deletion of data, and therefore a copy of your personal data may be deleted from the backups. 

You may request restriction of processing if. 

1. contests the accuracy of the personal data; in this case, the restriction applies for the period of time that allows the Controller to verify the accuracy of the personal data;
2. the processing is unlawful and you object to the deletion of the data – instead, you request the restriction of their use;
3. the Controller no longer needs the personal data for the purposes of processing, but you require them for the establishment, exercise or defence of legal claims; or
4. You have objected to the processing; in this case, the restriction applies for the period until it is established whether the legitimate grounds of the Controller prevail over your legitimate grounds.

If processing is restricted on the basis of the above, the Controller may process such personal data, except for storage, only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the Union or of a Member State.

If the reason for the restriction of processing ceases to exist, the Data Controller shall inform you in advance of the lifting of the restriction.

The Data Controller shall also inform any recipient of the personal data of the rectification, erasure or restriction of processing to whom or with which the personal data have been disclosed, unless this proves impossible or involves a disproportionate effort. The Data Controller will inform you of these recipients upon your request.

Within the framework of the right to data portability, you may at any time request the Data Controller to send you your personal data processed by the Data Controller electronically or in writing in a legible format. 

You have the right not to be subject to a decision based solely on automated processing, including profiling, which would have legal effects concerning you or similarly significantly affect you. The Data Controller does not use automated decision-making or profiling.

In addition to the above rights, you may object at any time to the processing of your personal data for one or more of the purposes for which it is processed. As a result of the objection, the Data Controller is obliged to cease processing your personal data for these processing purpose(s), unless you can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. 

You may send any statement concerning the exercise of your rights under this Chapter to the contact details of the Data Controller indicated in this notice. The Data Controller will examine your request to exercise the rights to which you are entitled as soon as possible after its submission, but not later than within the time limit laid down in the Information Act, and will notify you in writing of its decision.

VI.

Legal Remedies 

In order to enforce your rights in relation to a breach of the data processing rules, you have the right to contact the National Authority for Data Protection and Freedom of Information (headquarters: 1055 Budapest, Falk Miksa utca 9-11., mailing address: 1363 Budapest, Pf., telephone: +36 (1) 391-1400, +36 (30) 683-5969, +36 (30) 549-6838, fax: +36 (1) 391-1410, e-mail: ugyfelszolgalat@naih.hu, url: http://naih.hu) (hereinafter referred to as the Authority), in order to have the lawfulness of the Controller’s action examined if it restricts your rights under point VI or rejects your request to enforce them. 

You may request the Authority to initiate proceedings before a data protection authority if you consider that the Data Controller or a processor appointed or instructed by the Data Controller is processing your personal data unlawfully or in breach of the requirements laid down in binding legal acts of the European Union.

In addition to the aforementioned means of redress, you have the right to take legal action against the Data Controller (or in certain cases the data processor) if you consider that the Data Controller or a data processor acting on its behalf or at its instructions is processing your personal data in breach of the provisions on the processing of personal data laid down by law or by a legally binding act of the European Union. The action may be brought, at your choice, before the competent court in the place of residence or domicile.

If the Data Controller or a processor acting on its behalf or at its instructions infringes the provisions on the processing of personal data laid down by law or by a binding legal act of the European Union and causes damage to another person, it shall compensate the latter.

If the Data Controller or a processor acting on its behalf or at its instructions infringes the provisions on the processing of personal data laid down by law or by a legally binding act of the European Union and thereby violates your right to privacy, you are entitled to claim damages.

The Data Controller shall be exempted from liability for the damage caused and from the obligation to pay compensation if it proves that the damage or the harm caused by the infringement of the right to privacy was caused by an unforeseeable cause outside the scope of the processing.

VII.

Information about using this website

When you visit the Website, the Website server automatically stores certain data for system administration, statistical or security purposes. This data includes the user’s Internet service provider, sometimes the user’s IP address, the version number of the user’s browser software, the type of operating system, the pages that the user visits on the Website and the search terms used to access the Website. These data are only indicative of the number of visitors to the Website and the computers used to access the Website and do not constitute personal data. The data will be used anonymously only. If the Data Controller transfers these data to third parties, this will be done in full compliance with the relevant legal provisions. The Data Controller shall store these data for a maximum period of 2 (two) years from the date of the visit. The legal basis for data processing in this case is the provision of Article 13/A (3) of Act CVIII of 2001 on certain aspects of electronic commerce services and information society services.

The Data Controller uses Google Analytics, which compiles and presents detailed statistics about visitors to the Website and shows, among other things, where visitors clicked through to the Website, how long they spend on the Website, which pages are the most visited and where they are located geographically. This web analytics software is not intended to identify the user or to identify the user personally.

The content of the Website (notes, studies, other writings, graphics, images, etc.) are copyrighted works of the indicated authors under Act LXXVI of 1999 on Copyright, and only the Data Controller or the indicated authors have any right of use or exploitation.

This Policy does not apply to any Internet pages under a different domain that are accessible via a link from the Website. The Data Controller is not responsible for the content of these websites or for the data processing or other activities carried out by the operators of these websites.

VIII.

Analytical data, use of cookies

In order to serve personalized content, the Data Controller places a small data package (so-called “cookie”) on the User’s computer. The purpose of the cookie is to ensure the highest possible quality of the operation of the site in order to enhance the user experience. The User can delete the cookie from his/her computer or set his/her browser to disable the use of cookies.

The “Help” feature in the menu bar of most browsers provides information on how to disable cookies in your browser, how to accept new cookies, or how to instruct your browser to set a new cookie and turn off other cookies.

By disabling the use of cookies, the User acknowledges that without cookies the functionality of the site is incomplete.

The cookies available on websites generally fall into four categories. One category includes cookies that are essential for the functioning of the website, another category includes all other cookies that are either functional or have a specific purpose, the next category includes statistical cookies, and the fourth category includes cookies for marketing purposes. Detailed information on cookies can be found on the website.

We use cookies on the Website to ensure that visitors can access the Website (including the services and features available there), to simplify browsing and to enhance the user experience by recording individual user preferences and visit history. In addition, cookies help us to serve our visitors properly, to facilitate the security of their visit and to improve our services by providing us and, in the case of third party cookies, to them, with data, statistics and other useful information about their use of the Website. Reading back cookies previously downloaded and saved from the Website allows us to link a visitor’s particular browsing session to data from a previous browsing session. In turn, the linking of browsing history and the analysis of browsing patterns helps us to provide a unique user experience while preserving the visitor’s anonymity.

Legal basis for processing

The legal basis for the processing of the cookies listed in point (a) is the legal provisions of Article 5(3) of Directive 2002/58/EC. In the case of cookies listed under (b), the legal basis for processing is the consent of the User. 

Duration of processing 

See the table above for specific details. Some of the cookies we use, which usually prevent data loss in a given session, have a temporary lifetime and are deleted when the session is closed, i.e. when the browser is closed. However, we also use persistent cookies which remain on the visitor’s computer for a longer period of time. The long-life cookies we use are basically to support repeated visits to the Website/Application and are not automatically deleted when the browser is closed. Cookies of a persistent nature are stored for a limited period of time and are usually deleted or can be deleted after 7 days or by the User’s browser settings. 

IX.

Miscellaneous provisions

This Privacy Notice is applicable from 27 July 2021 and is valid until revoked. The Data Controller reserves the right to unilaterally amend the content of this Privacy Notice, in particular with regard to possible changes in legislation, but the Data Controller shall not derogate from the provisions of the legislation to your detriment; the amendments shall enter into force upon publication on the Data Controller’s Website.

The invalidity or inapplicability of any of the provisions of these regulations shall not affect the validity and applicability of the other provisions.

If the Data Controller fails to exercise any of the rights granted to it under this Statement, the failure to exercise such right shall not be deemed a waiver of that right. A waiver of any right shall be valid only if expressly stated in writing. The failure by the Controller to insist on a material term or provision of this Policy on a particular occasion shall not constitute a waiver of the right to insist on strict observance and enforcement of that term or provision in the future.

Budapest, 27 July 2021