Privacy Notice

Dear Business Partners,

Please be informed that Power Kft. (hereinafter referred to as the “Company”), as the Data Controller, processes personal data in compliance with the applicable legislation, in particular Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter referred to as the “Information Act") and Regulation (EU) No 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (hereinafter referred to as the “GDPR”).

Our Company processes the personal data confidentially and takes all technical and organisational measures related to data storage and processing, and other technical and organisational measures to ensure the security of the data.

Our Company fulfils its obligation to provide information under the GDPR by means of this Privacy Notice. If you have any questions about this Privacy Notice, please contact us at adatkezeles@powerbizt.hu and a member of our staff will answer your question.

Data Controller

Some of our services are provided by third parties, who may also have access to your data. The relevant data processor will be indicated for each data processing operation.

Our aim is to ensure that our data processing activities are carried out in accordance with the applicable regulations, and that all our customers can trust us with their data. In this respect, your data will be processed in accordance with the requirements of the Hungarian Data Protection Authority (NAIH), in line with the principles of personal data processing, as follows:

• fairly and in a manner transparent to the Data Subject;
• using only personal data collected for clearly identified and legitimate purposes;
• only processing personal data that is adequate, relevant and necessary for the purposes for which it is processed (in accordance with the principle of data minimisation);
• processing the data accurately and up to date (in line with the principle of accuracy);
• in accordance with the principle of limited retention period;
• by implementing technical and organisational measures to ensure adequate security of personal data against unauthorised or unlawful data processing, accidental loss, destruction or damage (based on the principles of integrity and confidentiality);
• in compliance with built-in data protection principles, and the principle of accountability.

The Company carries out a number of data processing activities in relation to its partners and customers, most of which are related to the fulfilment of its contractual and legal obligations, and the conduct of its business activities. The Company processes the personal data of its customers primarily for the purposes of providing the sales transactions and services used by the Data Subject.

In order to ensure the accuracy and protection of the data processed by our Company, we ask you to take all reasonable steps to ensure that your data is kept up to date in our databases. Please notify us of any changes to the data you have provided, preferably within 3 days.

Please note that if you provide personal data to our Company which is not your own data, it is your responsibility to obtain the consent of the Data Subject. Our Company shall not be liable for any damage or loss resulting from the processing of data provided by you or on your behalf inaccurately.

By providing an e-mail address, the Customer accepts responsibility for ensuring that he/she is the only person using the given e-mail address.

Data processing activities

Our Company carries out the following data processing activities as part our relations with our Customers and Business Partners.

Information on any data processing activities not listed in this Privacy Notice will be separately provided at the time of the data collection.

Security cameras

The Company operates an electronic surveillance and recording system (camera system) at its registered office (1031 Budapest, Kazal utca 64-66.) and at its site (1097 Budapest, Külső Mester u. 24.), which records the images and other personal data of the persons (Data Subjects) entering and/or staying in the area monitored by the camera system. (The camera system does not record audio.)

Pictograms and information signs at the entrances to the building, shop and office area warn visitors that our premises are monitored by security cameras. Detailed information on the rules for the video recording can be accessed by scanning the QR code on the sticker. Our Company keeps the camera footage to protect our legitimate interests, to protect the property of the Company and others, and to use it as evidence or to investigate incidents where necessary.

Messages sent to our mailing or e-mail address

Our Partners and Customers can request more information about our products and services by e-mail, phone or by filling in the information request form available on our website. It is necessary that you provide your contact details for us to reply.

The Company will use the mailing and e-mail addresses processed by our Company only for sending the information required, and only for contacting the Data Subject/enquirer, and will not disclose them to third parties.

The system for managing electronic enquiries (e-mail) is operated on a secure server, which is not accessible to anyone other than the Company's relevant employees and the company operating the server.

Contact by phone:

Interested parties who call our call centre will be informed that their call will be recorded before the operator answers. The Company records the phone conversations, to ensure the quality and adequacy of the contact and the provision of other services. If the customer does not want the conversation to be recorded, they can either visit one of our shops in person or indicate this request to us in writing.

Registration

Registration is only possible for companies and sole proprietors, by filling in the Customer Registration Form. The registration request will be evaluated separately by the Company, and if the assessment is positive, the Partner will be entitled to make purchases from the webshop through the user account created.

Creating the user account, purchase, delivery, payment, invoicing

After the registration is approved, our Company will enter into a written contract with the Partner, on the basis of which the Partner is entitled to make purchases through the website.

The Partner can modify the personal data provided by it at any time, by logging into its user account.

The Company stores the customer data primarily in electronic form in its administrative systems, but paper documents containing personal data are also kept in parallel with the electronic system.

In order to deliver the products, the customers' data will be shared with the contracted courier services and logistics partners. The courier services must use the data only for the purposes of the delivery, and must ensure compliance with the data protection requirements.

The Company's IT system stores the passwords in encrypted form, so the Company cannot access them.

When making the payment at the Company's stores, it is possible to pay by card, in which case the data of the card payment transaction will be processed by OTP Bank Nyrt. (1051 Budapest, Nádor u. 16.).

Contractual and Partner contact details

The Company processes the data of the natural persons contracted with it as customers and suppliers for the purposes of concluding the relevant contract, performing the contract and keeping contact.

Placing the orders

Customers may order products distributed by the Company but not in stock.

Customer complaints register

The Company provides the customers with a certified Customer Complaints Register, in accordance with the legal requirements.

Service and warranty administration

If a Partner returns a product to the Company with a service claim, the Company will document this by filling in a worksheet or Return goods / Fault report form.

Online and face-to-face technical consultation

Our Company provides its Partners with technical consultation services, available online or in person, on a pre-arranged topic and at a pre-arranged time. You can request an appointment by filling in the form on the www.powerbizt.hu website.

Newsletter

The Company sends direct marketing messages in electronic newsletters to those who have expressly consented to receive them.

Withdrawal of consent

You have the right at any time, free of charge and without restriction, to give or withdraw your consent collectively for the above data processing purposes, i.e. direct marketing, sending newsletters and market research, without giving reasons. The Data Subject may exercise this right by sending an e-mail to the following e-mail address: adatkezeles@powerbizt.hu or, in the case of eDM, by clicking on the "unsubscribe" button at the bottom of the message (with immediate effect).

Events organised by the Company

Taking pictures and videos

The staff of Power Kft. may take photographs, film and audio recordings at the events, which may include the participants' likeness and voice. In the case of events organised jointly with a Partner, the Partners' employees and other third parties may also make recordings, in which case the Partners are considered as independent data controllers and their data processing activities are not covered by this Privacy Notice. The resulting footage will be published by Power Kft. on its website and on its social media platform.

We inform our Customers and Partners that the courts, prosecutors, the investigating authorities, the infringement authority, any administrative authority, the NAIH, or other bodies authorised by law may contact the Service Provider in order to provide information, communicate or transfer data, or make documents available.

The Company will disclose to the authorities, if the authorities have indicated the precise purpose and scope of the data, only such personal data as is strictly necessary for the purpose of the request, and to the extent that such disclosure is necessary for the fulfilment of the purpose of the request.

Your rights and the available remedies

Right to information, inspection and access:

The Data Subject must be informed before the data are recorded whether the provision of the data is voluntary or obligatory. In the case of mandatory data provision, the law imposing the data processing must also be indicated.

If the Data Subject so requests, he/she will be provided with the personal data processed by the Company, i.e. the Data Controller. The Company shall provide information on the processing of the personal data in its possession in a concise, clear and plain language. The Company shall provide the information in writing in an intelligible form, within 30 days of the request.

The Privacy Notice contains the name and contact details of the Data Controller, the purposes of the data processing and the legal basis for the data processing and, where applicable, the recipients or categories of recipients of the personal data.

The Company will also provide the Data Subject with the following additional information at the time of obtaining the personal data:

• the retention period for the personal data;
• the Data Subject's right to request access to, rectification, erasure or restriction of the processing of the personal data concerning him/her, and to object to the processing of such personal data, as well as the Data Subject's right to data portability;
• in the case of data processing based on consent, the right to withdraw the consent at any time, without prejudice to the lawfulness of the data processing carried out on the basis of consent prior to its withdrawal;
• the right to lodge a complaint with the supervisory authority;
• whether the provision of the personal data is based on a legal or contractual obligation, or is a precondition for the conclusion of a contract, whether the Data Subject is obliged to provide the personal data, and the possible consequences of not providing the data.

If the Company intends to further process personal data for a purpose other than that for which they were collected, it must inform the Data Subject of this other purpose, and of any relevant additional information mentioned above before the further data processing.

Right to restriction of the data processing:

The Data Subject shall have the right to obtain from the Company, at his/her request, the restriction of the data processing, if one of the following conditions is met:

• if the Data Subject contests the accuracy of the personal data, in which case the restriction applies for the period of time necessary to allow the Data Controller to verify the accuracy of the personal data;
• if the data processing is unlawful, and the Data Subject opposes the erasure of the data, and requests instead the restriction of their use;
• if the Data Controller no longer needs the personal data for the purposes of the data processing, but the Data Subject requires them for the establishment, exercise or defence of legal claims;
• if the Data Subject has objected to the data processing; in this case, the restriction applies for the period until it is established whether the legitimate grounds of the Data Controller override those of the Data Subject.

If the data processing is restricted, the related personal data may be processed, except for storage, only with the consent of the Data Subject, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or of an important public interest of the EU or of a Member State. The Company shall inform the Data Subject (at whose request the restriction of the data processing has been imposed) in advance of the lifting of the restriction.

Right to rectification:

The Data Subject shall have the right to obtain from the Data Controller, without undue delay, the rectification of inaccurate personal data relating to him/her, and that incomplete personal data is supplemented.

Right to erasure (“right to be forgotten”):

The Data Subject shall have the right to have personal data relating to him/her erased, without undue delay, and the Company shall be obliged to erase the personal data relating to the Data Subject without undue delay, if one of the following grounds applies:

• the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
• the Data Subject objects to the data processing and there are no overriding legitimate grounds for the data processing;
• the personal data have been unlawfully processed;
• the personal data must be erased in order to comply with a legal obligation under EU or Member State law to which the Data Controller is subject;

Right to data portability:

The Data Subject shall have the right to receive personal data relating to him/her which he/she has provided to the Data Controller in a structured, commonly used, machine-readable format, and the right to transmit such data to another data controller without hindrance from the Data Controller to which he/she has provided the personal data.

Right to object:

The Data Subject shall have the right to object at any time, on grounds relating to his/her particular situation, to the processing of his/her personal data, where the legal basis for the data processing is based on the legitimate interests of the Data Controller. In such a case, the Company may no longer process the personal data, unless it can demonstrate compelling legitimate grounds for the data processing, which override the interests, rights and freedoms of the Data Subject, or for the establishment, exercise or defence of legal claims.

The Company’s Managing Director shall examine the objection within the shortest possible period of time from the date of the request, but not later than 15 days, and inform the Data Subject in writing of the outcome of the objection, with the simultaneous suspension of the data processing. If the objection is found justified, the Data Controller must cease the data processing, including the further collection and transfer of the data, and block the data, and notify the objection or the action taken on the basis of the objection to all those to whom the personal data concerned by the objection were previously disclosed, and who are obliged to take measures to enforce the right to object. If the Data Subject does not agree with the decision, he/she may, within 30 days of its notification, challenge it in court in accordance with the Data Protection Act.

Legal remedies:

Right to complain to the Authority

Without prejudice to any other administrative or judicial remedy, every Data Subject has the right to apply to the data protection authority, i.e. the National Authority for Data Protection and Freedom of Information (hereinafter referred to as the “Authority”), for a data protection authority procedure, if the Data Subject considers that the processing of personal data concerning him/her infringes EU or national law. The Authority to which the request has been submitted is obliged to inform the customer of the procedural developments concerning the complaint and its outcome, including the customer's right to seek judicial redress.

If the Data Subject believes that the Company or a data processor on its behalf has committed or threatened to commit a breach of the law by its actions or omissions, he/she may initiate an investigation with the National Authority for Data Protection and Freedom of Information to investigate the matter. The Authority's investigation is free of charge.

Right to judicial remedy against the Authority:

Without prejudice to any other administrative or non-judicial remedy, any natural or legal person shall have the right to an effective judicial remedy against a legally binding decision of the supervisory authority concerning him/her, or if the Authority does not deal with the complaint, or does not inform the Data Subject within three months of the procedural developments regarding the complaint or the outcome of the complaint.

Right to judicial remedy against the Data Controller or the Data Processor:

The Data Subject may take legal action against the Data Controller or the Data Processor, if he/she considers that the Data Controller or the Data Processor acting on its behalf or under its instructions is processing his/her personal data in breach of the requirements for the processing of personal data laid down by law or by a legally binding EU act.

Right to compensation:

Any person who has suffered pecuniary or non-pecuniary damage as a result of a breach of the GDPR or the domestic data protection law is entitled to compensation from the Data Controller or the Data Processor for the damage suffered.

If the Data Controller or the Data Processor infringes the provisions on the processing of personal data laid down by law or by a legally binding EU act, and thereby violates the privacy rights of another person, the person whose privacy rights have been violated may claim damages from the Data Controller or the Data Processor.

The Data Controller and the Data Processor, as well as joint Data Controllers and Data Processors acting on their behalf or on their instructions:

1. shall be jointly and severally liable to the Data Subject for any damage caused by a breach of the provisions of the law or of a binding EU act relating to the processing of personal data
2. shall be jointly and severally liable to pay the damages for the infringement of personal rights to the Data Subject.

No compensation shall be payable and no damages shall be recoverable if the damage resulted from the intentional or grossly negligent conduct of the victim, or the person suffering damage to his/her personal right.

The Data Subject can lodge a complaint with the National Authority for Data Protection and Freedom of Information (NAIH).

NAIH contact details: