• 0
    Your cart
    Your cart is empty.

Privacy policy

1. Annex to the Data Management Regulation

 

STATEMENT ON DATA MANAGEMENT RELATED TO THE RIGHTS OF INDIVIDUALS REGARDING THE MANAGEMENT OF THEIR PERSONAL DATA

CONTENTS

INTRODUCTION

CHAPTER I – NAME OF THE DATA CONTROLLER

CHAPTER II – NAMES OF DATA PROCESSORS

  1. IT provider of our Company
  2. Ticketing system developer of our Company

 

CHAPTER III – ENSURING DATA MANAGEMENT COMPLIANCE WITH LAWS

  1. Data management based on the consent of the data subject
  2. Data management based on legal obligations
  3. Promotion of the rights of the data subject

 

CHAPTER IV – DATA MANAGEMENT FOR VISITORS ON THE COMPANY WEBSITE – COOKIE USAGE STATEMENT

CHAPTER V – STATEMENT ON THE RIGHTS OF DATA SUBJECTS

 

INTRODUCTION

Pursuant to REGULATION 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (EU) (hereinafter: the Regulation), which concerns the protection and free flow of personal data of natural persons as well as the repeal of Directive 95/46/EC, the Data Controller must take appropriate actions to ensure that individuals whose personal data is collected are provided with all necessary information regarding the management of their personal data in a concise, clear, transparent, comprehensible, and accessible manner, and to provide the conditions for fulfilling the rights of the data subjects.

The obligation to inform individuals in advance about their right to informational self-determination and freedom of information is also prescribed by Act CXII of 2011.

The following text fulfills the obligations imposed by the aforementioned laws and regulations.

The notification must be displayed on the Company's website or sent to the individual whose personal data is being collected upon their request.

 

CHAPTER I

IDENTIFICATION OF THE DATA CONTROLLER

The publisher and data controller of this information:

Company name: Demo
Headquarters: /
Tax number: /
Company registration number: /
Representative: /
Phone number: 065 1234 598

Email: test@test.com

Website: wheels-demo.mysellvio.com/en

(hereinafter referred to as the "Company")

 

CHAPTER II

IDENTIFICATION OF DATA PROCESSORS

A data processor is a natural or legal person, authority, agency, or other entity that processes personal data on behalf of the data controller (Regulation Article 4, Section 8).

The involvement of a data processor does not depend on the prior consent of the data subject; however, the data subject must be informed.

 

1. The Company's IT Service Provider

For the purpose of maintaining and operating the website, the company engages an IT service provider as a data processor, who manages and stores personal data in accordance with the data management policy under the hosting service.

Data processor name and details:
Company name: Példa Kft.
Headquarters: 24000 Subotica, Zombori Road 33a, Serbia
Company registration number: 12345678
Tax number: 987654321
Representative: Teszt Elek
Phone number: +381 60 00 00 000
Fax: none
Email: support@sellvio.com

Website: sellvio.com

 

CHAPTER III

ENSURING LEGAL COMPLIANCE OF DATA PROCESSING

1. Data Processing Based on the Consent of the Data Subject

(1) If the company intends to process data based on consent, the consent of the data subject for the processing of their personal data must be requested using the form specified in the company’s data management policy.

(2) Consent may also be considered given if the user marks the field required for data processing on the website or performs technical settings related to the use of services in the information society. Silence, pre-checked boxes, or inaction do not constitute consent.

(3) Consent applies to all data processing activities serving the same purpose. If data processing is aimed at multiple distinct purposes, separate consent must be obtained for each purpose.

(4) If the data subject provides consent in a written statement that also applies to other purposes (e.g., conclusion of a sales or service agreement), the consent must be clear, simple, comprehensible, and accessible, and it must be clearly distinguishable from other purposes.

(5) The company cannot make the conclusion or performance of a contract conditional upon consent to unnecessary data processing.

(6) The withdrawal of consent must be as simple as its provision.

(7) Data collected based on consent may be used by the company in compliance with regulations and may still be processed after consent is withdrawn if it is in accordance with legal obligations.

(8) The company’s website does not intentionally collect data from minors (persons under 16 years of age). If such data is accidentally stored, it will be deleted immediately upon detection.

2. Data Processing Based on Legal Obligations

(1) In the case of data processing based on legal obligations, the scope, purpose, retention period of the data, and the data users are determined by the applicable laws.

(2) Data processing based on legal obligations does not depend on the data subject's consent. The data subject must be informed about the purpose of data collection, its legal basis, retention period, and their rights.

3. Protection of Data Subject Rights

The company is obliged to ensure that all data subjects can exercise their rights related to the processing of personal data.

 

CHAPTER IV

PROCESSING VISITOR DATA – INFORMATION ABOUT COOKIE USAGE

1. Visitors must be informed about the use of cookies, and consent must be obtained for non-technically necessary cookies.

2. General Information About Cookies

2.1. A cookie is data sent by the website visited to the user’s browser for storage. Cookies can be valid until the browser is closed or indefinitely.

2.2. Cookies identify the user and allow the visitor to be recognized during subsequent visits. Cookies can also track user activity and create profiles.

2.3. Types of cookies:

  • Technical cookies: Ensure basic website functionalities (e.g., adding items to a cart).
  • User-friendly cookies: Remember user preferences.
  • Performance cookies: Track user behavior on the website (e.g., Google Analytics).

2.4. Accepting cookies is not mandatory. Users can set their browsers to reject cookies or notify them when a website sends cookies.

• Google Chrome: Chrome support

• Firefox: Firefox support

• Microsoft Internet Explorer 11: Microsoft support 

• Microsoft Internet Explorer 10: Microsoft support 

• Microsoft Internet Explorer 9: Microsoft support

• Microsoft Internet Explorer 8: Microsoft support

• Microsoft Edge: Microsoft support

• Safari: Apple support

However, it should be noted that certain features or services may not function properly without cookies.

 

3. Information About Cookies Used on the Company's Website and the Data Collected

3.1. Data Collected During Visits

The company’s website may store and manage the following data about the visitor or their device during visits:

  • Visitor’s IP address,
  • Browser type,
  • Characteristics of the device’s operating system (e.g., set language),
  • Time of the visit,
  • Visited (sub)pages, features, or services,
  • Clicks.

These data are stored for a maximum of 90 days and are primarily used to analyze security incidents.

3.2. Cookies Used on the Website

3.2.1. Technically Essential Session Cookies

The purpose of processing these data is to ensure the proper functioning of the website. These cookies allow visitors to use the website and all its features seamlessly, including identifying logged-in users during the visit. These cookies apply only to the duration of the visit and are automatically deleted upon closing the browser.

The legal basis for processing these data is the law on electronic commerce and information society services, which permits data controllers to process personal data necessary for the technical operation of services.

3.2.2. User-Friendly Cookies

These cookies remember the user’s preferences, such as language settings or preferred page layouts. These cookies are stored on the user’s device and make the website easier to use.

The legal basis for processing these data is the user’s consent.

The purpose of processing these data is to improve the user experience and facilitate website usage.

3.2.3. Performance Cookies

These cookies collect information about user behavior on the website, such as the duration of visits and clicks. These cookies are often provided by third-party applications (e.g., Google Analytics, AdWords).

The legal basis for processing these data is the user’s consent.

The purpose of processing these data is to analyze website usage and personalize promotional offers.

 

CHAPTER V

DECLARATION OF RIGHTS REGARDING PERSONAL DATA

  1. Right to transparent information, communication, and methods for exercising rights.
  2. Right to prior information at the time of data collection.
  3. Right to information when data is not collected directly from the data subject.
  4. Right of access to data.
  5. Right to rectification.
  6. Right to erasure ("right to be forgotten").
  7. Right to restriction of data processing.
  8. Obligation to notify about modifications, erasure, or restriction of personal data.
  9. Right to data portability.
  10. Right to object.
  11. Right to avoid automated decision-making, including profiling.
  12. Restrictions.
  13. Notification of personal data breaches.
  14. Right to lodge a complaint with the supervisory authority.
  15. Right to effective remedy against the supervisory authority.
  16. Remedies available against the data controller.

 

II. Rights of Data Subjects - Detailed Overview:

1. Transparent Information, Communication, and Methods for Exercising Data Subject Rights

1.1. The data controller takes all necessary measures to provide data subjects with information related to data processing in a concise, transparent, understandable, and easily accessible manner, using clear and simple language, particularly when addressing children. Information is provided in writing or other suitable formats, including electronic means, where appropriate. Upon the data subject’s request, information may also be provided orally, provided the identity of the data subject is verified through other means.

1.2. The data controller facilitates the exercise of data subject rights.

1.3. Upon the request of the data subject, the data controller provides prompt information about actions taken, no later than one month from the receipt of the request. If necessary, this period may be extended by two additional months, with the data controller notifying the data subject of the extension within the initial month.

1.4. If the data controller refuses to fulfill the data subject’s request, they must inform the data subject of the reasons for the refusal and the options to lodge a complaint with the supervisory authority or seek legal remedy.

1.5. All information, communication, and actions are provided free of charge, except where the regulation allows charging fees in specific cases.

Detailed rules are outlined in Article 12 of the regulation.

 

2. Right to Prior Information at the Time of Data Collection

2.1. When data is collected directly from the data subject, the data controller must provide the following information:

a) The identity and contact details of the data controller and, if applicable, its representative;
b) The contact details of the data protection officer, if relevant;
c) The purposes and legal basis of data processing;
d) The legitimate interests of the controller or a third party (if applicable);
e) The categories of recipients or intended recipients of the data, if any;
f) Information on potential data transfers to third countries or international organizations.

2.2. The data controller must also provide additional information to ensure fair and transparent data processing:

a) The data retention period or criteria used to determine the duration;
b) The rights of the data subject regarding access, rectification, erasure, restriction, objection, and data portability;
c) The right to withdraw consent at any time;
d) The right to lodge a complaint with a supervisory authority;
e) Information on whether the provision of data is mandatory and the consequences of not providing it;
f) Explanation of automated decision-making, including profiling, and its consequences.

2.3. If the data controller intends to process the data for purposes other than those initially stated, the data subject must be informed about the new purpose and related information in advance.

Detailed rules are outlined in Article 13 of the regulation.

 

3. Right to Information When Data is Not Collected Directly from the Data Subject

3.1. When data is obtained from other sources, the data controller must inform the data subject within one month about the collected data, their source, and category, along with other relevant information as described in Section 2.

3.2. Other rules for providing information are identical to those described in Section 2 (Right to Prior Information).

Detailed rules are outlined in Article 14 of the regulation.

 

4. Right of Access to Data

4.1. The data subject has the right to request confirmation from the data controller regarding whether their data is being processed. If so, they are entitled to access their data and the information described in Sections 2 and 3 (Article 15 of the regulation).

4.2. If data is transferred to a third country or international organization, the data subject has the right to be informed of the appropriate safeguards, as per Article 46.

4.3. The data controller must provide the data subject with a copy of the processed data. Additional copies may incur a reasonable fee based on administrative costs.

Detailed rules on the right of access are outlined in Article 15 of the regulation.

 

5. Right to Rectification

5.1. The data subject has the right to request the rectification of inaccurate data without undue delay.

5.2. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete data, including by submitting a supplementary statement.

These rules are specified in Article 16 of the regulation.

 

6. Right to Erasure ("Right to be Forgotten")

6.1. The data subject has the right to request the deletion of their data, and the controller is obligated to delete the data if one of the following conditions applies:

a) The data is no longer necessary for the original purpose;
b) The data subject withdraws consent, and there is no other legal basis for processing;
c) The data subject objects to the processing, and there are no overriding legitimate grounds;
d) The data has been unlawfully processed;
e) The data must be deleted to comply with a legal obligation;
f) The data was collected from children in connection with information society services.

6.2. Exceptions to the right to erasure apply when processing is necessary:

a) For exercising the right of freedom of expression and information;
b) For compliance with a legal obligation;
c) For reasons of public interest in public health;
d) For archival purposes in the public interest, or for scientific or historical research;
e) For the establishment, exercise, or defense of legal claims.

These rules are specified in Article 17 of the regulation.

 

7. Right to Restriction of Processing

7.1. When processing is restricted, data may only be used with the consent of the data subject or for handling legal claims.

7.2. The data subject may request the restriction of processing if they contest the accuracy of the data, the processing is unlawful, or the data is no longer needed but required for legal claims.

7.3. The controller must inform the data subject before lifting the restriction on processing.

These rules are specified in Article 18 of the regulation.

 

8. Obligation to Notify About Rectification, Erasure, or Restriction of Personal Data

The controller is required to notify all recipients to whom the personal data has been disclosed about any rectification, erasure, or restriction of personal data, unless this proves impossible or involves disproportionate effort. The controller must also inform the data subject about these recipients upon request.

Detailed rules are provided in Article 19 of the regulation.

 

9. Right to Data Portability

9.1. The data subject has the right to receive the personal data concerning them, which they have provided to the controller, in a structured, commonly used, and machine-readable format and has the right to transmit those data to another controller without hindrance from the original controller, provided that:

a) The processing is based on consent or a contract; and
b) The processing is carried out by automated means.

9.2. The data subject also has the right to request the direct transfer of data between controllers if technically feasible.

9.3. Exercising the right to data portability does not affect the right to erasure ("right to be forgotten") and does not apply when processing is necessary for a task carried out in the public interest or the exercise of official authority. This right must not adversely affect the rights and freedoms of others.

Detailed rules are provided in Article 20 of the regulation.

 

10. Right to Object

10.1. The data subject has the right to object, at any time, on grounds relating to their particular situation, to the processing of their personal data based on Article 6(1)(e) or (f) of the regulation, including profiling based on these provisions. The controller shall no longer process the personal data unless they demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.

10.2. Where personal data is processed for direct marketing purposes, the data subject has the right to object at any time to such processing, including profiling related to direct marketing. If the data subject objects, the personal data shall no longer be processed for such purposes.

10.3. The data subject must be explicitly informed of this right at the time of the first communication and it must be presented clearly and separately from other information.

10.4. The data subject has the right to exercise their right to object by automated means using technical specifications.

10.5. Where personal data is processed for scientific, historical, or statistical research purposes, the data subject has the right to object to the processing on grounds relating to their particular situation unless the processing is necessary for the performance of a task carried out for reasons of public interest.

Detailed rules are outlined in Article 21 of the regulation.

 

11. Automated Decision-Making, Including Profiling

11.1. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

11.2. This right does not apply if the decision:

a) Is necessary for entering into, or performance of, a contract between the data subject and the controller;
b) Is authorized by Union or Member State law, which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or
c) Is based on the data subject's explicit consent.

11.3. In cases of automated decision-making, the controller must ensure the data subject has the right to obtain human intervention, express their point of view, and contest the decision.

Detailed rules are outlined in Article 22 of the regulation.

 

12. Restrictions

Under Union or Member State law, the rights of the data subject provided for in Articles 12–22, 34, and 5 of the regulation may be restricted under certain conditions, provided the restriction respects the essence of fundamental rights and freedoms.

The conditions for restrictions are specified in Article 23 of the regulation.

 

13. Notification of Data Breaches

13.1. If a data breach is likely to result in a high risk to the rights and freedoms of data subjects, the controller must notify the data subject without undue delay. The notification must include:

a) The name and contact details of the data protection officer or other contact person;
b) A description of the likely consequences of the breach;
c) Measures taken or proposed by the controller to address the breach and mitigate its adverse effects.

13.2. Notification is not required if:

a) The data was protected by appropriate technical measures, such as encryption;
b) The controller has taken measures to ensure that the high risk is no longer likely to materialize;
c) Notification would require disproportionate effort—in such cases, a public communication should be issued instead.

Detailed rules are outlined in Article 34 of the regulation.

 

14. Right to Lodge a Complaint with a Supervisory Authority

The data subject has the right to lodge a complaint with a supervisory authority in the Member State of their habitual residence, place of work, or where the alleged infringement occurred if they believe that the processing of their personal data violates the regulation.

Detailed rules are outlined in Article 77 of the regulation.

 

15. Right to Effective Remedy Against a Supervisory Authority

15.1. The data subject has the right to an effective judicial remedy against a legally binding decision of a supervisory authority concerning them.

15.2. The data subject also has the right to remedy if the supervisory authority does not handle their complaint within three months of its submission.

15.3. Such proceedings shall be brought before the courts of the Member State where the supervisory authority is established.

Detailed rules are outlined in Article 78 of the regulation.

 

16. Right to Effective Remedy Against a Data Controller

16.1. The data subject has the right to an effective judicial remedy if they consider that their rights under the regulation have been infringed due to the processing of their personal data.

16.2. Such proceedings shall be brought before the courts of the Member State where the data controller is established or where the data subject resides.

Detailed rules are outlined in Article 79 of the regulation.

Cookie settings

We use cookies to personalise content and ads, to provide social media features and to analyse website traffic. You can read more by clicking on the "Settings" button.
We use cookies to personalise content and ads.

Cookies are small text files that can be used by websites to make a user's experience more efficient.
The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.
This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
Your consent applies to the following domains wheels-demo.mysellvio.com

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.

Statistical cookies allow anonymous data collection to allow website owners to analyze website usage.

The purpose of marketing cookies is to track users through multiple websites. The goal is to be able to display ads to our users that are relevant and of interest to them, making them more valuable to publishers and third-party advertising providers.

  • mysellvio_session
  • XSRF-TOKEN
  • RWSESSID
  • care_did
Cookie declaration last updated on 2020.09.04.