Data Management Statement
The purpose of www.ilst.eu website operated by ILST-Hungary Ltd. (hereinafter: controller), is marketing. (HQ: 6100 Kiskunfélegyháza, Arany János u. 27.)
In connection with personal data processing, both controller and processor inform the website users about personal data processed, policy and practices in regards of personal data, organisational and technical measures taken for the protection of personal data on the website, as well as Data subject rights practices modes and opportunities.
The controller processed recorded personal data confidentially, according to this statement and in accordance to data protection legislations, and national regulations. The controller is committed to the protection of personal data of partners and users, with utmost importance on respecting rights of users to self-determination of information. The controller handles personal data confidentially, and provides every security, technical and organisational measures to guarantee security of personal data.
Data processing policies of the controller are in line with current data protection legislations, in particular with:
2011. CXII. Act on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: Privacy Act);
2001. CVIII. Act on certain issues of electronic commerce services and information society
services (Act on E-Commerce).
Personal data: Data related to any specific (identified, or identifiable) natural person (affiliated), deduction from data, and conclusion on the data subject. Personal data retains this quality during data processing until the connection to the data subject is restorable. The person is considered identifiable especially if they can be identified directly or indirectly by name, identifying mark, or one or more factors regarding physical, physiological, mental, economic, cultural or social identity;
Consent: A voluntary and definite declaration of permission by data subject, based on appropriate information, to give unambiguous consent to the processing of personal data in connection with them, partially or entirely;
Objection: Statement by the data subject, disapproving the use of their personal data, and request of termination of collected data and seizure further data processing.
Controller: A natural or legal person, public authority, agency or other body, that determines the processing of data, makes and implements data processing (including used device) decisions or executes via an entrusted data-processor.
Processing: Any action(s) on data regardless of the procedure, tools, methods and locations, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Actions such as taking photos, recording audio and video as well as physical characteristics suitable for identification (finger and palmprint, DNA sample, iris image) are considered processing.
Data-transmission: The act of making data accessible to a specified third party.
Disclosure: The act of making the data accessible to everyone.
Pseudonymisation: The act of making the data unidentifiable to the point, where restoration of the data is impossible.
Restriction of processing: Permanent or temporary limitation of data transfer, disclosure, adaptation, modification, alteration, erasure, linking or synchronization and processing.
Data-erasure: The total destruction of data and data contained in physical mediums.
Processor: A natural or legal person, public authority, agency or other body, that performs personal data processing tasks commissioned by the controller.
Third Party: A natural or legal person, public authority, agency or other body, that are not identical to the data subject, controller or processor.
Third country: Every country that are not members of the European Economic Area.
3. Scope of personal data, responsibility, aim and duration of processing
Processing of data acquired from requisitioned services in connection with the information society, such as natural identity data, user address, time, duration and location of requisition, is done by the controller according to CVIII. of 2001 (Act on Certain Aspects of Electronic Commerce and Information Society Services). Other personal data processing is based on voluntary consent of the user via registration.
3.1. User data
For the duration of the website usage, the controller acquires information of the user IP, time and duration of the visit, visited pages and the kind of browser and operating system used on the computer – for technical purposes and visitor trend statistics production. The system automatically processes and profiles these data, but does not connect it to other data acquired during user registration. These data are stored on the server(s) for 24 hours and are only accessible to the controller. In order to ensure service tailored to the user, the controller sends small files to the user computer, called cookies. Cookies are capable of recording trends of its users. Users can delete cookies from their computer, and set up their browser to block the usage of cookies. Data profiled and processed by the controller and information acquired about user trends by cookies, serves statistic purposes only. The HTML code of ILST.eu contains links pointing to and from standalone external servers. Such standalone server assists in auditing website traffic and other analytics: Google Analytics. Advertisements on the website are controlled by external servers (Google Adwords). Data used by external servers can be inquired from their controllers from the following addresses: www.google.com/analytics, www.google.com/adwords.
If there are any questions, problems during the visit of our website, please refer to the contact list in point 5. in order to get in contact with the controller. The controller deletes the incoming mail, including the sender name, e-mail address, as well as any other personal data voluntarily provided, at the maximum of 90 days after the case has been processed.
3.3 Content and information transfer
We inform our users that the controller - as part of the 2001 CVIII Act on certain aspects of e-commerce services and information society services - is not responsible for the data provided by users and only stored by the controller, particularly applying to the disclosure of documents containing personal data (portrait picture, voice) or other related data processing operations for which, prior data subject consent is required. Acquiring of consent is the responsibility of users, as content providers, who are responsible for the provided data. In light of the statements provided, the controller excludes all liability regarding the legality of content provided by the users (e.g. Photos), or their correspondent to authenticity (e.g. classified advertisement). It is essential to know that personal data and connectivity information are valuable information that some may want to abuse. If a user profile is deleted by the user or terminated, all shared and provided information will also be terminated.
3.4 Other data processing
We inform users that according to Section 71 of XIX, 1998 Act on Criminal Procedure, the court, prosecutor and investigating authority may contact the controller for the orientation, disclosure, transmission or provision of information. The controller, if the authority has specified the exact purpose and scope of the data, will only disclose personal data to the authorities to the extent strictly necessary to achieve the purpose of the request.
4. Methods and Security of personal data processing.
Data processing by the controller in connection with the website is done primarily at their headquarters. Company servers are located at the headquarters and at Tárhely.eu Service Provider Ltd. (Budapest, District XIII, Visegrádi str. 80/A). Personal data controller stores data on 24-hour-secured, dedicated servers. For data processing during service, the controller chooses and utilizes tools so, that the processed data:
is accessible to authorized personnel (availability);
guaranteed authenticity and authentication (authenticity of data processing);
uniformity is verified (data integrity);
Is secured from unauthorized access (data security);
The controller guarantees technical and organizational measures to protect the security of data processing, providing appropriate level of protection to the risks associated with data processing. During data processing, the controller preserves:
privacy: protects information, providing only access to authorized people only;
data integrity: protects the accuracy and completeness of information and processing;
availability: ensures access to authorized user on demand, for the information they need and tools to access it.
5. Information and contacts of controller
Host: ILST-Hungary Ltd.
Tax number: 14050448-2-03
Company registration number: 03-09-115064
Headquarters: 6100 Kiskunfélegyháza, Arany János u. 27.
Complaint support: +36-70-453-6268
Customer support: +36-70-453-6268
6. Rights and remedies of users
The data subject may request information about the processing of their personal data and may request the correction of their personal data, or, with the exception of data processing specified by law, the erasure of the personal data according to the methods presented during registration or through the customer support at firstname.lastname@example.org.
Upon request from the data subject, the controller discloses information regarding processed data, such as purpose, duration and legal basis of processing, name, address (headquarters) of the processor and other activities related to data processing, furthermore, about who and for what purpose receives or have received data by the controller or the authorized processor of the controller. After receiving the request, the controller provides a comprehensive coverage as soon as possible, but within a maximum of 30 days. This request is free, if the data subject have yet to request coverage claim of the same scope from the controller in the current year. In other cases, the controller charges a fee.
The controller deletes data if: data is illicit, is requested by the data subject, the purpose of data processing ceased, the statutory deadline for data storage has expired or was ordered by the court or the National Authority for Data Protection and Freedom of Information. The subject user is entitled to request the correction of incorrectly recorded data at any time. The controller informs the data subject as well as any party to whom the data have previously been transmitted for data processing purposes, about the correction or erasure of data. Notification may be omitted, if, regarding the purpose of data processing, does not violate the legitimate interest of data subject.
User may object the processing of personal data if:
Processing of personal data (transfer) is solely used for enforcement of right or legitimate interest of processor or data recipient, unless is ordered by law.
data is transferred or used for direct marketing, surveying or scientific research purposes.
The practice of the right of objection is otherwise permitted by law.
At the time of data processing limitation, the objection is investigated and a written response about the success of objection is sent out to the requestor by the controller as soon as possible, within a maximum of 15 days. Upon well-founded objections, the controller ceases data processing, including further data collecting and transferring, restricts data access, furthermore, informs all parties to whom the protested data was previously transferred to, or are obliged to take action to validate the right to object, about the objection and actions taken based on objection.
If data subject disagrees with the decision of the controller, they may appeal to court within 30 days of the disclosure of the decision.
Personal data may not be erased by the controller if the data processing was ordered by law. Data may not be transferred in to the recipient, if the controller complies with the objection or the objection was found legitimate by court.
Damage caused to the data subject by unlawful handling of data or violation of technical data protection requirements, is compensated by the controller. The controller is exempted from liability if the damage is caused by an unavoidable cause beyond the scope of data processing.
Damage from deliberate cause or negligent behaviour may not be compensated.
Rights may be enforced before court or at National Data Protection and Freedom of Information Authority as per to CXII of 2011 Act on Information Self-Determination and Freedom of Information, and Act and the Civil Code (Act IV of 1959).
An accelerated procedure may be implemented by court. National Data Protection and Freedom of Information Authority may be contacted at:
Name: National Data Protection and Freedom of Information Authority
Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Mailing address: 1534 Budapest, Pf.: 83.
Telephone: +36 (1) 391-1400
Fax: +36 (1) 391-1410