Kedves Látogató!
Tájékoztatjuk, hogy a legrand.hu honlap működésének biztosítása, látogatóinak magasabb szintű kiszolgálása, látogatottsági statisztikák készítése, illetve marketing tevékenységünk támogatása érdekében cookie-kat alkalmazunk. Az Elfogadom gomb megnyomásával Ön hozzájárulását adja a cookie-k, alábbi linken elérhető tájékoztatóban foglaltak szerinti, kezeléséhez. Kérjük, vegye figyelembe, hogy amennyiben nem fogadja el, úgy a weboldal egyes funkciói nem lesznek használhatók.
Bővebben
Elfogadom
Nem fogadom el

Privacy Policy

Privacy Policy

on processing relating to commercial and marketing activity of LEGRAND Zrt.

  1. INTRODUCTION

LEGRAND Magyarország Villamossági Rendszerek Private Limited Company (H-6600 Szentes, Ipartelepi út 14., hereinafter: "Legrand Zrt.”/ "Controller”) as controller expresses its consent to be bound by the content of this policy. It undertakes that all processing related to commercial and marketing activity complies with this policy and the statutory requirements.

Legrand Zrt. reserves the right to change this policy at any time. Naturally, partners and clients shall in due time be informed of potential changes.

Legrand Zrt. is committed to protecting the personal data of clients and partners and considers it particularly important to respect the right of the informational self-determination of clients. Legrand Zrt. processes personal data confidentially and implements every security, technical and organisational measure to ensure the security of data. Legrand Zrt. hereby describes the privacy practices related to commercial and marketing activity as follows:

 

  1. PERSONAL DATA, PURPOSE, LEGAL BASIS AND PERIOD OF PROCESSING

The processing of Legrand Zrt.’s commercial and marketing activity is based on freely given consent, the performance of a contract or legal obligation, or the legitimate interest of Legrand Zrt.

Legrand Zrt.’s data processing principles are in accordance with the legislation in force concerning data protection, and in particular with the following:

· Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: "Regulation” / "GDPR”);

· Act CXII of 2011 on Right of Informational Self-Determination and Freedom of Information (hereinafter: “Privacy Act”)

· Act V of 2013 on the Civil Code (“Civil Code”)

· Act C of 2000 on accounting (“Accounting Act”)

· Act CVIII of 2001 on certain issues of electronic commerce services and information society services (“E-commerce Act”)

· Act C of 2003 on Electronic Communications (“Electronic Communications Act”)

· Act XLVIII of 2008 on certain limitations to business advertising (“Business Advertising Act”)

· Act XLVII of 2008 on the prohibition of unfair commercial practices against consumers

· Act CLV of 1997 on consumer protection (“Consumer protection Act”).

2.1. Processing related to commercial activity

2.1.1. Making Offers

Purpose of data processing: Legrand Zrt. makes offers for those interested for the purpose of concluding agreements related to the sale of products.

Legal basis of data processing: data processing is necessary for the performance of the agreement (Article 6 Section (1)b) of GDPR).

Processed personal data: Data involving self-employed and individuals who request an offer (name, address, bank account number, registration number of self-employed), data of representatives of legal entity requesting an offer (name, position), name, phone number, email address of the contact person, name and phone number of the person making and administering the offer, name of the person approving the offer and name of the project manager.

Period of data processing: the period of validity of the offer if it does not become an order, eight years if it becomes an order [1]

Transfer of data: Salesforce.com, Inc., member of Privacy Shield EU-USA Data Transfer Agreement.

Potential consequences of failure to provide data Legrand Zrt. may not perform an order and conclude an agreement without giving an offer.

Recipients of data: The marketing department of Legrand Zrt. has access to data.

Data processors:

Name

Registered address

Data Processor’s task

Attention CRM Consulting Kft.

1075 Budapest, Madách Imre út 13-14. T. Building 4. Floor

IT developer of Salesforce cloud CRM system

Salesforce.com, Inc

1075 Budapest, Madách Imre út 13-14. T. Building 4. Floor

Operator of Salesforce cloud CRM system

[1] Accounting Act Section 169(2)

2.1.2. Credit analysis and risk assessment

Purpose of data processing: In order to conclude an agreement, Legrand Zrt. calculates the creditworthiness of future partners before entering into contract in order to determine what risk the contract poses, and it also concludes a credit protection agreement.

Legal basis of data processing: Legitimate interest of Legrand Zrt. (Article 6, Section (1) f) of GDPR)

Legitimate interest of the controller: to determine the riskiness of the transaction and manage identified risks.

Processed personal data: officially and compulsorily disclosed data 

Period of data processing: 5 years (if the business relationship still exists after 5 years, data are not deleted, otherwise they will be deleted)

Transfer of data: no

Possible consequences of data reporting failure: Legrand Zrt. cannot determine how risky the transaction is (e.g.: non-performance).

Name

Registered address

Data Processor’s task

Direktinfo Kft.

Bázakerettye, Fő út 72, 8887

Carrying out credit analysis and risk assessment, recovery of claims

Atradius

Budapest, Fehérvári út 50-52, 1117

Providing credit protection insurance

 

2.1.3. Customer database

Legrand Zrt. manages a database of the contact details of customers, suppliers and other partners in order to process and register data of partners.

Purpose of data processing: managing customer relationships and executing orders

Legal basis of data processing: performance of the agreement (Article 6 Section (1)b of GDPR) / Legitimate interest of Legrand Zrt. (Article 6 Section (1)f of GDPR)

Legitimate interest of controller: managing customer relationships

Processed personal data: Name and position of representative of legal entity, data concerning self-employed and natural persons (name, registration number of self-employed, address, tax number, bank account number), data of contact persons (name, email address, phone number, address in certain cases), billing address, optionally, other data, such as date of meeting with customers, regularity of meetings, quality of customer (e.g.: directly contracted partner, architect, designer etc.), description of meetings. In the case of planned cooperation, name and phone number of the designer and the investor (if self-employed or individual), name of the decision-maker, name, address and phone number of the general contractor (if self-employed or individual), name of the decision-maker.

Period of data processing: five years from the conclusion of the agreement (accounting document).

Possible consequences of data reporting failure: Legrand Zrt. cannot determine how regular and successful are relations with customers.

Transfer of data: Salesforce.com, Inc., member of Privacy Shield EU-USA Data Transfer Agreement.

Recipients of data: The marketing department of Legrand Zrt. has access to data.

Data processors:

Name

Registered address

Data Processor’s task

Attention CRM Consulting Kft.

1075 Budapest, Madách Imre út 13-14. T. Building 4. Floor

IT developer of Salesforce cloud CRM system

Salesforce.com, Inc

San Francisco, California, United States

Operator of Salesforce cloud CRM system

 

2.1.4. Delivery, logistics

Purpose of data processing: Legrand Zrt. uses the service of transport companies to fulfill orders and fulfil agreements in the interest of delivering products.

Legal basis of data processing: performance of agreement (Section 6 Article (1)b) of GDPR)

Processed personal data: Address of self-employed or individual client, registration number of self-employed, data of representative of a legal entity (name, position), data (name, phone number, email address) of the contact person (person receiving the delivered product) of the legal entity, individual or self-employed client. Shipping address in the case of a self-employed or private client. Name and contact details of the driver.

Period of data processing: eight years (accounting document).

Possible consequences of failure to provide data: the delivery, namely the performance of the order and the evaluation and remedy of complaints relating to the delivery, would be impossible.

 

2.1.5. Complaint handling, customer service (product complaint, returned good)

Purpose of data processing: Managing quality and quantity complaints relating to products and services of Legrand Zrt. Complaints are recorded by filling out a written complaint form or are received by phone. Legrand Zrt. operates a telephone (toll-free number) customer service, whereby reports are typically drawn up in order to handle complaints

Legal basis of data processing: performance of the agreement (Section 6 Article (1)b) of GDPR) /compliance with legal obligation (Section 17/A of Act CLV of 1997 on consumer protection), (Section 6 Article (1)c) of GDPR) / consent of the data subject (Section 6 Article (1)a) of GDPR), Section 17/A(7) of Consumer Protection Act).

Processed personal data: place, date and method of complaint, name and contact details (address, phone number and email address) of complainant (individual or self-employed), identification number of the complaint, documents sent by the complainant, description of the complaint, place and date of the report, name and signature of the recorder, data of the product in case of return.

Period of data processing: 5 years (copy of the report and the response [2]

Possible consequences of failure to provide data: investigation and performance of complaints (e.g.: exchange of products) would be impossible.

Transfer of data: no

Recipients of data: The marketing department of Legrand Zrt. has access to data.

Data processors:

Name

Registered address

Data Processor’s task

[Operator of QAD system Direction System Informatics (DSI)

Limoges

Operation of QAD IT system, where in the case of returns data relating to invoices are recorded.

Isys-On Kft.

1134 Budapest, Kassák Lajos u. 19.

Hungarian support and external developer of QAD system.

[2] Section 17/A(7) of Act CLV of 1997 on consumer protection

2.1.6. Contact with Legrand Zrt.

Purpose of data processing: For those who would contact Legrand Zrt. using the contact details given in this policy or on the website (technical consultancy or central phone number).

Legal basis of data processing: consent of the data subject (Section 6 Article (1)a) of GDPR) / compliance with legal obligation in the case of customer complaints (Section 17/A of Act CLV of 1997 on consumer protection), (Section 6 Article (1)c) of GDPR)

Processed personal data: name and contact details (address, phone number and email address) of the contacting person, documents sent by the contacting person, description of the request.

In the case of phone calls, the details set out in 2.1.5 apply concerning information.

Period of data processing: 5 years in the case of customer complaints (copy of the request and response) [3], in other cases until revocation of consent.

[3] Section 17/A(7) of Act CLV of 1997 on consumer protection

2.2. Data processing concerning marketing activity

2.2.1. Sweepstake

The purpose of data processing: Legrand Zrt. operates a sweepstake on lvk.legrand.hu only for the members of the Legrand Electricians Club (electricians and retailers) of at least 18 years of age. Only those are entitled to participate who successfully click on the link in the email sent to the mailbox after providing the following data and ticking the checkbox on lvk.legrand.hu during the sweepstake, thus confirming their intention to participate. The purpose of data processing is to build a business-related database and to send electronic newsletters, invitations to events and training events to participants.

Legal basis of data processing: consent of the data subject (Article 6 Section (1)a) of GDPR and Sections 6(2), (5) of the Business Advertising Act).

Processed personal data: name, chosen user name, password, email address, phone number, address, declaration of being over 18 years old

Registered address

Data Processor’s task

IR Intelligens Régió Üzleti Kommunikációs Kft.

6728 Szeged, Szélső sor 11.

Operator of the website of the sweepstake (lvk.legrand.hu)

Attention CRM Consulting Kft.

1075 Budapest, Madách Imre út 13-14. T. Building 4. Floor

IT developer of Salesforce cloud CRM system

Salesfore.com, Inc

San Francisco, California, United States

Operator of Salesforce cloud CRM system

 

2.2.2. Newsletter service of Legrand Zrt.

Purpose of data processing: building business database, sending email newsletters containing commercial advertising, product catalogues, offers to data subjects.

Only persons over 16 years old may consent to direct marketing requests.

Legal basis of data processing: freely given consent of the data subject (Article 6 Section (1)a) of GDPR, Sections 6(2), (5) of Business Advertising Act).

Processed personal data: name, email address, possibly address, declaration of being over 18 years old, consent to direct marketing request.

Period of data processing: until revocation of consent of the data subject

Recipients of data: The commercial department of Legrand Zrt. has access to data.

Transfer of data: Salesforce.com, Inc. (registered address: San Francisco, California, United States

Legal basis of data transfer: Salesforce.com, Inc., member of Privacy Shield EU-USA Data Transfer Agreement

Data processors:

Name

Registered address

Data Processor’s task

Hinora Group Communications Kft.

1142 Budapest, Kassai utca 71.

Provider of newsletter service

Attention CRM Consulting Kft.

1075 Budapest, Madách Imre út 13-14. T. Building 4. Floor

IT developer of Salesforce cloud CRM system

Salesforce.com, Inc

San Francisco, California, United States

Operator of Salesforce cloud CRM system

 

Revocation of consent to receiving direct marketing messages and erasure or modification of personal data may be requested as follows:

in email to dataprotection.hu@legrand.hu, or

by post [Legrand Zrt. 1097 Budapest, Gubacsi út 6/B].

2.2.3. Data processing of www.legrand.hu website

2.2.3.1. Logging of legrand.hu server

The webserver does not record user data when visiting the www.legrand.hu website.

Data processing relating to logging of external service providers:

The html code of the portal contains links to an external server and links from an external server, unrelated to Legrand Zrt. The server of the external service provider is in direct connection with the user’s computer. We draw the attention of our visitors to the fact that the service providers of these links are capable of collecting user data (e.g.: IP address, browser type, data about operating system, movement of cursor, websites visited and time of visit) because of the direct connection of such servers with the user’s browser.

As an external service provider the Google Analytics server supports the independent measurement and auditing of the activity and other webanalytical data of legrand.hu website. The service provider available on www.maps.google.com displays mapped information on the website as the external service provider.

The controller provides detailed information about the processing of measurement data at http://www.google.com/intl/hu/policies/.

The code of the service provider available at https://www.facebook.com/legrandmagyarorszag and https://www.youtube.com/user/legrandhungary are located on the website.

2.2.3.2. Cookie management of www.legrand.hu website

Legrand Zrt. and several service partners place a small data package, a so-called cookie, on users' computers to identify and track users. These are read during the later use of internet. If the browser returns a previously saved cookie, the service provider managing the cookie is able to connect the actual visit of the user with previous visits regarding websites that use the cookies of Legrand Zrt. or the external service provider.

When the legrand.hu website is visited, Google Analytics manages cookies in order to operate a webanalytical system.

More information on the data processing by www.google.com/analytics is available at http://www.google.com/intl/hu/policies.

The document entitled “How Google uses information from sites or apps that use our services” is available here: http://www.google.com/intl/hu/policies/privacy/partners/

The user can delete cookies from their computer or block the operation of cookies in the browser. Management of cookies is usually possible in the Tools/Options menu under Privacy/History/Private Settings using the denomination of cookie or track.

The following external service providers have placed listed cookies on the website:

¾ Google Analytics: external servers support the independent measurement and auditing of the activity and other webanalytical data of our website (google.com/analytics),

¾ The so-called Facebook cookie ("Facebook Pixel”): enables the measurement of our marketing activity through the services of Facebook. (facebook.com),

¾ Addthis: enables sharing and liking of content of the website, and supports the statistical analysis of sharing (adthis.com),

¾ Crazy Egg Analytics: enables measurement of contents most viewed by visitors to our website and anonymous heatmap analysis (crazyegg.com),

¾ Legrand: The Legrand cookie supports the internal measurement of activity and other webanalytical data of our website,

¾ Smartlook: enables the measurement of the contents most viewed by visitors to our website and making of anonymous heatmaps and visit analyses (smartlook.com).

2.2.4. Data processing of the lvk.legrand.hu website

2.2.4.1. Logging of the lvk.legrand.hu server

The webserver does not record data of users when they visit the www.lvk.legrand.hu website.

Data processing relating to logging of external service providers:

The html code of the portal contains links to external server and links from an external server, unrelated to Legrand Zrt. The server of the external service provider is directly connected to the user’s computer. We draw the attention of our visitors to the fact that the service providers of these links may collect user data (e.g.: IP address, browser type, data about operating system, movement of cursor, websites visited and time of visit) because of the direct connect from the server to the user’s browser.

As an external service provider, the Google Analytics server supports the independent measurement and auditing of the activity and other webanalytical data of lvk.legrand.hu website.

 

2.2.4.2. Cookie management of www.lvk.legrand.hu website

Legrand Zrt. and several service partners place a small data package, a so-called cookie, on users' computers to identify and track users. These are read during the later use of internet. If the browser returns a previously saved cookie, the service provider managing the cookie is able to connect the actual visit of the user with previous visits regarding websites that use the cookies of Legrand Zrt. or the external service provider.

When the lvk.legrand.hu website is visited, Google Analytics manages cookies in order to operate the webanalytical system.

More information about the data processing by www.google.com/analytics is available at http://www.google.com/intl/hu/policies.

The document entitled “How Google uses information from sites or apps that use our services” is available here: http://www.google.com/intl/hu/policies/privacy/partners/

Users can delete cookies from their computer or block the operation of cookies in the browser. Management of cookies is usually possible in the Tools/Options menu under Privacy/History/Private Settings using the denomination of cookie or track.

The following external service providers have placed the listed cookies on the website:

¾ Google Analytics: external servers support the independent measurement and auditing of the activity and other webanalytical data of our website (google.com/analytics).

2.2.5. Measurement of customer satisfaction

Satisfaction of partners and end users relating to products is considered highly important by Legrand Zrt. To this end the opinions of customers are required. Legrand Zrt. sends emails to partners and end users.

Purpose of data processing: appraisal of consumer habits

Legal basis of data processing: freely given consent of the data subject (Article 6 Section (1)a) of GDPR)

Processed personal data: email address of the recipient, but the questionnaire does not contain personal data. 

Period of data processing: until revocation of consent of the data subject

Recipients of data: The scope and purpose of the annual measurement of customer satisfaction is determined by the Commercial Department.

Transfer of data: Salesforce.com, Inc., member of Privacy Shield EU-USA Data Transfer Agreement.

Data processors:

Name

Registered address

Data Processor’s task

Attention CRM Consulting Kft.

1075 Budapest, Madách Imre út 13-14. T. Building 4. Floor

IT developer of Salesforce cloud CRM system

Salesforce.com, Inc

San Francisco, California, United States

Operator of Salesforce cloud CRM system

 

2.2.6. Organising events, training

Purpose of data processing: Legrand Zrt. organises professional events, roadshows and training in order to promote products.

Legal basis of data processing: freely given consent of the data subject (Article 6 Section (1)a) of GDPR)

Processed personal data: company name, name and contact details of participants (email address or phone number), place and date of the event/training,

Period of data processing: until revocation of consent of the data subject

Recipients of data: The Commercial Department is entitled to have access to the above-described personal data.

Transfer of data: Salesforce.com, Inc., member of Privacy Shield EU-USA Data Transfer Agreement.

Data processors:

Name

Registered address

Data Processor’s task

Attention CRM Consulting Kft.

1075 Budapest, Madách Imre út 13-14. T. Building 4. Floor

IT developer of Salesforce cloud CRM system

Salesfore.com, Inc

San Francisco, California, United States

Operator of Salesforce cloud CRM system

 

2.3. Other data processing

We hereby inform you about data processing not listed in this policy under data collection. We inform our partners and customers that the court, prosecutor’s office, investigative authority, authority dealing with administrative offences, administrative authority, the National Authority for Data Protection and Freedom of Information, and other bodies based on the empowerment of legislation may ask Legrand Zrt. to provide information, report or provide data or make available documents.

Legrand Zrt. shall deliver personal data to the authorities - if the authority determine the exact purpose and the scope of data - only to the extent absolutely necessary to meet the objective of the request. [4]

[4] GDPR Preamble (111)

  1. METHOD OF STORING PERSONAL DATA, SECURITY OF DATA PROCESSING

Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the varying likelihood and severity of risk to the rights and freedoms of natural persons, Legrand Zrt. and data processors shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

Legrand Zrt. shall choose and operate IT tools for the processing of personal data so that:

· the processed data shall be accessible to authorized persons (access);

· the authenticity and authentication of processed data shall be ensured (authenticity of data processing);

· the integrity of processed data shall be justified (data integrity);

· the processed data shall be protected against unauthorized access (confidentiality of data).

Legrand Zrt. protects data with appropriate measures, in particular against unlawful access, alteration, transfer, disclosure, erasure or destruction, accidental destruction, damage or inaccessibility due to changes in applied technology.

In order to protect files processed electronically using different registrations Legrand Zrt. ensures with appropriate technical solutions that data stored shall not be connected and assigned directly to the data subject - unless legislation allows this.

Taking into account the state of the art, Legrand Zrt. shall protect the security of data processing by implementing technical and organisational measures that ensure a level of security appropriate to the risk.

During data processing Legrand Zrt. shall preserve

· confidentiality: data shall be protected, only authorized persons may have access to it;

· integrity: the accuracy and integrity of information and the method of processing shall be protected;

· availability: ensuring that the authorized user may access the requested information and the related tools are available when needed.

The information system and network of Legrand Zrt. and partners involved in data processing are protected against computer-supported fraud, espionage, sabotage, vandalism, fire and flood, computer viruses, computer hacking and attacks leading to disruption. The operator ensures security by applying security procedures at the server and application level. We inform users that, independently of protocol (email, web, ftp, etc.), electronic messages sent via the internet are vulnerable to attempts at unfair activity, debates about agreement, or disclosure or modification of information. The controller shall implement every measure that could reasonably be required to protect data against such threats. Systems are monitored in order to record every security-related derogation and may be used to provide evidence in the case of any security events. The monitoring of the system also makes it possible to manage the efficiency of measures that are applied.

Legrand Zrt. as controller registers potential data breaches, indicating facts related to the data breach, impacts and measures to mitigate it. Legrand Zrt. shall without undue delay and, where feasible, no later than 72 hours after having become aware of such, notify the National Authority for Data Protection and Freedom of Information of potential personal data breaches, unless such personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. (The Privacy Policy contains the relevant regulation concerning data breaches)

 

  1. DATA, CONTACT DETAILS OF DATA HANDLER

DATA HANDLER

Name:

Legrand Magyarország Villamossági Rendszerek Private Limited Company

Registered address:

6600 Szentes, Ipartelepi út 14.

Company registration number:

06-10-000079

Telephone number:

06 63 510 200 (Szentes) / 06 1 505 8510 (Budapest)

Email:

vevoszolgalat@legrand.hu

Data protection officer (contact details)

Name and contact details of the data protection officer (Legrand Group): Marc Paurty

Contact details of the Hungarian representative of the data protection officer: dataprotection.hu@legrand.hu

 

  1. RIGHTS OF DATA SUBJECTS

Please note that the following rights exist relating to the processing of personal data:

· transparent information,

· right to access,

· right to rectification,

· right to erasure,

· right to restriction of processing,

· right to data portability,

· right to object,

· right to withdraw consent,

· right to lodge a complaint, and

· right to remedy.

5.1. Transparent information

Legrand Zrt. shall provide information - within the scope determined by the GDPR - concerning the processing of your personal data. Compliance with this requirement is undertaken through this privacy policy. Please note that if you have further questions concerning the processing of your personal data, you may exercise your right to access.

5.2. Right to access

Information may be requested about whether your personal data are being processed. If so, detailed information may be requested about the following:

· for what reasons data are processed,

· what data are processed,

· what the source of personal data is,

· who the processed data are disclosed to,

· how long the processed data are stored, and

· if the data are transmitted via international transfer, what are the guarantees related to such data transfer, and

· you can receive ongoing information about the rights related to the processing of your personal data and information about to which data protection authority complaints may be submitted. [5]

If requested, we can provide a copy of your processed personal data free of charge.

Legrand Zrt. may charge a reasonable fee based on the administrative costs for additional copies. [6]  At your request, we shall provide information electronically. The right to information may be exercised in writing according to the following contact information:

e-mail: dataprotection.hu@legrand.hu

At your request, information may be provided also orally - after credibly verifying identity and identification.

[5] Article 15(1) of GDPR

[6] Article 15(3) of GDPR

5.3. Right to rectification

At your request, inaccurate personal data (date of birth is not correct, email address has been changed, name change has occurred, etc.) will be rectified, corrected or completed.[7]

[7] Article 16 of GDPR

5.4. Right to erasure

You may request the erasure of processed personal data without delay, if

  • the purpose of data processing no longer justifies the processing of data,
  • data processing is based on consent and this consent is withdrawn (and data processing has no other legal grounds),
  • you object to the processing and there are no overriding legitimate grounds for data processing,
  • personal data have been unlawfully processed, or
  • personal data must be erased to ensure compliance with legislation.

Erasure of data may not be requested if the processing is necessary, as follows: in exercising the right of freedom of expression and information; in compliance with a legal obligation or for performance of a task carried out in the public interest to which Legrand Zrt. is subject; for reasons of public interest in the area of public health or scientific or historical research purposes or statistical purposes; or for the establishment, exercise or defence of legal claims. [8]

[8] Article 17 of GDPR

5.5. Right to restriction of data processing

If you exercise this right and data restriction is deemed necessary, your personal data may only be stored but no other operation may be performed (e.g. it may not to be transferred to others, and may not be organised) - unless you consent to the performance of these operations or performance is a legal obligation.

When may this right be enforced?

· If the accuracy of processed personal data is contested, for a period enabling the verification of the accuracy of such personal data.

· In so far as the processing of your personal data is unlawful but erasure is not required, but rather data securement.

· If we no longer need your personal data, but they are required to be stored - for example, to exercise a right.

· If you have objected to the processing of personal data pending verification of whether the legitimate grounds of Legrand Zrt. override your legitimate grounds.

In all such cases you shall be informed before the restriction of processing in the above-mentioned examples is lifted (e.g. because inaccurate data have been rectified or a request for restriction is refused).[9]

[9] Article 18 of GDPR

5.6. Right to data portability

If data processing is based on consent, or it is necessary to perform an agreement by automated means, personal data may be requested which has been provided to Legrand Zrt. in a structured, commonly used and machine-readable format and the right to transmit those data to another controller shall be ensured. [10]

Please be informed that Legrand Zrt. processes personal data by non-automated means.

[10] Article 20 of GDPR

5.7. Right to object

You have the right to object on grounds relating to your particular situation at any time to the processing of your personal data if such processing is based on the legitimate interests of Legrand Zrt.. In the case of objection, personal data shall no longer be processed unless there are compelling legitimate grounds for such processing which override your interests, rights and freedoms.

When personal data are processed for direct marketing purposes (e.g.: sending newsletters), you shall have the right to object at any time to processing of your personal data for such purposes. In the case of objection, personal data shall no longer be processed by Legrand Zrt. for such purposes. [11]

[11] Article 21 Section (1)-(4) of GDPR

5.8. Right to withdraw consent

You have the right to withdraw consent at any time during data processing.

Please be informed that the withdrawal of consent shall not affect the lawfulness of processing based on consent prior to withdrawal. [12]

Your rights may be exercised as follows:

By e-mail: dataprotection.hu@legrand.hu

By mail: To Legrand Zrt. 6600 Szentes, Ipartelepi út 14. postal address

[12] Article 7 Section (3) of GDPR

5.9. Procedural rules

Please note that Legrand Zrt. shall inform you about measures taken pending such request without undue delay but in all cases within one month after the request is received. Taking into account the complexity of the request and the number of requests, if necessary, this deadline may be extended by two months. You will be informed about any extension of the deadline within one month of the receipt of the request.

If the request has been submitted electronically, Legrand Zrt. shall inform you electronically (unless you request otherwise).

If Legrand Zrt. does not undertake measures based on the request, you shall be informed at the latest within one month from the receipt of the request about the reasons for such action and the fact that a complaint may be lodged to the National Authority for Data Protection and Freedom of Information, and you may exercise your right to judicial remedy.

Please be informed that Legrand Zrt. shall provide the requested information free of charge. If such request is definitely unfounded or - in particular because of its repeated nature - exaggerated, Legrand Zrt. may charge a reasonable fee for administrative costs or may refuse to implement measures on the basis of the request.

Legrand Zrt. shall inform every recipient to whom your personal data were disclosed about the rectification or erasure of your personal data or the restriction of data processing (unless this is impossible). At your request we shall inform you about such recipients.

5.10. Compensation and restitution

Legrand Zrt. shall compensate any damage caused to you due to unlawful processing of your data or the violation of the requirements of data security. In the case of violation of human rights, restitution may be claimed according to the provisions of the Civil Code. [13]

Be informed that during the processing of personal data Legrand Zrt. is also liable for damages caused by the data processor used by Legrand Zrt. Legrand Zrt. is exempted from liability in the case that such damage is caused by unavoidable circumstances outside the scope of data processing.

Legrand Zrt. shall not compensate damage and restitution may not be claimed if the damage or the infringement caused by the violation of human rights arises from the injured person’s or claimant's intentional or obviously negligent conduct.

[13] Section 2:52 of Hungarian Civil Code

5.11. Right to remedy

5.11.1. Complaints to the data protection officer

If you consider that Legrand Zrt. has violated binding corporate rules, you may submit a complaint to the data protection officer. Complaints may be sent to the data protection officer - who shall respond within one month - using the following email address.

e-mail address: dataprotection.hu@legrand.hu

postal address: Legrand Zrt. 6600 Szentes, Ipartelepi út 14.

5.11.2. Right to turn to the court

If you suffer any infringement in connection with the processing of your personal data while exercising your rights (e.g.: could not exercice the above rights, did not receive any information on the processing etc.[14] ) a lawsuit may be filed before the court of the residence or temporary address against Legrand Zrt. The court shall act promptly in such case. [15] Please be informed that lawsuits filed concerning the protection of personal data are free of charge. [16]

 

[14] Section 52(1) of Act CXII of 2011

[15] Sections 22(1) and (3) of Act CXII of 2011 on Right of Informational Self-Determination and Freedom of Information

[16] Section 57(1)o) of Act XCIII of 1990 on duties

 

5.11.3. Procedures of the data protection authority

If you suffer any infringement in connection with the processing of your personal data while exercising your rights you may choose to turn to the National Authority for Data Protection and Freedom of Information as well.

Contact details of the authority:

Name: National Authority for Data Protection and Freedom of Information

Registered address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Postal address: 1530 Budapest, Pf: 5.

Telephone: 06.1.391.1400

Fax: 06.1.391.1410

E-mail: ugyfelszolgalat@naih.hu

Website: http://www.naih.hu