PRIVACY POLICY

1. INTRODUCTION

PETRO-SZER Irányítástechnikai és Szolgáltató Korlátolt Felelősségű Társaság (registered address: 2724 Újlengyel, Ady Endre utca 41., company registration number: 13-09-161991, hereinafter referred to as the Data Controller) places great emphasis on ensuring that data processing is conducted in compliance with Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information, Regulation (EU) 2016/679 of the European Parliament and Council (GDPR), and the practices of the National Authority for Data Protection and Freedom of Information (NAIH).

PETRO-SZER Irányítástechnikai és Szolgáltató Kft. treats personal data confidentially and takes all necessary measures to ensure its security.

The data processing carried out by PETRO-SZER Irányítástechnikai és Szolgáltató Kft. is necessary for the performance of contractual obligations, compliance with legal obligations, the legitimate interests of the company, or is based on the consent of the data subject.

The Data Controller informs its customers that it is the responsibility of the party providing the data to obtain the data subject’s consent or to prove the legal basis for data processing.

2. CUSTOMER DATA PROCESSING

The Data Controller provides control technology services to partners in the chemical and oil industries, as well as the energy sector.

Purpose of Data Processing:

The purpose of data processing is to prepare and issue invoices related to contracts with customers and to maintain contact with the legal representatives of customers and prospective clients.

Legal Basis for Data Processing:

  • Case 2.1: Performance of a contract.
  • Case 2.2: Legitimate interest of the Data Controller (GDPR Article 6(1)(b) and (f)).

Scope of Processed Data:

  • Name
  • Email address
  • Address (for individual entrepreneur clients)

Data Retention Period:

Data is retained for 30 days after the termination of the contract or until the expiration of civil law claims arising from the contract.

Data Transfers:

No data transfers occur.

3. CONTACTING THE DATA CONTROLLER

All emails and letters received by the Data Controller, along with the sender’s name, email address, and any other included data, are deleted within 30 days after the legal basis for data processing ceases to exist.

Our partners are informed that legal authorities such as courts, prosecutors, tax authorities (NAV), the National Authority for Data Protection and Freedom of Information (NAIH), the Hungarian National Bank (MNB), or other authorized entities may request data from the Data Controller. PETRO-SZER Irányítástechnikai és Szolgáltató Kft. will only disclose personal data to the extent necessary to fulfill the request.

4. STORAGE AND SECURITY OF PERSONAL DATA

The Data Controller’s IT systems and physical documents containing personal data are stored at 1106 Budapest, Heves utca 47.

The Data Controller ensures the protection of personal data against unauthorized access, modification, transfer, disclosure, deletion, or destruction, as well as against accidental loss, damage, or unauthorized access due to technological changes.

The Data Controller’s IT system and network are protected against cyber fraud, espionage, sabotage, vandalism, fire, flood, computer viruses, hacking, and cyber-attacks.

5. DATA CONTROLLER’S INFORMATION

  • Company Name: PETRO-SZER Irányítástechnikai és Szolgáltató Korlátolt Felelősségű Társaság
  • Registered Address: 2724 Újlengyel, Ady Endre utca 41.
  • Company Registration Number: 13-09-161991
  • Tax Number: 12218761-2-13
  • Email: petroszer@petroszer.hu

6. RIGHTS OF DATA SUBJECTS AND LEGAL REMEDIES

The data subject has the right to request information about the processing of their personal data, request corrections, or—except in cases of mandatory data processing—request deletion, restriction, or withdrawal of consent.

Right to Information

The Data Controller provides information about personal data processing clearly and understandably. Requests for information must be submitted in writing. Information can also be provided orally upon verification of identity.

Right to Access

The data subject has the right to receive confirmation from the Data Controller about whether their personal data is being processed and to access their personal data and related information, including:

  • The categories of personal data processed.
  • The categories of recipients to whom personal data has been disclosed or will be disclosed.
  • The intended retention period of personal data.
  • The right to request correction, deletion, or restriction of processing, or to object to processing.
  • The right to file a complaint with the supervisory authority.
  • Information on the data source.

The Data Controller provides this information within one month of the request.

Right to Rectification

The data subject may request the correction of inaccurate personal data and the completion of incomplete data.

Right to Erasure (“Right to be Forgotten”)

The data subject has the right to request the deletion of their personal data without undue delay if:

  • The data is no longer needed for the purpose for which it was collected.
  • The data subject withdraws their consent and there is no other legal basis for processing.
  • The data subject objects to processing, and there are no overriding legitimate grounds for processing.
  • The personal data was unlawfully processed.
  • The personal data must be deleted to comply with a legal obligation.
  • The data was collected in relation to the provision of information society services.

Data deletion cannot be requested if data processing is necessary to comply with legal obligations or for the establishment, exercise, or defense of legal claims.

Right to Restriction of Processing

The data subject may request the restriction of processing if:

  • The accuracy of personal data is contested, for the period necessary to verify its accuracy.
  • The processing is unlawful, and the data subject opposes deletion, requesting restriction instead.
  • The Data Controller no longer needs the data, but the data subject requires it for legal claims.
  • The data subject objects to processing, pending verification of whether the Data Controller’s legitimate grounds override theirs.

If processing is restricted, the personal data—except for storage—may only be processed with the data subject’s consent or for legal claims or public interest reasons.

Notification Obligation

The Data Controller informs recipients of personal data about corrections, deletions, or restrictions, unless this is impossible or requires disproportionate effort. The data subject may request information about these recipients.

If you have concerns about PETRO-SZER Irányítástechnikai és Szolgáltató Kft.’s data processing, please contact us at petroszer@petroszer.hu.

The data subject may take legal action against the Data Controller if their rights are violated. Courts will handle such cases with urgency.

Complaints can be submitted to the National Authority for Data Protection and Freedom of Information (NAIH).

4o