Privacy Notice of Semilab

PRIVACY NOTICE

This Privacy Notice (hereinafter referred to as: “Privacy Notice”) describes the data processing on the https://semilab.com/ and www.machiningfactory.semilab.hu/com website (hereinafter collectively referred to as: “the Site”) operated by SEMILAB Semiconductor Physics Laboratory Co. Ltd. (registered office: H-1117 Budapest, Prielle Kornélia St. 4/A., company registration number: 01-10-041351, tax number: 10311765-2-44, represented by: dr. Pavelka Tibor, Data Privacy manager: Varga Adrienn, contact: gdpr@semilab.hu, hereinafter referred to as: “Data Controller”) especially the characteristics of data collection, storage and use.

This Privacy Notice is effective from 1 February 2021. The Data Controller keeps the current version of the Privacy Notice permanently available on the Site and at its headquarters.

The Privacy Notice has been prepared in line with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as: “GDPR”), with due consideration of the provisions of Act CXII of 2011 on Informational Self-determination and Freedom of Information (hereinafter referred to as: “Privacy Act”). The definitions of this Privacy Notice are the same as the ones set out in Article 4 of the GDPR, also supplemented by certain points of the interpretative provisions mentioned in Section 3 of the Privacy Act.


PRINCIPLES RELATING TO PROCESSING OF PERSONAL DATA

The Data Controller – while providing his services – pays particular attention to protect personal data, complies with the mandatory legal provisions, and processes data in a secure and fair manner.

The Data Controller processes personal data as set out in point 2 of this Privacy Notice and the provisions of its Privacy Policy. The Data Controller shall treat the personal data provided to him confidentially, shall take into account the principles of legality, due process and transparency under the GDPR, and shall treat personal data purpose-bound, with the principle of data saving in mind. The Data Controller shall also comply with the principle of limited storing, protect the confidentiality and integrity of personal data, and consider the principle of accuracy under the GDPR.

The Data Controller considers it important to respect and enforce the rights of its partners, members, employees, and all of its natural person data subjects (hereinafter referred to as: “Data Subject”) regarding the processing of their data.

While handling, recording, processing, and transmitting the personal data of a Data Subject, the Data Controller proceeds in full compliance with the relevant provisions of the GDPR and the Privacy Act, as well as other applicable legislation.

The Data Controller processes personal data in full compliance with this Privacy Notice and complies with relevant statutory provisions, with special regard to the followings:

  • Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the Data Subject (lawfulness, fairness and transparency);
  • Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (purpose limitation);
  • The purpose of processing personal data shall be appropriate and relevant, and the processing shall not exceed the scope needed to achieve that purpose (data minimization);
  • The personal data shall be accurate and kept up-to-date. The Data Controller shall delete inaccurate personal data without delay, provided that it has credible information on their inaccuracy (accuracy);
  • Personal data shall be kept in a form that allows the identification of the Data Subjects for the necessary period only. Personal data may be kept for a longer period for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes (storage limitation);
  • Personal data shall be processed by the Data Controller in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (integrity and confidentiality)

Acceptance of the Privacy Notice (the tick in the appropriate checkbox) confirms its recognition by the Data Subject and considered as a consent to the data processing. The Data Subject may withdraw his or her consent to the processing by sending an email to the contact email address. If deletion is permitted by law, the data will be deleted.


THE METHOD AND SECURITY OF DATA PROCESSING

The Data Controller ensures the security of the data, he also takes the necessary technical and organizational measures, and implements the procedural rules that are needed to enforce the provisions laid down in GDPR, the Privacy Act and the data and confidentiality rules provided in other legislation.

The Data Controller protects personal data from unauthorized access, modification, transmission, publication; unauthorized or accidental deletion and destruction; damages and also from becoming inaccessible as a result of changes in the technologies used.

The Data Controller protects data files that are processed electronically in various registers, by ensuring that they are stored in different registers, and cannot be directly interconnected and associated with the Data Subject, unless it is permitted by law.

(The Data Controller keeps the processed personal data on storage devices (both live and backup), which are in the data centers operated by his IT infrastructure provider. Entering these data centers is only possible with prior permission and requires adequate identification. The identification is performed by human guards. Remote access is possible, and it is secured by a two-step encrypted authentication. Data security is also maintained by regular backups. The computer rooms in the data centers are equipped with fire alarm and automated fire extinguishing systems.)

While the Data Controller automatically processes personal data, he ensures:

  • the prevention of unauthorized data input;
  • the prevention of unauthorized use of the systems;
  • that potential or actual organizations that have received or may receive personal data using a transmission device can be verified and identified;
  • the controllability and traceability of personal data input into the automated data processing systems (which data were entered, by whom and when);
  • the recoverability of the installed systems in the event of system failure.

The Data Controller keeps a record of transmissions that can be used to verify the legality of any data transmission that may occur. Such records include the transmitted personal data, the date, the time and legal basis of the transmission, the recipient of the data, and other data that is required by law.


DATA PROCESSING IN RELATION TO THE SITE


REQUEST FOR QUOTATION ON SEMILAB.COM

Purpose of the processing Manage and answer quotation requests, send quotations.
Categories of personal data concerned: Data Subject’s title and name, email address, possibly his or her phone number, legal entity’s name and possibly its address, and the message itself.
Data Subjects: Data Subjects requesting quotation from the Data Controller
Legal basis for the processing: Processing activities will be based on the Data Subject’s consent under Article 6 (1) (a) of the GDPR
Period of storage: Until the Data Subject’s consent is withdrawn
Method of the processing Electronic
Source of the personal data: Data collected from the Data Subject
Possible consequence of failure to provide data If the Data Subject does not provide the data, the Data Controller will not be able to send him or her a quotation
Automated decision-making and profiling The Data Controller does not use automated decision-making and does not perform profiling.
Recipients of data transmission Responsible employees of the Data Controller and employees of any possible data processors. The current list of data processors of the Data Controller is listed in Section 5 of this Privacy Notice.
Data transfer to third countries or international organisations There is no data transfer


REQUEST FOR QUOTATION ON THE SUBPAGE FOR THE MACHINING FACTORY

Purpose of the processing: Manage and answer quotation requests, send quotations.
Categories of personal data concerned: Data Subject’s name, legal entity’s name, email address, the purpose of requesting a quotation, the message itself and the attachment.
Data Subjects: Data Subjects requesting quotation from the Data Controller
Legal basis for the processing: Processing activities will be based on the Data Subject’s consent under Article 6 (1) (a) of the GDPR
Period of storage: Until the Data Subject’s consent is withdrawn
Method of the processing Electronic
Source of the personal data: Data collected from the Data Subject
Possible consequence of failure to provide data If the Data Subject does not provide the data, the Data Controller will not be able to send him or her a quotation
Automated decision-making and profiling The Data Controller does not use automated decision-making and does not perform profiling.
Recipients of data transmission Responsible employees of the Data Controller and employees of any possible data processors. The current list of data processors of the Data Controller is listed in Section 5 of this Privacy Notice.
Data transfer to third countries or international organisations There is no data transfer


CONTACT

The Data Controller provides an opportunity for its customers or visitors to the Site to contact the Data Controller via one of the contact details provided on the Site or through the Contact menu.

Purpose of the processing: Contact with the customers
Categories of personal data concerned: Data Subject’s name, email address, possibly his or her phone number, address, possibly legal entity’s name, and the message itself
Data Subjects: Data Subjects contacting the Data Controller
Legal basis for the processing: Processing activities will be based on the Data Subject’s consent under Article 6 (1) (a) of the GDPR
Period of storage: Until the purpose of the processing is reached, at most until the erasure at request of the Data Subject
Method of the processing Electronic
Source of the personal data: Data collected from the Data Subject
Possible consequence of failure to provide data If the Data Subject does not provide the data, the Data Controller will not be able to contact him or her
Automated decision-making and profiling The Data Controller does not use automated decision-making and does not perform profiling.
Recipients of data transmission Responsible employees of the Data Controller and employees of any possible data processors. The current list of data processors of the Data Controller is listed in Section 5 of this Privacy Notice.
Data transfer to third countries or international organisations There is no data transfer


COOKIES

a) What is a cookie?

A cookie is a small file containing various letters and numbers sent by a webserver. The cookie is recorded and stored for a pre-determined period on the user’s device (computer, mobile, tablet, smart TV etc.). The cookies - as IT data - are sent by the web server to the user’s browser, stored on the user’s device, and then sent back to the server by the browser each time it requests data from the web server. They do not contain executable files, viruses, spyware, and cannot access data on the user's hard drive.

Cookies usually contain the following: the domain name of the page that the user is visiting (i.e. the website address entered into the browser), the storage period of the cookie, and the information stored. The cookie enables, among other things, the recognition of the user's device and browser, thus facilitating the appearance of content tailored to the needs of the visitor and the basic browsing functions (e.g. providing coherent sessions). In addition to user anonymity, they also support the preparation of visiting statistics.

Data Controller does not store that kind of information in cookies from which someone is personally identifiable, nonetheless Data Controller uses encrypted information derived from it to enhance the user experience. For example, they help Data Controller to identify and resolve errors, as well as identify a range of interesting, related products that Data Controller would like to draw your attention to while browsing the Site.

However, if at some point in the future - with your explicit consent - you contact the data Controller by filling out a form on a website of the Data Controller where cookies are used, Data Controller may use these cookies to find out the details of your website visits after the form was submitted. This is done to enhance user experience.

When you accept the cookie policy (Privacy notice) on the Site, it will not reappear again until you delete the cookies in your browser settings.

If you share any content of the Site on the social media (e.g. Facebook, Youtube, Instagram), you may receive additional cookies from these websites. These cookies are not operated by the Data Controller, so Data Controller highly recommends that you visit these third-party websites for more information about them and their management.


b) Categories of cookies used on the Site

  1. Functional and strictly necessary cookies
    These cookies are essential for users to browse the Site and use its features and services. When you close your browser, these cookies are going to be automatically deleted from your computer. Without these cookies, Data Controller cannot guarantee that you will be able to use the Site. Functional cookies are used to remember actions performed on the Site (e.g. selected language, login details).
  2. Performance cookies
    Date Controller uses these cookies, among other things, to keep track of the pages the visitors visit, how and how often they use the pages, and how long they have been on a particular page. Date Controller also uses third-party cookies from its advertising partners to measure the success of its campaigns.
  3. Targeting and marketing cookies
    The purpose of these cookies is to deliver adverts and contents that are more relevant to you and your interests by creating user groups. This process is done by manual intervention. These cookies are stored on your computer. These cookies are not capable to identify individuals. In order to deliver Data Controller’s personalized adverts to you Data Controller uses remarketing services.


c) Stored cookies

Cookie name

Origin

Type and purpose

Expiry

_ga

Google

Performance cookie Google Analytics identifies the user.

2 years

_gid

Google

Performance cookie Google Analytics identifies the user.

1 day

_gat

Google

Performance cookie Google Analytics identifies the user.

1 day


d) Data transfer to countries outside the EU

  • Through which data processor: Google
  • To what country: USA
  • Reason for data transfer to third countries: Storing of performance cookies and marketing data


e) Cookie management

Click here to access the Ad Manager by Google, where you can manage (authorize, block) ads related to specific services.

Visitors to the Site can delete, block or change the settings of the cookies used by the Site.

For different browsers, see the following links for instructions on how to change your settings:


CAREER

The data processing relating to the Career subpage on the Site is regulated and specified in a separate Policy, that is always available at the Site and at the Data Controller’s headquarters.


OTHER DATA PROCESSING


DATA PROCESSING REGARDING THE PERFORMANCE OF THE CONTRACT

Purpose of the processing: Preparing and performing contracts with sole proprietors or entities without legal personality
Categories of personal data concerned: Contracting party’s name, possibly place and date of birth, mother’s maiden name, address, signature, bank account number, regarding sole proprietors their registration number, name, registered seat, contact information and other possible data that needed to perform the contract
Data Subjects: Data Controller’s contracting partners
Legal basis for the processing: Legal basis for the processing: Processing activities will be based on Article 6 (1) (b) of the GDPR. For the processing of data in addition to contractual data, in particular contact person data, Article 6 (1) (f) of the GDPR provides the legal basis.
Period of storage: As a general rule, the Data Controller keeps personal data until the performance of the contract.
Method of the processing On paper and/or electronically
Source of the personal data: Data collected from the Data Subject
Possible consequence of failure to provide data If the Data Subject does not provide the data, the Data Controller will not be able to perform the contract.
Automated decision-making and profiling The Data Controller does not use automated decision-making and does not perform profiling.
Recipients of data transmission Responsible employees of the Data Controller and employees of any possible data processors. The current list of data processors of the Data Controller is listed in Section 5 of this Privacy Notice.
Data transfer to third countries or international organisations There is no data transfer


PROCESSING CONTACT PERSON DATA

The Data Controller keeps a register of their contractual partners. The personal data can only be processed until the performance of the contract, in accordance with Article 6 (1) (b) GDPR.

The Data Controller's contractual partners also include legal entities whose data in principle do not qualify as personal data, and the Data Controller stores them for the purpose of the performance of the contract. However, the data of the contact person specified in the contract, as well as the data of the contact persons of various authorities who are not in a contractual relationship with the Data Controller, only the employees and subcontractors of the Data Controller. The Data Controller store and register the contact person based on the legitimate interest of the Data Controller in order to facilitate the activities of the Data Controller.

The interest balancing test for the record-keeping of contact person data was prepared by the Data Controller in a separate document, which is always available at the Data Controller’s registered office.

Purpose of the processing: The purpose of data processing is to register the contractual partners of the Data Controller and their contact person, and to register contact person of authorities.
Categories of personal data concerned: The contracting party’s name, phone number, email address, contact of the contact person (name, email address, phone number)
Data Subjects: The Data Controller’s contractual partners and their contact person
Legal basis for the processing: With regard to the contracting party, corresponding to Article 6 (1) (b) of the GDPR, the conclusion or performance of the contract; with regard to the contact person of the contracting party, is the legitimate interest of the Data Controller pursuant to Article 6 (1) (f) of the GDPR.
Period of storage: For 5 years after the performance of the contract.
Method of the processing On paper and/or electronically
Source of the personal data: Data collected from the Data Subject
Possible consequence of failure to provide data Possible consequence of failure to provide data If the Data Subject does not provide the data, the Data Controller will not be able to perform the contract, and to contact the contractual partner.
Automated decision-making and profiling The Data Controller does not use automated decision-making and does not perform profiling.
Recipients of data transmission The Data Controller and their responsible employees.
Data transfer to third countries or international organisations There is no data transfer


ISSUING ACCOUNTING DOCUMENTS

Issuing an accounting document is necessary due to the Data Controller's economic activity. Given that the Data Controller may also contract with sole proprietors in addition to legal entities or entities without legal personality, and that certain data of sole proprietors may be considered personal data, it is necessary for the Data Controller to have personal data processed in connection with the management of accounting documents.

Purpose of the processing: Issuance, storage and accounting of invoices
Categories of personal data concerned: Data specified in Act C of 2000 and Act CXXVII of 2007, especially the Data Subject’s name, date, period of the transaction, address, e-mail address and telephone number
Data Subjects: Data Controller’s contracting partners
Legal basis for the processing: Processing activities will be based on Article 6 (1) (c) of the GDPR and Section 167 and 159 of Act C of 2000
Period of storage: After 8+1 years the Data Controller automatically deletes the personal data of the Data Subject.
Method of the processing On paper and/or electronically
Source of the personal data: Data collected from the Data Subject
Possible consequence of failure to provide data Providing the Data Controller with the data is a legal obligation, therefore it is mandatory.
Automated decision-making and profiling The Data Controller does not use automated decision-making and does not perform profiling.
Recipients of data transmission Responsible employees of the Data Controller and employees of any possible data processors. The current list of data processors of the Data Controller is listed in Section 5 of this Privacy Notice.
Data transfer to third countries or international organisations There is no data transfer


RECORD-KEEPING RELATING TO THE EXERCISE OF RIGHTS OF THE DATA SUBJECTS

Purpose of the processing: Processing regarding the record-keeping relating to the exercise of rights of the Data Subjects under the GDPR
Categories of personal data concerned: Applicant's name, place and date of birth, mother's maiden name, address, mailing address, application for the exercise of a data subject's right under the GDPR
Data Subjects: Data Subjects exercising their rights under the GDPR
Legal basis for the processing: Legal obligation based on Article 6 (1) (c) of the GDPR and based on Article 6 (1) (f) of the GDPR, the Data Controller’s legitimate interest.
Period of storage: 5 years from the assessment of the application.
Method of the processing On paper and / or electronically
Source of the personal data: Data collected from the Data Subject
Possible consequence of failure to provide data If the Data Subject does not provide the data, the Data Controller will not be able to meet the requirements of the GDPR
Automated decision-making and profiling The Data Controller does not use automated decision-making and does not perform profiling.
Recipients of data transmission Responsible employees of the Data Controller and employees of any possible data processors. The current list of data processors of the Data Controller is listed in Section 5 of this Privacy Notice.
Data transfer to third countries or international organisations There is no data transfer


DATA PROCESSING ON FACEBOOK

The Data Controller operates a Facebook page on the website https://www.facebook.com/, which is available at the following link: https://www.facebook.com/semilab/ The Data Controller shares information and images related to their professional portfolio, services and products and publishes videos on the Facebook page. Visitors to the site have the opportunity to express their opinions about the products and services of the Data Controller. The Data Controller collects data and analyses the activity of visitors on the Facebook page with the Site Analysis function.

With respect to personal data collected during Facebook Analytics, the Data Controller and Facebook Ireland Ltd. are considered joint controllers under Article 26 of the GDPR, as the Data Controller and Facebook Ireland Ltd. jointly define the purposes and means of data processing. Facebook Ireland Ltd. assumes primary responsibility for the processing of analytical data under the GDPR.

If Data Subjects exercise their rights against the Data Controller in relation to the processing of analytical data, or if the Supervisory Authority contacts the Data Controller in relation to the processing of analytical data, the Data Controller shall forward such requests to Facebook Ireland Ltd. without delay, but no later than 7 calendar days. The Data Controller will not act or respond on behalf of Facebook Ireland Ltd.

The Data Controller shall ensure that it has an appropriate legal basis for the processing of analytical data in accordance with the GDPR. The Data Controller does not request specific personal data processed by Facebook Ireland Ltd. during the Analytics, the Data Controller sees only the statistics and reports prepared by Facebook Ireland Ltd., not the personal data on which they are based.

Further information on the joint data management agreement between the Data Controller and Facebook Ireland Ltd. for the Facebook page can be found at:
https://www.facebook.com/legal/terms/information_about_page_insights_data

Purpose of the processing: Data processing related to the use of the Facebook page
Categories of personal data concerned: Categories of personal data concerned: As a general rule, the Data Controller only handles statistical data, such as the number of people who liked the page, the number of new likes, the number of people who have read, liked, commented on or shared the post, and the number of who marked as spam, in terms of visits to the Facebook page, the number of times the page was viewed, the number of times they came to the Facebook page from an external page, the number of times the video was viewed, the most viewed videos in relation to the videos posted on the Facebook page. Regarding the people who liked the Facebook page it also treats age, gender, and location as statistical data.
Data Subjects: Visitors of the Facebook page
Legal basis for the processing: Processing activities will be based on the Data Subject’s consent under Article 6 (1) (a) of the GDPR
Period of storage: Until the withdrawal of the Data Subject’s consent
Method of the processing Electronic
Source of the personal data: Data collected from the Data Subject
Recipients of data transmission Responsible employees of the Data Controller and employees of any possible data processors. The current list of data processors of the Data Controller is listed in Section 5 of this Privacy Notice.
Automated decision-making and profiling The Data Controller does not use automated decision-making and does not perform profiling.
Recipients of data transmission Responsible employees of the Data Controller and employees of any possible data processors. The current list of data processors of the Data Controller is listed in Section 5 of this Privacy Notice.
Data transfer to third countries or international organisations Data is transferred to Facebook Ireland Ltd.


DATA PROCESSORS (PERSONS WITH ACCESS TO DATA, THE TRANSMISSION AND PROCESSING OF DATA)

The data processors do not make decisions independently, they shall act in compliance with the contract concluded with the Data Controller and with the instructions received from the Data Controller. Data processors record, manage and process the personal data transmitted to them by the Data Controller in accordance with the provisions of GDPR. The data processors can access, and process personal data provided by the Data Subjects during the period specified in the Privacy Policy regarding the individual purposes of data processing. The Data Controller transmits data to the following data processing companies regarding the data process mentioned in this Privacy Notice:

  • WebDream Magyarország Kft. (registered office: H-1037 Budapest, Testvérhegyi lejtÅ‘ 10. , company registration number: 01-09-908813, tax number: 14546969-2-41, the purpose of the data processing: website server and application operation)
  • Google Ireland Ltd. (registered office: Gordon House, Barrow Street, Dublin 4, Ireland)


RIGHTS OF THE DATA SUBJECT


RIGHT TO INFORMATION AND ACCESS

According to Article 13 of GDPR the Data Controller - in case personal data relating to a data subject are collected from the data subject - shall, at the time when personal data are obtained, provide the Data Subject with all of the following information:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
  • where possible, the planned period for which the personal data will be stored or if not possible, the criteria used to determine that period;
  • right to request from the Data Controller rectification or erasure of personal data or restriction of processing of personal data concerning the Data Subject or to object to such processing;
  • the right to file a complaint with the Hungarian Authority for Data Protection and Freedom of Information (NAIH);
  • the right to seek judicial remedies;
  • if the personal data are not collected from the Data Subject, any available information regarding their source;
  • if the personal data are not collected from the Data Subject, any available information regarding their source;
  • if the personal data are not collected from the Data Subject, any available information regarding their source;

Data Controller shall provide information on what action he took upon a request from the Data Subject within one month from the date of receipt.

Data Controller may charge a reasonable fee based on administrative costs according to Article 12 of GDPR.


RIGHT TO RECTIFICATION

Data Subject has the right to obtain from Data Controller the rectification of inaccurate personal data concerning him or her, without undue delay. Taking into account the purpose of the processing, the Data Subject has the right to request the completion of his or her incomplete data, even by means of a supplementary declaration.


RIGHT TO ERASURE (‘RIGHT TO BE FORGOTTEN’)

Data Subject has the right to request from the Data Controller the erasure of the Data Subject’s personal data and the Data Controller is obliged to erase such personal data, without undue delay. In such cases Data Controller will not be able to further provide the Data Subject with the services of the Data Controller. Data Subject has the right to request erasure if one of the following applies:

  • the personal data is no longer necessary for the purpose that the Data Controller collected it for;
  • Data Subject withdrew his or her consent to the processing activities and there is no other legal basis for processing applies;
  • the Data Subject objects to the processing pursuant to Section (1) of Article 21 of GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Section (2) of Article 21 of GDPR;
  • his or her personal data is being unlawfully processed;
  • EU or member state law oblige the Data Controller to erase Data Subject’s personal data to comply with a legal obligation;
    OR
  • the personal data have been collected in relation to the offer of information society services referred to in Article 8 of GDPR.


RIGHT TO RESTRICTION OF PROCESSING

Data Subject may have the right to request from Data Controller the restriction of processing his or her personal data if one of the following grounds applies:

  • Data Subject contest the accuracy of the personal data Data Controller process about the Data Subject. Data Controller must restrict processing the contested data until they can verify the accuracy of Data Subject’s personal data.
  • Data Controller are unlawfully processing the Data Subject’s personal data.
  • Data Controller no longer need to process the Data Subject’s personal data but the Data Subject need the personal data for the establishment, exercise or defense of legal claims.
  • The Data Subject has objected to processing pursuant to Article 21 of GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

In case of the restriction is justified, personal data shall, with the exception of storage, only be processed

  • if the Data Subject consented to it;
  • for the establishment, exercise or defense of legal claims;
  • for the protection of the rights of another natural or legal person, or
  • for reasons of important public interest of the Union or of a Member State.

If the processing of the Data Subject’s personal data has been restricted, Data Subject will be informed before the restriction of processing is lifted.


RIGHT TO OBJECT AND AUTOMATED INDIVIDUAL DECISION MAKING

The Data Subject shall have the right to object, if processing his or her data is based on:

  • the public interest or in the exercise of official authority vested in Data Controller according to point (e) of Section (1) of Article 6;
  • purposes of the legitimate interests pursued by Data Controller or by a third party according to point (f) of Section (1) of Article 6.

The Data Controller shall no longer process the personal data unless there is compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defense of legal claims.


RIGHT TO DATA PORTABILITY

The Data Subject shall have the right to receive the personal data concerning him or her, which he or she provided to Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without obstruction from the Data Controller, where:

  • the processing is based on the Data Subject’s consent or the processing is necessary for the Data Controller to perform a contract with the Data Subject; and
  • the processing is carried out by automated means.


RIGHT TO WITHDRAW CONSENT

Where processing is based on consent, the Data Subject shall have the right to withdraw his or her consent at any time. Regarding this, the Data Controller informs the Data Subject that they may continue to process the Data Subject's personal data for the purpose of fulfilling his legal obligation or validating his legitimate interests even after the consent is given by the Data Subject has been withdrawn, if the enforcement of the interest is proportionate to the restriction of the right to the protection of personal data.


LEGAL REMEDIES

If the Data Subject feels that the processing of his or hers personal data have breached the provisions of GDPR, the Data Subject is entitled to contact the Data Controller directly at the following e-mail address: a gdpr@semilab.hu in order to eliminate the violation against him or her

The Data Subject is also entitled to file a complaint with the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság; “NAIH”, H-1055, Hungary, Budapest, Falk Miksa utca 9-11; phone: +36-1 391-1400; fax: +36-1 391-1410; e-mail: ugyfelszolgalat@naih.hu).

The Data Subject has the possibility to go to a court, which is acting out of turn, in order to protect his or her data. The Data Subjects can choose whether the action shall be brought before the tribunal in whose jurisdiction the Data Subject’s home address or temporary residence is located.