Upon a Data Subject’s request, Microsec supplies information about the Data Subject’s data processed by Microsec as data controller and/or processed by a data processor on Microsec’s behalf, about the sources where such data was obtained from, and the purpose and duration of and the legal grounds for the processing of data, as well as the name, address and related activities of the data processor, and – in the case of data transfer – the legal grounds for and the recipients of such transfer. The data controller must comply with a Data Subject’s request for information as soon as possible but in no event later than 30 days (unless relevant regulation contains a tighter deadline) and supply the information requested in a clear and easily understandable form and in writing if the Data Subject so requests. Such information must be supplied free of charge, unless the Data Subject has already submitted to the data controller a request for information concerning the same set of data earlier in the same year. Where that is the case, the Microsec will charge a fee to recover its expenses.
Microsec rectifies a Data Subject’s personal data if such data is inaccurate while the correct personal data is available to Microsec.
Microsec blocks a Data Subject’s personal data at the Data Subject’s request, or in cases where there is reason to suppose – based on the information available to Microsec – that the erasure of such data could harm the Data Subject’s legitimate interests. Personal data that has been blocked as mentioned above may only be processed as long as the purpose of data processing which prevented erasure of the same continues to exist.
Microsec marks the personal data if the relevant Data Subject contests the correctness or accuracy of such data while the correctness or accuracy of the data or otherwise cannot be verified beyond doubt.
Microsec erases any and all personal data which is being processed unlawfully, if the relevant Data Subject requests, or if such data is incomplete or inaccurate and cannot be lawfully completed or corrected, provided that such erasure is not disallowed by law, the purpose of data processing no longer exists, or the statutory time limit for the storing of data has expired, or the erasure was ordered by a court of law or by the National Authority for Data Protection and Freedom of Information. If Microsec processes the personal data as a data processor only, then such requests shall be sent to the Client, and Microsec may perform such action only upon the Client’s instructions.
Microsec has 30 days to erase, block or rectify personal data. Where the data controller refuses to comply with a Data Subject’s request for rectification, blocking or erasure, it communicates the reasons for such refusal to the Data Subject in writing within 30 days. When rectifying, blocking, marking or erasing data, Microsec notifies the relevant Data Subject as well as all recipients to whom such data was previously transmitted for processing. Such notification is not necessary where, in the light of the purpose of the data processing, the Data Subject’s legitimate interests are not affected.
Data Subjects may object to the processing of their personal data:
a) if the processing or transfer of such personal data is carried out solely in order to discharge a legal obligation pertaining to the data controller or to enforce the rights or legitimate interests of the data controller, the data recipient or a third party, unless the processing of the data is mandatory and is carried out pursuant to a legal regulation;
b) if the personal data is used or transmitted for the purposes of direct marketing, public opinion polling or scientific research;
c) in other cases as prescribed by law.
Microsec investigates any objections as soon as possible after submission but not later than within 15 days, makes a decision as to the merits of the same, and notifies the relevant Data Subject about its decision in writing. If, according to the findings of the data controller, the objection is justified, the data controller discontinues all data processing operations (including any further collection, capture and transfer of data); it blocks the data concerned, and notifies all the recipients of such personal data about the objection and the measures taken in response for such recipients to also take measures in their turn to give effect to the Data Subject’s objection. If a Data Subject disagrees with the decision taken by the data controller, the Data Subject may challenge the decision in court within 30 days of being informed about such decision.
Data Subjects may, in the event of an infringement of their rights, file a petition in court against the data controller. The court will hear such cases in expedited proceedings.
Any questions, comments or complaints regarding the processing of personal data by Microsec as data controller should be addressed to Microsec, whose contact details are to be found under section 5 above.
Requests for remedy and any complaints may also be addressed to the data protection authority:
Nemzeti Adatvédelmi és Információszabadság Hatóság
(National Authority for Data Protection and Freedom of Information)
Registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Postal address: 1530 Budapest, Pf. 5.
Telephone: +36 1 391 1400
Facsimile: +36 1 391 1410