Privacy Policy

This notice (the "Notice") applies to the processing of information relating to identified or identifiable natural persons ("data subjects") (personal data) by Kiszely és Kiszely 2015 Tűzvédelmi és Szolgáltató Bt. (the "Data Controller"). This Notice relates solely to data processing in connection with the Data Controller's website (kiszelysafety.hu).

The Data Controller has decided not to designate a data protection officer, as the regular and systematic monitoring of data subjects on a large scale, or the large-scale processing of special categories of personal data or criminal offence data, does not form part of its core activities. The Data Controller is not a public authority and does not perform a public task.

On matters not covered by this Notice, Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and Act CXII of 2011 on the Right to Informational Self-Determination and on Freedom of Information (Infotv.) apply.

I. Amendment of the Notice

The Data Controller reserves the right to amend this Notice unilaterally with effect from the date of the amendment. The Data Controller shall inform data subjects of any amendments without delay.

II. Acknowledgment and acceptance of the Notice

By providing personal data, the data subject confirms that they have read and expressly accepted the version of the Notice in force at the time of providing the data. Specific data protection terms may apply to certain services; the Data Controller shall inform the data subject of these before the service is used.

III. Data processing carried out by the Data Controller

Other data processing

The Data Controller may process data other than the types listed above. Where it processes types of data not set out in this Notice, or processes the types set out here for a different purpose or on a different legal basis, it shall inform data subjects separately before processing begins. The separate notice shall be interpreted in accordance with this Notice.

The processing described in sections III.8–III.9 applies to all legal relationships for the performance of work, including in particular agency relationships.

For the processing of personal data of natural person representatives and members of legal persons, this Notice shall be applied as appropriate depending on the purpose; in such cases the source of data may also be an authentic register containing the representatives' or members' data.

Where this Notice does not govern the processing (e.g. contact by email, requests for quotes), the Data Controller shall process the data provided only for the purpose specified by the data subject or assumed from the circumstances, with the data subject's consent, until that purpose is fulfilled.

IV. Processors and transfer of data to third countries

In connection with its processing, the Data Controller may use processors for various processing operations. Processors shall process personal data made available to them only in accordance with the Data Controller's instructions and in line with this Notice. A processor may not take substantive decisions on processing or use the data for its own purposes.

In the course of its processing, the Data Controller in particular uses the following processors:

The Data Controller transfers personal data to the United States in connection with its hosting provider (Vercel Inc.) and email sending service (Resend, Inc.). The legal basis for such transfers is provided by the EU-U.S. Data Privacy Framework and/or Standard Contractual Clauses approved by the European Commission.

V. Personal data of children and third parties

Where processing is based on consent, persons under 16 may not provide their own personal data unless the person with parental responsibility (or, in their absence, the guardian) has consented to the processing of their personal data.

The Data Controller shall take all reasonable steps to verify that consent has been given by the holder of parental responsibility where personal data of persons under 16 are provided. If it finds that data of a person under 16 have been provided without consent or that consent was not given by a person entitled to give it, it shall delete the data without delay.

VI. Data subject rights and remedies

Right to be informed

The Data Controller shall take appropriate measures to provide the data subject with all information referred to in Articles 13 and 14 of the GDPR and all notices under Articles 15–22 and 34 in a concise, transparent, intelligible and easily accessible form, in clear and plain language.

Right of access

The data subject has the right to obtain from the Data Controller confirmation as to whether their personal data are being processed and, if so, access to the personal data and the following: the purposes of processing; the categories of personal data; the categories of recipients; the envisaged retention period; the right to rectification, erasure or restriction and to object; the right to lodge a complaint with a supervisory authority; information on the sources of the data; whether automated decision-making, including profiling, is used.

The Data Controller shall provide a copy of the personal data undergoing processing. For any further copies it may charge a reasonable fee based on administrative costs. At the data subject's request, the information shall be provided by electronic means, by email.

The right of access may be exercised in writing at the contact details set out in this Notice. At the data subject's request, and after verification of identity, the information may also be given orally.

Right to rectification

The data subject has the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data. Taking the purposes of processing into account, the data subject has the right to have incomplete personal data completed, including by means of a supplementary statement.

Right to erasure

The data subject has the right to obtain from the Data Controller the erasure of personal data without undue delay where one of the following applies:

1. the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
2. the data subject withdraws consent and there is no other legal basis for processing;
3. the data subject objects to processing and there are no overriding legitimate grounds;
4. the personal data have been unlawfully processed;
5. erasure is necessary for compliance with a legal obligation under EU or member state law;
6. the personal data have been collected in relation to the offer of information society services.

Right to restriction of processing

Erasure may not be requested where processing is necessary: for the right to freedom of expression and information; for compliance with a legal obligation on the Data Controller; for reasons of public interest in the area of public health or for archiving, scientific or historical research; or for the establishment, exercise or defence of legal claims.

The data subject has the right to obtain from the Data Controller restriction of processing where one of the following applies:

1. the data subject contests the accuracy of the data (restriction applies for the period enabling the Data Controller to verify accuracy);
2. processing is unlawful and the data subject opposes erasure and requests restriction instead;
3. the Data Controller no longer needs the data but the data subject needs them for the establishment, exercise or defence of legal claims;
4. the data subject has objected to processing (Article 21(1) GDPR); restriction applies until it is verified whether the Data Controller's legitimate grounds override those of the data subject.

Where processing has been restricted, the personal data may, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims, for the protection of the rights of another natural or legal person, or for important reasons of public interest of the EU or a member state. The Data Controller shall inform the data subject before the restriction is lifted.

Right to object

The data subject has the right to object at any time, on grounds relating to their situation, to processing of their personal data necessary for the legitimate interests of the Data Controller or a third party, including profiling. Where the data subject objects, the Data Controller may no longer process the data unless it demonstrates compelling legitimate grounds that override the interests, rights and freedoms of the data subject or that relate to the establishment, exercise or defence of legal claims.

Where processing is for direct marketing, the data subject has the right to object at any time to processing of their personal data for that purpose. Where the data subject objects to processing for direct marketing, the data may no longer be processed for that purpose.

The Data Controller shall examine the objection as soon as possible and no later than 15 days, decide on its merits and inform the data subject in writing. If the data subject disagrees with the decision or the Data Controller fails to meet the 15-day deadline, the data subject may bring court proceedings within 30 days of the decision or the last day of the deadline.

Right to data portability

The data subject has the right to receive the personal data concerning them which they have provided to the Data Controller in a structured, commonly used, machine-readable format, and the right to transmit those data to another controller where processing is based on consent or contract and is carried out by automated means. Where technically feasible, the data subject may request that the data be transmitted directly between controllers.

Right to withdraw consent

Where processing is based on consent, the data subject has the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

Supervisory and judicial remedies

The data subject may bring court proceedings if their rights are infringed. Proceedings may be brought before the court of the data subject's place of residence or stay, at the data subject's choice.

The data subject has the right to lodge a complaint with a supervisory authority if they consider that the processing of their personal data infringes the GDPR. The competent supervisory authority in Hungary is:

The data subject has the right to an effective judicial remedy against a legally binding decision of the supervisory authority, and if the supervisory authority does not deal with the complaint or does not inform the data subject within three months of the progress or outcome of the complaint. Proceedings against the supervisory authority shall be brought before the courts of the member state where the authority has its seat.

VII. Data security measures

The Data Controller protects the personal data it processes by restricting access. Only those persons who need the data for the purposes set out above may access them.

VIII. Cookie policy

What is a cookie?

When you visit the website, the Data Controller uses so-called cookies. A cookie is a small package of letters and numbers that the website sends to your browser to save certain settings, make the site easier to use and help collect relevant, statistical information about visitors. Cookies do not contain personal information and cannot identify individual users. They often contain a unique identifier – a secret, randomly generated number – stored on your device. Some cookies disappear when you close the site; others are stored on your computer for longer.

Main features of cookies used on the website

Strictly necessary cookies: These cookies are essential for using the website and enable basic functions. Without them, many features would be unavailable. These cookies last only for the session.

User experience cookies: These cookies collect information about how you use the site, e.g. which pages you visit most or what error messages you see. They do not collect information that identifies you and use only general, anonymous data. We use the data to improve the site. These cookies last only for the session.

Cookie consent cookie: When you arrive on the site, you accept the cookie notice in the pop-up.

If you do not accept the use of cookies, some features may not be available. For more information on deleting cookies, see the links below:

• Internet Explorer / Edge
• Firefox
• Chrome

Web analytics services

Google Analytics: Google Analytics is a Google tool that helps website owners understand their visitors' activity. The service may use cookies to collect and report statistical information on use of the site without identifying individual visitors to Google. The main cookie used is "__ga". With IP anonymisation enabled on the site, Google shortens users' IP addresses within the EU and in other states party to the EEA agreement before processing.

Google Maps: Enables use of Google Maps, display of maps and route planning. The site includes embedded Google Maps, which connects to Google's servers so that visitors' IP addresses and browser data are sent to Google.

For more on Google's privacy practices, see: https://policies.google.com/privacy?gl=HU&hl=en