Privacy Policy | Pipetta Szerviz

Privacy Notice

(Effective as of 1 June 2026)

1. PURPOSE, SCOPE AND APPLICABLE LEGISLATION OF THE PRIVACY NOTICE

The purpose of this Privay Notice (hereinafter referred to as the “Notice”) is to set out the data protection and data processing principles applied by PIPETTA SZERVÍZ Korlátolt Felelősségű Társaság (seat: H-1115 Budapest, Csóka utca 7-13., Building A, Hungary; company registration number: 01-09-401611; registered by: Company Registry Court of Budapest-Capital Regional Court; tax number: 27873775-2-43; represented by: Albert Zsolt Győrfi, Managing Director; hereinafter referred to as the “Data Controller”), as well as the Data Controller’s data protection and data processing policy.

This Privacy Notice governs the processing of data related to the operation and activities of the Data Controller. The effective version of the Notice is available at the seat of the Data Controller and on its website: https://hairteszt.masterchief.hu//adatvedelmi-nyilatkozat/

The purpose of the Notice is to establish the fundamental provisions governing the processing of the data of natural persons, legal entities, organizations without legal personality, contractual partners, representatives and contact persons (hereinafter collectively referred to as the “Data Subjects”) who come into contact with the operation and activities of the Data Controller, and to ensure compliance with the applicable legal requirements

The Data Controller reserves the right to amend this Privacy Notice.

The Data Controller processes the data provided by the Data Subject solely for specified purposes and exclusively in connection with its operation and activities, and for enabling invoicing and maintaining contact. The primary activities of the Data Controller are: (i) pipette maintenance and calibration, and (ii) technical inspection and analysis.

The purpose of this Privacy Notice is furthermore to ensure that natural persons affected by the data processing activities (the Data Subjects) are informed, prior to the commencement of such processing, about the purpose and method of the data processing through this Notice, and are able to understand and recognize the impact of the given data processing activity on their right to informational self-determination and privacy, and, where necessary, make an informed decision regarding their consent to such data processing.

Below, the Data Controller sets out its data processing principles and presents the statutory and other requirements that it has established for itself and complies with in its capacity as a data controller. Its data processing principles are in accordance with the applicable data protection legislation, including, but not limited to, the following:

Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (“Data Protection Act”);

Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”);

Act V of 2013 on the Civil Code (“Civil Code”);

Act C of 2000 on Accounting (“Accounting Act”);

Act CLV of 1997 on Consumer Protection (“Consumer Protection Act”).

2. KEY TERMS RELATING TO DATA PROCESSING

Personal Data: any information relating to a (identified or identifiable) natural person. This includes any conclusion that can be drawn from the data concerning the data subject. Personal data retains this quality during data processing as long as its connection with the data subject can be restored. A person shall be regarded as identifiable, in particular, if they can be identified directly or indirectly on the basis of a name, identification number, or one or more factors specific to their physical, physiological, mental, economic, cultural or social identity.

Data Subject: the natural person or the representative or contact person of a legal entity or other organization without legal personality who enters into a contract with the Data Controller or provides their Personal Data for the purpose of performing a contract concluded with the Data Controller, and supplies the Personal Data listed in this Notice in person, by telephone or electronically. Furthermore, this term includes all natural persons or representatives/contact persons of legal entities or organizations without legal personality who use the services of the Data Controller in connection with which data processing takes place, as well as all persons whose personal data are processed in connection with the activities of the Data Controller.

Consent: the expression of the will of the natural person concerned, which in all cases must be given voluntarily, specifically and on the basis of appropriate information. The purpose of consent is for the Data Subject to give their clear and unambiguous agreement to the processing of their Personal Data.

Data Controller: PIPETTA SZERVÍZ Kft., which determines the purposes of the processing of data and makes and implements decisions relating to data processing, or has such decisions implemented by a data processor engaged by it.

Data Processing: the set of operations performed in relation to Personal Data. This includes any operation or set of operations performed on Personal Data, irrespective of the procedure applied, such as the collection, recording, registration, organization, storage, alteration, use, transmission, disclosure, alignment or combination, restriction, deletion and destruction of such data, as well as the prevention of their further use.

Data Processor: a natural or legal person, public authority, agency or any other body that processes Personal Data on behalf of the Data Controller.

Data Processing: the performance of technical tasks related to data processing, regardless of the method and means used for carrying out such operations and regardless of the place of application.

Data Transfer: making data accessible to a specified third party.

Personal Data Breach: unlawful handling or processing of Personal Data, including in particular unauthorized access, alteration, transfer, disclosure, deletion or destruction, as well as accidental destruction or damage.

Disclosure: making data accessible to anyone.

Objection: a declaration by the Data Subject objecting to the processing of their Personal Data and requesting the termination of the data processing and/or the deletion of the processed data.

Data Deletion: rendering data unrecognizable in such a way that their restoration is no longer possible.

Notice: this Privacy Notice of PIPETTA SZERVÍZ Kft. acting as the Data Controller.

Employee/Staff Member: employees of the Company and natural or legal persons engaged by the Company under any other employment-related or contractual relationship for the performance of work or services.

Profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Website: https://hairteszt.masterchief.hu/

3. PRINCIPLES AND METHOD OF DATA PROCESSING

PIPETTA SZERVÍZ Kft. carries out data processing in accordance with the principles of good faith, fairness and transparency, while cooperating with the Data Subjects. It processes only such data as are prescribed by law or provided by the Data Subjects, and solely for the purposes specified below.

The scope of the Personal Data processed shall be proportionate to the purpose of the data processing and shall not exceed what is necessary for such purpose.

The provision of data is voluntary, except where mandatory by law or by a competent authority or court. The Data Controller does not verify the Personal Data provided to it. Sole responsibility for the accuracy and adequacy of the provided data lies with the person supplying such data.

In all cases where the Data Controller intends to use the Personal Data for a purpose other than that for which the data were originally collected, the Data Subject shall be informed accordingly and, where necessary, the Data Controller shall obtain the Data Subject’s prior express consent or provide the Data Subject with the opportunity to prohibit such use.

Except for the Data Processors specified in this Notice and in certain cases referred to herein, the Data Controller shall not transfer the Personal Data processed by it to third parties.

In certain cases – such as official requests from courts or police authorities, legal proceedings, infringement of copyright, property rights or other rights, or reasonable suspicion thereof, as well as in cases involving harm to the interests of the Data Controller, or threats to the operation of the Data Controller or the provision of its services – the Data Controller may make the available Personal Data of the Data Subject accessible to third parties.

The Data Controller shall notify the Data Subject, as well as all persons to whom the Personal Data were previously transferred for the purposes of data processing, of any rectification, restriction or deletion of Personal Data processed by the Data Controller. Such notification may be omitted where this does not prejudice the legitimate interests of the Data Subject in light of the purpose of the data processing.

4. IDENTIFICATION OF THE DATA CONTROLLER AND DATA PROCESSORS

Name of the Data Controller: PIPETTA SZERVÍZ Limited Liability Company

Short name of the Data Controller: PIPETTA SZERVÍZ Kft.

Registered seat and mailing address: H-1115 Budapest, Csóka utca 7-13., Building A, Hungary

Company registration number: 01-09-401611

Tax number: 27873775-2-43

Managing Director: Albert Zsolt Győrfi

Data Protection Representative: Gábor Hegyi

Telephone number: +36-70-784-0104

Email address: info@pipettaszervizbp.hu

Website: www.pipettaszervizbp.hu

Data Processors:

In the course of carrying out its activities, providing its services, operating the underlying IT systems, performing contracts and settling accounts, the Data Controller may engage Data Processors (e.g. system operators, accountants).

The engagement of a Data Processor does not require the prior consent of the Data Subject; however, the Data Subject must be informed thereof. Accordingly, the following information is provided:

Hosting service:

For the maintenance and management of the Data Controller’s website and email accounts, the Data Controller engages a Data Processor that provides the necessary IT services (e.g. hosting services). Within the framework of this activity, and for the duration of the contract concluded with the Data Controller, the Data Processor processes the personal data provided through the Website. The operations performed by the Data Processor include the transmission of personal data submitted for quotation requests and contact purposes by email to the Data Controller’s email account, as well as the storage of such data on the server.

Company name: Websupport Magyarország Kft.

Registered seat and mailing address: H-1119 Budapest, Fehérvári út 97-99., Hungary

Company registration number: 01-09-381419

Tax number: 25138205-2-41

Represented by: Isak Peter Stigsson and Daniel Boldsen Gaye, Managing Directors

Email address: support@websupport.hu

Website: websupport.hu

Accounting Service Provider:

For the fulfilment of its tax and accounting obligations, the Data Controller engages an external service provider under an accounting services agreement. The service provider also processes the personal data of natural persons who are in a contractual or payment relationship with the Data Controller for the purpose of fulfilling the tax and accounting obligations incumbent upon the Data Controller.

Company name: K&K Tudatos Könyvelés Zrt.

Registered seat and mailing address: H-1147 Budapest, Kerékgyártó utca 47-49., Building B, 1st floor, Door 16, Hungary

Company registration number: 01-10-142520

Tax number: 32384202-2-42

Represented by: Balázs Kovács, CEO

Email address: info@tudatos-konyveles.hu

Website: https://tudatos-konyveles.hu/

5. SCOPE OF THE PROCESSED PERSONAL DATA

5.1. Pipette maintenance and calibration; technical inspection and analysis:

The main activities of the Data Controller are pipette maintenance and calibration, as well as technical inspection and analysis. In connection with individual service engagements, the processing of personal data may take place to the extent and for the duration provided for by the applicable legislation and relevant legal practice.

5.1.1. Processed data

The Data Controller processes only such Personal Data as are provided by the Data Subject for the purposes of the fulfilment and performance of orders and contracts relating to pipette maintenance and calibration, technical inspection and analysis activities, as well as for the enforcement of rights and/or claims arising from the performance of such activities, the provision of services or contractual relationships, invoicing, contractual representation and contact keeping, complaint handling, customer satisfaction measurement, and compliance with and enforcement of legal obligations arising from contracts and transactions, as follows:

The processed data are as follows:

Processing of the data of natural person customers, partners and suppliers in connection with the fulfilment of orders and contracts, and the enforcement of potential legal rights and claims: name of the natural person, identity card number, residential address/notification address, telephone number, email address, bank account number, and in the case of sole proprietors additionally the tax number, registration number, sole proprietor license number and website address; customer number (client number/order number). Such data processing shall also be deemed lawful where it is necessary, at the request of the Data Subject, to take steps prior to entering into an order or contract.

Processing of the data of natural person representatives and contact persons of legal entity customers, partners and suppliers in connection with the fulfilment of orders and contracts, and the enforcement of potential legal rights and claims: the name, position/job title/office, telephone number and email address of the representative or contact person of the legal entity, as well as the company name, registered office, business premises, website address, bank account number and customer number (client number/order number) of the company. Such data processing shall also be deemed lawful where it is necessary, at the request of the Data Subject, to take steps prior to entering into an order or contract.

The recipients of the personal data, or the categories of recipients, are: the Employees of the Data Controller performing customer service-related tasks, the Employees providing the Data Controller’s calibration, servicing and maintenance services, as well as the Data Processors of the Data Controller.

Prior to the commencement of the data processing, the Data Subject must be informed that the data processing is based on the legal basis of the fulfilment of an order or contract, and at the same time must be provided with the opportunity to become familiar with the Data Controller’s data processing principles. Such information may also be included in the quotation or contract, and the Privacy Notice is continuously available on the Data Controller’s Website.

Processing of completion notification data: the name, notification address, telephone number and email address of the Data Subject. The purpose of processing the personal data is the fulfilment of orders and, following performance, the sending of a completion notification regarding the activity or service to the partner’s contact person or representative. The recipients of the personal data, or the categories of recipients, are: the Employees of the Data Controller performing customer service-related tasks and the Employees providing the Data Controller’s calibration, servicing and maintenance services.

Processing of reminder notification data: the name, notification address, telephone number and email address of the Data Subject. The purpose of processing the personal data is to send notifications when recalibration, servicing or inspection becomes due. The recipients of the personal data, or the categories of recipients, are: the Employees of the Data Controller performing customer service-related tasks and the Employees providing the Data Controller’s calibration, servicing and maintenance services.

Processing of customer satisfaction survey data: the name, notification address, telephone number and email address of the Data Subject. The purpose of processing the personal data is to assess customer and partner satisfaction and to provide the possibility for feedback. The recipients of the personal data, or the categories of recipients, are: the Employees of the Data Controller performing customer service-related tasks.

Processing of complaint handling data: the name, notification address, telephone number and email address of the Data Subject. The purpose of processing the personal data is to provide feedback regarding the investigation and resolution of complaints. The recipients of the personal data, or the categories of recipients, are: the Employees of the Data Controller performing customer service-related tasks, as well as the Employees participating in the investigation and assessment of the complaint, depending on the subject matter of the complaint.

5.1.2. Legal basis of data processing

5.1.2.1. The Data Controller processes Personal Data in connection with the conclusion, performance and execution of contracts on the basis of Article 6(1)(b) of the GDPR – performance of a contract or taking steps at the request of the Data Subject prior to entering into a contract – and Article 6(1)(f) of the GDPR – legitimate interest. Pursuant to Article 6(1)(c) of the GDPR, for the purpose of complying with legal obligations, the Data Controller processes the data of Data Subjects required by applicable legislation for the fulfilment of tax and accounting obligations (invoicing, bookkeeping and taxation). In the absence of the provision of the required data, the Data Controller shall be entitled to refuse to enter into a contract with the Data Subject and/or to refuse performance of the contract.

The Data Controller processes the data of natural person contractual partners pursuant to Article 6(1)(b) of the GDPR, and uses such data exclusively in connection with the conclusion, performance and execution of contracts and for invoicing purposes, solely to the extent and for the duration necessary for the contractual purpose.

The Data Controller processes the data of the contact person and representative of legal entity contractual partners pursuant to Article 6(1)(f) of the GDPR, and uses such data exclusively in connection with contract conclusion, contract performance and execution, invoicing, representation and contact keeping, solely to the extent and for the duration necessary for the contractual purpose.

Data processing based on legitimate interest: The purpose of the data processing is to enable the Data Controller and the legal entity contractual partner to enforce their legitimate interests relating to representation and business communication. In the balancing of interests test carried out in this respect, it was established that the data processing is necessary for the enforcement of the genuine and lawful interests of the Data Controller and the contractual partner, as it ensures business-related communication and representation between the contracting parties. The legitimate interests of the Data Controller and the contractual partner relating to representation and contact keeping take precedence over the Data Subject’s right to dispose of their Personal Data, and the related data processing is necessary and proportionate. Accordingly, the Personal Data of the Data Subject may also be processed pursuant to Article 6(1)(f) of the GDPR without the Data Subject’s consent.

5.1.2.2. The Data Controller further processes Personal Data on the basis of Article 6(1)(f) of the GDPR – legitimate interest – for the purpose of the enforcement of rights and claims arising from contracts. In the absence of the provision of the required data, the Data Controller shall be entitled to refuse to enter into a contract with the Data Subject and/or to refuse performance of the contract.

The Data Controller uses Personal Data for the purpose of enforcing rights and claims in the legitimate interests of the Data Controller or a third party, and exclusively in connection with the contract and the related transactions, only to the extent and for the duration necessary.

Data processing based on legitimate interest: The purpose of the data processing is to enable the Data Controller and a third party to enforce their rights and claims arising from the contract to be concluded. In the balancing of interests test carried out in this respect, it was established that the data processing is necessary for the enforcement of the genuine and lawful interests of the Data Controller and the third party, as it ensures the possibility of enforcing rights and claims arising from the contract. The legitimate interests of the Data Controller and the third party relating to the enforcement of contractual rights and claims take precedence over the Data Subject’s right to dispose of their Personal Data, and the related data processing is necessary and proportionate. Accordingly, the Personal Data of the Data Subject may also be processed pursuant to Article 6(1)(f) of the GDPR without the Data Subject’s consent.

5.1.3. Purpose of Data Processing

As detailed in Section 5.1.1., the purpose of the data processing is the performance of pipette maintenance and calibration, technical inspection and analysis activities, including the preparation and conclusion of the related contract, the performance and execution of the contract, contractual representation and contact keeping, compliance with and enforcement of legal obligations arising from the contract, the investigation of complaints arising following the fulfilment of orders, the sending of completion notifications and reminder notifications, the measurement of customer satisfaction, invoicing, compliance with legal obligations, and the enforcement of rights and/or claims arising from the contract.

The Data Controller processes Personal Data solely for specified purposes, for the exercise of rights and the fulfilment of obligations. At every stage, the data processing complies with the purpose for which the data are processed. The collection and processing of data are carried out fairly and lawfully. The Data Controller strives to process only such Personal Data as are indispensable for achieving the purpose of the data processing and suitable for attaining that purpose. Personal Data may only be processed to the extent and for the duration necessary for the fulfilment of the purpose.

5.1.4. Source of Data Processing

The Data Controller processes the Personal Data provided by the Data Subjects and contractual partners within the framework of the contract and does not collect data from any other source.

5.1.5. Duration of Data Processing

The duration of the data processing shall extend from the conclusion of the contract until the expiry of the limitation period for claims arising from the contract following its termination, unless otherwise provided by law or professional regulations. In the case of accounting documents, the Data Controller shall retain such documents for 8 years pursuant to Section 169(2) of Act C of 2000 on Accounting.

5.2. Partner Agreements:

In connection with the preparation, conclusion, performance, amendment and termination of contracts concluded with other contractual partners not falling within the scope of Section 5.1., invoicing, and the enforcement of rights and claims arising from such contracts, the Data Controller processes the Personal Data of natural person contractual partners and the Personal Data of the natural person contact persons and representatives of legal entity contractual partners.

5.2.1. Processed Data

In the case of a natural person contractual partner: name of the natural person, mother’s maiden name, identity card number, residential address/notification address, telephone number, email address, bank account number, and, in the case of sole proprietors, additionally the tax number, registration number, sole proprietor license number and website address.

Processing of the data of natural person representatives and contact persons of legal entity partners and suppliers: the name, position/job title/office, telephone number and email address of the representative or contact person of the legal entity, as well as the registered office, business premises, website address and bank account number of the company.

5.2.2. Legal Basis of Data Processing

5.2.2.1. The Data Controller processes Personal Data in connection with the conclusion, performance and execution of contracts on the basis of Article 6(1)(b) of the GDPR – performance of a contract or taking steps at the request of the Data Subject prior to entering into a contract – and Article 6(1)(f) of the GDPR – legitimate interest. Pursuant to Article 6(1)(c) of the GDPR, for the purpose of complying with legal obligations, the Data Controller processes the data of Data Subjects required by applicable legislation for the fulfilment of tax and accounting obligations (invoicing, bookkeeping and taxation). In the absence of the provision of the required data, the Data Controller shall be entitled to refuse to enter into a contract with the Data Subject and/or to refuse performance of the contract.

The Data Controller processes the data of the natural person partner pursuant to Article 6(1)(b) of the GDPR, and uses such data exclusively in connection with the conclusion, performance and execution of contracts and for invoicing purposes, solely to the extent and for the duration necessary for the contractual purpose.

The Data Controller processes the data of the contact person and representative of the legal entity contractual partner pursuant to Article 6(1)(f) of the GDPR, and uses such data exclusively in connection with contract conclusion, contract performance and execution, invoicing, representation and contact keeping, solely to the extent and for the duration necessary for the contractual purpose.

Data processing based on legitimate interest: The purpose of the data processing is to enable the Data Controller and the legal entity contractual partner to enforce their legitimate interests relating to representation and business communication. In the balancing of interests test carried out in this respect, it was established that the data processing is necessary for the enforcement of the genuine and lawful interests of the Data Controller and the contractual partner, as it ensures business-related communication and representation between the contracting parties. The legitimate interests of the Data Controller and the contractual partner relating to representation and contact keeping take precedence over the Data Subject’s right to dispose of their Personal Data, and the related data processing is necessary and proportionate. Accordingly, the Personal Data of the Data Subject may also be processed pursuant to Article 6(1)(f) of the GDPR without the Data Subject’s consent.

5.2.2.2. The Data Controller further processes Personal Data on the basis of Article 6(1)(f) of the GDPR – legitimate interest – for the purpose of enforcing rights and claims arising from contracts. In the absence of the provision of the required data, the Data Controller shall be entitled to refuse to enter into a contract with the Data Subject and/or to refuse performance of the contract.

The Data Controller uses Personal Data for the purpose of enforcing rights and claims in the legitimate interests of the Data Controller or a third party, and exclusively in connection with the contract, only to the extent and for the duration necessary.

Data processing based on legitimate interest: The purpose of the data processing is to enable the Data Controller and a third party to enforce their rights and claims arising from the contract to be concluded. In the balancing of interests test carried out in this respect, it was established that the data processing is necessary for the enforcement of the genuine and lawful interests of the Data Controller and the third party, as it ensures the possibility of enforcing rights and claims arising from the contract. The legitimate interests of the Data Controller and the third party relating to the enforcement of contractual rights and claims take precedence over the Data Subject’s right to dispose of their Personal Data, and the related data processing is necessary and proportionate. Accordingly, the Personal Data of the Data Subject may also be processed pursuant to Article 6(1)(f) of the GDPR without the Data Subject’s consent.

5.2.3. Purpose of Data Processing

The purpose of the data processing is the conclusion, performance and execution of contracts, invoicing, contractual representation and contact keeping, compliance with legal obligations, and the enforcement of any rights and claims arising from the contract.

5.2.4. Source of Data Processing

The Data Controller processes the Personal Data provided by the Data Subjects and contractual partners within the framework of the contract and does not collect data from any other source.

5.2.5. Duration of Data Processing

5.3. Informational Messages and Enquiries

5.3.1. During its data processing activities, the Data Controller pays particular attention to the lawful use of the email addresses processed by it and therefore uses such email addresses exclusively for the following purposes: sending informational messages to customers and partners, enquiries, contact keeping, completion notifications, reply messages and customer satisfaction surveys. The Data Controller does not send marketing communications, newsletters or other direct business acquisition communications.

5.3.2. The processing of email addresses primarily serves the identification of the Data Subject, the provision of services and the maintenance of contact; accordingly, emails are sent primarily for these purposes.

5.3.3. The Data Controller sends enquiries, information and reply emails to the email addresses provided to it only with the prior express consent of the Data Subject pursuant to Article 6(1)(a) of the GDPR, or, in the case of the fulfilment of an order or contract, pursuant to Article 6(1)(b) of the GDPR – performance of a contract or taking steps at the request of the Data Subject prior to entering into a contract – in accordance with the applicable legal requirements and procedures. Such communications do NOT contain direct marketing elements and do NOT include advertisements. During the sending of enquiries and information, the Data Controller processes the data provided by the Data Subject. Where the Data Controller does not process the data in connection with the fulfilment of an order or contract, consent may be given in connection with the data processing activities described in this Notice or during the use of other services provided by the Data Controller.

5.3.4. In the case of enquiries and informational communications, the Data Controller shall process the data provided by the Data Subject in connection with their consent for as long as required by the provisions of the Data Protection Act and the GDPR, or until the Data Subject requests in writing the removal of their email address using the contact details specified in Section 4 of this Notice.

5.4. Data Processing Carried Out on the Website

In connection with the activities performed and services provided by the Data Controller, the following Website is operated by the Data Controller: https://hairteszt.masterchief.hu//. The Data Controller uses cookies on the Website, and the IP address of the Data Subject may also be recorded in connection with the use of the Website.

5.4.1. Processed Data:

Data processing carried out during contact requests: the name, telephone number, email address and organization name of the Data Subject. The purpose of the processing of the personal data is to enable preliminary enquiries, requests for information or contact prior to the conclusion of contracts or placement of orders relating to the services and activities of the Data Controller. The recipients of the personal data, or the categories of recipients, are: the Employees of the Data Controller performing customer service related tasks.

Data processing carried out during quotation requests: the name, residential address/notification address, registered office, telephone number, email address and tax number of the Data Subject. The purpose of the processing of the personal data is to provide quick and personalized quotations for the calibration and servicing of pipettes and liquid handling devices.

In accordance with general internet practice, the Data Controller also uses cookies on its Website. A cookie is a small file containing a series of characters that is placed on the visitor’s computer when visiting a website. When the visitor returns to the same website, the cookie enables the website to recognize the visitor’s browser. Cookies may store user preferences (e.g. selected language) and other information. Among other things, they collect information about the visitor and the device used, remember the visitor’s individual settings and may, for example, be used during online shopping cart functions. In general, cookies facilitate the use of the Website, help provide users with a genuine web browsing experience and serve as an effective source of information. Furthermore, they enable the Website operator to monitor the operation of the Website, prevent abuse and ensure the uninterrupted and appropriate provision of services available on the Website. The recipients of the personal data, or the categories of recipients, are: the Employees/Staff members of the Data Controller performing tasks related to the operation of the Website and the Data Controller’s Data Processor.

During the use of the Website, the following data relating to the visitor and the device used for browsing may be recorded and processed:

the IP address used by the visitor,
the type of browser,
the characteristics of the operating system of the device used for browsing (including the selected language),
the date and time of the visit,
the visited (sub)page, function or service.

Acceptance and authorization of the use of cookies is not mandatory. You may reset your browser settings to reject all cookies or to indicate when a cookie is being sent. Although most browsers automatically accept cookies by default, these settings can generally be modified in order to prevent automatic acceptance and to offer the user the possibility to choose on each occasion.

Information regarding cookie settings in the most popular browsers is available at the following links:

Google Chrome:

https://support.google.com/accounts/answer/61416?hl=hu

Firefox: https://support.mozilla.org/hu/kb/sutik-engedelyezese-es-tiltasa-amit-weboldak-haszn

Microsoft Internet Explorer 11:

http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-11

Microsoft Internet Explorer 10:

http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-10-win-7

Microsoft Internet Explorer 9:

http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-9

Microsoft Internet Explorer 8:

http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-8

Microsoft Edge:

http://windows.microsoft.com/hu-hu/windows-10/edge-privacy-faq

Safari: https://support.apple.com/hu hu/HT201265

At the same time, please note that certain website functions or services may not operate properly without cookies. The cookies used on the Website are not, in themselves, suitable for identifying the user personally.

Cookies used on the Data Controller’s Website:

Technically Necessary Session Cookies: These cookies are necessary to enable visitors to browse the Website and to use its functions and services smoothly and fully, including, among other things, remembering actions performed by the visitor on the given pages during a visit. The duration of the data processing relating to these cookies applies exclusively to the visitor’s current visit; at the end of the session or upon closing the browser, these types of cookies are automatically deleted from the visitor’s computer. Scope of processed data: AVChatUserId, JSESSIONID, portal_referer. Purpose of data processing: ensuring the proper operation of the Website.

Performance Cookies: Google Analytics cookies: These cookies are related to the performance and development of websites and to improving user experience, and enable the Data Controller to collect information regarding how users use the Website. The Data Controller does not use performance cookies.

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

Google AdWords cookies: https://support.google.com/adwords/answer/2407785?hl=hu

Cookies Requiring Consent: These cookies enable the Data Controller to remember the user’s choices relating to the Website. The visitor may prohibit such data processing at any time prior to and during the use of the service. Such data may not be linked to the identifying data of the user and may not be transferred to third parties without the user’s consent. The Data Controller does not use cookies requiring consent.

Functional Cookies: The legal basis for the data processing is the visitor’s consent. Purpose of the data processing: increasing the efficiency of the service, enhancing user experience and making the use of the Website more convenient. Duration of the data processing: 6 months. The Data Controller does not use functional cookies.

5.4.2. Legal Basis of Data Processing

The Data Controller processes the Personal Data provided by the Data Subject on the basis of the Data Subject’s prior express consent in accordance with Article 6(1)(a) of the GDPR. In addition, the Data Controller processes Personal Data pursuant to: Article 6(1)(b) of the GDPR – performance of a contract or taking steps at the request of the Data Subject prior to entering into a contract; Article 6(1)(c) of the GDPR – processing is necessary for compliance with a legal obligation to which the Data Controller is subject; and in the case of representatives and contact persons of legal entities, Article 6(1)(f) of the GDPR – legitimate interest.

5.4.3. Purpose of Data Processing

As detailed in Section 5.4.1., the purpose of the data processing is to enable Data Subjects to contact the Data Controller and request quotations in connection with the activities and services provided by the Data Controller.

Furthermore, in order to ensure the operation of the Website, certain cookies used on the Data Controller’s Website – provided that the Data Subject has enabled them through the cookie settings – record the IP address of the device from which the Data Subject visited the Website.

The Data Controller uses cookies for the following purposes:

development of the Website;
facilitating navigation and use on the Website and the use of its functions, thereby ensuring a seamless user experience.

5.4.4. Source of Data Processing

The Data Controller processes the Personal Data provided by the Data Subjects and does not collect data from any other source.

5.4.5. Duration of Data Processing

The Data Controller processes Personal Data on the Website until the withdrawal of consent. In the event of the conclusion of a contract, the duration of the data processing shall extend from the conclusion of the contract until the expiry of the limitation period for claims arising from the contract following its termination, unless otherwise provided by law or professional regulations. In the case of accounting documents, the Data Controller shall retain such documents for 8 years pursuant to Section 169(2) of Act C of 2000 on Accounting.

5.5. Profiling and Processing of Special Categories of Data

PIPETTA SZERVÍZ Kft. does not carry out profiling in connection with its activities and services, does not process special categories of personal data, and does not transfer data to third countries.

6. INFORMATION RELATING TO THE DATA PROTECTION OFFICER

6.1. During the data processing activities described in this Notice, and in accordance with Articles 9 and 37 of the GDPR, the Data Controller does not appoint a Data Protection Officer. However, in order to ensure data security and the transparency and lawfulness of data processing, the Data Controller appoints an internal data protection representative.

6.2. The details of the Data Controller’s internal data protection representative are as follows:

Name: Gábor Hegyi

Postal address: H-1115 Budapest, Csóka utca 7-13., Building A, Hungary

Email address: info@pipettaszervizbp.hu

Telephone number: +36-70-784-0104

6.3. Through the internal data protection officer, the Data Controller maintains records for the purpose of monitoring measures related to Personal Data Breach and informing the Data Subjects. Such records contain the scope of the Personal Data affected, the scope and number of Data Subjects affected by the Personal Data Breach, the date, circumstances and effects of the Personal Data Breach, the measures taken to remedy it, as well as any other data prescribed by the legislation governing the data processing. The Data Controller prepares minutes of personal data breach in accordance with the applicable legal requirements and informs the affected Data Subjects accordingly.

7. DATA SECURITY

7.1. The Data Controller ensures the security of the data and takes the technical and organizational measures, and establishes the procedural rules, necessary for the enforcement of the applicable legislation and data and confidentiality protection rules. The Data Controller protects the data by appropriate measures against unauthorized access, alteration, transfer, disclosure, deletion or destruction, as well as against accidental destruction or damage and against becoming inaccessible due to changes in the applied technology.

7.2. The Data Controller maintains the data processed by it in accordance with the applicable legislation, ensuring that such data may only be accessed by those Employees, agents and other persons acting within the scope of the Data Controller’s interests (Data Processors) who require access thereto for the performance of their duties. The Employees/Member Staff of the Data Controller shall carry out individual searches and individual operations on the data only at the request of the Data Subject or where this is necessary for the provision of the service or the performance of the activities of the Data Controller.

7.3. When determining and applying measures serving data security, the Data Controller takes into account the current state of technological development at all times. From among several possible data processing solutions, the Data Controller chooses the solution that ensures a higher level of protection for Personal Data, unless this would involve disproportionate difficulty.

7.4. Within the scope of its IT security-related tasks, the Data Controller shall ensure, in particular:

measures ensuring protection against unauthorized access, including the protection of software and hardware devices and physical security (access protection, network protection);

measures ensuring the possibility of restoring data files, including regular backups and the separate and secure management of backup copies (mirroring, backup);

protection of data files against viruses (virus protection);

physical protection of data files and the devices carrying such data, including protection against fire damage, water damage, lightning strikes and other natural hazards, as well as the recoverability of damage resulting from such events (archiving, fire protection).

7.5. Employees/Staff members and other persons acting on behalf of the Data Controller shall be obliged to securely store and protect any data carriers used or possessed by them that contain Personal Data, irrespective of the method of recording the data, against unauthorized access, alteration, transfer, Disclosure, deletion or destruction, as well as against accidental destruction and damage.

7.6. The Data Controller operates electronic records through an IT system that complies with data security requirements. The system ensures that access to the data is granted only for specified purposes, under controlled conditions, and exclusively to persons who require such access for the performance of their duties.

8. PERSONS ENTITLED TO ACCESS THE DATA, DATA TRANSFER

8.1. The data may primarily be accessed by the Data Controller, as well as by the Employees/Staff members and personal contributors of the Data Controller who are duly authorized to do so.

8.2. The Data Controller shall transfer Personal Data to third parties only if the Data Subject has clearly consented thereto – with knowledge of the scope of the transferred data and the recipient of the data transfer – or where the data transfer is authorized by law.

The Data Controller maintains separate records of transferred data, indicating the type of data transferred, the recipient and the legal basis of the transfer. The Company does not transfer data ot third countries.

The Data Controller shall be entitled and obliged to transfer to the competent authorities any Personal Data lawfully stored by it and available to it where such transfer is required by law or by a final and binding authority decision. The Data Controller shall not be held liable for such data transfers or for any consequences arising therefrom.

The Data Controller documents all data transfers and maintains records thereof.

9. DURATION OF DATA PROCESSING

9.1. The Data Controller shall delete Personal Data if:

a) the processing thereof is unlawful;

If it becomes apparent that the data are being processed unlawfully, the Data Controller shall carry out the deletion without delay.

b) the Data Subject objects to the data processing and there are no overriding legitimate grounds for the processing;

c) the Data Subject requests deletion (except in the case of data processing required by law);

Personal Data processed on the basis of the Data Subject’s voluntary consent may be deleted upon the request of the Data Subject. In such cases, the Data Controller shall delete the data. Deletion may only be refused where the processing of the data is authorized by law. In the event of refusal of a deletion request, the Data Controller shall in all cases provide information regarding the reasons for the refusal and the legal provision permitting the data processing.

d) the data are incomplete or inaccurate and this condition cannot lawfully be remedied, provided that deletion is not excluded by law;

e) the purpose of the data processing has ceased to exist, or the statutory retention period for the storage of the data has expired;

f) it has been ordered by a court or by the National Authority for Data Protection and Freedom of Information.

Where a court or the National Authority for Data Protection and Freedom of Information has issued a final and binding order for the deletion of the data, the Data Controller shall carry out such deletion.

Deletion may be refused (i) for the purpose of exercising the right to freedom of expression and information or (ii) where the processing of Personal Data is authorized by law as well as (iii) for the establishment, exercise or defence of legal claims.

In the event of refusal of a deletion request, the Data Controller shall inform the Data Subject within 1 month in all cases, specifying the reason for the refusal. Following the fulfilment of a request for the deletion of Personal Data, the previous (deleted) data can no longer be restored.

Enquiries and email messages sent by the Data Controller may be unsubscribed from by sending a letter to the contact details specified in Section 4 of this Notice. In the event of unsubscription, the Data Controller shall delete the Personal Data of the Data Subject from the enquiry database.

In the absence of a request from the Data Subject, the Data Controller shall process Personal Data for the periods specified in Section 5 or for as long as required by law.

All other data shall be deleted by the Data Controller if it is evident that the data will no longer be used in the future, i.e. where the purpose of the data processing has ceased to exist.

9.2. In the case of data processing prescribed by law, the deletion of data shall be governed by the relevant statutory provisions.

9.3. In the event of deletion, the Data Controller shall render the data incapable of identifying the individual concerned. Where required by law, the Data Controller shall destroy the data carrier containing the Personal Data.

10. RIGHTS OF THE DATA SUBJECTS AND LEGAL REMEDIES

10.1. Right to Information and Access to Personal Data

10.1.1. The Data Subject shall be entitled to request information in writing, using the contact details of PIPETTA SZERVÍZ Kft. specified in Section 4, regarding the data processed by the Data Controller and the data processed by the Data Processor, in relation to the following:

the identity and contact details of the Data Controller and, where applicable, the representative of the Data Controller;

information regarding data processing operations, the identity and contact details of the Data Processors and, where applicable, the representative of the Data Processor;

whether the processing of the Data Subject’s Personal Data is in progress; and if so:

the purposes and legal basis of the data processing;

in the case of processing based on Article 6(1)(f) of the GDPR, the legitimate interests pursued by the Data Controller or by a third party;

in the case of processing based on Article 6(1)(a) or Article 9(2)(a) of the GDPR, the right to withdraw consent at any time, without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal;

whether the provision of Personal Data is based on a legal or contractual requirement, or is a prerequisite for entering into a contract, and whether the Data Subject is obliged to provide the Personal Data, as well as the possible consequences of failure to provide such data;

the categories of Personal Data concerned;

the existence of automated decision-making, including profiling, where applicable;

the contact details of the data protection representative;

the recipients or categories of recipients to whom the Personal Data have been or will be disclosed;

the planned duration of the processing and storage of the Personal Data or, where this is not possible, the criteria used to determine such duration;

the right of the Data Subject to request from the Data Controller the rectification, erasure or restriction of processing of Personal Data concerning them, and to object to the processing of such Personal Data;

the right to file a complaint with a supervisory authority;

where the data have not been collected from the Data Subject, any available information regarding their source.

10.1.2. PIPETTA SZERVÍZ Kft. shall respond to the request of the Data Subject within a maximum period of 1 month by letter or email sent to the contact details provided by the Data Subject. PIPETTA SZERVÍZ Kft. may refuse to provide the requested information only in cases prescribed by law. In such cases, PIPETTA SZERVÍZ Kft. shall inform the Data Subject in writing of the statutory provision serving as the basis for the refusal of the information request and shall also inform the Data Subject of the available legal remedies against such decision. If the Data Subject does not agree with the information provided by PIPETTA SZERVÍZ Kft., they may choose from the remedies specified in Section 11 in order to enforce their rights.

10.1.3. PIPETTA SZERVÍZ Kft. shall provide the Data Subject with a copy of the Personal Data undergoing processing. For any additional copies requested by the Data Subject, the Data Controller may charge a reasonable fee based on administrative costs.

10.2. Right to Rectification, Right to Erase and Restriction of Processing of Personal Data

10.2.1. Right to Rectification: If the Personal Data are inaccurate, the Data Subject shall be entitled to request in writing, using the contact details specified in Section 4 of this Notice, the rectification of the Personal Data, provided that at the same time the Data Subject supplies PIPETTA SZERVÍZ Kft. with the accurate Personal Data. PIPETTA SZERVÍZ Kft. shall comply with the request within a maximum period of 1 month and shall inform the Data Subject thereof in writing. If the Data Subject does not agree with the decision of PIPETTA SZERVÍZ Kft., they may choose from the remedies specified in Section 11 in order to enforce their rights.

10.2.2. Right to Erase: The Data Subject shall be entitled to request in writing the erasure of their Personal Data using the contact details specified in Section 4. PIPETTA SZERVÍZ Kft. may refuse the deletion of data only in cases prescribed by law. In such cases, PIPETTA SZERVÍZ Kft. shall inform the Data Subject in writing of the statutory provision serving as the basis for the refusal of deletion and shall also inform the Data Subject of the available legal remedies against such decision. The Data Controller shall delete Personal Data in the cases specified in Section 9.1. and shall notify the Data Subject within 1 month of either the deletion or the refusal of deletion. If the Data Subject does not agree with the decision of PIPETTA SZERVÍZ Kft., they may choose from the remedies specified in Section 11 in order to enforce their rights.

10.2.3. Right to Restriction: The Data Subject shall have the right to obtain from PIPETTA SZERVÍZ Kft. restriction of processing where one of the following applies:

the Data Subject contests the accuracy of the Personal Data, in which case the restriction shall apply for a period enabling PIPETTA SZERVÍZ Kft. to verify the accuracy of the Personal Data;

the processing is unlawful and the Data Subject opposes the erasure of the data and requests the restriction of their use instead;

PIPETTA SZERVÍZ Kft. no longer needs the Personal Data for the purposes of the processing, but the Data Subject requires them for the establishment, exercise or defence of legal claims; or

the Data Subject has objected to the processing; in such case, the restriction shall apply for the period until it is determined whether the legitimate grounds of PIPETTA SZERVÍZ Kft. override those of the Data Subject.

Instead of deletion, the Data Controller shall – while informing the Data Subject – restrict the use of the Personal Data if the Data Subject so requests in writing using the contact details specified in Section 4, or if, based on the information available, it may be presumed that deletion would infringe the legitimate interests of the Data Subject. Personal Data restricted in this manner may only be processed for as long as the purpose of the data processing that excluded the deletion of the Personal Data continues to exist. The Data Controller shall mark the Personal Data processed by it if the Data Subject disputes the correctness or accuracy thereof, but the inaccuracy or incorrectness of the disputed Personal Data cannot be clearly established.

The Data Controller shall notify the Data Subject of the restriction of Personal Data within 1 month. The Data Controller shall inform the Data Subject in advance of the lifting of the restriction. If the Data Subject does not agree with the decision of PIPETTA SZERVÍZ Kft., they may choose from the remedies specified in Section 11 in order to enforce their rights.

10.4. Right to Data Portability:

The Data Subject shall have the right to receive the Personal Data concerning them, which they have provided to the Data Controller, in a structured, commonly used and machine-readable format, and shall also have the right to transmit those data to another data controller without hindrance from the data controller to which the Personal Data were provided, if the Data Subject so requests in writing using the contact details specified in Section 4, provided that:

the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR, or on a contract pursuant to Article 6(1)(b) of the GDPR; and

the processing is carried out by automated means.

In exercising the right to data portability, the Data Subject shall have the right to request the direct transmission of the Personal Data from one data controller to another, where technically feasible.

10.5. Right to Object:

10.5.1. The Data Subject may object in writing at any time, using the contact details specified in Section 4, to the processing of their data in connection with enquiries, informational communications or messages. The Data Controller does not send marketing messages or newsletters for direct business acquisition purposes.

10.5.2. Furthermore, the Data Subject may object in writing, using the above contact details, to the processing of their data where the processing of Personal Data is necessary exclusively for the enforcement of the legitimate interests of PIPETTA SZERVÍZ Kft. or is otherwise permitted by law, except in cases of mandatory data processing.

10.5.3. PIPETTA SZERVÍZ Kft. shall examine the request of the Data Subject as soon as possible, but no later than within 15 days from receipt thereof, and shall inform the Data Subject of its decision in writing. If the Data Subject does not agree with the decision of PIPETTA SZERVÍZ Kft., they may choose from the remedies specified in Section 11 in order to enforce their rights.

11. LEGAL REMEDIES

11.1. Complaint

11.1.1. If, in the opinion of the Data Subject, the processing of their Personal Data by PIPETTA SZERVÍZ Kft. has caused an infringement of their rights or there is a direct risk thereof, the Data Subject may, at any time, submit a written complaint to PIPETTA SZERVÍZ Kft. using the contact details specified in Section 4, in order to avoid the initiation of legal proceedings.

11.1.2. PIPETTA SZERVÍZ Kft. shall assess the complaint of the Data Subject as soon as possible, but no later than within 15 days, and shall inform the Data Subject in writing of its decision and opinion. If the complaint is rejected, if PIPETTA SZERVÍZ Kft. fails to respond within the deadline specified in this section, or if the Data Subject does not agree with the contents thereof, the Data Subject shall be entitled to enforce their claim through any of the legal remedies set out in Sections 11.2 and 11.3. Please note that submitting a complaint to the Data Controller is not a prerequisite for initiating the procedures set out below.

11.2. Initiation of Proceedings Before the Data Protection Authority

If the Data Subject considers that the processing of their Personal Data by PIPETTA SZERVÍZ Kft. has infringed their rights or there is a direct risk thereof, the Data Subject shall be entitled to initiate proceedings before the Hungarian National Authority for Data Protection and Freedom of Information (hereinafter: the “Authority”).

Contact details of the Authority:

Postal address: H-1363 Budapest, P.O. Box 9, Hungary

Address: H-1055 Budapest, Falk Miksa utca 9-11., Hungary

Telephone: +36 (30) 683-5969; +36 (1) 391-1400

Email: ugyfelszolgalat@naih.hu

Website: http://naih.hu

11.3. Judicial Enforcement

The Data Subject may bring legal proceedings against the Data Controller or – in connection with data processing operations falling within the scope of activities of the Data Processor – against the Data Processor, if, in the opinion of the Data Subject, the Data Controller or the Data Processor engaged by or acting on behalf of the Data Controller processes their Personal Data in violation of the provisions governing the processing of Personal Data laid down by national law or by a binding legal act of the European Union. Jurisdiction for such proceedings lies with the Budapest-Capital Regional Court according to the seat of the Data Controller. However, where permitted by law, the proceedings may also be initiated, at the choice of the person initiating the proceedings, before the competent court having jurisdiction over their place of residence or habitual residence. The competent court based on the place of residence or habitual residence may be found at the following website: http://birosag.hu/ugyfelkapcsolati-portal/birosag-kereso

12. MISCELLANEOUS PROVISIONS

12.1. The Data Controller reserves the right to amend this Notice at any time by unilateral decision.

PIPETTA SZERVÍZ Korlátolt Felelősségű Társaság

represented by

Albert Zsolt Győrfi

Managing Director

Independent accredited pipette calibration & repair services

Cookie tájékoztató