FŐNIX ELECTRIC Ltd., as data controller (hereinafter referred to as the "Data Controller") informs you that, pursuant to Legislative Decree 196/2003 ("Data Protection Act") and Regulation (EU) 679/2016 ("GDPR"), your personal data will be processed in the following manner and for the following purposes:

1. Subject of the data management

The Data Controller processes non-sensitive personal data (hereinafter "Data" or "Personal Data") (in particular, name, surname, company name, e-mail address, etc.) provided by you as a party providing products and services under a contract with the Data Controller (hereinafter "Website"), which you have provided when browsing the Controller's website www.fonixelectric.hu and/or when contacting the Data Controller.

2. Purposes of data management

We process your personal data for the following purposes:

A. without your prior consent, for contractual purposes, in order to:

- Management and maintenance of the Website;
- To process contact requests from you;
- prevent or detect fraudulent activities or harmful misuse of the Website;
- exercise the rights of the Data Controller, such as the right to a fair hearing;

B. with your prior consent, for direct marketing purposes, in order to:

inform you through periodic letters, telephone calls, emails, newsletters or initiatives and commercial offers from the Data Controller. In addition, if you are already our Customer, we may send you commercial e-mails to the e-mail address you have provided to us regarding services and products of the Data Controller that you have already used. In each email sent, you will have the opportunity to unsubscribe from further emails by clicking on the link provided.

3. Method of data management

Your data will be processed electronically through data collection, registration, organisation, storage, consultation, elaboration, modification, selection, data mining, comparison, use, interconnection, blocking, communication, erasure and destruction operations.

4. Data storage

The Data Controller shall process Personal Data for the time necessary to fulfil the purposes set out above, but for a period not exceeding 2 years after the collection of the data.

5. Access to the Data

Your Data may be accessed for the above purposes by:

employees and/or collaborating partners of the Data Controller and/or Group companies as the person responsible for data processing and/or as internal Data Processors and/or system administrators; third parties or other persons (e.g. IT service providers, service providers, credit institutions, professional firms, etc.) performing outsourcing activities on behalf of the Data Controller and processing the Data as internal Data Processors.

6. Disclosure of data

Your data may be disclosed on request, without your prior consent, to supervisory authorities, police or judicial authorities which, in their capacity as independent Data Controllers, process the data for institutional purposes and/or in the course of investigations and controls in accordance with the law. In addition, your Data may be disclosed to third parties (e.g. partners, contractors, agents, etc.) who will process them as independent Data Controllers in order to carry out activities necessary for the above purposes.

7. Transfers of data

Your data will not be transferred to countries outside the EU.

8. Nature of the data and consequences of refusal to respond

Provision of data is mandatory for contractual purposes: these Data are necessary for the purposes of the Data Controller's services and if you choose not to provide your Data, you will not be able to use the Data Controller's services. The provision of data for marketing purposes is voluntary, and if you choose not to provide your Data, this will not affect your access to the Controller's services. You may therefore choose not to provide your Data, in which case you will not receive our commercial communications.

9. Rights of data subjects

The Controller informs you that as a data subject you have the following rights:

To receive confirmation and intelligible information about the existence or absence of Personal Data concerning you, even if you have not yet registered; to receive information and, if necessary, a copy of:

a) the source and category of Personal Data;
b) the method used, if the processing is carried out by electronic means;
c) the purposes and means of the processing;
d) information identifying the Controller and the Data Processors;
e) the persons or categories of persons who may receive the Personal Data or who may have access to them, in particular where the recipient is a country outside the EU or an international organisation;
f) the duration of the storage of the Personal Data or, if this is not possible, the criteria for determining this duration;
g) the existence of automated decision-making processes and, where they exist, the method behind them and their relevance and consequences for the data subject;

The existence of appropriate safeguards in case of transfers of Personal Data to a country outside the EU or to an international organisation; to obtain without delay the updating, rectification or, if interested, integration of incomplete Data; to obtain the erasure, anonymisation or blocking of the following Data:

a) unlawfully processed data;
b) data no longer necessary for the purposes for which the data were collected or for which they are further processed;
c) if you withdraw your consent on which the processing was based, there is no other legal basis for the processing;
d) if he or she does not consent to the processing and there is no legal ground which overrides this;
e) in accordance with legal obligations;
f) data relating to children.

The Controller may refuse to erase Data where the processing is necessary for:

a) for the exercise of the right to freedom of expression and information;
b) in accordance with a legal obligation, for the performance of a task carried out in the public interest or in the exercise of official authority;
c) for reasons of public interest;
d) for scientific or historical research or statistical purposes in the public interest;
e) for the purpose of lodging a legal complaint;

To restrict processing if:

a) the accuracy of the Personal Data is questionable;
b) the processing is unlawful and the data subject opposes the erasure of the Personal Data;
c) where the Data is unlawful or the processing is objectionable; or
d) in the case of an ongoing review of whether the controller's legal bases override those of the data subject;

To receive Personal Data about you in a structured, commonly used, machine-readable format and to transmit it to another controller without hindrance from the controller to whom you have provided the Personal Data, if the processing is automated; to object, in whole or in part, to:

a) to process Personal Data relating to you on legitimate grounds, even if it is necessary for the purposes for which the Data was collected;
b) to process Personal Data relating to you for the purposes of sending advertising material, direct marketing, market research or commercial communications, without the intervention of the operator, through automated calling systems, e-mail and/or traditional marketing methods (telephone and/or paper mail), for the purposes of direct marketing, market research or commercial communications.

Where necessary, in the above cases, the Controller is obliged to communicate your exercise of rights to any third party to whom it has transferred the Personal Data, except in certain specific cases (e.g. where this proves impossible or would involve a disproportionate effort).