European Parliament and Council (EU) Regulation 2016/679 ofApril 27, 2016 on the protection of natural persons with regard to theprocessing of personal data and the free flow of such data, as well as therepeal of Regulation 95/46/EC (hereinafter: GDPR ) on the basis of Articles 13and 14, the Data Controller provides the following information to the datasubjects regarding the handling of personal data.

Name, adress, telephone number, email of data controller:
‍ASM Security Kft. 5000.Szolnok,  Hrsz: 21804, +36 56 510 740,  info@clever-light.
‍
Legislation on wich data management is based:
Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and on the repeal of Regulation 95/46/EC (General Data Protection Regulation) (hereinafter: GDPR, the effective text of the legislation is available via the following link:
https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&qid=1700000786124

Act CXII of 2011 on theright to information self-determination and freedom of information. law(hereinafter: Infotv., the effective text of the law is available via thefollowing link:
http://njt.hu/cgi_bin/njt_doc.cgi?docid=139257.338504
‍
According to the GDPR, "personal data":
Any information relating to an identified or identifiable natural person ("data subject"); a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person can be identified.

According to the GDPR,"data management":
‍Any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as collection, recording, recording, organizing, segmenting, storing, transforming or changing, querying, viewing, using, communicating, transmitting, distributing or otherwise making accessible by item, coordination or connection, restriction, deletion or destruction.
‍
DATA SECURITY MEASURES

‍ASM Security Ltd. as a Data Controller stores the personal data provided by the data subject at the Data Controller's headquarters.

The Data Controller uses appropriate information security measures toensure that the data subject's personal data is protected, among other things,against unauthorized access or unauthorized changes. Thus, for example, accessto personal data stored on servers is logged, on the basis of which it isalways possible to check who, when and what personal data was accessed.
The Data Controller takes appropriate organizational measures to ensure thatpersonal data cannot become accessible to an unspecified number of persons

Legal basis for data management
ASM Security Ltd., as a Data Controller,primarily processes personal data based on the consent of the data subject andthe contract concluded with the data subject in order to fulfill it, it handlesit due to the fulfillment of a legal obligation. Data management is the data subject or anothernatural person it may be due to the protection of your vital interests or theenforcement of the legitimate interests of ASM Security Kft.
‍
Purposeof data management
In the case of data management,the data management goals are determined individually, about which the DataSubjects we will inform you. ASM Security Ltd. as a DataController does not perform automated data management, does not apply automateddecision-making, does not perform profile creation.

Durationof data storage
ASM Security Ltd. as a DataController manages and stores personal data until the purpose of datamanagement is achieved, or a until the expiry of the statutory retentionperiod.    

Scope of processed personal data 
The scope of the personal data ofthe parties contacting ASM Security Ltd. as a Data Controller is covered by theindividual data management in accordance with the objectives, the Data Controllerdetermines and informs the data subject in accordance with the principle of data saving. 

Data transfer 
If the Data Controller transfersthe data to a third party based on a legal or contractual obligation, it willinform the data subject in advance of the data transfer. The Data Controller will onlytransfer personal data outside the European Union if the destination countrycan provide at least the same level of data protection as established by theEuropean Commission.

YOUR RIGHTS

Based on Article 15 of the GDPR, the datasubject may request access to his/her personal data as follows:
(1) The datasubject has the right to receive feedback from the Data Controller as towhether his personal data is being processed, and if such data processing is inprogress, he is entitled to receive access to the personal data and thefollowing information:a) the purposesof data management;b) categories ofpersonal data concerned;c) therecipients or categories of recipients to whom or to whom the personal data hasbeen or will be communicated, including in particular recipients in thirdcountries and international organizations;d) whereappropriate, the planned period of storage of personal data, or if this is notpossible, the criteria for determining this period;e) the right ofthe data subject to request from the Data Controller the correction, deletionor restriction of processing of personal data concerning him and to object tothe processing of such personal data;f) the right tosubmit a complaint addressed to a supervisory authority;g) if the datawere not collected from the data subject, all available information about theirsource;h) the fact ofautomated decision-making, including profiling, as well as, at least in thesecases, comprehensible information regarding the logic used and the significanceof such data management and the expected consequences for the data subject.(2) The DataController shall make a copy of the personal data subject to data managementavailable to the data subject. For additional copies requested by the datasubject, the Data Controller may charge a reasonable fee based onadministrative costs. If the data subject submitted the request electronically,the information must be provided in a widely used electronic format, unless thedata subject requests otherwise. The right to request a copy must not adverselyaffect the rights and freedoms of others.

Based on Article 16 of the GDPR, the data subject has the right to request the correction of the personal data concerning him from the Data Controller.
‍In the event of a relevant request from the data subject, the Data Controller is obliged to correct inaccurate personal data relating to him without undue delay. Taking into account the purpose of the data management, the data subject is entitled to request the completion of incomplete personal data, including by means of a supplementary statement.

‍Based on Article 17 of the GDPR, the data subject has the right to request from the Data Controller the deletion of his/her personal data as follows:
‍(1) The data subject has the right to ask the Data Controller to delete the personal data concerning him, and the Data Controller is obliged to delete the personal data concerning the data subject without undue delay if one of the following reasons exists:a) the personal data are no longer needed for the purpose for which they were collected or otherwise processed;b) the data subject withdraws the consent that forms the basis of the data management, and there is no other legal basis for the data management;c) the data subject objects to the processing of data in the public interest, in order to exercise a public authority or in the legitimate interest of the data controller (third party), and there is no overriding legitimate reason for data processing, or the data subject objects to data processing for the purpose of obtaining direct business;d) personal data were handled unlawfully;e) personal data must be deleted in order to fulfill the legal obligation prescribed by EU or member state law (Hungarian law) applicable to the Data Controller;f) the collection of personal data took place in connection with the offering of services related to the information society.(2) If the Data Controller has disclosed personal data and is required to delete it pursuant to paragraph (1), it shall take reasonable steps, including technical measures, taking into account the available technology and implementation costs, in order to inform the data controllers handling the data , that the data subject requested from them the deletion of the links to the personal data in question or the copy or duplicate of this personal data.(3) The Data Subject's right to erasure may be limited only if the following exceptions written in the GDPR exist, i.e. if the above reasons exist, the further retention of personal data can be considered lawful:a) if exercising the right to freedom of expression and information, orb) if compliance with a legal obligation, orc) if the execution of a task carried out in the public interest, ord) if due to the exercise of a public authority delegated to the data controller, ore) if it is of public interest in the field of public health,f) if for the purpose of archiving in the public interest, org) if for the purpose of scientific and historical research or for statistical purposes, orh) if it is necessary for the submission, enforcement or defense of legal claims.
‍
​Based on Article 18 of the GDPR, the data subject has the right to request from the Data Controller the restriction of the processing of his/her personal data as follows:
‍(1) The data subject has the right to request that the Data Controller restrict data processing if one of the following conditions is met:a) the data subject disputes the accuracy of the personal data, in which case the limitation applies to the period that allows the Data Controller to check the accuracy of the personal data;b) the data management is illegal and the data subject opposes the deletion of the data and instead requests the restriction of their use;c) the Data Controller no longer needs the personal data for the purpose of data management, but the data subject requires them to present, enforce or defend legal claims; obsessiond) the data subject objected to data processing in the public interest, in order to exercise a public authority or in the legitimate interests of the data controller (third party); in this case, the restriction applies to the period until it is determined whether the Data Controller's legitimate reasons take precedence over the data subject's legitimate reasons.(2) If data processing is subject to restrictions based on the above, such personal data, with the exception of storage, will only be processed with the consent of the data subject, or for the presentation, enforcement or defense of legal claims, or for the protection of the rights of other natural or legal persons, or the Union or a can be handled in the important public interest of a member state.(3) The Data Controller informs the data subject at whose request the data processing was restricted based on paragraph (1) in advance of the lifting of the data processing restriction
‍
.Based on Article 21 of the GDPR, the data subject has the right to object to the processing of personal data by the Data Controller as follows:
‍(1) The data subject has the right to object at any time to the processing of his personal data in the public interest, for the exercise of public authority or for the legitimate interests of the data controller (third party), including profiling based on this, for reasons related to his own situation. In this case, the Data Controller may no longer process the personal data, unless the Data Controller proves that the data processing is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the data subject, or that are necessary for the presentation, enforcement or defense of legal claims are connected.(2) If personal data is processed for the purpose of direct business acquisition, the data subject has the right to object at any time to the processing of his personal data for this purpose, including profiling, if it is related to direct business acquisition. If the data subject objects to the processing of personal data for the purpose of direct business acquisition, then the personal data may no longer be processed for this purpose.(3) The right to protest must be specifically brought to the attention of the data subject during the first contact at the latest, and the relevant information must be displayed clearly and separately from all other information.(4) In connection with the use of services related to the information society and deviating from Directive 2002/58/EC, the data subject may also exercise the right to object using automated means based on technical specifications.(5) If personal data is processed for scientific and historical research purposes or for statistical purposes, the data subject is entitled to object to the processing of personal data concerning him for reasons related to his own situation, unless the data processing is carried out for the purpose of carrying out a task in the public interest need.
‍
‍Based on Article 20 of the GDPR, the data subject is entitled to the portability of his/her personal data as follows:
‍(1) The data subject has the right to receive the personal data concerning him/her provided to a data controller in a segmented, widely used, machine-readable format, and is also entitled to transmit this data to another data controller without being hindered by the data controller to whom you made the personal data available, if:a) if the legal basis of the data management is the Data Subject's consent or the fulfillment of the contract concluded with the Data Subjectb) and data management is done in an automated manner.(2) When exercising the right to data portability, the data subject is entitled to - if this is technically possible - request the direct transmission of personal data between data controllers.(3) Exercising the right to data portability may not violate the right to erasure. The right to data portability does not apply if the data processing is in the public interest or is necessary for the execution of a task performed in the context of the exercise of the public authorities granted to the data controller.(4) The right to data portability must not adversely affect the rights and freedoms of others.
‍
Based on Article 7 (3) of the GDPR, the data subject has the right to withdraw the consent given to the processing of his personal data at any time as follows:
‍The data subject has the right to withdraw his consent at any time. Withdrawal of consent does not affect the legality of data processing based on consent prior to withdrawal. You have the right to withdraw your consent in the same simple way as giving it.
‍
‍The affected person's right to remedy is before a court, a complaint addressed to a supervisory authority
In case of unlawful data processing experienced by the data subject, he can initiate a civil lawsuit against the Data Controller. The adjudication of the lawsuit falls within the jurisdiction of the court. According to the choice of the person concerned, the lawsuit can also be initiated before the court of his place of residence (you can view the list and contact details of the courts via the following link:
http://birosag.hu/torvenyszekek
‍Without prejudice to other administrative or judicial remedies, all data subjects have the right to complain to a supervisory authority - in particular in the Member State of their usual place of residence, place of work or suspected infringement - if, in the opinion of the data subject, the processing of their personal data violates the GDPR.National Data Protection and Freedom of Information Authority (NAIH) address: 1055 Budapest, Falk Miksa utca 9-11. Postal address: 1363 Budapest, Pf.: 9.
E-mail: ugyfelszolgalat@naih.hu, Phone: +36 (1) 391-1400, Fax.: +36 (1) 391-1410, Website: www.naih.hu