Privacy Policy

Privacy notice

1. Purpose, scope and applicable law of the Privacy Notice


The purpose of this Privacy Notice is to set out the data protection and data management principles applied by MDP International Ltd., the organisation’s data protection and data management policy, which the organisation, as data controller, recognises as binding.

In drafting the provisions of this Policy, the organisation has taken particular account of the provisions of Regulation 2016/679 of the European Parliament and of the Council (“General Data Protection Regulation” or “GDPR”), the 2011 GDPR, the 2011 Act on the Right to Information Self-Determination and Freedom of Information, and the 2011 Act on the Protection of Individuals with regard to the Processing of Personal Data (“the GDPR”). CXII of 2013 (“Information Act”), Act V of 2013 on the Civil Code (“Civil Code”) and Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Commercial Advertising Activities (“Act XLVIII of 2008”).

The scope of this Privacy Notice covers the processing of data related to the website available at https://norvegdezsa.com (hereinafter referred to as the “Website”). This Privacy Notice is valid until revoked.

The purpose of the Privacy Notice is to harmonise the provisions of the other internal rules of the organisation with regard to data management activities in order to protect the fundamental rights and freedoms of natural persons and to ensure the adequate processing of personal data.
Furthermore, an important purpose of issuing the Privacy Notice is to ensure that by knowing and complying with it, the organisation is able to lawfully process the data of natural persons.

2. Data Controller


Name: MDP International Kft.
Registered office: 3434 Mályi, Fő utca 43.
Tax number: 25512766-2-05
E-mail: info@norvegdezsa.com

Data Controller is a registered organisation in Hungary.

3. Key concepts and definitions


GDPR (General Data Protection Regulation) is the new EU Data Protection Regulation.
controller: a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of the processing are determined by the EU or Member State law, the controller or specific criteria for the designation of the controller may also be determined by Union or Member State law.

Processing: any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.
personal data means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing: any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Third party: a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Data subject’s consent: a freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she signifies, by a statement or by an act unambiguously expressing his or her consent, that he or she signifies his or her agreement to the processing of personal data concerning him or her.
restriction of processing: the marking of stored personal data for the purpose of limiting their future processing.

Deletion of data: rendering data unrecognisable in such a way that it is no longer possible to retrieve them.

Personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed.

4. Principles of data management


Personal data be processed lawfully and fairly and in a transparent manner (“lawfulness, fairness and transparency”)
be collected only for specified, explicit and legitimate purposes and not processed in a way incompatible with those purposes; further processing for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes shall not be considered incompatible with the original purposes in accordance with Article 89(1) (‘purpose limitation’)

they must be adequate, relevant and limited to what is necessary for the purposes for which they are processed (‘data minimisation’)
be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that personal data that are inaccurate for the purposes of the processing are erased or rectified without undue delay (‘accuracy’)

Data to be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be kept for longer periods only if the personal data will be processed for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1), subject to the implementation of appropriate technical and organisational measures to safeguard the rights and freedoms of data subjects as provided for in this Regulation (‘limited storage’)

it must be processed in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage (‘integrity and confidentiality’), by implementing appropriate technical or organisational measures
The controller is responsible for compliance with the above and must be able to demonstrate such compliance (“accountability”).

5. Purpose of data processing


The Data Controller processes personal data for specific purposes only. The data are collected and processed fairly and lawfully. The Data Controller shall endeavour to process only personal data that is necessary for the purpose of the processing and is suitable for achieving that purpose. Personal data shall only be processed to the extent and for the duration necessary to achieve the purpose.

6. Scope of the data processed


Contact and request for proposal
Purpose of processing: to contact, to keep in contact, to communicate information, to request information.
Legal basis for processing: voluntary consent of the data subject, Article 6(1)(a) GDPR.
Data processed: name (identification), e-mail address (contact), telephone number (contact)
Deadline for erasure: 2 years from the last contact

You can request the deletion or modification of your personal data by the following means:

by post to MDP International Ltd., 3434 Mályi, Fő utca 43.
by e-mail at info@norvegdezsa.com

7. Methods of data processing


The Data Controller stores the data subject’s data on its own servers and temporarily on the Data Controller’s computers. The processing of personal data of the data subjects shall be carried out exclusively by the Data Controller.

In any case, the provision of data is voluntary, i.e. the data subject is free to decide whether or not to provide the requested personal data. If the data subject consents, the Data Controller will process the data in accordance with the law in force and within the limits of the data subjects’ consent.

In order to prevent unauthorised use and misuse of the personal data processed, the Data Controller applies extensive technical and operational security measures. Our security procedures are regularly reviewed and improved in line with technological developments.

8. Technical data and cookie management


Since natural persons can be associated with online identifiers, such as IP addresses and cookie identifiers, provided by the devices, applications, tools and protocols they use, this data, combined with other information, can and may be used to create a profile of a natural person and to identify that person.

Cookies are also able to remember preferences so that the user does not have to re-enter them when entering a new page, remember previously entered data so that it does not have to be re-entered, analyse the use of the website to ensure that improvements are made using the information obtained to ensure that it works as well as possible for the user, make it easy for the user to find the information they are looking for and monitor the effectiveness of our advertising.

If the Data Controller displays various content on the Website through external web services, this may result in the storage of some cookies that are not under the control of the Data Controller, and therefore it has no control over the data collected by these websites or external domains. Information about these cookies is provided in the policies for the relevant service. The user can set their web browser to accept all cookies, reject all cookies or notify the user when a cookie is received. The setup options can usually be found in the “Options” or “Settings” menu of the browser. The detailed information on the English website www.aboutcookies.org also helps you with the settings in different browsers.

Cookies used by the website:

Necessary cookies: cookies specific to web shops are the so-called “password-protected session cookies”, “shopping cart cookies” and “security cookies”, the use of which does not require the prior consent of the data subject. After closing the website, these cookies are automatically deleted and the session is closed.

Functional cookies: these cookies are used to improve your user experience by detecting the device you use to access our website, remembering your previous usage choices (such as your username, password, language, region, whether you have logged in during a previous session, changes you have made to text size, font or other customisable elements of the website) so that we can offer you better and more personalised features. These cookies do not track your activity on other websites and we do not use them to send you advertising through other sites.

Google Analytics cookie: Google Analytics is a Google analytics tool that helps website and app owners to get a more accurate picture of their visitors’ activities. The service may use cookies to collect information and report from statistics on the use of the website without individually identifying visitors to Google. The main cookie used by Google Analytics is the “__ga” cookie. In addition to reporting from site usage statistics, Google Analytics can also be used to display more relevant ads in Google products (such as Google Search) and across the web.