PRIVACY NOTICE
www.jura.hu

1. Who processes your personal data?
2. What types of personal data we process? (Data processing operations)
2.1 If you visit the www.jura.hu website (data recorded automatically and cookies)
2.1.1 Data recorded automatically
2.1.2 Use of cookies
2.2 Facebook
2.3 If you apply for a job
2.4 Newsletters
2.5 Reporting the need for repair service
2.6 If you contact us
2.7 Our company operates an access control system
2.8 A video surveillance (CCTV) system is in place at our company
2.9 Business relationships
3 Your rights
3.1 You may withdraw your consent
3.2 You may request information (access to your data)
3.3 You may request the rectification of your data)
3.4 You may request the erasure of your personal data („right to be forgotten”)
3.5 You may request us to restrict the processing your personal data
3.6 You may request us to transfer your personal data (right to data portability)
3.7 You may object to the processing of your personal data
4. Available legal remedies
4.1 You may lodge a complaint with NAIH
4.2 Right to seek a judicial remedy
4.3 Compensation for damages and restitution
5. Data security
6. Data transfers
7. Miscellaneous
Appendix 1: Principles and legislation governing our processing of personal data
Appendix 2: What do these terms mean? (Definition of the terms used in this Privacy Notice)

1. Who processes your personal data?

Controller: JURA-TRADE Kereskedelmi Kft.
Short name: JURA-TRADE Kft.
Registered office: Fészek utca 3, HU-1125 Budapest, Hungary
Represented by: Koltainé Agnes Bakonyi
Name of the privacy officer: Arpad Papp
Contact details of the privacy officer:
(hereinafter referred to as “Controller”)

2. What types of personal data we process? (Data processing operations)

2.1 If you visit the www.jura.hu website (data recorded automatically and cookies)

>2.1.1 Data recorded automatically

If you visit our website, certain information will be recorded automatically about your device (e.g. laptop, PC, phone or tablet). This information includes your IP address, date and time of your visit, the pages visited, website from which access was made or from which you were directed to our website, type of browser and operating system used, and domain name and address of your Internet service provider. This information will be automatically logged by the web server that hosts our website without any special statement or action from you. Statistical data are automatically generated by our system based on this information. These data cannot be linked to other personal data except in cases provided for by the law. We use these data solely in an aggregated and processed form in order to correct any faults in our systems and improve the quality of our services, as well as for statistical purposes.
Purpose of data processing: Technical development of our IT system, control of the functioning of the service, production of statistics and protection of the visitors’ rights. In the event of abuses, personal data can also be used to determine the perpetrators of such abuses in cooperation with the Internet service provider of visitors and the competent authorities.
Legal basis of data processing: Our legitimate interest on proper functioning of the site based on Section 13/A (3) of Act CVIII of 2011 on Certain Issues of Electronic Commerce Activities and Information Society Services.
Duration of data processing: 30 days from the time when the website was visited.

2.1.2 Use of cookies

What is a cookie?

A cookie is a small text file that is stored on the hard drive of your computer or mobile device until the expiration date set in the given cookie, and is activated (sends information back to the web server) during later visits. Websites use cookies to capture information concerning visits (pages visited, time spent on individual pages, browsing data, when the user leaves a page, etc.) and personal settings. Cookies help us build a user-friendly website and enhance the visitors’ online experience.

On other platforms, where cookies are unavailable or cannot be used, other technologies having a similar purpose may be used, such as advertising IDs on Android devices.

There are two types of cookies, the so-called “session (or transient) cookies” and “persistent cookies”. Both types of cookies are stored in the browser’s file directory until the user deletes them

• “Session cookies” are stored in the temporary memory of your computer, notebook or mobile device and they are not retained after you have left the website. These cookies help the system remember your information so that you do not have to re-enter or complete that information again and again. Session cookies expire at the end of each user session, and are intended to prevent data loss (for example, when completing a long form). This type of cookies is automatically deleted from the user’s computer when the session ends or the browser is closed.
• “Persistent cookies” are stored on your computer, notebook or mobile device even after you exit the site. These cookies allow the site to recognize you as a returning visitor. Persistent cookies, by associating IDs with users on the server side, are capable of identifying you, for example, in all cases where user authentication is indispensable (e.g. webshop, online banking, webmail) and a necessary condition for proper operation. Persistent cookies do not store personal data, and can only be used to identify a user together with the associated information stored in the server’s database. The risk inherent in this type of cookies is that they do not actually identify the user but the browser, and therefore, if someone logs into an online store in a public place (e.g. an Internet café) and forgets to log out upon leaving the workstation, another person, using the same computer may gain unauthorized access to the online store in the original user’s name.

What types of cookies we use?

A. Cookies essential for the functioning of our website:

Legal basis of data processing: Our legitimate interest on proper functioning of the site based on section 13/A (3) of Act CVIII of 2011 on Certain Issues of Electronic Commerce Activities and Information Society Services.

name	purpose	duration of data processing	Provider (privacy notice)
PHPSESSID	Our site only uses one type of session cookies for the purpose of collecting information on the steps you take during your visit on the site, including the text you enter in the “Request a quote” form, as long as you stay on the page you are currently viewing, and also for the purpose of capturing the menu items you visit in order to allow you to go back.	Session	Our cookie

B. Cookies collecting statistical data

Legal basis of data processing: Your consent. You may withdraw your consent at any time; however, such withdrawal shall be without prejudice to any legitimate data processing carried out prior to that date.

name	purpose	duration of data processing	Provider (privacy notice)
_ga	These cookies only collect statistical data. They are used to collect information about your use of the site, which topics you view, which links you click on, how you scroll up and down the website, and which pages you visit. These statistical data also allow us to better adapt our site to user requirements.	2 years	Our cookie
	_gid	1 day
	collect	Session	Google (Google Analitics) Privacy notice: https://support.google.com/analytics/answer/6004245?hl=hu

How can I enable or disable cookies?

Most web browsers enable cookies automatically, but visitors have the option to delete or disable them. Since each browser is different, you can set individually your preferences regarding cookies using the browser toolbar. Furthermore, you can delete the cookies stored on your computer or mobile device at any time. For more information on these settings, please visit the “Help” menu item in your browser. Please note that if you choose to disable cookies, you will not be able to use the above-mentioned features of our website.

Link to the cookie settings guide of Microsoft.
Link to the cookie settings guide of Mozilla Firefox.
Link to the cookie settings guide of Google Chrome.
Link to the cookie settings guide of Opera
Link to the cookie settings guide of Apple Safari.

2.1.3 Data processors

This website is administered by JURA-TRADE Kft., H-1125 Budapest, Fészek u. 3.

2.2 Facebook

We are available on Facebook under the username Jura-Trade Kereskedelmi Kft.
Facebook users can subscribe to the News Feed of Jura-Trade Kereskedelmi Kft. by clicking on the “Like” or “Follow” button and unsubscribe by clicking on the “Dislike” or “Unfollow” button. Using the Wall settings, you can delete any unwanted news appearing on your Facebook Wall.
By following us, your profile will become available to us, but we will not process or record any data from your profile in our internal system. We will not use your data for any purposes other than sending you updates.
Purposes of data processing: Sending you current information about our products, the latest news, educational articles and materials.

us. Such withdrawal shall be without prejudice to any legitimate data processing carried out prior to that date.
Duration of data processing: Our news will only appear on your News Feed for as long as you want. If you “unfollow” us, our posts will no longer appear in your News Feed. You can also have access to our News Feed if you are not following us, but you will not get separate notifications.
Facebook is a controller that is independent of us. For information on how personal data provided on Facebook are processed, please visit the following links: https://www.facebook.com/policies/cookies/ and https://www.facebook.com/about/privacy/update

2.3 If you apply for a job

If you send us a job application through our website, by e-mail or post (whether to an advertised job opening or in general), we imply your consent to the processing of your personal data.

Purpose of data processing: Keeping contact with job applicants and selecting the right candidates.
Legal basis of data processing: Your consent. You may withdraw your consent at any time; however, such withdrawal shall be without prejudice to any legitimate data processing carried out prior to that date. Please note that the processing of the personal data provided by you and/or requested by us is essential for us to evaluate your application and select the right candidate.

Duration of data processing: After deciding who will fill a vacancy, the CVs of applicants responding to that specific job advertisement and the personal data and documents sent in connection with their application will be handled as follows:

• unsuccessful applicants will be asked by e-mail or on paper whether or not they want us to store their application in our database for an additional year, and contact them about job openings. If a negative answer or no answer is received within 30 days, the application and the applicant’s data will be erased from our system.
• the data of the successful applicant will be transferred to our employee database and erased from the applicants’ database.

Generic applications sent by post or e-mail to unadvertised jobs will be stored in our database for a year. After one year, CVs and any other personal information will be erased.
Regardless of the above, you have the right to request the erasure of your personal data at any time, and the personal data you provided will be erased from our database immediately.
It is possible that we receive your application package from a recruitment agency or an HR portal. Those companies are separate controllers, and therefore you can find information about their data processing activities on their corporate websites.

2.4 Newsletters

We will process your name and e-mail address for the purpose of sending you newsletters. It is not mandatory to specify the name and activities of your company (where applicable), but if you do so, we will send you personalised newsletters.

Purpose of data processing: Keeping you informed about the latest news.

Legal basis of data processing: Your consent. Please note that if you do not consent to the processing of your data, we will not be able to send you newsletters.
Duration of data processing: You will only receive our newsletters for as long as you want. If you do not want to receive further newsletters, you can unsubscribe at any time by clicking on the link at the bottom of the newsletter or by sending an e-mail to . Such withdrawal of consent shall be without prejudice to any legitimate data processing carried out prior to that date.

2.5 Reporting the need for repair service

If you would like to use our repair or maintenance service, please contact us by e-mail at or by telephone or post. Our service engineers will be at your disposal.

Purpose of data processing: Keeping contact with inquirers, providing repair services.

Legal basis of data processing:

• If we provide our services to you, our legal basis is the performance of contract concluded with you. The provision of data is mandatory. If we are not allowed to process your personal data, we will not be able to provide you repair services
• If we provide our services to your company, our legal basis is our legitimate interest on performance of contract concluded with your company.

Duration of data processing:

• Data included in invoices in accordance with the applicable tax or accounting legislation are stored for 8 years;
• Any other data and correspondence related to your orders and your use of our services are stored for the limitation period under civil law, i.e. 5 years.

2.6 If you contact us

You can contact us using any of our contact details (through our website, by e-mail, telephone, post or via Facebook). Options are available on our website to request a quote or send an inquiry.

In the cases mentioned above, we imply that you consent to our processing of personal data provided by you.

Purpose of data processing: Keeping in contact with inquirers; responding to their inquiries and/or acting on their requests.

Legal basis of data processing: Your consent. You may withdraw your consent at any time; however, such withdrawal shall be without prejudice to any legitimate data processing carried out prior to that date.

Please note that if we are not allowed to process the personal data you provided, we may not be able to respond to your inquiry or act on your request.

Duration of data processing: These messages and any personal data included in them will be deleted after responding to your request, question or complaint. However, where this is necessary for tax or accounting purposes or for the protection of the rights and interests of the Controller or of the inquirer, the data will be archived and stored for the required period of time, which will be determined on a case-by-case basis.

2.7 Our company operates an access control system

If you have received an access badge, we will process the following personal data concerning you:

• first and last name;
• identity card number;
• access badge number;
• time and place of arrivals and departures.

These data are processed solely for the purpose of ensuring the security of the building and any assets and persons located in the building.

Purpose of data processing: Ensuring the safety and security of the office building, employees and visitors.

Legal basis of data processing: Our legitimate interest on ensuring the safety and security of the office building, employees and visitors.

Duration of data processing:
The identification data (name, personal identity card number, access badge number) of the persons authorized to access the building, which are processed for the purpose of operating an electronic access control system, will be erased:

• in the case of regular access, immediately upon cessation of the entitlement to access the building.
• in the case of one-time visits, 24 hours after the person left the building.

Data generated during the operation of the electronic access control system (date and time of arrivals and departures) will be erased:

• in the case of regular access, upon cessation of the entitlement to access the building, but no later than six (6) months after the date when the data was generated,
• in the case of one-time visits, 24 hours after the person left the building. An exception is when the above data are transferred to a competent authority.

Data can be accessed by the private security company B CONSULTING SERVICE Vagyonvédelmi Kft., H-1102 Budapest, Kőrösi Csoma Sándor út 18-20. as controller. Where necessary, data may also be accessed by an employee appointed by the Controller.

2.8 A video surveillance (CCTV) system is in place at our company

Our company operates a video surveillance system in order to ensure the security of individuals and their property. Symbols and warning signs advise the people entering the premises about the video surveillance system.

You can find further information about the video surveillance system on the spot, in the given office building. Upon request, we will send you by e-mail a copy of the privacy notice concerning the video surveillance system.

2.9 Business relationships

In the contracts concluded with our business partners or during business contacts, we share the contact details of our contact persons and process the contact details provided by our business partners.

Purpose of data processing: Keeping in contact to ensure the preparation or performance of contracts or for other business purposes.

Legal basis of data processing: We have a legitimate interest in performing our contracts and liaising with partner companies.

Duration of data processing: The contact details of contact persons are processed throughout the existence of a business relationship, until our business partner notifies us about a change in their contact details/person.

3. Your rights

You have the rights detailed in Sections 3.1 to 3.7 concerning the processing of your personal data. If you would like to exercise any of these rights, please notify us in writing using one of the following contact details:

Address: Fészek utca 3, HU-1125 Budapest, Hungary
E-mail:

Identification
Before acting on your request, we are always required to verify your identity. If we cannot identify you, unfortunately we will not be able to act on your request.

Responding to the request
After identification, we will respond to your request in writing, electronically or, if you request so, orally. Please note that if you have submitted your request by electronic means, we will also respond by electronic means. Of course, even in this case, you have the right to request us to reply in a manner alternate to e-mail.

Time limit for response
You will be provided information on the action taken on your request without undue delay and in any event within one (1) month of receipt of your request. That period may be extended by two (2) further months where necessary, taking into account the complexity and number of the requests, of which you will be informed within the one-month time limit.

We are required to inform you without delay and at the latest within one (1) month of receipt of your request of the reasons for not taking action on the request. In this case, you may lodge a complaint with the National Authority for Data Protection and Freedom of Information (NAIH) (see Section 4.1) or exercise your right to judicial remedy (see Section 4.2).

Administrative fee
The requested information will be sent to you and measures will be taken free of charge. The only exception from this is where requests are manifestly unfounded or excessive, in particular because of their repetitive character. In this case, we may charge a fee or refuse to act on your request.

3.1 You may withdraw your consent

In the case of data processing based on consent, you may withdraw your consent at any time. In such a case, we will erase your personal data in respect of that processing within five (5) working days after the receipt of your relevant notice. Please note that this withdrawal shall be without prejudice to the lawfulness of the processing carried out earlier based on your consent.

3.2 You may request information (access to your data)

• You may be request information as to whether personal data is being processed concerning you, and if so:
• What is the purpose of the processing?
• What data do we process exactly?
• To whom do we transfer these data?
• How long do we store these data?
• What rights do you have and what legal remedies are available to you in this regard?
• From what source did we receive your data?
• Is there any automated decision-making about you using your personal data? In such cases, you may also request information about the logic (means) involved, as well as the significance and the envisaged consequences of such processing for you.
• If you have found that your data have been forwarded to an international organization or to a third country (non-EU Member State), you may request that we demonstrate the existence of suitable safeguards to ensure the proper processing of your personal data.
  You may request a copy of your personal data being processed. (For any additional copies, an administrative fee will be charged).

3.3 You may request the rectification of your data

You have the right to request the rectification of inaccurate personal data from us concerning you or to have incomplete personal data completed.

3.4 You may request the erasure of your personal data („right to be forgotten”)

You have the right to request from us the erasure of personal data concerning you where one of the following grounds applies:

• the personal data are no longer necessary in relation to the purposes for which they were processed;
• in cases where the processing was based on solely your consent;
• it is established that the personal data have been unlawfully processed by us;
• this is required by Union or Member State law;
• the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
• the personal data have been collected in relation to the offer of information society services to children.

Personal data may not be erased to the extent where processing is necessary:

• for exercising the right of freedom of expression and information;
• for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest;
• for reasons of public interest in the area of public health;
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
• for the establishment, exercise or defence of legal claims.

3.5 You may request us to restrict the processing your personal data

You have the right to request from us the restriction of processing where one of the following applies:

• The accuracy of the personal data is contested by you for a period that enables us to verify the accuracy of the personal data;
• The processing is unlawful but you oppose the erasure of the personal data and request the restriction of their use instead;
• We no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
• You have objected to processing, pending the verification whether the legitimate grounds of the controller override your legitimate grounds.
• Where the processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

We will inform you before the restriction of processing is lifted.

3.6 You may request us to transfer your personal data (right to data portability)

You have the right to receive the personal data that we process concerning you in a structured, commonly used and machine-readable format and have the right to transmit – or request us to transmit – those data to another controller, where the processing is based on your consent or on a contract concluded with you or in your favour, or the processing is carried out by automated means.
The above right may not be exercised where processing is necessary for the performance of a task carried out in the public interest. This right may not infringe the right to erasure, and may not adversely affect the rights and freedoms of others.

3.7 You may object to the processing of your personal data

You have the right to object to the processing of your personal data, where:

• Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling carried out based on such processing.
• In the cases mentioned above, personal data will be erased, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

You may also object to the processing of your personal data, where:

• Processing is carried out for direct marketing purposes (in this context, you may also object to profiling). In this case, your personal data will be erased.
• Processing is carried out for scientific or historical research purposes or statistical purposes. In this case, your personal data will be erased , unless the processing is necessary for the performance of a task carried out for reasons of public interest.

4. Available legal remedies

4.1 You may lodge a complaint with NAIH

If you believe that personal data concerning you are processed in violation of the General Data Protection Regulation, you have the right to lodge a complaint with a supervisory authority in the Member State of your habitual residence, your workplace or the place of the supposed infringement. In Hungary, complaints should be filed with the National Authority for Data Protection and Freedom of Information (NAIH).

NAIH:
Chairman: dr. Attila Péterfalvi
Postal address: HU-1530 Budapest, Pf.: 5
Address: Szilágyi Erzsébet fasor 22/C, HU-1125 Budapest
Telephone: +36 1 391-1400
Fax: +36 1 391-1410
Web: http://naih.hu
E-mail: or

4.2 Right to seek a judicial remedy

If you believe that personal data concerning you are processed in violation of the General Data Protection Regulation, and therefore your rights under the General Data Protection Regulation have been infringed, you have the right to seek a judicial remedy.

For proceedings against a controller or processor, the action should be brought before the courts of the Member State where the controller or processor has an establishment. Such action may also be brought before the courts of the Member State of your habitual residence.

In Hungary, these legal proceedings fall within the jurisdiction of general courts (törvényszék). Upon the data subject’s request, the action may be brought before the court that is competent based on the domicile or the place of residence of the data subject. Even those may be party to these proceedings who otherwise have no capacity to be a party to judicial proceedings. The Authority may intervene in these proceedings to ensure that the data subject will be the successful party. These court proceedings shall be governed, in addition to the General Data Protection Regulation, by the provisions laid down in Book Two, Part Three, Title XII (Sections 2:51 to 2:54) of Act V of 2013 on the Civil Code as well as other regulations applicable to court proceedings.

4.3 Compensation for damages and restitution

Where the Controller causes any damage as a result of the unlawful processing of the data subject’s personal data or infringes any of the data subject’s personality rights, the Controller may be required to pay restitution (in Hungarian: “sérelemdíj”). The Controller may be exempted from the liability to pay damages or restitution, where it can prove that the damage was caused by, or the violation of the personality rights of the data subject is attributable to, inevitable reasons beyond its control.

5. Data security

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk for the rights and freedoms of natural persons, we use our best endeavours to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

Personal data are always processed confidentially, with limited access, using encryption and maximizing resilience as much as possible, and in case of arising issues, we ensure restorability of the data. Our system is tested regularly to guarantee maximum security. In assessing the appropriate level of security, we take into account in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed.

We will use our best endeavors to ensure that any person acting under our authority who has access to personal data does not process them except on our instructions, unless he or she is required to do so by Union or Member State law.

6. Data transfers

We will only transfer your personal data to processors and controllers specified in this Privacy Notice and solely in accordance with the provisions of this Privacy Notice. The Controller may only transfer your personal data to other controllers with your prior consent.

In the cases specified by the law, we reserve the right to disclose the personal data we process to the competent authorities or courts in accordance with their request, without a specific consent of the data subject.

7. Miscellaneous

The Controller may modify the terms and conditions of this Privacy Notice at any time. Any modification shall come into effect concurrently with its publication on the website. Visitors of the website will be informed of any modification in a pop-up window.
Last update: April 2019

Appendix 1: Principles and legislation governing our processing of personal data

2.1 When processing personal data, we are bound by the following legislation:

• General Data Protection Regulation (“GDPR”) – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;
• Data Protection Act – Hungarian Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information and subsequent implementing legislation;
• Act CVIII of 2011 on Certain Issues of Electronic Commerce Activities and Information Society Services;
• Act V of 2013 on the Civil Code;
• Act CL of 2017 on the Rules of Taxation and subsequent implementing legislation;
• Act C of 2000 on Accounting and subsequent implementing legislation;
• Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities;
• Act CXXXIII of 2005 on Security Services and the Activities of Private Investigators;
• Act C of 2003 on Electronic Communications (Section 155);
• DIRECTIVE 2002/58/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications).

2.2 When processing personal data, we observe the following principles:

• The Controller only processes personal data for the purposes and duration specified herein. The Controller only processes personal data that are necessary and appropriate to achieve the purposes of the processing.
• When processing data, only those people engaged or employed by the Controller whose job duties require access to the data may have access to the personal data that have become known to the Controller.

Appendix 2: What do these terms mean? (Definition of the terms used in this Privacy Notice)

• “personal data” means any information relating to a natural person (“data subject”) (a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person);
• “sensitive data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation;
• “data concerning health” means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about the health status of the natural person;
• “data subject” means any identifiable natural person whom the specific personal data concern (such as a visitor to our website, a person who subscribes to our newsletter, a job applicant);
• “processing” means any operation or set of operations, which are performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
• “controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
• “data management” means the performance of any technical operation in connection with the data processing;
• “processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of (and based on the instructions and by decision of) the controller;
• “profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;
• “third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
• “consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.