János Kovács EV
(1) The aim of the current Data Protection Information (hereinafter: “Information”) is to legally regulate the use of directories / databases maintained by János Kovács EV (hereinafter: ’Data Manager’) and to ensure the enforcement of the constitutional principles of data protection, the right to information and the requirements of data security. Furtheron to ensure that within the framework of the legislation each person himself has access to their personal data, knows the circumstances of their administration or prevents unauthorized access, modification of data and unauthorized publication. This Information is used to inform the affected and to present the practice of the data management by the Data Manager.
(2) The validity of the Information includes the management of personal and special data at at all organizational units of the Data Manager.
2. Relevant legal provisions
- Regulation of the European Parliament and the Council (EU) 2016/679 (27 April 2016) on the protection of personal data of individuals with regard to data management and the free flow of such data as well as the annullation of Regulation 95/46 / EU (General Data Protection Regulation; in the following: “GDPR”)
- Law CXII. of 2011 on information self-determination and freedom of information (‘Infotv.’)
- Law V. of 2013 on the Civil Code (“Ptk.”)
- Law CXXX. of 2016 on civil procedural law (‘Pp’)
3. Data of the Data Manager
The current data of the Data Manager is as follows:
- Name: János Kovács Individual Entrepreneur
- Seat: 2310 Szigetszentmiklós, Petőfi u.128. G. 2.
- Tax number: 68216250-1-33
- Telephone number: +36 20 9612 900
- E-mail address: firstname.lastname@example.org
- Name of the Data Protection Officer: János Kovács
- E-mail address of the data protection officer: email@example.com
- Telephone number of the Data Protection Officer: +3620 9612 900
4. The set of managed personal data, the purpose of data management, duration and legal title
(1) The Data Manager performs the data management based on the voluntary consent of the data subject or based on legal authorization. In the case of voluntary consent, the person concerned may at any time request information regarding the group of managed data and their type of use, they may further revoke their given consent, except in certain cases where the data management is due to legal requirements (in such cases, the Data Manager will inform the data subjects regarding the further administration of the data).
(2) The persons providing the data are obliged to give all data to the best of their knowledge and accuracy.
(3) Insofar as the providing person does not provide their own personal data, it is their duty to obtain the consent of the person concerned.
(4) Insofar as the Data Manager forwards the data to data processors or other third parties, the Data Manager maintains a directory in this regard. The data transfer record must include the addressee, the type, the time and the routing of the transferred data.
(5) Data management in the individual activities of the Data Manager:
Data management of offers and contracts
The Company has the right to manage the personal data of customers, clients and suppliers that are disclosed by the data subject in the process of contacting (via a website or any other way) or in connection with the preparation of offers and contracts, within this with the formation, management and fulfillment thereof. Circle of managed data: Data that have been specified in the contacting, the RFP, the order, the contract, such as contact information, and data required for the issuing receipts/invoices.
Purpose of data management: The purpose of data management is exclusively for the conclusion, fulfillment, amendment or termination of the contract.
Legal basis of data management: The legal basis of the data management is the consent of those affected [GDPR 6th article (1) paragraph a) point] and the legitimate interest of the company [GDPR 6th Article (1) paragraph f) point] and the contract, which has come about between the person concerned and the Company [GDPR 6. Article (1) (b) point]
Duration of the data management: the duration of the data management is eight (8) years after the performance of the contract according to the legislation regarding the retention period for receipts according to Szvt. (Accounting Act).
Managing data from applicants
The Company manages the personal data contained in “random” and targeted CVs or other attached documents received directly or through a labor agency. Data managed: personal data of the data subject specified by him in the CV and other accompanying documents.
Purpose of data management: The purpose of the data management is to inform the data subject regarding suitable employment opportunities that most closely match the qualification and interests of the person concerned, making an appointment and carrying out the selection process.
Legal basis of data management: The legal basis of the data management is the voluntary consent of the person concerned [GDPR 6th article (1) paragraph a) Item], which the person concerned with the sending of his curriculum vitae and the associated documents granted.
Duration of the data management: in the case of a successful application, the duration of the data administration is the duration of the employment relationship; in the case of an unsuccessful application, the application documents of the unsuccessful applicants are destroyed.
Data management in connection with camera observation
At the headquarters of the Company in areas marked by a camera icon or a plaque (observation areas) an electronic camera monitoring system is operated. The camera system monitors access to the area of the Company headquarters. The camera system captures the image and activities of the persons entering the observed area. The camera system holds no sound recordings. Only the authorized employees of the Data Manager are entitled to view the current camera image and the recorded footage. The camera system is operated by the Company, no service providers are used for this purpose, so only the Company acts as the Data Manager. Circle of managed data: the image of the person concerned.
Purpose of the data management: The purpose of the data management is asset protection, protection of the persons in the building, protection of business secrets and evidence of possible abuses or violations as well as ensuring the safe storage of dangerous materials.
Legal basis of data management: The legal basis of the data management is on the one hand the voluntary consent of the data subject [GDPR 6th article (1) paragraph a) point] based on the access to the building , on the other hand the legal authorization by means of § 30-31. Szvmt. (Person and Property Protection Act).
Duration of the data management: Duration of the data management is 3 (three) working days after the creation of the recording, then the recordings are automatically deleted.
5. Rights of the person concerned, legal remedy
(1) Data subjects shall have the right to request, at any time in writing, information concerning the way in which the personal data handled by the Data Manager are managed, to submit their request for cancellation or modification, and to revoke their earlier consent. Each request is to be sent to one of the availabilities given in point 3).
(2) The data subject can not exercise his right to cancellation in the case of legally required data management.
(3) Content of the right to information: Based on the request of the data subject, the Data Manager hands over to the data subject the information regarding the administration of personal data listed in GDPR Articles 13 and 14 and the information in accordance with Articles 15-22. and 34. in a generally comprehensable form.
(4) Content of the access right: At the request of the data subject, the Data Manager issues information as to whether data management in relation to the data subject takes place with the data manager. In case there is data management of the data related to the person concerned in progress, the person concerned shall be granted access to the data as follows:
- a. his personal data;
- b. purpose (s) of data management;
- c. category of personal data of the person concerned;
- d. persons to whom the data of the person concerned have been or will be transmitted;
- e. period of data storage;
- f. right of correction, deletion and the restriction of data management;
- G. right to use the court or a supervisory authority;
- H. source of managed data;
- i. profiling and / or automated decision making or details and the practical implications of such an application;
- j. transmission of the managed data to third countries or international organizations.
(5) In the case of a data request as described above the Data Manager hands over a copy of the managed data in accordance with the request to the person concerned. There is the possibility of an electronic sending by the Data Manager.
(6) For each additional copy the Data Manager charges an administration fee of 500.- HUF / page.
(7) The deadline for the handover of the requested data is 30 days from receipt of the request.
(8) Right of correction: the party concerned may request the correction the inaccurate data regarding the person concerned by the Data Manager.
(9) Right to cancellation: if one of the following reasons exists, the Data Manager shall, at the request of the person concerned, delete the data of the person concerned within a short period of time, but no later than within 5 working days:
- a. The data is unlawfully managed (without legal authorization or personal consent);
- b. The management of the data is not necessary for the realization of the original goal;
- c. The data subject revokes his consent to the data management and the Data Manager has no other legal basis for the management of the data;
- d. The collection of the data in question took place in connection with the supply of services related to the information society;
- e. The personal data must be deleted in order to fulfill the legal obligation with respect to the Data Manager.
(10) The Data Manager can not perform data deletion if the data management continues to be necessary for one of the following purposes:
- a. further data management is necessary to fulfill the legal obligations in relation to the Data Manager;
- b. it is necessary for the purpose of exercising the right of expression and information;
- c. for reason of public interest;
- d. for archiving, research, scientific or statistical purposes;
- e. to enforce or protect legal claims.
(11) Right to Restrict data management: If one of the following reasons exists, the Data Manager shall, at the request of the data subject, restrict the data management:
- a. the person concerned denies the accuracy of his data, in which case the restriction relates to the period until the accuracy and correctness of the data in question is credibly checked;
- b. the data management is unlawful, whereby the data subject does not request a deletion, but only the restriction of the data;
- c. the data are no longer necessary for data management, however, the person concerned requests further storage to enforce or protect their legal rights;
(12) Insofar as the Data Manager introduces a restriction with regard to any managed data, the data subject’s data will only be managed for the duration of the restriction and insofar as:
- a. the person concerned agrees;
- b. it is necessary for the enforcement or protection of legal rights;
- c. it is necessary for the enforcement and protection of the rights of others;
- d. it is necessary to enforce public interest.
(13) Right of revocation: the person concerned is entitled to revoke the consent given to the Data Manager at any time in writing. In this case, the Data Manager will immediately and permanently delete any information he or she has managed in connection with the person concerned and their further retention is not required by law or which is not necessary for the enforcement and protection of rights of legitimate interest. The lawfulness of the administration of the data up to the date of the revocation is not affected by the revocation.
(14) Right to data transmission: the data subject is entitled to request the forwarding of his data managed by the Data Manager to another data manager in a generally accepted, machine-readable format. The Data Manager will comply with this request in the shortest possible time, but at the latest within 30 days.
(15) Automated decision making and profiling: The person concerned has the right not to be a subject of decisions based exclusively on automated data management decision-making (e.g. profiling), which imply legal consequences for him/her or may otherwise disadvantage him/her. This right does not apply if:
- a. the data management is essential for the conclusion of the contract between the data subject and the Data Manager, or the fulfillment of that contract;
- b. the person expressly agrees to the use of such a procedure;
- c. the application is legally approved;
- d. this is necessary for the enforcement or protection of the right to claims.
In the course of contacting the Data Manager the incoming email and its contents (so particularly name and address of the sender, date and attachments) are stored by the Data Manager for 5 years and then deleted.
7. Type and security of data storage
(1) The Data Manager shall keep the data he manages – both in paper and electronic form – at his registered office.
(2) Exception from item (1) is the data managed by the Data Manager but stored at his data processor(s), in which case the location of the data storage ist the seat of the data processor(s).
(3) The Data Manager uses a computer system for his operation, which ensures that:
- a. the unchangeability of the data is verifiable (data integrity);
- b. the credibility of the data is assured (data credibility);
- c. the authorized persons have access to the data (availability);
- d. or that the data is protected against unauthorized access (confidentiality of the data).
(4) The data protection concerns in particular:
- a. unauthorized access;
- b. modification;
- c. transmission;
- d. deletion;
- e. publication;
- f. accidental damage;
- G. accidental destruction;
- H. or to the case when access to the data is not possible due to a change in the technology used.
(5) In the interest of protecting the electronically managed data, the Data Manager will apply solutions that offer the appropriate level of security in the state of the art. In the verification of conformity, particular attention is paid to the risk levels of data management at the Data Manager. The IT protection ensures that the stored data can not be directly assigned to or associated with the person concerned (unless it is permitted by law).
(6) In the course of data management, the Data Manager ensures that:
- a. the authorized person can access the required data;
- b. only authorized persons can access the information;
- c. the accuracy and completeness of the information and the processing method is protected.
(7) The Data Manager and the data processor concerned shall ensure that their computer systems are protected against fraud, espionage, viruses, burglary, vandalism, natural disasters. The Data Manager (or data processor) uses server-level and application-level protection procedures.
(8) Messages to the Data Manager, which are forwarded via the Internet in any form, are increasingly exposed to network threats that result in modification, unauthorized access or other illegal activity.In order to avert such a danger the Data Manager shall apply all reasonable and expected measures to be taken in the light of current technology. The systems used are therefore monitored so that the safety deviations can be recorded, the safety incidents can be verified, or the effectiveness of the safety precautions can be checked.
8. Procedural regulation
(1) If the Data Manager receives a request in accordance with Article 15-22. GDPR, the Data Manager informs the person concerned as soon as possible and at the latest within 30 days in writing regarding the measures taken on the basis of the application.
(2) If the complexity of the application, or other objective circumstances justify it, the abovementioned period may be extended once for a maximum of 60 days. With regard to the extension, the Data Manager informs the data subject in writing, citing a justification for the extension.
(3) The Data Manager shall grant the notification free of charge, except if:
- a. the person concerned requests information / measures repeatedly with unchanged content;
- b. the application is clearly unfounded;
- c. the request is exaggerated.
(4) In cases as described in point (3), the Data Manager is entitled:
- a. to reject the application;
- b. to bind the fulfillment of the application to a related, reasonable fee.
(5) If the person concerned wishes data to be transferred in paper form or an electronic storage medium (CD or DVD), the Data Manager hands over a copy of the data concerned free of charge in the desired form (except when the selected platform meant an excessive technical difficulty). For each additional copy requested an administration fee of 500.- HUF per page / CD or DVD will be charged.
(6) The Data Manager shall inform all persons to whom he has previously handed over the affected data with regard to the correction, deletion, restriction that has been carried out, unless the notification is impossible or requires excessive efforts.
(7) If the data subject wishes, the Data Manager will provide information about which data has been forwarded to which persons.
(8) The Data Manager submits his reply to the application in electronic form, except where:
- a. the person concerned expressly wishes the answer in a different form and this does not represent an unfounded amount of additional expenditure for the Data Manager;
- b. the Data Manager does not know the electronic accessibility of the data subject.
(1) If a data subject suffers financial or other damage as a result of the violation of data protection laws, he is entitled to claim damages from the Data Manager and / or data processor. If both the Data Manager and the data processor (s) are involved in the infringement, they will be collectively liable for the damage suffered.
(2) The data processor shall only be liable for damage incurred if he has violated the provisions of the Data Protection Act formulated for the data processor, or if the damage occurred due to non-compliance with the instructions of the Data Manager.
(3) The Data Manager or data processor(s) are only liable if they can not prove that they are not responsible for the circumstance that caused the damage.
(1) In case of a complaint or problem relating to the data management of the Data Manager, please contact the data Manager’s Data Protection Officer [name of the delegate] in confidence (availability: [delegate’s telephone number]; [delegate’s email address] ]).
(2) If, in the view of the data subject, his rights have been violated by the Data Manager and / or data processor(s), he is entitled to contact the competent court in accordance with the Civil Code. The court goes out of business in this matter.
(3) In case the person concerned wishes to file a formal complaint in connection with the data management, the complaint should be addressed to the National Authority for Data Protection and Freedom of Information at the following availabilities: Office: 1125 Budapest, Szilágyi Erzsébet fasor 22 / C .; Postal address: 1530 Budapest, Pf .: 5. Telephone: 06-1 / 391-1400; fax: 06-1 / 391-1410; E-mail address: firstname.lastname@example.org; Website: www.naih.hu.
11. Official cooperation
(1) If the Data Manager receives an official request from the authorized authorities in this regard, he is obliged to hand over the personal data in question.
(2) In the cases referred to in point (1), the Data Manager shall only provide data which is absolutely necessary for the achievement of the objective set by the requesting authority.
Date, Budapest, May 3, 2018