Manage cookies
Cookie Settings
Cookies necessary for the correct operation of the site are always enabled.
Other cookies are configurable.
Other cookies are configurable.
Privacy policy
This Privacy Policy sets out the rules for data management in relation to the service activities and internal operations of GITMAX IT Services Private Company Limited by Shares.
I. THE IDENTITY OF THE DATA CONTROLLER, THE CONCEPT OF PERSONAL DATA AND THE DATA SUBJECT
The Data Controller is the legal person that determines, alone or jointly with others, the purposes and means of the processing of personal data.
In relation to these rules
Data Controller: GITMAX IT Services Zrt.
Headquarters: 1118 Budapest, Kelenhegyi str. 43. Building A 4 floor 8 .
Website address: https://gitmax.com
E-mail address: info@gitmax.com
Phone number: +36 1 808 90 21
Data Protection Officer: Dr. Miklós Rátky and Dr. László Attila Kovács info@ratkynet.hu)
For the purposes of this Policy, personal data means any information relating to an identified or identifiable natural person (the Data Subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier (such as a name, number, an identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person).
II. THE LEGISLATION ON WHICH THIS PRIVACY POLICY IS BASED
III. CERTAIN DATA PROCESSING PURPOSES
1. RECRUITING YOUR OWN STAFF
a) Legal basis for the data controller's processing
In the case of CVs sent voluntarily by applicants, Article 6(1)(a) of the GDPR, which provides that personal data may be processed if (a) the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes.
In the case of the online search for potential candidates by the company and the collection of information published there, Article 6 (1) (f) GDPR, according to which the processing is necessary for the purposes of the legitimate interests pursued by the data controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.
b) Transfer of personal data to a third country or international organization
The Data Controller does not transfer personal data to third countries or intergovernmental organizations.
c) Purpose of data processing
The purpose of the processing is for the Data Controller to conclude employment contracts with employees, to receive or search CVs.
d) Duration of processing
The data processing lasts until the negotiations with the candidate have been completed, at the latest until the conclusion of the employment contract or until the candidate is rejected.
e) Data security
The Data Controller's IT department is responsible for the security of the Data Processing. No automated decision making, including profiling, takes place during the processing.
f) Data processors
A data processor is a natural or legal person who or which processes personal data on behalf of the Data Controller.
No data processor is used in the course of this processing.
2. PROCEDURES IN CONNECTION WITH THE PROCESSING OF THE WORKERS
a) Legal basis for the data controller's processing
Article 6(1)(f) GDPR, according to which processing is necessary for the purposes of the legitimate interests pursued by the data controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.
b) Transfer of personal data to a third country or international organisation
The Data Controller does not transfer personal data to third countries or intergovernmental organisations.
c) Purpose of data processing
The purpose of the processing is to ensure that the Data Controller keeps the CVs of the employees and their attachments for use as evidence in any future employment or other legal dispute against the employee.
d) Duration of processing
The processing of data will take place from the end of the negotiations with the candidate, i.e. from the conclusion of the employment contract until 5 years after the termination of the employment relationship at the latest.
e) Data security
The Data Controller's IT department is responsible for the security of the Data Processing. No automated decision making, including profiling, takes place during the processing.
f) Data processors
A data processor is a natural or legal person who or which processes personal data on behalf of the Data Controller.
No data processor is used in the course of this processing.
3. HUMAN RESOURCES ACTIVITIES
a) Legal basis for the data controller's processing
Article 6(1)(c) of the GDPR, which provides that processing is necessary for compliance with a legal obligation to which the data controller is subject.
b) Transfer of personal data
The Data Controller does not transfer personal data to third countries or intergovernmental organizations.
Among the personal data, the Data Controller transfers the data on the salary to the recruitment agents under contract with them , given that this data is the basis for the calculation of the agents' fees. The agency contract and the employment contract of the employees contain the relevant data protection provisions.
c) Purpose of the processing
The purpose of data processing is to enable the Data Controller to fulfil its reporting obligations under point 3 of Annex 1 of Act CL of 2017 and its record-keeping obligations under paragraph (1) of Article 99/A of Act LXXXI of 1997 in relation to its employees.
d) Duration of processing
For 5 years after reaching retirement age.
e) Data security
The Data Controller's IT department is responsible for the security of the Data Processing. No automated decision making, including profiling, takes place during the processing.
f) Data processors
A data processor is a natural or legal person who or which processes personal data on behalf of the Data Controller.
No data processor is used in the course of this processing.
4. PAYROLL ACTIVITY
a) Legal basis for the data controller's processing
Article 6(1)(c) of the GDPR, which provides that processing is necessary for compliance with a legal obligation to which the data controller is subject.
b) Transfer of personal data
The Data Controller does not transfer personal data to third countries or intergovernmental organizations.
Among the personal data, the Data Controller transfers the data on the salary to the recruitment agents under contract with them, given that this data is the basis for the calculation of the agents' fees. The agency contract and the employment contract of the employees contain the relevant data protection provisions.
c) Purpose of the processing
The purpose of the processing is to enable the Data Controller to fulfil the employer's obligations under the law in relation to payroll and payroll payments.
d) Duration of processing
For 5 years after reaching retirement age.
e) Data security
The Data Controller's IT department is responsible for the security of the Data Processing. No automated decision making, including profiling, takes place during the processing.
f) Data processors
A data processor is a natural or legal person who or which processes personal data on behalf of the Data Controller.
In the course of this data processing, a data processor is used:
Timil On Limited Liability Company (registered office: 1012 Budapest, Kuny Domokos street 13-15.; tax number: 32088401-2-41)
5. APPLICATION FOR HR and COMPENSATION ACTIVITIES
a) Legal basis for the data controller's processing
Article 6(1)(f) GDPR, according to which processing is necessary for the purposes of the legitimate interests pursued by the data controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.
b) Transfer of personal data
The Data Controller will not transfer personal data to third parties for the purposes of this processing.
c) Purpose of data processing
The purpose of the processing is to ensure that the Data Controller keeps the CVs of the employees and their attachments for use as evidence in any future employment or other legal dispute against the employee.
d) Duration of processing
3 years after the termination of employment in the default case, or 5 years after the end of the tax year (in the default case) in the case of tax elements.
e) Data security
The Data Controller's IT department is responsible for the security of the Data Processing. No automated decision making, including profiling, takes place during the processing.
f) Data processors
A data processor is a natural or legal person who or which processes personal data on behalf of the Data Controller.
No data processor is used for this purpose.
6. GENERAL CONTRACT MANAGEMENT ACTIVITIES
a) Legal basis for the data controller's processing
Article 6(1)(b) GDPR, which states that processing is necessary for the performance of a contract to which the data subject is a party or for the purposes of taking steps at the request of the data subject prior to entering into a contract
Article 6(1)(f) GDPR with regard to the data of the representatives of the contracting partner.
b) Transfer of personal data
The Data Controller does not transfer personal data to third countries or intergovernmental organizations.
However, in the course of processing the Data, the Data Controller may use software (e.g. DocuSign, Zoom) operated by service providers based abroad. In such cases, the Data Controller will assess the impact of the use of the software on personal data, its potential risks and the foreign company's compliance with the GDPR's data security requirements before using it in accordance with the GDPR's requirements.
c) Purpose of data processing
The purpose of the processing is to enable the Data Controller to fulfil its contractual obligations and enforce its contractual rights.
d) Duration of processing
Until the termination of the contract.
e) Data security
The Data Controller's IT department is responsible for the security of the Data Processing. No automated decision making, including profiling, takes place during the processing.
f) Data processors
A data processor is a natural or legal person who or which processes personal data on behalf of the Data Controller.
No data processor is used in the course of this processing.
7. PROCESSING IN THE CONTEXT OF THE CORE BUSINESS
g) Legal basis for the data controller's processing
Article 6(1)(b) GDPR, which states that processing is necessary for the performance of a contract to which the data subject is a party or for the purposes of taking steps at the request of the data subject prior to entering into a contract
Article 6(1)(f) GDPR with regard to the data of the representatives of the contracting partner.
h) Transfer of personal data
The Data Controller does not transfer personal data to third countries or intergovernmental organizations.
However, in the course of processing the Data, the Data Controller may use software (e.g. DocuSign, Zoom) operated by service providers based abroad. In such cases, the Data Controller will assess the impact of the use of the software on personal data, its potential risks and the foreign company's compliance with the GDPR's data security requirements before using it in accordance with the GDPR's requirements.
i) Purpose of the processing
The purpose of the processing is to enable the Data Controller to fulfil its contractual obligations and to enforce its rights under the contract in relation to customer and business relations in connection with the provision of computer programming and information technology services as its core business.
j) Duration of processing
Until the termination of the contract.
k) Data security
The Data Controller's IT department is responsible for the security of the Data Processing. No automated decision making, including profiling, takes place during the processing.
l) Data processors
No data processor is used in the course of this processing.
8. PROCESSING IN CONNECTION WITH GENERAL CONTROL AND MANAGEMENT OF DATA IN CONNECTION WITH THE MAIN ACTIVITIES
a) Legal basis for the data controller's processing
Article 6(1)(f) GDPR, according to which processing is necessary for the purposes of the legitimate interests pursued by the data controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.
b) Transfer of personal data
The Data Controller will not transfer personal data to third parties for the purposes of this processing.
c) Purpose of the processing
The purpose of the processing is to preserve the contracts and their annexes so that the Data Controller can use them as evidence in any future litigation or other dispute with the contracting partner.
d) Duration of processing
5 years after the termination of the contractual relationship.
e) Data security
The Data Controller's IT department is responsible for the security of the Data Processing. No automated decision making, including profiling, takes place during the processing.
f) Data processors
A data processor is a natural or legal person who or which processes personal data on behalf of the Data Controller.
No data processor is used for this purpose.
9. MARKETING COMMUNICATIONS
a) Legal basis for the data controller's processing
Article 6(1)(a) of the GDPR, according to which the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes;
Article 6(1)(f) GDPR (legitimate interest) in relation to the opposing parties.
b) Transfer of personal data
The Data Controller does not transfer personal data to third countries or intergovernmental organizations.
However, in the course of processing the Data, the Data Controller may use software (e.g. DocuSign, Zoom) operated by service providers based abroad. In such cases, the Data Controller will assess the impact of the use of the software on personal data, its potential risks and the foreign company's compliance with the GDPR's data security requirements before using it in accordance with the GDPR's requirements.
c) Purpose of the processing
The purpose of the data processing is to enable the Data Controller to advertise and promote its activities widely, to subscribe to its newsletters and to contact interested parties directly.
d) Duration of processing
Until the Data Subject's consent to processing is withdrawn.
e) Data security
The Data Controller's IT department is responsible for the security of the Data Processing. No automated decision making, including profiling, takes place during the processing.
f) Data processors
No data processor is used in the course of this processing.
10. PRIVATE JOB-BROKERING
a) Legal basis for the data controller's processing
Article 6(1)(a) of the GDPR, according to which the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes.
b) Transfer of personal data
The Data Controller does not transfer personal data for the purposes of this processing.
c) Purpose of data processing
The purpose of the processing is to enable the Data Controller to provide private employment services.
d) Duration of processing
Until the Data Subject's consent to processing is withdrawn.
e) Data security
The Data Controller's IT department is responsible for the security of the Data Processing. No automated decision making, including profiling, takes place during the processing.
f) Data processors
A data processor is a natural or legal person who or which processes personal data on behalf of the Data Controller.
No data processor is used in the course of this processing.
IV. RIGHTS RELATING TO THE MANAGEMENT OF DATA, LEGISLATIVE BONUSES
1. RIGHTS IN RELATION TO DATA PROCESSING
a) The Data Subject may request the Data Controller to:
b) The Data Subject may submit a Data Subject's request to the Data Controller using the contact details specified in point 1. The Data Controller shall comply with the Data Subject's lawful request within a maximum of one month (taking into account the complexity of the request and the number of requests, this time limit may be extended by a further two months in justified cases) and shall notify the Data Subject thereof at the contact details provided by the Data Subject.
a) THE RIGHT TO REQUEST INFORMATION (UNDER ARTICLES 13-14 OF THE GENERAL DATA PROTECTION REGULATION)
The Data Subject may request the Data Controller in writing to inform him or her that.
b) THE RIGHT OF ACCESS (BASED ON ARTICLE 15 OF THE GENERAL DATA PROTECTION REGULATION)
The Data Subject has the right to receive feedback from the Data Controller as to whether or not his or her personal data are being processed and, if such processing is ongoing, the Data Subject has the right to obtain access to the personal data processed and may request this in writing from the Data Controller.
The Data Controller shall provide the Data Subject with a copy of the personal data subject to processing. If the Data Subject has made the request by electronic means, the information shall be provided in a commonly used electronic format, unless the Data Subject requests otherwise.
c) THE RIGHT TO RECTIFICATION OR INTEGRATION (UNDER ARTICLE 16 OF THE GENERAL DATA PROTECTION REGULATION)
The Data Subject may request in writing that the Data Controller amend or correct any of his or her personal data (for example, he or she may at any time change his or her e-mail address or postal address or request that the Data Controller correct any inaccurate personal data processed by the Data Controller).
Taking into account the purpose of the processing, the Data Subject shall have the right to request that his or her incomplete personal data processed by the Data Controller be duly completed.
d) THE RIGHT TO ERASURE (UNDER ARTICLE 17 OF THE GENERAL DATA PROTECTION REGULATION)
d.1) Personal data under applicable law will be processed by the Data Controller for the duration of the processing period set out in this Privacy Notice.
The Data Subject shall have the right to obtain from the Data Controller, upon his or her request, the erasure of personal data relating to him or her without undue delay, and the Data Controller shall be obliged to erase personal data relating to the Data Subject without undue delay if one of the following grounds applies:
d.2) Data cannot be deleted if the processing is necessary:
e) THE RIGHT TO RESTRICTION OF PROCESSING (BASED ON ARTICLE 18 OF THE GENERAL DATA PROTECTION REGULATION)
The Data Subject may request in writing that the Data Controller restricts the processing of his or her personal data if one of the following conditions is met:
If processing is restricted on the basis of the above, such personal data, except for storage, may only be processed with the consent of the Data Subject or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the European Union or of a Member State.
The Data Controller shall inform the Data Subject - at whose request the processing has been restricted - in advance of the lifting of the restriction.
f) THE RIGHT TO OBJECT (UNDER ARTICLE 21 OF THE GENERAL DATA PROTECTION REGULATION)
The Data Subject shall have the right to object to the processing of personal data for the legitimate interests of the Data Controller (third party), in which case the Data Controller may no longer process the personal data, unless he or she can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Where personal data are processed for direct marketing purposes, the Data Subject may object at any time to the processing of personal data concerning him or her for such purposes, including profiling, where it is related to direct marketing. If the Data Subject objects, the data may no longer be processed for that purpose.
g) THE RIGHT TO WITHDRAW CONSENT (UNDER ARTICLE 7 OF THE GENERAL DATA PROTECTION REGULATION)
The Data Subject has the right to withdraw his or her consent at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal. The right to withdraw consent is as simple as giving it.
h) YOUR RIGHTS OF REDRESS IN RELATION TO DATA PROCESSING
Initiation of legal proceedings
The Data Subject may take legal action against the Data Controller (or, in the context of processing operations within the scope of the controller's activities, the processor) if the Data Subject considers that the Data Controller or a processor acting on his or her behalf or at his or her instructions is processing his or her personal data in breach of the provisions on the processing of personal data laid down by law or by a legally binding act of the European Union.
The court has jurisdiction to hear the case. The lawsuit may also be brought, at the Data Subject's option, before the competent court in the place where the Data Subject resides or is domiciled: http://birosag.hu/torvenyszekek
The Data Controller shall compensate the damage caused by unlawful processing of the Data Subject's data or by breach of data security requirements, but shall be exempt from liability if the damage was caused by an unavoidable cause outside the scope of the processing. The Data Controller shall not compensate the damage in so far as it has been caused by the intentional or grossly negligent conduct of the data subject. In case of infringement of the Data Subject's right to privacy, the Data Subject may claim damages.
Initiation of an administrative procedure
In order to assert his/her rights, the Data Subject may initiate an investigation or an official procedure at the National Authority for Data Protection and Freedom of Information (1055 Budapest, Falk Miksa street 9-11, website: http://naih.hu; postal address: 1396 Budapest, Pf.: 9.; telephone: +36-1-391-1400; fax: +36-1-391-1410; e-mail: ugyfelszolgalat@naih.hu), on the grounds that his/her personal data have been processed in violation of his/her rights or that there is an imminent threat of such violation, in particular,
I. THE IDENTITY OF THE DATA CONTROLLER, THE CONCEPT OF PERSONAL DATA AND THE DATA SUBJECT
The Data Controller is the legal person that determines, alone or jointly with others, the purposes and means of the processing of personal data.
In relation to these rules
Data Controller: GITMAX IT Services Zrt.
Headquarters: 1118 Budapest, Kelenhegyi str. 43. Building A 4 floor 8 .
Website address: https://gitmax.com
E-mail address: info@gitmax.com
Phone number: +36 1 808 90 21
Data Protection Officer: Dr. Miklós Rátky and Dr. László Attila Kovács info@ratkynet.hu)
For the purposes of this Policy, personal data means any information relating to an identified or identifiable natural person (the Data Subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier (such as a name, number, an identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person).
II. THE LEGISLATION ON WHICH THIS PRIVACY POLICY IS BASED
- The main legal provisions applicable to the processing of data under this Policy and their abbreviations used in this notice:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the General Data Protection Regulation or GDPR)
- Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information.
- Act V of 2013 on the Civil Code
III. CERTAIN DATA PROCESSING PURPOSES
1. RECRUITING YOUR OWN STAFF
a) Legal basis for the data controller's processing
In the case of CVs sent voluntarily by applicants, Article 6(1)(a) of the GDPR, which provides that personal data may be processed if (a) the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes.
In the case of the online search for potential candidates by the company and the collection of information published there, Article 6 (1) (f) GDPR, according to which the processing is necessary for the purposes of the legitimate interests pursued by the data controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.
b) Transfer of personal data to a third country or international organization
The Data Controller does not transfer personal data to third countries or intergovernmental organizations.
c) Purpose of data processing
The purpose of the processing is for the Data Controller to conclude employment contracts with employees, to receive or search CVs.
d) Duration of processing
The data processing lasts until the negotiations with the candidate have been completed, at the latest until the conclusion of the employment contract or until the candidate is rejected.
e) Data security
The Data Controller's IT department is responsible for the security of the Data Processing. No automated decision making, including profiling, takes place during the processing.
f) Data processors
A data processor is a natural or legal person who or which processes personal data on behalf of the Data Controller.
No data processor is used in the course of this processing.
2. PROCEDURES IN CONNECTION WITH THE PROCESSING OF THE WORKERS
a) Legal basis for the data controller's processing
Article 6(1)(f) GDPR, according to which processing is necessary for the purposes of the legitimate interests pursued by the data controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.
b) Transfer of personal data to a third country or international organisation
The Data Controller does not transfer personal data to third countries or intergovernmental organisations.
c) Purpose of data processing
The purpose of the processing is to ensure that the Data Controller keeps the CVs of the employees and their attachments for use as evidence in any future employment or other legal dispute against the employee.
d) Duration of processing
The processing of data will take place from the end of the negotiations with the candidate, i.e. from the conclusion of the employment contract until 5 years after the termination of the employment relationship at the latest.
e) Data security
The Data Controller's IT department is responsible for the security of the Data Processing. No automated decision making, including profiling, takes place during the processing.
f) Data processors
A data processor is a natural or legal person who or which processes personal data on behalf of the Data Controller.
No data processor is used in the course of this processing.
3. HUMAN RESOURCES ACTIVITIES
a) Legal basis for the data controller's processing
Article 6(1)(c) of the GDPR, which provides that processing is necessary for compliance with a legal obligation to which the data controller is subject.
b) Transfer of personal data
The Data Controller does not transfer personal data to third countries or intergovernmental organizations.
Among the personal data, the Data Controller transfers the data on the salary to the recruitment agents under contract with them , given that this data is the basis for the calculation of the agents' fees. The agency contract and the employment contract of the employees contain the relevant data protection provisions.
c) Purpose of the processing
The purpose of data processing is to enable the Data Controller to fulfil its reporting obligations under point 3 of Annex 1 of Act CL of 2017 and its record-keeping obligations under paragraph (1) of Article 99/A of Act LXXXI of 1997 in relation to its employees.
d) Duration of processing
For 5 years after reaching retirement age.
e) Data security
The Data Controller's IT department is responsible for the security of the Data Processing. No automated decision making, including profiling, takes place during the processing.
f) Data processors
A data processor is a natural or legal person who or which processes personal data on behalf of the Data Controller.
No data processor is used in the course of this processing.
4. PAYROLL ACTIVITY
a) Legal basis for the data controller's processing
Article 6(1)(c) of the GDPR, which provides that processing is necessary for compliance with a legal obligation to which the data controller is subject.
b) Transfer of personal data
The Data Controller does not transfer personal data to third countries or intergovernmental organizations.
Among the personal data, the Data Controller transfers the data on the salary to the recruitment agents under contract with them, given that this data is the basis for the calculation of the agents' fees. The agency contract and the employment contract of the employees contain the relevant data protection provisions.
c) Purpose of the processing
The purpose of the processing is to enable the Data Controller to fulfil the employer's obligations under the law in relation to payroll and payroll payments.
d) Duration of processing
For 5 years after reaching retirement age.
e) Data security
The Data Controller's IT department is responsible for the security of the Data Processing. No automated decision making, including profiling, takes place during the processing.
f) Data processors
A data processor is a natural or legal person who or which processes personal data on behalf of the Data Controller.
In the course of this data processing, a data processor is used:
Timil On Limited Liability Company (registered office: 1012 Budapest, Kuny Domokos street 13-15.; tax number: 32088401-2-41)
5. APPLICATION FOR HR and COMPENSATION ACTIVITIES
a) Legal basis for the data controller's processing
Article 6(1)(f) GDPR, according to which processing is necessary for the purposes of the legitimate interests pursued by the data controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.
b) Transfer of personal data
The Data Controller will not transfer personal data to third parties for the purposes of this processing.
c) Purpose of data processing
The purpose of the processing is to ensure that the Data Controller keeps the CVs of the employees and their attachments for use as evidence in any future employment or other legal dispute against the employee.
d) Duration of processing
3 years after the termination of employment in the default case, or 5 years after the end of the tax year (in the default case) in the case of tax elements.
e) Data security
The Data Controller's IT department is responsible for the security of the Data Processing. No automated decision making, including profiling, takes place during the processing.
f) Data processors
A data processor is a natural or legal person who or which processes personal data on behalf of the Data Controller.
No data processor is used for this purpose.
6. GENERAL CONTRACT MANAGEMENT ACTIVITIES
a) Legal basis for the data controller's processing
Article 6(1)(b) GDPR, which states that processing is necessary for the performance of a contract to which the data subject is a party or for the purposes of taking steps at the request of the data subject prior to entering into a contract
Article 6(1)(f) GDPR with regard to the data of the representatives of the contracting partner.
b) Transfer of personal data
The Data Controller does not transfer personal data to third countries or intergovernmental organizations.
However, in the course of processing the Data, the Data Controller may use software (e.g. DocuSign, Zoom) operated by service providers based abroad. In such cases, the Data Controller will assess the impact of the use of the software on personal data, its potential risks and the foreign company's compliance with the GDPR's data security requirements before using it in accordance with the GDPR's requirements.
c) Purpose of data processing
The purpose of the processing is to enable the Data Controller to fulfil its contractual obligations and enforce its contractual rights.
d) Duration of processing
Until the termination of the contract.
e) Data security
The Data Controller's IT department is responsible for the security of the Data Processing. No automated decision making, including profiling, takes place during the processing.
f) Data processors
A data processor is a natural or legal person who or which processes personal data on behalf of the Data Controller.
No data processor is used in the course of this processing.
7. PROCESSING IN THE CONTEXT OF THE CORE BUSINESS
g) Legal basis for the data controller's processing
Article 6(1)(b) GDPR, which states that processing is necessary for the performance of a contract to which the data subject is a party or for the purposes of taking steps at the request of the data subject prior to entering into a contract
Article 6(1)(f) GDPR with regard to the data of the representatives of the contracting partner.
h) Transfer of personal data
The Data Controller does not transfer personal data to third countries or intergovernmental organizations.
However, in the course of processing the Data, the Data Controller may use software (e.g. DocuSign, Zoom) operated by service providers based abroad. In such cases, the Data Controller will assess the impact of the use of the software on personal data, its potential risks and the foreign company's compliance with the GDPR's data security requirements before using it in accordance with the GDPR's requirements.
i) Purpose of the processing
The purpose of the processing is to enable the Data Controller to fulfil its contractual obligations and to enforce its rights under the contract in relation to customer and business relations in connection with the provision of computer programming and information technology services as its core business.
j) Duration of processing
Until the termination of the contract.
k) Data security
The Data Controller's IT department is responsible for the security of the Data Processing. No automated decision making, including profiling, takes place during the processing.
l) Data processors
No data processor is used in the course of this processing.
8. PROCESSING IN CONNECTION WITH GENERAL CONTROL AND MANAGEMENT OF DATA IN CONNECTION WITH THE MAIN ACTIVITIES
a) Legal basis for the data controller's processing
Article 6(1)(f) GDPR, according to which processing is necessary for the purposes of the legitimate interests pursued by the data controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.
b) Transfer of personal data
The Data Controller will not transfer personal data to third parties for the purposes of this processing.
c) Purpose of the processing
The purpose of the processing is to preserve the contracts and their annexes so that the Data Controller can use them as evidence in any future litigation or other dispute with the contracting partner.
d) Duration of processing
5 years after the termination of the contractual relationship.
e) Data security
The Data Controller's IT department is responsible for the security of the Data Processing. No automated decision making, including profiling, takes place during the processing.
f) Data processors
A data processor is a natural or legal person who or which processes personal data on behalf of the Data Controller.
No data processor is used for this purpose.
9. MARKETING COMMUNICATIONS
a) Legal basis for the data controller's processing
Article 6(1)(a) of the GDPR, according to which the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes;
Article 6(1)(f) GDPR (legitimate interest) in relation to the opposing parties.
b) Transfer of personal data
The Data Controller does not transfer personal data to third countries or intergovernmental organizations.
However, in the course of processing the Data, the Data Controller may use software (e.g. DocuSign, Zoom) operated by service providers based abroad. In such cases, the Data Controller will assess the impact of the use of the software on personal data, its potential risks and the foreign company's compliance with the GDPR's data security requirements before using it in accordance with the GDPR's requirements.
c) Purpose of the processing
The purpose of the data processing is to enable the Data Controller to advertise and promote its activities widely, to subscribe to its newsletters and to contact interested parties directly.
d) Duration of processing
Until the Data Subject's consent to processing is withdrawn.
e) Data security
The Data Controller's IT department is responsible for the security of the Data Processing. No automated decision making, including profiling, takes place during the processing.
f) Data processors
No data processor is used in the course of this processing.
10. PRIVATE JOB-BROKERING
a) Legal basis for the data controller's processing
Article 6(1)(a) of the GDPR, according to which the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes.
b) Transfer of personal data
The Data Controller does not transfer personal data for the purposes of this processing.
c) Purpose of data processing
The purpose of the processing is to enable the Data Controller to provide private employment services.
d) Duration of processing
Until the Data Subject's consent to processing is withdrawn.
e) Data security
The Data Controller's IT department is responsible for the security of the Data Processing. No automated decision making, including profiling, takes place during the processing.
f) Data processors
A data processor is a natural or legal person who or which processes personal data on behalf of the Data Controller.
No data processor is used in the course of this processing.
IV. RIGHTS RELATING TO THE MANAGEMENT OF DATA, LEGISLATIVE BONUSES
1. RIGHTS IN RELATION TO DATA PROCESSING
a) The Data Subject may request the Data Controller to:
- information about the processing of your personal data (before and during the processing),
- access to your personal data (the provision of your personal data by the Data Controller),
- the correction or integration of your personal data,
- erasure of your personal data
- the restriction of processing,
- object to the processing of your personal data
- may withdraw their consent to the processing .
b) The Data Subject may submit a Data Subject's request to the Data Controller using the contact details specified in point 1. The Data Controller shall comply with the Data Subject's lawful request within a maximum of one month (taking into account the complexity of the request and the number of requests, this time limit may be extended by a further two months in justified cases) and shall notify the Data Subject thereof at the contact details provided by the Data Subject.
a) THE RIGHT TO REQUEST INFORMATION (UNDER ARTICLES 13-14 OF THE GENERAL DATA PROTECTION REGULATION)
The Data Subject may request the Data Controller in writing to inform him or her that.
- what personal data,
- on what legal basis,
- for what purpose,
- from what source,
- how long it will treat,
- whether it employs a data processor, and if so, the name and address of any data processor and its activities in relation to data processing,
- to whom, when, under what law, to which personal data the Data Controller has given access or to whom the Data Controller has transferred the personal data,
- the circumstances and effects of a possible data breach and the measures taken to deal with it.
b) THE RIGHT OF ACCESS (BASED ON ARTICLE 15 OF THE GENERAL DATA PROTECTION REGULATION)
The Data Subject has the right to receive feedback from the Data Controller as to whether or not his or her personal data are being processed and, if such processing is ongoing, the Data Subject has the right to obtain access to the personal data processed and may request this in writing from the Data Controller.
The Data Controller shall provide the Data Subject with a copy of the personal data subject to processing. If the Data Subject has made the request by electronic means, the information shall be provided in a commonly used electronic format, unless the Data Subject requests otherwise.
c) THE RIGHT TO RECTIFICATION OR INTEGRATION (UNDER ARTICLE 16 OF THE GENERAL DATA PROTECTION REGULATION)
The Data Subject may request in writing that the Data Controller amend or correct any of his or her personal data (for example, he or she may at any time change his or her e-mail address or postal address or request that the Data Controller correct any inaccurate personal data processed by the Data Controller).
Taking into account the purpose of the processing, the Data Subject shall have the right to request that his or her incomplete personal data processed by the Data Controller be duly completed.
d) THE RIGHT TO ERASURE (UNDER ARTICLE 17 OF THE GENERAL DATA PROTECTION REGULATION)
d.1) Personal data under applicable law will be processed by the Data Controller for the duration of the processing period set out in this Privacy Notice.
The Data Subject shall have the right to obtain from the Data Controller, upon his or her request, the erasure of personal data relating to him or her without undue delay, and the Data Controller shall be obliged to erase personal data relating to the Data Subject without undue delay if one of the following grounds applies:
- the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- the personal data have been unlawfully processed;
- the personal data are subject to a legal obligation applicable to the Data Controller under a legally binding act of the European Union or under law law or regulation, it must be erased.
d.2) Data cannot be deleted if the processing is necessary:
- to exercise the right to freedom of expression and information;
- for the purposes of complying with an obligation imposed on the Data Controller by a legally binding act of the European Union or by law, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller, which requires the processing of personal data;
- on grounds of public interest in the field of public health pursuant to Article 9(2)(h) and (i) of the GDPR and Article 9(3) of the GDPR;
- for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes in accordance with Article 89(1) of the General Data Protection Regulation, where the right of erasure would be likely to render such processing impossible or seriously jeopardize it; or
- to bring, enforce or defend legal claims.
e) THE RIGHT TO RESTRICTION OF PROCESSING (BASED ON ARTICLE 18 OF THE GENERAL DATA PROTECTION REGULATION)
The Data Subject may request in writing that the Data Controller restricts the processing of his or her personal data if one of the following conditions is met:
- the data subject contests the accuracy of the personal data, in which case the restriction applies for the period of time that allows the data subject to Data Controller to verify the accuracy of the personal data;
- the processing is unlawful and the Data Subject opposes the erasure of the data and requests instead the restriction of their use;
- the Data Controller no longer needs the personal data for the purposes of processing, but the Data Subject requires them for the establishment, exercise or defense of legal claims; or
- the Data Subject has objected to the processing pursuant to Article 21(1) of the GDPR; in this case, the restriction shall apply for the period until it is determined whether the legitimate grounds of the Data Controller prevail over the legitimate grounds of the Data Subject.
If processing is restricted on the basis of the above, such personal data, except for storage, may only be processed with the consent of the Data Subject or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the European Union or of a Member State.
The Data Controller shall inform the Data Subject - at whose request the processing has been restricted - in advance of the lifting of the restriction.
f) THE RIGHT TO OBJECT (UNDER ARTICLE 21 OF THE GENERAL DATA PROTECTION REGULATION)
The Data Subject shall have the right to object to the processing of personal data for the legitimate interests of the Data Controller (third party), in which case the Data Controller may no longer process the personal data, unless he or she can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Where personal data are processed for direct marketing purposes, the Data Subject may object at any time to the processing of personal data concerning him or her for such purposes, including profiling, where it is related to direct marketing. If the Data Subject objects, the data may no longer be processed for that purpose.
g) THE RIGHT TO WITHDRAW CONSENT (UNDER ARTICLE 7 OF THE GENERAL DATA PROTECTION REGULATION)
The Data Subject has the right to withdraw his or her consent at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal. The right to withdraw consent is as simple as giving it.
h) YOUR RIGHTS OF REDRESS IN RELATION TO DATA PROCESSING
Initiation of legal proceedings
The Data Subject may take legal action against the Data Controller (or, in the context of processing operations within the scope of the controller's activities, the processor) if the Data Subject considers that the Data Controller or a processor acting on his or her behalf or at his or her instructions is processing his or her personal data in breach of the provisions on the processing of personal data laid down by law or by a legally binding act of the European Union.
The court has jurisdiction to hear the case. The lawsuit may also be brought, at the Data Subject's option, before the competent court in the place where the Data Subject resides or is domiciled: http://birosag.hu/torvenyszekek
The Data Controller shall compensate the damage caused by unlawful processing of the Data Subject's data or by breach of data security requirements, but shall be exempt from liability if the damage was caused by an unavoidable cause outside the scope of the processing. The Data Controller shall not compensate the damage in so far as it has been caused by the intentional or grossly negligent conduct of the data subject. In case of infringement of the Data Subject's right to privacy, the Data Subject may claim damages.
Initiation of an administrative procedure
In order to assert his/her rights, the Data Subject may initiate an investigation or an official procedure at the National Authority for Data Protection and Freedom of Information (1055 Budapest, Falk Miksa street 9-11, website: http://naih.hu; postal address: 1396 Budapest, Pf.: 9.; telephone: +36-1-391-1400; fax: +36-1-391-1410; e-mail: ugyfelszolgalat@naih.hu), on the grounds that his/her personal data have been processed in violation of his/her rights or that there is an imminent threat of such violation, in particular,
- if, in its opinion, the Data Controller restricts the exercise of the Data Subject's rights or refuses to exercise those rights (initiation of an investigation); and
- If you consider that, in the processing of your personal data, the Data Controller or a data processor acting on its behalf or at its instructions is in breach of the provisions on the processing of personal data laid down by law or by a legally binding act of the European Union (request for a judicial procedure).