Privacy policy

Data manager’s data: Era Sped Kft.
The organization’s headquarters: H-4032 Debrecen Nagy Lajos király tér 5.
VAT number: HU12606043
Company Registration Number: 09-09-007620/3

Person responsible for the content of this policy: László Kelemen
Date of entry into force of the policy: 2018. május 25.

Introduction

Those interested in the services of Era Sped Kft.(hereinafter company) (, the users of the services (based on the contractual relationship between the concerned parties) and those applying for a job, voluntarily agree that the company will manage their personal data in order to facilitate the smooth communication and smooth operation of the services. This voluntary contribution covers only the storage and handling of data related to service activities.

The company takes responsibility for all data management will be done as stated in this policy and complies to the current national regulations and to the legal acts laid down by the European Union.

The company reserves the right to change the content of this policy at any point in time and takes liability to notify the competent contact persons at the partner companies.
The company is commited to protect the personal data of its customers and partners and respects the right of self-determination of the clients.
The company handles the personal data confidentially and does every safety, technial and organizational measures to keep this data safe.

Concerning Legislations
The data manager takes liability for the activity concerned, it is done under the current legislations. These are the following when issuing this policy:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and ont he free movement of such data, and repealing Directive 95/46 EC (General Data Protection Regulation) (Text with EEA relevance)
  • 2011 CXII. Act on Information Self-Determination and Freedom of Information.

 

The personal data we manage

General rule for dealing with personal information of our customers:

  • during the use of the services and the providing of the services, in case of some other services it is possible to provide additional information, which helps to fully understand the expected needs of the contracted parties (this is not a condition of using the service),
  • to maintain customer relations (personal data of legal person, client, customer, supplier representative) the following informations have to be provided:

Name: Managing the contact’s name is necessary to establish a personal relationship and to keep the administrative processes running smoothly.
Address: Managing the contact’s address is necessary to establish a personal relationship and to keep the administrative processes running smoothly.
Phone number: The telephone number is essential for communicating with the user, and to keep the administrative processes running smoothly.
E-mail: The e-mail address is essential for communicating with the user, and to keep the administrative processes running smoothly.
Home address: The address is essential for communicating with the user, and to keep the administrative processes running smoothly.

The given personal datas are kept in different files and can be accessed only by authorized personnel.
The legal basis for data management:
The consent of the client’s contact,which is given for communicational purposes, for the use of services and to provide services. The contribution is based on Infotv. Article 5 (1) (a).

Duration of data management:
The cusomer’s information will be processed until a voluntary cancellation request or after 5 years after the termination of the service (contract) or as provided by the applicable law(s).

Job offer surface

It is for the applicants to the job advertisements, through which we contact the winning applicant.

Name: Managing the applicant’s name is necessary in order to establish a personal relationship and the smooth running of the application processes.
Address: Managing the applicant’s address is necessary to establish a personal relationship and to smooth the application process.
Phone number: The telephone number is essential for keeping in touch with the applicant and to smooth the application process.
E-mail: The e-mail address is essential for keeping in touch with the applicant and to smooth the application process.
Home address: The home address is essential for keeping in touch with the applicant and to smooth the application process.

Recipients of personal data and categories of recipients: the manager of Era Sped Kft.
Storage time of personal information: until the end of the tender.
The personal information of Unselected candidates and those who have withdrawn their application will delete be deleted.
The application can only be retained on the basis of the, explicit and voluntary consent of the data subject, provided that their preservation is necessary in order to achieve the purpose of the data management in accordance with the law (consent must be requested from the applicants after the completion of the recruitment procedure).

Managing of the cookies

Cookies for statistical purposes gather anonymus information to help the website owners on how the visitors use the website
The purpose of data management: To analyze anonym user habits by using Google Analytics a Google Analytics
The legal basis for data management: the consent of the data subject.
The range of data processed: identification number.
Duration of data management: until the expiration of the cookie (technical or optional) or until the cookie is deleted by the affected.

The user can delete the cookie(s) from their computer or they can disable the usage of cookies in their browser(s).

The data management

Personal data may be handled only if the data subject has given their consent or is required by law or, under the authority of the law, within the limits specified therein. Personal data can only be processed after giving detailed information and getting the consent of the data subject.

Personal data may only be processed for a specific purpose, for the purpose of exercising rights and fulfilling an obligation. Data management must meet this objective in every stage.
Only personal data which is necessary for the purpose of data management, suitable for achieving the goal of the data management and only to the extent and for the time necessary to achieve this.
The concerned must be informed clearly, comprehensibly and in detail about the management of his / her data especially about the legal basis, the purpose of the management, the personnel authorized to manage the information, the period of the management and who can get the informations. The information should also cover the rights and legal remedies of the data subject. The use of generic and uniform identification mark is prohibited.

 

The personal informations can only be forwarded as well as the different data processings can only be linked if the data subject gave his / her consent or it is allowed by law and if the data management’s conditions apply to every personal data.

Personal data (including special data too) can only be transferred out of the country – regardless of the method and data carrier – to a data manager / data processor in a third country if explicitly agreed by the data subject, if explicitly agreed by the data subject, or it is permitted by law, and an adequate level of personal data protection is ensured Transferring to the EEA States should be considered as a transfer of data within the territory of Hungary.

Technical measures

Data is protected by appropriate measures against unauthorized access, alteration, forwarding, disclosure, deletion or destruction, and accidental destruction.

We provide technical, organizational measures to ensure the security of data management, providing a level of protection appropriate to the risks associated with data management.

What we maintain during the data management:

  • confidentiality: we protect the information so only those can access it who have authorization
  • integrity: we protect the accuracy and completeness of the information and processing method
  • availability: we make sure that when the authorized user needs it they can actually access the information they need and have the related tools for it.

Who can access the stored data: The data may be accessed by the data controller and its employees, the data are not disclosed to third parties. The employees concerned have an appropriate Privacy Statement.

Name and activity of data processor:
IT Service Provider as Data Processor (Website: Operator):

Company name: T-Systems Magyarország Private Company Limited
Head office: 1097 Budapest, Könyves Kálmán körút 36.
Company registration number: 01-10-044852
VAT number: 12928099-2-44
Website: https://www.telekom.hu/uzleti/
E-mail: –
Name of representative: –

Accounting service provider as data processor
Company name: H-D’ Verzió Ltd.
Head office: 4024 Debrecen, Tímár u. 20. I/1.
Company registration number: 09-09-004080
VAT number: 12114485-1-09
Website: –
E-mail: hdverzio@hdverzio.hu
Name of representative: Dojcsák Mária

Rights related to data management

RIGHT TO REQUEST INFORMATION (Article 15 of EU Regulation)
Request information in a written form

  • what personal information,
  • on what legal basis,
  • purpose of data management
  • from what source,
  • for how long we manage and
  • to whom, when, under what legislation, which personal data we provided access to, or
  • to whom we forward your personal information.

The request received will be completed within 30 days, by letter sent to the contact you provided, in the case of an electronic request then to the provided e-mail address.
(1) The concerned is entitled to get a respond from the Data Processor regarding the handling of their information and if any data management is in progress they have the right to have access to their personal data and the following information:
a) purpose of the data management;
b) categories of personal data involved;
c) the categories of recipients to whom or with whom personal data were communicated, including in particular third-country recipients or international organizations;
d) in that particular case, the planned duration of the storage of personal data or, if this is not possible, the criteria for determining that period;
e) the right of the data subject to request the correction, deletion of their personal data or the limitation of its management and can object to the handling of such personal;
f) the right to lodge a complaint with a supervisory authority;
g) if the data were not collected from the data subject, all available information about their source;
h) the fact of automated decision making, including profiling, and at least in these cases the logic used and understandable information about the importance of such data management and the expected consequences for the data subject.
(2) The Data Controller shall make a copy of the personal data and make it available to the data subject. The Controller may charge a reasonable fee based on administrative costs for additional copies requested by the data subject. If the data subject has submitted the application by electronic means, the information shall be made available in a widely used electronic format, unless otherwise requested by the data subject. The right to request a copy must not adversely affect the rights and freedoms of others.

RIGHT TO CORRECTIONS (EU Regulation Article 16)

You may request in writing to modify any of your personal information (for example: you can change your email address at any time).
Your request will be completed within a maximum of 30 days and we will send a notification to the given contact address by post or if requested then electronically by e-mail.

If we are unable to complete your request, we will send you a notice of your refusal to do so within the same deadline, by email, or by e-mail in case of electronic request.

RIGHT TO ERASURE (EU Regulation Article 17)
You may request in writing to delete your personal information.

The request for cancellation is rejected if a particular law obliges us to store personal data further.
The request will be completed within a maximum of 30 days and a notification will be sent by post or if requested by e-mail to the address provided.
If we are unable to fulfill your request because the law imposes mandatory data management, we will notify you of the rejection of the request within the same deadline by letter, by e-mail, in the case of an electronic request.

(1) The data subject has the right to request the Data Controller to delete personal data concerning him or her, and the Data Controller is obliged to delete the personal data concerning the data subject without undue delay if one of the following reasons exists:
a) personal data are no longer needed for the purpose for which they were collected or otherwise handled;
b) the data subject withdraws his consent as the basis for the processing and there is no other legal basis for i;
c) the data subject objects to the public interest, to the exercise of public authority or to the data controller’s (third party’s) legitimate interest, and there is legitimate reason for data management or the data subject objected to data processing for direct marketing;
d) personal data have been unlawfully treated;
e) personal data must be deleted in order to fulfill a legal obligation under EU or Member State law (Hungarian law) applicable to the Data Controller;
f) personal data were collected in connection with the recommendation on information society services.
(2) If the Data Controller has disclosed personal data and is obliged to cancel it pursuant to paragraph 1, it shall take reasonable steps, including technical measures, to inform the data controllers, taking into account that the technology and implementation costs available the data subject has requested them to delete the links to the personal data in question or a copy or duplicate of such personal data.
(3) Limitation of the right of cancellation of the Data Subject may only take place in the case of the following exceptions in the GDPR, ie if the above reasons exist, the retention of personal data may be considered lawful.:
a) the exercise of the right to freedom of expression and information, or
b) if a legal obligation is met, or
c) if a public interest task is performed, or
d) by exercising the power of attorney granted to the controller or
e) public interest in the field of public health,
f) if for archiving in the public interest, or
g) if for scientific or historical research or for statistical purposes, or
h) if it is necessary for the submission, validation or protection of legal claims.

RIGHT TO BLOCK (EU Regulation Article 18)
You may request in writing to block your personal information. The blocking process will continue until the reason you specify requires storage of the data.
You may, for example, request that your data be blocked if you believe that your request has been unlawfully treated, but that the official procedure you have initiated requires that your application not be deleted. We will then store your request, which is considered personal data, and then delete the data until the authority requests it. Your request will be completed within a maximum of 30 days and will be notified by post or by e-mail to the specified contact.

THE RIGHT TO PROTEST (Article 21 of EU Regulation)
You can protest against data management in writing if we were to transmit, transfer, use or direct your personal data for direct marketing, opinion polling, or scientific research. For example, you can protest against using your personal information to send newsletters without your consent.

You may also object to data management if you consider it necessary solely to fulfill the legal obligation of the Company or to enforce its legitimate interest, except for data processing based on legal authorization. For example, you cannot object to treating your statutory data in public procurement procedures.

If you object to our data management activity, we will investigate it as soon as possible, but within a maximum of 15 days, and make a decision on the merits of the matter that we will communicate to you in writing. If you do not agree with our decision, you will be entitled to apply to the court to change the decision within 30 days of its expiration, or if we have not made a decision within the given deadline.

DATA TRANSFER (Article 20 of EU Regulation)
The data subject shall have the right to receive personal data concerning him or her from a data controller, in a distributed, widely used, machine-readable format, and shall be entitled to forward such data to another controller without being prevented from doing so. data controller to whom you have provided personal data if:
a) if the data management is based on the consent of the data subject or the performance of a contract concluded with the Data Subject
b) and data management is automated.
(2) When exercising the right to portability of data, the data subject is entitled to request, if technically feasible, the direct transmission of personal data between controllers.
(3) Exercising the right to portability of data must not prejudice the right to erasure. The right to record data shall not apply in cases where the processing is necessary for the performance of a task carried out in the exercise of public authority or of the exercise of public authority conferred on the controller.
(4) The right to portability of data must not adversely affect the rights and freedoms of others.

WITHDRAWAL OF THE CONTRIBUTION (Article 7 (3) of EU Regulation)
The data subject is entitled to withdraw their consent to the processing of his personal data at any time as follows: The data subject is entitled to withdraw their consent at any time. Withdrawal of consent does not affect the legality of the consent-based data management prior to revocation. It is entitled to withdraw the consent in the same simple manner as its grant.

YOUR RIGHT OF ENFORCEMENT RELATED TO DATA MANAGEMENT
If you have submitted an application for rectification, blocking or cancellation or objected to data management, but we have not complied with your request, you are entitled to apply to a court or authority.

In court proceedings, you are entitled to initiate the proceedings of the court of your domicile, which body will decide in a row.
You may also initiate the procedure of the National Authority for Data Protection and Freedom of Information (NAIH) if you experience a breach of data protection. Please note that NAIH advises stakeholders to first contact the controller to find a solution if a problem occurs. In this case, therefore, please ask us if you have any problems or demands, but we cannot, of course, expect it from you.
Name: National Authority for Data Protection and Information

Headquarters: 1125 Budapest Szilágyi Erzsébet fasor 22 / c.

Postal address: 1530 Budapest, Pf .: 5.

Phone: +36 (1) 391-1400

Fax: +36 (1) 391-1410

Website: http://naih.hu

Debrecen, May 25, 2018

Széchenyi 2020