Your current browser is not supported, so many features of the page cannot be used with this browser.
Please download another browser from below and visit the website again using the new browser!
1. Purpose and scope of the information document
(1) The purpose
of this Data Management Information (hereinafter: the “Information”) is
to determine the legal order of the use of the registers / databases maintained
by HR-Evolution Kft. (Hereinafter: the “Data Controller”), to ensure law
and data security requirements, and that everyone has the right to have their
personal data within the framework of legal regulations, to know the
circumstances of their processing and to prevent unauthorized access,
alteration and unauthorized disclosure of data. This Information also serves as
an information to stakeholders on the data management practices of the Data
Controller. The Data Controller acknowledges that the content of the Information
is binding on him / her, but reserves the right to change it by notifying the
public of the changes in due time.
(2) The scope of the Information extends to the processing
of personal and special data of all organizational units of the Data
Controller.
2. Governing Law
Regulation 2016/679 (27th April 2016) of the European
Parliament and the European Council on the protection of individuals with regard
to the processing of personal data and on the free movement of such data, and
repealing Regulation 95/46/EC (General Data Protection Regulation; hereinafter
referred to as the "GDPR")
§ 2011 CXII. Act on the Right to Self-Determination of
Information and Freedom of Information (hereinafter: the Information Act)
§ Act V of 2013 on the Civil Code (hereinafter: the
“Civil Code”)
§ Act CXXX of 2016 on Civil Procedure. Act (hereinafter:
“Pp.”)
3. Data Controller Data
The current company data of the Data Controller is as follows:
§
Company
name: HR-Evolution Kft. (Hereinafter: “Company” or “Data Controller”)
§
Registered office: 4th
Zsolt Street, 1st Ground Floor Budapest 1016
§
Registration No.: 01-09-913709
§
Tax No.: 14653508-2-41
§
Registry Court: Metropolitan
Court as a court of registration
§
Represented by: János
Szalkai, Managing Director
§
Phone: +
36 20 485 7867
§
E-mail: info@hrevolution.hu
4. The scope of the personal data processed, the purpose,
duration and title of the data processing
(1) The Data Controller shall carry out its data
processing on the basis of the legal basis set out in the GDPR, in particular
with the consent of the data subjects, for the conclusion or performance of a
contract, for the performance of a legal obligation or for the legitimate
interests of itself or a third party. The data subject may at any time request
detailed information on the processing of his or her personal data or have
access to his or her personal data, request their rectification, erasure or
restriction of processing, and in certain cases may object to the processing of
his or her personal data and exercise his or her right to data portability.
Where the legal basis for the processing is the data subject's consent, the
data subject may withdraw that consent at any time, without prejudice to the
lawfulness of the data processing prior to the withdrawal.
(2) Reporting agents shall communicate all information
provided to the best of their knowledge.
(3) If the data subject does not provide his or her
personal data and the legal basis for data processing is the data subject's
consent, the data subject shall be obliged to obtain the data subject's
consent.
(4) If the Data Controller transmits the data-to-data
processors or other third parties (recipients), the Data Controller shall keep
records thereof. The record of the transfer shall contain the recipient, method
and date of the transfer and the scope of the data transferred. The Company
shall provide a list of its data processors upon request of the data subject.
(5) The data processing belonging to each activity of the
Data Controller, broken down according to the individual data management
purposes, is detailed below:
I.
Website
Data Management
1.) Purpose of Data Management: logging of the website of the Data Controller
Legal basis for Data Management: the consent of the visitor to the website (data
subject) pursuant to Article 6 paragraph (1) point (a) of the GDPR
Scope of Special Data Management: any personal data involved in logging and operating the
website
Purpose of Data
Management:
authorization management, liaising with website administrators, tracking
website administrator activity for easier content editing, debugging,
troubleshooting
Data processor(s): Webtrek Kft., DomainTank Kft.
Data deletion deadline: no later than the end of the 2nd year from logging
The possible consequence of the lack of data
communication: in the absence of
a user account, the use of the service cannot be implemented in whole or in
part
|
Name of
the Data Processor |
Extreme
Net Kft. |
|
|
Address of
the Data Processor |
20th
Tímár Street, 2nd Floor Budapest 1034 |
|
|
Contact of
the Data Processor |
E-mail |
info@extremenet.hu |
|
Tel. |
+36 30 834-61-38 |
|
|
Website |
https://extremenet.hu/ |
|
|
Scope of
Data Management |
user data
recorded on the website |
|
|
Purpose of
the Data Management |
performing
web development tasks |
|
5. The rights of
the data subjects, the possibilities of legal remedies
(1) The data subject may at any time request detailed
information in writing from the Data Controller on the processing of his or her
personal data, access his or her personal data, request their rectification,
erasure or restriction of processing, and in certain cases object to the
processing of his or her personal data. The data subject may exercise his or
her right to data portability and withdraw his or her previously agreed consent
to the contact details provided in Section 3.
(2) The data subject may not exercise the right to delete
and protest in the case of mandatory data processing.
(3) Content of the right to information: Based on the data
subject's request, the Data Controller shall provide the data subject with the
information listed in Articles 13 and 14 of the GDPR and provide the
information referred to in Articles 15 to 22 and 34 in a concise, comprehensible
form.
(4) Content of the right of access: Upon the request of
the data subject, the Data Controller shall provide information on whether the
data processing concerning him or her is in progress at the Data Controller. If
the Data Controller is in the process of processing the data concerning the
applicant, the data subject is entitled to access the following:
a. personal data relating to him or her;
b. the purpose(s) of the Data Processing;
c. the persons to whom the data of the data subject have
been or will be communicated;
d. the duration of Data Storage;
e. the right to rectification, erasure and restriction of
Data Processing;
f.
the
right to apply to a court or supervisory authority;
g. the source of the data processed;
h. the transfer of processed data to a third country or
international organization.
(5) In the event of a request for data in accordance with
the above, the Data Controller shall provide the data subject with an
electronic copy of the data processed by him or her in accordance with the
request. Upon special request, it is possible to request delivery by post from
the Data Controller against payment of postage.
(6) The deadline for the release of the requested data is
one month from the receipt of the request.
(7) Right to rectification: The data subject may request
the rectification of inaccurate data processed by him or her by the Data
Controller.
(8) Right of cancellation: If any of the following reasons
exist, the Data Controller shall, at the request of the data subject, delete
the data relating to the data subject as soon as possible and at the latest
within 5 working days:
a. The data was processed unlawfully (without legal
authorization or personal consent);
b. the processing of the data is not necessary to achieve
the original purpose;
c. the data subject withdraws his or her consent to the
data processing and the Data Controller has no other legal basis for the data
processing;
d. the data in question were collected in connection with
the provision of information society services;
e. personal data must be deleted in order to fulfill the
legal obligations of the Data Controller.
(9) The Data Controller shall not be able to delete the
data if the data processing is still necessary for any of the following:
a. further data management is required to meet the legal
requirements for the Data Controller;
b. necessary for the exercise of the right to be heard
and to be informed;
c. in the public interest;
d. for archival, scientific, research or statistical
purposes;
e. to enforce or defend legal claims.
(10)
Right to restrict data processing: If any of
the following reasons exists, the Data Controller shall restrict data
processing at the request of the data subject:
a. the data subject disputes the accuracy of the data
concerning him / her, in which case the restriction applies to the time until
the accuracy and correctness of the data in question is reviewed in a credible
manner;
b. the data processing is illegal; however, the data
subject requests that the deletion not be deleted, only that the data
processing be restricted;
c. the data are no longer required for data processing,
but the data subject requests that they be further stored in order to enforce
or protect his or her legal claims.
(11)
If the
Data Controller imposes a restriction on any data processed, it shall process
the data concerned during the period of the restriction only if and to the
extent that:
a. the data subject consents to this;
b. necessary to assert or defend legal claims;
c. necessary to enforce or protect the rights of another
person;
d. necessary to safeguard the public interest.
(12)
Right
of withdrawal: The data subject has the right to withdraw his consent to the
Data Controller in writing at any time. In the event of such a request, the
Data Controller shall immediately and permanently delete all data which it has
processed in relation to the data subject and the further storage of which is
not required by law or necessary for the exercise or protection of rights
related to legitimate interests. The lawfulness of data processing prior to the
withdrawal of consent shall not be affected by the withdrawal.
(13)
Right
to data transfer: The data subject has the right to request that the Data
Controller transfer the data concerning him or her to another Data Controller
in a commonly used format that can be read by computer software. The Data
Controller shall comply with the request as soon as possible, but no later than
within 1 month.
6. Contact
The e-mail received during the contact with the Data
Controller and its content (especially the name, address, date, attachments of
the sender) will be stored by the Data Controller for the period specified in
Section IV 2) and then deleted.
7. Method of data storage, provision
(1) The Data Controller shall store the data processed by
it in paper form at its registered office, while in electronic form on its own
network data storage facility.
(2)
The exception to point (1) is the data stored at the data
processors of the Data Controller, the data processors of which are obliged to
ensure the preservation of such data by introducing appropriate security
measures.
(3) A Data Controller shall use an IT system for its
operation that ensures that the data:
a. be accessible to those entitled to it (availability);
b. and to be protected against unauthorized access (data confidentiality).
(4) Data protection shall cover in particular:
a. unauthorized access;
b. to change;
c. for cancellation;
d. accidental injury;
e. or becoming inaccessible as a result of a change in
the technology used.
(5) In order to protect electronically processed data, the
Data Controller shall use a solution that provides an adequate level of
security according to the state of the art. During the examination of
compliance, special emphasis is placed on the degree of risk arising from the
data processing performed at the Data Controller. IT protection ensures that
stored data cannot be directly assigned or linked to data subjects (unless
permitted by law).
(6) During its data management, the Data Controller shall
ensure that:
a. the data subject must have access to the data when they
need it;
b. only has access to the information to those who are
entitled to it;
c. the accuracy and completeness of the information and
the method of processing are protected.
(7) The Data Controller and any data processors used shall
ensure protection against fraud, espionage, viruses, burglary, damage and
natural disasters against their IT systems at all times. The Data Controller
(or data processor) uses server-level and application-level protection
procedures.
(8) Messages transmitted to the Data Controller via the
Internet, in any form, are increasingly exposed to network threats that lead to
the modification of information, access by unauthorized persons or other
illegal activities. At the same time, the Data Controller will do everything
that can reasonably be done and expected from the state of the art to eliminate
such threats. To this end, the systems used are monitored to record security
deviations, to obtain evidence of a security incident, and to examine the
effectiveness of precautionary measures.
8. Rules of procedure
(1) If the Data Controller receives a request pursuant to
Articles 15 to 22 of the GDPR, the Data Controller shall inform the data
subject in writing as soon as possible, but no later than within one month, of
the action taken on the request.
(2) If the complexity of the application or other
objective circumstances so warrant, the above time limit may be extended once
by a maximum of 60 days. The Data Controller shall notify the data subject in
writing of the extension of the term, together with the appropriate reasons for
the extension.
(3) The Data Controller shall provide the information free
of charge, unless:
a. the data subject repeatedly requests information /
action on substantially unchanged content;
b. the request is clearly unfounded;
c. the request is excessive.
(4) In the cases referred to in point (3), the Data
Controller is entitled to:
a. refuse the application;
b. make the execution of the request conditional on the
payment of a reasonable fee.
(5) If the applicant requests the transfer of data on paper
or on an electronic data carrier (CD, DVD or flash drive), the Data Controller
shall provide a copy of the relevant data free of charge in the requested
manner (unless the chosen platform would present a technically disproportionate
difficulty). For each additional copy requested, it will charge an
administration fee of HUF 6 per page and an administration fee of HUF 2,500 per
CD, DVD, or flash drive.
(6) The Data Controller shall notify all persons to whom
the relevant data have been previously communicated of the rectification,
erasure or restriction carried out by him or her, unless the information is
impossible or requires a disproportionate effort.
(7) If the data subject so requests, the Data Controller
shall provide information to which persons his or her data have been
transferred.
(8) The Data Controller shall respond to the request in
electronic form, unless:
a. the data subject requests the response explicitly in a
different way and this does not result in an unreasonably high additional cost
for the Data Controller;
b. the Data Controller does not know the electronic
contact details of the data subject.
9. Compensation
(1) If any data subject suffers pecuniary or non-pecuniary
damage as a result of a breach of data protection law, he or she shall be
entitled to claim compensation from the Data Controller and / or the data
processor. If both the Data Controller and the Data Processor(s) are involved
in the commission of the infringement, they shall be jointly and severally
liable for the damage.
(2) The Data Processor shall only be liable for the
damages incurred if it has violated the provisions of the relevant data
protection legislation formulated specifically for the data processors or if
the damage occurred due to disregard of the instructions of the Data Controller.
(3) The Data Controller or any Data Processors shall be
liable only if they cannot prove that they are not responsible for the event or
circumstance causing the damage.
10. Remedies
(1) If you have any objections or problems related to the
data management of the Data Controller, please feel free to contact our Company
at the contact details indicated in point 3 of this Information.
(2) If, in the opinion of the data subject, his or her
rights have been violated by the Data Controller and / or the data processors,
he or she has the right to apply to a court with jurisdiction and competence
according to the Pp. The court is acting out of turn in the case.
(3) If the data subject wishes to make a complaint in
connection with data processing, he or she may do so at the National Data
Protection and Freedom of Information Authority at the following contact
details:
§
Registered
office: 9-11th Falk Miksa
Street Budapest 1055
§
Mailing
address: 9th Mailbox Budapest
1363
§
Tel.: 06-1 / 391-1400
§
Fax: 06-1 / 391-1410
§
E-Mail: ugyfelszolgalat@naih.hu
§
Website:
https://www.naih.hu/
11. Regulatory cooperation
The Data
Controller shall, upon receipt of a formal request from the competent
authorities, provide the specified personal data on a mandatory basis.
(1) The controller shall only transfer data in the cases
referred to in point (1) which are strictly necessary for the purpose specified
by the requesting authority.
