DATA PROCESSING NOTICE

"FÖLD-TRANS 2001" Ltd.. Data processing information

INTRODUCTION

The "FÖLD-TRANS 2001” Ltd. (seat): 2038 Sóskút, Asbóth Oszkár utca 2. Fsz. 1. ajtó; Cg. 13-09-0283; website: www.foldtrans.hu) as the operator, ensures the lawfulness and appropriateness of data processing in all cases with regard to the personal data it processes. The purpose of this information is to ensure that our partners who provide their personal data can receive appropriate information, when requesting information or an offer, or before providing their personal data, about the conditions and guarantees under which our company processes their data and for how long. Our company adheres to the provisions of this information in all cases involving the processing of personal data, and we consider the provisions described here to be binding on us.

  1. NAME OF THE DATA CONTROLLER

The details and contact details of our company are as follows:

Name: ”FÖLD-TRANS 2001” Trading and Service Provider Limited Liability CompanyRegistration: 2038 Sóskút, Asbóth Oszkár Street 2nd Floor, 1st Door
Company registration number: Cg. 13-09-089283
Tax number: HU12728923 Phone number: +36-1-362 3971
Email: info@foldtrans.hu
Website: www.foldtrans.hu (hereinafter also referred to as: “Data controller")

  1. DATA MANAGEMENT

Compliance with legal regulations

Our data management complies with the relevant legislation, in particular the following:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) - on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and on the repeal of Regulation 95/46/EC ( general data protection regulation, hereinafter: "GDPR");
  • CXII of 2011 on the right to information self-determination and freedom of information. law ("Infotv.");
  • Act V of 2013 on the Civil Code;
  • Act C of 2000 on accounting;
  • CL of 2017 on the taxation system. law;
  • CXXXIII of 2005 on the rules for personal and property protection and private investigative activities. law (hereinafter: "Szvtv.");
  • XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activity. law;
  • CVIII of 2001 on certain issues of electronic commercial services and services related to the information society. law.


We provide the following information regarding our individual data management.

There is no personal registration on the site, so no directly stored personal data is generated.

Individual data management

Management of cookies

Cookies specific to websites are the so-called "cookie used for a protected session", "security cookies", the use of which does not require prior consent from the data subjects.

The fact of data processing, the scope of data processed: Unique identification number, dates, times. Scope of data subjects: All data subjects visiting the website.

Purpose of data processing: Tracking visitors.

Duration of data processing, deadline for data deletion:

Type of cookie Legal basis of data management Duration of data management

Managed data circle

Session cookies Section 13/A. (3) of Act CVIII of 2001 on certain issues of electronic commerce services and information society services (Elkertv.)

The period until the relevant visitor session closes

The identity of potential data controllers authorized to view the data: The data controller does not process personal data using cookies.

Description of the rights of data subjects regarding data processing: The data subject has the option to delete cookies in the Tools/Settings menu of the browser, usually under the Privacy settings.

Legal basis for data processing: Consent from the data subject is not required if the sole purpose of using cookies is to transmit a communication via an electronic communications network or if the service provider absolutely needs it to provide an information society service explicitly requested by the subscriber or user.

Embedded content from other websites

Posts available on the website may use embedded content from external sources (e.g. videos, images, articles, etc.). Embedded content from an external source behaves exactly as if you had visited another website.

These websites may collect data about visitors, use cookies or third-party tracking code. User behavior related to embedded content is monitored if you have a user account and are logged in to the site.

Analysis

Application of Google Analytics

This website uses the Google Analytics application, which is provided by Google Inc. (“Google”) web analytics service. Google Analytics uses so-called "cookies", text files that are saved on your computer, thus facilitating the analysis of the use of the website visited by the User.

The information created by cookies related to the website used by the User is usually sent to and stored on one of Google's servers in the USA. By activating IP anonymization on the website, Google shortens the User's IP address beforehand within the member states of the European Union or in other states that are parties to the Agreement on the European Economic Area.

The full IP address is transmitted to a Google server in the USA and shortened there only in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate how the User used the website.

Furthermore, to prepare reports related to website activity for the website operator, as well as to perform additional services related to website and Internet use.

Within the scope of Google Analytics, the IP address transmitted by the User's browser is not combined with other Google data. The User can prevent the storage of cookies by setting their browser accordingly, but please note that in this case, not all functions of this website may be fully usable.

You can also prevent Google from collecting and processing the User's website usage data (including IP address) through cookies by downloading and installing the browser plugin available at the following link. https://tools.google.com/dlpage/gaoptout?hl=hu

Hosting provider

Activity provided by data processor: Storage service

Name and contact information of the data processor:

Name: Websupport Hungary Ltd.

Headquarters: 1119 Budapest, Fehérvári Street 97-99

Email: support@websupport.hu

Phone: +36 -22-78 76 74

The range of stakeholders: All stakeholders using the website.

Purpose of data processing: Making the website available and operating it properly.

Duration of data processing, deadline for data deletion: Data management lasts until the termination of the agreement between the data controller and the hosting service provider, or until the data subject submits a deletion request to the hosting service provider.

Legal basis for data processing: Article 6(1)(c) and (f) and Section 13/A(3) of Act CVIII of 2001 on certain issues of electronic commerce services and information society services.

Social sites

The fact of data collection, the scope of data processed: The user's registered name on social media sites such as Facebook/Google+/Twitter/Pinterest/Youtube/Instagram, etc., or their public profile picture.

The range of stakeholders: All stakeholders who have registered on social media sites like Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc. and have “liked” the website.

Purpose of data collection: Sharing, "liking" and promoting certain content elements, products, promotions or the website itself on social media.

The duration of data processing, the deadline for data deletion, the identity of potential data controllers authorized to view the data, and a description of the rights of data subjects related to data processing: The data subject can find out about the source of the data, its management, the method of transfer, and its legal basis on the given social media site. Data management is carried out on social media sites, so the duration and method of data management, as well as the possibilities for deleting and modifying data, are subject to the regulations of the given social media site.

Legal basis for data processing: the data subject's voluntary consent to the processing of his/her personal data on social media sites.

 

Duration of data processing: We only store data received by email until the related matters are properly resolved.

-given e-mail address, given name.

What rights does the user have in relation to his own data

You can request that we delete any previously provided personal data. This does not apply to data that we are required to retain for administrative, legal or security reasons.

Data management related to requests for proposals

Our company provides the opportunity for our partners to request an offer electronically. Our company provides the offer through an automated system, taking into account the available capacities.

Purpose of data processing: preliminary information about the work

Legal basis for data processing: the prior consent of the contracting authority [GDPR Article 6(1)(a)] or the processing is necessary to take steps at the request of the data subject prior to entering into a contract [GDPR Article 6(1)(b)]

Scope of personal data processed: title; last name and first name; telephone number; email address; billing name and address,

Duration of data processing: two years after the last day of the employment termination date.

Data management related to service provision and invoicingOur company processes the personal data of our partners in order to fulfill the contract concluded with our partners, including the payment of fees related to the use of work services.

Purpose of data processing: the use of the services provided by our company by the data subject, the determination of the consideration and invoicing.

Legal basis for data processing: necessity for the performance of a contract to which the data subject is a party [Article 6(1)(b) of the GDPR] and for the fulfilment of a legal obligation pursuant to the provisions of Section 69(1) and (2) of Act C of 2000 on Accounting [Article 6(1)(c) of the GDPR]

Scope of personal data processed: last name and first name, address.

Duration of data processing: from the date of provision of personal data by the data subject to 5 years from the performance of the contract (limitation period). In the case of issuing an invoice, the period of data management is 8 years from the date of provision of personal data by the data subject to the preparation of the report, business report or accounting settlement for the given business year.

Use of a data processor: our company uses the help of an accountant for invoicing as follows.

Data processing task description: Performing accounting tasks

Name and address of data processor:

Föld-Trans 2001 Ltd. 2038 Sóskút, Asbóth Oszkár Street 2nd Floor, 1st Door

Possible consequences of failure to provide data: You cannot use the services of our company concerned.

Rights of the data subject: the person concerned (the person whose personal data is processed by our company)

  1. may request information about the processing of personal data concerning him/her, as well as access to this personal data,
  2. you can request their correction,
  3. you can request their deletion,
  4. You may request the restriction of the processing of personal data if the conditions set out in Article 18 of the GDPR are met (i.e. that our company does not delete or destroy the data until requested by a court or authority, but for a maximum of thirty days, and that the data is not processed for any other purpose beyond that),
  5. you can object to the processing of your personal data,
  6. exercise their right to data portability. Under this latter right, the data subject has the right to receive their personal data in Word or Excel format and has the right to have these data transmitted to another data controller upon request.

Other information regarding data processing: Our company takes all necessary technical and organizational measures to avoid a possible data protection incident (e.g. damage, disappearance, access to unauthorized persons of files containing personal data). In the event of an incident that nevertheless occurs, we keep a record in order to monitor the necessary measures and inform the data subject, which includes the scope of the personal data concerned, the scope and number of those affected by the data protection incident, the date, circumstances, effects of the data protection incident and the measures taken to remedy it, as well as other data specified in the law prescribing data processing.

Camera surveillance

Our company uses an electronic monitoring system in the area of our Site.

Purpose of data processing: protecting the life and physical integrity of persons staying on the premises, maintaining personal and property security by using the electronic surveillance system (camera system).

Camera surveillance by the data controller is not intended for Mt. Employer inspection according to Section 11 (1).

Legal basis for data processing: the explicit voluntary consent of the data subject [Article 6 (1) a) GDPR] and the legitimate interest of the Data Controller based on the provisions of Section 26 (1) e) and Section 31 (1)-(4) of the Data Protection Act [Article 6 (1) f) GDPR].

Scope of personal data processed: the facial image, voice, and behavior of the individuals involved as seen in the images and audio recordings.

Duration of data processing: 3 working days from the date of entry of the data subject into the premises, 30 days in the case of a public event.

Use of a data processor: our company uses the following data processor to operate the electronic surveillance system (camera system).

Data processing task description: Operation of the electronic surveillance system (camera system)

Name and registered office of the data processor: Föld-Trans 2001 Kft. 2038 Sóskút, Asbóth Oszkár Street 2nd Floor, 1st Door

Rights of the data subject: the person concerned (the person whose personal data is processed by our company)

  1. may request information about the processing of personal data concerning him/her, as well as access to this personal data,
  2. you can request their correction,
  3. you can request their deletion,
  4. You may request the restriction of the processing of personal data if the conditions set out in Article 18 of the GDPR are met (i.e. that our company does not delete or destroy the data until requested by a court or authority, but for a maximum of thirty days, and that the data is not processed for any other purpose beyond that),
  5. you can object to the processing of your personal data,
  6. exercise their right to data portability. Under this latter right, the data subject has the right to receive their personal data in Word or Excel format and has the right to have these data transmitted to another data controller upon request.

Other information related to data processing: our company takes all necessary technical and organizational measures to avoid a possible data protection incident (e.g. damage, disappearance, access to unauthorized persons of files containing personal data). In the event of an incident that nevertheless occurs, we keep a record in order to monitor the necessary measures and inform the data subject, which includes the scope of the personal data concerned, the scope and number of those affected by the data protection incident, the date, circumstances, effects of the data protection incident and the measures taken to remedy it, as well as other data specified in the law prescribing data processing.

Other data management

We provide information on data management not listed in this information when the data is collected. We inform our customers that certain authorities, bodies performing public duties, and courts may contact our company for the purpose of communicating personal data. If the relevant body has specified the exact purpose and the scope of the data, our company will only release personal data to these bodies to the extent and to the extent that is absolutely necessary to fulfill the purpose of the request, and if the fulfillment of the request is required by law.

  • METHOD OF STORING PERSONAL DATA, SECURITY OF DATA MANAGEMENT

Our company's IT systems and other data storage locations are located at the headquarters and on servers rented by the data processor. Our company selects and operates the IT tools used in the provision of the service to manage personal data in such a way that the processed data:

  1. accessible to those authorized to do so (availability);
  2. its authenticity and authentication are ensured (authentication of data processing);
  3. its immutability can be verified (data integrity);
  4. be protected against unauthorized access (data confidentiality).

We pay particular attention to the security of the data, we also take the technical and organizational measures and develop the procedural rules that are necessary to enforce the guarantees according to the GDPR. We protect the data with appropriate measures, especially against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction, damage, and inaccessibility resulting from changes in the technology used.

The IT system and network of our company and our partners are protected against computer-assisted fraud, computer viruses, computer intrusions and denial-of-service attacks. The operator ensures security with server-level and application-level protection procedures. Daily data backup is done. In order to avoid data protection incidents, our company takes all possible measures, in the event of such an incident - according to our internal regulations - we take immediate action to minimize the risks and prevent damages.

The data manager and the data processor implement appropriate technical and organizational measures, taking into account the state of science and technology and the costs of implementation, as well as the nature, scope, circumstances and purposes of data management, as well as the variable probability and severity of the risk to the rights and freedoms of natural persons. , to guarantee a level of data security appropriate to the degree of risk, including, among others, where appropriate:

  1. pseudonymization and encryption of personal data;
  2. ensuring the continued confidentiality, integrity, availability and resilience of systems and services used to process personal data;
  3. the ability to restore access to and availability of personal data in a timely manner in the event of a physical or technical incident;
  4. a procedure for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures taken to guarantee the security of data processing.

 

  1. INFORMATION ON THE RIGHTS OF THE DATA SUBJECT

Rights of data subjects

Right to prior information: You have the right to be informed about the facts and information related to data processing before data processing begins.

Right of access: You have the right to receive feedback from the controller as to whether your personal data is being processed and, if such processing is taking place, you have the right to access the personal data and the information listed in the regulation.

Right to rectification: You have the right to obtain from the controller, upon request, the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purpose of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.

The right to erasure: You have the right to request that the data controller erase your personal data without undue delay, and the data controller is obliged to erase your personal data without undue delay under certain conditions.

The right to be forgotten: Where the controller has made the personal data public and is obliged to erase them, the controller, taking into account available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform the controllers processing the data that you have requested the erasure of links to the personal data in question or of copies or replications of those personal data.

The right to restrict data processing: You have the right to request that the data controller restrict data processing if one of the following conditions is met:

  1. You dispute the accuracy of the personal data, in which case the limitation applies to the period that allows the controller to check the accuracy of the personal data;
  2. the data processing is unlawful and you object to the deletion of the data and instead request the restriction of its use;
  3. the data controller no longer needs the personal data for the purpose of data management, but you require them to submit, enforce or defend legal claims;
  4. You have objected to data processing; in this case, the restriction applies to the period until it is determined whether the data controller's legitimate reasons take precedence over your legitimate reasons.

Notification obligation related to the correction or deletion of personal data or the restriction of data processing: The Data Controller shall inform all recipients to whom the personal data have been disclosed of any rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. Upon request, the Data Controller shall inform the data subject of these recipients.

The right to data portability: You have the right to receive the personal data about you that you have provided to a data controller in a segmented, widely used, machine-readable format, and you have the right to transfer this data to another data controller without hindrance from the data controller whose provided the personal data to you (...)

The right to protest: You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data concerning you, including profiling based on the aforementioned provisions.

Protest on the evening of direct business acquisition: If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such purposes, including profiling, insofar as it is related to direct marketing. If you object to the processing of personal data for direct marketing purposes, your personal data will no longer be processed for such purposes.

Automated decision-making in individual cases, including profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

The previous paragraph does not apply if the decision:

  1. It is necessary to conclude or fulfill the contract between you and the data controller;
  2. it is made possible by EU or member state law applicable to the data controller, which also establishes appropriate measures for the protection of your rights and freedoms, as well as your legitimate interests; or
  3. It is based on your express consent.

Right to legal remedy (right to lodge a complaint; legal remedy against the supervisory authority, data controller and data processor): You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if the data subject considers that the processing of personal data concerning him or her infringes the GDPR.

 

Every natural and legal person has the right to an effective judicial remedy against a legally binding decision of a supervisory authority concerning him or her, or if the supervisory authority does not deal with the complaint or does not inform the data subject within three months of the procedural developments or the outcome of the complaint submitted.

Every data subject has the right to an effective judicial remedy if, in their opinion, their rights under the GDPR have been infringed as a result of the processing of their personal data not in accordance with the GDPR.

  1. SUBMISSION OF THE DATA SUBJECT'S REQUEST, MEASURES OF THE DATA CONTROLLER

Action deadline

The data controller will inform you of the measures taken following the above requests without undue delay, but in any case within 1 month from the receipt of the request.

If necessary, this can be extended by 2 months. The data controller will inform you of the extension of the deadline, indicating the reasons for the delay, within 1 month of receiving the request.

If the data controller does not take measures following your request, it will inform you without delay, but at the latest within one month of the receipt of the request, of the reasons for the failure to take action, as well as the fact that you can file a complaint with a supervisory authority and exercise your right to judicial redress.

  1. PRIVACY INCIDENT

Informing the data subject about the data protection incident

If the data protection incident is likely to involve a high risk for the rights and freedoms of natural persons, the data controller shall inform the data subject of the data protection incident without undue delay.

The nature of the data protection incident must be explained in a clear and comprehensible manner in the information provided to the data subject. The name and contact details of the data protection officer or other contact person providing additional information must be provided. The likely consequences of the data protection incident must be described. The measures taken or planned by the data controller to remedy the data protection incident must be described, including, where appropriate, measures aimed at mitigating any adverse consequences resulting from the data protection incident.

The data subject does not need to be informed if any of the following conditions are met:

  1. the data controller has implemented appropriate technical and organizational protection measures and these measures have been applied to the data affected by the data protection incident, in particular those measures - such as the use of encryption - that make the personal data unintelligible to persons not authorized to access the personal data data;
  2. after the data protection incident, the data controller has taken additional measures to ensure that the high risk to the rights and freedoms of the data subject is unlikely to materialize in the future;
  3. providing information would require a disproportionate effort. In such cases, the data subjects must be informed through publicly published information, or a similar measure must be taken that ensures similarly effective information to the data subjects.

If the data controller has not yet notified the data subject of the data protection incident, the supervisory authority, after considering whether the data protection incident is likely to involve a high risk, may order the data subject to be informed.

Reporting a data protection incident to the authority

The data controller shall report the data protection incident to the competent supervisory authority pursuant to Article 55 without undue delay and, if possible, no later than 72 hours after becoming aware of the data protection incident. Unless the data protection incident likely does not pose a risk to the rights and freedoms of natural persons. If the notification is not made within 72 hours, the reasons justifying the delay must also be attached.

  • ENSURING THE RIGHT TO A LEGAL REMEDIES

Possibility of filing a complaint

A complaint against a possible violation of the data controller can be filed with the National Data Protection and Freedom of Information Authority (supervisory authority):

National Data Protection and Freedom of Information Authority

  • Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
  • Website: no.hu
  • Mailing address: 1530 Budapest, PO Box: 5.
  • Telephone: +36 -1-391-1400
  • Fax: +36-1-391-1410
  • E-mail: ugyfelszolgalat@naih.hu

Right to an effective judicial remedy against the supervisory authority

Without prejudice to other administrative or non-judicial remedies, every natural and legal person has the right to an effective judicial remedy against a legally binding decision of a supervisory authority concerning him or her.

Without prejudice to other administrative or non-judicial remedies, every data subject shall have the right to an effective judicial remedy if the supervisory authority competent pursuant to Article 55 or 56 of the GDPR does not deal with the complaint or does not inform the data subject of the procedural developments or the outcome of the complaint lodged pursuant to Article 77 within three months.

Proceedings against a supervisory authority shall be brought before the courts of the Member State in which the supervisory authority is established.

If proceedings are brought against a decision of the supervisory authority on which the Board has previously issued an opinion or taken a decision under the consistency mechanism, the supervisory authority shall be obliged to send that opinion or decision to the court. (Article 78 GDPR)

Right to judicial remedy against the controller or processor

Without prejudice to any available administrative or non-judicial remedies, including the right to lodge a complaint with a supervisory authority pursuant to Article 77 of the GDPR, each data subject shall have the right to an effective judicial remedy if he or she considers that his or her rights under this GDPR have been infringed as a result of the processing of his or her personal data not in accordance with this GDPR.

Proceedings against a controller or processor shall be brought before the courts of the Member State in which the controller or processor is established. Such proceedings may also be brought before the courts of the Member State in which the data subject has his habitual residence, unless the controller or processor is a public authority of a Member State acting in the exercise of its official authority. (Article 79 GDPR)

  • MISCELLANEOUS PROVISIONS

The Data Manager undertakes that all data processing related to its activities complies with the requirements set out in this information sheet, in the Data Manager's internal regulations - which impose the same requirements as this information sheet - and in the applicable legislation.

The data controller reserves the right to change this information at any time, by informing the affected parties of possible changes via a notice published on our company's website after the changes have been implemented.

Please send us an e-mail if you have any questions about the contents of this information sheet.