1. Data Controller’s information

Name of data controller: Horváth Rudolf Intertransport Kft.
Company registration number of the data controller: Cg. 10-09-021834 10-09-021834
Data Controller’s registered office: 3000 Hatvan, Robert Bosch út 3.
The Data Controller’s representative: Horváth Rudolf or Horváthné Pók Erika both

2. Rules for data management

This privacy notice is valid from 25 May 2018 until its withdrawal.

The terminology used in this policy is the same as in the General Data Protection Regulation (hereinafter GDPR.) article 4 and, in certain points, supplemented by the interpretative provisions of 3. the Info Law in force from 25 May 2018. So, based on these:

personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

consent: a freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she signifies, by a statement or by an act expressing his or her unambiguous consent, that he or she signifies his or her agreement to the processing of personal data concerning him or her;

data controller: a natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the controller’s designation may also be determined by Union or Member State law;

processing: any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

processor:a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.

The processing of personal data must be lawful, fair and transparent for the data subject.

The Data Controller shall make the information notice permanently available on its website. Acceptance of the Privacy Notice (by ticking the corresponding checkbox) constitutes acknowledgement of receipt and consent to processing. Thus, processing may only take place if the data subject gives his or her freely given, specific, informed and unambiguous consent to the processing of personal data concerning him or her by a clear affirmative action, such as a written, including electronic, statement.

The personal data collected by the Controller must be processed only for specified, explicit and legitimate purposes and not in a way incompatible with those purposes, and stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed

In the course of their work, the employees of the Data Controller shall ensure that no unauthorised persons have access to personal data, and that the storage and placement of personal data is designed in such a way that it cannot be accessed, accessed, altered or destroyed by unauthorised persons.

3. Data processing in the course of the use of the Data Controller’s website

3.1. Cookies

Cookies are placed on the user’s computer by the websites visited and contain information such as the page settings. The use of cookies enables the Company to retrieve certain information about the visitor and to monitor his/her use of the Internet. Some cookies are essential for the proper functioning of the site, others collect statistics to make the site more convenient to use, while others are used to serve targeted advertisements.

Visitors can use the bar at the bottom of the website to choose which cookies they want to allow, i.e. which cookies they agree to and which cookies they do not want to be used.

purpose of data processing: to study the website visiting habits, to facilitate contact with the Company
the type of data processed: the Internet Protocol (IP) address of the visitor, the time of the visit, the pages viewed, the name of the browser program used
legal basis for processing: the GDPR 6. (1) the data subject’s consent pursuant to point (a).
time limit for data storage:maximum one year from the date of recording
method of data storage: electronic

3.2. Contact

The data subject may send a message to the Data Controller using the “Send Message” function on the website.

purpose of processing: contacting, sending messages
scope of the data processed: name, e-mail address of the data subject
legal basis for processing: the GDPR 6. (1) the data subject’s consent pursuant to point (a).
data storage limit: 30 days from the date of recording or until deletion at the request of the data subject
method of data storage: electronic

3.3. Request for quotation

Visitors to the Company’s website have the possibility to request a quote. By filling in the form, the visitor provides the relevant data for contacting us and calculating the offer. However, the data subject can only send the data if he/she accepts the Company’s privacy policy by ticking a box, otherwise he/she will not be able to finalize the offer.

purpose of processing: to facilitate contact with the Company, registration
scope of data processed: name of contact person, e-mail address, telephone number, place of loading and unloading
legal basis for processing: the GDPR 6. (1) the data subject’s consent pursuant to point (a).
storage period: 30 days from the date of filling in the form, if there is no contract between the parties, or 10 years from the date of termination of the contract.
method of data storage: electronic

3.4. Data processing related to job applications

So-called “opt-out” requests received via the Company’s online platform or by mail. CVs are received directly from the data subject in person or by post to the Company’s headquarters and premises, or electronically to the Company’s e-mail address .

You can apply under the “Jobs” section of the website. The data subject has the possibility to apply by filling in a form, which he/she must accept before submitting it and give his/her consent to the processing.

Purpose of processing: to select a suitable prospective employee or contractor to fill a vacancy, and to process the personal data of applicants
scope of the data processed: name, e-mail address, telephone number, data contained in the CV uploaded by the data subject
legal basis for processing: the GDPR 6. (1) the consent of the person concerned
data retention period: 1 year from the date of recording
method of data storage:electronic

4. Data processing in the course of the Company’s operations

4.1. Register of customers

The data of customers and partners are recorded in the Company’s unique system.

purpose of data processing: to maintain contact with customers and partners in order to fulfil their order requests.
scope of data processed:name, e-mail address, telephone number of the customer’s contact person
legal basis for processing: the GDPR 6. (1) a) or, in addition, in accordance with Article 6 of the GDPR. (1) legitimate interest under point (f)
data retention period: until the termination of the relevant contract
method of data storage: electronic

4.2. Customer care

In order to serve customers’ needs as fully as possible, the Company sends informal e-mails to the contact persons of the contracted partners, for example, to inform them that the contracted partner’s insurance has expired. Although these emails are sent automatically, they do not constitute advertising and are necessary for the performance of the contract.

purpose of processing:customer management
scope of data processed:name, e-mail address, telephone number of the customer’s contact person
legal basis for processing: the GDPR 6. (1) a) or, in addition, in accordance with Article 6 of the GDPR. (1) legitimate interest under point (f)
storage period: until the company ceases to exist or is deleted at the request of the data subject
data storage method: electronic and paper-based

4.3. Invoice management

purpose of processing: issuing and storing invoices
scope of data processed: customer name, address
legal basis for processing: the GDPR 6. (1) c) of the Act on Accounting 2000. Act C of 2006 No 167. §
Deadline for data storage: accounting documents must be kept in accordance with the provisions of Act on Accounting 2000. Act C No 169. § (2), the Company shall keep it for at least 8 years. The Company will automatically delete the personal data of the data subject after 8+1 years.
method of data storage: electronic

5. Enforcement of data subjects’ rights

The data subject may request information about the processing of his or her personal data; request the rectification of his or her personal data; request the erasure of his or her data email address; restriction of processing; and the right to data portability and redress. In the event of a complaint, you may refer the matter to the National Authority for Data Protection and Freedom of Information or, at your option, to a court in Hungary. The tribunal has jurisdiction in court proceedings.

See below for a detailed description of the rights of data subjects:

5.1. Right to information (access)

The data subject shall have the right to receive feedback from the Company on whether his or her personal data are being processed and to have access to the following information:

  • is entitled to know the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipients to whom or with whom the personal data have been or will be disclosed, including in particular recipients in third countries or international organisations;
  • where applicable, the envisaged period for which the personal data will be stored or, if this is not possible, the criteria for determining that period.
  • The right to be informed of the data subject’s right to obtain from the controller the rectification, erasure or restriction of the processing of personal data concerning him or her and to object to the processing of such personal data, and to lodge a complaint with a supervisory authority.
  • He or she is also entitled to receive all available information about whether the data have been collected from someone other than the data subject.
  • He or she is also entitled to be informed of the logic used in automated decision-making and of the significance of such processing and its likely consequences for the data subject.

The Company shall, without undue delay, and in any event within one month of receipt of the request, inform the data subject of the action taken in response to the request under the right of information. If necessary, taking into account the complexity of the application and the number of requests, this deadline may be extended by a further two months. The data controller shall inform the data subject of the extension of the time limit within one month of receipt of the request, stating the reasons for the delay.

As a general rule, the information is free of charge, and the Company will only reimburse the costs incurred in accordance with GDPR 12. Article 5 and 15. shall charge in the case specified in paragraph 1.

If the Company fails to act on the data subject’s request, it shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for the failure to act and of the possibility to lodge a complaint with a supervisory authority and to exercise his or her right of judicial remedy.

5.2. Right to rectification

The data subject shall be entitled to have inaccurate personal data relating to him or her corrected by the Company without undue delay upon his or her request. Taking into account the purpose of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration.

For the period during which the Company verifies the accuracy of the personal data, the personal data in question may be restricted in accordance with the provisions of this notice 5.4. in accordance with point.

5.3. Right to object

The data subject may object to the processing of his or her personal data by notifying the Company if the legal basis for the processing is.

  • GDPR 6. Article 1 E public interest within the meaning of paragraph
  • GDPR 6. public interest within the meaning of paragraph 1(e), or

In case of exercise of the right to object, the Company may no longer process the personal data, unless the controller proves that the processing is justified by compelling legitimate grounds which override the interests, rights and freedoms of the data subject or are related to the establishment, exercise or defence of legal claims. The decision as to whether the processing is justified by compelling legitimate grounds will be taken by the Company’s CEO. It shall inform the data subject of its position in an opinion.

5.4. Right to restriction of processing

Restriction of processing may take place if:

  • the data subject contests the accuracy of the data, the Company will restrict the processing of the personal data for a period of time until the accuracy of the data is established;
  • the processing is unlawful and the data subject requests restriction of use instead of erasure;
  • the data controller no longer needs the data, but the data subject requires them in order to bring legal claims;
  • the data subject objects to the processing of personal data in accordance with Article 21 of the GDPR. article, pending consideration of the objection.

The head of the department responsible for data processing shall suspend the processing of personal data for the duration of the examination of the objection of the data subject to the processing of his or her personal data, but for a maximum of 5 days, examine the grounds for the objection and take a decision, which shall be communicated to the applicant.

If the objection is justified, the head of the department restricts the data, i.e. only storage as data processing can take place as long as

  • the data subject consents to the processing;
  • the processing of personal data is necessary for the exercise of legal claims;
  • the processing of personal data becomes necessary in order to protect the rights of another natural or legal person; or
  • the processing is required by law in the public interest.

Where the restriction of processing has been requested by the data subject, the head of the relevant department shall inform the data subject in advance of the lifting of the restriction.

5.5. Right to erasure (“right to be forgotten”)

The data subject shall have the right to obtain from the controller the erasure of personal data relating to him or her without undue delay and the controller shall be obliged to erase personal data relating to him or her without undue delay where one of the following grounds applies:

  • (a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • (b) the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;
  • c) the data subject is subject to GDPR 21. Article 21(1), and there are no overriding legitimate grounds for the processing, or the data subject has a legitimate interest in the processing of personal data pursuant to Article 21(1). You object to the processing of your personal data on the basis of Article (2);
  • d) the personal data have been unlawfully processed;
  • (e) the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
    OR
  • f) the personal data were collected in connection with the provision of information society services.

5.6. The right to data portability

The data subject shall have the right to receive the personal data concerning him or her which he or she has provided to the Company in a structured, commonly used, machine-readable format and the right to transmit such data to another controller without hindrance from the controller to which he or she has provided the personal data, provided that:

  • the legal basis for the processing is the consent of the data subject or the processing was necessary for the performance of a contract to which the data subject is a party or for the purposes of taking steps at the request of the data subject prior to entering into the contract GDPR 6. (1) a) or b) , and 9. (2) a)
    AND
  • the processing is carried out by automated means.

The controller shall inform each recipient to whom or with which the personal data have been disclosed of any rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. Upon request, the controller shall inform the data subject of these recipients.

5.7. Legal remedies

The Data Controller shall also compensate the damage caused to others by the unlawful processing of the data subject’s data or by the breach of data security requirements, as well as the damages in the event of a personal injury caused by the Data Controller or by a data processor engaged by the Data Controller. The controller shall be exempt from liability for the damage caused and from the obligation to pay damages if it proves that it is not in any way responsible for the event giving rise to the damage.

The data subject may lodge a complaint with the supervisory authority – the NAIH in Hungary – regarding the processing of the data by the Data Controller:

name: National Authority for Data Protection and Freedom of Information
Headquarters: 1024 Budapest, Szilágyi Erzsébet fasor 22/C.
website: www.naih.hu

The data subject may also choose to pursue his or her claim in court. The tribunal has jurisdiction to hear the case. The action can also be brought before the court of the person’s domicile or residence, at the person’s choice.

6. Data processors

The Company uses the following data processors for the processing of personal data for technical tasks only:

name of the data processor: HL-System Szolgáltató és Szoftverfejlesztő Kft.
address: 4028 Debrecen, Simonyi út 11.
registration number: 09-09-013258
the purpose of the processing: hosting service

 

name of the data processor: HR Operatív Kft.
address: 3000 Hatvan, Robert Bosch út 3.
registration number: 10-09-036608
the purpose of the processing: staff selection, invoicing

Processors shall carry out data processing in accordance with the instructions of the Company, shall not make any substantive decisions concerning data processing, shall process personal data of which they become aware only in accordance with the provisions of the Company, shall not process personal data for their own purposes, and shall store and retain personal data in accordance with the provisions of the Company.

7. Changing the declaration

The Company reserves the right to amend the declaration. If the change affects the use of the personal data provided by the data subject, the changes will be communicated to the user by means of an e-mail information letter. If the details of the processing also change as a result of the amendment of the declaration, the Company will separately request the data subject’s consent.

8. Matters not covered by these Rules

In matters not covered by this Policy, the GDPR and, in cases permitted by the GDPR, the Infotv. rules shall apply.