DATA CONTROLLING POLICY
3.1. Data processing in relation to electronic contact and newsletters
3.1.1. Processing data and the aim of processing
Personal data | Purpose of date processing |
First name and surname | The communication between the data subject and the company and the individualization of services. |
The communication between the data subject and the company |
3.1.2 Legal basis to data processing
Legal basis is the consent of the data subject to the processing: GDPR article 6, point (a).
3.1.3. Duration of the data processing
The Company processes the date received via messages until the withdrawal of the consent given by the data subject. The deletion of the registration can be initialized within the system by clicking on button ‘Deletion of Registration’. Personal data is destructed following this.
3.2. Personal data in relation to online tests
3.2.1. Processed personal data and purpose of processing
Personal data | Purpose of date processing |
First name and surname | The Company prepares complex personality and behavioral analyses based on the online-fulfilled tests. Giving this personal data is part of the test. |
Date of birth | The Company prepares complex personality and behavioral analyses based on the online-fulfilled tests. Giving this personal data is part of the test. |
Results of the assessment | The Company prepares complex personality and behavioral analyses based on the online-fulfilled tests. |
The Company transfers the personal data above to the Customer of the complex personality and behavioral analysis.
3.2.2 Legal basis to data processing
Legal basis is the consent of the data subject to the processing: GDPR article 6. paragraph 1. point (a).
3.2.3. Duration of the data processing
The company stores data designated here for 4 (four) months following the creation date, then erases them automatically.
3.3. Other personal data stored by the system
3.3.1. Processed personal data and purpose of processing
Personal data | Purpose of date processing |
IP address | Identifier number assigned by the internet provider to the asset used by the user logging into the system. The company processes it ensure network and information security. |
Login date | Date of a user logging into the system. The company processes it to ensure network and information security. |
3.3.2 Legal basis to data processing
Legal basis to data processing is to ensure network and information security, therefore it is a purpose of the legitimate interests pursued by the controller: GDPR article 6. paragraph 1. point (a). The storage of the above designated data is necessary for the ability of the information system to resist, at a given level of confidence, accidental events or unlawful or malicious actions hat compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data, and the security of the related services offered by. Storing the above personal data is proportionate for the purposes of ensuring network and information security. Please find an assessment proving this conclusion as Annex 1 to this policy.
3.3.3. Duration of the data processing
The company stores data designated here to an extent necessary and proportionate for the purpose for 3 (three) months following the creation date, then erases them automatically.
4. Accessibility to personal data and related security measurements
4.1. Accessibility to data and data transfer
4.1.1. Data controllers entitled possible to access personal data
Employees of the Data Controller, to an extent necessary and proportionate to carry out their duties.
4.1.2 Data Processors
Data Processors not mentioned at certain data processing:
Name of the Data Processors: Colibree Design & Development Kft.
Seat: H-1163 Budapest, Máté utca 2.
Purpose of data processing: Development and maintenance of the website
Name of the Data Processors: EZIT Kft.
Seat: H-1132 Budapest, Victor Hugo utca 18-22.
Purpose of data processing: Provider of data storage
4.2. Data security measurements
The Company stores personal data on servers located at its seat, H-1026 Budapest, 122 Pasaréti Út V. Em. The Company undertakes the necessary information technology, technical and human resources measurements in order to protect personal data controlled by the Company against unauthorized access or against unauthorized changes. The company processes data with highest possible discretion and strict confidentiality.
5. Rights of the data subject
5.1. Information
The data subject can make a written inquiry through contact stated at point 1 in relation to which personal data is processed, on which basis, for what purpose, from what kind of source, for how long and can also inquire who had access to those personal data and whom it was transferred.
The Company addresses the inquiry latest within one month by sending a mail or e-mail to contacts determined by the inquirer.
5.2. Right to rectification
The data subject can request the rectification of inaccurate data through contact stated at point 1 in a written form (e.g. changing e-mail or postal address). The Company addresses the request latest within one month and notifies the requestor by mail or e-mail to contacts determined by the data subject.
5.3. Right to erase
The data subject can request the erasure of personal data through contact stated at point 1 in a written form. The Company refuse the request if processing is necessary for compliance with a legal obligation to which the controller is subject: GDPR article 6. paragraph 1. point (c). If there is no such obligation, than the Company fulfills the request within 1 month and notifies the requestor by mail or e-mail to contacts determined by the data subject.
5.4 Right to restriction of processing
The data subject can request the restriction of processing of personal data through contact stated at point 1 in a written form (expressing clearly the restriction and separation from other data). Restriction takes place until the reason marked by the data subject makes the restriction necessary. The restriction of data can be requested for example if the data subject thinks that its petition is treated unlawfully by the Company, but the data should not be erased due to an initiated course of action in front of the court or initiated by authorities. In this case the Company continues to store the personal data until the enquiry of the court or authorities (e.g. the relevant petition), then erase the data.
5.5. Right to object
The data subject has the right to object against the data processing through contact stated at point 1 in a written form if the Company transfers or uses data for research purposes.
6. Law enforcement possibilities
6.1. Initiating civil procedure, litigation
The data subject can initiate a civil procedure against the Company if experiences illegality in relation to data processing. The lawsuit can be initiated – according to the choice of the data subject – in front of the court of justice competent according to the home place of the data subject (please see listing and availability of such courts on the following link: http://birosag.hu/torvenyszekek).
6.2. NAIH procedure
The data subject can make a complaint at the Hungarian National Authority for Data Protection and Freedom of Information if experiences illegality in relation to data processing. Please see the link: https://www.naih.hu/online-uegyinditas.html.
An appointment can be arranged on Tuesday and Wednesday between 9 a.m. and 12 p.m. and between 1 p.m. and 4 p.m. on the following phone: +36 (1) 391-1400.
We kindly draw your attention to the fact that the Authority only inspects complaints once the data subject has contacted the Data Controller and failed to reach a conclusion.
Annex: