I. DATA CONTROLLER
Seyu Solutions Kft. (hereinafter: Data Controller, Company) creates the below report of data-process in order to ensure the legal process of data management and the rights of the affected.
|Name of data controller:||Seyu Solutions Kft.|
|Registration number of the company:||06 09 024603|
|Seat of data controller:||6758 Röszke, Dózsa György utca 58|
|Electronic adress of data controller:||firstname.lastname@example.org|
|Representative of data controller:||Vecsernyés Tamás, Executive Director|
The Company controlls the personal data under the effective legislation but most mainly according to the below laws:
- Act CXII of 2011 on the right of informational determination (hereinafter Info. tv.),
- the regulation No 2016/679 of the European Parliament and Council (EU) about the protection of natural persons in relation to the processing and free flow of personal data as well as the repeal of 95/46/EK Directive (hereinafter: Regulation or GDPR)
- Act V of 2013 on the transitory and authorising provisions related to the entry into force of the New Civil Code, (hereinafter: CC)
The Company processes the data on a confidential basis, makes every informatical, informational security and other security measure which is necessary in order to keep the data confidential.
II. OBJECTIVE OF DATA PROCESSING: Data processing for the performance of contract
Objective of data processing
The aim of the Data Controller is to complete and perform the contract and to help to move forward these processes. The Seyu Solutions Kft. signs contracts and is in connection with natural persons and legal entities as well during its activity.
Regular contact between the parties for business purposes.
Processed personal data
a) name, mother’s name, address, place and date of birth
b) billing address, State
c) National Insurance Number
d) tax number, bank account number
e) tax identification, tax number
f) of appropiate person to contact, working position, telephone number, email address
g) data of individual entrepreneur
h) other data that is necessary for perform the goal and the contract
Legal ground of data-processing
The legal ground for data-processing during the concluding contracts and regular contacts is the Regulation (Article 6. para (1) point. f), therefore the legitimate interest of the company as indicated above.
In case of natural persons, the legal ground of data-processing is the Regulation (Article 6. para (1) point b)
Source of personal data
The affected. Hence the affected is the source of the data, the Data Collectors gives information directly in case of any change in the list of the data at their affiliation.
Addresses of provided personal data
Only those employees of the Data Controller treat the personal data whose functionality concerns responsibility is the administration.
The Data Controller uses the data-processor below in connection with invoicing:
Address : 6725 Szeged Borbás utca 19.
ABC Accounting Adószakértő és Tanácsadó Kft.
Address : 1115 Budapest, Keveháza u. 1-3
Head office: 7773 Villány, Móra F. u. 1-3.
a company responsible for accounting and billing.
The data-processors use the personal data of the affected only in the manners established by the Data Controller in the contract in accordance the instructions of the Data Controller. In the regard of the data-processor does not have the decision-making right. The data-processing programs commit obligation of confidentiality and contractual guarantee about the data.
The transfer of personal data to third countries or to international organisations
The Data Controller does not transfer the personal data of the affected to third country or to any international organization.
Period of data-processing
As general rule the data will be processed until reaching the objective.
In case the appropriate person or the law does not establish longer period, the period of information storage is 5 years. In the lack of further legal regulation, the time period for storing the personal data of the contracting partner’s contacting person is five years from the expiry or performance of the contract.
Automatized decision making and profile creating
Neither of them happens during the data processing.
Providing personal data
Controlling the data is based on law and mandatory.
III. RIGHTS OF THE AFFECTED IN RELATION OF DATA-PROCESSING
Right for information
The affected has the right to receive information about the data-processing, which is provided by the Data Controller with this information report.
Data-processing based on consent
In case any process of data is based on consent, the affected is entitled to withdraw it anytime. The affected only has the right to withdraw the consent about the data if it does not have any other legal basis for processing it. In case processing of the affected personal data does not have other legal basis, the Data Controller deletes it definitively and irrevocably after the withdrawal. The withdrawal of the consent does not affect the legality of data-processing before the withdrawal.
Right for grant for access
The Data Controller informs the affected in case of application if its personal data is being processed. If it is, the Data Controller ensures access for the personal data and for information below:
a) objectives of data-processing;
b) categories of affected personal data;
c) those addressed or categories of addressed who the Data Controller shared or will share the data with, including particularly third countries and international organizations;
d) planned period of storing personal data, or if it is not possible the factors of determination of the period;
e) able to request the correction, to delete or to limit the processing of data and can object against processing personal data;
f) right to make a complaint to any supervisory authority or to launch judicial procedure
g) if the Data Controller did not collect the data directly from the affected, every available information about the source;
h) in case of automatized decision making, including profile creating but at least about the logic behind it, ergo about the importance of the data-processing in relation of the affected and the consequences.
Right to correct personal data
The affected is entitled in any circumstances to ask the Data Controller for correction without undue delay about the personal data. The affected is entitled to ask addendum through supplementary declaration in the light of the objective of data-processing.
The Data Controller draws attention to the affected about the necessity of notifying any changes as soon as possible in order to facilitate lawful data-processing and justice.
Right to erasure – right to be forgotten
The affected entitled to request the removal of it’s personal data by the Data Controller without undue delay if any of the below reason stands:
a) there is no need for personal data in the way the Data Controller collected and processed it;
b) in case of consent-based data processing it withdraws the consent and the data-processing does not have any other legal basis
c) the affected objects against the data-processing and there is no primary legal reason for data-processing, or objects against data-processing in purpose of direct marketing;
d) the Data Controller processed the personal data unlawful
e) the Data Controller must delete the personal data in order to submit legal obligation established in EU or Member State law
f) if the collection of personal data was in order to offer services in connection of informational society.
Right for restriction of data-processing
The affected is entitled to request the Data Controller to restrict data-processing if any of the reasons below stands:
a) argues with the reliability of the data; in that case the restriction will stand for the period which enables the Data Controller to check the reliability of the personal data;
b) the data-processing is unlawful and instead of the cancellation of the data it requests to restrict the process of data;
c) the Data Controller does not need the personal data anymore for data-processing but the affected requires them for legal claims, validation or protection or
d) the affected objected to the data-processing; in that case the restriction stands for the period-of-time while it is not established that the legitimate reasons of the data-processor are primary in comparison with the legitimate reasons of the affected.
Right for objection
In case the legal basis for data-processing is the legitimate interest of the Data Controller (Regulation, article 6. para (1) point f)) or the data-processing is necessary for the Data Controller for the execution of tasks of public authority (Regulation article 6. para (1) point e)), the affected has the right to object to processing its personal data including profile creation based on the mentioned regulation.
In case the Data Controller processes the personal data for the purposes of direct marketing, the affected has the right to object to data-processing of that premises including profile creating if it is for that purpose. Personal data cannot be processed in the purpose of direct marketing if the affected objects to it.
Right for data portability
The affected is entitled to get the personal data in headed, widely used and machine-readable format, furthermore the Data Controller is entitled to forward these data to another data-processor in case of:
a) data-processing is based on the consent of the affected or on the contract signed in relation of Regulation (Article 6. para (1) point b); and
b) data-processing is automatized.
PROCEDURE TO GRANT THE RIGHTS OF THE AFFECTED
The affected can exercise its rights by sending an email to email@example.com, sending a postal mail to the head office of the Data Controller (6758 Röszke, Dózsa György utca 58.) or in persona the head office of the Data Controller. The Data Controller starts the examination and fulfilment without undue delay. The Data Controller informs the affected about the measures based on the request withing 30 days of the arrival of it. In case the request is cannot be performed the Data Controllers informs the affected about the reasons of refusal and the rights of remedies.
In case of the death of the affected, a person authorized by the affected by authentic instrument, document of equivalent probative value and declaration for the Data Controller – if there is more than one declaration the latest is the valid one – can validate the rights of the affected within 5 years. If the affected did not make any declaration, according to the Civil Code any close relative is entitled to validate the rights of the affected stated in the Regulation article 16. (right for correction) and article 21. (right to object), and – if data-processing was unlawful during the life of the affected – for the Regulation article 17. (right to be forgotten) within 5 years after the death. The first close relative who exercises the rights of the affected is entitled for the validation of the rights in this para.
IV. RIGHT TO PURSUE REMEDIES
In order to validate the right of judicial remedy the affected can seize the court, if the Data Collector or other contracted data-processor violates the standards of data-processing over the law or the European Union. The court acts … in the matter. The evaluation of the trial falls into the competence of the court. The trial can be brought into court located in the residence of the affected or in the location of the State of the Data Controller.
By the reference to the violation of personal data-processing, or it is a risk that it will happen, or the rights of the affected has been limited by the Data Controller, or it refuses the request to grant these rights, anyone can initiate an investigation at the National Authority of Data Protection and Freedom of Information. The affected can report to any of the below availabilities:
Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)
Postal address : 1530 Budapest, Pf.: 5.
Address : 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
In case of a divergence of interpretation, the Hungarian report shall prevail.
Budapest, 2020. 01. 27.