Privacy Policy

07.11.2019

1     Objective

The aim of this document is to set out principles and rules for the processing of personal data other than employee personal data processed by MEGAHOLZ Kft. (‘MEGAHOLZ Kft.’ or ‘MEGAHOLZ’) in order to ensure the prevalence of data protection principles and data security requirements.

2     Updates

The privacy policies arising in connection with the processing of data by MEGAHOLZ Kft. are available on a continuous basis at the website http://megaholz.com/privacy-policy?lang=en.

MEGAHOLZ reserves the right to amend this Notice at any time.

3     General

MEGAHOLZ shall process personal data in compliance with the following basic principles:

  • MEGAHOLZ Kft. shall process personal data in confidence and in conformity with the applicable legislative provisions, ensuring their security, and shall carry out the required administrative, logical and physical security and organisational measures and put in place the procedural rules required in order to enforce the applicable provisions of the legislation in effect from time to time.
  • During such processing, MEGAHOLZ Kft. shall safeguard the confidentiality of data: it shall protect information, ensuring that it can be accessed by authorised personnel only; data integrity: it shall protect the accuracy and completeness of information and the method of processing; availability: it shall ensure that the authorised user is able to access the required information and that the related tools are available whenever the information is needed.
  • As a Controller, MEGAHOLZ Kft. shall ensure that any processing in connection with its operation complies with the provisions of this Notice and any applicable legislation.

4     Legal background

MEGAHOLZ shall comply with the legislative provisions relevant to the processing of personal data throughout each phase of processing. The processing of data by MEGAHOLZ shall be governed in the first place by the provisions laid down in the following legislation:

  • Act V of 2013 on the Civil Code (‘Civil Code’)
  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR);
  • Act XXXIV of 2019 of 26.04.2019 on the amendment of laws required in order to implement the data protection reform of the European Union (GDPR omnibus law);
  • Act CXII of 2011 on the right of individuals to control their personal information and the freedom of information (‘Data Protection Act’);

5     Definitions

Definition

Description

data subject

An identifiable natural person or a natural person who can be identified, directly or indirectly, on the basis of specific personal data.

personal data

Data that can be associated with the data subject - particularly the data subject's name, identification code, knowledge of one or several characteristic physical, physiological, mental, economic, cultural or social identity - as well as the conclusion that may be drawn from the data in respect of the data subject.

consent

A voluntary and unequivocal representation of the data subject's wishes, made in possession of the appropriate information, with which the data subject unambiguously consents to the handling (comprehensively or in relation to individual operations) of his or personal data.

objection

A declaration by the data subject objecting to the handling of his or her personal data, and requesting termination of the data handling and deletion of the handled data.

controlling of data

Irrespective of the applied procedure, any operation or entirety of operations performed on personal data, including but not limited to the collection, recording, input, organisation, storage, modification, use, transfer, disclosure, coordination or association, blocking, deletion or destruction of the data, the prevention of the further use of the data, taking of photo, voice or video recording, or the recording of physical characteristics suitable to identify a person (e.g. fingerprint, palm print, DNS-sample or iris image).

data processing

The carrying out of technical tasks related to the controlling of data, regardless of the method and means employed for execution of the operation, and the place of their application, provided that the technical task is performed on the data.

data transfer

The act of making data available to a specific third party.

disclosure

The act of making the data available to any person.

controller

The natural or legal person or unincorporated entity which, alone or jointly with others, determines the purpose of the processing of personal data, makes the decisions on the processing of data (including the means to be employed), and implements such decisions or has them implemented by the processor appointed by it.

processor

The natural or legal person or unincorporated entity which processes personal data based on a contract, including a contract entered into on the basis of a legislative provision.

erasure of data

The act of rendering data unrecognisable in a manner ensuring that their restoration is no longer possible.

set of data

The entirety of data processed within the same register.

third party

A natural or legal person or unincorporated entity other than the data subject, the controller or the processor;

pseudonymisation

The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

 

6     Controller data

  • Name of the Controller: MEGAHOLZ Kft.
  • Registered address of the Controller: 1106-Budapest, Maglódi út 55.
  • Postal address of the Controller: 1106-Budapest, Maglódi út 55.
  • Company reg. no.: 01-09-075378
  • Tax registration number: 10519509-2-42
  • Contact person: József Marton
  • Phone number of the Controller: +36 1 492 1700
  • Email: info@megaholz.hu

7     MEGAHOLZ Kft’s processing activities

7.1        Personal data provided during telephone conversations

Purpose of the processing

To provide a custom-tailored service to data subjects and providing quotations and information to the data subjects at request.

Legal basis of the processing

The voluntary consent of the data subject to the processing of personal data; the registration of data is initiated by the data subject.

The range of processed data

The data subject’s name, telephone number and private email address.

Definition of data subjects

Any interested person involved during the processing of data, who initiate contact.

Duration of the processing

If no business relations are established within a year of the offer, the data shall be erased.

Withdrawal of consent

Consent may be withdrawn by email or written format; such withdrawal, however, shall not affect the lawfulness of the processing of personal data prior to the withdrawal.

Requirement concerning the provision of personal data / Consequences of the refusal to provide personal data

The data subject shall be required to provide the personal data since the identification cannot be carried out unless the data listed have been provided. No offer can be provided if the data subject refuses to provide the personal data required.

 

7.2        Personal data provided during a request for an offer on the website

Purpose of the processing

To provide an individual price quotation to the data subject on the basis of information provided by him/her

Legal basis of the processing

The voluntary consent of the data subject to the processing of personal data; the registration of data is initiated by the data subject by completing a request for proposal form.

The range of processed data

The data subject’s name, telephone number, private email address and country (mandatory)

Plus any information provided by the data subject as supplementary information (optional).

Definition of data subjects

Any interested person involved during the processing of data who request an offer by completing the form on Megaholz Kft’s website.

Duration of the processing

Personal data provided during a request for offer shall be forwarded to the email system. Quotations are managed by Megaholz Kft. in its corporate management system.

If no business relations are established within a year of the offer, the personal data shall be protected by pseudonymisation.

If the offer results in business relations, the personal data shall be processed for the period specified in the applicable legislation.

Withdrawal of consent

Consent may be withdrawn by email or written format; such withdrawal, however, shall not affect the lawfulness of the processing of personal data prior to the withdrawal.

Requirement concerning the provision of personal data / Consequences of the refusal to provide personal data

The data subject shall be required to provide the personal data since no offer can be provided in the absence of such data. If the data subject refuses to provide the personal data required, the request for proposal form cannot be forwarded.

 

7.3        CV data

CVs may be sent to the (email) addresses specified on the website / other communication channels in order to apply for the vacancies published.

Purpose of the processing

To fill vacancies announced by MEGAHOLZ and to hire employees

Legal basis of the processing

The processing of personal data is carried out on the basis of the data subject’s voluntary consent to the processing; by forwarding a CV, the data subject shall voluntarily consent to the processing of his/her personal data.

The range of processed data

The personal data processed shall include the data subject’s name, phone number, email address, educational background and other data specified in the CV.

Definition of data subjects

Any interested person involved during the processing of data, who voluntarily apply for a vacancy.

Duration of the processing

The data shall be retained for a maximum period of 6 months from receipt (unless the data subject concerned is awarded the job).

Withdrawal of consent

Consent may be withdrawn by email or written format; such withdrawal, however, shall not affect the lawfulness of the processing of personal data prior to the withdrawal.

Requirement concerning the provision of personal data / Consequences of the refusal to provide personal data

The data subject shall be required to provide the personal data; the hiring process cannot be initiated in the absence of the required data. If the data subject refuses to provide the personal data required, the application shall be automatically dismissed.

 

7.4        Use of the website - cookies

By the appropriate setting of their web browser, users may disable the placement of individual identifiers (cookies) on their computer. Users may disable the application of marketing and other types of cookies in a pop-up window when visiting a site.

Purpose of the processing

Cookies are managed by Megaholz for data processing purposes, i.e. in order to enable it to learn about the information usage patterns of Data Subjects and thus to improve the quality of its services and to provide customised pages and marketing (advertising) materials during the visit to the website.

Legal basis of the processing

The processing of personal data is carried out on the basis of the data subject’s voluntary consent to the processing; opening the website, the data subject can regulate the operation of cookies in a pop-up window.

The range of processed data

The personal data being processed include cookies used by Google Analytics, cookies facilitating the operation of the website and marketing cookies.

Definition of data subjects

Any interested person involved during the processing of data, who initiate contact.

Duration of the processing

12 months from the visit to the site.

Withdrawal of consent

Consent may be withdrawn by email or written format; such withdrawal, however, shall not affect the lawfulness of the processing of personal data prior to the withdrawal.

Requirement concerning the provision of personal data / Consequences of the refusal to provide personal data

If the data subject refuses to consent to the use of cookies, the website can be browsed at a lower speed.

 

7.5        MEGAHOLZ’s social media pages

MEGAHOLZ operates Facebook (https://www.facebook.com/pages/Megaholz-kft/350010718464057) social media pages. Access to the personal data of users registering or transmitting messages on such pages is regulated by the data processing policies of Facebook and LinkedIn.

8     Data transfer

MEGAHOLZ is entitled and obliged to transfer to the competent authorities any Personal Data available to and lawfully stored by it where the transmission of such Personal Data is required by the law or a binding administrative order. The Controller shall not be liable for such transfers of data and the consequences resulting from the transfer. No data are transferred to any other third parties or to third countries.

9        Description of technical and organisational measures with a view to ensuring data security

The complex level of information security that is necessary and appropriate for the processing of personal data is guaranteed by the following measures / control methods with respect to the confidentiality, integrity and availability of data:

  • physical protective measures
  • administrative and technical protective measures and controls
  • availability of appropriate resources
  • personal security measures
  • information security trainings and trainings related to the processing of personal data

10  Rights and remedies available to data subjects

10.1    Right to transparent information

Data subjects have a fundamental right to proper and transparent information; the controller shall be liable for providing such information. The Controller shall provide information to the data subjects relating to the circumstances of processing and the rights available to the data subjects in a concise, transparent, intelligible and easily accessible form, using clear and plain language.

MEGAHOLZ shall provide the requested information without undue delay, within 25 days at most.

10.2    Right of access

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; the envisaged period for which the personal data will be stored; the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; the right to lodge a complaint with a supervisory authority; any available information as to the source of personal data; the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. Such information shall be provided by the controller at most within a month of receipt of the request for information.

10.3    Right to data portability

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.

10.4    Right to rectification

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.

10.5    Right to be forgotten

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • the data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing;
  • the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
  • the personal data have been unlawfully processed;
  • the personal data have to be erased for compliance with a legal obligation in Union
  • or Member State law to which the controller is subject;
  • the personal data have been collected in relation to the offer of
  • information society services.

Where the data processed are required in order to assert a right or, for example, to report to an authority, the processing may be continued with a view to complying with a legal obligation or on the basis of legitimate interest.

Where data are erased, the obligation to erase data shall also apply to any processor involved in the processing.

10.6    Right to object

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions. In the event of an objection by the data subject, the controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. 

10.7    Right to restriction of processing

Where processing has been restricted, personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment of legal claims or for reasons of important public interest. The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

  • the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  • the data subject has objected to processing; in such cases, the restriction shall apply for a period while it is verified whether the legitimate grounds of the controller override those of the data subject.

10.8     Automated decision-making in individual cases, including profiling

MEGAHOLZ does not engage in profiling.

11  Seeking redress from the court

Please note that the data subject has the right to seek redress from the court against the Controller if his or her rights have been breached. The court shall proceed with urgency in such matters. The dispute shall be adjudged by the tribunal. A suit may be brought, at the data subject’s discretion, at the tribunal with jurisdiction over the registered address of the controller or over the data subject’s permanent address or place of residence. A party without a capacity to bring legal proceedings may also be a party to the proceedings.

The Controller shall reimburse any loss arising from the unlawful processing of the data subject’s personal data or the breaching of data security requirements. The data subject may demand damages from the Controller if the latter has breached the data subject’s right to privacy by the unlawful processing of the data subject’s personal data or the breaching of data security requirements. The Controller shall be exempted from its liability for damages and its obligation to pay damages if it can demonstrate that the loss or the violation of the data subject’s right to privacy was due to reasons beyond the Controller’s reasonable control. The Controller shall not be obliged to reimburse the loss or be liable for damages to the extent the loss or the violation of privacy was due to wilful conduct or gross negligence by the victim or the data subject. 

12  Administrative procedure

The data subject may lodge a compliant with or request information from the Authority:

  • Name: National Authority for Data Protection and Freedom of Information
  • Registered office: 1125 Budapest Szilágyi Erzsébet fasor 22/c.
  • Postal address: 1530 Budapest, Pf.: 5.
  • Mailing address: 1530 Budapest, Pf.: 5.
  • Phone: +36 (1) 391-1400
  • Fax: +36 (1) 391-1410
  • Email: ugyfelszolgalat@naih.hu
  • Website: http://naih.hu

13  Other provisions

Information on any processing of data not listed in this Notice will be provided when such data is recorded. Please note that the court, the public prosecutor, the investigation authority, the administrative authority, the National Authority for Data Protection and Freedom of Information, Magyar Nemzeti Bank and other bodies authorised by the law may request the Controller to disclose information and data and/or to make available documents.

Where the authority has specified the purpose of processing and the data required, MEGAHOLZ shall only provide or disclose such any personal data to the authorities to the extent that is absolutely necessary in order to attain the purpose of the request.

. 12