DewertOkin Kft. Privacy notice and information on the processing of personal data
The DewertOkin Kft. (hereinafter Processor) as Processor expresses their consent to be bound by the content of this legal statement.
The aim of this guide to record the data protecting and processing principles and data processing and protecting policy applied by the DewertOkin Kft.
The DewertOkin Kft. committ themselves that all the processings in connection with their activity meet the requirements of this guide and the ones determined in the current legislations.
The DewertOkin Kft. committed to protect the data of their partners and employees, higly consider as important to respect the information self-determination. The DewertOkin Kft. process the personal data confidental and do all kinds of safety, technical and organizational steps which guarantee the safety of the data.
Name of the Processor
Name of the Processor:
|6000 Kecskemét, Szent István körút 24.|
managing director: Porde Christoph
managers: Rácz László, Csákó József
Company registration number:
|+36 76 515-600|
Inner data security officer:
|Erdős Irén, +36 30 9257841, firstname.lastname@example.org|
The personal data can be known by the employees of the company who have eligibility access in connection with the relevant processing aim, and those persons and organizations who doing processes for the Company according to service contracts in a determined scale which is determined by the Company and in a degree which is needed to fulfil their activity.
The definitions of this regulation is equal with the definitions determined in the GDPR article 4 and 9, especially:
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (GDPR Article 4. Chapter 1);
’data subject’: that natural person whose personal data is processed
(GDPR Article 4. Chapter 1);
‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; (GDPR Article 4. Chapter 2.)
‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future; (GDPR Article 4. Chapter 3.);
‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements; (GDPR Article 4. Chapter 4.);
‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person; (GDPR Article 4. Chapter 5.);
‘filing system’ means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis; (GDPR Article 4. Chapter 6.);
‘controller’ means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law; (GDPR Article 4. Chapter 7.);
‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; (GDPR Article 4. Chapter 8.);
‘recipient’ means a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing; (GDPR Article 4. Chapter 9.).
‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data; (GDPR Article 4. Chapter 10.);
‘consent’ of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her; (GDPR Article 4. Chapter 11.);
‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed; (GDPR Article 4. Chapter 12.);
’data transfer’ means providing access to the data for a designated third party (Act CXII of 2011 on the right to informational self-determination and on the freedom of information. 3. § 11.);
’dataset’ means all data processed in a single registry; (Act CXII of 2011 on the right to informational self-determination and on the freedom of information. 3. § 21.);
‘data concerning health’ means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status; (GDPR Article 4. Chapter 15.);
‘enterprise’ means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity; (GDPR Article 4. Chapter 18.);
‘supervisory authority’ means an independent public authority which is established by a Member State pursuant to Article 51 (GDPR Article 4. Chapter 21.);
‘supervisory authority concerned’ means a supervisory authority which is concerned by the processing of personal data because:
- the controller or processor is established on the territory of the Member State of that supervisory authority;
- data subjects residing in the Member State of that supervisory authority are substantially affected or likely to be substantially affected by the processing; or
- a complaint has been lodged with that supervisory authority; (GDPR Article 4. Chapter );
‘cross-border processing’ means either:
- processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State; or
- processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union, but which substantially affects or is likely to substantially affect data subjects in more than one Member State. (GDPR Article 4. Chapter );
‘information society service’ means a service as defined in point (b) of Article 1(1) of Directive (EU) 2015/1535 of the European Parliament and of the Council (GDPR Article 4. Chapter 25.);
’Data protection officer’ is a person appointed by the GDPR Article 37.
The obligation to hire (assign) a data protection officer covers all public authority and body (independently of the type of the data processing) or other organizations which main activity is regular and systematic monitoring of persons or handle the special categories of personal data on large scale.
The organization □ apply x does not apply data protection officer.
The organization x apply □ does not apply employee responsible for data protection.
+36 30 9257841, email@example.com
’EEA State’ means any Member State of the European Union and any State Party to the Agreement on the European Economic Area, as well as any state the nationals of which enjoy the same legal status as nationals of State Parties to the Agreement on the European Economic Area on the basis of an international agreement concluded between the European Union and its member states and the state which is not party to the Agreement on the European Economic Area; (Act CXII of 2011 on the right to informational self-determination and on the freedom of information 3. § 23.);
’sensitive data’ means all data falling in the special categories of personal data that are personal data revealing racial or ethnic origin, political opinion, religious belief or worldview, or trade union membership, as well as, biometric and genetic data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation; (Act CXII of 2011 on the right to informational self-determination and on the freedom of information. 3. §. 3.);
‘international organisation’ means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries (GDPR Article 4. Chapter 26.);
‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her; (GDPR Article 4. Chapter 11.);
„right to object”: The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions (GDPR Article 21. (1) paragraph);
’disclosure’ means making the data accessible to anyone;
’data erasure’ means making the data unrecognisable in such a way that its restoration is no longer possible; (Act CXII of 2011 on the right to informational self-determination and on the freedom of information. 3. § 13.);
’data designation’: Providing the data an identifying mark to distinguish it.
’data encryption’: for the purpose of limiting the continued handling of the data with an identifying indication for a definite or fixed time period;
’data destruction’ means the complete physical destruction of the data-storage medium
that contains the data (Act CXII of 2011 on the right to informational self-determination and on the freedom of information. 3. § 16.);
’the purpose limitation and proportion of processing’: Personal data shall be processed for determined purpose only and in the interest of legal practice and fulfil a commitment. The processing shall suit the aim of the processing in every phase, the record and handling of data shall be fair and legal. Only that personal data can be processed which is essential for the fulfilment of the aim of the process and suitable for the attainment of the target. The personal data shall be processed only in a degree and time which necessary for achieving the aim. During the process it shall be ensure that the data shall be punctual, full and – if it is needed for the aim of the process – up to date, and that the data subject could be identified only until the time needed for the aim of the process. If the aim of the process ended or the process of the data is illegal the data shall be erased.
’third country’ means any state that is not an EEA State;
’binding organization rules’: an inner data protection regulation which is binding to the processor or groups of processors who are accepted by a processor or a group of processors working in more countries including at least in one EEA Sate and approved by the Hungarian National Authority for Data Protection and Freedom of Information (hereinafter Authority) which ensure the protection of the personal data in case of transferring it to a third country by unilateral commitment of the processor or group of processors;
If the definitions of this regulation are different from the definitions of the actual data protecting law (it is GDPR now creating this regulation) then the definition determined by the law are authoritative.
The circle of the personal data, the aim, legal ground, and time of the process
The processes of the DewertOkin Kft. are based on voluntary approval, contractual or law obligation.
The rights of the data subject in connection with the process of their personal data
The DewertOkin Kft.make all the information in respect of the processed personal data available for the data subject any time:
- the identity and contact data of the processor or their representative,
- the aim of the planned process of the data and the legal ground of the process,
- if the personal data of the data subject was not received from them: the categories of the personal data involved
- in a given case the addressees of the personal data, and the categories of the addressees if there are any.
The DewertOkin Kft. choose and operate the informational equipments used during the process of the personal data and service supply in a way that the data processed:
- is available only for the authorized persons,
- their authenticity and certification are ensured,
- their constancy can be certified,
- safe from the unjustified availability.
The DewertOkin Kft. protect the data with appropriate measures especially against illegal availability, alteration, transfer, disclosure, erasure or destruction and accidental destruction, damage and inaccessibility because of the applied technology.
The DewertOkin Kft. arrange for the protection of the processing safety with regard to the actual level of technical development with organizational and constitutional measure which provide an appropriate safety level according to the risks in connection with the processing.
We also inform the data subjects that the electronic messages transferred via internet are vulnerable independently from protocol (e-mail, web, ftp etc.) from network threat which leads to unfair activity, disputing of contract or uncover, modify the information. The DewertOkin Kft. do everything that can be expected to avoid these threats.
If you have any comments, questions, problems in connection with our company, the process, or the use of our services you can contact us with our contact data.
We give information about the processes which are not mentioned in this guide during the recording of the data. The company reserves the right to modify unilaterally this data processing guide with informing the data subjects.
The Company does not check the personal data given them. Exclusively the person giving the data is responsible for the adequacy of it. Any data subject during giving their own email address take responsibility that this email address is used only by them to make use of service.
We inform our clients and employees that the investigation authority, the National Authority for Data Protection and Freedom of Information, and other bodies according to legal authorization can turn to the DewertOkin Kft. to enquire and get information and put documentations at disposal.
The processor has 30 days for giving information, erasing and correction. If the processor does not meet this kind of demand of the data subject, they shall inform them in writing the reasons of the refusal.
National Authority for Data Protection and Freedom of Information
Making a complaint can be done at the National Authority for Data Protection and Freedom of Information.
Address of the National Authority for Data Protection and Freedom of Information.: 1125 Budapest, Szilágyi Erzsébet fasor 22/c; Phone: +36 (1) 391-1400, Fax: +36 (1) 391-1410; http://www.naih.hu, e-mail: firstname.lastname@example.org.