General Privacy Notice
regarding Alverad Technology Focus
Introduction
Az Alverad Technology Focus Kft. (hereinafter: Controller or Company) sets out in this Privacy Notice its practices regarding the processing of personal data, the organizational and technical measures taken to protect the data, as well as information on the rights of data subjects and the means of exercising them.
Data of the controller
Name of the controller: Alverad Technology Focus Kft.
Company registration No. of the controller: 01-09-279889
Tax No. of the controller: 14544060243
Company seat of the controller: HU-1138 Budapest, Szekszárdi u. 22. 22. IV. building 2. floor
Authorized representative of the controller: Attila Hinkel, Managing Director
Contact person of the controller assigned for questions on data processing: Dr. József Répás (e-mail adatvedelem@alverad.hu)
Abbreviations used in this Notice and other definitions
GDPR– Regulation (EC) No. 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and the repealing of Directive 95/46/EC
Infotv. (Privacy Act) – Act CXII of 2011 on informational self-determination and freedom of information year CXII. act
Szvtv. (Security Services Act) – Act CXXXIII of 2005 on Security Services and the Activities of Private Investigators year CXXXIII. act
Ptk. (Civil Code) – Act V of 2013 on the Civil Code year V. act
Mt. (Labor Code) Act I of 2012 on the Labor Code year I. act
Mvt. (Labor Safety Act) – Act XCIII of 1993 on occupational safety and health year XCIII. act
data processing: the performance of technical tasks related to data processing operations, irrespective of the method and means used to carry out the operations and the place of application, provided that the technical task is performed on the data;
data processor: a natural or legal person or unincorporated body which processes data on the basis of a contract, including any contract concluded pursuant to a legal provision;
controller: a natural or legal person or unincorporated body which, alone or jointly with others, determines the purposes for which the data are to be processed, takes and implements decisions regarding the processing (including the means used) or has the data processed by a processor;
data management: any operation or set of operations performed upon data, regardless of the procedure used, such as collection, recording, recording, organization, storage, alteration, use, consultation, disclosure, transmission, alignment or combination, restriction, erasure and destruction, as well as prevention of further use of the data, taking of photographs, sound recordings or images and recording of physical characteristics which can be used to identify a person;
data transfer: making data available to a specified third party;
erasure: making data unrecognizable in such a way that it is no longer possible to recover it;
personal data breach: unlawful processing or handling of personal data, in particular unauthorized access, alteration, disclosure, transmission, disclosure, erasure or destruction, accidental destruction or accidental damage.
data subject: any natural person who is or can be identified, directly or indirectly, on the basis of personal data;
third party: any natural or legal person or an organization without legal personality other than the data subject, the controller or the processor;
consent: a voluntary and explicit expression of the data subject’s wishes, based on appropriate information, by which they give their unambiguous agreement to the processing of personal data concerning them, either in full or in relation to specific operations;
disclosure: making the data available to anyone;
personal data: data that can be associated with the data subject, in particular their name, identification mark and one or more factors specific to their physical, physiological, mental, economic, cultural or social identity, and the inference that can be drawn therefrom concerning them.
Processing of partners’ contact persons’ personal data
Alverad may process personal data of its corporate customers, suppliers, business partners and employees of other stakeholders and/or investors or individuals acting on their behalf in the course of its business.
Personal data processed:
– Personal identifiable information: name, email address, phone number, address, signature
– Occupation: name of a position, a department, an organization
Purpose of the processing:
– Carrying out the business (e.g. purchasing, selling, providing services)
– Meeting accounting obligations, issuing invoices and making payments
– Supply and account manager
– Planning and monitoring projects
Legal basis for data processing may be:
– Performance of a contract, pursuant to Article 6(1)(b) of the GDPR, – Pursuance of legitimate interests, pursuant to Article 6(1)(f) of the GDPR,
– Compliance with a legal obligation pursuant to and Section 169 of the Hungarian VAT Law act Article 6(1)(c) of the GDPR, as well as Article 169(2) of the Hungarian Accounting Act 169.§ Article
Duration of the processing: The retention period of the above data shall last until the termination of the working relationship, except for the data contained in the accounting documents directly and indirectly supporting the accounting, for which, pursuant to Article 169 of the Accounting Act, 169. it shall be 8 years from the expiry of the contracts.
Result of the interest balancing test: Alverad carried out its interest balancing test on data processing, which resulted in a finding that Alverad has a legitimate interest in the processing activity, since it is necessary for the continuation of its business (e.g., for procurement, supplier and customer management activities, and for planning and monitoring Alverad’s projects). Alverad receives and processes personal data to the extent and for the duration necessary for the purposes for which it is collected, in addition to pursuing its own legitimate interests and the legitimate interests of its related partners. The legitimate interest of Alverad and its affiliated partners prevails over the right of the data subject to dispose of their personal data in a particular case, as it is a necessary and proportionate restriction for the performance of the employee’s job. Alverad will in all circumstances ensure that data subjects exercise the rights set out in this notice.
As data controller, Alverad assesses that the legal basis for the processing is compatible with the legitimate interest referred to in Article 6(1)(f) of the GDPR and that the processing does not adversely affect the interests or fundamental rights and freedoms of data subjects in such a way as to override the legitimate interests of the Company.
On the basis of the above, Alverad’s processing complies with the legal and regulatory requirements for processing based on legitimate interests.
Contacting
Alverad presumes a consent to the processing of personal data shared when contacting Alverad through the contact details provided in this notice or on the website (e-mail, telephone, postal mail or in person).
Personal data processed:
– Personal identifiable information: name, email address, phone number, address
– Other data shared when contacting
Purpose of the processing:
– Liaising with the requesting party
– Replying and resolving questions or requests
Legal basis for data processing: The data subject’s consent as per Article of Infotv. and Article 6(1)(a) of GDPR. 5(1)(a)
Duration of the processing: Messages and personal data received in this way will be deleted by Alverad after the request, question or complaint has been replied. However, if necessary for tax or accounting reasons, or to protect the rights and interests of Alverad or the requestor, data will be archived and stored for the necessary period.
Processing of the job applicants’ data
Alverad processes the personal data contained in the CVs and other documents sent to Alverad, directly by the Data Subject or via a third party (recruitment agency, job search portal), together with the name and e-mail address of the job applicant, for the purpose of assessing the advertised job application and conducting the selection process. Alverad presumes a consent to the processing of personal data shared during the application process.
Personal data processed:
– Personal identifiable information: name, email address, phone number, address
– Career: previous jobs and positions, skills, references, salary requirements
– Curriculum vitae: qualifications, educational data
Purpose of the processing: : Conducting a selection for a current or future vacancy
Legal basis for data processing may be: : The data subject’s consent as per Article Article 5(1)(a) of Infotv. and Article 6(1)(a) of GDPR.
Duration of the processing: : The retention period for the above data is 3 months after the vacancy is filled.
Data processing on the website
There are no cookies placed on this website.
Processing of employees’ personal data
Alverad will set out the personal data it processes in relation to its employees in a separate privacy notice, to be made available to all its employees. Alverad records that it processes the personal data of its own employees primarily on the basis of Article 10 (1) of Act I of 2012 on the Labor Code.
Other data processing
For processing not described in this notice, Alverad will provide information prior to the processing, at the time of data collection. We inform our customers that, in addition to the Data Subjects, the following data controllers may contact us for the provision of information, communication of data, transfer of data, transfer of documents:
– court,
– prosecutor’s office,
– investigating authority,
– infringement authority,
– administrative authority,
– National Authority for Data Protection and Freedom of Information,
– and other bodies authorized by law.
Alverad will disclose personal data to the above authorities only to the extent and to the extent strictly necessary for the purpose of the request, provided that the authority has indicated the precise purpose and scope of the data.
Persons eligible to access the data
The data may be accessed by Alverad’s employees for the purposes necessary for the performance of their duties, those who assist in and control the implementation of data management purposes and those who act on behalf of the company to the extent strictly necessary for the performance of their work. Thus, for example, the personal data provided by applicants for a job advertisement is only accessible to Alverad’s competent employees who are necessarily involved in the recruitment and selection process and who have the right to propose or decide on the recruitment. Access to personal data within Alverad’s organization is governed by internal procedures on access rights for each job function.
In order to achieve certain data processing purposes and to facilitate its commercial economic activities, Alverad uses the services of third parties to perform certain tasks, which may include the processing of the Data Subjects’ personal data. These third parties (“Data Processors”) process the data in accordance with Alverad’s instructions and in compliance with the applicable legislation. For the purposes of processing, only personal data necessary for the fulfilment of those purposes will be transferred to Processors. For Alverad, the following data processors are involved in the data processing activities listed in this notice:
– Accounting and payroll services: Kontó Online Könyvelőiroda Kft. [Kontó Online Accountancy Office Ltd.] (Seat: HU-1132 Budapest, Váci út 64/C.)
– Operation of IT systems (e.g. website, CRM system, correspondence): Porion-Digital Kft. (Seat: HU-1119 Budapest, Petzvál József utca 37.)
– – Independent measurement of website traffic and other web analytics data is performed by Google Analytics as an external service provider. Detailed information: http://www.google.com/intl/hu/policies/
– – The map placed on the website is provided by Google Maps. Detailed information: http://www.google.com/intl/hu/policies/
Data transfers
Under no circumstances will Alverad disclose personal data to any third party without the Data Subject’s explicit consent, except in cases of legal obligation, official procedure or if Alverad uses a subcontractor/external service provider (courier, postal service) to fulfil its contractual obligations. In the latter case, the subcontractor carrying out the delivery is in any case bound by contractual conditions that it may use the Data Subject’s data only and exclusively for the performance of the contractual obligation and is not entitled to retain them for further use or to transfer them to third parties in any form.
Alverad is entitled and obliged to transmit to the competent authorities any personal data that it is required to by law or decision.
Data security measures
Alverad operates its information security management system for the protection of confidential data (e.g. personal data) in accordance with information security standard MSZ ISO/IEC 27001:2014, and has implemented, maintains and continuously improves processes that meet the requirements of the standard.
The security of the operation of the IT system, ensuring the confidentiality, integrity and availability of information in all its forms, is in the company’s fundamental business interest. Alverad restricts access to the data by setting privilege levels. The different data can be accessed by Alverad employees according to specific job functions, in a specific way and according to specific levels of access rights.
Data security is ensured by the IT tools chosen by Alverad to ensure that data can only be recorded, accessed, transmitted, modified or deleted with the appropriate authorization and that the data remains accurate during processing.
Rights of data subjects and means of enforcement
The Right to Information:Information can be requested from the data controller regarding the scope of personal data, as well as the legal basis, purpose, source and time of processing. Information may also be requested on to which and whose personal data, when, under what law the Special Service for National Security (hereinafter: NBSZ) grants or has granted access, and whether a personal data breach has occurred involving the data subject’s data. The NBSZ will provide the information within a maximum of 25 days, but only after the data subject’s identity has been verified, via the contact details provided in the request, in order to prevent unauthorized access.
Right of access: The data subject has the right to obtain from the controller information as to whether or not their personal data are being processed, and if so, they have right to receive detailed information regarding that (purpose, legal basis, duration of the processing, etc.). Alverad will provide the information within a reasonable time limit, but only after the data subject’s identity has been verified, via the contact details provided in the request, in order to prevent unauthorized access.
Right to rectification: The data subject shall have the right to request the controller to rectify the inaccurate personal data concerning them and to complete the incomplete data. Alverad will provide the rectification within a reasonable time limit, but only after the data subject’s identity has been verified, in order to prevent unauthorized modification, and shall provide information via the contact details provided in the request.
Right to erasure: The data subject shall, in general, have the right to obtain from the controller the erasure of personal data concerning them. Alverad may refuse a request for erasure if Alverad is required by law or internal regulations to continue to store the personal data. . (E.g.: the time limit in the internal rules on document management has not expired.) If no such obligation, Alverad will provide the request for erasure within a reasonable time limit, but only after the data subject’s identity has been verified, in order to prevent unauthorized erasure, and shall provide information via the contact details provided in the request.
Right to restriction of processing (locking): The data subject has the right to have their data blocked by Alverad at their request if:
– the data subject disputes the accuracy of the personal data;
– the processing is unlawful but the data subject requests restriction instead of erasure;
– the NBSZ no longer needs the processing of the personal data, but the data subject requires them for the purpose of submitting, enforcing or protecting legal claims;
– the data subject objects to the processing pursuant to Article 21(1) of GDPR.
Alverad shall investigate the legitimacy of the request of restriction, and shall provide information on that within a reasonable time limit, but only after the data subject’s identity has been verified, via the contact details provided in the request, in order to prevent unauthorized access. If Alverad considers the request to be justified, the blocking will last for as long as is necessary for the reason indicated by the data subject. (For example: while the accuracy of personal data is verified, while any inaccuracies are corrected, or while Alverad or the data subject’s legitimate grounds for objection are established.)
Right to data portability: The data subject has the right to receive personal data concerning them that they have provided to Alverad in machine-readable form and the right to transmit such data to another controller, where the legal basis for the processing is the data subject’s consent or the performance of a contract and the processing is carried out by automated means. Alverad shall investigate the legitimacy of the request of portability, and shall provide information on that within a reasonable time limit, but only after the data subject’s identity has been verified, via the contact details provided in the request, in order to prevent unauthorized access. In case of a positive decision on the request, the data subject’s personal data will be sent in machine-readable form at the same time as the information.
Right to object: The data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data on the basis of Article 6(1)(e) of the GDPR (necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the public authorities). of the GDPR (necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the public authorities). In this case, Alverad is obliged to demonstrate, in a balancing of interests procedure, whether there is a compelling legitimate ground which overrides the interests, rights and freedoms of the data subject or which is related to the establishment, exercise or defense of a legal claim. Alverad shall provide information on the results of the balancing of interests procedure within a reasonable time limit, but only after the data subject’s identity has been verified, via the contact details provided in the request, in order to prevent unauthorized access.
Remedies available: With your request or if you have any problems, questions or complaints about the processing of your personal data, Alverad encourages you to contact us by sending an e-mail to adatvedelem@alverad.hu adatvedelem@alverad.hu or by using one of the contact details provided in the paragraph on Data Controller Data. The Data Subject, in the event of a breach of their rights, may apply to court against Alverad.
If you are dissatisfied with the way Alverad handles your personal data, you have the right to lodge a complaint with the Data Protection Authority:
National Authority for Data Protection and Freedom of Information
National Authority for Data Protection and Freedom of Information (hereinafter: Authority)
Seat: HU-1055 Budapest, Falk Miksa utca 9-11.
Address: Budapest, P.O.B. 91363 Budapest, Pf. 9.
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat@naih.hu
Budapest, 2023. 05. 15.