GENERAL DATA PROTECTION REGULATION 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL – “GDPR”
– PROTECTION OF NATURAL PERSONS ABOUT THE PROCESSING OF PERSONAL DATA AND THE FREE FLOW OF DATA
Effective from the date May 25, 2018
1. DATA PRIVACY
The purpose of this Privacy Statement is to inform properly the private individuals concerned about the handling of their personal data in accordance with the provisions of the General Data Protection Act of the European Union (Government Decree 2016/679 – “GDPR”) and Hungarian data protection legislation (Act CXII of 2011).
Cason Zrt. (Hereafter referred to as the “Data Controller”) agrees to be bound by the rules contained in this Handout, which are based on the legal regulations in force.
Under the website cason.hu data protection regarding data handling handout can be found on the following address: https://www.cason.hu/en/privacy-policy
Information about the data hander:
Name: CASON Engineering Plc.
Address: H-2030 Érd, Velencei street. 37.
Phone: +36 (23) 522-100
Representative: Tamás Horváth, László Tibor Ürge , Dr. Sándor Erdei members of the board
Tax Number: 11923280-2-13
Company register Nr.: 13-10-040617
The Data Handler agrees that the data management of its website and its services follows current EU and Hungarian regulations. The data controller reserves the right to change the handout but undertakes for disclosure and publishing.
2. RANGE OF DATA RELATED TO DATA HANDING
On the webpage – voluntarily, based on approval personal data is handled if they are made available by the eligible bid or job application.
Types of personal data: surname and first name, phone number, address and e-mail address, telephone number, degree and qualification details, contact name and address.
Data managed based on a voluntary contribution shall be deleted by the data controller at request of the person concerned without undue delay. If there are no other legal basis, based on voluntary contributions every data will be deleted one year after the last contact.
3. DATA PROCESSORS
3.1 Cason Plc. as data processor
- provided data: [*],
- data processing goal: [*]
- duration of data handing: [*]
- legal basis: [*].
4. PRELIMINARY INFORM OF THE PERSON CONCERNED
The person concerned will be informed, – briefly and comprehensively -, about all the facts related to his or her data management, including the purpose and legal basis of the data processing, about the data controller and the person authorized for data processing, the duration of the data handling, and who will know the data. The data provided by concerned person on the web site, (including any personal data contained in the files uploads by the person concerned) is handled by the data handler, based on voluntary contributions.
The providing information also covers the rights and judicial remedies, to the data subject concerned.
5. PERSONAL DATA, OBJECTIVE, LEGAL BASIS AND TERMS OF DATA MANAGEMENT
The handling of all personal data relating to the person concerned is based on voluntary contributions or legal obligations.
5.1. Data from website visitors
When visiting our websites, we as a data handler record the IP address of users (unidentifiable), the date of visit, and the page of the page being viewed – for technical reasons as well as statistics on user habits. These data are statistical data, we do not assign a specific user identity, so the affected person cannot be identified. We do not practice so called “profiling”, and we do not give permission to anyone else.
The data is stored on the server for up to a month. The legal basis of the data management: voluntary contribution from the concerned person.
The service provider places a small data packet on the user’s computer so called Cookies for a customised handling. By using the websites, the user agrees that the service provider places service cookies on the computer. Cookies must be enabled by the user and the data packet is not placed on the user’s computer unless it is authorized.
Cookies are usually erased in a few clicks by selecting the appropriate tab in the browsers you use. Cookies can be explicitly prohibited by the user in their browser settings. The provider may store only purely technical cookies, according to the applicable legislation without any express permission.
The service provider, as a technical contributor, may ensure that when visiting a website, third-party collaborators, Google Inc. cookies, will be stored when a user has previously visited the provider’s website and can show an ad to the user.
5.2. Contact fill out a general application, customer correspondence
The range of data processed are: name, address, phone number, e-mail address.
Messages are only used by the recipient in an intended manner, if no business connection is established, the data will be stored for up to 1 year from the recording.
5.3. Other data treatments
By this leaflet not specified data handling, the data handler will provide detailed information about before starting the data management operation and obtain the necessary contribution.
6. DATA STORAGE METHOD, SECURITY
Server(s) serving data management website(s) are located at following IP address: 184.108.40.206
6.1. Data security
The data controller shall preserve during the process:
- aintegrity and confidentiality: it protects the information so that it can only be accessed by those who are entitled to it, it protects the accuracy and completeness of the information and processing method;
- Availability: Ensures that when the eligible user needs it, the person can access the information that needed and have access to the related tools.
Electronic messages transmitted over the Internet (e-mail, web, ftp, etc.) are vulnerable to network threats that lead to dishonest activity, controversy or disclosure or modification of information. To protect against such threats, the service provider will take all the precautionary measures that may be expected from him. Systems are monitored to capture all security dangers and provide evidence of any security incident. System monitoring also allows checking the effectiveness of the used precautions.
6.2. Data storage
The data controller selects and manages its software and IT tools so that the data processed: – accessible for those who are (availability), – trustworthy and authentication of the data (credibility of the data) is ensured, and the unchangingness can be justified (data integrity) – and the authenticity of the data can be verified by the unauthorized access (confidentiality of data).
The data controller provides technical, organizational and department measures to protect the security of data management, which provides a risk-appropriate optimal protection.
7. TRANSFER OF DATA
The data controller transmits to their Partner, due for the assignments and for and for their fulfilment necessary personal data within the framework of its legal possibility. The data controller shall not use the above-mentioned data of the visitors for other purposes, the data controller, data may transfer the data to the technical contributors for data processing who operate the website.
This does not apply to any statutory, mandatory data transfers that may only occur in exceptional cases. The Data Controller will check the existence of a legal basis for before the transfer of data by the request of any authority.
8. COMPETENT OPPORTUNITIES
You may request at any time information about the handling of personal data, the current processing of data, rights and guarantees, especially about the person who expounding data control, and the data processing, the legal basis of the data handling, the purpose, duration, data storage location, and data security dispatch.
At the request of the person concerned, the data controller shall provide information about his data management activities and about the transfer of data.
The data controller shall provide the information in writing in a reasonably short time, but not later than 30 days after the submission of the request. For the purposes of this regulation, a simple, electronic signature-free e-mail is also considered to be written form.
The information is free of charge if the applicant has not yet filed an information request for the same activity or data subject in the same year by the data controller.
In other cases, the data controller shall be reimbursed, and the information provided after payment of the compensation is granted.
The person concerned has the right to rectify any inaccurate personal data, without any delay. Considering the purpose of data management, the person concerned has the right to request completion of incomplete personal data, – accompanied by an additional declaration.
The Data Controller deletes personal data if it is stored unlawful, the concerned person is requesting the disclaimer or the deadline for storing the data has expired, or it is ordered by the court or the data protection authority.
The data controller informs the person concerned of the correction and deletion, as well as informs those who previously had the data transferred for data management. Notification may be omitted if it does not prejudice the legitimate interest of the data concerned for data handling.
It may also request the correction or deletion of personal information as directed by the registration or through the customer service. The only obstruction by deletion is the statutory limitation.
8.4. Data Portability
If data privacy is processed in an automated manner or based on the consent of the party concerned or a contract defines, the concerned person has the right to receive personal data relative to him or her, in a fragmented, widely used, machine-readable format, furthermore has the right to transfer these data to another data controller without obstructing by the primary data controller. Direct transmission to another data controller can only be requested for technical feasibility.
The person concerned may oppose the handling of his personal data if:
- the handling of personal data (transmission) is necessary only to enforce the right or legitimate interest of the controller or the data importer, except where the processing has been ordered by law;
- the usage of personal data or transmission of personal data is done for direct marketing, public opinion research or scientific research;
- The exercise of the right of protest is otherwise permitted by law.
- The data controller. – at the same time as the processing is suspended -, it shall examine the objection as soon as possible after the submission of the application, but not later than 15 days, and shall inform the applicant in writing about the result.
If the protest is warranted, the data controller will discontinue data processing, including further data collection and data transfer, and will lock the data, and will notify everybody of the protest or action taken based on this, who have been previously transferred the personal data affected by the protest and who are obliged to act to enforce the right to protest.
If the concerned person does not agree with the decision taken by the data controller, it may apply to the court within 30 days of its notification.
The data controller cannot delete the relevant data if the data processing is ordered by the law. However, the data may not be transmitted to the data recipient if the controller has agreed to the objection or the Court has determined the justification of the protest
8.6. Authority, judicial remedy
A complaint can be made against the data controller’s activities and proceed can be initiated:
Name: Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)
Seat: H-1125 Budapest, Szilágyi Erzsébet fasor 22/c
Address: H-1534 Budapest, PO-BOX: 834
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
In case of violation of the person concerned may also go to the court. The judicial rules of the courts will indicate which of the Regional Courts going to be initiated by any specific case.
Érd, Hungary 2018. 05. 25.
Tamás Horváth and László Tibor Ürge
Members of the board
CASON Engineering Plc.
Please note that the General Data Protection Regulation of 2016/679 of the European Parliament and the Council imposed a legislative obligation on the Hungarian state, where in our opinion the Hungarian state did not comply with the deadline, when creating this handout, there is a lack of the legal context by which it should have created consistency.
Accordingly, parts of the information are based on assumptions. The authority which will enforce this regulation must be selected by so called “cardinal law”, and according to the Basic Statutory Law VI. Article 3 (3) can reasonably be assumed that this authority will be the National Data Protection and Information Authority (NAIH).
In case of the above mentioned, the handout is expected to be change, after the law has been drafted.