I. GENERAL PROVISIONS
- Purpose of policy
The DAAL-CON Limited Liability Company (hereinafter referred to as the “Company” or the “Data Controller”) shall in all cases ensure the lawfulness and expediency of the data processing with regard to the personal data processed by it. The purpose of this communication (hereinafter: the “Policy”) is to provide the visitors of the https://daalgroup.hu website (hereinafter the “Website”) with adequate information on the conditions and guarantees for which their personal data is processed by the Company.
Our Company conforms to the contents of the Policy and acknowledges the contents of it as binding on it.
Personal data is any information on the basis of which a natural person (the visitor to the Website for the purposes of this Policy) can be identified directly or indirectly, such as name, number, location data, online identifier or physical, physiological, genetic, mental, economic, cultural or by one or more factors relating to his social identity.
Data management means any operation on personal data or data files (such as collecting, recording, organizing, segmenting, storing, transforming or altering, querying, viewing, using, transmitting, disseminating or otherwise making available, coordinating or linking, restriction, deletion or destruction).
Data controller: personal data of the visitors of the Website is controlled by
DAAL-CON Limited Liability Company
seat: 2142 Nagytarcsa, Felső Ipari körút 9;
represented by Anita Kovács managing director, Sándor Dániel Kálmán managing director;
namely, the legal entity determines the purposes and means of the processing of personal data, this company is the controller of the personal data.
Data Processor handles the personal data of the Website visitors on behalf of the Data Controller and in accordance with its instructions. This Policy lists the reasons and manner in which other persons process personal data on behalf of the Data Controller.
- Data protection legislation
Our data processing complies with the relevant legislation, in particular the following:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46 (General Data Protection Regulation, hereinafter “GDPR”);
- Act CXII of 2011 on the right to information self-determination and freedom of information (hereinafter: “Information Act”);
- Act V of 2013 on the Civil Code (hereinafter “Civil Code”).
- INDIVIDUAL DATA MANAGEMENTS
We provide the following information regarding each of our data processing.
- Cookies used on the Website (hereinafter referred to as the “Cookie”)
Cookies store unique computer and device IDs and profile information. Cookies are not suitable for identifying the identity of visitors to the Website, however, they are suitable for identifying and recognizing the computer or device used by the visitor to visit the Website. When visiting the Website, they may be placed on the computer or device used by the visitors of the Website to visit the Website.
The Website uses the following cookies:
|Required||__cfduid||This cookie is set by CloudFare. This Cookie is used to identify the visitor behind a shared IP address and apply security settings on a per-visitor basis||one month|
|Analytical||_ga||This cookie is usually set on your first visit to your browser. If the browser is deleted by the browser operator and later visits the Website, a new _ga Cookie with a different unique ID will be created. In most cases, this Cookie is used to identify unique visitors to the Website and is updated with each pageview. This Cookie also has a unique identifier that Google Analytics uses as an additional security measure to ensure the validity and availability of the cookie.||two years|
|Analytical||_gid||This cookie is used to isolate visitors. It stores a unique visitor session ID.||one day|
|Performance||_gat_UA-63084171-2||This is a sample cookie type set by Google Analytics, in which the pattern element of the name contains the unique ID number of the account or site associated with it. A version of the _gat cookie that is used to limit the amount of data that Google stores on high-traffic websites.||one minute|
The legal basis for data processing is the consent of the visitor to the Website (according to Article 6 (1) (a) GDPR). Cookies will only be used if the Website visitor expressly authorizes their use in the interface provided for this purpose. You can change your settings at any time to withdraw your consent.
The duration of the data processing until the withdrawal of the consent or, failing that, until the period indicated above.
Visitors to the Website may also prohibit the placement of Cookies on the computer or device used by the visitor by setting their browser appropriately.
- Request a quotation on the Website
Visitors to the Website may request an offer under the “Contact” menu item and forward their questions to the Company.
The purpose of data management is to provide the opportunity to contact the Website.
The scope of personal data processed: surname and first name, e-mail address, telephone number, company name.
The legal basis for data processing is data processing necessary in order to take pre-contractual steps (according to Article 6 (1) (b) GDPR).
The duration of data processing is up to 30 days from the submission of the offer, ie within the deadline for acceptance of the offer.
- Newsletter subscription
Visitors to the Website have the opportunity to receive a newsletter if they are interested in the latest news, new publications and useful advice of the Company.
The purpose of data management: by subscribing to the newsletter, the Website visitor consents to the Company sending an electronic message to the visitor’s e-mail address, providing information on current information, events, promotions, new services, etc.
The scope of personal data managed: to subscribe to receive a newsletter, the visitor must provide their first and last name and e-mail address.
The data processing is based on the explicit consent of the visitors (according to Article 6 (1) (a) of the GDPR), which is created by the “I subscribe!” and can be entered by pressing the button.
Duration of data management: it lasts until the withdrawal of the consent statement, ie until unsubscription.
- Management of personal data of job applicants
The Company implements the management of personal data during the selection of potential employees. Applications for employment can be made by advertisement, application, e-mail and post. Candidates can receive information about the fact, legal basis and their rights concerning data management on the Company’s Website.
The purpose of data management is to fill a specific vacancy and to establish an employment relationship later.
The scope of the personal data processed is as follows: name, address, telephone number, e-mail address, other personal data provided by the applicant (such as date of birth, mother’s name, address, qualification data, photo, references, notes from recruitment interviews, previous employment) CVs, other documents proving compliance.
According to Article 6 (1) (b) of the GDPR, the legal basis for data management during the selection process is based on preparing for the conclusion of the employment contract and on the legal basis to defend against any civil claim against the Company after the selection process) in accordance with Article 6 (1) f) of the GDPR).
Duration of data management: the Company will store the applicant’s personal data for five years after the completion of the selection process to fill the vacancy, in case the application was not successful, the applicant withdrew his application or rejected the Company’s job offer. Upon the expiration of the general limitation period of the civil claim, the Company will delete the personal data of the applicant. In the event that the applicant’s application was successful and the Company’s job offer was accepted, the Company, as an employer, is entitled to further process the applicant’s personal data in order to fulfill the legal obligations related to the establishment and existence of the employment relationship.
- Personal data managed by the electronic surveillance system (camera system and bell) used at the Company’s registered office
The Company operates a camera system at its registered office (2142 Nagytarcsa, Felső Ipari körút 9.) for the protection of property and business secrets. A bell placed at the entrance to the registered office takes a picture of the person (s) in front of the entrance, primarily for security purposes.
Pictograms draw the attention of visitors to the cameras operating at the registered office, and a camera map showing all the cameras operated by the Company as well as showing the purpose and angle of use of each camera is available at the Company’s Secretariat.
The camera recordings are stored at the registered office of the Company and are accessible only to the executives of the Company.
The purpose of data management is to protect property and trade secrets.
The legal basis for data processing is the Company’s legitimate interest in the protection of property and trade secrets in accordance with Article 6 (1) f).
The scope of the personal data processed is the image of the persons residing at the registered office of the Company.
Duration of data management: The Company stores the recordings recorded with the cameras for 3 days in the absence of use.
- Data management related to social media
- Data management related to participation in events organized by the Company
From time to time, the Company organizes events and holds lectures, the personal data of which can be handled by the Company as follows:
The purpose of data management is to organize events and to communicate and promote them in connection with events and performances.
The legal basis for data processing is the consent of the participants (according to Article 6 (1) a) GDPR).
The scope of personal data processed is name, address, e-mail address, image.
The duration of the data processing lasts until the withdrawal of the consent. Participants therefore have the right to prohibit the use of recordings already made or to request the deletion of recordings.
III. TRANSMISSION OF PERSONAL DATA
The Company communicates the personal data of the visitors of the Website to the following service providers as data processors for the purposes indicated below:
- with the service providers operating the Website and providing hosting:
Company responsible for the development of the Website and online marketing activities: Evolut Marketing Group Kft. (Registered office: 1024 Budapest, Keleti Károly utca 26. 2. em. 2; Cg. 01-09-355252; contact: email@example.com)
The hosting provider: Viacom Informatikai Kereskedelmi és Szolgáltató Kft. (2360 Gyál, Deák Ferenc utca 17., Cg. 13-09-109794, 36(1)348-5000, https://viacomkft.hu)
- For newsletters, promotional emails: MailChimp (The Rocket Science Group LLC): 675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308 USA, firstname.lastname@example.org
- For Web Analytics Measurements: Google Analytics, as an external service provider, assists in the independent measurement of Website traffic and other web analytics data. Detailed information on how to manage your measurement data can be found at http://www.google.com/analytics. Google Analytics data is used by the Data Controller for statistical purposes only, in order to optimize the operation of the site.
- Other data transfer: at the request of an official petition or other bodies authorized by law, the Data Controller is obliged to provide information, communicate, transfer or make available documents, in particular the Data Controller may make the personal data of the data subject available to the court, police at their official inquiry, in case of copyright, property or other infringements or their reasonable suspicion, or in case of violation of the interests of the Data Controller endangering the provision of its Services. In such cases, the Data Controller shall provide the petitioner with personal data only to the extent strictly necessary for the realization of the purpose of the writ, provided that it has indicated the exact purpose and scope of the data.
- METHODS TO STORE PERSONAL DATA, SECURITY OF DATA PROCESSING
In order to ensure the security of personal data, the Company takes the necessary technical and organizational measures appropriate to this time, the purpose of data management and the fundamental rights of visitors to the Website, and ensures that the data security rules prescribed by relevant legislation are complied with.
When defining and applying measures for the security of personal data, the Company takes into account the current state of the art, the costs of implementing the measures, the nature, scope and purposes of data management, and the enforcement of the rights of visitors to the Website.
In addition, the Company will ensure adequate security of personal data, in particular by applying measures to protect against unauthorized or unlawful handling, accidental loss, destruction or damage to data.
The Company shall take appropriate measures:
- to ensure protection against unauthorized access to data processing equipment;
- to prevent the unauthorized reading, copying, modification or removal of data media;
- to ensure the possibility of recovering data files;
- to protect data files against viruses;
- to ensure the physical protection and security of data files and media;
- to prevent the unauthorized input of personal data into the data management system and the unauthorized inspection, modification or deletion of personal data stored therein;
- to prevent the use of data-processing systems by unauthorized persons using data communication equipment;
- to assure that persons authorized to use the data management system have access only to the personal data specified in the access authorization;
- to verify and establish to which recipient’s personal data have been or may be transmitted or made available by means of data communication equipment;
- to assure the possibility to verify and establish subsequently which personal data were entered into the data management system, at what time;
- to prevent the unauthorized disclosure, copying, modification or deletion of personal data during transfers of personal data or during transportation of data media;
- to ensure that data management system can be restored in the event of a breakdown;
- to ensure that the data management system is functional, errors in its operation are reported, and that the stored personal data cannot be changed even if the system malfunctions; and
- for the fire protection of paper records.
- RIGHTS AND REMEDIES
The Website visitor may request information on the handling of his/her personal data, request the correction of his/her personal data, or – with the exception of mandatory data processing – delete, revoke, exercise the right to carry data and protest at the above contact details of the Company.
At the request of a visitor to the Website, we will provide the information in electronic form without delay, but no later than within one month, in accordance with our relevant policies. Requests from Website visitors to fulfill their rights below will be granted free of charge.
Within five years after the death of the Website visitor, the right of access, rectification, restriction and cancellation shall be exercised by the person authorized by the statement of the Website visitor in a public document or a private document providing full evidence or in default of that, the Civil Code may be enforced by a close relative.
Regarding the rights of visitors to the Website, we highlight the following:
- Right to information
The Company shall take appropriate measures to provide visitors to the Website with all information regarding the processing of personal data referred to in Articles 13 and 14 of the GDPR and Articles 15 to 22 and 34, the right to lodge a complaint to the supervisory authority in a concise, transparent, comprehensible and easily accessible form, in a clear and comprehensible manner;
The right to be informed in writing, in I / 2. can be exercised via the contact details provided in point 1, in particular at the e-mail address email@example.com.
- Right of access
Visitors to the Website are entitled to receive feedback from the Company as to whether their personal data is being processed. If personal data is being processed, the Website visitor is entitled to access the personal data and the following information listed.
- the purposes of data management;
- the categories of personal data concerned;
- the recipients or categories of recipients to whom or with whom the personal data have been or will be disclosed, including in particular recipients from third countries (outside the European Union) or international organizations;
- the planned duration of the storage of personal data;
- the right to rectify, erase or restrict data processing and to protest;
- information on data sources; the fact of automated decision-making, including profiling, and understandable information about the logic used and the significance of such data management and the expected consequences for the Website visitor.
In addition to the above, in the event of the transfer of personal data to a third country or international organization, the Website visitor is entitled to be informed of the appropriate guarantees for the transfer.
The Company shall make a copy of the personal data subject to data management available to the Website visitor.
- Right of rectification
Under this right, anyone may request the correction of accurate personal data held by the Company and the completion of incomplete data.
- Right of cancellation
The Website Visitor is entitled to delete personal data about him / her without undue delay upon any of the following reasons:
- personal data are no longer required for the purpose for which they were collected or otherwise processed;
- b) the Website visitor withdraws the consent on which the data processing is based and there is no other legal basis for the data processing;
- the Website visitor objects to the data processing and there is no priority legitimate reason for the data processing;
- (d) unlawful processing of personal data has been established;
- (e) personal data must be deleted in order to fulfill a legal obligation to which the controller is subject under Union or Member State law;
- (f) personal data have been collected in connection with the provision of information society services.
Deletion of data may not be initiated if the data processing is necessary for the following purposes:
- for the purpose of exercising the right to freedom of expression and information;
- for the purpose of fulfilling an obligation under Union or Member State law applicable to the controller to process personal data or performing a task carried out in the public interest or in the exercise of official authority vested in the controller;
- in the field of public health or for archival, scientific and historical research or statistical purposes, in the public interest;
- or to bring, assert or defend legal claims.
- Right to restrict data processing
At the request of the Website visitor, we restrict the processing of data under the conditions of Article 18 of the GDPR, ie if:
- the Website visitor disputes the accuracy of the personal data, in which case the restriction applies to the period of time that allows the accuracy of the personal data to be verified;
- the data processing is illegal and the Website visitor objects to the deletion of the data and instead requests a restriction on their use
- the Data Controller no longer needs the personal data for the purpose of data processing, but the Website visitor requests them in order to submit, enforce or protect legal claims; obsession
- the Website visitor has objected to the data processing; in this case, the restriction applies for the period until it is determined whether the legitimate reasons of the Data Controller take precedence over the legitimate reasons of the Website visitor.
If the data processing is restricted, personal data may be processed, except for storage, only with the consent of the Website visitor, or for the submission, enforcement or protection of legal claims, or for the protection of the rights of other natural or legal persons, or in the important public interest of the European Union or a Member State. . The Company informs the Website visitor in advance about the dissolution of the data management restriction.
- Right to data storage
The Website visitor is entitled to receive the personal data concerning him/her provided to the Data Controller in a structured, widely used, machine-readable format and to transmit this data to another Data Controller, if the data processing is based on the Website visitor’s consent or in order to fulfill the contract concluded with the Website visitor and the data management is carried out in an automated manner. The Company can fulfill such a request of the Website visitor in word or excel format.
- Right to protest
Pursuant to the right to protest, the Website visitor has the right to object to the processing of his / her personal data at any time for reasons related to his / her situation, if the data processing is necessary to enforce the legitimate interests of the Company or a third party. The Company shall not terminate the data processing on the basis of the protest if the data processing is justified by compelling legitimate reasons which take precedence over the interests, rights and freedoms of the Website visitor or which are related to the submission, enforcement or protection of legal claims. Furthermore, if personal data is processed for the purpose of direct business acquisition, the Website visitor has the right to object at any time to the processing of personal data relating to him for this purpose. In the event of an objection to the processing of personal data for the purpose of direct business acquisition, the data may not be processed for this purpose.
- Exception to the scope of automated decision-making in individual cases, including profiling
The Website Visitor has the right not to be covered by a decision based solely on automated data management, including profiling, which would have legal effect on him or her or would be significantly affected by him or her. The above authority does not apply if the data management
- is necessary for the conclusion or performance of the contract between the Website visitor and the Data Controller;
- (b) is governed by Union or Member State law applicable to the Controller, which also lays down appropriate measures to protect the rights and freedoms and legitimate interests of the visitor to the Website; obsession
- is based on the express consent of the Website visitor.
- Right to withdraw consent
The Website visitor has the right to withdraw his consent to data management at any time. Withdrawal of consent shall not affect the lawfulness of the data processing prior to withdrawal.
- Procedure for fulfilling the website visitor’s request
The Company shall, without undue delay, but in any case within one month from the receipt of the request, inform the Website visitor in accordance with Articles 15-22 of the GDPR on the action taken in response to a request under Article. If necessary, taking into account the complexity of the application and the number of applications, this time limit may be extended by a further two months. The Data Controller shall inform the Website visitor of the extension of the deadline, indicating the reasons for the delay, within one month from the receipt of the request.
If the Website Visitor has submitted the request electronically, the information will be provided electronically, unless the Website Visitor requests otherwise.
If the Company does not take action at the request of the Website visitor, without delay, but no later than within one month from the receipt of the request, inform the Website visitor of the reasons for non-action and that the Website visitor may file a complaint with NAIH and judicial redress.
The Company shall inform all recipients to whom it has communicated personal data of any rectification, erasure or restriction on the processing of personal data, unless this proves impossible or requires a disproportionate effort. Upon request, the Company will inform the Website visitor about these recipients.
- Right of access to justice and official data protection procedure:
If the Website visitor considers that the Data Controller has violated his / her right to the protection of personal data in the course of his / her data processing, he / she may appeal to the competent bodies in accordance with the applicable legislation as follows:
You can lodge a complaint with the National Authority for Data Protection and Freedom of Information,
address: 1055 Budapest, Falk Miksa utca 9-11.
postal address: 1374 Budapest, Pf. 603.
e-mail address: firstname.lastname@example.org;
phone: + 36-1-391-1400
Visitors to the Website may apply to the competent court or tribunal, at their option, before the court having jurisdiction over their place of residence or stay. The court is acting out of turn in the case.
The Data Controller undertakes to co-operate in any way with the court or the NAIH in these proceedings, and to provide the data on the data processing to the NAIH or the trial court.
No data protection officer has been appointed at the Company.
- FINAL PROVISIONS
The Company undertakes that all data management related to its activities complies with the requirements set out in this Policy, the Company’s internal regulations and the applicable legislation.
The Company reserves the right to unilaterally amend the content of the Policy, in particular in the event of a change in data management legislation or guidelines set out in recommendations issued by the NAIH to facilitate lawful data management practices, or in the event of data protection concerns. practical experience justifies it. In the event of changes to the Policy, the Company shall ensure that it notifies the visitors of the Website and other interested parties in advance of the changes.
Nagytarcsa, October 25, 2020