Our company, as a data controller, determines the purposes and means of personal data management independently or together with others, and also manages personal data.
The meaning of data management: any operation performed on personal data or data files in an automated or non-automated manner or all of them, i.e. the collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or other by way of making it available, coordination or connection, restriction, deletion or destruction.
Any information relating to an identified or identifiable natural person (“data subject”) shall be considered personal data. A natural person can be identified who, indirectly or directly, in particular on the basis of an identifier such as a name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person can be identified.
As a data controller, our company fully respects the privacy of all persons who provide us with personal data, and is committed to protecting this data.
Our company establishes a separate data management policy on the management of employees’ data, and it provides for it.
The data controller:
Company name: Enterworks Human Resources Kft.
Headquarters, billing and postal address: 9027 Győr, Budai út 2. 3. em.
Contact: Váci út 30. VI. Floor, 1132 Budapest
Tax number: 25005679-2-08
Company registration number: 08-09-034667
Budai út 2, 3rd floor, 9027 Győr
Rákóczi utca 6. flat 1, 6000 Kecskemét
Data controller: Pavol Varga (an.: Tünde Varga)
Names of other members (depending on the company form): Róbert Mészáros (an.: Erzsébet Földes)
In order to fulfill its accounting and tax obligations, the data manager forwards the invoices to the data management company/private entrepreneur performing the accounting.
The electronic data of the data controller may only be accessed by the IT specialist when he/she acts in order to fulfill his/her tasks (data security, restoration, etc.).
Data Protection Officer:
Our company is obliged to appoint a data protection officer based on Article 37 of the GDPR.
The data protection officer: Csilla Jakab.
Data management purposes:
Our company performs data management for the following purposes in accordance with all legal regulations:
Legal basis for data management:
Article 6, paragraph (1) point a) of the GDPR: consent of the data subject
Article 6 (1) point b) of the GDPR: conditions necessary for the performance of a contract
Article 6 (1) point c) GDPR: necessary to fulfill a legal obligation Article 6 (1) point f) GDPR: legitimate interest, consideration of interests is always required
The legal bases of individual data management activities:
The data subject has the right to object, so personal data will not be processed on the basis of this, provided that the data processing is justified by a compelling reason (e.g. fulfillment of a legal obligation).
Duration of data management:
Due to legal obligations, our company can keep the invoices for at least 8 years. The retention period of the documents on which the invoice is based is 8 years.
The possible retention period of the data provided for the purpose of maintaining contact is 1 year after the termination of the relationship.
Retention of data related to the performance of the contract: 5 years.
III. Rights concerned:
In relation to his personal data, the data subject has rights strictly defined by law. Affected rights are the following:
It means the violation of data security that generates or results in the accidental or illegal destruction, loss, alteration, unauthorized disclosure of personal data handled, and unauthorized access to them. Our company ensures data security corresponding to the level of risk associated with data management from a physical, IT and administrative point of view. The procedures are determined by our company’s data security policy.
In the event of a breach of data security, the data controller or its representative shall notify the supervisory authority without delay and/or no later than 72 hours after becoming aware of it and inform the affected party.
After becoming aware of the data protection incident, our company will immediately take the necessary security measures to eliminate and restore the damage that is the basis of the data protection incident and for its purpose.
The person concerned will be notified of the measures already taken and their results.
A cookie is specific data that the currently used website sends to the visitor’s browser so that it stores it, and the same website will be able to load its content in the future.
CVIII of 2001, containing many issues of electronic commerce and information society services. Act (Elkertv.) 13/A. § (3), the service provider may process the personal data that are technically absolutely necessary for the provision of the service for the purpose of providing the service. If the other conditions are the same, the service provider must choose and in any case operate the tools used in the provision of services related to the information society in such a way that the necessary personal information is only processed if this is necessary for the provision of the service and the other purposes specified in this law is essential for its fulfillment, but even then only to the extent and for a sufficient period of time.
Types of cookies:
Information about the cookies used on the Company’s website and the data generated during the visit
The scope of data managed during the visit: When using the website, our company’s website can record/manage the following data about the visitor and the device used for browsing:
Our Company may retain this data for a maximum of 30 days, primarily for the purpose of investigating security incidents.
Cookies used on the website
Their legal basis for data management is the CVIII of 2001 on certain issues of electronic commercial services and information society services. Act (Elkertv.) 13/A. § (3), based on which: for the purpose of providing the service, the service provider may process the personal data that are technically absolutely necessary for the provision of the service. If the other conditions are the same, the service provider must choose and in all cases operate the tools used in the provision of services related to the information society in such a way that personal data is only processed if this is absolutely necessary for the provision of the service and the fulfillment of other objectives defined in this law necessary, but also in this case only to the extent and for the necessary time.
The data management goals: Increasing the efficiency of the service, increasing the user experience, making the use of the website more convenient.
Purpose of data management: analysis of the website and sending of advertising offers
In Hungary, the data protection supervisory authority is: The National Data Protection and Freedom of Information Authority (hereinafter: NAIH, address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C, e-mail address: firstname.lastname@example.org). The person concerned can submit a complaint to the NAIH if, based on his conviction, the processing of his personal data differs and does not correspond to the legal obligations. A judicial review can be initiated against the NAIH’s decision.