1. The purpose of the privacy policy, the duration of data control
1.1.
The Melon HR Technology Kft. (hereinafter as Data controller) shall attend to act in the course of the control of the personal data of the natural person (hereinafter as: Data subject) in accordance with the Regulation Nr. 2016/679 of the European Parliament and the Council (hereinafter as: Regulation), the Act CXII of 2011. on the right to informational self determination and freedom of information (Infotv.), as well as other provisions of laws in effects regarding the control of personal data, in line with data protection practice formulated as a result of the activity of the National Data Protection Authority (NAIH) and the commissioner for data protection, taking the significant international recommendation into consideration as well.
1.2. The effect of the present privacy policy shall extend to any data control carried out by Data controller, to which Data controller does not order the use of other, special privacy policies.
1.3. Data controller:
● acknowledges the content of the present legal notice as obligatory for itself
● undertakes to make sure that all the data controls related to its activity are in accordance with the provisions of the present document, the national legislation in effect, as well as in the legal acts of the European Union
● undertakes to control the personal data acquired from its clients confidentially, and implement all the security, technical and organizational measures, which may guarantee the safety of the personal data
● preserves its right to the modification of the present privacy policy any time, about which it shall inform its clients in a proper time
1.4. Data controller is entitled to use all personal data acquired through telephone or e-mail, or in any other way for the purpose of administration of maintaining contact with the clients, to provide price offers, to establish contracts, issue invoices in accordance with the below mentioned:
● if a contract is not established between Data controller and its client, Data controller is entitled to store the provide personal data only for 1 year and will permanently erase it after the expiration of that time period
● if the price offer is established between Data controller and its client, however, the client did not reply, then Data controller shall store the provided personal data only for 1 year after the price offer, after the expiration of which it shall erase it permanently
● if the price offer is established between Data controller and its client and the reply to the price offer indicates the rejection of the offer then Data controller is entitled to store the date for not longer than a year after the rejection, after the expiration of which it shall erase it permanently
● if a contract is established between Data controller and its client, then Data controller is entitled to store the personal data provided in accordance with the contract, but no longer than – based on Art. 169. sec. (2) of the Act on accountancy – for 8 years from the issuing of the invoice, after the expiration of which it shall erase it permanently, if the client revokes its consent to the issuing of the invoice. Data controller is entitled to store the personal data acquired during the issuing of the invoice for 8 years based on Art. 6. Sec. 5 of the Infotv
1.5. If client contacts Data controller in the course of the data control again, the duration of the data control shall commence from that time in accordance with the above mentioned except in the case, if this time period is shorter than time period of the data control already in effect.
2. Data of Data controller
Company name: Melon HR Technology Kft.
Seat: 1023 Budapest, Frankel Leó út 45.
Registration number (HRB): 01-09-376084
Tax number: 28835585-2-41
Central phone number:
+36306302542
Central e-mail address:
[email protected]
3. The personal date controlled by Data controller
The personal data provided by Data subject:
● name of the contact person
● phone number of the contact person
● e-mail address of the contact person
● other data provided by Data subject
4. The purpose, methods and legal grounds of data control
4.1. The data control on behalf of Data controller is generally based on voluntary content as well as for the purpose of the preparation and performance of the contract to be established between Data controller and Data subject. In case of a data control based on voluntary consent, data subjects are entitled to revoke their consent any time in the course of the data control. In some cases the control, storage and forwarding of the provided personal data is prescribed by the law, of which the clients will be informed separately. We inform the persons providing the data that if the data provided by them is not considered to be their own personal data, it is the obligations of that person to obtain permission from the Data subject.
4.2. The control of the personal data may take place in order to fulfill and obligation prescribed by the law of the European Union and the Hungarian law.
4.3. In some given cases, Data controller is entitled to control the personal data of Data subject for the purpose of the enforcement of the rightful interest of Data controller or a third party. In that case Data controller shall make a so-called test of interests, which records and examines whether the rightful interest of Data controller proportionally restricts the right of Data subject to the protection of personal data, its privacy or rather how to maintain a balance between the interests of Data controller and Data subject.
4.4. If the data is collected by Data controller from Data subject and Data subject does not provide the personal data controlled based on the legal grounds listed hereinabove, then the lack of providing of the data may result in the unfeasibility of the establishment of implementation of the contract, or the unfeasibility of the given data control measure of Data controller. If Data subject only provides some of the required data then it shall be examined based on the data not provided thoroughly whether the lack of the providing of the data may result in the unfeasibility of the establishment of the implementation of the contract. The legal consequences of the unfeasibility may only be made use of by Data controller, if it is able to certify that the contract may not be performed by it without the data to be provided.
4.5. The persons entitled to gain access to the data:
● managing director of Data controller
● the employees of Data controller
4.6. The personal data provided shall only be stored and controlled by Data controller, no third party has any access to them, the personal data will not be handed over to any other person than Data controller, except for the case, if that shall take place based on rightful reasons that may be enforced, which have priority over the rightful interests , rights and liberties of data subject, or which are related to the presentation, enforcement and protection of legal claims.
4.7. The principles of data control are in accordance with the laws of data protection in effect, with special regards to the following:
● Act CXII. of 2011. (Infotv.) - on the right to informational self determination and freedom of information
● Regulation Nr. 2016/679 of the European Parliament and the Council (EU) (April 27, 2016.) – on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR)
● Act V. of 2013. – Civil Code
● Act. C of 2000. – on accountancy (Accountancy Act.)
5. The rights of Data subject and their enforcement
5.1. The Data subject may request information about the control of its personal data, and the correction of the personal data, or rather – except for the data control prescribed by the law – the erasure and revocation of its personal data, and make use of its rights of data portability and objection in a way it is indicated by the time of the providing of the data, or at the contacts of Data controller.
5.2. Right to information
The data control may only take place, if the Data subject gives a univocal confirmation, i.e. written – including the electronic – or oral declaration made voluntarily, exact, based on information to the personal data of the natural person. The consent shall extend to all data control activity carried out for the identical purpose of purposes. If the data control serves more purposes simultaneously, then the consent shall be provided with regards to all data control purposes. In order to consider the consent being based on information, the Data subject shall be at least aware of the person of the Data controller and the purpose of the Data control.
The natural person shall be informed about the risks, rules, guarantees and rights in connection with the control of personal data, as well as about the fact how it is allowed to make use of the rights it is entitled to in connection with the control of the personal data. The Data controller shall not preserve the personal data exclusively for the purpose to answer the potential requests.
5.3. Right to access, rectification and erasure
The collection, use and the methods of data control and how access is gained to the data as well as in connection that how the data is controlled or will be controlled shall be transparent to Data subject. All reasonable measure shall be taken to rectify or erase the unpunctual personal data. The personal data shall be controlled in a way, which may provide its safety on a sufficient level as well as its confidential control, in order to, among others to prevent the unauthorized access to the personal data and the equipment used for the control of personal data, and their unauthorized use.
Data subject is entitled to gain access to the personal data related to it, as well as to make use of this right in a simplified way, within reasonable time periods, for the purpose of declaring and controlling the legality of the data control. The Data subject is entitled especially to request the erasure of the personal data and to prevent the further data control, if the collection of the personal data or the control of the data in any other way is not required in connection with the original purpose of the data control, or data subjects revoked their consent to the data control, or the data control is not in accordance with the Regulation in any other aspect.
If the request of access and/or rectification is submitted to Data controller in writing – including the electronic submission - , Data controller shall provide the information in a clear form in the proper extent within one month of the submission of request the latest.
5.4. The right to data portability
Data subject is entitled to receive the data provided to Data controller by itself in a format being well-proportioned, widely use, readable by computer and to provide them to another Data controller.
5.5. The right to objection and revocation
Data subject is entitled to object due to any reasons being in connection with its own situation any data control taking place for public purpose or the data control used for the carry out of activities in the framework of public competence transferred to Data controller. , or against the data control carried out for the purpose enforcing the interests of Data controller or a third party, including the profiling based on the provisions referred to hereinabove. Data subject is entitled to revoke the consent given any time. In case of objection or revocation, Data controller is not entitled to control the personal data further, except for the case, if the data control is justified by rightful reasons to be enforced, which have priority over the interests, rights and liberties of Data subject, or which are related to to the submission, enforcement and protection of legal claims.
5.6. Enforcement of legal claims
The enforcements of data subject’s claims shall be enforced based on the Act CXII of 2011. on the right to informational self determination and freedom of information (Infotv.), and the Act. V. of 2013. (Civil Code) before the courts, as well is entitled to request assistance from the National Data Protection and Information Freedom Authority in any matters related to the control of its personal data.
In case of a breach of law, data subject is entitled to remedies before courts. In order to enforce its rights of remedies before courts, Data subject is entitled to act against Data controller in connection with data control measures, if Data controller, or a data controller acting based on Data controller’s assignment or its ruling controls the personal data in breach of the law, or the legal provision of the European Union with regards to the data control.
5.7. Procedure of the data protection authority
Name: Hungarian National Authority for Data Protection and Freedom of Information
Seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Correspondence address: 1530 Budapest, Pf.: 5.
Telephone:
+36 (1) 391 1400
Fax:
+36 (1) 391 1410
E-mail:
[email protected]
Website:
www.naih.hu
6. Other provisions
Data control will provide information about the data control not listed or explained in the present privacy policy to Data subject at the time of the providing of the data. Hereby we inform our clients, the courts, the public prosecutors, the investigating authorities, the authority responsible for offences, the administrative authority, the National Data Protection and Information Freedom Authority, as well as other authorities based on the authorization of the law for the purpose of providing information, data, their transfer, and the providing of documents may request Data controller who shall cooperate with the authorities mentioned hereinabove in the providing of the data. Data controller may provide only the amount of personal data and to an extent, which is essentially required for the fulfillment of the purpose of the request.
01th December, 2021.