Intren Kft. (hereinafter: Data Controller), as the operator of the website (hereinafter: Website) available under www.intren.hu domain name, hereby publishes the information on data processing regarding the Website and the services related to the Website.
- Data Controller’s data
The data controller is Intren Informatikai Tanácsadó és Szolgáltató Korlátolt Felelősségű Társaság
Registered office: 1125 Bp., György Aladár u. 35-39. E411.
Tax number: 14235384-2-43
Company registration number: 01-09-894910
E-mail address: firstname.lastname@example.org
- Information about the data processing
- Using of the Website
In order to view the textual content of the Website, no prior registration or provision of personal data is required, Users can read freely by clicking on the title of the article, without any kind of compensation.
The Data Controller reserves the right to grant the User access to certain content only after prior registration in the future, the Data Controller will inform the Users of the detailed data protection principles before registration.
The Data Controller reserves the right to limit some or all of the content available for free for certain Users, if the User’s activity or activities cause malfunctions or vandalism in the operation of the Website.
- Applying for job
The Users may provide their data on the applying form in order to be able to apply for the job offers of the Data Controller. The following personal data may be provided (all data marked with an * must be provided)
- full name*;
- e-mail address*;
- phone number*;
- personal link;
Purpose of data processing:
- maintaining contact with the User regarding the indicated job offer
- conducting the selection procedure related to the job offer
- facilitating the establishment and performance of an employment relationship
Duration of data processing: data are processed until the end of the selection procedure or until the User requests the erasure of the data or withdraws the consent to the processing of their personal data.
If during the selection process the User explicitly consents to this, the Data Controller will keep the User’s CV even after the end of the selection process related to the specific job offer – until the User withdraws the consent or request the erasure of the personal data – in order to provide the User with information about job offers meeting with his or her interests, qualifications, abilities and needs.
On the contact form of the Website, Users can enter their data in order to receive information and make comments on the services, trainings and activities of the Data Controller (hereinafter: Contact). During Contact the following personal data may be provided (all data marked with an * are compulsory data):
- full name*;
- e-mail address*;
- phone number.
Purpose of data processing: to provide information related to the Data Controller’s trainings, services and activities, including contacting and communicating with the User interested in the trainings and services provided by the Data Controller, informing Users and handling comments related to the Data Controller’s activities.
Duration of data processing: data are deleted after ending the communication between the Data Controller and the User, or until the User requests the erasure of their data or withdraws their consent to the processing of their personal data.
Only persons aged over 18 may provide data on the Website.
- Parties eligible for accessing personal data, data processing
The Data Controller and the Data Processor employed by it are entitled to have access to personal data in compliance with the provisions of effective laws and regulations.
The data are processed on contract with the Data Controller by the following data processor:
- Hosting service provider:
Websupport Magyarország Kft.
Registered office: 1132 Budapest, Victor Hugo utca 18-22.
The purpose of data processing is the hosting service required for the operation of the Website.
Without an expressed statutory provision, the Data Controller may transfer to third parties data suitable for personal identification only with the explicit consent of the particular user.
- Place of data processing
Data are processed on the Website and on the servers operating the Website.
- User rights
Access to personal data
Upon the request of the User, the Data Controller shall provide information on whether or not their personal data are being processed by the Data Controller, and where that is the case, shall grant them access to the personal data, and shares the following information:
- the purpose(s) of the processing;
- the categories of personal data concerned;
- the legal ground and recipient(s) in the event of transferring the personal data of the User;
- the envisaged processing period;
- the User’s rights relating to the rectification, erasure and restriction of processing of the personal data, as well as the option to object to personal data processing;
- the possibility of lodging a complaint with a supervisory Authority;
- the data source;
- relevant information on profiling;
- the name, address of the processors and their activities related to data processing.
The Data Controller shall provide the User with a copy of the personal data undergoing processing free of charge. For any further copies requested by the User, the Data Controller may charge a reasonable fee based on administrative costs. Where the User makes the request by electronic means, the information shall be provided in a commonly used electronic form, unless otherwise requested by the data subject.
The Data Controller is obliged to provide the information at the request of the User in an intelligible form without undue delay, but no later than within one month from the submission of the request. The User may submit their request for access through the contact channels specified in Section 1.
Rectification of processed data
The User may request the Data Controller (at the contact details specified in Section 1) to rectify inaccurate personal data or the supplementation of incomplete data, taking into account the purpose of data processing. The Data Controller shall fulfil the rectification requirement without undue delay.
Erasure of processed data (right to be forgotten)
The User may request the Data Controller to erase their personal data without undue delay, the Data Controller shall be obliged to erase the personal data concerning the data subject without undue delay, if any of the following criteria is fulfilled:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the User withdraws its consent and here is no other legal ground for the processing;
- the User objects to the processing of your personal data;
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- the personal data obtained based on consent was collected with the provision of services relating to the information society to children.
Where the Data Controller has made the personal data public (made it available to a third party) and are obliged to erase them pursuant to the above, the Data Controller shall take into account the available technology and the cost of implementation, shall take reasonable steps to inform data controllers who are processing the affected personal data that the User has requested them to erase any links to, or copy or replication of those personal data, as well as to erase any duplicate copies.
Personal data are not required to be erased when data processing is necessary:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing of personal data by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in so far as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defence of legal claims.
Restriction of processing
The User has the right to request the Data Controller to restrict the data processing instead of rectifying or erasing personal data if any of the following criteria applies:
- the accuracy of the personal data is contested by the User, in which case the restriction applies for a period enabling the Data Controller to verify the accuracy of the personal data;
- the processing is unlawful and the User opposes the erasure of the personal data and requests the restriction of their use instead;
- the Data Controller no longer needs the personal data for the purposes of the processing, but the they are required by the user for the establishment, exercise or defence of legal claims;
- the User objected to data processing; in such cases the restriction shall only apply to the time period necessary to determine whether the legitimate reasons of the Data Controller override those of the data subject.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the User’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
The Data Controller shall inform the User, at whose request the processing has been restricted, of the lifting of the processing restriction in advance.
Notification obligation regarding rectification or erasure of personal data or restriction of processing
The Data Controller communicates any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. At the request of the User, the Data Controller informs the User about these recipients.
Right to data portability
The User is entitled to receive the personal data concerning him / her provided to the Data Controller in a structured, widely used, machine-readable format and to transmit this data to another data controller. If requested by the User, the Data Controller will export the processed data in PDF and / or CSV format.
Right to objection
The User has the right to object to the processing of their personal data, if the data processing
- is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
- is necessary for the enforcement of the legitimate interests of the Data Controller or a third party.
- is based on profiling.
In the event of the User’s objection, the Data Controller shall abandon the processing of the personal data unless the Data Controller proves that the data processing is justified by compelling legitimate grounds which override the User’s interests, rights and freedoms, or are necessary for the establishment, exercise or defence of legal claims.
Measures of the Data Controller in case of the User’s request
The Data Controller shall inform the User without undue delay, but no later than within one month from the receipt of the request, of the measures taken in relation to the access, rectification, erasure, restriction, objection or data portability request. This deadline may, however, be extended by two months if warranted by the complexity of the request or the number of requests. The Data Controller shall notify the User of any such extension within one month of receiving the request; such a notification shall include the reason of the extension. If the User submits the request via an electronic channel, the notification shall preferably be sent to them in an electronic format unless the data subject requests a different format.
If the Data Controller fails to act upon the User’s request they shall notify the User, without delay but no later than within one month of receiving the request, of the reasons of such a failure, and shall also inform the User that they may place a complaint at a supervisory authority, and may seek judicial legal remedy.
Upon the request of the User, the information, notifications and the measures taken on their request shall be provided free of charge. If the User’s request is clearly unfounded or excessive, in particular because of its repetitive nature, the Data Controller may, either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested or may refuse to take action in relation to the request. The burden of demonstrating the clearly unfounded or excessive nature of the request falls on the Data Controller.
- Managing and reporting of personal data breaches
All incidents are considered personal data breaches which result in the unauthorised processing or controlling of personal data, in particular unauthorised or accidental access, alteration, disclosure, erasure, loss or destruction of personal data processed, transferred, stored or processed by the Data Controller, or in its accidental destruction or damage.
The Data Controller is obliged to notify the NADPFI of the personal data breach without undue delay, but no later than 72 hours after the detection of the personal data breach, unless, the Data Controller can prove that the personal data breach is unlikely to pose a risk to the rights and freedoms of natural persons. Where such notification cannot be achieved within 72 hours, the reasons for the delay should accompany the notification and information may be provided in phases without undue further delay. The notification to NADPFI includes at least the following information:
- the nature of the personal data breach, the number and categories of data subjects and personal data;
- Title and contact information of the Data Controller;
- the likely consequences arising from the personal data breach;
- the measures taken or planned to manage, rectify or remedy the personal data breach.
The Data Controller shall inform the data subjects about the personal data breach via the Data Controller’s website within 72 hours after having become aware of the data breach. The information shall include at least the data specified in this Section.
The Data Controller keeps a record of each personal data breach for controlling the measures taken in relation to the occurring incidents and for providing information to the data subjects. The records contain the following data:
- the scope of the affected personal data;
- the range and number of data subjects;
- the date and time of the personal data breach;
- the circumstances and effects of the personal data breach;
- the measures taken for the prevention of the personal data breach.
The Data Controller keeps the data contained in the record for 5 years from the detection of a personal data breach.
- Data security
The Data Controller undertakes to ensure the security of data and takes all technical and organisational measures, puts into place the procedural rules that ensure the protection of all collected, stored and processed data, as well as preventing the destruction, unlawful use and unlawful alteration of data. The Data Controller also undertakes to call upon each third party to whom data are transferred or transmitted without the Users’ consent to comply with the data security requirements.
The Data Controller shall ensure that no unauthorised persons may access, disclose, transfer, modify or erase the processed data. The processed data may be accessed only by the Data Controller and its employees, as well as the Processor employed by them, and the Data Controller shall not transfer the data to any third party not authorised to have access to them.
The Controller shall take every possible effort to ensure data are not accidentally damaged or destroyed. The Data Controller requires all its employees taking part in data processing activities to assume the above obligations.
The User acknowledges and accepts that in case their personal data are provided on the website, full data protection cannot be guaranteed on the internet despite the fact that the Data Controller has up-to-date security equipment to prevent any unauthorised access to data or the detection thereof. If data are accessed without authorisation or data are obtained despite our efforts, the Data Controller shall not be held liable for the obtaining of data in such a manner or for any unauthorised access to them, or for any damage occurring at the User as a consequence thereof. In addition, the User may also supply personal data to third parties who may use them for unlawful purposes and in an unlawful manner.
- Law enforcement options
The Data Controller shall take all reasonable efforts to process personal data in compliance with the laws and regulations, however, if Users feel that this has not been complied with, they can write using the contact details indicated in Section 1.
If Users feel that their right to the protection of personal data has been violated, they can seek legal remedy in compliance with the applicable laws and regulations at the agencies that have jurisdiction, as
- the Hungarian National Authority for Data Protection and Freedom of Information (1055 Budapest, Falk Miksa utca 9-11.; email@example.com; www.naih.hu) or
- in court.
- Other provisions