Privacy Policy

CHAPTER I. - GENERAL PROVISIONS

Introduction
Purpose of the Code
Scope of the Code
Definitions

CHAPTER VI. - DATA-ADMINISTRATIVE MEASURES
26. § Data security measures

CHAPTER VII. - DATA PROCESSING ACTIVITY OF THE COMPANY

       27. § Data Processing Activities
       28. § Provision of Data Processors
       29. § Obligations and Rights of the Client (Data Controller)
       30. § Our Company as Data Processing Officer and its Rights
       31. § General terms and conditions of the Company's data processing activities

CHAPTER VIII. - TREATMENT OF DATA PROTECTION INCIDENTS
       32. § Concept of privacy incident
       33. § Treatment and remedy of data incidents
       34. § Records of Data Protection Incidents

ANNEXES

Annex 5. Privacy policy for a contract with a natural person

Annex 7. General contract terms for data processing

Annex 11 Contribution to GDPR

Annex 12 - Information on personal data communicated in Email

CHAPTER I
GENERAL PROVISIONS

§ Introduction

The Company declares that its data management activities are carried out in accordance with the relevant internal rules, technical and organizational measures. REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 (General Data Protection Regulation, 'the Regulation'); CXII. (hereinafter referred to as "Infotv."). Section 2 Purpose of the Code 1. The purpose of the Code is to establish internal rules and to establish measures to ensure that the Company's data management activities comply with the Regulation and that the Infotv. provisions.

2. § Purpose of the Code

1. The purpose of the Code is to establish internal rules and to establish measures to ensure that the Company's data management activities comply with the Regulation and that the Infotv. provisions.
2. The purpose of the Regulations is also to provide the Company with a statement of compliance with the Regulation and the principles set out therein in relation to the principles for the management of personal data (Article 5).

3. § Scope of the Code

(1) The scope of this Code applies to the treatment by the Company of personal data relating to a natural person.
(2) Individual entrepreneurs, individual companies, primary producers, customers and suppliers shall be considered natural persons for the purposes of this Code.
(3) The scope of this Code does not cover personal data processing that applies to legal persons, including the name and form of the legal person, as well as the details of the availability of the legal person. (GDPR (14))

Definitions

Definitions for the purposes of this Code are set out in Article 4 of the Regulation. Accordingly, highlight the main concepts:

1. "personal data" means any information relating to an identified or identifiable natural person ("concerned"); a natural person may be identified, directly or indirectly, based on one or more factors relating to the physical, physiological, genetic, intellectual, economic, cultural or social identity of an identifier such as name, number, positioning data, online identifier or natural person identified;

2. "data management" means any operation or operation of automated or non-automated personal data or data files, such as collecting, capturing, rendering, rendering, storing, modifying or modifying, querying, inspecting, using, communicating, disseminating or making available by other means, alignment or interconnection, restriction, deletion or destruction;

3. "restrictions on data handling" means the designation of stored personal data to limit their future management;

4. "profiling" means any form of automated processing of personal data where personal data are used to evaluate certain personal characteristics associated with a natural person, in particular work performance, economic status, health status, personal preferences, interest, reliability, behavior, place of residence or motion-related features;

5. "pseudonymation" means the processing of personal data in a way that, without the use of additional information, no longer identifies the specific natural person of the personal data provided that such additional information is stored separately and that technical and organizational measures ensuring that this personal data can not be linked to identified or identifiable natural persons;

6. "registration system" means the personal data of any person - centralized, decentralized or functional or geographic - that is accessible on the basis of defined criteria;

7. "data controller" means any natural or legal person, public authority, agency or any other body that determines the purposes and means of handling personal data individually or with others; where the purposes and means of data management are defined by Union or national law, the data controller or the particular aspects of the designation of the data controller may also be defined by Union or national law;

8. "data processor" means any natural or legal person, public authority, agency or any other body which processes personal data on behalf of the data controller;

9. "consignee" means any natural or legal person, public authority, agency or any other body with whom or with which personal data is communicated, whether or not it is a third party. Public authorities which have access to personal data in an individual investigation in accordance with Union or national law shall not be considered recipients; the management of such data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of data management;

10. "third party" means any natural or legal person, public authority, agency or any other body other than the data subject, the data controller, the data processor or any person who, under the direct control of the data controller or the data processor, have been authorized;

11. "consent of the party concerned" means a voluntary, concrete and appropriate and informed and explicit statement of the will of the person concerned by which he or she indicates the statement in question or a statement of unambiguous effect by giving his consent to the processing of personal data concerning him;

12. "privacy incident" means a breach of security resulting in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise handled.

CHAPTER VI.
ADMINISTRATIVE MEASURES

26. § Data security measures

(1) For the purpose of securing the security of personal data, the Company is obliged to take all technical and organizational measures and to establish the procedural rules necessary for the enforcement of the Regulation and Infotv.

(2) The Data Controller shall protect the data with appropriate measures against accidental or unlawful destruction, loss, alteration, damage, unauthorized disclosure or unauthorized access thereto.

(3) The Company classifies and manages personal data as confidential data. Workers have a duty of confidentiality regarding the processing of personal data, for which the clause in the separate Annex applies. Access to personal data is limited by the Company's granting of eligibility levels.

(4) The Company protects IT systems by firewall and provides virus protection, the operation of which is governed by separate regulations.

(5) The Company carries out electronic data processing and registration through a computer program that meets the requirements of data security. The program ensures that the data is only targeted and under controlled conditions only to persons who need it in order to perform their duties.

(6) In the automated processing of personal data, the data controller and the data processor shall provide the following:

(a) preventing unauthorized data entry;
(b) prevent the use of automatic data processing systems by unauthorized persons by means of data transmission equipment;
(c) verifiability and determination of which organs may be transmitted or transmitted by means of data transfer equipment using personal data;
(d) the verifiability and determination of which personal data, when and to whom it has been introduced into the automatic data-processing systems;
(e) the repair of installed systems in case of malfunction and
(f) to report on errors occurring during automated processing.

(7) The Company shall ensure the control of incoming and outgoing communications by electronic means in order to protect personal data.

(8) Pending files and documents under processing are only accessible to the relevant administrators, and documents containing personnel, wage and labor and other personal data must be kept securely locked.

(9) Proper physical protection of the data and the means and documents that carry them must be ensured.

CHAPTER VII.
DATA PROCESSING ACTIVITY OF THE COMPANY

27. § Data processing activities

The Company performs data processing for the following activities:

® Data processing, web hosting services
® Market and opinion polls

28. § Provision of Data Processing Guarantee

As a data processor, the Company guarantees, in particular in terms of expertise, reliability and resources, technical and organizational measures to ensure compliance with the requirements of the Regulation, including data security.
In the course of the Data Processor's activities, he or she shall ensure that persons authorized to access the personal data concerned are otherwise subject to a confidentiality obligation in respect of the personal data they have access to, provided that they are not subject to a legally enforceable confidentiality requirement. The text of the Privacy Statement to be used is contained in a separate annex to these Rules.

(7) The Company has the appropriate hardware and software tools, it undertakes to implement technical and organizational measures to ensure the lawfulness of data management and the protection of the rights of the data subjects

(8) The Company has the legal and technical conditions of electronic communication with public bodies.

(10) Our Company undertakes to provide the Client with any information necessary to verify compliance with the legal provisions governing the use of the Data Processing Processor.

29. § Obligations and rights of the client (data controller)

1. Data Controller is entitled to verify the performance of the contract activity with the Data Processor.

2. The data controller shall be liable for the legality of the instructions of the data controller regarding the tasks specified in the contract, but the Data Processor shall immediately notify the Data Manager if the Data Handler's instruction or its implementation is in violation of the law.

3. The Data Controller is obliged to inform the natural persons concerned about the processing of this contract, if required by law, to obtain their consent.

30. § Our Company as Data Processing Officer's Rights and Rights

1. Right of Attorney: In the course of the Data Processor's activities, it only proceeds in accordance with the written instructions of the Data Controller.

2. Confidentiality: In the course of the Data Processor's activities, it ensures that persons authorized to access the personal data concerned, if they are not otherwise subject to a legally enforceable confidentiality rule, have a confidentiality obligation with respect to the personal data they have access to.

3. Data security: Data processor shall take appropriate technical and organizational measures to take account of the state of science and technology and the costs of implementation, the nature, scope, circumstances and objectives of data management and the risk of varying probability and severity of natural persons' rights and freedoms. in order to guarantee an adequate level of data security to the degree of risk. The Data Processor shall take measures to ensure that natural persons acting under its authority and having access to personal data may treat such data only in accordance with the instructions of the data controller, unless such deviation is subject to Union or Member State law. The Data Processor shall ensure that the stored data are accessed through the internal system or through direct access only to the authorized persons and only for the purposes of data management. The Data Processor provides the necessary, regular maintenance and development of the tools used. It stores the data storage device in a closed physical room with adequate physical protection and ensures its physical protection. The data processor is obliged to use persons with good knowledge and experience in order to perform the tasks specified in the contract. It is also a duty to provide for the preparation of the persons it uses for the data protection legal provisions to be observed, the obligations contained in this contract and the purpose and the method of data collection.

4. Utilization of a Data Processing Processor: Data Processor undertakes to use additional data processors only in compliance with the conditions set out in the Regulations and Infotv. In this contract, the Data Controller gives the Data Processor general authorization to use additional data processors (subcontractors). The Data Processor informs the data controller of the additional data processor and the planned tasks to be performed by the additional data processor prior to the use of the additional data processor. If the data controller, on the basis of this information, objects to the use of the additional data processor, the data processor shall only be entitled to use the additional data processor in order to satisfy the conditions specified in the objection. If the data processor uses certain additional data processing services for specific data management activities on behalf of the data controller, he / she is obliged to conclude a written contract and also to apply the same data protection obligations to the other data processor as those included in this contract between the data controller and the data processor , in particular by requiring the additional data processor to provide adequate guarantees of the implementation of the appropriate technical and organizational measures and thereby ensure that the data processing complies with the requirements of this Regulation. If the additional data processor fails to comply with its data protection obligations, the data processor responsible for it will have full responsibility for the data controller to fulfill its further data processing obligations.

5. Cooperation with the Data Manager:

a) As our data processing activity, our Company assists the Data Controller with all appropriate means to facilitate the enforcement of the rights of the data subjects in order to fulfill their obligations in this respect.
b) Our company, as a Data Processor, assists the data controller in compliance with Decree 32-36. (Data Security, Privacy Impact Assessment and Prior Consultation), taking into account the nature of the data handling and the information available to the data processor.
c) Our company as a data processor shall provide the data controller with all information necessary to verify fulfillment of the obligations set out in Article 28 of the Regulation (Data Processor) and which allows and facilitates audits by the controller or by another auditor entrusted by the controller, including on-site inspections. With respect to this point, the data processor shall immediately inform the data controller if he considers that any of his instructions infringes this Regulation or national or EU data protection provisions.

31.§ General Terms of Contract of the Company's Data Processing Activity

(1) The Company concludes a written contract with the client for data processing.

(2) The general contract terms of the data processing activity of the Company are contained in a separate annex to these Rules.

(3) The content of the general contract terms shall be disclosed to the other party prior to the conclusion of the contract and shall be accepted by the other party.

CHAPTER VIII.
TREATMENT OF DATA PROTECTION INCIDENTS

32. § Definition of Data Protection Incident

(1) "Privacy incident" means a breach of security resulting in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise handled; (Article 4 of Regulation 12)

(2) The most common reported incidents include: losing a laptop or mobile phone, storing personal data in an unsafe manner (eg waste paper); unauthorized transmission of data, unauthorized duplication, transmission of client and customer contact lists, server attacks, break site.

33. § Treatment and remedy of privacy incidents

(1) The prevention, management and protection of data incidents shall be the responsibility of the head of the Company.

(2) Access and access tests shall be logged on IT systems and continuously analyzed.

(3) Where the employees of the company who are entitled to control have a data protection incident in the performance of their duties, they must notify the head of the company without delay.

(4) Employees of the Company are obliged to report to the Head of the Company or to the employer's rights practitioner if they detect an incident or an event of data protection.

(5) A privacy incident can be registered on the Company's central e-mail address and telephone number, where employees, contractors, stakeholders can report underlying events, security weaknesses.

(6) In the event of a notification of a privacy incident, the head of the company shall immediately examine the notification, involving the IT, financial and operational manager, identifying the incident and determining whether it is a real incident or a false alarm. It is necessary to examine and establish:

a) the. the date and place of the incident,
b) the description of the incident, its circumstances, its effects,
c) the scope, the numeracy of the data compromised during the incident,
d) the scope of the persons affected by the compromised data,
e) a description of the measures taken to deal with the incident,
f) a description of the measures taken to prevent, remedy and reduce the damage.

(7) In the event of a data incident occurring, the systems, persons, data involved, data shall be confined and separated, and the collection and retention of evidence supporting the incident shall be ensured. After that, you can begin restoring damage and restoring legitimate operation.

(8) In the event of a privacy incident, the competent supervisory authority shall be notified without undue delay, but within 72 hours, unless the Company can demonstrate that the data incident does not pose a risk to the rights and freedoms of natural persons.

34. § Records of data protection incidents

(1) Data protection incidents shall be kept in a register containing:

a) the scope of the personal data concerned,
b) the scope and number of persons affected by the data protection incident,
c) the date of the data protection incident,
d) the circumstances, the effects of the privacy incident,
(e) measures taken to remedy a data protection incident,
(f) other data specified in the law providing for data processing.

(2) Data relating to data incidents recorded in the register shall be kept for five years.

DataExpert Services Ltd.

Annex 5

DATA MANAGEMENT ARREST
NATURAL PERSONAL CONTRACT

1. The data controller informs the contracting party (hereinafter referred to as "the person concerned") that he / she treats the personal data provided in the contract for the performance of the contract.

2. Personal data are addressed to the Company's employees, accountants, taxpayers and data processors performing customer service tasks.

3. The duration of the storage of personal data is 5 years after termination of the contract.

4. The personal data shall be transferred to data processing for tax purposes, for accounting purposes, for the accountancy office entrusted to the company, for postal delivery to the Hungarian Post or to the courier service responsible for the property protection of the company's property agent.

5. For information about the rights of the natural person concerned and the data processors, see www.dataexpert.hu on the Company's web site.

****

I have noted the above information and information.

Dated: ______________________ 20 ____ years _____________ month _____ day

____________________________

Signature of the person concerned

Guide:

This contractual clause is applicable to any contract (sale, order, engagement, etc.) concluded by an enterprise, an organization in the course of its activities, if the contracting party is a natural person. The data controller is, as the case may be, the undertaking or organization that binds the contract.

The data management clause may be part of the contract, as a point of it, and in this case, the person concerned naturally signs with the contract. In the case of a contract, you do not explicitly consent to the processing of your personal data, but will also take note of the information. The subject of data processing is not the consent of the party concerned, but the fulfillment of the contract concluded or to be concluded.

It is important for the company to publish its data management information on its website.

ADDITIONAL DECLARATION
LEGAL PERSONS CONTRACTING PARTNERS FOR NATURAL PERSON REPRESENTATIVES OF CONTACT LICENSORS

THE SIGNED NAME:
TITLE:
ADDRESS:
PHONE NUMBER:
EMAIL ADDRESS
ONLINE IDENTIFIER (if applicable):

INFORMATIONS

DATA MANAGER:	Company name, representative:
THE DATA MANAGER'S WEBSITE:	www.dataexpert.hu
OBJECTIVE OF THE DATA MANAGEMENT:	Performing a contract, maintaining a business relationship.
DATABASE LEGAL BASIS:	Contribution of the party concerned
THE RECIPIENT OF PERSONAL DATA:	Employees of the Company who perform tasks related to customer service;
DURATION OF STORAGE OF PERSONAL DATA:	For 5 years after the business relationship or the quality of the representative concerned.

Personal data may be transferred to the Hungarian Post or to the courier service for postal delivery for the purposes of data processing for the purposes of property protection.

INFORMATION ABOUT THE RIGHTS RESERVED:

You have the right to apply to the data controller for access, rectification, cancellation or handling of personal data relating to you and may object to the handling of such personal data and have the right to data storage. You have the right to withdraw your consent at any time, which does not affect the lawfulness of the data handling carried out prior to the withdrawal. It has the right to lodge a complaint with the supervisory authority (National Data Protection and Information Authority)

Data provision is not a prerequisite for the conclusion of a contract, nor is it required to provide personal data. Failure to provide data may make contact more difficult.

For more information, see the Data Handling Guide available on the Company's website (in the footer).

****

I have acknowledged the above information and information for the purposes of handling my personal information for the purposes described above.

Dated, ______________________ 20 ____ years _____________ month _____ day

____________________________

Signature

DataExpert Services Ltd.

Annex 7

DATA PROCESSING ACTIVITY
GENERAL CONTRACT CONDITIONS

THE NAME OF THE DATA PROCESSOR:

Company Name: DataExpert Services Kft.

Headquarters: 4026 Debrecen, Vendég utca 84. 1st em. 7th

Company Registration Number: 09-09 -015400

VAT number: 14416611-2-09.

represented by Zoltán Vasvári, Dezső Karaszon, managing directors

Phone: +3652212370

E-mail address: This email address is being protected from spambots. You need JavaScript enabled to view it.

Website: www.dataexpert.hu

(hereinafter referred to as Data Processor)

These Terms of Agreement shall apply to the data management activity related to the service performed by the Company on the basis of a separate contract of assignment, in which the Company handles personal data on behalf of the client as a data controller. The principal of the principal service contractor is referred to as Data Manager.

1. OBJECT OF DATA PROCESSING

Handling the data of the natural persons involved in the legal relationship with the client in connection with the execution of the separate contract. The use of the Data Processor does not require the prior consent of the data subject, but is required to inform him, which is the responsibility of the client.

2. DURATION OF DATA MANAGEMENT: up to the date of the contract with the client or until the consent of the person concerned is withdrawn.

3. LABEL AND OBJECTIVES OF DATA MANAGEMENT: ...................................................

4. TYPE OF PERSONAL DATA:

The name, address, telephone number, online identifier of the natural person

5. CATEGORIES OF INTEREST: customers, buyers, clients of the principal

6. THE OBLIGATIONS AND RIGHTS OF THE OWNER (DATA MANAGER)

6.1. Data Controller is entitled to verify the implementation of the contract activity at the Data Processor.

6.2. The Data Operator is liable for the legality of the instructions of the data controller regarding the tasks specified in the contract, but Data Processor shall immediately inform the Data Controller if the Data Handler's instruction or its implementation is in violation of the law.

6.3. The Data Controller is obliged to inform the natural persons concerned about the processing of this contract, if required by law, to obtain their consent.

7. OUR COMPANY AS DATA PROCESSING OBLIGATIONS AND RIGHTS

7.1. Right of use: In the course of the data processor's activities, it only acts on the written instructions of the data controller.

7.2. Confidentiality: In the course of the Data Processor's activities, it ensures that persons authorized to access the personal data concerned, if they are not otherwise subject to a statutory obligation of confidentiality, have a confidentiality obligation regarding the personal data they have access to.

7.3. Data security: Data processor shall take appropriate technical and organizational measures to take account of the state of science and technology and the costs of implementation, the nature, scope, circumstances and objectives of data management and the risk of varying probabilities and seriousness reported to the rights and freedoms of natural persons, to guarantee an adequate level of data security to the degree of risk. The Data Processor shall take measures to ensure that natural persons acting under its authority and having access to personal data may treat such data only in accordance with the instructions of the data controller, unless such deviation is subject to Union or Member State law. The Data Processor shall ensure that the stored data are accessed through the internal system or through direct access only to the authorized persons and only for the purposes of data management. The Data Processor provides the necessary, regular maintenance and development of the tools used. It stores the data storage device in a closed physical room with adequate physical protection and ensures its physical protection. The data processor is obliged to use persons with good knowledge and experience in order to perform the tasks specified in the contract. It is also a duty to provide for the preparation of the persons it uses for the data protection legal provisions to be observed, the obligations contained in this contract and the purpose and the method of data collection.

7.4. Additional Data Processing Processor: Data Processor undertakes to use additional data processors only in compliance with the conditions specified in the Regulation and Infotv. In this contract, the Data Controller gives the Data Processor general authorization to use additional data processors (subcontractors). The Data Processor informs the data controller of the additional data processor and the planned tasks to be performed by the additional data processor prior to the use of the additional data processor. If the data controller, on the basis of this information, objects to the use of the additional data processor, the data processor shall only be entitled to use the additional data processor in order to satisfy the conditions specified in the objection. If the data processor uses certain additional data processing services for specific data management activities on behalf of the data controller, he / she is obliged to conclude a written contract and also to apply the same data protection obligations to the other data processor as those included in this contract between the data controller and the data processor , in particular by requiring the additional data processor to provide adequate guarantees of the implementation of the appropriate technical and organizational measures and thereby ensure that the data processing complies with the requirements of this Regulation. If the additional data processor fails to comply with its data protection obligations, the data processor responsible for it will have full responsibility for the data controller to fulfill its further data processing obligations.

7.5. Cooperation with Data Manager:

8. PROCEDURE IN THE EVENT OF TERMINATION OF THE CONTRACT: Termination of the fund contract will result in the termination of this contract. Upon termination of this contract, all personal data and records kept by our Company as a data processor shall be returned by the data controller to the data controller, unless otherwise agreed by the parties, electronically processed data, lists and records to the data controller if they are received electronically by the data controller the data handler is unable to print data on the paper (printed) to the data manager simultaneously with all personal data from the Data Manager and delete a copy thereof from his / her register.

9. TERMINATION OF THE CONTRACT

Termination of the contract with our Company shall be subject to the provisions of the basic contract of employment concluded between the parties.

10. FINAL PROVISIONS

11. In matters not covered by this contract, the Civil Code. (EU) 2016/679 (27 April 2016) and the Act CXII of 2011 on Information Freedom of Information and Freedom of Information, law shall apply.

12. By signing the Client (Data Controller), he / she verifies that he / she has accepted and accepted the contract terms in full before signing.

Dated, __________________ 20 _____ years ________________ _____ month ____ days

_____________________________ _____________________________

Data Processor Client (Data Controller)

DataExpert Services Ltd.

Annex 11

GDPR contributing statement
General Data Protection Regulation statement in relation to the establishment of an employment relationship

I, the undersigned .................................... .. employee, hereby declare that, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the personal use of personal data by the Employer (including the abbreviated code of conduct) for the protection of data and the free flow of such data and the repeal of Regulation 95/46 / EC (General Data Protection Regulation).

I, the undersigned .................................... .. employee, declare that I have known the possibility of access to the internal policies in force by the Employer (...........................).

I acknowledge that I have a duty to take into account the changes, modifications to the regulations and at least monthly work according to the updated regulations.

Underwriter .................................... ..employee

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 ( General Data Protection Regulation) - I hereby declare, agree, and authorize and at the same time the establishment of a labor law relationship:

For the purposes of fulfilling tax and accounting obligations, the employer must perform data management with regard to my data.

The Data Processing Company manages the statutory data of the natural persons who are the business of contacting the data controller as purchasers, as suppliers, for the fulfillment of the tax and accounting obligations prescribed by law (accounting, taxation). The data processed are based on the CXXVII of 2017 on General Sales Tax. TV. §§ 169 and § 202, in particular: tax number, name, address, tax status, according to § 167 of Act C of 2000 on Accounting: name, address, designation of the person or organization providing the transaction , the person who certifies the implementation of the order and the signature of the inspector depending on the organization; on the certificates of stock movements and on cash management documents, the receivables received by the recipient, on the counter-bill of the payer, the CXVII of 1995 on Personal Income Tax. on compulsory data.

.....................................

Employee

I agree that the employer will have to make the payment information for my data

The Data Processing Company manages the personal data of the data controller's employees, family members, employees, and other beneficiaries - as required by the tax laws, with whom the data controller's paying agents are responsible for fulfilling the statutory tax and contribution obligations of the data controller (tax, tax advance, contributions, payroll, social security) (2017: Act CL of Art. 7 § 31). The scope of the data processed is defined in Article 50 of the Art. Special mention of this: the natural person's identity (including the previous name and the title), gender, nationality, tax identification number of the natural person, social security identification (Social security number). If the tax laws give rise to a legal consequence, Data Processing can handle the data on the membership of the employees concerned (Section 40 of the Act) and the trade union (Section 47 (2) b) .

I, the undersigned .................................... .. employee, acknowledge that the employer performs data processing related to labor law by the following laws:

Act CXXVII of 2017 on General Sales Tax; according to the law
based on Act C of 2000 on Accounting
Act CXVII of 1995 on Personal Income Tax. according to the law
Act CL 2017 of the Code of Taxation; according to the law
Act LXXX of 1997 on Social Security Benefits and Private Pension Beneficiaries and Coverage of these Services. according to the law
Act LXXXI of 1997 on Social Security Pensions according to the law
CLVI 2017 on the reduction of the social contribution tax and amending the related laws; according to the law
Act LXVI of 1995 on Public Works, Public Archives and the Protection of Private Archives Material. law.

……………………………………….

Employee

I, the undersigned .................................... .. employee, acknowledge that I am responsible for changes in my personal data concerning labor law and I am obliged to inform the employer of my changed information in writing (within 3 business days), in particular:

Childcare allowance,
childcare assistance,
childcare allowance,
Childcare leave,
baby care allowance,
Reduced workforce and post-employment benefits,
Benefits for long-term jobseekers,

In addition:

First name,
Birth name,
Date of birth,
Mother's name,
Address,
Nationality,
Tax ID,
Social security number (TAJ),
Pension number (for a retired worker),
Phone number,
E-mail address,
Identity card number,
Number of attestation,
Bank account number,
Online ID (if applicable),
School education, qualification certificate,
The debt to be deducted from the salary of a worker on the basis of a decision or a law or a written consent of the employee,
Depending on the job position, a moral certificate,
A summary of the job suitability tests,
in the case of a pension fund and a voluntary mutual insurance fund, the name, identification number and employee's membership number of the fund,

.....................................

Employee

21. for a foreign worker passport number; the name and number of the document certifying work entitlement,
22. records recorded in the records of accidents involving workers;
23. the data necessary for the use of welfare services and commercial accommodation;
24. change of data in driver's license if he or she carries out motor vehicle fueling or driving a company car,
25. data changes in the traffic data of a motor vehicle if the vehicle is fueled,
26. data changes in the data of the insurance relationship of a motor vehicle, in the case of a motor vehicle fuel claim,

The undersigned .................................... .. employee agrees that the personal data listed above will be treated for the employer and the employer by the accounting and payroll service provider.

The undersigned .................................... .. employee acknowledges and agrees that the employer will use an external expert in connection with the performance assessment. The personal data related to the performance evaluation can only be kept by the employer up to the possible deadline (3 years) required by the Labor Code.

The undersigned .................................... .. employee agrees that the employer will check the email account he / she provides. I understand that the e-mail account provided by the employer can only be used for my job assignments.

I, the undersigned .................................... .. employee, acknowledge that the employer may use the computer, laptop, tablet, which I provide, solely for the sake of my job. I agree that the use of work equipment for me is verified by the employer or by the person appointed by him.

The undersigned .................................... .. employee acknowledges and agrees that the employer operates an access control system whose data controllers are the administrators. The range of manageable personal data: the natural person's name, address, vehicle registration number, entry time, exit time.

The purpose of personal data management is to protect property, perform a contract, and enforce employee obligations.

The undersigned .................................... .. employee acknowledges and agrees that the employer at the headquarters of the Company and at its premises in its open premises is responsible for human life, physical integrity, personal freedom, business secrecy and property protection for the purpose of recording an image, sound or image and sound, the personal conduct of the person concerned may be considered as personal data recorded by the camera.

The legal basis of this data management is the enforcement of the legitimate interests of the employer and the consent of the person concerned.

.....................................

Employee

The undersigned .................................... .. employee acknowledges and agrees that the employer will send me a shipment by me via the express mail (express mail) assigned by Magyar Posta or the employer and, for the purposes of transmission, address (other required identifier).

Concerning the employment contract, I declare that, in accordance with Regulation (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL,
(appropriate underlined)

I do not do data management / or do it exclusively in the way I have set in my job as specified in the local regulations
I do not perform personal data processing, or do it exclusively in the manner set out in my local employment policy

Concerning the contract, I declare that, in the event of a Privacy incident, I will inform the employer immediately about the incident, in accordance with Regulation (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL.

Dated, ___________________ 20 ____ years _____________ month _____ day

.....................................

Employee

Annex 12

E-MAIL PERSONAL DATA STATEMENT

In the event that any natural person submits an e-mail to any manager or employee of the Company and the email does not contain a statement regarding the processing of personal data, the following statement must be sent by e-mail:

"Thank you for your letter!

Our Company respects and protects your personal data and takes into account the relevant legal requirements. I would like to inform you that your e-mail sent to our Company contains personal information whose written consent is not covered by your letter. Having regard to Regulation (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the regulation of natural persons with regard to the processing of personal data and Info Info. e-mail will be canceled within 3 (three) days without written consent. Thank you for your understanding!"

If it is necessary to store or guard the data, for example, tender, contractual request, etc., a request for a contributing statement is proposed in the proposed reply.

Privacy Policy

For more information, please contact us!