Data controller data
In order to register the external processes of Bergulix Consulting Kft. (Hereinafter the Company) and to ensure the rights of the parties concerned, it compiles the following data protection information (hereinafter: the Information):
Data controller
Name: BERGULIX CONSULTING KORLÁTOLT FELELŐSSÉGŰ TÁRSASÁG
Address: 1022 Budapest, Rácz Aladár utca 22.
Company registration number: 01-09-275743
Tax number: 25447716-2-43
Representative: Gnädig László Péter ügyvezető
2. Details of the Data Protection Officer
Name: Gnädig András
Contact: Tel.: 06-20/284-1846, e-mail: andras.gnadig@bergulix.hu
3. Principles
By means of this prospectus and making it available, the Company intends to ensure the fulfillment of its obligations set out in the GDPR Regulation, including the obligation to provide information to those concerned.
The purpose of these regulations is to provide the data subjects with adequate information about the data managed by the Company or transmitted to the data processor entrusted by it, the name and address of the data processor, the purpose, legal basis, duration of the data processing and the legal basis of data transmission.
The Company handles the personal data of its external partners only with the prior written consent of the data subject, or for the performance of a contract or the fulfillment of a legal obligation. Before recording the data, the Company always communicates to the data subject the purpose of the data processing and the legal basis of the data processing.
In handling personal data, the Company takes into account the following principles:
- Legality, fairness and transparency: The processing of personal data must be carried out lawfully and fairly and in a way that is transparent to the User;
- Personal data is collected only for specified, explicit and legitimate purposes and is not processed in a way incompatible with those purposes;
- Accuracy: Personal information must be accurate and, where necessary, kept up to date; all reasonable measures shall be taken to ensure that personal data which are inaccurate for the purposes of the processing are erased or rectified without delay;
- Limited storage: Personal data must be stored in a form that allows Users to be identified only for the time necessary to achieve the purposes for which the personal data are processed; personal data may be stored for a longer period only if the processing of personal data is for public archiving, scientific and historical research or statistical purposes, the appropriate technical and organizational measures provided for in the GDPR Regulation to protect the rights and freedoms of the Partner subject to its implementation;
- Integrity and confidentiality must be maintained in such a way as to ensure the adequate security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage, by means of appropriate technical or organizational measures.
- Accountability: The Company is responsible for compliance with the principles and must be able to demonstrate such compliance.
II./ Security measures
1. / Security measures for workers
Employees performing data management at the Company, as well as persons participating in data management on behalf of the Company, are obliged to treat the personal data they have learned as business secrets and to keep them confidential. Persons handling personal data and having access to it are obliged to make a Confidentiality Statement (Annex 1). In the course of their work, the employees of the Company ensure that unauthorized persons cannot inspect personal data, and that the storage and placement of personal data is designed in such a way that it cannot be accessed, known, changed or destroyed by unauthorized persons.
The data protection system of the Company is supervised by the data protection officer.
2. / Protective measures
In order to ensure the security of personal data processed on paper, the Company applies the following measures:
- the data can only be known to those entitled to it, they cannot be accessed by others, they cannot be disclosed to others;
- place the documents in a well-locked, dry room with security equipment;
- documents under continuous active management can only be accessed by competent persons;
- during the day, the Company’s data processing employee may leave the room where data processing takes place only by closing the data carriers entrusted to him or her or closing the office;
- the Company’s data management employee shuts down the paper-based data carrier upon completion of the work
In order to ensure the security of personal data stored on the computer or network, the Company applies the following measures and guarantee elements in accordance with the provisions of the applicable IT regulations:
- the computers used in the data management are the property of the Company or the Company has the same right of ownership over them;
- the processed data can be accessed in all cases with a valid, identifiable right;
- all computer records with the data are traceably logged;
- if the legal basis for a processing operation has lapsed, the data will be permanently deleted in such a way that the data cannot be recovered;
- the Company continuously provides virus protection on the personal data management network;
- make every effort to prevent unauthorized persons from gaining access to the network by using available computer equipment.
3. / Principles applied during security measures
The Company shall take appropriate technical and organizational measures to take account of the state of science and technology and the costs of implementation, as well as the nature, scope, circumstances and purposes of data processing and the varying likelihood and severity of risks to the rights and freedoms of natural persons. guarantees a level of data security commensurate with the level of risk, including; in the event of a physical or technical incident, the ability to restore access to and availability of personal data in a timely manner; a procedure for regular testing, assessment and evaluation of the effectiveness of the technical and organizational measures taken to ensure the security of data processing.
The Company has not adhered to any approved codes of conduct or approved certification mechanism.
The place of physical storage of the data is the registered office of the Company.
III./ Data management
1. / Definition of data management activity:
The Company performs the following activities for individuals:
- Sales of tangible and tangible assets
- Other mediated services
- Services ordered under an agency contract
- Real estate sales
In order to fulfill the obligation of its partners under the contract concluded with it, the Company stores the following data: name, place of birth, time, mother’s name and address. The given data is recorded in the partner body of the Company’s self-developed corporate governance system, within which invoices are also issued.
2. / Purpose and legal basis of data processing
The purpose of data management is that the Company can perform the service ordered by the Partner in accordance with the contract and can keep in touch with the Partner during the term of the contractual relationship. Data processing is necessary for the performance of the contract (Article 6 (b) of the GDPR Regulation).
3. / Recipients of personal data and categories of recipients
The Company does not transmit the data provided by the Partner, the data is stored in its own storage space, and it also performs its accounting tasks independently.
4. / Transmission of the entered data
The Company will not transfer the data provided by the Partner to a 3rd country or to an international organization.
5. / Duration of data storage
The Company permanently deletes the data from the database after the performance of the contract, except for the data on the invoice and supporting the content of the invoice, such as name, address, service date, designation, amount, correspondence during the ordering and fulfillment process. This data will be deleted 8 years after the end of the invoice year.
6. / The rights of the Partner as a data subject
6.1./ Right of cancellation
The Partner may request the unjustified and immediate deletion of personal data – in person or in writing by e-mail, if
- personal data are no longer required for the purpose for which they were collected or otherwise processed;
- the data subject withdraws the consent on which the data processing is based and there is no other legal basis for the data processing;
- the data subject objects to the processing and there is no overriding legitimate reason for the processing;
- personal data has been processed unlawfully;
- personal data must be deleted in order to fulfill a legal obligation under EU or Member State law applicable to the controller;
- personal data were collected in connection with the provision of information society services.
The Company does not delete the data that it is obliged to store due to legal regulations. Subject to the fact that the Company issues an invoice to the Partner during the purchase of goods or provision of services, the name and address on the invoice, as well as the date of purchase, date of performance, purchased product or service and the amount in the internal program and invoice will remain after the Partner or any of his / her data is deleted for the period of fulfillment of the obligation specified in the Accounting Act.
6.2./ Right to information
The Partner is entitled at any time to request information from the Company in person or in writing about the handling of his personal data, the method of data processing, blocking, deletion, and any measures related to the data processed. The Partner may at any time request the Company to inspect his personal data.
The Company does not operate a cloud-based database or online registration interface, so if the Partner wishes to exercise his right to request information, he may initiate it at any time in the form of an e-mail or postal letter.
6.3./ Right to feedback
The Partner is entitled to receive feedback from the Company as to whether the processing of his / her personal data is in progress, and if such data processing is in progress, he / she is entitled to have access to the personal data and the following information:
• the purposes of data management;
• the categories of personal data concerned;
• the recipients or categories of recipients to whom or with whom the personal data have been or will be communicated, including in particular third country recipients or international organizations;
• where applicable, the intended period for which the personal data will be stored or, if that is not possible, the criteria for determining that period;
• the data subject’s right to request the controller to rectify, delete or restrict the processing of personal data concerning him or her and to object to the processing of such personal data;
• the right to lodge a complaint with a supervisory authority;
• if the data were not collected from the data subject, all available information on their source.
A copy of the contract concluded with the Partner shall be provided by the Company to the Partner.
6.4./ Right of access
The Partner is entitled to access the data provided by the Company by providing a copy of the contract. The Partner may ask any other questions by sending an e-mail or post to the Company.
6.5./ Right to rectification
The Partner has the right to initiate a change in the data managed by the Company at any time. The Company may do so by contact, telephone, post or e-mail.
6.6./ Right to restrict data processing
The Partner is entitled to restrict the data processing at the request of the Company if any of the following is met:
- the Partner disputes the accuracy of the personal data, in which case the restriction applies to the period of time that allows the Company to verify the accuracy of the personal data;
- the data processing is illegal, but the Partner opposes the deletion of the data and instead requests a restriction on its use;
- the Partner objected to the data processing; in that case, the restriction shall apply for as long as it is established whether the legitimate reasons of the controller take precedence over the legitimate reasons of the data subject.
If the processing is subject to a restriction, such personal data may be processed, with the exception of storage, only with the consent of the Partner or for the purpose of bringing, enforcing or protecting legal claims or protecting the rights of another natural or legal person or in the important public interest of the Union or a Member State.
The Company shall inform the relevant Partner, at whose request the data processing has been restricted, in advance of the lifting of the data processing restriction.
6.7. Right to protest
The Partner has the right to object to the processing of his personal data at any time for reasons related to his own situation in the following cases:
- the data processing is necessary for the performance of a task in the public interest or in the exercise of a public authority conferred on the Company, or
- the data processing is necessary to enforce the legitimate interests of the Company or a third party,
unless the interests or fundamental rights and freedoms of the User, which require the protection of personal data, take precedence over these interests.
In this case, the Company may not further process the personal data, unless it proves that the processing is justified by compelling legitimate reasons which take precedence over the interests, rights and freedoms of the User or which are related to the submission, enforcement or protection of legal claims.
Personal data provided by the Partner to the Company may be processed for purposes other than the original purpose of their collection only if the data processing is compatible with the original purpose of the data processing.
You can initiate the modification or deletion of the Partner’s data and the notification of your objection related to data management at any time by sending an e-mail to the Company’s central e-mail address (titkarsag@hunep.hu).
The Company is obliged to respond to the Partner’s letter without undue delay, but no later than within 15 days or, if these rules specify a shorter period, within the period specified therein, or to comply with its request, if it is compatible with its legal rights.
The Company informs the Partner that no profiling or automated decision-making takes place with the managed data.
IV./ Complaint handling
1. / Place, time, method of complaint handling, possibilities of enforcement
1.1./ Place of complaint handling – in case of data protection violations
The Partner may submit objections related to the product or the data management activities of the Company at the following contacts: Mailing address: Bergulix Consulting Kft., Mailing address: 1148 Bp. Kerepesi út 52., e-mail: info@bergulix.hu, phone: 06- 30/876 4288
1.2./ Method of complaint handling
In the case of an oral complaint communicated by telephone or other electronic communication service, the Company shall send a copy of the minutes to the Partner at the latest at the same time as the substantive reply. In all other cases, the Company will act in accordance with the rules applicable to written complaints. The Company provides a unique identifier to a complaint recorded by telephone or other means of communication, which simplifies the retrieval of the complaint in the future. The Company will respond to the complaint received in writing within 15 days. The measure means delivery by post within the meaning of this contract. If the complaint is rejected, the Company shall inform the Partner of the reason for the rejection.
1.3./ Enforcement options
In the event of an alleged violation of the law relating to the processing of your personal data, any data subject may apply to the competent court, the Capital Court in the capital or initiate an investigation at the National Data Protection and Freedom of Information Authority (chairman: Dr. Attila Péterfalvi, 1024 Budapest, Szilágyi Erzsébet fasor 22 / C, customer service). naih.hu, 036-13911400, www.naih.hu)
V. / www.Bergulix.hu website operation
Anyone may access the website operated by the Company without disclosing their identity or providing personal information, and may obtain information freely and without restriction on the website and related sites. The Company “does use cookies on the website.