Privacy Policy

Privacy Policy

Summary of SECURIMASTER ’s Privacy Policy

A SECURIMASTER Kft. Ltd. constitutes the following policy based on Act CXII of 2011 on information self-determination and freedom of information 24. § (3) section:

Purpose and effect of the policy:

The purpose of this policy is to determine the lawful order of records filed at SECURIMASTER Ltd. and to ensure the emergence of constitutional principles of the privacy policy, the effectiveness of requirements regarding data security and to prevent any unauthorized access, data alteration, disclosure. The purpose of the policy further is to ensure the publicity of data of public interest at SECURIMASTER Ltd. based on the regulation of the Act CXII of 2011 on information self-determination and freedom of information.

The policy covers all personal data management of each organizational unit.

Data protection definitions and principles:

Personal data: any defined (identified or identifiable) data which can be linked or linkable to a natural person (hereinafter referred to as: data subject) of which conclusions could be made on the data subject. The personal data will retain its quality during the data processing until its relevance to the data subject can be restored. A person is identifiable particularly if he – directly or indirectly – can be identified by name, by tag, or by one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;

Special data:

  1. data on racial origin, national and ethnic minority, political opinion or party affiliation, religious or ideological beliefs, business federation membership,
  2. state of health, pathological addictions, sexual preferences, and criminal personal data;

Criminal personal data: personal data obtained by organizations authorized to conduct criminal proceedings or investigations or by penal institutions during or prior to criminal proceedings, in relation to the criminal offence or criminal procedure that can be connected to the data subject as well as personal data relating to criminal records;

Data of public interest: information or cognition other than personal data, registered in any mode or form, irrespective of the method or format in which it is recorded, its single or collective nature controlled by the body or individual performing state or local government responsibilities, as well as other public tasks defined by legislation, concerning their activities or generated in the course of performing their public tasks;

Data disclosed on grounds of public interest: any data, other than data of public interest, which’s publicity or availability is ordered by law for public interest;

Consent: voluntarily and exact declaration of the data subject’s request which is based on proper information with which the data subject gives unambiguous approval to – complete or limited to specific operations – management of his personal data;

Objection: statements by data subjects in which a data subject objects to the management of his personal data and requests the termination and/or deletion of such;

Data controller: a natural person or a legal entity or unincorporated organization who determines the purpose of the management of personal data, makes decisions regarding data management (including the means) and implements such decisions itself or engages a data processor to implement them;

Data management: Regardless of the applied process, the complexity of any or all operation that is performed upon data, such as collection, recording, systemization, storage, alteration, use, disclosure by transmission, publication, alignment or combination, blocking, deletion or destruction and hindering further employment of data. Photo – voice – and video recording and the recording of physical attributes for identification purposes (such as fingerprints and palm prints, DNA samples and retinal images) are considered to be data management;

Disclosure by transmission: making data available to a particular third party;

Public disclosure: data made available to anybody;

Deletion of data: destruction or elimination of data in such way to make them irretrievable;

Freezing of data: restriction of transmission, cognition, publication, modification, alteration, destruction, deletion, connection or alignment and employment of data permanently or for a predetermined period;

Destruction of data: complete physical destruction of data or the medium containing the data;

Data processing: completion of technical operations related to data management, irrespective of the method and instruments employed for such operations and the venue where it takes place;

Data processor: natural person or legal entity and/or unincorporated organization that is engaged in the processing of personal data on behalf of a data controller on a contractual basis – including when ordered by virtue of legal regulation;

Personal data management system (management system): database of personal information, structured in any way, in a functionally or geographically centralized, decentralized or scattered system, which is accessible on the basis of definite criteria; 

Database: sum total of the data kept in a single data management system; 

Third party: any natural person or legal entity or unincorporated organization other than the data subject, the controller or the processor;

EEA State: any member state of the European Union and any state which is party to the Agreement on the European Economic Area, as well as any State the nationals of which enjoy the same legal status as nationals of States which are parties to the Agreement on the European Economic Area, based on an international treaty concluded between the European Union and its Member States and a State which is not party to the Agreement on the European Economic Area;

Third country: any country that is not a member of the EEA.

Purpose and proportionality of data management: Personal data may be managed only with a predefined lawful purpose to exercise a right or perform an obligation to the minimum extent and time necessary to achieve the objective. Data should be deleted if the purpose of the data handling activity ceases, or the data collection is otherwise illegal.

Data managed manually by SECURIMASTER Ltd:

Customer data:

Data management activities of  SECURIMASTER Ltd. are based on voluntary consent. However, in certain cases the management, storage and transmission of some of the recorded data are obligatory by law, of which the data subjects are informed separately.

In case the data is not submitted by the data subject to  SECURIMASTER Ltd. it is the obligation of the data provider to acquire the consent of the data subject.

A privacy policy was created regarding the data management of customers and data subjects for the purpose of informing the customers and data subjects about data management in advance.

Privacy policy is always signed by customers in case of personal administration. The privacy policy is an annex to the service level/consumer agreements.

In other cases there is no need to seek explicit consent, as to obtain the consent would be a disproportionate burden on the data controller.

Human resources data management:

Purpose of data management: payroll of data controller’s employees, data handling necessary to fulfill the company’s accounting obligations.

Legal basis of data management: consent of data subject.

Range of data managed: name, tax number, social security number, date of birth, home address.

Duration of data management: until the employee’s employment at the company lasts.

Data transmission: to those providing accounting and payroll duties.

Third party’s data acquired during employment must be filed and managed only up to the necessary extent (e.g. additional leave, family tax allowance)

A privacy policy was created regarding the data management of employees, for the purpose of informing employees about the data management in advance. This policy is always signed by employees.

The legal grounds of human resources data management are every time based on different legislations. The duration of data management is defined by the relevant legislation (e.g. Act on Personal Income Tax, Labor Code).

In the scope of human resources data management in case of data not directly originating from employment without exception the explicit written consent of the data subject should be obtained – imported into the process form – and the purpose and expected duration of data management should be indicated.

Data management in order to notify an employee’s relative:

Purpose of data management: Notifying an employee’s relative in the event of a work accident, sickness, injury or death.

Legal basis of data management: Act XCIII of 1993 on occupational safety and health 66, 68§.

Range of data managed: name, telephone number, home address.

Duration of data management: during the employee’s employment at the company.

Data transmission: does not take place.

Data of applicants and transmission of such data to subcontractors:

Purpose of data management: Recruitment of applicants, hiring, signing of employment contract

Legal basis of data management: consent of the data subject

Range of data managed: Name, date of birth, mother’s name, home address, qualification and photo

Duration of data management: 2 years from data registration

Data transmission: to data controllers.

Manpower services, access control related data management by video camera monitoring:

Purpose of data management: property protection, identifying accessing persons.

Range of data managed: name, identification number, image.

Legal basis of data management: Act CXXXIII of 2005 on Property Protection and the Activities of Private Investigators.

Video camera recordings and their storage. Saving of footage is: 3 days (90 days in case of taxation, international transport – related to VAT accounting – processes in order to identify tax related damages).

Data management related to remote monitoring:

Purpose of data management: property protection

Range of data managed: retrievable audio recordings

Audio recordings and their storage. Availability of audio records: 2 years

Legal basis of data management: Act CXXXIII of 2005 on Property Protection and the Activities of Private Investigators.

Data management related to trainings:

Purpose of data management: Education. Data management of training participants.

Range of managed data: name, birth name, place and date of birth, identification number, home address, mailing address, school qualification, professional experience, telephone number, e-mail address.

Legal basis: Act LXXVI of 2013 on adult education.

Duration of data management: within 5 years from data registration.

The following measures should be taken for the security of data managed manually by SECURIMASTER Ltd:

  1. Fire and property protection: Documents have to be stored in a well lockable room equipped with fire and property protection device.
  1. Access protection: Only authorized administrators and their managers may have access to the handled documents.
  2. Archiving: At SECURIMASTER electronic data has to be saved and archived minimum once a week.

Manually handled documents have to be filed according to the Document Management Policy.

     – The filing cabinet has to be in a well lockable room equipped with fire and property protection device.

Electronically managed data at SECURIMASTER Ltd:

Data management of visitors and registered users of www.securimaster.com website:

Purpose of data management: during the website visit in order to control operation of the service and prevent misuse visitor’s data is registered by the service provider.

 

Legal basis of data management: consent of the data subject and Act CVIII of 2001 13/A. § (3) on certain issues of electronic commerce activities and information society services.

Range of data managed: date, time, IP address of user’s computer, address of visited website, address of previously visited website, data related to the web browser and operation system of the user.

 

Duration of data management: within 30 days from visiting the website.

Contacting data management of www.securimaster.com:

Purpose of data management: contacting, keeping in contact.

Legal basis of data management: consent of the data subject.

Range of data managed: name, e-mail address, date, time, subject and text of the message and other personal data submitted by the data subject.

Deadline of data deletion: 2 years after data submission.

Information and contact details of SECURIMASTER Kft., as data controller:

Name: SECURIMASTER Ltd.

Seat: 1106 Budapest, Jászberényi út 24-36. VI. emelet

Tax number: 11965178-2-42

E-mail: info@securimaster.com

Other data management:

 SECURIMASTER Ltd. gives information regarding data management not listed in this policy at the time of data registration.

SECURIMASTER Ltd. informs its customers that the court, prosecutor, investigation authority, authority of infraction, administrative authority, Hungarian National Authority for Data Protection and Freedom of Information, and other bodies authorized by law can contact the data controller for information, disclosure and transmission of data as well as documents.

SECURIMASTER Ltd. discloses personal data to authorities – as far as the authority defines the exact purpose and scope of data required – to the extent that is necessary for the purpose of the request.

Legal remedy:Data subjects may request information on the management of their personal data and may also request correction, or – with the exception of the cases set forth in the law – deletion of their personal data, in a way indicated at the time of data registration or by contacting the data controller.Deletion or correction of personal data may be initiated the following ways:– by regular mail: 1106 Budapest, Jászberényi út 24-36. 6th floor

– by e-mail: info@securimaster.com

Upon the data subject’s request SECURIMASTER Kft.,

Ltd. as data controller shall provide information concerning data handled by it, including those processed by a data processor on its behalf, the data sources, the purpose, legal ground and duration of data handling, the name and address of the data processor and on its activities relating to data processing, moreover of the legal basis and the recipients – in case of data transmission/disclosure. Data controllers must comply with requests for information without any delay, and provide the information requested in an intelligible form, in writing at the data subject’s request, not more than within 30 days. This information is provided free of charge if there was no request from the data manager for similar data range in the current year. In other case SECURIMASTER Ltd. determines expenses.

Complaints regarding data management may be lodged at the following availabilities:

– by regular mail: 1106 Budapest, Jászberényi út 24-36. VI. floor

– by e-mail: info@securimaster.com

Legal remedies and complaints may be submitted to the Hungarian National Authority for Data Protection and Freedom of Information:

Name: Hungarian National Authority for Data Protection and Freedom of Information

Seat: 1024 Budapest, Szilágyi Erzsébet fasor 22/C.

Website: http://www.naih.hu