PRIVACY POLICY

  1. CONTROLLER

Company name:                               17. sz. Programozóhivatal Kft.

Head office:                                       1172 Budapest, Jászladány u. 24.

Establishment:                                  1033 Budapest, Hévízi út 1/A

Telephone:                                        +36 1 413 72 34

Tax number:                                                 12708413-2-42

Registration number:                      01-09-699550

Legitimate authority:                       Registry Court

Data Protection Officer name:       Csery Anita

Mobile:                                               +36 70 453 2750

E-mail:                                               adatvedelem@17.hu

 

  1. Principles, laws

2.1. Legislation

GDPR (General Data Protection Regulation) – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Law on Data Protection – CXII of 2011 law on the right to informational self-determination and freedom of information and legislation issued for its implementation.

2.2. Basic principles followed during data management:

  1. a) We process personal data only for the purpose and for the period specified here. Only such personal data may be processed that are essential for the realization of the purpose of data management and suitable for achieving the purpose.
  2. b) During the data management, only persons employed by 17. sz. Programozóhivatal Kft. can see the personal data who have a task related to the given data management.

 

  1. Term definitions, abbreviations

personal data”: any information about the identified or identifiable natural person; the natural person can be identified directly or indirectly, in particular on the basis of one or more identifier such as name, number, location data, online identifier or the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person;

„data subject”: natural person identified or identifiable on the basis of any information.

„data management”: any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as the collection, recording, systematization, segmentation, storage, transformation or change, query, insight, use, communication, forwarding, by distribution or otherwise making it available, synchronization or interconnection, restriction, deletion and destruction;

„restriction of data management”: marking stored personal data in order to restrict their future processing;

„data controller”: the natural or legal person, public authority, agency or other organization which determines the purposes and means of handling personal data independently or together with others;
if the purposes and means of data management are determined by EU or Member State law, the data controller or the special aspects regarding the designation of the data controller may also be defined by EU or Member State law;

„data processing”: performing tasks related to data management operations;

„data processor”: the natural or legal person, public authority, agency or other organization which manages personal data on behalf of the data controller;

„profiling”: any form of automated processing of personal data for the evaluation of the personal characteristics of the data subject, in particular those related to his/her performance at work, economic situation, state of health, personal preferences or interests, reliability, behavior, location or movement, aimed at analyzing or forecasting;

„third party”: the natural or legal person, public authority, agency or other organization, which is not the same as the data subject, the data controller, the data processor or the persons who have been authorized to process personal data under the direct control of the data controller or data processor;

„consent of the data subject”: the voluntary, concrete and clear declaration of the data subject’s will based on adequate information, by which the data subject indicates by means of a statement or an act clearly expressing the confirmation that he/she consents to the processing of the personal data concerning him/her;

„data protection incident”: a breach of data security that results in the accidental or unlawful destruction, loss, modification, unauthorized transmission, disclosure of personal data transmitted, stored or otherwise handled, or unauthorized access to them;

 

„cookie”: The service providers use cookies in order to know the interests of the users. When browsing the websites (web pages), the service providers place cookies in the browser on the user’s computer (or mobile device). The purpose of cookies is to enable service providers to provide users with more personalized web content that enhances the user experience when using websites. Cookies are not harmful to the user’s computer (or mobile device) and do not contain any information that could be used to identify the person or personal data of the user.

  1. Scope of personal data

4.1. www.17.hu and www.scriptorsfa.com websites

Cookies used by the service provider when browsing the websites:

  • Session cookies: which are deleted when the browser is closed are extremely important for the proper functioning of applications related to the website.
  • Permanent (saved) cookies: the validity period of permanent cookies is 30 days. For the validity period, saved cookies are stored on the hard drive of the user’s computer, however, the user can delete them before the expiration of the predetermined deadlines.
  • Cookies used by third parties: the service provider also uses the analytics services of Google Analytics, Google AdSense, Facebook, Hotjar, which can place cookies on users’ computers in order to facilitate the analysis of user activity related to the service provider’s website. Users can block the use of Google cookies on the page created to turn off Google ads.

 

Users can delete the cookie from their own computer (mobile device), or they have the option to prohibit the application and installation of cookies in the browser. However, in this case, not all functions will work properly or the user experience may be reduced. It is usually possible to manage cookies in the Tools/Settings menu of browsers, in the data protection settings.

 

Purpose of data management:  Storage of cookies.

Time of data management: Close the browser for session cookies, 30 days for saved cookies.

Legal basis of data management: Your consent. When the website is open for the first time, an acceptance statement appears. We also store the fact of acceptance in a cookie, so if you open the page several times on the same device and browser, this text will no longer appear.

Scope of managed data:

  • Websites do not save cookies

 

 

4.2. Contact us through the website or our e-mail addresses

You can contact us at any of our contact points (by e-mail, phone os post). In the messages received on the website or at our e-mail addresses, we assume your consent to the processing of your personal data shared with us.

Purpose of data management: Maintaining contact with the requester and answering or solving the question/request.

Time of data management: Messages and personal data received in this way are not deleted for the sake of retrievability. If it contains such sensitive personal data, we examine it individually in each case and only store it for as long as is absolutely necessary.

You can only send us your message through our website if you have read and accepted our Privacy Policy.

Legal basis of data management: Your consent.

Scope of managed data: the personal data included in the message, which is necessary for maintaining contact (name, e-mail address, telephone number, etc.)

4.3. Contacting our colleagues via the call center

Purpose of data management:  The 17. sz. Programozóhivatal Kft. records and logs both incoming and outgoing telephone conversations in the call center, with the aim of: providing professional assistance to customers, asserting the rights of customers and the data controller, providing evidence for the resolution of possible legal disputes, providing evidence supporting the subsequent provability and possible irretrievability of the claim, as well as the subsequent proof of agreements, quality assurance, and the fulfillment of legal obligations.

Time of data management: 30 days

Legal basis of data management: Consent of data subject

Scope of managed data: the personal data required for contact (name, e-mail address, telephone number, etc.)

In the case of incoming calls, the following information is automatically announced by the Call Center (before the party initiating the call speaks to the support colleague):

Please note that for quality assurance and information security reasons, as well as for the protection and reproducibility of oral statements, we will record your conversation with our operator and we will keep the audio recording together with the personal data provided during the conversation for 30 days. The controller of your personal data is 17. sz. Programozóhivatal Kft. The legal basis of data management is Your voluntary consent.

If you do not consent to the recording of the conversation, please contact us in person at 1033 Budapest, Hévízi út 1/A during working hours (weekdays from 8:00 a.m. to 4:30 p.m.) or by mail at the e-mail address support@17.hu.

4.4. If you apply for a job

If you apply for a job on our website, by e-mail or by post (through a job advertisement or regardless), we assume your consent to data management.

Legal basis of data management: Your consent.

Purpose of data management: Contact with job applicants and selection of suitable applicants.

Time of data management:

The resumes of applicants for specific job advertisements and the personal data and documents sent in connection with the application are handled as after the person filling the position has been selected:

– unsuccessful applicants will be asked by e-mail or on paper whether they would like us to store their application in our database for another year and contact them if there is a job opportunity. If a negative response or no response is received within 30 days, the application and the applicant’s data will be deleted from the system.

– the successful applicant’s data will be transferred to the employee data and deleted from the applicant database.

Applications for general non-specific job advertisements sent by post or e-mail are stored in our database for one year. After one year, the provided CV and other personal data will be deleted.

Regardless of the above, you can request the deletion of your personal data at any time, in the event of such an indication, the personal data provided will be deleted from our database immediately.

Scope of managed data: the personal data provided, which are necessary for recruitment (name, e-mail address, phone number, education, professional experience, etc.)

  1. Affected rights

In connection with data management, 5.1.-5.7. are entitled to the rights detailed in clauses. If you want to enforce one of them, please write to us at one of the following addresses:

address: 1033 Budapest Hévízi út 1/A

e-mail address: adatvedelem@17.hu

In any case, we need to identify your identity before fulfilling your request. If we cannot identify you, unfortunately we cannot fulfill your request.

After the identification, we provide information about the request in writing, electronically, or – at your request – orally. If you submitted the request electronically, we will respond electronically, but in this case you can also request another method.

We will inform you about the measures taken as a result of your request within 1 month of receipt of the request at the latest. If necessary, taking into account the complexity of the application and the number of applications, this deadline can be extended by another 1 month, which we will inform you about within the one-month administrative deadline.

It is our duty to inform you of the failure to take action within the 1-month administrative deadline. You can file a complaint against this with the NAIH (point 6.1) and exercise your right to judicial remedy (point 6.2).

The requested information and measures are free of charge. Exceptions are made if the request is clearly unfounded or – especially due to its repetitive nature – excessive. In this case, we may charge a fee or refuse to fulfill the request.

5.1. Withdraw consent

In the case of data processing based on your consent, you can withdraw your consent at any time. In such a case, we will delete your personal data related to the given data management within 14 working days from the date of receipt of the notification.

5.2. Request for information

You can request information on whether your personal data is being processed, and if so: what is its purpose, exactly what kind of data is being processed, to whom we forward this data, how long it is stored, what rights and remedies you have in this regard, from whom we received your data, whether we make an automated decision using your personal data (in such cases, you can also request information about the logic (method) we apply and the significance and expected consequences of such data management).

– If you have found that your data has been forwarded to an international organization or a third country (non-EU member state), you can request a demonstration of what guarantees the proper handling of your personal data.

– You can request a copy of your personal data (For additional copies, we may charge a fee based on administrative costs.)

5.3. Request for correction

You can request to correct or supplement your inaccurate or incomplete personal data.

5.4. Right to be forgotten (deletion)

You can ask us to delete your personal data. In the following cases, we will fulfill your request within 14 working days of receipt of the request:

  1. a) The personal data are no longer needed for the purpose for which they were processed;
  2. b) In the case of data processing based on your consent;
  3. c) If it is determined that personal data is being processed illegally;
  4. d) It is required by EU or national legislation.

We would like to inform you that in the case of points a), c) and d), personal data will be deleted even without a request.

We cannot delete personal data if it is necessary:

  1. a) for the purpose of exercising the right to freedom of expression and information;
  2. b) fulfillment of the obligation according to the EU or member state law applicable to the data controller requiring the processing of personal data, or in the public interest;
  3. c) based on the public interest in the field of public health;
  4. d) for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, if deletion would likely make this data management impossible or seriously jeopardize; or
  5. e) for the presentation, enforcement and defense of legal claims.

5.5. Data restriction

You can ask us to limit data processing if one of the following is true:

– disputes the accuracy of the personal data, in which case the limitation applies to the period during which we verify the accuracy of the personal data;

– the data processing is illegal, but opposes the deletion of the data and instead requests the restriction of its use;

– we no longer need the personal data for the purposes of data management, but you require them to present, enforce or defend legal claims;

– objected to data processing; in this case, the restriction applies to the period until it is determined whether the Data Controller’s legitimate reasons take precedence over your legitimate reasons.

In case of restriction, personal data may only be processed with your consent, with the exception of storage, or to submit, enforce or defend legal claims, or to protect the rights of another natural or legal person, or in the important public interest of the Union or a member state.

We will inform you in advance about the possible lifting of the restriction.

5.6. Right to data portability

You are entitled to receive your personal data that we manage in a widely used format, and you are also entitled to transfer this data to another data controller – or at your request – if the data processing is based solely on your consent or a contract concluded with you or on your behalf based and automated.

The mentioned right does not apply in the event that the data management is necessary for the execution of a task in the public interest. You may not violate the right to erasure and may not adversely affect the rights and freedoms of others.

5.7. Objection to the processing of personal data

You can object to the processing of your personal data:

  • in the case of public interest / public authority and the legal basis based on consideration of interests
  • in the case of direct business acquisition
  • in the case of profiling for direct business acquisition.

If you object to the processing of your personal data, we will delete your personal data within 14 working days from the receipt of your objection. An exception is the case when the data processing is justified by compelling legitimate reasons, including the public interest or the case when the data processing is necessary for the submission, enforcement or defense of legal claims.

  1. Remedies

6.1. Reporting a complaint to the NAIH

If you believe that the processing of your personal data is contrary to the provisions of the General Data Protection Regulation, you have the right to file a complaint with the National Data Protection and Information Security Authority (NAIH).

NAIH

mailing address: 1534 Budapest, Pf.: 834

address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c

telephone: +36 1 391 1400

fax: +36 1 391 1410

web: http://naih.hu

e-mail: ugyfelszolgalat@naih.hu

6.2. Court

If you believe that the processing of your personal data is contrary to the provisions of the General Data Protection Regulation and thus your rights contained in the General Data Protection Regulation have been violated, you have the right to appeal to the court.

In addition to the provisions of the General Data Protection Regulation, Act V of 2013 of the Civil Code, Book Two, Part Three, XII. provisions contained in its title (§ 2:51 – § 2:54) as well as other legal provisions relating to court proceedings shall apply.

6.3. Compensation and damages

If the Data Controller causes damage or violates the privacy rights of the data subject by unlawful processing of the data subject, damages may be demanded from the Data Controller. The data controller shall be released from responsibility for the damage caused and from the obligation to pay compensation if it proves that the damage or the violation of the privacy rights of the data subject was caused by an unavoidable cause outside the scope of data management.

  1. Data security

The 17. sz. Programozóhivatal Kft. takes into account the state of science and technology and the costs of implementation, as well as the nature, scope, circumstances and purposes of data management, as well as the varying probability and severity of the risk to the rights and freedoms of natural persons, and implements appropriate technical and organizational measures in order to guarantees a level of data security commensurate with the degree of risk.

When determining the appropriate level of security, we specifically take into account the risks arising from data management, which arise in particular from the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise managed.

The 17. sz. Programozóhivatal Kft. takes measures to ensure that natural persons acting under its control and having access to personal data can only handle said data in accordance with the instructions of the data controller, unless they are required to deviate from this by EU or member state law.

  1. Data processors

Data processors not mentioned for individual data management:

The hosting of our website is provided by 3in1 Hosting Bt. (head office: 2310 Szigetszentmiklós, Brassó utca 4/A.);

  1. Data transfer

We only forward your personal data to the data processors and data controllers indicated in this Data Management Notice, exclusively in accordance with the provisions of this Data Management Notice.

We reserve the right to hand over the processed personal data to the competent authorities and courts in accordance with their request, even without the special consent of the person concerned, in the cases defined by law.

 

  1. Other

The Data Controller is entitled to modify the contents of this Data Management Notice at any time. The possible modification will take effect at the same time as it is published on the website, we will draw your attention to the change in a pop-up window on the website.

Last update: February 2023