PRIVACY POLICY

Information security and data protection is a priority for our company. This privacy policy details our commitment to protecting your personal data in accordance with the relevant legislation.

I. Who will process your personal data?

Data controller: Z Elektronika Kft.
Registered seat: 7630 Pécs, Bajor utca 5.
Tax ID: 11541484-2-02
Email address: info@zelektronika.eu
Represented by: Dallos László, managing director

II. General terms

2.1. What is personal data?

Personal data means any information relating to you as an identified or identifiable natural person.

Such personal data is your name, identification number, location data, online identifier or one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.

2.2. What is data processing?

Processing means any operation or set of operations which is performed on personal data or on sets of personal data.

Examples for processing include collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2.3. Who may process your personal data?

Our company processes your personal data as a data controller.

A data controller is a natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Our company may engage the services of data processors while processing your personal data.

A data processor means a natural or legal person which processes personal data on behalf of us, the controller.

Such data processors are external accountants, IT maintenance, lawyers, etc.

2.4. What is the purpose of data protection and this privacy policy?

The purpose of data protection is for data controllers and data processors to process your personal data in compliance with the relevant legislation, and to inform you of your rights, as well as to be accountable of compliance.

III. How, why and for how long does our company process your data?

Purpose of processing

Description of processing

Types of personal data processed and their origin

Legal basis of processing

Duration of processing

Job applications

Our company processes the personal data provided to us by the solicited and unsolicited CV-s and other documents attached to the job application. The purpose of data processing is to notify the applicant of any job opportunities matching their qualifications and interests, as well as making an appointment with the applicant and performing the application procedure.

The personal data and contact information (e-mail address, phone number) provided by the applicant to us in the CV and other attached documents.

We may check the public profiles of the applicants on social media sites (however, we do not save, store or forward any personal data in connection with this).

The legal basis of processing personal data is the legitimate interest of our company [GDPR Art. 6. Sect. (1) Par. f)].

You may request a copy of the legitimate interest test performed with regards to the job applications via e-mail or in person at our offices.

For an announced position:

In case of a successful application the duration of the employment, in case of an unsuccessful application for 6 (six) months after the hiring is concluded or until the request of the applicant to delete their personal data.

For an unsolicited application: for 6 (six)months after the application is sent or at the time the request of the applicant is made to delete their personal data.

Questions, inquires and quotations

In connection with inquiries and quotation requests made by other companies or by us in person, via e-mail or over the phone, our company shall process the personal data provided to us or by us in the questions, inquires and quotations or answers by the data subject. The purpose of data processing is establishing and staying in contact, as well as providing information and quotation to the interested party so that they may engage our services or we may engage theirs.

The personal data provided to us or by us in the questions, inquires and quotations by or to the data subject, as well as any contact (telephone number, e-mail address) and other information necessary to enter into a contract.

In the event the parties enter into a contract as a result of the questions, inquires and quotations is the entering into and performance of contract between data subject and our company [GDPR Art. 6. Sect. (1) Par. b)].

In the event the parties do not enter into a contract as a result of the questions, inquires and quotations is the legitimate interest of our company [GDPR Art. 6. Sect. (1) Par. f)].

In the event a contract is not entered into, our company processes the personal information for 5 (five) years in accordance with the limitation of claims pursuant to the Civil Code.

If a contract is entered into then the duration of the processing is as described below.

Contracts

The company processes the data of other business entities and their employees that is necessary for the entering into and performance of the contract between a client or a supplier and our company.

The personal data enclosed in the contract and the contact information (telephone number, e-mail address) necessary for the performance of the contract, as well as any additional data required to issue an invoice in accordance with the Accounting Act.

The legal basis of processing personal data is the performance of contract between data subject and our company [GDPR Art. 6. Sect. (1) Par. b)].

The duration of data processing is 8 (eight)years after the performance of the contract pursuant to the preservation obligation of the bills issued by the Company under the Accounting Act.

Electronic surveillance

Our company operates an electronic surveillance and recording system (CCTV) at its registered seat (indicated by notices and pictograms).The electronic surveillance system monitors the external and internal areas of the site.

The purpose of the data processing is personal and property protection.

The camera system only records the picture and actions of the people entering the areas (the system does not have voice recording capabilities).

The source of the personal data is the data subject.

The surveillance system is operated by us, no data processors are engaged in this process.

The legal basis of processing personal data is the legitimate interest of our company [GDPR Art. 6. Sect. (1) Par. f)].

You may request a copy of the legitimate interest test performed with regards to the electronic surveillance via e-mail or in person at our registered seat.

The duration of the processing is at most 30 (thirty) days from the date of the recordings, after this period the recordings shall be deleted automatically.

IV. Who do we share your personal data with?

Our company will never forward, sell or make your personal data available in any other way to third parties. We do not forward personal information to third countries or international organizations. However, we may need to share some information, including personal data, we obtain from your use of our service in the following circumstances.

  • a) Complying with legal requirements
    Our company may transmit personal data if the applicable legal provisions so require, or when such action is necessary to comply with any laws, including to meet national security or law enforcement requirements. In this case the legal basis of forwarding the personal data is to comply with the legal obligations of our company [GDPR Art. 6. Sect. (1) Par. c)].
  • b) Protection of our claims, rights and interests
    We may also need to share personal data for the protection of our rights and interests, in accordance with the applicable laws. In this case the legal basis of forwarding the personal data is the legitimate interest of our company [GDPR Art. 6. Sect. (1) Par. f)].
  • c) Using third-party service providers
    Our company uses a data processor that provides contract security services to us. The data processor may only access your personal data in compliance with the purpose and legal basis of the data processing, as well as the relevant legislation.
    • 1. Borjáti Beáta auditor (registered seat: 7900 Szigetvár, Sánc utca 29.)
      This company provides financial auditing services to us, thus acts as a data processor with regards to the personal data of our employees, natural person clients and employees of our clients (name, position, phone number, e-mail address).
    • 2. CERT Zrt. (registered seat: 1119 Budapest, Andor utca 21/C. földszint 1.; tax ID: 25042342-2-43)
      This company conducts an ISO audit at our company, and may act as a data processor with regards to the review and certification of the documents regarding of our employees and clients.
    • 3. Forint-Soft Kft. (registered seat: 6500 Baja, Roosevelt tér 1. fszt. 6.; tax ID: 13768812-2-03)
      This company provides the software our company uses for accounting and payroll, thus acts as a data processor with regards to the personal data of our employees, natural person clients and employees of our clients (name, position, phone number, e-mail address).

V. How do we protect your data?

  • a) Security
    We take appropriate technical and organizational measures to protect your personal data against loss or other forms of unlawful processing. Our company makes every effort to comply with the best practices of information security.
  • b) Confidentiality
    We undertake the obligation of confidentiality with all contractual partners. This confidentiality applies to the personal data processed in relation to the contract between our company and our contractual partner.

What are your rights with regard to us processing your personal data?

6.1. Information and access to personal data

You may request the company in writing to provide information as to:

  • a) the personal data processed by our company regarding you, as well as
  • b) the legal basis of the processing,
  • c) the purpose of the processing,
  • d) from which source the personal data originate,
  • e) the duration of the processing,
  • f) to whom our company forwards the personal data and its legal basis.

We shall comply with your request within 15 (fifteen) days by electronic or postal mail to the address you provided. Prior to complying with the request our company may ask you to further specify the request or the data processing activities.

If your right to obtain information as described above adversely affects the rights and freedoms of others (especially regarding trade secrets and intellectual property rights) we are entitled to refuse to comply with the request in the necessary and proportionate amount.

In the event you request the above information in multiple copies, our company is entitled to bill a proportionate and reasonable amount of money in connection with the administrative costs of fulfilling the request. If the personal data indicated by you is not processed by us, we shall nevertheless inform you of this fact.

6.2. Right to rectification

You shall have the right to obtain from our company without undue delay the rectification of inaccurate, incorrect or incomplete personal data concerning you. We shall correct the inaccurate or inaccurate data immediately, but no later than within 5 (five) days. If it does not conflict with the purposes of the processing, we may complete the incomplete personal data by means of a supplementary statement provided by you. We shall notify you of the above by electronic or postal mail to the address you provided.

Our company shall be exempted from complying with the request for rectification if

  • a) the accurate, correct and complete personal data are not available and you do not provide those to us, or
  • b) if the validity of the personal data provided by you cannot be established.
6.3. Right to erasure („right to be forgotten”)

You shall have the right to request from us the erasure of any personal data relating to the data subject. You shall make the request in writing with specifying the personal data to be erased and the reason for the erasure.

The fulfilment of the request shall only be denied by our company in case the processing of the personal data is obligatory for us by law. Should we not be obligated by law to process the personal data then we shall comply with the request no later than within 15 (fifteen) days and inform you by electronic or postal mail to the address you provided.

6.4. Right to restriction of processing

You may request our company the restriction of processing the personal data in writing. The restriction shall apply until the reasons you specified make it necessary. You may request the restriction of processing if:

  • a) the accuracy of the personal data is contested by you (for a period enabling the controller to verify the accuracy of the personal data);
  • b) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  • c) we no longer need the personal data for the purposes of the processing, but we are required by you for the establishment, exercise or defence of legal claims;
  • d) you have objected to processing pending the verification whether our legitimate grounds as the controller override those of yours as the data subject.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If you have obtained restriction of processing, you shall be informed by our company before the restriction of processing is lifted.

After complying with the request of restriction our company shall inform of that fact any persons or legal entities to whom we have lawfully forwarded your personal data, unless such a task is impossible or would require unproportionate effort from our company.

6.5. Right to object

If the processing of your data is based on a legitimate interest, you must be provided with the appropriate information regarding the processing of the data and your right to exercise the right to protest. This right must be expressly brought to your attention at the latest when you first contact us.

You have the right to object to the processing of your personal data on this basis, in which case our company may no longer process the personal data of the data subject unless it can be proved that

  • a) the processing of the data by our company is justified by compelling legitimate reasons which take precedence over your interests, rights and freedoms, or
  • b) the data processing is related to the submission, enforcement or protection of the legal claims of our company.
6.6. Right to data portability

You have the right to receive personal data about you provided by you to our company in a structured, widely used, machine-readable format (eg. by e-mail) and to transfer this data directly to another data controller. In case of exercising the right to data portability, our company will comply with your request primarily by means of an email attachment in .pdf format.

6.7. Right to an effective remedy

6.7.1. Dispute resolution with the Company

You may announce your request regarding information, rectification, erasure and restriction in person or in writing at any addresses of our company provided in Section I.

6.7.2. Right to complaint

In the event the dispute resolution with us proved unsuccessful or you deem that your rights listed above were violated or a direct risk of such violation exists, you are entitled to lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information.

Contact information of the Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság)
Registered seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
Mailing address: 1530 Budapest, Pf. 5
Telephone: +36(1)3911400
Telefax: +36(1)3911410
E-mail address: ugyfelszolgalat@naih.hu
Website: http://naih.hu

6.7.3. Right to a court

You – regardless of your right to complaint – may file an action with the courts if your rights under the GDPR and the Privacy Act have been violated.

Any action against our company may only be filed with a Hungarian court.

You may file the action with the court of your jurisdiction. The Courts of Hungary and their jurisdiction are available at the following link: http://birosag.hu/torvenyszekek

The legislation referenced in this privacy policy:

  • a) GDPR: REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
  • b) Privacy Act: Act CXII of 2011 on Informational Self-Determination and Freedom of Information
  • c) Accounting Act: Act C of 2000 on Accounting
  • d) Civil Code: Act V of 2013 on the Civil Code

Do you have any question?