Information on Data Processing
for the Clients of MindiGIS Ltd.
As a Data Controller, our company undertakes to be bounded by the provisions of this Information on Data Processing, and also undertakes to ensure that any data processing related to its scope of activity complies with the applicable European Union and national legislation. Our company is committed to the protection of the personal data of our clients, respects the right of informational self-determination of its clients, processes the personal data in a confidential matter, and also takes all of the safety, technical and organizational measures necessary to ensure the protection of personal data.
By the means of this document, our company intends to provide information to the natural persons engaging in a business relationship with our company on the most important rules providing a basis for data processing, and on the rights of the concerned natural persons, in accordance with the General Data Protection Regulation of the European Union (Regulation 2016/679/EU, hereinafter referred to as “GDPR”).
The Information on Data Processing is always accessible at the following website: https://www.mindigis.hu/ However, within the framework provided by the legislation, our company reserves the right to change the content of this Information on Data Processing anytime, provided that the data subjects are notified in a timely manner before.
1. Data of the Data Controller
The data processing is performed by our company, in accordance with the followings:
|Company name:||MindiGIS Térinformatikai Iroda Ltd.|
|Seat:||H-1038 Budapest, Rókahegyi út 65.|
|Company registration number:||01-09-469458|
|Tax identification number:||12134256-2-41|
According to Article 37(1) of GDPR, no data protection officer has been designated at our company, the managing director of our company is the competent person in data protection manners:
2. Scope of the Categories of Data Processing
Within the framework of the business relationship, our company controls the following personal data:
- personal identification data (name, place of birth, date of birth, mother’s name)
- contact data (e.g. address, phone number, email address)
- authority data (tax identification number)
- bank data (account keeping bank, bank account number)
- electronic identification data (protocol data arising in connection with the application of IT systems)
3. Method of Data Acquisition
Generally, personal data according to Subsection 2 is generally acquired directly from the client upon the establishment of the business relationship (enquiry by the client, registration, placement of orders, announcing an intention to enter into an agreement, etc.). In addition, information may be acquired from publicly accessible authentic records (company register, list of civil organizations, property register, taxpayer register, etc.).
Within the framework of its business relationship, the client shall be obliged to provide the personal data necessary for the establishment, maintenance and termination of the legal relationship, and for the completion of the obligations prescribed by statutory provisions in connection with the employment, or if our company is obliged to process such data according to statutory provisions. In case of the lack of such data, our company would not be able to complete its obligations regarding the legal relationship, or to assert its claims.
4. Legal Basis of Data Processing
- Regulation 2016/679/EU (General Data Protection Regulation, GDPR)
- Act CXII of 2011 on Informational Self-Determination and Freedom of Information
- Act V of 2013 on the Civil Code of Hungary
- Act C of 2000 on Accounting
5. Purpose of the Data Processing
5.1 The primary purpose of the data processing is the establishment, maintenance and termination of a legal relationship (sale and purchase, supply agreement, contractor agreement, lease relationship, etc.), the enforcement of the rights and obligations arising from such legal relationship, and also the completion of obligations prescribed by statutory provisions on tax legislation and accounting obligations [Article 6(1)(b) and (c) of GDPR
5.2. The purpose of the data processing also includes the enforcement of the legitimate interests pursued by our company or by a third party [Article 6(1)(f) of GDPR].
5.3 Our company does not process special categories of personal data according to Article 9 of GDPR.
5.4 For the purpose of making decisions, our company does not process personal data by automated means and does not take unique measures for the purpose of profiling.
In case of data processing different than described above, the data subject is preliminary notified by our company, and his or her consent for data processing is acquired if necessary.
6. Period of Retention of the Data
Our company shall erase the processed personal data immediately if they are no longer necessary for the reasons described in Subsection 5 (e.g. no business relationship has been established, and not expected to be established in the future). However, following the termination of the contractual relationship, our company retains the personal data to be retained in accordance with statutory provisions. Generally, this arises from the obligation of registration and retention in accordance with statutory provisions, and from limitation periods, and this is regulated by the provisions of the Civil Code of Hungary and Act C of 2000 on Accounting. Accordingly, the period of retention may be even 10 years. In addition, our company retains personal data for the period until any claim may be asserted against it.
7. Location of the Retention of Data, Safety Measures
Our company retains the data of electronic form in the server and computers located at the seat of it, in Google Cloud, the data of paper form is retained in the archives located at the seat of it. Data Processing and Security Terms of Google Cloud: https://cloud.google.com/terms/data-processing-terms
Our company selects the IT systems used for processing personal data in a manner which allows access to the authorized persons, ensures their authenticity, able to confirm that the processed personal data was not modified, and the systems shall be protected against unauthorized access.
Documents in paper format are retained in cabinets/premises to be locked with a key.
8. Circle of Parties Knowing the Data, Data Procession, Data Transferring
8.1 The personal data of the natural person considered as data subject may only be accessed at our company by persons who are responsible for the completion of the legal and contractual obligations of our company as a result of their positions, and who undertake an obligation of confidentiality and were properly informed on the provisions of GDPR.
8.2 Társaságunk továbbá a személyes adatokat az anyacég … részére továbbíthatja, a pénzügyi és stratégiai tervezés elősegítése, továbbá számviteli beszámoló elkészítése céljából. Az anyacéget e körben úgyszintén titoktartási kötelezettség terheli, köteles továbbá a GDPR rendelkezéseinek maradéktalan betartására.
8.3 In addition, for the purpose of the completion of its contractual and legal obligations, our company uses third party services (accounting firm, law firm, occupational physician, IT company), who are also obliged for confidentiality, and also for the full compliance with the provisions of GDPR. Service providers currently used by our company:
8.4 In addition to the above, our company may transfer the processed personal data to other parties, provided that this is necessary for the completion of the contractual or legal obligations of our company. Such as:
- authorities, courts, prosecution
- other authorities (e.g. individual court enforcement officer)
8.5 Our company does not transfer personal data outside the European Economic Area.
9. Rights of the Data Subjects
Right of access and information (Article 15 of GDPR)
In addition to this document, the data subject shall be entitled to receive information on the data processed by our company.
Right to rectification (Article 16 of GDPR)
The data subject shall have the right to obtain from our company without undue delay the rectification of inaccurate personal data concerning him or her.
Right of erasure, right to be forgotten (Article 17 of GDPR)
The data subject shall have the right to obtain the erasure of personal data concerning him or her if the personal data are no longer necessary in relation to the purposes for which they were processed, the data subject withdraws consent on which the processing is based, or if the personal data have been unlawfully processed by our company.
Right to restriction of processing (Article 18 of GDPR)
The data subject shall have the right to obtain the restriction of processing in case of inaccurate personal data for the period before rectification, or if the data is processed unlawfully, if the data subject opposes the erasure of the personal data, or if the purpose of data processing no longer exists, but the data is required by our company for the purpose of any claim, or for the period before the assessment of the objection.
Right to data portability (Article 20 of GDPR)
The data subject shall have the right to receive the personal data concerning him or her in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
Right to object (Article 21 of GDPR)
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. Our company shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
10. Legal Remedies
The natural persons considered as data subjects may lodge a complaint at the current managing director of our company, at the data protection supervisory body (Hungarian National Authority for Data Protection and Freedom of Information, naih.hu) or at a court.
Done on 24 th of May, 2018.
MindiGIS Térinformatikai Iroda Ltd.