Skip to main content

Data Processing Notice

Planimeter Ltd.

 

Date of entry into force: 1 March 2022. Updated: 1 December 2024.

 

 

 

We place great emphasis on the protection of personal data. Therefore, we would like to inform you about the data management and processing procedures we use in connection with our activities and the information we send you. Below we provide you with information about what data we collect and process, for what purposes, and what we do to protect your data and your rights.

 

 

 

1.           Introduction

Planimeter Kft. (registered office: 1064 Budapest, Izabella u 64. fszt. 4.); tax number: 12305395-2-42; company registration number: 01 09 664732) (hereinafter referred to as “Data Controller”), as Data Controller, acknowledges the contents of this Privacy Policy as binding upon itself.

 

In connection with its activities, the Data Controller processes the personal data of its partners, customers, visitors to the websites https://smart-statistics.com, https://planimetergroup.com, uzletioktatas.hu, https://plani-meter.com and https://data-scientist.hu interested parties, job applicants, representatives of subcontractors assigned to the tasks and, where applicable, the recipients of the activity (hereinafter referred to as “Data Subjects”). The Data Controller undertakes to ensure that the processing of data relating to the services provided on the Website and otherwise complies with the legislation in force.

 

Planimeter Ltd. respects the rights of the Data Subjects, treats their personal data and all data and facts that come to its knowledge confidentially, and uses them only for the performance of its activities, for the activities described in the Privacy Policy and for its own research and statistical reporting.

 

We will take appropriate measures to provide the data subject with information about the processing of personal data in a concise, transparent, intelligible and easily accessible form, in clear and plain language.

 

The Data Controller reserves the right to unilaterally amend this Notice. In this regard, it is recommended to regularly visit the websites https://smart-statistics.com, https://planimetergroup.com,              uzletioktatas.hu,                                                          https://plani-meter.com                                         and https://data-scientist.hu operated by the Data Controller, where the current content of the Privacy Policy can be viewed and downloaded. Upon request, a copy of the current version of the Notice will be sent to the Data Subject.

 

The requirements set out in this Privacy Notice are in accordance with the applicable data protection legislation:

  • The Basic Law of Hungary (Freedom and Responsibility, Article VI);
  • REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE

COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation);

  • Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (Infotv.);Act V of 2013 on the Civil Code;
  • Act V of 2013 on the Civil Code § 5:54, § 5:55, § 5:59 and § 5:61;
  • Regulation (EU) No 536/2014 of the European Parliament and of the Council on clinical trials on medicinal products for human use and repealing Directive 2001/20/EC (16 April 2014)
  • Act CVIII of 2001 on certain aspects of electronic commerce services and information society services.

 

 

1.1.           Data of the Data Controller

Planimeter Ltd.

Head office: 1064 Budapest, Izabella u 64. fszt. 4.

Company registration number: 01 09 664732

Tax number: 12305395-2-42 E-mail: info@planimeter.net Phone: +36 30 933 89 20

Data Protection Officer name: Péter Szakál

Contact details of the Data Protection Officer: szakal.peter@igniplus.hu, +36-70-704-566

 

2.           Basic concepts of Data Protection

 

2.1.           Personal data

Any data that can be associated with a specific natural person (identified or identifiable) (hereinafter referred to as “Data Subject”), the inference that can be drawn from the data concerning the Data Subject. The personal data shall retain its quality during processing for as long as its link with the data subject can be re-established. In particular, a person may be regarded as identifiable where he or she can be identified, directly or indirectly, by reference to a name, number, location data, an identification mark or to one or more factors specific to his or her physical, physiological, genetic, mental, spiritual, economic, cultural or social identity;

 

2.2.           Contribution:

A voluntary and explicit indication of the data subject’s wishes, based on appropriate information, by which he or she gives his or her unambiguous consent to the processing of personal data concerning him or her, either in full or in relation to specific operations;

 

2.3.           Consent-based processing

We ask for the consent of visitors to process data related to their visit to the website and to send targeted promotional information (newsletter).

By giving consent, we process the personal data of the data subject until the consent is withdrawn. After withdrawal of consent, we will delete the data subject’s data from our records.

 

The legal basis for the processing of data provided on our website is the informed consent of the data subject.

 

2.4.           Data Controller

The natural or legal person or unincorporated body that determines the purposes for which personal data are processed, takes and implements the decisions concerning the processing (including the means used) or has the processing carried out by a processor on its behalf;

 

2.5.           Data management

Regardless of the process used, any operation or set of operations which is performed on personal data, such as collection, recording, recording, organisation, storage, alteration, use, disclosure, transmission, alignment or combination, blocking, erasure and destruction, and prevention of further use of the data. Processing also includes the taking of photographs, audio or video recordings and the recording of physical characteristics that can be used to identify a person (e.g. fingerprints, palm prints, DNA samples, iris scans);

 

2.6.           Data transmission

 

If the data is made available to a specified third party;

 

2.7.           Disclosure to the public

If the data is made available to anyone;

 

2.8.           Data deletion

Making data unrecognisable in such a way that it is no longer possible to recover it;

 

2.9.           Data storage

Making it impossible to transmit, access, disclose, transform, alter, destroy, erase, interconnect or coordinate and use the data permanently or for a specified period;

 

2.10.           Data destruction

Complete physical destruction of the data or the medium containing the data;

 

2.11.          Data processing

The performance of technical tasks related to processing operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;

 

2.12.           Data processor

A natural or legal person or unincorporated body who or which carries out the processing of personal data on behalf of the controller, including on the basis of a legal mandate;

 

2.13.           Third person

A natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data;

 

2.14.           EEA country

A Member State of the European Union and another State party to the Agreement on the European Economic Area, as well as a State whose nationals enjoy the same status as nationals of a State party to the Agreement on the European Economic Area under an international treaty concluded between the European Community and its Member States and a State not party to the Agreement on the European Economic Area;

 

2.15.           Third country:

Any state that is not an EEA state.

 

2.16.           Data protection incident

A breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

 

2.17.           Biometric data

Any personal data relating to the physical, physiological or behavioural characteristics of a natural person obtained by means of specific technical procedures which allow or confirm the unique identification of a natural person, such as facial image or dactyloscopic data.

 

2.18.           Health data:

Personal data relating to the physical or mental health of a natural person, including data relating to health services provided to a natural person which contain information about the health of the natural person.

 

2.19.           Security incident

Any event that may have a detrimental effect on the confidentiality, integrity or availability of an IT device or the data stored on it

 

2.20.           Confidentiality (secrecy)

The characteristic of the data is that only a predefined group of users (authorised users) is allowed access, access by everyone else is illegal.

 

2.21.           Public part of private land

Private land that is available to all without restriction. This includes those parts of public land which come into the possession of the natural or legal person responsible for the protection of persons and property in the context of a civil law transaction, in particular a tenancy or lease, provided that:

  1. a) the occupation and use of the part of the area is integrally connected with, serves the continuity of, or assists the activity in the public area of the private property guarded by the person or property guard, or;

(b) is used to accommodate the belongings of the data controller or members of the public using the public part of the private area.

 

2.22.           Profiling

Any form of automated processing of personal data in which personal data are used to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict characteristics associated with the performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements of that person.

 

2.23.           Intactness

The criterion of existence, authenticity, integrity, and intrinsic completeness of data, which ensures that the data, information or program can only be altered by those authorised to do so and cannot be altered without being detected.

 

2.24.           Regulations

The Data Controller’s Privacy Policy.

 

2.25.           Asset protection security system

Electronic signalling and image surveillance systems installed for the purpose of asset protection on the properties falling within the territorial scope of the Data Protection Regulation. It also includes electronic surveillance systems (surveillance of premises) without recording, operated for the purpose of surveillance, or which also allow sound or image recording, electronic access control systems, intrusion detection systems, remote monitoring systems, security systems for data and IT protection, and other electronic technical solutions which allow the transmission of signals and images or the signalling of light or sound.

 

2.26.           Guest

A natural person who is authorised to be present on the real estate covered by the territorial scope of the Privacy Policy and who is not an employee of the Data Controller.

 

2.27.           Access, use and transfer of data

Personal data stored about data subjects may be accessed only by the person who needs to know them in order to fulfil his or her obligations. The name of the person who has access to the personal data or who is otherwise entitled to have access to the personal data, the reason for and the time of access to the data shall be recorded in a record.

Use is when personal data is used as evidence in judicial or other official proceedings. A person whose right or legitimate interest is affected by the recording of his or her personal data may, within 3 (three) working days of the recording of the personal data, request that the data not be destroyed or erased by the controller by providing evidence of his or her right or legitimate interest. At the request of a court or other authority, the personal data shall be transmitted to the court or authority without delay. If no such request is made within thirty (30) days of the request for non-destruction, the recorded image and/or sound recording and other personal data shall be destroyed or erased.

Personal data may be disclosed to third parties only with the prior written consent of the data subject. This does not apply to the processing described in the Privacy Notice or to any transfers required by law, which may only take place in exceptional cases. Data subjects are informed that the employer uses data processors to process and store the data processed in the employer’s human resources system. The Data Controller will inform the data subjects about the identity of the processors in this document.

 

2.28.           Protest

A statement by the data subject objecting to the processing of his or her personal data and requesting the cessation of the processing or the erasure of the processed data;

 

3.           Data protection principles

Personal data:

 

  • be processed lawfully and fairly and in a transparent manner for the data subject (“lawfulness, fairness and transparency”);

 

  • collected only for specified, explicit and legitimate purposes and not processed in a way incompatible with those purposes; further processing for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes (“purpose limitation”) is not considered incompatible with the original purpose in accordance with Article 89(1) of the GDPR;

 

  • be adequate, relevant and limited to what is necessary for the purposes for which the data are processed (“data minimisation”);

 

  • be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that personal data which are inaccurate for the purposes of the processing are erased or rectified without undue delay (“accuracy”);

 

  • be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be kept for longer periods only if the personal data will be processed for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR, subject to the implementation of appropriate technical and organisational measures as provided for in this Regulation to safeguard the rights and freedoms of data subjects (‘limited storage’);

 

  • be carried out in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage (“integrity and confidentiality”), by implementing appropriate technical or organisational

 

The Controller is responsible for compliance with the above and must be able to demonstrate such compliance (“accountability”). The Controller does not collect personal data relating to minors.

 

4.           Detailed rules on data processing

Who has access to the data

  • employees of the Data Controller;
  • employees of the Data Processors identified below;
  • certain public authorities in relation to data requested by them in the course of official proceedings and which the Data Controller is legally obliged to provide;
  • employees of a debt management company appointed by the Controller to manage overdue debts;
  • other persons with the express consent of the Data

 

The Data Controller undertakes to maintain strict confidentiality of the personal data it processes, without time limitation, and shall not disclose them to any third party, except with the consent of the Data Subject and the processing described in this Notice.

 

The Data Controller’s employees and partners contractually undertake to treat the data entrusted to them, collected, processed or learned by them confidentially in accordance with the provisions of this Notice and its Privacy Policy, and not to disclose them to third parties.

 

The withdrawal of consent does not affect the lawfulness of the previous processing.

 

4.1.           Visiting the Website

When visiting the websites of the Data Controller (https://smart-statistics.com, https://planimetergroup.com,                                                          uzletioktatas.hu,                                                          https://plani-meter.com                                         and https://data-scientist.hu), the data of the Data Subject’s computer are stored, which are generated during the use of the service and which are recorded by the Data Controller’s system as an automatic result of technical processes.

 

The automatically recorded data are automatically logged by the system at the time of logging in or logging out without any special declaration or action by the Data Subject. These data cannot be linked to other personal user data, except in cases required by law. The data can only be accessed by the Data Controller.

 

Purpose of data processing

When using the website, the Data Subject (the user of the websites https://smart-statistics.com, https://planimetergroup.com,              uzletioktatas.hu,                                                          https://plani-meter.com                                         and https://data-scientist.hu) may be informed about the services provided by the Data Controller.

 

The data are processed and stored for the following purposes:

  • improving the usability of the website,
  • identify malicious IT attacks or attempts,
  • produce statistics, carry out analyses and

 

Scope of data processed and detailed purposes of data processing

The Data Subject (user of the websites https://smart-statistics.com, https://planimetergroup.com, uzletioktatas.hu, https://plani-meter.com and https://data-scientist.hu):

  • IP address: statistical target
  • Start and end time of the visit: statistical target
  • Duration of visit: statistical objective

 

  • Browser type: statistical purpose
  • Operating system type: statistical target

 

Legal basis for processing

The Data Controller’s legitimate interest in the operation of the Website (Article 6(1)(f) GDPR).

 

Designation of legitimate interest

Ensuring a smooth, high quality service and managing the risks associated with doing business.

 

Duration of processing

For the time necessary to achieve the statistical objectives. Identifiable data related to the visit will be deleted no later than 8 days after the visit.

 

 

4.2.           Data processing in relation to cookies on our website

 

Purpose of data processing

The services of the Data Controller available on the websites hhttps://smart-statistics.com, https://planimetergroup.com,              uzletioktatas.hu,                                                          https://plani-meter.com                                         and https://data-scientist.hu place unique identifiers, so-called cookies, on the computers of the Data Subjects (users). These are used exclusively for the purpose of identifying the current session of the visitor, storing the data provided during the session, preventing data loss, and using Google Analytics to analyse the Data Subject’s habits anonymously. Such data may include the visitor’s IP address, time and duration of the visit, pages visited, browser type, operating system, etc. These data are stored and treated confidentially and are used only for the improvement of the Controller’s website and for the production of statistics.

Details of how cookies work and how they work are set out in section 10 of this Notice.

 

Scope of the data processed and detailed purposes of the processing

 

Legal basis for processing

The legal basis for the processing is the consent of the Data Subject (Article 6 (1) (a) GDPR). The use of cookies can be approved by the visitor by clicking on the “OK” button in the pop-up window on the home page of the website. By visiting the website of the Data Controller and accepting the cookie, the Data Subject accepts the following terms and conditions, even if he/she is not registered.

 

Duration of processing

 

The Controller shall retain the personal data until the Data Subject’s consent is withdrawn. Without withdrawal, the data will be deleted at the latest 1 year after the visit. The Data Subjects may withdraw their consent at any time by post to the following address: 1064 Budapest, Izabella u 64. fszt. 4., or electronically by sending a message to info@planimeter.net to request the deletion of their personal data.

 

4.3.           Contacting us, fulfilling a request for information

 

Purpose of data processing

The Data Subjects may contact the Data Controller with questions or requests for information by e-mail or telephone, or make an appointment on the website using the dedicated form https://smart-statistics.com/booking-page-2, or by sending a message to the Data Controller using the online form on the contact page https://smart-statistics.com/contact-us, https://data-scientist.hu/ or https://uzletioktatas.hu. By storing the data provided, the Data Controller is able to identify the enquirer and to provide the answer or the information required by the data subject.

 

Scope of the data processed and detailed purposes of the processing

  • Personal data of the Data Subject:
    • Full name: identification, contact
    • E-mail address: identification, contact
    • Phone number: identification, contact
  • Subject of the contact
  • Personal data contained in the contact text

 

Legal basis for processing

The legal basis for processing is the consent of the Data Subject (Article 6(1)(a) GDPR).

 

Duration of processing

The Controller shall retain the personal data until the Data Subject’s consent is withdrawn. The Data Subjects may withdraw their consent at any time by post to the following address: 1064 Budapest, Izabella u 64. fszt. 4., or electronically by sending a message to info@planimeter.net to request the deletion of their personal data.

 

4.4.           Contact       building                   during           conference/exhibition participation (business cards) management

 

The Data Controller’s employees and representatives regularly participate in exhibitions, conferences and events, where they have access to personal data relating to contacts of potential partners through business cards provided by direct contacts or through recommendations from third parties.

 

Purpose of data processing

The purpose of processing this data is to establish a business relationship with the person concerned. The Data Controller shall provide the Data Subject with information on the details of the processing at the time of the first written contact with the representative of the prospective partner.

 

Scope of the data processed and detailed purposes of the processing

  • Personal data of the Data Subject representing the potential partner:
    • Full name: identification, contact
    • E-mail address: identification, contact
    • Phone number: identification, contact
    • Position in the organisation or company: identification, contact
  • Name of potential partner, organisation

 

The Data Controller will use the personal data of the Data Subject registered as a contact person of the potential partner solely for the purpose of assessing and negotiating the possibility of a business relationship between the parties.

 

Legal basis for processing

The legal basis for the processing is the consent of the Data Subject (Article 6(1)(a) GDPR), if the Data Subject initiates the contact, or legitimate interest, if the Data Controller initiates the communication based on the business card data received during the meeting or introduction.

 

Designation of legitimate interest

The business of the Data Controller is based on the business relationships established in the context of this purpose. With respect to business relationships that are in the process of being established but not yet confirmed by a contractual relationship, the Data Controller also has a substantial interest in contacting the potential business partner or its representatives.

 

Duration of processing

The Controller shall retain the personal data until the Data Subject’s consent is withdrawn. The Data Subjects may withdraw their consent at any time by post to the following address: 1064 Budapest, Izabella u 64. fszt. 4., or electronically by sending a message to info@planimeter.net.

 

4.5.           Data processing related to the further use of data provided in connection with registration

 

The Data Controller provides a closed, online interface for certain services to its customers, partners or clients. These interfaces may be part of the products produced by the Data Controller, or they may operate temporarily for the duration of a particular project or service provided.

 

Purpose of data processing

In order to use the services of the Data Controller, the Data Subject must complete an online or paper registration form. When using certain services, the processed data will be further used so that it can be provided more easily in the future.

 

Scope of data processed and detailed purposes of data processing

  • Last name: necessary for identification, communication, contract performance
  • First name: necessary for identification, communication, contract performance
  • Nationality: required for identification, contract performance
  • E-mail address: required for contact
  • Phone number: required for contact
  • Full address: required for performance of contract

 

  • Billing address: required for contract performance
  • Bank account number: required for settlement

 

Legal basis for processing

The legal basis for processing is the consent of the Data Subject (Article 6(1)(a) GDPR) or the performance of a contract (Article 6(1)(b) GDPR).

 

Duration of processing

The Data Controller shall retain the personal data processed on the basis of consent until the Data Subject’s consent is withdrawn. The Data Subjects may withdraw their consent at any time by post to the following address: 1064 Budapest, Izabella u 64. fszt. 4., or electronically by sending a message to info@planimeter.net to request the deletion of their personal data.

 

Personal data processed for the performance of a contractual obligation for 5 years after the termination of the contract, or in the event of a dispute, until the dispute is finally settled. Data related to invoicing will be kept for 8 years as required by Article 169 of Act C of 2000 on Accounting (“Accounting Act”). The data will be deleted thereafter, unless there is a legal obligation, a legitimate interest or further processing at the request of the data subject that justifies the retention of the data.

 

 

4.6.           Customer service related data processing

The Data Controller shall manage the result product, applications, research results and other information and documents related to the service generated in the course of the tasks undertaken in the course of the cooperation, and shall make them available to the client or customer.

 

In the context of cooperation, the Parties shall conclude a data processing agreement, and a protocol shall be drawn up on the details of the transfer of data on a case-by-case basis.

 

Purpose of data processing

The Data Controller can only fulfil its contractual obligation if it has access to the personal data of the clients and other Data Subjects participating in the research to the extent necessary for the provision of the service.

 

Scope of the data processed and detailed purposes of the processing

  • Customers’ personal data
    • name (Surname, First name): identification, contact
    • e-mail address: identification, contact
    • telephone number: identification, contact
    • identifier: identification, contact
    • password: identification, authentication
  • Personal details of the examining doctor:
    • Name (Last name, First name)
    • e-mail address,
    • ID,
    • password
  • Personal data of monitoring participants:
    • company name

 

  • contact
  • contact details (free text field can be a phone number or e-mail)
  • identification
  • Sponsor’s personal data:
    • company name
    • contact
    • contact details (free text field can be a phone number or e-mail)
    • ID
  • Personal data of other Data Subjects:
    • surname: identification, contact
    • first name: identification, contact
    • e-mail address: identification, contact
    • telephone number: contact
  • Other personal data in the record: performance of the contract
  • Information relating to the handling of a customer’s case: customer service. The Data Controller provides the client with the result products, applications, research results and other information and documents related to the service generated in the course of the tasks undertaken in the course of the cooperation. The details of the handover are recorded in a protocol on a case-by-case basis.

 

Legal basis for processing

The legal basis for processing is the performance of a contract (Article 6(1)(b) GDPR).

 

Data transmission

To project sponsors, external organisations and bodies involved in the evaluation of data, validation of results and publication

 

Legal basis for the transfer

The legal basis for processing is the performance of a contract (Article 6(1)(b) GDPR).

 

Duration of processing

Personal data processed for the performance of a contractual obligation for 5 years after the termination of the contract, or in the event of a dispute, until the dispute is finally settled. Data related to invoicing will be kept for 8 years as required by Article 169 of Act C of 2000 on Accounting (“Accounting Act”). The data will be deleted thereafter, unless there is a legal obligation, a legitimate interest or further processing at the request of the data subject that justifies the retention of the data.

 

 

4.7.           Data processing related to the sale or lease of software

 

The Data Controller and the Company or its personal contributor who purchases, leases or uses the software developed by the Data Controller or its personal contributor may enter into an agreement with each other.

 

Purpose of data processing

The processing of personal data is necessary for the conclusion and performance of the contract and in connection with the provision of the related support.

 

Scope of the data processed and detailed purposes of the processing

  • Company name: identification, contract performance, contact, invoicing
  • Company registration number: contract performance, invoicing
  • Tax number: contract performance, invoicing
  • Headquarters: contract performance, contacts, invoicing
  • Payment account number: billing
  • Personal data of the contact person and other Data Subjects named in connection with the contract:
    • Full name: identification, contact
    • E-mail address: identification, contact
    • Phone number: identification, contact
  • Personal data of Data Subjects using the software under the contract
    • Name: identification
    • E-mail address: identification, contact
    • Password: authentication

 

Legal basis for processing

The legal basis for the processing is the performance of a contract (Article 6(1)(b) GDPR), the performance of a legal obligation in relation to invoicing (Article 6(1)(c) GDPR) and the legitimate interest of the Controller (Article 6(1)(f) GDPR).

 

Duration of processing

Personal data processed for the performance of a contractual obligation for 5 years after the termination of the contract, or in the event of a dispute, until the dispute is finally settled. Data related to invoicing will be kept for 8 years as required by Article 169 of Act C of 2000 on Accounting (“Accounting Act”). The data will be deleted thereafter, unless there is a legal obligation, a legitimate interest or further processing at the request of the data subject to justify the retention of the data. In practice, this is the case if the data are part of the documents supporting the accounting, for example, in the documents relating to the conclusion of the contract (the contract itself, where applicable) or the invoice issued.

 

 

4.8.           Facebook

On the Facebook page of the Data Controller – https://www.facebook.com/planimeterkft – by clicking on the “like” link, the data subject consents to the publication of news and offers prepared by the Data Controller on his/her Facebook wall. The operators of the social networking sites are separate data controllers, independent from the Controller, and therefore the activities carried out there are covered by data management documents independent from the Controller. For information about the Facebook Page’s privacy practices, please see the Privacy Policy and Guidelines on the Facebook website – www.facebook.com.

 

Purpose of data processing

 

  • Communication on Facebook.com powered channels

The Data Controller communicates with data subjects through the social networking site only if the data subject has previously contacted the Data Controller through the social networking site, and thus the purpose of the scope of the data processed becomes relevant.

 

  • Sharing and disseminating information

The purpose of the presence on social portals, in particular on Facebook, and the related data processing is the sharing and publication of the content on the website on the social networking site. The social networking site allows the data subject to keep up to date with the latest opportunities.

 

The Data Controller also publishes textual content, images and video footage of various events, the Data Controller’s services, etc. on the https://www.facebook.com/planimeterkft community page. The Data Controller may link the Facebook page with other social networking sites in accordance with the rules of the social networking site facebook.com, so that the publication on the Facebook page shall be understood as publication on such linked social networking sites. Unless it is a public image or a public performance (Civil Code 2:48), the Data Controller will always ask for the written consent of the data subject before publishing the images.

 

Scope of data processed and detailed purposes of data processing

  • Public name of data subject Identification, required for communication
  • Public e-mail address of the data subject: required for contact
  • Message sent by the person concerned: element necessary for the communication to take place
  • The result of an action by the data subject (e.g. evaluation, response, )

 

Legal basis for processing

The use of social networking sites, in particular the https://www.facebook.com/planimeterkft site, and the contacting of the Data Controller through it, the contacting of the Data Controller and other operations permitted by the social networking site, is based on voluntary consent. The operators of social networking sites are separate data controllers, independent of the Data Controller, and the activities carried out therein are therefore covered by the data management documents for the social networking site, which are independent of the Data Controller.

 

For information about the Facebook Page’s privacy practices, please see the Privacy Policy and Guidelines on the Facebook website – https://www.facebook.com/legal/terms.

 

The data subject voluntarily consents to the following and liking of the content published by the Data Controller on the https://www.facebook.com/planimeterkft website on the basis of the terms and conditions of the social networking site. By way of example, the data subject may subscribe to the news feeds posted on the Facebook wall by clicking on the “like” link on the Facebook page, thereby consenting to the publication of the Controller’s news and offers on his/her own wall, and may unsubscribe by clicking on the “dislike” link on the same wall, and may delete unwanted news feeds on the wall by using the settings on the wall.

 

Who is affected

The natural persons who voluntarily follow, share or like the social networking sites of the Data Controller, in particular https://www.facebook.com/planimeterkft or the content published on it.

 

Duration of processing

Until the data subject unsubscribes or, at his/her request, deletes it.

 

4.9.           Use Youtube videos

 

The Data Controller operates a separate YouTube account for sharing videos, where anyone can view the uploaded videos and subscribe to the channel at https://www.youtube.com/channel/UCA070tya-unoslH66YtX1zg/videos.

When a Visitor starts playing an embedded YouTube video, a program (cookie) consisting of a short string of numbers or characters is installed on their device, which collects information about the user’s habits. Youtube (or its owner Google) carries out independent processing of all data relating to the entire portal, including the site operated by the Data Controller https://www.youtube.com/channel/UCA070tya-unoslH66YtX1zg/videos.

 

The information collected is used, among other things, to compile statistics aimed at promoting user-friendliness and preventing abuse.

 

Purpose of the data collection

Sharing, “liking” or promoting certain content on the social networking site, the website, videos of events related to the Data Controller or the website itself.

 

When the Visitor starts playing an embedded YouTube video, a program (cookie) consisting of a short string of numbers or characters is installed on their device, which collects information about the user’s habits. Please note that in this respect, Youtube (or Google, the owner of the cookie) is a separate data controller. The information collected is used, among other things, to compile statistics in order to facilitate user-friendliness and prevent abuse.

 

Scope of the data processed

On the Youtube community site, the registered username or the public profile picture of the user.

 

Who is affected

All the data subjects who registered on the social networking sites and “liked”, “commented” or otherwise interacted with the site published their content.

 

Legal basis for processing

your voluntary consent to the processing of your personal data on social networking sites

 

The duration of the processing, the time limit for deletion of the data, the identity of the authorised controllers:

The data subject can find out about the source of the data, how it is processed, and the method and legal basis of the transfer on the relevant Community site. The processing of data takes place on the community site, so the duration of the processing, the method of processing and the possibility of deleting and modifying the data are governed by the rules of the community site concerned. For more information on Youtube’s privacy policy, please visit: https://www.google.hu/intl/hu/policies/privacy

 

4.10.           Linkedin

The Data Controller operates its own platform – https://www.linkedin.com/company/planimeter – on the business-focused social networking site LinkedIn, where the Data Controller publishes primarily professional content, i.e. articles and posts, which anyone can access and comment on, regardless of whether they follow LinkedIn.

 

It is possible to contact the Data Controller, and more specifically the respective administrator of the LinkedIn Page, via the LinkedIn messaging function.

 

Purpose of data processing

The purpose of operating the community site is to allow interested parties to express their opinions, ask questions, make comments or contact the Data Controller by private message.

The Data Controller also aims to publish job advertisements and receive applications in this context.

 

Scope of data processed and detailed purposes of data processing

The Data Controller has visibility of the public information on the LinkedIn social networking site and in particular of the followers, connectors, subscribers, i.e. the profile of the Data Subjects, on https://www.linkedin.com/company/planimeter. The Data Controller also has access to the Data Subject’s:

  • to information related to the activity you are engaged in: including posts, ratings, comments, reactions to posts (e.g.: liking a post);
  • personal data provided in private messages,
  • the information provided in the response to the job advertisement on

 

Any personal data disclosed by the Data Subject in the LinkedIn Group or LinkedIn Page may be accessed by anyone, subject to the operating principles and rules of the social networking site. The Data Controller has no control over who exactly has access to the data published on the social networking site, nor does it have the right to delete the data.

 

Data posted in the LinkedIn Group is also only accessible to members of the LinkedIn Group, and personal data provided in private messages or job applications is only accessible to the recipients of the private message and the Data Controller.

 

Legal basis for processing

LinkedIn Ireland Unlimited Company (Gardner House, Wilton Plaza, Wilton Place, Dublin 2, Ireland, hereinafter referred to as “LinkedIn Ireland”) is a data controller and processes the data of individuals who interact with the LinkedIn Group or LinkedIn and job applicants in accordance with its own privacy policy. The LinkedIn Page is open to anyone to visit and our content and job advertisements published there can be viewed by anyone. The relevant LinkedIn Ireland General Privacy Notice is available by clicking on the link below:

https://www.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com#use.

 

If we have obtained your data directly from you, through a LinkedIn page, through a recommendation or in any other context in which you would expect to be contacted by us (e.g. a previous client relationship, meeting you at a professional event or contacting you on a professional website), we will process your data on the basis of our legitimate interest, but we will still comply with the obligation to inform you and seek your consent.

 

Designation of legitimate interest

We have a legitimate interest in using the social networking site to contact you or the company or organisation you represent. We will not in any way limit your interests or fundamental rights in the process.

 

Duration of processing

The deletion or removal of the profile data of Data Subjects on the LinkedIn Community Site, i.e. their publicly disclosed personal data, can only be carried out by LinkedIn Ireland Unlimited Company (Gardner House, Wilton Plaza, Wilton Place, Dublin 2, Ireland, hereinafter referred to as “LinkedIn Ireland”), which operates the Community Site.

 

However, the Data Controller has the right to remove activities, reactions, opinions and published content on the https://www.linkedin.com/company/planimeter/LinkedIn site operated by the Data Controller. The Data Controller reserves the right to moderate or delete individual posts published on the LinkedIn Site if it considers that they violate the terms of use of LinkedIn or the LinkedIn Site (e.g. violent, sexual content), and to block persons who seriously violate the terms of use.

Job applications submitted via LinkedIn will be assessed and the recruitment process will be carried out in accordance with the Privacy Notice.

 

 

4.11.          Fulfilling the request for tenders

 

Purpose of data processing

By storing the data provided in the course of fulfilling the request, the Data Controller can provide a more accurate service. The purpose of data processing is to prepare the offer requested by the Data Subject, to carry out the necessary surveys and investigations

 

Scope of data processed and detailed purposes of data processing

  • Full name: identification, contact
  • E-mail address: identification, contact
  • Telephone number: used for communication between the Data Controller and the Data Subject

 

Legal basis for processing

In the case of an offer made in the context of a contract, performance of a contract (Article 6(1)(b) GDPR), in the case of a pre-contractual offer to a contact person, legitimate interest (Article 6(1)(f) GDPR).

 

Designation of legitimate interest

Proper information about business opportunities to the Customer or its contact person is essential for the success of the offer. Liaising with the applicant.

 

Categories of persons concerned

Contact persons of natural persons, legal entities and contracting authorities.

 

Duration of processing

Personal data will be deleted within 30 days after the expiry of the period of time during which the offer is binding. In the event of an order, the contractual relationship will be handled as described in the related points.

 

4.12.           Data processing related to contracting with partners

Planimeter Ltd. entrusts various partners with the performance of certain tasks and sub-tasks in order to ensure the appropriate quality of its activities.

 

Purpose of data processing

The purpose of the processing is the conclusion of ad hoc contracts or framework agreements with legal or natural persons contracted to perform a task or sub-task.

 

Scope of data processed and detailed purposes of data processing

  • Last name of personal contributor: identification, contact
  • First name of personal contributor: identification, contact
  • E-mail address: identification, contact
  • Phone number: contact
  • Data concerning the legal person (name, registered office, company registration number, tax number): performance of the contract
  • Contact details: identification, contact details
  • Signature: authentication, identification

 

Legal basis for processing

In the case of data processed prior to the conclusion of the contract and in connection with the performance of the contract, the legal basis for processing is the performance of a contractual obligation (Article 6(1)(b) GDPR).

 

Duration of processing

Personal data processed for the performance of a contractual obligation for 5 years after the termination of the contract, or in the event of a dispute, until the dispute is finally settled. Data related to invoicing will be kept for 8 years as required by Article 169 of Act C of 2000 on Accounting (“Accounting Act”). The data will be deleted thereafter, unless there is a legal obligation, a legitimate interest or further processing at the request of the data subject that justifies the retention of the data.

 

4.13.           Data processing in relation to a framework agreement on counter-selling

 

Purpose of data processing

The Data Controller and the Respondent’s personal contributor have the possibility to conclude a framework agreement between them. A payment agreement and a factoring agreement may be annexed to the framework agreement.

 

Scope of data processed and detailed purposes of data processing in relation to the Framework Agreement

  • Full name: identification, contact, claims
  • E-mail address: identification, contact
  • Phone number: identification, contact
  • Company name: contract performance, identification, contact
  • Name of the authorised representative or contact person: identification, contact, claims
  • Telephone number of the authorised representative or contact person: contact

 

  • E-mail address of the authorised representative or contact person: identification, contact, claims
  • Billing address: forms the basis of the resale contract, serves the purpose of fulfilling the contract and invoicing
  • Company name: identification, contract performance, contact, invoicing
  • Company registration number: contract performance, invoicing
  • Tax number: contract performance, invoicing
  • Headquarters: contract performance, contacts, invoicing
  • Payment account number: billing
  • Contact details: identification, contract performance, contact details

 

Scope of data processed and detailed purposes of data processing in relation to the factoring contract

  • Personal data of the Managing Director:
    • name:
    • signature
  • Personal data of the financial/accounting manager:
    • contact details:
  • Auditor’s personal data:
    • Name
    • contact details:
    • date of appointment
  • Personal data of the owners of the business or their relatives
    • Name
    • share of ownership
    • name of other company
  • Other personal data contained in other documents submitted in connection with the factoring contract (e.g. annual accounts, auditor’s report, annual reports, copies of ..)
  • Personal data of decision-makers and contact persons of credit institutions, financial institutions and undertakings involved in the process

 

Legal basis for processing

The legal basis for the processing of pre-contractual and contractual data is the performance of a contractual obligation (Article 6(1)(b) GDPR).

 

Duration of processing

Personal data processed for the performance of a contractual obligation for 5 years after the termination of the contract, or in the event of a dispute, until the dispute is finally settled. Data relating to invoicing will be kept for 8 years as required by Section 169 of Act C of 2000 on Accounting (“Accounting Act”). The data will be deleted thereafter, unless there is a legal obligation, a legitimate interest or further processing at the request of the data subject that justifies the retention of the data.

 

4.14.           Vehicle data management

 

The Data Controller provides parking facilities on its premises for its guests, partners and subcontractors.

 

Purpose of data processing

The registered Data Subject has the possibility to provide the details of his/her vehicle, for example, in connection with the provision of a parking space, access to private property, etc.

 

Legal basis for processing

The legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) GDPR) or, if the entry or arrival of the vehicle is related to a contractual obligation, the legal basis is the performance of a contract (Article 6(1)(b) GDPR).

 

Definition of legitimate interest

The legitimate interest of the data controller is to ensure the protection of persons and property, and in this context, to ensure access by car and the administration of visits to its premises.

 

Scope of the data processed and detailed purposes of the processing

  • The details of the Data Subject’s driving document:
    • Full name: identification, contact, claims
    • Date of birth: identification, claims
    • Address: identification, contact, claims
    • Licence number: enforcement
    • Date of expiry of the licence: identification, claim
  • The details of the registered Data Subject’s vehicle:
    • manufacturer: identification
    • type: identification
    • vintage: identification
    • engine: identification
    • registration number: identification

 

Duration of processing

Data processed on the basis of a legitimate interest in the access of vehicles will be stored by the Data Controller for a maximum period of 5 years. In the case of performance of a contractual obligation, the data shall be stored in accordance with the provisions of the Civil Code of Hungary. 6:22 of the Civil Code, we will delete the data after 5 years.

 

 

4.15.           Ordering or receiving a product or service

 

Purpose of data processing

In the case of an order for a product or service, the purpose of the processing is to enable the Data Subject (or his or her personal representative) to order and receive the ordered goods or services. If the contractor wishes to provide personal data of other Data Subject(s) in the course of providing the service, it must provide a separate declaration regarding the provision of the data.

 

Scope of data processed and detailed purposes of data processing

  • Full name: identification, contact, claims
  • E-mail address: identification, contact
  • Phone number: identification, contact
  • Company name: forms the basis of the reseller contract, for identification, contract performance, invoicing and communication between the Data Controller and the Data Subject
  • Name of the authorised representative or contact person: identification, contact, claims
  • Telephone number of the authorised representative or contact person: contact,
  • E-mail address of the authorised representative or contact person: identification, contact, claims
  • Billing address: forms the basis of the resale contract, serves the purpose of fulfilling the contract and invoicing
  • Other data related to performance: basis of the resale contract, necessary for the performance of the contract.

 

Legal basis for processing

The legal basis for processing is the performance of a contractual obligation (Article 6(1)(b) GDPR), the performance of a legal obligation in relation to invoicing (Article 6(1)(c) GDPR), during the limitation period: legitimate interest (Article 6(1)(b) GDPR). The processing of data belonging to other possible beneficiaries of the order is governed by § 13/A (1) and § 13/A (3) of the Elkertv. 6:14 § (1) of the Civil Code.

 

Designation of legitimate interest

Informing the customer about the order or the performance of the contract, or the performance of the contract itself. Enforcement of claims during the limitation period.

 

Categories of persons concerned

Natural persons who have a customer relationship with the controller, natural person contact persons of legal person customers.

 

Duration of processing

Personal data processed for the performance of a contractual obligation for 5 years after the termination of the contract, or in the event of a dispute, until the dispute is finally settled. Data relating to invoicing will be kept for 8 years as required by Section 169 of Act C of 2000 on Accounting (“Accounting Act”). The data will be deleted thereafter, unless there is a legal obligation, a legitimate interest or further processing at the request of the data subject that justifies the retention of the data.

In practice, this is the case if the data are part of the supporting documents for the accounts, for example, in the documents relating to the conclusion of the contract (the contract itself, where applicable) or on the invoice issued. The data of other persons provided by the Customer will be processed only for as long as necessary for the provision of the service, while the declaration on the processing of personal data provided by the Customer in relation to other persons will be processed after the termination of the relationship with the Data Subject in accordance with the provisions of the Civil Code. 6:22 of the Personal Data Protection Act, we will delete it after 5 years.

Data processed on the basis of legitimate interest will be stored by the Data Controller for a maximum of 1 year in the event of failure of the order.

 

4.16.           Data management in relation to complaint handling

 

Purpose of data processing

The Data Subject has the possibility to lodge a complaint about the service provided by the Data Controller. Entries in the customer register will be archived by the Data Controller without delay and will only be made available to the Consumer Protection Authority and the Municipality.

 

Scope of data processed and detailed purposes of data processing

  • Full name: identification, contact, claims
  • E-mail address: identification, contact
  • Phone number: identification, contact
  • Company name: contract performance, identification, contact
  • Name of the authorised representative or contact person: identification, contact, claims
  • Telephone number of the authorised representative or contact person: contact
  • E-mail address of the authorised representative or contact person: identification, contact, claims
  • Content of complaint: identification, contact

 

Legal basis for processing

The legal basis for the processing is the fulfilment of a legal obligation (Article 6 (1) (c) GDPR).Businesses are obliged to investigate complaints received by them on the basis of Act CLV of 1997 on Consumer Protection and Act CLXV of 2013 on Complaints and Notifications of Public Interest.

 

Duration of processing

The Data Controller shall keep the personal data for 5 years from the date of the complaint.

 

 

4.17.           Recording of a record of an error

Purpose of data processing

The Data Subject (Customer) must provide this personal data in order to complete the objection report and for the Data Controller to correct any errors.

 

Scope of the data processed and detailed purposes of the processing

  • Personal data of the Data Subject:
    • Full name: identification, contact, claims
    • E-mail address: identification, contact
    • Phone number: identification, contact
    • Signature: identification
  • Company data
    • Company name: contract performance, identification, contact
    • Name of the authorised representative or contact person: identification, contact, claims
    • Telephone number of the authorised representative or contact person: contact
    • E-mail address of the authorised representative or contact person: identification, contact, claims
    • Billing address: forms the basis of the resale contract, serves the purpose of fulfilling the contract and invoicing

 

  • Other performance-related data: basis of the resale contract, necessary for the performance of the contract
  • Circumstances of the failure, performance of the contract
  • Date of signature of the minutes: identification

 

Legal basis for processing

Performance of a contractual obligation (Article 6(1)(b) GDPR).

 

Duration of processing

In the case of the performance of a contractual obligation, the data shall be processed after the termination of the relationship with the Data Subject in accordance with the provisions of the Civil Code. 6:22 of the Data Protection Act, we will delete the data after 5 years.

 

4.18.           Error report recording in ticketing system

 

The Data Controller provides an online interface called Open Project for customers to report and administer detected errors.

 

Purpose of data processing

The Data Subject has the possibility to report the error via the ticketing system at the time of registration and when detecting any error.

 

Legal basis for processing

The data subject’s consent (Article 6(1)(a) GDPR) or, in the case of a registered applicant, the fulfilment of a contractual obligation (Article 6(1)(b) GDPR),

 

Scope of the data processed and detailed purposes of the processing

  • Personal data of the Data Subject:
    • Full name: identification, contact, claims
    • Username: identification, contact
    • E-mail address: identification, contact
    • Phone number: identification, contact
  • Company data
    • Company name: contract performance, identification, contact
    • Name of the authorised representative or contact person: identification, contact, claims
    • Telephone number of the authorised representative or contact person: contact
    • E-mail address of the authorised representative or contact person: identification, contact, claims
    • Billing address: forms the basis of the resale contract, serves the purpose of fulfilling the contract and invoicing
  • Data related to the error ticket:
    • Error ticket identifier: identification
    • Date of creation of the error ticket: identification
    • Content of the failure report: fulfilment of a contractual obligation

 

Legal basis for processing

The data subject’s consent (Article 6(1)(a) GDPR) or, in the case of a registered applicant, the fulfilment of a contractual obligation (Article 6(1)(b) GDPR),

 

Duration of processing

In the case of consent given by the Data Subject, the personal data will be deleted until it is withdrawn or, in the absence of withdrawal, 30 days after the error has been corrected. The Data Subjects may withdraw their consent at any time by postal mail to 1064 Budapest, Izabella u 64. fszt. 4., or electronically by sending a message to info@planimeter.net.

 

Personal data processed for the performance of a contractual obligation for 5 years after the termination of the contract, or in the event of a dispute, until the dispute is finally settled. Data relating to invoicing will be kept for 8 years as required by Section 169 of Act C of 2000 on Accounting (“Accounting Act”). In practice, this is the case if the data is part of the supporting documents for the accounting, for example, in the documents relating to the conclusion of the contract (the contract itself, where applicable) or the invoice issued, or for 6 years in the case of a report made in the course of official proceedings.

 

 

4.19.           Data management of found objects

 

Purpose of data processing

Administration of objects found on the premises(s) operated by the Data Controller or at events organised and supervised by it, notification of the presumed owner or the finder.

 

Scope of data processed and detailed purposes of data processing

  • Data related to the find
    • the date of finding,
    • the place to find,
    • the name of the finder,
    • contact details of the finder,
  • Name and other details of the object found,
  • The fact of whether the owner has been reached,
  • The exact location of
  • In case of transfer:
    • the signature of the recipient,
  • In case of forwarding to an address, a:
    • date of posting,
    • the postal service

 

Legal basis for processing

The processing is necessary for the fulfilment of a legal obligation to which the controller is subject (Article 6 (1) (c) GDPR), pursuant to Act V of 2013 on the Civil Code, § 5:54, § 5:55, § 5:59 and § 5:61.

 

Duration of processing

The data will be deleted or destroyed when the found object is taken over by its owner, or at the latest 1 year after its discovery.

 

4.20.           Recruitment, reception of applications for employment

 

The Data Controller gives the Data Subject the opportunity to apply for the job advertised by the Data Controller.

 

Purpose of data processing

The purpose of the processing is to administer the application of the employee, to contact the employee and to carry out the recruitment decision process.

 

Scope of data processed and detailed purposes of data processing

  • Personal data of the applicant Data Subject:
    • surname: identification, contact
    • first name: identification, contact
    • address: identification, contact
    • qualification: identification
    • qualification: identification
    • exercise: identification
    • e-mail address: identification, contact
    • telephone number: identification, contact
  • Other personal data voluntarily provided in your application: may be necessary to select the right person for the position
  • Personal data voluntarily provided in any document attached to the CV: may be necessary for the selection of the person suitable for the position.

 

Legal basis for processing

The consent of the applicant (Article 6(1)(a) GDPR), which may be withdrawn at any time without giving reasons. Legitimate interest of the controller during the period of the claim (Art. 6(1)(e) GDPR).

 

Designation of legitimate interest

Claims against the applicant or the controller based on employment law or equal treatment requirements.

 

Duration of processing

Following the selection of a suitable person for the vacant position, the Data Controller will inform the other applicants concerned that the employer has not selected them for the position in question and will request their explicit and voluntary consent in writing to the retention of their CV and other related documents containing personal data. The purpose of the processing is to enable the Data Subject to participate in future job applications of the Controller in a simplified manner. The Data Subject’s explicit consent allows the processing of his/her personal data for a period of 5 years, after which the data will be anonymised.

If the Data Subject does not consent to the retention of his/her application material or personal data, the data will be anonymised within 30 days and CVs will be destroyed.

 

The Data Subjects may withdraw their consent at any time by post to 1064 Budapest, Izabella u

  1. fszt. 4., or electronically by sending a message to info@planimeter.net. The Controller will comply with the request if the requested action is reasonably practicable.

 

4.21.           Data     management     of             university             students            on placements

The Data Controller provides the opportunity for students delegated by the educational institutions cooperating with it to carry out an internship. On the basis of the data transmitted by the institution, the Data Controller decides on the acceptance of the traineeship applicants and, on the basis of the decision, fixes the details of the cooperation in a student employment contract.

 

Purpose of data processing

The processing of personal data is necessary in order to carry out the internship and to inform the university. The Data Controller will conclude a student employment contract with the Data Subject for the duration of the internship.

 

Scope of the data processed

  • Personal data transmitted by the University in connection with the application:
  • Personal data related to the administration of the decision-making process
  • Personal data stored in the student employment contract
  • Personal data stored in a privacy notice

 

Legal basis for processing

The legal basis for the processing is the performance of a contractual obligation (Article 6(1)(b) GDPR). The necessary legal relationship is also established between the Data Controller and the educational institution, and between the student applying for the traineeship and the Data Controller.

 

Duration of processing

The Data Controller shall store the data related to the student’s employment contract for 50 years from the termination of the legal relationship. Other data related to applications and admissions will be deleted within 2 years after the termination of the legal relationship.

 

 

4.22.           Organising   and                    documenting                    events,                    informing the public

 

Purpose of data processing

In connection with the organisation of professional programmes, events and conferences organised by the Data Controller (e.g. family day, Santa Claus celebrations for employees’ children or partner meetings for partners), it is necessary to record, store, transmit and use data in order to register and identify the participants and data subjects and to maintain contact with the participants (and to provide certain services such as transfer).

 

Scope of the data processed

  • Participant name: identification, if participation is subject to registration, contact
  • Participant e-mail address: identification, if participation is subject to registration, contact
  • Venue and date of the event
  • Other information on the card: contact details

 

Legal basis for processing

Legitimate interest (Article 6(1)(e) GDPR) or the data subject’s consent (Article 6(1)(a) GDPR), if participation in the event is subject to registration.

 

Designation of legitimate interest

It is in the interest of the Data Controller that events held in its facilities or on its rented premises are attended by those who are entitled to attend.

 

Duration of processing

If the Data Controller has linked the personal data to the registration at the event, it will retain the processed data until the Data Subject’s consent is withdrawn or until 30 days after the purpose has been fulfilled. The Data Subjects may withdraw their consent at any time by sending a postal letter to 1064 Budapest, Izabella u 64. fszt. 4., or electronically by sending a message to info@planimeter.net to request the deletion of their personal data. The Controller will comply with the request if the requested action is reasonably practicable.

 

4.23.           Taking photos and video recordings of events

In connection with professional programmes, events and conferences organised by the Data Controller (e.g. family day, Christmas celebrations for employees’ children, or partner meetings for partners), photographs and/or video recordings may be taken of the participants. In the absence of consent, no photographs or video recordings of the Data Subject will be taken of the Data Subject as an individual.

 

Purpose of data processing

The purpose of the footage is to document the life of the group (individual or group, e.g. a tabloid) and to share the footage with participants, community members and publish it on the organisation’s public platforms and in the press.

 

Scope of the data processed

  • Participant name: identification, if participation is subject to registration, contact
  • Participant e-mail address: identification, if participation is subject to registration, contact
  • Photograph, with a picture of the Data Subject: documenting the event
  • Videotaping, with a picture of the Data Subject: documenting the event

 

Legal basis for processing

Consent of the Data Subject (Article 6(1)(a) GDPR). The publication of photographs and videos may be subject to specific consent. The consent of a parent, other legal guardian or custodian is required for the validity of the declaration of a minor.

 

Consent is not required for the making of the recording and the use of the resulting recording in the case of crowd shots (where the way in which the recording is made is not individual, but captures the overall effect of the events in the public domain) and recordings of public appearances.

 

Duration of processing

The Data Subjects may withdraw their consent at any time by post to 1064 Budapest, Izabella u

  1. fszt. 4., or electronically by sending a message to info@planimeter.net. In this case, the Data Controller will delete the Data Subject’s relevant personal data and recordings. However, the withdrawal of consent shall not affect the lawfulness of the processing prior to the withdrawal.

 

4.24.           Training service, performance of contract

Planimeter Ltd. provides training and e-learning services to its clients.

 

Purpose of data processing

To contact and conclude a training contract with the Data Subject or his/her representative in relation to the provision of the requested training, and then to provide the service. The provision of the data is a condition for the conclusion of the contract. In the event of failure to provide the data, the Data Controller will not be able to provide the service ordered.

 

Legal basis for processing

Performance of the contract (Article 6(1)(b) GDPR)

 

Categories of personal data

  • Personal data necessary for the provision of the service:
    • Full name of the contracting party concerned: identification, contact, verification
    • Name at birth: identification
    • Address: identification, contact
  • Place and date of birth: identification
  • Name of mother: identification
  • Data required directly for invoicing
  • Tax identification number?
  • Signature (on attendance sheet): identification, authentication
  • Unique identifier: identification, authentication

 

Duration of data storage

Personal data processed for the performance of a contractual obligation for 5 years after the termination of the contract, or in the event of a dispute, until the dispute is finally settled. Data related to invoicing will be kept for 8 years as required by Article 169 of Act C of 2000 on Accounting (“Accounting Act”).

 

The data will be deleted thereafter, unless there is a legal obligation, a legitimate interest or further processing at the request of the data subject that justifies the retention of the data.

 

Transmission of data

Transmission of data of the persons concerned by the training to the employer, to the contractors for the purpose of certification of the training (training record, certification).

 

Purpose of the transfer of data

Keeping accurate records of students who have completed each course (level); issuing and sending certificates of completion of courses; keeping records of training.

 

Legal basis of the data

The legal basis for the transfer is the consent of the data subject or the performance of a contract (Article 6(1)(b) GDPR).

 

4.25.           Data processing in relation to the issue of a training certificate

Purpose of data processing

Issue a certificate of successful completion of the training to the person concerned, his/her representative or the employee who ordered the training.

 

Legal basis for processing

Performance of a contract (Article 6(1)(b) GDPR).

 

Categories of personal data

Data directly required for the issue of the training certificate.

  • Full name of the contracting party concerned: identification, contact, verification
  • Name at birth: identification
  • Place and date of birth: identification
  • Name of mother: identification Other personal data
  • Address: identification, contact
  • Signature (on attendance sheet): identification, authentication
  • Unique identifier: identification, authentication
  • Nationality: identification
  • Highest level of education: ?
  • employment status: ?

 

Duration of storage

Personal data processed for the performance of a contractual obligation for 5 years after the termination of the contract, or in the event of a dispute, until the dispute is finally settled. Data relating to invoicing will be kept for 8 years as required by Section 169 of Act C of 2000 on Accounting (“Accounting Act”). The data will be deleted thereafter, unless there is a legal obligation, a legitimate interest or further processing at the request of the data subject that justifies the retention of the data.

 

Transmission of data

Forwarding the diplomas and certificates issued to the employer of the participants in the training courses, to the parties involved in the contracting process.

 

Purpose of the transfer of data

Keeping accurate records of students who have completed each course (level); certifying completion of courses.

 

Legal basis for the transfer of data

Performance of a contract (Article 6(1)(b) GDPR).

 

4.26.           Sending messages, newsletters, DM activity, telephone enquiries

Planimeter Ltd. sends newsletters to natural persons who subscribe to the newsletter, as well as to natural person clients and natural person contacts of its legal person clients.

 

Purpose of data processing

The Data Controller sends promotional material, postal cheques, direct electronic mail, newsletters, circulars and individual messages to subscribers by post, and information by telephone, for example, about its activities, events, campaigns, membership and support opportunities to Data Subjects who have subscribed to the list and provided their e-mail address and telephone number.

The Data Subject may unsubscribe free of charge, without restriction and without giving any reason, as described in the newsletter. Upon request, all personal data necessary for sending the newsletter will be deleted from our records and the Data Subject will not be contacted by further correspondence.

 

Scope of data processed and Purpose of data processing

  • Surname: identification, contact
  • First name: identification, contact
  • Postal address: identification, contact
  • Date of birth: identification
  • E-mail address: identification, contact
  • Phone number: identification, contact

 

Categories of persons concerned

Natural person customers of the controller, natural persons subscribing to the newsletter, natural person contacts of legal persons.

 

Duration of processing

The Controller shall retain the personal data until the Data Subject’s consent is withdrawn. The Data Subjects may withdraw their consent at any time by post to the following address: 1064 Budapest, Izabella u 64. fszt. 4., or electronically by sending a message to info@planimeter.net to request the deletion of their personal data.

 

4.27.           Online payment – Simple

The Data Controller uses the Simple Online Payment system to process online payments.

 

Purpose of data processing

The processing of online payments, confirmation of transactions and fraud monitoring to protect Users.

 

Who is affected

Users who choose to pay online.

 

Scope of the data processed

  • Surname: the customer’s surname is necessary for identification in each database and for the purposes of communication between the Data Controller and the Data Subject.

 

  • First name: the customer’s first name is necessary for identification in each database and for the purposes of communication between the Data Controller and the Data Subject.
  • E-mail address: the first name of the customer is necessary for identification in each database and for communication between the Data Controller and the Data Subject.
  • Telephone number: the customer’s telephone number is required for the purposes of communication between the Data Controller and the Data Subject.
  • Unique identifiers: to identify the customer’s transactions in each database,

 

Duration of data processing, deadline for deletion of data

Data processing lasts until the online payment is completed.

 

Identity of the data controllers who may have access to the data

The Simple online payment system, OTP Mobil Kft. (registered office: 1093 Budapest, Közraktár

  1. 30-32., company registration number: 01-09-174466, registration authority: the Company Court of the Metropolitan Court of Budapest, tax number: 24386106-2-43, data protection registration number: NAIH-77549/2014, telephone +36 (1) 366-6611, +36 (20) 366-6611, +36

(30) 366-6611, +36 (70) 366-6611, e-mail address: ugyfelszolgalat@simple.hu), hereinafter referred to as Simple,

 

Legal basis for the transfer

The User’s consent, in accordance with the Infotv. Article 5 (1) and Article 13/A (3) of Act CVIII of 2001 on Certain Aspects of Electronic Commerce Services and Information Society Services.

 

Description of data subjects’ rights in relation to data processing

The data subject may request the controller providing the online payment to delete his or her personal data as soon as possible.

For credit card payments, security is based on the separation of data. The Data Controller receives the information from the User in connection with the request for the Service, and SimplePay receives only the card details necessary for the payment transaction, on the payment page with 128-bit SSL encryption. The Data Controller is not informed about the payment page data content, which can only be accessed by SimplePay. The result of the transaction will be communicated to you by the Site after the payment has been made. For payment by card, the browser must support SSL encryption. SSL is short for Secure Sockets Layer, an accepted encryption method. SimplePay has a 128-bit encryption key that protects the communication channel. This encryption method is currently used in 90% of the world’s electronic commerce. Using SSL, the browser program used by the User encrypts the cardholder’s data before it is sent, so that it is encrypted before it reaches SimplePay and cannot be read by unauthorised persons. The Data Controller does not have any form of access to the User’s card or related account data (e.g. number and expiry date).

 

Simple undertakes to perform the data processing tasks required by the GDPR as part of its SimplePay service and to comply with the obligations applicable to the data processor. The data processing sub-activities carried out by Simple as a data processor include the recording, storage, transfer to an authorization partner and deletion of the above personal data.

 

Simple uses the following sub-processors to authorise payment transactions and for fraud monitoring and fraud prevention: – OTP Bank Nyrt. (1051 Budapest, Nádor u. 16., cg. 01-10-041585) – Borgun hf. (Ármúli 30, 108 Reykjavik, Iceland, cg. 440686-1259).

 

Confidentiality

Simple undertakes to maintain the confidentiality of user personal data processed in the course of its data processing activities for its employees, agents, contractors, performance assistants and senior management.

 

Ensuring data security

Simple shall take appropriate measures to protect the data, in particular against unauthorised or unlawful access, alteration, disclosure, transmission, disclosure, loss, deletion or destruction, accidental destruction, alteration or damage and inaccessibility due to changes in the technology used.

 

Simple shall process the data using a level of data security consistent with current industry best practice, the GDPR, applicable Hungarian law, this Agreement and any other data protection and data security legislation. In case of loss of data for any reason, Simple shall restore the data free of charge. If the loss of data is solely due to a cause attributable to the Data Controller, Simple may charge a fee for the recovery of the data up to the justified costs incurred by Simple in this connection.

 

Simple shall also assist the Data Controller in fulfilling its data security obligations and shall provide the Data Controller with the necessary information available to Simple in writing, including by e-mail, within 5 working days.

 

Simple’s responsibility as a data processor

Simple acknowledges and expressly accepts that it is responsible for the activities of its own data processors and the activities of any sub-processors it uses.

 

4.28.           Issuing a financial document, invoice

Purpose of data processing

The Data Controller processes these data for the purpose of issuing documents and invoices related to the Data Subject (subcontractor or his/her personal assistant).

 

Legal basis for processing

The processing is necessary for compliance with a legal obligation to which the controller is subject (Article 6(1)(c) GDPR).Pursuant to Article 159(1) of Act CXXVII of 2007 on Value Added Tax, the invoice is mandatory and must be kept for 8 years pursuant to Article 169(2) of Act C of 2000 on Accounting.

 

Categories of personal data

Data directly required for invoicing.

  • Full name of data subject: identification, contact, verification
  • Address of data subject: identification, contact
  • Tax number: identification

 

Duration of storage

Personal data relating to invoices and financial documents are kept for 8 years from the date of issue, pursuant to Section 169 of Act C of 2000 on Accounting (“Accounting Act”). After that period, the data will be deleted, unless there is a legal obligation, a legitimate interest or further processing at the request of the data subject that justifies the retention of the data.

 

5.           Data controllers, data transfers

The Data Controller transfers the Data Subject’s data to other Data Controllers in connection with certain legal obligations and tasks, and uses data processors to perform certain sub-tasks.

 

5.1.           Data processing

The rights and obligations of the data processor in relation to the processing of personal data are determined by the Data Controller within the framework of the GDPR and the specific laws applicable to data processing. The Controller shall be responsible for the lawfulness of the instructions given by it. The processor shall not take any substantive decision regarding the processing, shall process personal data of which it becomes aware only in accordance with the Controller’s instructions, shall not process personal data for its own purposes and shall store personal data in accordance with the Controller’s instructions.

 

The Data Controller uses the data processors listed in the table below to perform the technical tasks related to the data processing operations.

 

Names and contact details of data processors

The    activity           performed   in           the processing of data

S+H Portfolio Ltd.

1095 Bp. Mester u 5

Phone: +36-20-4148549

You have access to the accounting, including business or other transactions, transactions, related receipts, agreements and the personal data processed in relation to them.

KBOSS.hu Trading and Services Ltd. (Számlázz.hu)

1031 Budapest, Záhony utca 7. Company         registration                        number: 01-09-303201

Tax number: 13421739-2-41 E-mail: dpo@kboss.hu

You have access to the data required for invoicing, orders,                     transaction-related                     documents, agreements and the personal data processed in connection with these.

Personal data provided by the Data Subject.

Magyar Telekom Plc.

1519 Budapest, Pf. 434 https://www.facebook.com/TelekomHU Phone: 1414

Privacy Notice:

As the operator of the telecommunication services (Telephone, Mobile Internet) necessary for Planimeter Ltd., it may have access to the data of the Data Controller’s calls and may have access to the details of the Internet usage.

VIACOM Ltd.

Üllő, Gyár u. 8, 2225 Hungary

Phone: +36 1 348 5000

E-mail: info@viacomkft.hu

As the operator of the Internet services and hosting and system, Planimeter Ltd. needs access to the data files.

OpenNetworks Ltd.

1117 Budapest, Fehérvári út 50-52.

Phone: +36 1 999 6000

Fax: +36 1 999 6001

Central e-mail: info@opennet.hu

Operates the customer service call centre.

 

Office 365

Microsoft Hungary Ltd.

Headquarters:         1031                               Budapest,

Graphisoft Park 3.

Contact: budarec@microsoft.com

 

Operator:

Zen-IT

Tel: +36 1 770 7696

E-mail: info@zen-it.hu

Planimeter Ltd. uses Office 365 provided by Microsoft for email contact and communication, word processing, spreadsheet and presentation management. The legality of any data transfers to non-EEA countries is ensured by Privacy Shield.

Szokács Andrea e.v.

Online marketing service provider

1126 Bp, János Kiss Altábornagy utca 24/B

Phone: +36 70 682 5975

szokacs.andrea@gmail.com

Its task is the technical implementation of online marketing services. The Data Controller has access to the data of its customers, to the extent necessary for the provision of the service,

Magyar Posta Zrt.

Head office: 1138 Budapest, Dunavirág utca 2-6. Privacy Policy: www.posta.hu/adatkezelesi_tajekoztato

Planimeter Ltd. has access to the personal data necessary for the delivery of postal mail and parcels.

MagNet Factor Zrt.

1062 Budapest,

Andrássy út 98.

Phone: +36 1 327 0290,

+36 70 604 6793

In connection with the factoring, Planiméter Ltd. has access to the personal data processed in connection with the order as a contractual partner.

OTP Bank Plc.

1051 Budapest, Nádor u.16 Phone: +36 (1) 366 6666

Privacy                                                     notice:

https://www.otpbank.hu/portal/hu/adatve delem

Planimeter Ltd.’s account holding bank, in the case of online payment or bank transfer payment, has access to the personal data related to the transfer. The financial institution conducts its activities and processes personal data in accordance with the strict requirements of domestic law, in particular the regulations applicable to financial institutions.

MagNet Hungarian Community Bank Zrt.

1062 Budapest, Andrássy út 98.

1376 Budapest 62. P.O. Box 86.

Telephone: +36-1-428-8888

Fax: +36-1-428-8889

www.magnetbank.hu

Planimeter Ltd.’s account holding bank, in the case of online or bank transfer payments, has access to the personal data related to the transfer. The financial institution conducts its activities and processes personal data in accordance with the strict regulations applicable to financial institutions.

OTP Simple – OTP Mobil Kft.

1093 Budapest, Közraktár u. 30-32,

Phone +36 (1) 366-6611

E-mail                                           address:

ugyfelszolgalat@simple.hu

Planimeter Ltd. provides an online payment interface and services related to the processing of transactions and other operations.

 

5.2.           Data transmission

The Controller carries out the transfers listed in the table below in relation to its activities.

 

 

Names and contact details of data processors

The activity performed in the processing of data

Dr.    Sándor    Lóránt         Hajdú, Attorney at Law

1024 Budapest,

Lövőház utca 16/A. fsz. 4 hajdu.sandor@drhajdu.com

You have access to the data necessary for the management of legal matters and to the personal data processed in connection with them.

The lawyer is not a data processor because he or she is entitled to handle the data on his or her own initiative, in accordance with the legal and professional provisions applicable to him or her.

Competent authorities, e.g. NAV, National Institute of Pharmacy, etc.

The Data Controller forwards the recorded data to the competent authority (e.g. police, national security authority, court, criminal investigation authority, prosecution) in cases specified by law (e.g. in case of a crime or suspicion of a crime, etc.) on the basis of the record of the provision of the data.

Educational                                 institutions cooperating in the training programme

The Data Controller will provide internship opportunities for students enrolled in the training programme. The Data Controller will forward the necessary certificate to the educational institution in connection with the completion of the internship.

 

6.           Data security measures

The Data Controller shall act in accordance with the provisions of the “Regulation 2016/679 of the European Parliament” and “Act CXII of 2011 on the Right to Information Self-Determination and Freedom of Information” in relation to the personal data provided by the Data Subject’s employees, partners and subcontractors.

 

The Data Controller shall take all reasonable steps to ensure the security of the data and to ensure their lawful processing:

  • ensure an adequate level of protection of the data, in particular against unauthorised access, alteration, disclosure, disclosure, deletion or destruction, accidental destruction or accidental damage,
  • ensure that the way and the content of the records comply with the legislation in force,
  • shall ensure that the data contained in the personnel records may be accessed only by employees and other persons acting in the interests of the Data Controller who need to know them in order to perform their duties and tasks,
  • store the paper documents of the register with due regard to data security requirements and ensure their safe custody,
  • ensure that the IT system is protected against unauthorised access, both in terms of software and hardware,
  • tracks and logs the operations performed on the data,
  • ensure the irretrievable deletion of the data files after the expiry of the time limit for processing,

 

  • ensuring protection against computer viruses on the IT equipment used by its employees and on internally managed servers,
  • create the conditions to ensure that safety rules on the use of IT equipment are properly enforced when workers work from home,
  • ensure the physical protection of hardware assets at all times, including protection against elemental damage.

 

Please help us to protect your information by not using a login name or password that is too obvious, by changing your password regularly, and by not making your password available to anyone else.

 

7.           Data   subjects’   rights           in              relation           to              data processing

The Data Subject’s data protection rights and remedies, and the relevant provisions and limitations of the GDPR in this regard, are set out in detail in the GDPR (in particular Articles 15, 16, 17, 18, 19, 20, 21, 22, 77, 78, 79 and 82 of the GDPR). The most important provisions are summarised below.

 

7.1.           The Data Subject’s right of access

You have the right to receive feedback from us on whether your personal data is being processed. If such processing is ongoing, the Data Subject is entitled to access to the personal data and the following information:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipients to whom we have disclosed or will disclose the personal data, including in particular recipients in third countries or international organisations;
  • where applicable, the envisaged period of storage of the personal data or, if this is not possible, the criteria for determining that period;
  • the Data Subject’s right to request us to rectify, erase or restrict the processing of personal data relating to the Data Subject and to object to the processing of such personal data;
  • the right to lodge a complaint with a supervisory authority; and
  • where the data have not been collected from the Data Subject, any available information about their source;
  • the fact of automated decision-making, including profiling, and, at least in these cases, the logic used and clear information about the significance of such processing and the likely consequences for the Data Subject.

 

If personal data are transferred to a third country, the Data Subject is entitled to be informed of the appropriate safeguards regarding the transfer.

 

We will provide the Data Subject with a copy of the personal data processed. If the Data Subject has made the request by electronic means, the information shall be provided in a commonly used electronic format, unless the Data Subject requests otherwise.

 

7.2.           The right to rectification

The Data Subject has the right to have inaccurate personal data relating to him or her corrected without undue delay upon his or her request. The Data Subject shall have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.

 

7.3.           Right to erasure (“right to be forgotten”)

The Data Subject has the right to have personal data relating to him or her erased without undue delay at his or her request if one of the following grounds applies:

  • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • the Data Subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;
  • the Data Subject objects to the processing and there are no overriding legitimate grounds for the processing;
  • the personal data have been unlawfully processed;
  • the personal data must be erased in order to comply with a legal obligation under EU or Member State law applicable to us; or
  • personal data are collected in connection with the provision of information society

 

If the Controller has disclosed the personal data and is obliged to delete it pursuant to paragraph 7.3.1, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform other controllers who also store or publish the data that the Data Subject has requested them to delete the links to or copies or replicas of the personal data in question.

 

The above shall not apply where the processing is necessary, inter alia:

  • to exercise the right to freedom of expression and information;
  • for the purposes of complying with an obligation under EU or Member State law that requires the processing of personal data that is applicable to us;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, where the right referred to in paragraph 7.3.1 would be likely to render such processing impossible or seriously jeopardise it; or
  • to bring, enforce or defend legal

 

 

7.4.           Right to restriction of processing

The Data Subject has the right to restrict processing at his or her request if one of the following conditions is met:

  • the Data Subject contests the accuracy of the personal data, in which case the restriction applies for the period of time that allows us to verify the accuracy of the personal data;
  • the processing is unlawful and the Data Subject opposes the erasure of the data and requests instead the restriction of their use;
  • we no longer need the personal data for the purposes of processing, but the Data Subject requires them for the establishment, exercise or defence of legal claims;

 

  • or the Data Subject has objected to the processing, in which case the restriction shall apply for the period until it is established whether the legitimate grounds of the Controller prevail over the legitimate grounds of the Data Subject.

 

Where processing is restricted pursuant to paragraph 7.4.1, such personal data may be processed, except for storage, only with the consent of the Data Subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the Union or of a Member State.

 

The Data Subject will be informed in advance of the lifting of the restriction on processing.

 

 

7.5.           Obligation   to   notify   the                   rectification                   or   erasure                   of personal data or restriction of processing

The Controller will inform each recipient to whom or with which the personal data have been disclosed of any rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. We will inform you of these recipients at the request of the Data Subject.

 

7.6.           The right to data portability

The Data Subject has the right to receive personal data concerning the Data Subject that he or she has provided to us in a structured, commonly used, machine-readable format and the right to transmit such data to another controller without hindrance from the Controller, if:

  • the processing is based on consent or a contract; and
  • the processing is carried out by automated

 

In exercising the right to data portability under paragraph 7.6.1, the Data Subject has the right to request, where technically feasible, the direct transfer of personal data between controllers.

 

 

7.7.           The right to protest

The Data Subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data based on legitimate interests, including profiling. In such a case, the personal data will no longer be processed unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims.

 

Where personal data are processed for direct marketing purposes, the Data Subject has the right to object at any time to the processing of personal data concerning him or her for such purposes, including profiling, where it is related to direct marketing.

 

If the Data Subject objects to the processing of personal data for direct marketing purposes, the personal data may no longer be processed for these purposes.

In the context of the use of information society services and by way of derogation from Directive 2002/58/EC, the Data Subject may exercise the right to object by automated means based on technical specifications.

 

Where personal data are processed for scientific or historical research purposes or for statistical purposes, the Data Subject shall have the right to object, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

 

7.8.           Right to lodge a complaint with a supervisory authority

The Data Subject may assert his/her rights before the courts under the GDPR and the Civil Code, and may also contact the National Authority for Data Protection and Freedom of Information (NAIH) (1055 Budapest, Falk Miksa utca 9-11; postal address: 1363 Budapest, Pf.: 9; phone: +36 1 391 1400; e-mail: ugyfelszolgalat@naih.hu) in case of complaints about the data controller’s data management practices. Detailed rights and remedies in relation to data processing are set out in Articles 77, 79 and 82 of the GDPR.

 

7.9.           Right   to   an   effective           judicial  remedy           against the supervisory authority

The Data Subject shall have the right to an effective judicial remedy against a legally binding decision of the supervisory authority concerning the Data Subject.

The Data Subject has the right to an effective judicial remedy if the competent supervisory authority does not deal with the complaint or does not inform the Data Subject within three months of the procedural developments or the outcome of the complaint.

Proceedings against the supervisory authority shall be brought before the courts of the Member State in which the supervisory authority is established.

 

7.10.           The right to an effective judicial remedy against the controller or processor

The Data Subject has the right to an effective judicial remedy if he or she considers that his or her rights under the GDPR have been infringed as a result of the processing of his or her personal data in a way that does not comply with the GDPR.

Proceedings against the controller or processor shall be brought before the courts of the Member State in which the controller or processor is established. Such proceedings may also be brought before the courts of the Member State where the Data Subject has his or her habitual residence. It is recommended that you send the complaint to the controller before initiating any procedure.

 

8.           Information about children

Persons under the age of 16 may not provide personal information about themselves unless they have requested permission from a parent or guardian. We will not process the data of persons under the age of 16 or will process it anonymously if the consent of a legal representative, parent, guardian or custodian is not available.

 

In the case of Data Subjects under the age of 14, their legal representative or guardian may provide personal data or make a declaration on their behalf.

 

The Data Subject who is over the age of 14 but under the age of 18 may provide personal data and make a legal declaration only with the consent of his/her legal representative or guardian.

 

By providing the information, you represent and warrant that you will act in accordance with the foregoing and that you have no legal capacity to act in relation to the provision of the information. If you do not have the legal capacity to provide the information, you must obtain the consent of a third party (e.g. legal representative, guardian). In this context, you must consider whether the consent of a third party is required in connection with the provision of the information. The Data Controller may not have any personal contact with you, so you are responsible for ensuring compliance with this point and the Data Controller shall not be liable in this regard.

The Data Controller does not process personal data of persons under the age of 16 in connection with its business activities. The Data Controller does not have sophisticated methods to verify the eligibility, the real age or the authenticity of the consent of the person giving the consent, so the user or the person having parental control over the user guarantees that the consent is in accordance with the law. In the absence of consent, the controller will not collect personal data relating to a data subject under the age of 16.

We will make all reasonable efforts to detect any instances where minors’ data have been unlawfully disclosed to us, in which case we will promptly ensure that the data are deleted.

Please tell us immediately if you become aware that a child has provided information about himself or herself without your consent. You can contact us using the contact details highlighted at the beginning of this Notice.

 

9.           Handling complaints

9.1.           Oral complaint

Verbal complaints received by telephone or in person should be investigated immediately, registered and action taken as necessary.

 

The record of the complaint contains the following information:

  • the name and address of the customer,
  • the time and method of receipt of the complaint,
  • a description of the complaint,
  • a list of documents presented by the client,
  • the Data Controller’s position on the complaint, where an immediate investigation of the complaint is possible,
  • signature of the customer (if possible),
  • the place and time of recording of the minutes,
  • in the case of a telephone complaint, the unique identification number associated with the

 

If the Customer does not agree with the handling of the complaint, the Data Controller shall promptly take a record of the complaint, its handling and its position on the complaint and shall provide or deliver a copy to the Customer.

Once the report is recorded, the case is handled in the same way as a written complaint, following the same rules.

 

9.2.           Written complaint

The Data Controller and its staff will handle complaints received in the manner provided by law. A record of the complaint will be kept, with similar content to that of a verbal complaint. The Data Controller shall, unless otherwise provided for in a directly applicable legal act of the European Union, reply to the written complaint in writing within 30 days of receipt and take measures to communicate the complaint.

 

The head of the Data Controller or the administrator delegated by him/her may hear the complainant (whistleblower) or consult external experts if the investigation of the complaint or whistleblowing requires it.

 

The Data Controller will endeavour to act swiftly and decide whether to investigate, remedy or reject the complaint in accordance with applicable law. Its decision shall be sent to the complainant in a clear and comprehensible manner, stating the reasons and responding to all the concerns raised. If the complaint is rejected, the Data Controller shall inform the customer in writing of the authority or the conciliation body to which the complaint may be submitted, depending on its nature.

The Data Controller shall keep the record of the complaint and a copy of the reply for five years and shall present it to the supervisory authorities upon request.

 

10.           Analytical services, cookies

The Data Controller uses cookies and tracking codes from external service providers (in particular Google, Facebook) to monitor user interest, demographic data and behaviour on the website. The data collected is not used for profiling purposes, is not used for automated decision-making, is collected for statistical purposes and is analysed to improve its services.

In addition, the Data Controller may use aggregate data obtained from interest-based advertising services or audience data (such as age, gender and interests) for the purpose of creating and developing general website reports and for advertising on marketing lists.

The aim of the above is to continuously improve our websites and increase the effectiveness of our websites and the advertising associated with our campaigns.

 

10.1.           Google Analytics

Independent measurement and auditing of website traffic and other web analytics data is facilitated by external service providers (for details, please visit: google.com/analytics/ ).

The Ads Settings page, made available by Google, allows you to disable Google Analytics for Display ads and to customise your ads on the Google Display Network. All tracking by Google Analytics can be disabled using the browser module.

 

 

10.2.           Facebook remarketing

We also use the Facebook remarketing code to display targeted ads. If you don’t want to see ads based on page views and interests, you can turn this feature off.

 

10.3.           Cookies

A small information pack consisting of letters and numbers. The cookie is automatically sent by the web server to the visitor’s browser when the website is visited for the first time. The cookie is stored on the visitor’s computer or mobile device for a period of time determined by the person who placed the cookie.

 

The next time you visit the website, the browser sends the cookie back to the web server. The web server can use the data sent to identify the computer or mobile device that sent the cookie and can combine the cookies sent by that device. The cookie provides the web server with information about the activity between visits to the website. A web beacon is a small, usually unnoticeable, image placed on a website. By placing a web beacon, the visitor’s actions on the website can be tracked and statistics can be generated from the data obtained.

 

Planimeter Ltd. places cookies and web beacons on the website in order to recognize a person who has visited the website before; to map the visitor’s interests; to improve the visitor’s experience and to serve personalized ads to the visitor and to improve the security of the website.

 

The following cookies are used by the websites of the Data Controllerhttps://smart-statistics.com, https://planimetergroup.com,              uzletioktatas.hu,                                                          https://plani-meter.com                                         and https://data-scientist.hu:

  • Necessary cookies

are used for the basic operation of the site;

  • Functional cookies

are used to annotate user preferences;

  • Performance cookies

to identify the shopping cart or products in the cart used in the online store and the registered customer, to improve the performance of the website and thus to provide a more complete user experience.

 

We inform our users that the use of cookies operated by our website requires the prior informed consent of the user pursuant to Section 155 (4) of Act C of 2003 on Electronic Communications (“Eht.”). Therefore, on the first visit to the website, a notice will pop up at the bottom of the screen informing you that the website uses cookies and a link to this information. You can consent to the use of cookies by clicking on the “I accept” button.

For more information on the use of cookies, please visit allaboutcookies.org – including detailed instructions on how to delete cookies from your computer. For information on deleting cookies from your mobile phone, please refer to your device manual.

By using this site, you agree to the use of technical data and cookies as described above. It is important to note that these cannot be used on their own to identify you, and will be deleted after you leave the site in accordance with your browser settings.

The cookies used on this website do not store personally identifiable information.

 

If you do not wish to receive certain types of cookies, you can set your browser to prevent the setting of a unique identifier or to warn you when the website wishes to send a cookie.

 

10.4.           Facebook pixels

The website also contains so-called Facebook pixels, which allow Facebook to collect or receive data from the site using cookies, data collection signals and similar data storage technologies, and to use this data to provide measurement services and display targeted ads.

 

11.          Remedies

In case of any questions or problems, please contact us by post at 1064 Budapest, Izabella u 64. fszt. 4. If you are still not satisfied or feel that you have suffered a violation of your rights in relation to the processing of your personal data, you can also turn to the competent court, the Metropolitan Court of Budapest or initiate an investigation at the National Authority for Data Protection and Freedom of Information.

 

President: dr. Attila Péterfalvi,

Address: 1055 Budapest, Falk Miksa utca 9-11,

P.O. Box: 1363 Budapest, PO Box: 9.

Contact: ugyfelszolgalat@naih.hu, +36 (30) 683-5969, www.naih.hu

 

 

Budapest, 1 December 2024.