DATA PROTECTION AND DATA PROCESSING POLICY

 

I. Purpose and scope of the policy
1.1 Purpose of this Policy is to lay down the data protection and data processing principles used by TranzPress Fordító, Kereskedelmi és Szolgáltató Kft. (1025 Budapest, Felhévizi u. 31., hereinafter: Company) and the Company’s data protection and data processing policy, which the Company, as data controller, acknowledges as binding for itself. 

1.2 This Policy contains the principles of the data processing of users’ personal data provided on the webpage of the services. Purpose of this policy is to secure in every field of the services provided by the Company, for every individual regardless of nationality or place of residence the respect for its rights and basic rights for freedom, especially the right for privacy during the automatic processing of personal data (data protection).

1.3 By creating the provisions of this Policy, the company considered the provisions of the following acts with distinctive attention: Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation or GDPR), Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Privacy Act), Act V of 2013 on the Civil Code, Act XLVIII of 2008 on the essential conditions and certain limitations of business advertising activity, Act CVIII of 2001 on certain issues of electronic commerce services and information society services, Act C of 2000 on Accounting (regarding the issue and preservation of certificates) and Act CXIX of 1995 on the use of name and address information serving the purposes of research and direct marketing.

1.4 In the lack of other policy, the scope of this Policy does not extend to those services and data processings, which relate to promotions, prize games, services, other campaigns and contents of third parties other than the Data controller, who are advertising on webpages cited below by this Policy or appearing on these in other ways. In the same way, in the lack of other policy the scope of this Policy does not extend to the services and data processings of webpages and service providers, which can be reached via the link on the webpages under the scope of this Policy. For these services, the provisions of the data processing policy of third parties operating the service are the guiding principles, and for these data processings the Data controller takes no responsibility.

 

II. Definitions

2.1 Set of data: all data processed in one register

2.2 Data processing: regardless of the applied process, any operation or operations conducted on Personal data, such as the collection, recording, ordination, storage, alteration, changing, use, query, survey, communication, forwarding, distribution or other types of circulation, public share, coordination or connection, restriction, deletion and destruction of Personal data.

2.3 Data controller: determines the aims and methods – alone or with other colleagues – of the Data processing.
In the case of the Services referred to in this Policy, the Data controller is:
• TranzPress Fordító, Kereskedelmi és Szolgáltató Kft. (1025 Budapest, Felhévizi u. 31.; under the Company Court of Budapest-Capital Regional Court, company registration number: 01-09-738674; tax number: 13504171-2-41) (hereinafter referred to as: “Data controller”)
Data controller is a company registered in Hungary.
Data controller conducts translation, proofreading and editing services and operates PressMonitor international media monitoring and analysing software, which can be reached on the website online.pressmonitor.hu.

2.4 Personal data: any data or information, by which a natural person User – directly or indirectly – becomes identifiable.    

2.5 Data processor: the service provider, who processes personal data in the name of the Data controller. In the case of the Services referred to in this Policy, the Data processors are the companies listed under section 9.1 of this Policy.

2.6 Webpage(s): webpages run by the Data controller: tranzpress.hu, pressmonitor.hu, online.pressmonitor.hu, crm.tranzpress.hu and the social media platforms connected to the webpages (Facebook and Linkedin).

2.7 Service(s): Translation, proofreading, software localising and international media monitoring and analysis conducted by the Data controller. 

2.8 User: the natural person or a natural person representing a legal person, who is registering for the Services and provides its data specified in section III.

2.9 Employee is a natural person, who is in employment relationship or in any legal relationship regarding work with the Data controller.

2.10 Potential employee: a natural person, who applies for the position announced by the Data controller.

2.11 External service provider: technical or content provider partner, for which Personal data are transferred or may be transferred in order to secure the services of the Company, or providers, who are transferring Personal data for the Data controller. 

2.12 Policy: this data processing policy of the Data controller

2.13 Data destruction: complete physical destruction of the storage medium containing the data;

2.14 Data transfer: if the data are made available for a definite third party; 

2.15 Disclosure: if the data are made available for everybody;

2.16 Data erasure: making the data unidentifiable in a way that data recovery is not possible;

2.17 Automated set of data: set of data for automatic procession;

2.18 Automatic processing: contains the following operations, if they are partly or entirely conducted with automated means: storage of data, logical or algorithmic operations conducted on data, alteration, erasure, retrievement and distribution of data.

2.19 System: technical solutions operating the services of the Data controller and its partners, which are available on the internet.

 

III. Scope of processed user Personal data

3.1 If somebody would like to use the services of an application (crm.tranzpess.hu or online.pressmonitor.hu, hereinafter referred to as Webpages) and therefore becomes a User, its personal data will be a part of the Company’s Data processing.

3.2 Based on the User’s decision, the Company’s Data controller shall process the following data in connection with the use of the Services available on the Webpages: name, domicile, place of residence, telephone number, e-mail address, client account number registered by Data controller and technical specification of the User (goals expected from the Service).

3.3 If the User sends a message (for example, e-mail, reader’s letter) to a Service, or makes a phone call, the Data controller records the User’s address, e-mail address, telephone number, time of the phone call, and processes these in the extent and time frame required for the providing of the service.

3.4 Data controller processes the following Personal data of Users: name, e-mail address, position, telephone number, the name of the company the Users represent/have a connection with, sectoral and work interests, expectations regarding the Service and other specifications in connection with the Service.

3.5 In connection with its contracts, the Data controller processes the name, telephone number and e-mail address of the contracting party’s authorized representative and the contractual contact person.

3.6 Regardless of the above mentioned it can occur that the service provider connected technically to the operation of the Services conducts data processing activity on a Webpage without informing the Data controller. Such activity is not considered as data processing conducted by the Data controller. Data controller makes everything it can for preventing and detecting these data processings.


IV. Scope of further data processed by the Data controller
4.1 For custom-tailored services, the Data controller places cookies on the User’s computer. Aim of the cookie is to provide the high-level operation of the given webpage, to provide custom-tailored services and to enhance the user experience. Users can delete cookies from their computers and prohibit the use of cookies in the browser settings. With the prohibition of cookies, User acknowledges that without cookies the operation of the given website is not on a high-level.

4.2 Technically recorded data during the operation of the systems: the data of the User’s computer, which are generated during the use of the Service and which are recorded as the automatic result of technical processes by the Data controller’s system. These data include the User’s IP address, the type of the operation system and browser used by the User, the data of internet sites from which the User navigated to the webpage and also those sites which the User visited on the webpage as well as the time and duration of the visit. The system logs automatically at the log in and log out phase the automatically recorded data without the User’s particular action or statement. The Data controller can access the data exclusively.


V. Purpose and legal basis of data processing
5.1 Purpose of data processing conducted by the Data controller:
a) Securing the provision of services available on the websites of the Company;
b) Networking in connection with the Company’s business activity;
c) Identification of the User, contact with the User;
d) Information of Users about the novelties of our Webpages and Services;
e) Facilitating the custom-tailoring of advertisements and Services used by the User, utilizing functions for comfortable user experience;
f) Handling and management of individual user requests;
g) Preparing of statistics and analyses;
h) Promotions of direct marketing (for example, newsletter, eDM, etc.)
j) Preparing records required by legislation about the employees of the Data controller, sending reports and statements,
k) recruiting and selecting potential employees of the Data controller,
l) technical development of the information technology system;
m) protecting the User’s rights;
n) asserting the rightful interests of the Data controller
o) facilitating the performance and conclusion of contracts concerning the Data controller’s main activities.

The data, which are made available by Users during the use of the service, can be used by the Company to create user’s groups and to place an advertisement and/or targeted content on the Company’s webpages for these user’s groups.
The Data controller shall process Personal data for any data processing purpose mentioned above.
Data controller shall not use the Personal data for other than the purposes listed in the points above.

5.2 If data processing is conducted in line with the Users’ voluntary statement based upon adequate information, this statement contains the Users’ explicit contribution to use their Personal data generated about them or disclosed by them during the use of the webpage. If during data processing the Users’ data are transferred, Users are informed about it properly. In the case of Data processing based on contribution, User is entitled to withdraw its consent at any time. This, however, is not applying to the data processing before the withdrawal.
Data controller records the User’s IP address when the User logs in on the webpages. This data is recorded in connection with providing the Service, in regard to the Data controller’s legal interests and the lawful provision of the Service (in order to filter illegal contents or usage), without the consent of the User.
The legal basis of Data processing during content providing is providing the basic rights for information and expression, in the frame of present regulations.
In the case of using the services, the legal basis of Data processing may be the voluntary consent of the User, or the conclusion as well as performance of the contract created by the User, the provisions in the regulations applying to the Data controller and the supporting of the Data controller’s marketing activities. The User, as client, with the registration on the Webpage or with using the service contributes to the storage, processing, and use of its Personal data, which it provided during the registration or the use of the service, by the Service provider for completing the request, according to the present legislation. 
Personal data on the certificate issued by the Data controller are processed by the Data controller according to the provisions of the Accounting Law.

5.3 Data transfer for Data processors specified in this Policy shall be conducted without the individual consent of the User.
Disclosure of Personal data to third parties or authorities – unless governed otherwise by regulations – is possible only with official decision or with the preliminary, explicit consent of the User.

5.4 User warrants that during the use of the Services, for the processing of Personal data provided or disclosed by it about other natural persons (for example, with disclosing content generated by the User), the User acquired legally the consent of the natural person in question. User is responsible for every user content shared or uploaded by it to the Services.

5.5 Every User by providing its e-mail address or Personal data during the registration process shall take responsibility for that
a./ the provided data and consent come from the User and are accurate,
b./ exclusively the User makes use of the service with the provided data
The User takes all the responsibility for the log ins with the e-mail address or other data registered by it. If the User, for utilizing the service, provided the data of third parties at the registration, the User would bear the responsibility and the Company is entitled to validate a compensation against the User.  In this case, the Company provides all the help it can give to the competent authority in order to find the identity of the person in breach of the regulations.

5.6 With the purpose of developing its products as well as evaluating, improving and extending its Services, Data controller shall conduct research in connection with the data processed by it, and shall prepare anonymous statistics (hereinafter: Research activity). During the Research activity the Data controller uses the data only as anonymous, the individual User cannot be identified from these data.   The Company is entitled to use the anonymous research results, which are originating in the Research activity, for improving the Services, for introducing new Services, for sending newsletters or advertisements tailored to definite Users, moreover for selling the anonymous research results to third parties.  Users give their explicit consent for these data processings.


VI. Principles and methods of data processing
6.1 Data controller processes Personal data according to the principles of good faith and fair dealing, and transparency, moreover, according to the legislation in force and the provisions of this Policy.

6.2 Data controller uses Personal data, which are inevitably needed for the use of the Services, based on the consent of the User and exclusively for the given purpose. 

6.3 Data controller processes Personal data with the purpose defined in this Policy and in the relevant legislation. Scope of the processed Personal data is in line with the purpose of the Data processing, and cannot expand beyond that.

6.4 In every case, when the Data controller would like to use the Personal data for a purpose other than the original data recording, Data controller informs the User and acquires its preliminary, explicit consent, furthermore, Data controller provides the possibility for the User to prohibit the use of Personal data.

6.5 Data controller does not supervise the provided Personal data. The person exclusively responsible for the accuracy of the given Personal data is the person, who provided the data.

6.6 Personal data of a person under 16 are only processed with the consent of an adult who exercises parental responsibility over the person under 16. Data controller cannot check the consenting person’s entitlement and the content of its statement, so the User and the person, who exercises parental responsibility over the User, warrant that the consent is in line with the appropriate legislation. Without consent statement, the Data controller shall not collect and process Personal data concerning a person under 16 – except from the IP address, which is automatically recorded as a characteristics of the online services.   Among the Users of the Company, based on the register, there is no person under 16.

6.7 Data controller shall not transfer the Personal data processed by the Data controller to third parties other than Data processors defined in this Policy or, in individual cases – as referred to in this Policy –, External service providers.
Exceptions from this provision in this section include the use of data in statistically compiled form, which shall not include, in any form, the data suitable for identifying the User, so it is not considered as Data processing or Data transfer.
Data controller in individual cases – official judiciary cases, police requests, legal procedures, breach of copyright or economic rights, or because the established suspicion of these cases the offence of the Data controller’s interests and endanger of the providing of the Services, etc. – discloses the Personal data of the User for third parties.

6.8 The system of the Data controller shall collect data about the User’s activity, which cannot be linked to other data provided by Users at the registration, or to data created during the use of webpages or services.

6.9 Data controller informs the User and others to whom the Data controller transferred earlier the Personal data for the purpose of Data processing, about the rectification, restriction and erasure of Personal Data processed by the Data controller. Providing information is not necessary, when it does not offend the legal interests of the involved persons regarding the purpose of Data processing.

6.10 Data controller provides for the safety of Personal data, performs those technical and organisational measures and lays down those procedural rules, which secure that the recorded, stored and processed data are safe, furthermore, prevent the accidental loss, unlawful destruction, illegal access, illegal use, illegal change and illegal distribution of those data. 

6.11 In line with the relevant provisions of GDPR, Data controller appoints a Data protection officer:

Data protection officer
Name: ………………………………………
e-mail address:
officemanager@tranzpress.hu
Telephone number: 06-1/225-1426


VII. Duration of data processing

7.1 The Company’s data controller shall store and process the data of Users with a registration during the effect of the existing contract between the Parties and for eight years following that.

7.2 The processing of Personal data provided by the User in connection with the services available on the Data controller’s website exists until the User leaves the given service – with the given user name – or asks for the erasure of Personal data. In this case, Personal data are erased from the systems of the Data controller. Personal data provided by the User – also in the case, when the User does not leave the Service or the User ceased the log in for the Service with the deletion of its registration and the contents and comments stored in the account remain – are processed by the Data controller until the User asks for explicitly the termination of the Data processing of the Personal data in writing. User’s request regarding the termination of the Data processing without leaving the Service does not concern the User’s right for the use of the Service, however, it can occur that in the lack of Personal data, the User cannot use a Service.

7.3 In the case of using illegal, false Personal data or in the case of a criminal act or an attack of the system committed by the User, the Data controller is entitled to cease the registration of the User and at the same time to erase the Personal data of the User without delay, however – with the suspicion of a criminal act or a civil right liability – the Data controller is entitled to retain Personal data for the duration of the procedure to be conducted.

7.4 The data recorded technically and automatically during the operation of the system are stored in the system from their generation for the time period justified for securing the operation of the system. Data controller secures that these automatically recorded data cannot be linked to other Personal data, with the exception of the cases made compulsory by relevant legislation. If the User ceased its consent to the processing of its Personal data or left the Service, the User shall not be identifiable from the technical data, with the exception of investigating authorities and their experts.

7.5 If a court or an authority finally rules the erasure of Personal data, the erasure shall be implemented by the Data controller. Instead of erasure, the Data controller – with the informing of the User – restricts the use of Personal data, if the User asks for it, or if it is presumable based on the available information that the erasure would violate the legal interests of the User. The Data controller shall not erase Personal data until the purpose of data processing exists, which rules out the erasure of Personal data.


VIII. Rights of the User and the method of their enforcement
8.1 User could ask that Data controllers inform it about the processing of its Personal data. If Data controllers process its Personal data, Data controllers shall provide access to these data for the User.
Personal data provided by the User in connection with the given Service can be viewed at the settings of the Services’ log in system or on the client account pages of the Services.
Moreover, User could ask for information about the processing of Personal data any time in writing, in a registered mail or in a recorded delivery addressed to the Data controller, or in an e-mail sent to
adatvedelem@tranzpress.hu. Data controller shall consider the request for information in the letter as authentic, if the User could be identified unambiguously based on the request. Data controller shall consider a request for information sent in e-mail as authentic only when it is sent from the User’s registered e-mail address. This, however, does not rule out that the Data controller identifies the User by other methods before providing of the information.
Request for information may include user data processed by the Data controller, source of user data, purpose, legal basis, duration of the Data processing, name and address of the Data processors, activities in connection with Data processing, furthermore, in the event of transferring Personal data the name of recipients and their purpose with the user data.

8.2 User could ask for the rectification or modification of its Personal data processed by the Data controller. Taking into consideration the purpose of Data processing, User could ask the completion of the incomplete Personal data.
Personal data provided by the User in connection with the given Service can be modified at the settings of the Services’ log in system or on the client account pages of the Services. After performing the request for the modification of Personal data, the earlier (erased) data cannot be restored.

8.3 User could ask for the erasure of its Personal data processed by the Data controller.
Erasure could be refused (i) referring to the freedom of expression and information, or (ii) when the processing of Personal data is authorised by legislation; or (iii) for the proposition, validation and protection of legal interests.
Data controller informs the User about the refusal of the request for erasure in every case, denoting the reason for the refusal. After performing the request for the erasure of Personal data, the earlier (erased) data cannot be restored.
Newsletters sent by the Data controller can be cancelled via the unsubscribe link in the newsletters. In the case of unsubscription, Data controller erases the User’s Personal data in the newsletter’s database.

8.4 User may ask the Data controller to restrict the processing of its Personal data, if the User questions the accuracy of the processed Personal data. In this case the restriction refers to the period, which enables for the Data controller to check the accuracy of the Personal data. Data controller marks the Personal data processed by it, when the User questions its accuracy or correctness, but the incorrectness or inaccuracy of the Personal data in question cannot be stated unambiguously.
8.4 User may ask the Data controller to restrict the processing of its Personal data, even if the Data processing is unlawful, but the User disapproves of the erasure of the processed Personal data, and asks for the restriction of the use of Personal data instead.
Moreover, the User may ask the Data controller to restrict the processing of its Personal data, if the purpose of the Data processing was reached, but the User requires the Data processing for the proposition, validation and protection of legal claims.

8.5 User may ask the Data controller to hand over the Personal data, which were provided by the User and are processed by the User with automated methods, in a machine-readable, widely used format and/or to transfer the Personal data to an other data controller.

8.6 User could protest against the processing of its Personal data (i) when the processing of Personal data is required exclusively for the performance of legal obligations concerning the Data controller or for the validation of legal interests of the Data controller or a third party; (ii) when the purpose of the Data processing is direct marketing, opinion poll or scientific research; or (iii) when the Data processing is conducted for a public cause. Data controller considers the legality of the User’s protest, and if the protest is justifiable, Data controller ceases the Data processing and blocks the processed Personal data, furthermore, informs those to whom the Personal data included in the protest were transferred earlier about the protest and the relevant measures.

IX. Data processing
9.1 Data controller uses the following Data processors for the performance of its activities.
Data controller uses external Data processor for the sending of a larger amount of direct on-line material. The Data processor is Mailchimp (Registered Trademark of Apple), which accesses the data in the newsletter’s mail list, so it accesses the e-mail addresses. 


Data processor shall not use the Personal data received for the performance of the task for other reasons different from performing the task. Further information is available on the webpage of the Data processor: https://mailchimp.com/legal/privacy/ 

Data controller’s servers are placed in the server rooms of …………………..
…………………..
Registered office: …………………..
Company registration number: ………………………………………….

Data controller uses a Data processor for the recording and storing of its telephone calls. Name of Data processor: …………………..
Registered office: …………………..
company registration number: ………………………

9.2 Data processors make no independent decisions, they are entitled to act exclusively according to the contract concluded with the Data controller and according to the received instructions.

9.3 Data controller supervises the work of the Data processors.

9.4 Company shall use further data processor for the processing, analysing and evaluating of data during its research activity.

9.5 Data processors are entitled to use other data processors only with the consent of the Data controller.

 

X. External service providers

10.1 Data controller uses in several cases External technical partners and content providers for the performance of the services. Data controller cooperates with these External service providers.


Regarding Personal data processed in the systems of External service providers, the provisions of the data protection policy of External service providers are governing. Data controller makes everything it can for the lawful processing of Personal data by the External service provider. External service provider shall use Personal data exclusively for the purpose defined by the User or for the purpose determined in this Policy.

10.2 External service providers contributing to the performance of the contracts

Data controller uses express courier service for securing the webshop’s services and for the delivery of the ordered products. Express courier service is qualified as data controller in regard to users’ Personal data provided for it. External service providers contributing to the performance of the contracts process the Personal data provided for them (for example, name, address, telephone number, e-mail address, etc.) according to the provisions of their own data protection policy. More information on their data protection policy can be found on the webpage of the External service providers.
External service providers cooperating with the Data controller: Post-Office Kft., PayPalHoldings Inc.
These External service providers process the Personal data provided for them according to their own data protection policy.


XI. Data transfer
11.1 Data controller is entitled and obligated to transfer every Personal data at disposal and stored by the Data controller regularly to the relevant authorities, for the transfer of which the Data controller is obligated by legislation or final official decision. Data controller is not responsible for these data transfer and the consequences of these data transfer.

11.2 In the case of the explicit permission of the User, Data controller is entitled to transfer the Personal data denoted in the permission for the purpose and in the period denoted in the permission, to the third party denoted in the permission. For the processing of the transferred data, the data processing provisions of the third party are governing.

11.3 Data controller conducts a data transfer register for the supervision of the legality of data transfer and for the informing of the User.


XII. Data processings in connection with the Data controller’s employees, potential employees and visitors:

12.1 Data controller processes the following Personal data of its employees: name, name at birth, tax identification number, social security number, mother’s name, place of birth, time of birth, personal identification number, nationality, permanent address, postal address, bank account number, education, number of certificate verifying education, name of spouse, spouse’s name at birth, spouse’s tax identification number, name of children, tax identification number of children, social security number of children, name of the children’s mother, place of birth of children, time of birth of children, disability of children.

12.2 The purpose of the data processing concerning the Data controller’s employees is the performance of the Data controller’s legal obligations (registration and notification).

12.3 The duration of the data processing concerning the Data controller’s employees is determined by the relevant legislation.

12.4 The legal basis of the data processing concerning the Data controller’s potential employees is the voluntary statement of the potential employee based on adequate information. The purpose of the data processing is the recruiting and selecting potential employees of the Data controller.

12.5 With the sending of its curriculum vitae and other documents necessary for the application to the Data controller, Data controller’s potential employee gives its consent to the storage, processing and use of its Personal data provided during the application process by the Data controller according to the relevant legislation until the User withdraws its consent, but at least for two years from the filling of the position in question. Data controller is entitled to use the Personal data of the potential employee sent in its curriculum vitae and in other documents necessary for the application in a future situation enabling the potential employment of the potential employee at the Data controller, when the potential employee may be suitable for filling the employment relationship or any relationship regarding employment according to the Data controller, for the reason that with the Personal data, Data controller could consider its stance and direct request could be sent to the potential employee.

12.6 Data controller shall operate and establish cameras in its office and its rooms for reasons in connection with the protection of property and the performance of the employment contract. Cameras make a video record, which the Data controller shall view and use for reasons in connection with the protection of property and the performance of the employment contract. The records must be deleted in 72 hours from the making of the record, when the records are not used for the reasons laid down in this section.


XIII. Modification of the Data processing policy
13.1 Data controller has the right to modify this Policy with its unilateral decision at any time.

13.2 With logging in, the User accepts the valid provisions of the Policy. There is no need for the further consent of the individual Users.


XIV. Law enforcement opportunities
14.1 Data controller’s employees are also available for questions or comments concerning data processing on the e-mail address
adatvedelem@tranzpress.hu, and on the telephone number +361-225-1426.

14.2 With complaints concerning the Data processing, User could contact directly the Hungarian National Authority for Data Protection and Freedom of Information (address: 1055 Budapest, Falk Miksa utca 9-11; phone number: +36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu; webpage: www.naih.hu)

14.3 User could go to court in the case of the violation of its rights. Judging the trial is in the jurisdiction of the law court. The trial could be started – based on the choice of the person concerned – at the designated law court for the place of residence of the person concerned. For the request of the Data controller, User is informed about the possibilities and methods of the legal remedy.


Budapest, 22 May 2018.

Back