Expat FAQ

Data protection policy

Data protection



Introduction

Expatriates’ Services Trust Ltd. (Registered seat: H-1139 Budapest, Teve Street 18-22., Building A, 8th floor, Office 806, Tax number: 11753173-2-41) (hereinafter referred to as the Service Provider or Data Controller) adheres to the following data processing notice.

Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR), we provide the following information.

This data processing notice regulates the data processing activities related to the business operations of Expatriates’ Services Trust Ltd. The data processing notice is available at the following website: https://expatserv.hu/en/data-protection-policy/ 

Modifications to this notice shall take effect upon publication at the above address.

 

The Data Controller and Contact Details:

Name: Expatriates’ Services Trust Ltd.
Registered Address: H-1139 Budapest, Teve Street 18-22., Building A, 8th floor, Office 806
E-mail: info@expatserv.hu

 

 

Definitions

  1. “Personal data”: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

 

  1. “Processing”: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

 

  1.  “Controller”: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

 

  1.  “Processor”: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

 

  1.   “Recipient”: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

 

  1.  “Consent of the data subject”: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

 

  1.  “Personal data breach”: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

 

Principles Relating to the Processing of Personal Data

 

 

Personal data shall be:

  1. processed lawfully, fairly and in a transparent manner in relation to the data subject (“lawfulness, fairness and transparency”);

 

  1. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (“purpose limitation”);

 

  1. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimization”);

 

  1. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (“accuracy”);

 

  1. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organizational measures required by the GDPR in order to safeguard the rights and freedoms of the data subject (“storage limitation”);

 

  1. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (“integrity and confidentiality”).

The controller shall be responsible for, and be able to demonstrate compliance with, the above principles (“accountability”).

 

Data Processing Activities

 

Data Processing Related to Relocation Services

  1. Types of personal data collected, the scope of processed data, and the purpose of processing:

 

 

 

Personal Data

Employee/Assigned foreign worker’s details

E-Mail adddres

Phone number, Mobile Number

First and Last name

Maiden Name

Mother’s maiden name

place and date of birth

Official foreign addres

Hungarian addres

Nationality

Marital status

Passport number

Place, date of issue, and expiry date of passport

Job title (Feor) to be held in Hungary

Job description

Hungarian employer

Highest level of education

Professional qualifications

Starting date of employment in Hungary

Mother tongue

Other languages spoken

Amount of salary

Rent amount

Parcel number (HRSZ) of rented  property

Marriage certificate data

Birth certificate data

Social security number (TAJ)

Tax identification number

Income certificate details

Private insurance policy/certificate information

Employee/Assigned foreign worker’s spouse data

First and Last name

Maiden name

Place and date of birth

Mother’s maiden name

Nationality

Gender

Marital status

Passport number, place and date of issue expiry

Highest level of education

Birth certificate details

Employee/Assigned foreign worker’s children data:

First and last name

Maiden name

Place and date of birth

Mother’s maiden name

Nationality

Marital status

Passport number, place and date of issue, expiry

School grade

Gender

Birth certificate details

Note: The e-mail address does not necessarily need to contain personal data.

 

Purpose of data processing:

The above data are required for obtaining the documents necessary for employment in Hungary for foreign employees/assigned workers arriving to or departing from our Partners, and for providing comprehensive relocation services (destination services) for them and their families’ long-term stay.

This includes the application/replacement/extension/reissue of the following documents as part of our regular immigration services: work permit, residence permit, registration certificate, address card, social security card (TAJ), tax card, income certificate, business visas, invitation letter, and income verification from the National Tax and Customs Administration (NAV).

 

  1. Scope of data subjects: Foreign employees arriving at or departing from our contractual partners.

 

  1. Duration of processing and deletion deadline: Until the end of the employment relationship, and according to the retention period specified in the contract with our partners, but no longer than 5 years.

 

 

  1. Persons authorized to access data and recipients of personal data: The data may only be accessed by the Data Controller’s employees who have the appropriate authorization level, in accordance with the above principles.

 

  1. The data subject may:
  • request access, rectification, erasure, or restriction of processing of personal data concerning them;
  • object to the processing of such personal data;
  • exercise their right to data portability, and
  • withdraw consent at any time.
  1. Requests related to access, deletion, modification, restriction, portability, or objection can be made via:
  • Post: H-1139 Budapest, Teve Street 18-22. Building A, 8th floor, Office 806
  • E-mail: info@expatserv.hu

 

  1. Legal basis of data processing:
    Consent of the data subject, Article 6 (1)(a) of the GDPR and Section 5 (1) of the Info Act.

 

  1. Please note:
  • Data processing is based on your consent.
  • Providing personal data is required for fulfilling the assignment.
  • Failure to provide data will result in the inability to perform the requested services or obtain the necessary documents.

 

Data Security Measures

 

  1. The Data Controller implements all necessary technical and organizational measures and establishes the necessary procedural rules to ensure the security of personal data for all purposes and legal bases of processing, in accordance with the GDPR and the Hungarian Information Act (Infotv.).

 

  1. The Data Controller protects the data with appropriate measures against accidental or unlawful destruction, loss, alteration, damage, unauthorized disclosure, or unauthorized access.

 

 

  1. The Data Controller treats personal data as confidential information. Employees are required to observe confidentiality obligations regarding the handling of personal data. Access to personal data is restricted by authorization levels granted by the Data Controller.

 

  1. The Data Controller protects its IT systems with firewalls and antivirus software.

 

 

  1. Electronic data processing and record-keeping are performed both via computer software and in paper format, complying with data security requirements. The Data Controller ensures that data is only accessed for specific purposes, under controlled conditions, and only by persons who need access to perform their duties.

 

  1. The Data Controller ensures the protection and monitoring of inbound and outbound communication carried out electronically.

 

  1. Documents and files under current processing are only accessible to the responsible case administrators. Documents containing the personal data of data subjects, or their copies, are securely stored.

 

  1. The organization ensures that during work no sensitive documents are left exposed on desks, and that all documents are stored in locked cabinets after use, thereby protecting the integrity of the data.

 

  1. The Data Controller ensures the physical protection of data and the devices and documents containing such data.

 

  1. To prevent misuse of paper-based personal data, an authorized person performs random checks on the enforcement of data security regulations.

 

Data Processors Used

 

Issuance of Documents / Permits

 

  1. Activity performed by the data processor: Issuance of permits and documents required for employment and long-term stay in Hungary.

 

  1. Names and contact details of data processors:

National Directorate-General for Aliens Policing
Central Office: H-1117 Budapest, Budafoki út 60.
Phone: +36 1 463 9100
Email: migracio@bah.b-m.hu
Website: http://www.bmbah.hu   

 

Directorate-General for Aliens Policing – Kecskemét Branch Office
H-6000 Kecskemét, Irinyi utca 17/b
Phone: +36 76 481 249
Email: migracio@bah.b-m.hu
Website: http://www.bmbah.hu   

 

National Tax and Customs Administration
Central Office: H-1054 Budapest, Széchenyi utca 2.
Phone: +36 1 428 5100
Email: nav_kozpont@nav.gov.hu
Website: http://nav.gov.hu 

 

National Health Insurance Fund of Hungary
Central Office: H-1139 Budapest, Váci út 73/a
Phone: +36 1 350 2001
Email: neak@neak.gov.hu
Website: http://oep.hu 

 

Central Document Office
H-1133 Budapest, Visegrádi utca 110.
Phone: +36 1 550 1819
Email: kozponti.okmanyiroda@13kh.bfkh.gov.hu
Website: http://www.kormanyhivatal.hu

 

Government Window – Integrated Government Customer Service
H-1139 Budapest, Teve utca 1/a-c
Phone: +36 1 550 1858
Email: 1818@1818.hu
Website: https://kormanyablak.hu   

 

Budapest Labour Centre
H-1082 Budapest, Kisfaludy utca 11.
Phone: +36 1 477 5700
Email: kozponti.okmanyiroda@13kh.bfkh.gov.hu
Website: http://fovaros.munka.hu 

 

Hungarian Office for Translation and Attestation Ltd.
H-1062 Budapest, Bajza utca 52.
Phone: +36 1 428 9600
Email: foglalkoztatas.fovaros@ffo.bfkh.gov.hu
Website: http://offi.hu 

 

  1. Scope of data processing and categories of data processed:

Depending on the type of permit/document required, from among the following: first name, last name, maiden name, place and date of birth, phone number (landline and mobile), email address, mother’s name, address, permanent foreign address, Hungarian address, nationality, marital status, passport data (number, place and date of issue, expiration), job title in Hungary, Hungarian employer, education, qualification, employment start date in Hungary, mother tongue, spoken languages, spouse’s data (as above), children’s data (as above), salary amount, rent amount, parcel number of the rented property, marriage certificate data, birth certificate data, social security number (TAJ), tax ID number, income verification, private insurance policy/certificate details, business travel data (date, location, accommodation).

 

  1. Scope of data subjects: All foreign clients using the relocation/immigration services of Expatriates’ Services Trust Ltd.

 

  1. Purpose of data processing: Evaluation of applications for permits required for employment and long-term stay in Hungary, and data provision necessary for the issuance of such permits/documents.

 

  1. Duration of data processing and deletion deadline: As specified in the internal data protection regulations of each data processor.

 

 

  1. Legal basis for data processing: Consent of the data subject, Article 6(1)(a) of the GDPR, and Section 5(1) of the Info Act.

 

Business Visa Administration

  1. Activity performed by the data processor: Issuance and processing of business visas.

 

  1. Name and contact details of data processors: The consular representation, visa center, or travel agency authorized to issue the appropriate visa for the destination country of the business trip.

 

  1. Scope of data processing and types of data processed: Personal data required for the issuance of a visa to the destination country of the business trip, and additional data necessary concerning the details of the trip.

 

  1. Scope of data subjects: All individuals participating in the business trip.

 

  1. Purpose of data processing: Evaluation of the visa application and issuance of the business visa.

 

  1. Duration of data processing and deletion deadline: According to the internal data protection policy of the respective data processor.

 

  1. Legal basis for data processing: Consent of the User (data subject), Article 6(1)(a) of the GDPR, and Section 5(1) of the Info Act.

Relocation (Moving Services)

  1. Activity performed by the data processor: International relocation of the client’s personal belongings.

 

  1. Name and contact details of the data processor: The moving company selected by the employee/client.

 

  1. Scope of data processing and types of data processed: Name, address, email address, and contact details for direct communication.

 

  1. Scope of data subjects: All individuals using international relocation services.

 

  1. Purpose of data processing: Preparation of the relocation process, including the assessment of needs and forwarding of data, prior to direct contact between the client and the moving company.

 

  1. Duration of data processing and deletion deadline: Until the relocation process is completed.

 

  1. Legal basis for data processing: Consent of the User (data subject), Section 5(1) of the Info Act, Article 6(1)(a) of the GDPR.

 

 

 

Temporary / Permanent Accommodation Administration

  1. Activity performed by the data processor: establishing a permanent address in Hungary and, pending the establishment of such address, temporarily booking and providing accommodation.

 

  1. Name and contact details of the data processor: The temporary and / or permantent accommodation provider or real estate agent selected by the employee/client.

 

  1. Scope of data processing and types of data processed: Name, details regarding the dates and duration of the stay, budget of the rental fee and utility costs, email address, and contact details for direct communication.

 

  1. Scope of data subjects: All individuals using the temporary and / or permanent accommodation administration service.

 

  1. Purpose of data processing: To prepare for the provision of temporary and / or permanent accommodation, including the assessment of needs and forwarding of data, prior to direct contact between the client and the accommodation provider.

 

  1. Duration of data processing and deletion deadline: Until the temporary and / or permanent accommodation arrangement is completed.

 

  1. Legal basis for data processing: Consent of the User (data subject), Section 5(1) of the Info Act, Article 6(1)(a) of the GDPR.

 

 

Delivery Services

  1. Activity performed by the data processor: Delivery and forwarding of documents.

 

  1. Names and contact details of data processors:

GDA Hungary Kft.
Address: 1158 Budapest, Késmárk utca 14.
Phone: +36 1 769 26 61
Email: info@gdahungary.hu
Website: www.gdahungary.hu

Alkusz Rendszerek Kft.

Address: 1158 Budapest, Késmárk utca 14. b. ép.
Phone: +36 70 229 9790
Email: info@futarlista.hu
Website: https://www.futarlista.hu/

Magyar Posta Zrt.

Address: 1138 Budapest, Dunavirág utca 2-6.
Phone: +36 1 767 82 00
Email: ugyfelszolgalat@posta.hu
Website: www.posta.hu

Pannon XP Kft.

Address: 2220 Vecsés, Fő út 1.
Phone: +36207733399
Email: info@pannonxp.hu
Website: https://pannonxp.hu/

other contracted or used courier services and delivery companies of the clients/partners.

 

 

 

  1. Scope of data processing and types of data processed: Sender’s name and address, recipient’s name and address, contact phone number.

 

  1. Scope of data subjects: Senders and recipients of documents being delivered, and all individuals whose personal data is included in the delivered documents.

 

  1. Purpose of data processing: Delivery and forwarding of documents between the Data Controller, its clients, and the processors.

 

  1. Duration of data processing and deletion deadline: According to the internal data protection policy of the respective data processor.

 

  1. Legal basis for data processing: Consent of the User (data subject), Article 6(1)(a) of the GDPR, and Section 5(1) of the Info Act.

 

 

 

Hosting Services

 

 

  1. Activity performed by the data processor:
    Hosting services for the websites expatserv.hu and estrelocation.hu.

 

  1. Name and contact details of the data processor:

 

       Hosting Provider: Cyber Systems Kft.
Registered Office: H-1132 Budapest, Victor Hugo utca 18–22.
Tax number: 12951233-2-41

 

  1. Scope of data processing and types of data processed: For the website hu: all personal data provided by the data subject via the contact form.

       For the website estrelocation.hu: all personal data and documents uploaded by the data subject to the platform.

 

  1. Scope of data subjects: All individuals who fill out the contact form on expatserv.hu and all individuals who register and upload personal data/documents to estrelocation.hu.

 

  1. Purpose of data processing: Ensuring the availability and proper functioning of the expatserv.hu website (including its contact form), and enabling the online flow of information between the Data Controller and incoming employees of certain partners through the proper operation of estrelocation.hu.

 

  1. Duration of data processing and deletion deadline: Until the termination of the agreement between the Data Controller and the hosting provider, or until the deletion request by the data subject is submitted to the processor.

 

  1. Legal basis for data processing: Consent of the User (data subject), Section 5(1) of the Info Act, Article 6(1)(a) of the GDPR.

 

 

 

 

 

 

 

 

 

 

 

 

Use of Google Analytics

  1. This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, which are text files placed on your computer, to help analyze how users use the website.

 

  1. The information generated by the cookie about your use of the website is generally transmitted to and stored by Google on servers in the United States. By activating IP anonymization on this website, Google will shorten your IP address within the member states of the European Union or other parties to the Agreement on the European Economic Area before transmission.

 

  1. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage to the website operator.

 

  1. The IP address transmitted by your browser within the framework of Google Analytics will not be merged with other data held by Google. You can prevent the storage of cookies by selecting the appropriate settings on your browser; however, please note that if you do this, you may not be able to use the full functionality of this website. You can also prevent Google from collecting and processing data generated by cookies related to your use of the website (including your IP address) by downloading and installing the browser plug-in available via the following link: https://tools.google.com/dlpage/gaoptout?hl=en

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Social Media Platforms

  1. Scope of data collection and types of data processed: Name registered on the Facebook platform and the user’s public profile picture.

 

  1. Scope of data subjects: All individuals who have registered on Facebook and “liked” the website.

 

  1. Purpose of data collection: To share public information on the social media platform, share specific content elements of the website or the website itself, and promote it through “likes” and sharing.

 

  1. Duration of data processing, deletion deadline, persons authorized to access data, and information on the rights of data subjects: Data subjects can find information about the source of data, its processing, method of transfer, and legal basis on the relevant social media platform. As data processing takes place on the social media platform, its duration, method, and the options for deletion and modification are governed by the rules and policies of that specific platform.

 

  1. Legal basis for data processing: The voluntary consent of the data subject for the processing of their personal data on social media platforms.

 

 

 

 

 

 

 

 

Customer Relations and Other Data Processing

  1. If the data subject has any questions or issues while using our services, they may contact the Data Controller through the contact options provided on the website (phone, email).

 

  1. The Data Controller stores incoming emails, messages, and personal data provided via phone, Facebook, etc., together with the name and email address of the inquirer and any additional personal data provided voluntarily, and deletes them no later than 5 years from the date of data provision.

 

  1. For data processing activities not listed in this notice, we provide information at the time of data collection.

 

  1. In case of an official request from an authority or a body authorized by law, the Service Provider is obliged to provide information, disclose or transfer data, or make documents available.

 

  1. In such cases, the Service Provider shall only disclose personal data to the requesting party in the quantity and to the extent strictly necessary to achieve the purpose of the request, provided that the purpose and the scope of the data have been clearly specified.

 

 

Rights of Data Subjects

 

  1. Right of Access

You have the right to obtain confirmation from the Data Controller as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and the information listed in the Regulation.

 

  1. Right to Rectification

 

You have the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

 

 

 

  1. Right to Erasure (“Right to Be Forgotten”)

You have the right to obtain from the Data Controller the erasure of personal data concerning you without undue delay, and the Data Controller has the obligation to erase personal data without undue delay under certain conditions.

 

  1. Right to Be Forgotten – Notification to Other Controllers

Where the Data Controller has made the personal data public and is obliged to erase it, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that you have requested the erasure of any links to, or copy or replication of, those personal data.

 

  1. Right to Restriction of Processing

You have the right to obtain from the Data Controller restriction of processing where one of the following applies:

  • You contest the accuracy of the personal data, for a period enabling the Data Controller to verify the accuracy of the personal data;
  • The processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
  • The Data Controller no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise, or defense of legal claims;
  • You have objected to processing; in this case, the restriction applies until it is verified whether the legitimate grounds of the Data Controller override yours.

 

  1. Right to Data Portability

You have the right to receive the personal data concerning you, which you have provided to a Data Controller, in a structured, commonly used, and machine-readable format, and you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.

 

 

 

  1. Right to Object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, including profiling based on those provisions.

 

  1. Objection to Direct Marketing

Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

 

  1. Automated Individual Decision-Making, Including Profiling

You have the right not to be subject to a decision based solely on automated processing — including profiling — which produces legal effects concerning you or similarly significantly affects you.

This does not apply if the decision:

  • is necessary for entering into, or performance of, a contract between you and the Data Controller;
  • is authorized by Union or Member State law to which the Data Controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  • is based on your explicit consent.

 

 

Response Timeframe

The Data Controller shall provide information on the action taken on your request without undue delay and in any event within 1 month of receipt of the request.

If necessary, this period may be extended by 2 additional months, taking into account the complexity and number of the requests. The Data Controller shall inform you of any such extension within 1 month of receipt of the request, together with the reasons for the delay.

 

If the Data Controller does not take action on your request, they shall inform you without delay, and at the latest within 1 month of receipt of the request, of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

 

Data Security

The Data Controller and the Data Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation, the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons. These measures may include:

  1. the pseudonymization and encryption of personal data;
  2. the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services;
  3. the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
  4. a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

 

 

Notification of the Data Subject About a Data Breach

If the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Data Controller shall communicate the personal data breach to the data subject without undue delay.

The notification to the data subject shall describe in clear and plain language the nature of the personal data breach and shall contain at least the following information: the name and contact details of the data protection officer or other contact point where more information can be obtained; a description of the likely consequences of the personal data breach; a description of the measures taken or proposed to be taken by the Data Controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

 

 

 

No communication to the data subject shall be required if any of the following conditions are met:

  • The Data Controller has implemented appropriate technical and organizational protection measures, and those measures were applied to the personal data affected by the breach — in particular those that render the personal data unintelligible to any person who is not authorized to access it, such as encryption.
  • The Data Controller has taken subsequent measures which ensure that the high risk to the rights and freedoms of data subjects is no longer likely to materialize.
  • It would involve disproportionate effort. In such a case, there shall instead be a public communication or similar measure whereby the data subjects are informed in an equally effective manner.

If the Data Controller has not yet notified the data subject of the personal data breach, the supervisory authority may require them to do so after considering the likely risk.

 

 

Notification of a Personal Data Breach to the Supervisory Authority

The Data Controller shall notify the competent supervisory authority of the personal data breach without undue delay, and where feasible, no later than 72 hours after having become aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

If the notification is not made within 72 hours, it shall be accompanied by the reasons for the delay.

 

 

Right to Lodge a Complaint

If you believe that the Data Controller has infringed your rights, you may lodge a complaint with the National Authority for Data Protection and Freedom of Information (NAIH):

National Authority for Data Protection and Freedom of Information
Address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/C
Mailing Address: 1530 Budapest, P.O. Box 5
Phone: +36 1 391 1400
Fax: +36 1 391 1410
Email: ugyfelszolgalat@naih.hu
Website: https://www.naih.hu  

 

 

Closing Remarks

In preparing this notice, we have taken into consideration the following legal regulations:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR)
  • Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (Info Act)
  • Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (especially Section 13/A)
  • Act XLVII of 2008 on the Prohibition of Unfair Commercial Practices Against Consumers
  • Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (in particular Section 6)
  • Act XC of 2005 on the Freedom of Electronic Information
  • Act C of 2003 on Electronic Communications (especially Section 155)
  • Opinion No. 16/2011 on the EASA/IAB Best Practice Recommendation on Online Behavioural Advertising
  • Recommendations of the National Authority for Data Protection and Freedom of Information on the data protection requirements of preliminary information
  • Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) (listed again to emphasize its significance)

 

A honlap további használatához a sütik használatát el kell fogadni. További információ

A süti beállítások ennél a honlapnál engedélyezett a legjobb felhasználói élmény érdekében. Amennyiben a beállítás változtatása nélkül kerül sor a honlap használatára, vagy az "Elfogadás" gombra történik kattintás, azzal a felhasználó elfogadja a sütik használatát.

Bezárás