DATA PROTECTION POLICY
Regarding data processing, the data processor (Trifolium Hungary Ltd.) hereby informs the users of their website about the kind of personal data they process, their principles and practices applied when processing personal data, their organizing and technical measures used to protect personal data, as well as the methods and options data subjects may use/have to exercise their rights.
The regulations of this policy have been established with consideration to the provisions of the General Data Protection Regulation of the European Parliament and of the Council (679/2016, GDPR); Act CXII of 2011 on Informational Self-Determination and Freedom of Information (“Privacy Act”); Act V of 2013 on the Civil Code of Hungary (“Civil Code”); as well as Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (“Commercial Advertising Act”).
DETAILS OF THE DATA PROCESSOR:
- Company name: Trifolium Hungary Ltd.
- Office: H-1075 Budapest, Madách Imre út 13-14. – Madách Trade Center building “A” – 8th floor
- Company registration number: 01-09-074081
- Tax identification number: 10497038-2-41
- Website: https://trifolium.hu/
- Email: email@example.com
- Data protection officer: pursuant to Article 37 of the GDPR, the data processor is not required to appoint a data protection officer.
The data processor requires previous registration so that the individual services offered on their website can be used. Through our website, you can request a quote for web development, reputation management, or other services from our company at the email address shown on our website. Your name and email address will be registered based on the inbound messages. If you do not become a client of our company, these data will be deleted immediately. If you submit an application for a job opening at our company, we process your data included in the application (natural personal identification data, and data from your curriculum vitae). If you do not become an employee of our company, these data will be deleted without delay.
As a general basic principle, we process personal data recorded with the purpose of satisfying the legal requirements of entering into a contract, as well as data collected during website visits, in a confidential manner, in accordance with data protection laws, the requirements of the European Union, and this current policy.
In those cases when a service provider technically related to operating the data processor’s website (typically an internet service provider or storage space provider) performs data processing activity on the website without informing the data processor, their activity does not qualify as data processing performed by the data processor. The above-mentioned third-party service providers are not entitled to process personal data.
Data subject: any specific natural person identified or identifiable (directly or indirectly) based on personal data;
Personal data: data that can be connected to the data subject, particularly, the data subject’s name, identification number, one or more piece(s) of information characteristic of their physical, physiological, mental, economic, cultural, or social identity, or any conclusion that can be drawn from that data in relation to the data subject;
Consent: voluntary and unequivocal expression of the data subject’s wish based on appropriate information by which they give their unambiguous agreement to the processing (complete or related to certain actions) of their personal data;
Objection: the data subject’s statement in which they oppose their personal data being processed, and request the stopping of data processing and the deletion of the processed data;
Data processor: a natural or legal person, or an organization without legal personality, that – independently from or together with others – defines the purpose of data processing, makes and executes decisions regarding data processing (including the tool used for it), or has them made and executed by a proxy data processor;
Data processing: any activity or all of the activities performed on the data independently of the procedure applied, particularly collecting, registering, recording, organizing, storing, changing, using, querying, forwarding, publishing, synchronizing or joining, locking, deleting, destroying, and withholding the data from further use; preparing photo, audio or image recording, as well as recording physical characteristics (such as fingerprint or palm print, DNA sample, iris image) that can identify an individual;
Data forwarding: making the data accessible to a specific third party;
Publishing: making data accessible to anyone;
Deletion of data: making data unrecognisable in a way that their further recovery is not possible;
Data stock: the totality of the data processed in a single registry;
Third party: a natural or legal person, or an organization without legal personality, different from the data subject, the data handler, or the data processor;
Special data: a) personal data related to racial origin, affiliation with a national or ethnic minority group, political views or party affiliation, religious or other ideological views, membership in an organization representing interests, or sexual life; b) personal data related to health status, addictions, or of criminal nature.
LEGAL BASIS FOR DATA PROCESSING FOR REGISTERED USERS
Data processing, including recording and storing data about users registered on the website is performed to the extent necessary for operating the services available through the website and for the purposes of keeping contact and providing information, and it is required for fulfilling the legal obligations of the data processor.
Data processing is also required to establish a contract between the data processor and the registered client, to determine and modify its content, to monitor its fulfilment, to receive the service ordered, to invoice the purchase price, as well as to enforce claims related to it, to document fulfilment compliance, and to meet the accounting requirements.
Personal data are processed based on the voluntary and expressed consent of the data subjects. Users give their consent by using the website, through their registration at the website. The data processor may process the personal data processed by them without further individual consent, or after withdrawal of the consent by the data subject, in order to fulfil the legal obligations applicable to them (with special respect to the legal requirements related to accounting, as well as the prevention of money laundering and the funding of terrorism).
In order to use the non-public databases of the data processor, users are required to provide the following personal and other data during registration:
- Name/Company name;
- Type and number of the document used for identification/Official registration number;
- Names of actual owners, in the case of a company;
- Phone number;
- Email address.
LEGAL BASIS FOR DATA PROCESSING FOR NON-REGISTERED (VISITING) USERS
The following data not associable to a specific person are recorded (even without registration) during each visit at the data processor’s website for the purpose of statistical analysis: – the visitor’s IP address – start of visit (by page); and – end of visit (by page). Posts on a potential forum/blog, plus the following technical information related to signing in will also be recorded: – IP address; and – time. In addition to the above, an automatic confirmation message about the registration for a potential forum/blog will be sent to the email address provided.
Furthermore, the user is required to provide a password during registration. The data processor stores an imprint of the password that can only be used to verify the correctness of the password, but the password itself cannot be recovered from it. During use of the website, the data processor records the type of the browser and operating system of signed-in users. These data are continuously logged by the system, but they are not connected with the data provided during registration or use. These data are used by the data processor on an anonymous basis, exclusively for statistical purposes, as well as to protect the safety of the website.
Data processing is performed exclusively in a manner established by law, to the extent and for the duration necessary to accomplish its purpose, and restricted to the personal data that are essential to accomplish the above purposes and are suitable to be used to accomplish these purposes.
– Analytics cookies: The website uses the Google Analytics system of Google Inc. (“Google”) to analyse website visits. The Google Analytics system stores “cookies” – simple, short and small-sized text files – on your IT device to analyse visits on our website, helping to improve our website for a better user experience. Data on website visits recorded in cookies (including the time of visit and your IP address) are transferred to and stored on Google servers located in the United States. Google uses these data to assess your website-visiting habits, to compile reports on them for the data processor, as well as to provide other services related to the website and the use of the Internet.
– Targeted or advertisement cookies: In order to provide our visitors with marketing information that matches their scope of interests the most, we may use personalized, i.e. targeted or advertisement cookies. However, these cookies require the express consent of the website visitors that they can give by clicking on the corresponding button in a separate text box displayed on the given web surface. These cookies collect detailed information on your browsing habits. If a visitor agrees to receive further emails, marketing information, and offers from us, then cookies work in the following way: they collect information on which articles and/or services have been searched for on our website, and in this way they record data that enable us to identify a visitor and their settings so this information does not have to be entered again. When they visit our website again, it helps to identify them.
The number of views of a specific advertisement can be limited, and the efficiency of advertising campaigns can be measured.
– Session cookies: These are essential for navigating on the website, for the operation of its key features, and for accessing protected content. These cookies store the information required to fill in data forms and occasionally the visitor’s language preferences, and they do not collect information on the visitor that could identify them, could be used for marketing purposes, or would remember what other websites they visited. These cookies are automatically deleted after the website is closed and the session is ended.
– Functional cookies: These cookies, in order to improve user experience, detect what device was used to open our website, remember earlier visitor decisions (such as username, password, preferred language, whether the visitor had signed in during an earlier session, changes of text size, font, or other customizable items of the website by the visitor) to help us offer better and more personalized features to our visitors.
– Third party cookies: We may use third-party web services to display various content which results in storing some cookies that are not monitored by us; thus, implicitly we do not have control over what data these websites and third-party domains collect on how visitors/registered users use these embedded contents:
Google Analytics – visitor statistics.
Please refer to the linked service providers’ websites for third-party privacy policies.
An email address as personal information may pass through foreign servers in relation to electronic notifications; however, no personal data will be stored on them. Unless it is required by law to provide data for an empowered authority, the data processor will not make processed data accessible in any form to any different third party, and they will take all reasonable measures to maintain confidentiality of the data, as well as require the client’s business partner to do the same.
DURATION OF DATA PROCESSING
Processing of the data that are required during registration starts with registration and lasts until the data are deleted, expect for the scope of data that the data processor is required to preserve in order to fulfil their legal obligations as a data processor (with special regard to legal obligations in relation to preventing money laundering and the funding of terrorism) for a duration determined by law. If registration is terminated, then data provided at registration are deleted from the data processor’s electronic database.
The service provider will take all the steps necessary to ensure the security of the data provided by users both during network communication and storage and protection of the data.
CHANGING AND DELETING DATA
Registered users can modify their data on their data sheet after they log in. The user is entitled to request deletion of their data via a deletion request forwarded to the data processor. The request cannot be related to data that the data processor is required to preserve for a duration determined by law in order to fulfil their legal obligations as a data processor (with special regard to their legal obligations related to preventing money laundering and the funding of terrorism).
RIGHTS OF THE DATA SUBJECT
Each data subject – can request access to, that is, information on, the processing of their data; – can request correction if any of their data is inaccurate or has changed; – can request restriction of data processing; – can have their data deleted if they were wrongfully handled or the legal basis for processing them has been terminated (for example, you have withdrawn your consent and no other legal basis has remained) – this is the so-called “right to be forgotten”; – can carry their data, that is, they can request for their processed data “in a delimited, widely used, machine-readable format” so that they can carry them over to a different service provider; and – can object to the processing of their data.
The data processor is required to provide the information or perform the adjustment/deletion with no delay.
AMENDMENT OF THE DATA PROTECTION POLICY
The data processor has the right to amend this policy unilaterally, informing users about it in advance. The amended regulations enter into effect for a specific user with their first use of the website after the changes were published on the website. The modification cannot affect data protection obligations determined by law.
LAW ENFORCEMENT AND HANDLING COMPLAINTS
In the case of complaints regarding data processing, users can directly contact the National Authority for Data Protection and Freedom of Information (address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/c.; Phone: +36-1-391-1400; email: firstname.lastname@example.org; website: www.naih.hu).
Users can go to court if their rights are infringed. The lawsuit is under the scope of the court of law. The lawsuit – depending on the data subject’s preference – can be brought in front of the competent court of the data subject’s permanent or temporary residence. The data processor will inform the user on the possibility and means of legal remedy upon request.
Trifolium Hungary Ltd. 2020.