Data processing information - Appentum Ltd.
The purpose of the data processing information
The purpose of the data processing information is to inform users about how their personal data is handled by the company. The Appentum Ltd. (hereinafter referred to as the Data Controller) acknowledges the content of this legal notice as obligatory. It undertakes to ensure that all data processing related to its activities complies with the regulations in this policy, as well as with the applicable national laws and the expectations set out in the legal acts of the European Union.
The Data Controller reserves the right to change this information at any time. Any changes will be duly communicated to the audience in a timely manner.
If you have any questions related to this notice, please feel free to contact us, and our colleague will respond to your inquiry.
The Data Controller is committed to protecting the personal data of its customers and partners, and it considers respecting the informational self-determination rights of its customers to be of paramount importance. The Data Controller handles personal data confidentially and implements all necessary security, technical, and organizational measures to guarantee the security of the data.
Below, the Data Controller outlines its data processing practices.
1. Data of the Data Controller
Data Controller: Appentum Kft.
Registered Office: 12 Kossuth Lajos Street, Győr, 9025
Company Registration Number: 08-09-027613
Tax Identification Number: 23572843-2-08
Represented by: Zoltán Szaniszló, CEO
Contact: adatvedelem@appentum.hu
2. Scope of Data Processing
- Website: www.appentum.com
- Information sent to email accounts with the appentum.hu extension.
3. The scope of processed personal data, the legal basis for data processing, the purpose of data processing, and the duration of data processing
The data processing activities of the Data Controller are based on voluntary consent. In cases of data processing based on voluntary consent, data subjects have the right to withdraw their consent at any stage of the data processing.
Data subjects are reminded that if they provide personal data that does not belong to them, it will be their responsibility to obtain the consent of the data subject.
The principles of data processing are in line with the applicable data protection laws, including:
- Act No. CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (Info Act);
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR);
- Act No. V of 2013 - Civil Code (Ptk.).
Purpose of data managementa
Legal basis for data management
Scope of processed personal data
Duration of data management or criteria for determining the duration
Delivery of information about the Data Controller's activities in the form of a newsletter to those who have subscribed to it
Consent of the subscriber pursuant to Article 6 (1) point a) of the General Data Protection Regulation.
.
The subscriber provided:
- name
- e-mail address
The Data Controller normally stores personal data for 5 years from the date of provision.
If the purpose of data management (send newsletter) ceases, the data will be deleted 30 days after sending the last newsletter.
If the subscriber declares in writing that he no longer wishes to use the service, the subscriber's data will be deleted within 30 days.
Delivery of information related to the service provided by the Data Controller in electronic form to those requesting it
Consent of the subscriber pursuant to Article 6 (1) point a) of the General Data Protection Regulation.
The subscriber provided:
- name
- e-mail address
The Data Controller stores the personal data for 60 days from the date of provision.
The Data Controller finds the right workforce for the advertised jobs
Consent of the sender pursuant to Article 6 (1) point a) of the General Data Protection Regulation.
Article 6 (1) point b) of the General Data Protection Regulation - data provided before the conclusion of a contract
Personal data provided in CV:
- name,
- place and time of birth, contact information: place of residence, place of residence, telephone number, e-mail address
- study data
- professional experience
Other data provided by the applicant:
- Social media profiles
- Wage demand
- Cover letter
The Data Controller stores the data for 2 years from the date of the given consent or until the consent is revoked.
In cases not covered by the above, the Data Controller will delete any received messages along with the personal data after a maximum of 5 years from the date of submission.
4. Automated decision-making (including profiling):
- There is no automated decision-making, including profiling, during the data processing.
5. Transmission of personal data, recipients of personal data, and categories of recipients
- The Data Controller does not use data processors.
The data subject's rights related to data processing:
The data subject has the following rights related to data processing:
a) Right of access to their personal data,
b) Right to rectify their personal data,
c) Right to erasure or restriction of processing of their personal data, except for mandatory data processing,
d) Right to data portability under the conditions defined by law,
e) Right to object to data processing based on legitimate interests.
a) Right of Access:
The data subject is entitled to receive feedback from the Data Controller regarding whether the processing of their personal data is in progress, and if such processing is ongoing, they have the right to access the personal data. The Data Controller shall provide the data subject with a copy of the personal data being processed. The Data Controller may charge a reasonable fee based on administrative costs for any additional copies requested by the data subject. If the data subject has submitted the request electronically, the information must be provided in a widely used electronic format unless otherwise requested by the data subject.
b) Right to Rectification:
The data subject is entitled to request the Data Controller to rectify any inaccurate personal data concerning them without undue delay.
c) Right to Erasure:
The data subject is entitled to request the Data Controller to erase their personal data without undue delay, and the Data Controller is obliged to erase the personal data concerning the data subject without undue delay if one of the following reasons applies:
i. The personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
ii. The data subject withdraws consent on which the processing is based according to Article 6(1)(a) or Article 9(2)(a) of the General Data Protection Regulation (GDPR), and there is no other legal ground for the processing.
iii. The data subject objects to the processing pursuant to Article 21(1) of the GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
iv. The personal data has been unlawfully processed.
v. The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject.
vi. The personal data has been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
Right to Restriction of Processing:
The data subject has the right to request the Data Controller to restrict processing if one of the following applies:
i. The accuracy of the personal data is contested by the data subject, for a period enabling the Data Controller to verify the accuracy of the personal data;
ii. The processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
iii. The Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims; or
iv. The data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the Data Controller override those of the data subject.
If processing is restricted, such personal data, with the exception of storage, shall only be processed with the data subject's consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
d) Right to Data Portability:
Furthermore, the data subject has the right to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another Data Controller without hindrance from the Data Controller to which the personal data have been provided, where:
(i) the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR; and
(ii) the processing is carried out by automated means.
e) Right to Object:
The data subject is entitled to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on Article 6(1)(e) or (f) of the GDPR, including profiling based on those provisions. In such cases, the Data Controller shall no longer process the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.
If personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing. If the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
General Rules for the Exercise of Rights:
The Data Controller shall inform the data subject of the actions taken in response to their request without undue delay and at the latest within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The Data Controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. If the data subject has submitted
the request by electronic means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.
The Data Controller shall provide the information and any action taken free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the Data Controller may either:
a) charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or
b) refuse to act on the request.
The burden of proving the manifestly unfounded or excessive character of the request lies with the Data Controller.
Where the Data Controller has reasonable doubts concerning the identity of the natural person making the request referred to in Articles 15 to 21, it may request the provision of additional information necessary to confirm the identity of the data subject.
7. Legal Remedies
The data subject may contact Appentum Kft. at any time regarding the processing of their personal data by emailing adatvedelem@appentum.hu.
In case of a complaint related to the processing of personal data, the data subject may also contact the National Authority for Data Protection and Freedom of Information (postal address: 1363 Budapest, Pf. 9., address: 1055 Budapest, Falk Miksa utca 9-11., Phone: +36 (1) 391-1400; Fax: +36 (1) 391-1410; Email: ugyfelszolgalat@naih.hu; website: www.naih.hu).
In case of infringement of rights, the data subject may bring a lawsuit against the Data Controller. The court shall proceed with the case without delay. The Data Controller is obliged to prove that the data processing complies with the legal requirements. The jurisdiction for the case lies with the court, or in Budapest, with the Budapest Metropolitan Court. The lawsuit may also be filed before the court having jurisdiction over the data subject's residence or habitual residence.
The Data Controller shall compensate any damage caused to others by the unlawful processing of the data subject's data or by breaches of data security requirements. The Data Controller shall be exempt from liability if it proves that the damage was caused by an unavoidable external circumstance beyond the scope of data processing. No compensation shall be payable for damage resulting from intentional or grossly negligent behavior on the part of the injured party.
8. Use of Cookies
In order to personalize and optimize your experience on our websites and to provide you with the most comprehensive user experience, our websites may place a small data package, called a cookie, on your computer. Cookies are identifiers that our websites or partner servers collecting cookies can send to your computer to identify the computer used during your visit to our websites and to store technical data related to the use of the website (such as clicks, other navigation data).
Most browsers automatically accept these cookies by default. These settings apply only to the browser program and computer used, and the settings for cookies must be set and disabled separately for each computer and browser. Disabling cookies may affect the proper functioning and full use of all functions of the websites.
9. Technical Data
The Data Controller selects and operates the information technology tools used for the processing of personal data in such a way that the processed data:
- is accessible to authorized persons (availability);
- its authenticity and authentication are ensured (data integrity);
- its unchanged nature can be verified (data integrity);
- is protected against unauthorized access (data confidentiality).
The Data Controller protects the data against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as against accidental destruction, through appropriate measures.
The Data Controller ensures the security of data processing by implementing technical, organizational, and organizational measures that provide an appropriate level of protection against the risks associated with data processing.
During data processing, the Data Controller preserves:
- confidentiality: it protects the information so that only those authorized can access it;
- integrity: it protects the accuracy and completeness of the information and processing method;
- availability: it ensures that when the authorized user needs it, they can actually access the desired information, and the tools related to this are available.
Issued in Győr on September 1, 2023.