Information on Data Processing by TRANS REIRO Kft
We, the TARNS REIRO Szolgáltató Korlátolt Felelősségű Társaság, as Data Controller (represented by: Ms Judit Horváth, head office: HU-8900 Zalaegerszeg., company registration number: 20-09-068676, tax number: 14387931-2-20, address of the actual data processing: HU-8900 Zalaegerszeg, Flórián Street 10., e-mail: firstname.lastname@example.org, telephone: +36 92 346-653)Internet contact (and websites of the relevant actual data processing): – https://www.transreiro.com
consider it particularly important to respect and enforce our clients and all other relevant natural persons’ (hereinafter referred to as “Data Subject”) right to data processing, therefore we hereby inform all Data Subjects that during the processing of personal data all natural persons concerned are guaranteed that their rights and fundamental rights to freedom – in particular their right to privacy – shall be respected in all areas of our transportation services.
All Data Subjects who provide personal data to the Data Controller as described in this Information take responsibility for providing the Data Controller only with the knowledge of their own personal data, of which the Data Subject is entitled when communicating thereof. In case the Data Subject acts differently from the above, any liability in this respect shall be the sole responsibility of the person concerned.
This Information is a brief extract of the Data Controller’s Policy on Data Protection (hereafter referred to as the Policy) which has been created with the aim to briefly inform the concerned Data Subjects of the certain activities related to data processing made by the Data Controller, and rules thereof. This document is to be considered as an annex to the Policy; any issues and topics that are not covered by this Information shall be governed by the Policy and the relevant laws and legislation, and shall be interpreted together with these.Data Subjects Concerned and Their Rights
Any Data Subject may request the Data Controller to have access to his/her personal data, rectification or erasure thereof and, in some cases, he/she may also request restrictions on the processing of the data and may object to the processing of personal data. Furthermore, the Data Subject is entitled to the right of data portability, the right to submitting complaint to the supervisory authority, the right to remedy, as well as for automated decision-making in individual cases, the right to choose the scope of the decision and the right to request human intervention.
In addition, in the case of consent-based data processing , Data Subject is entitled to withdraw his/her consent at any time; however, this does not affect the lawfulness of any consent-based data processing performed prior to such withdrawal.
A) Right to access
The Data Subject may request information at any time on whether or not his/her personal data is processed by the Data Controller and in what manner – including the purposes of data processing, the recipients who the data has been communicated with, the source where the data controller has received the data from, the period of data retention, any of his/her rights connected to data processing, as well as information on automated decision-making and profiling; and, in case of transferring to a third country or an international organization, information on the related guarantees.
When exercising the right of access, Data Subject is also entitled to request a copy of the data; in case of an electronically submitted request, the Data Controller shall provide the requested information electronically, unless otherwise requested by the Data Subject. If the Data Subject’s right of access adversely affects the rights and freedoms of others, in particular the business secrets or intellectual property of others, the Data Controller is entitled to refuse to execute the request of the Data Subject to the necessary and proportionate extent.
B) Right to amendment
Data Controller shall correct, rectify or complete the personal data concerning the Data Subject upon request. If there is any doubt about the corrected data, the Data Controller may call the Data Subject to provide the Data Controller with appropriate proof of the specified data. If the Data Controller communicated the personal data affected by this right with another person(s), Data Controller shall inform such person(s) immediately after the data correction, provided that it is not impossible or does not require a disproportionate effort from the Data Controller.
C) Right to erasure
In case the Data Subject requests the erasure of one or all of his/her personal data, the Data Controller shall erase the data without undue delay, provided that:
- the Data Controller no longer needs the personal data in relation to the purposes for which they have been collected or otherwise processed;
- the data processing had been based on the consent of the Data Subject, but the consent was withdrawn by the Data Subject and there is no other legal basis for the data processing;
- the data processing had been based on the Data Controller or a third party’s legitimate interest, but the Data Subject objected to the processing and there is no overriding legitimate reason for the data processing;
- the personal data has been processed unlawfully by the Data Controller; or the erasure of personal data is necessary for compliance with a legal obligation.
If the Data Controller disclosed the personal data affected by this right to any other persons, the Data Controller shall inform these persons immediately after the erasure, unless this proves impossible or involves disproportionate effort. The Data Controller shall inform the Data Subject about those recipients, if the Data Subject requests it. Data Controller is not always obliged to delete personal data, especially in case the data processing is necessary for the submission, validation or protection of legal claims.
D) Right to protest
In case the legal basis for data processing concerning the Data Subject is the legitimate interest of the Data Controller or a third party, the Data Subject may object to the data processing at any time. Data Controller is not obliged to approve of the protest if the Data Controller can demonstrate such compelling legitimate grounds for the processing that override the Data Subject’s interests, rights and freedoms or which are connected to the establishment, exercise or defence of the Data Controller’s legal claims.
E) Right to restriction of data processing
Data Subject may request the restriction of processing his/her personal data in the following cases:
- the Data Subject contests the accuracy of the personal data – in this case the restriction refers to the period that enables the Data Controller to verify the accuracy of the personal data;
- the data processing is unlawful, but the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the Data Controller no longer needs the personal data for the purposes of data processing, however, the Data Subject requires them for the establishment, exercise or defence of legal claims.
Except for storage, personal data affected by the restriction are not handled by the Data Controller, or the Data Controller processes these data only to which the Data Subject has consented to, or the Data Controller, in the absence of such consent, may process those data which are necessary for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the Personal Data is communicated to another person by the Data Controller, the Data Controller shall inform such person(s) about the restriction of the data processing immediately, unless this is impossible or involves disproportionate effort from the Data Controller. Data Controller shall inform the Data Subject about these recipients if the Data Subject requests it.
F) Right to complaint and legal remedy
If the Data Subject considers that processing of his/her personal data by the Data Controller violates the provisions of the applicable data protection legislation, in particular the provisions of the General Data Protection Regulation, he/she has the right to complain before the competent data protection authority of the Member State according to the Data Subject’s place of residence or place of work, or the place of the alleged infringement. The Data Subject – regardless of his/her right to lodge a complaint – may go to court in case of any above-mentioned infringements. Data Subject shall also have the right to apply to the court even against a legally binding decision of the supervisory authority. Furthermore, the Data Subject shall also be entitled to judicial remedy if the supervisory authority does not deal with the complaint or fails to inform the data subject of the procedural developments related to the complaint lodged or the result thereof within three months.
The Data Subject may ask for the rectification, erasure or blocking of his/her personal data recorded and stored during any data processing activity, as well as may ask detailed information on data processing by sending a request to the following addresses – if no other contact is specified in the determination of the given data processing activity:
Postal address: HU-8900 Zalaegerszeg, Flórián utca 10. E-mail: email@example.com
Authority for Legal Remedy
As a general principle, Data Controller shall prove that the data processing complies with the relevant law. In case the Data Controller does not redress the infringement regarding the Data Subject’s personal data that has been complained by the Data Subject, or remedies thereof inadequately or not within the deadline, Data Subject may apply to the Hungarian National Authority for Data Protection and Freedom of Information, primarily by mail. Contact details of the authority:
Name: Nemzeti Adatvédelmi és Információszabadság Hatóság Address: HU-1125 Budapest, Szilágyi Erzsébet fasor 22/c Telephone: +36 (1) 391-1400 Fax: +36 (1) 391-1410 Website: http://www.naih.hu E-mail: firstname.lastname@example.org
Data Subject may also apply to the court in the event of violation of his/her rights. The court shall hear such cases in priority proceedings. In case the Data Controller violates the Data Subject’s privacy rights as a result of unlawful processing or by any breach of data security requirements, Data Subject shall be entitled to demandrestitution from the Data Controller.
Data Controller shall ensure the security of the data processing. Data Controller shall protect the data with the appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion, damage and becoming inaccessible. When applying data security measures, Data Controller shall use the state-of-the-art technological solutions employed at the time. Data Controller shall ensure the IT and service environment used in providing the service of processing personal data in such a way that:
- the personal data provided by the Data Subject shall only be connected to the data and in the manner specified by the Policy;
- data storage shall be available only for those personnel of the Data Controller for whom the access is absolutely indispensable for performing their duties arising from job responsibilities;
- all changes and modification to the data shall be made by indicating the date of the modification; and all data shall be backed up.
Data transmission will be performed by the established appropriate IT system. Data Controller shall arrange and provide the followings:
- access protection: measures to protect against unauthorized access, software and hardware protection;
- b. software protection: protection of data files against viruses and other malware, application of firewall, regular backup and documentation thereof;
- c. hardware protection: physical protection of data files and their storage media, high level of data archiving (protection against physical intrusion), physical protection against damages due to disasters (fire, lightning protection).
The processing of personal data is basically performed by the Data Controller or, if the task is outsourced, it is performed by the Data Processor specified in the Annex to the Data Processing Policy. In this case, Data Controller shall transmit data to the Data Processor(s) and Data Controller is responsible for the activities of the Data Processor(s). Data Controller may transmit personal data if the legal basis for data processing is clear and the data is necessary for data processing. Data Controller may not transmit or transfer the individual data or the complete set of data files to a third party without prior consent, except for mandatory data transmission and transfer based on law and shall take all security measures to prevent any unauthorized access to the data.
Processing of all data related to the Data Subject within the data processing activities and services provided by the Data Controller is primarily based on a voluntary consent, and the general purpose thereof is to ensure the provision of the service and to maintain contact.
The above general rule may be complemented by data processing based on other legal basis, for example mandatory data processing imposed by legislation, of which the Data Controller shall inform the Data Subjects when defining the certain data processing activities.
In case of some services, it is possible to provide additional data to help becoming fully acquainted with the needs of the Data Subject; however, these are not conditions for using the services provided by the Data Controller. Providing the necessary data for each data processing activity by the Data Subject is the condition for using the services provided by the Data Controller.