У нас всё Быстро, Чётко и по Делу!
Everything is fast, clear and to the point!
Privacy policy
DATA SUBJECTS RIGHTS REGARDING PERSONAL DATA PROCESSING: AN OVERVIEW
INTRODUCTION
In compliance with Regulation (EU) 2016/679, also known as the Regulation, which addresses the protection of natural persons concerning the processing of their personal data and the free movement of such data, and repeals Directive 95/46/EC, this document outlines the obligations of the Controller. The Regulation mandates that the Controller takes suitable measures to convey information regarding personal data processing to data subjects in a clear, concise, transparent, and easily accessible manner, using straightforward language. Furthermore, the Controller is obligated to facilitate the exercise of data subject rights. Additionally, Act CXII of 2011 on the freedom of information also necessitates the provision of information to data subjects before processing. The information presented here aims to fulfill the legal obligations of our Company in this regard.
CHAPTER I
RESPONSIBLE PARTY FOR DATA
The entity providing this information also serves as the data controller:
Company name: IST Hungary Kft.
Legal address: 2636 Tésa, Ady Endre utca 11, Hungary
Tax number: 27966745-2-13
Company registration number: 01-09-359424
Represented by: Igamnazarov Timur
Email: business@isthungary.hu
Website: immigrationlive.hu
Phone: +36-20-59-77777
(hereinafter referred to as Company)
CHAPTER II
IDENTIFICATION OF DATA PROCESSORS
The term 'Processor' refers to a natural or legal person, public authority, agency, or any other entity that processes personal data on behalf of the controller (as per Article 4(8) of the Regulation). While the involvement of a processor does not necessitate prior consent from the data subject, they must be duly informed. Consequently, we provide the following details:
Our Company's IT Service Providers
To facilitate the operation and management of its IT systems, our Company engages data processors offering IT services (including hosting, email, system administration, and CRM services). These processors handle personal data provided through the website, email, or any other means related to our Company's services during the contractual period. The list of processors includes:
Company Name: Microsoft
Registered Address: Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA
Service Type: Microsoft 365
Website: www.microsoft.com
Company Name: Versanus Informatikai és Szolgáltató Kft.
Registered Address: 1138 Budapest, Mura u. 4. 9. em. 7.
Tax Number: 13504786-2-41
Email Address: support@versanus.eu
Website: versanus.eu
Service Type: Hosting Service Provider
Our Company's Accounting Service Providers
To meet tax and accounting obligations, our Company enlists external service providers. These providers process the personal data of individuals in contractual or payment relationships with our Company, ensuring compliance with tax and accounting regulations.
CHAPTER III
DATA PROCESSING IN CONNECTION WITH SERVICE PROVISION
Accessing the Website
Cookie Usage Information
(1) Following standard internet practices, our Company employs cookies on its website. A cookie is a small data file with a sequence of characters placed on the visitor's computer during a website visit. Upon subsequent visits, the website recognizes the visitor's browser through the cookie.
(2) Our Company's website collects and processes the following visitor and device data:
• IP address of the visitor,
• Browser type,
• Operating system settings of the browsing device (language settings),
• Visit date,
• Visited (sub)page, function, or service used.
(3) While accepting and enabling cookie usage is optional, visitors can reset their browser settings to reject or notify them about incoming cookies. Although most browsers automatically accept cookies by default, this setting can generally be modified to allow users to decide on a case-by-case basis.
For information on cookie settings for popular web browsers, click on the links below:
• Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
• Google Chrome: https://support.google.com/accounts/answer/61416?hl=en
• Microsoft Internet Explorer 11: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11
• Microsoft Internet Explorer 10: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-10-win-7
• Microsoft Internet Explorer 9: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-9
• Microsoft Internet Explorer 8: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-8
• Microsoft Edge: http://windows.microsoft.com/en-us/windows-10/edge-privacy-faq
• Safari: https://support.apple.com/en-us/HT201265
Please note that certain website functions or services may not work properly with disabled cookies.
(4) The cookies used on the Company's website cannot, on their own, establish the user's identity.
(5) Cookies on the Company's website:
i) Strictly (technically) necessary session cookies:
These cookies enable smooth browsing and use of the website's functions and services during a specific visit. They are retained only for the duration of the current visit and are automatically deleted when the session ends and the browser is closed. The legal basis for this processing is Article 13/A (3) of Act CVIII of 2001 on certain issues of electronic trading services and information society services. Processing purpose: Ensure proper website operation.
ii) Consent-based cookies:
These cookies allow the Company to remember user selections on the website. Users can object to this processing at any time. This data is not linked to user identification data and may not be disclosed to third parties without user consent.
ii.1. Functional cookies:
Processing purpose: Enhance service effectiveness, user experience, and website usability.
Processing period: 7 months.
Data processed: ZOPIM, ADDTOANY
ii.2. Performance cookies:
Google Analytics cookies – More information: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
Google Adwords cookies – More information: https://support.google.com/adwords/answer/2407785?hl=en
Facebook cookies – More information: https://www.facebook.com/policies/cookies/
Processing purpose: Optimize service performance and user experience.
(6) The legal basis for processing: User consent.
Processing Related to Newsletter Service
(1) Individuals subscribing to the newsletter on the website can provide consent by checking the relevant checkbox. Subscribers can unsubscribe at any time, revoking their consent, by clicking the "Unsubscribe" option in the newsletter or by contacting us via email. In such cases, all data, except the email address and the unsubscribe status, is promptly deleted.
(2) Processed data categories: Name (first and last), email address, country of origin, residence country, service group.
(3) Purposes of processing personal data:
• Sending newsletters about Company products and services.
• Sending promotional material.
(4) Legal basis for processing: User consent.
(5) Recipients of personal data with access to the eDm database within and outside the company: Company employees handling customer service and marketing duties; IT service provider employees as data processors for hosting services.
(6) Storage period for personal data: Until the newsletter service is provided or the data subject revokes consent (requests erasure).
Requesting Contact via Online Form or Email
(1) Individuals completing the online form for contact requests on the website can provide consent by checking the relevant checkbox.
(2) Processed data categories (may vary by service type): Name, phone number, email address, copy of passport and/or visa, date of birth, marital status, travel information.
(3) Purposes of processing personal data:
• Electronic, phone, and SMS contact requests.
• Sending information on news related to Company products, services, terms and conditions, special offers.
• Assessing eligibility for services.
• Providing offers related to website services.
(4) Legal basis for processing: User consent or responding to the data subject's request.
(5) Recipients of personal data with access to the client database within and outside the company: Company employees handling customer service and marketing duties; IT service provider employees as data processors for hosting services.
(6) Storage period for personal data: 6 months or until the data subject revokes consent (requests erasure).
Processing Data of Contracted Partners – Customer and Supplier Administration
(1) The Company processes personal data of natural persons entering into business relationships as customers or suppliers based on legal obligations. This processing is deemed lawful, even if necessary to take steps at the data subject's request before entering into a contract.
(2) Processed personal data categories: Name, name at birth, date of birth, mother's maiden name, address, tax identification number, private entrepreneur's card number, primary producer's card number, identity card number, registered address, site address, phone number, email address, website address, bank account number, customer number, online identifier.
(3) Purposes of processing personal data: Entering into, performing, and terminating contracts; providing contractual discounts; fulfilling legal obligations specified in applicable laws and regulations.
(4) Legal basis for processing: Legal obligations and steps at the request of the data subject.
(5) Recipients of personal data: Company employees and data processors performing customer service, taxing, and accounting duties.
(6) Storage period for personal data: 5 years after the relevant contract termination.
Contact Details of Individuals Representing Legal Entity Clients, Customers, and Suppliers
(1) Processed personal data categories: Name, address, phone number, email address, online ID.
(2) Purposes of processing personal data: Performing contracts with legal entity partners; maintaining business relationships; legal basis: Company's legitimate interest.
(3) Recipients or categories of recipients of personal data: Company employees performing customer service duties.
(4) Storage period for personal data: 5 years after the business relationship and assignment of the data subject as a representative cease.
Special Processing for Individual Services
CHAPTER IV
PROCESSING BASED ON LEGAL OBLIGATION
Processing for Fulfilling Tax and Accounting Obligations
(1) The Company is obligated to process pertinent personal data of individuals establishing a business relationship with the Company as customers or suppliers. This processing is carried out to fulfill the Company's legal obligations regarding tax and accounting, as outlined in applicable laws and regulations. The processed data specifically encompass the following: tax number, name, address, and tax status based on Articles 169 and 202 of Act CXXVII of 2017 on Value Added Tax; the name, address, and the entity or individual ordering the business operation; the name of the person authorizing the payment order and certifying the operation's execution, along with the controller's signature in certain organizational contexts; recipient's signature on the payment receipt and payer's signature on the counter receipt; private entrepreneur’s card number, primary producer’s card number, and tax identification number.
(2) The duration for which personal data will be retained: 8 years after the cessation of the legal relationship establishing the processing's legal basis.
(3) Recipients of personal data: Company employees and data processors responsible for taxing, accounting, payroll, and social security duties.
CHAPTER V
SUBMISSION OF REQUESTS RELATED TO CONTROLLER'S DATA PROCESSING ACTIONS
The Controller is obligated to promptly provide information regarding the actions taken in response to a data subject's request to exercise their rights. This information must be provided without undue delay and, in any case, within one month from the receipt of the request. In situations where the complexity or volume of requests necessitates additional time, the Controller may extend this period by two months. The data subject shall be informed of any such extension and the reasons for the delay within one month of receiving the request.
In cases where a data subject submits their request electronically, and unless otherwise specified by the data subject, the information will be conveyed in a commonly used electronic format.
Should the Controller fail to act on the data subject's request, they are required to inform the data subject promptly and no later than one month from receiving the request. This communication must include the reasons for not taking action and inform the data subject of their right to file a complaint with a supervisory authority or seek judicial remedies.
Information provided under Articles 13 and 14 of the Regulation, as well as any communication and actions taken on the data subject's rights (Articles 15 to 22 and 34), are to be furnished free of charge by the Controller. However, if a data subject's requests are deemed manifestly unfounded or excessive, particularly due to their repetitive nature, the Controller may, considering administrative costs, either charge a fee of 46.000 HUF or reject the request. The burden of demonstrating the manifestly unfounded or excessive nature of the request rests with the Controller.
In cases where the Controller harbors reasonable doubts about the identity of the requesting individual, they may request additional information to confirm the data subject's identity.
IST Hungary Kft., Date: 30 May 2024
Data processing
This data processing was last reviewed or revised on May 24, 2024.
Company IST Hungary Kft. (hereinafter: “ Consultant”, “ Service Provider ”, “Controller” ), as the operator of the website accessible under the domain name www.immigrationlive.hu (hereinafter: “ Website ”, hereby publishes information about the processing of personal data in the framework of the provision of services related to the Website, other services provided by the Controller and specified in this document.
Users visiting the Website and using the services of the Controller ( hereinafter: “User” ) accept all the terms and conditions contained in this data processing document ( hereinafter: “ Regulation ” ), so please read this Regulation carefully and completely before using the Website and services.
1. Controller
Company IST Hungary Kft. (1203 Budapest, Kinizsi utca 20. Fsz. 1. ajtó, www.immigrationlive.hu, office@isthungary.hu, tel: +36205977777, tax number: 27966745-2-43), as controller, acknowledges the contents of these brochures are a must for yourself.
The purpose of this Regulation is to set out the principles of protection and processing of personal data, as well as the policy for the protection and processing of personal data applied by the Consultant.
In accordance with paragraph (1) of Article 37 of the GDPR, the Consultant is not required to appoint a data protection officer.
2. Scope of legislation on which the processing of personal data is based
- Law No. 53 of 2017 on the Prevention and Combating of Money Laundering and the Financing of Terrorism ( hereinafter: “ Pmt” ),
- Law No. 52 of 2017 on the application of financial and property restrictive measures prescribed by the European Union and the UN Security Council,
- Law No. 112 of 2011 on the right to information self-determination and freedom of information,
- Regulation 2016/679/ EU on the protection and processing of personal data of individuals and on the free movement of such data, and repealing Regulation No 95/46/ EC ( hereinafter: “ GDPR ”).
3. Principles of processing personal data
The Consultant undertakes that all processing of data related to his professional activities complies with the requirements set out in this Regulation, the GDPR, and applicable national law. The consultant makes every effort to protect the personal data of its clients and the personal data provided by them, as well as the rights of interested parties. The consultant treats personal information confidentially and takes all security measures, as well as technical and organizational measures to ensure the security of personal data.
Within the scope of the above, the Consultant takes appropriate steps to ensure that personal information about clients at all times:
- processed lawfully and fairly, and on an appropriate legal basis (lawfulness, fairness, and fairness );
- collected only for specified, clear, and legitimate purposes and not processed in a manner incompatible with these purposes ( purpose restrictions );
- limited to relevance and relevance, as well as necessity for the purposes of data processing ( data minimization );
- is accurate and, if necessary, updated; If possible, inaccurate personal data will be deleted or corrected without delay ( accuracy );
- stored in a form that allows clients to be identified only for as long as it is necessary for the purposes for which personal data is processed; storage of personal data for a longer period should only be carried out for statistical purposes, subject to the implementation of appropriate technical and organizational measures ( storage restrictions );
- processed in such a way as to ensure adequate security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage, through the application of appropriate technical or organizational measures ( integrity and confidentiality ).
At the same time, clients are required to ensure that data subjects, including persons specified in the assignment agreement and acting on behalf of clients or other persons whose personal data is transferred to the Consultant, receive a privacy notice by Article 13 of the GDPR.
4. Definitions:
• “Personal data ” means any information relating to an identified or identifiable natural person ( “data subject” ); an identified natural person is one who can be identified directly or indirectly , in particular by reference to one or more factors such as name , number, location , online identifier or physical, physiological, genetic , mental , economic , cultural or social identity of an identifiable individual ;
• “Controller” means the natural or legal person , public authority , agency or any other body which , alone or jointly with others, determines the purposes and means of the processing of personal data ; where the purposes and means of processing are determined by Union or Member State law, the controller or the specific criteria for the appointment of a controller may be determined by Union or Member State law ;
• “ Processor ” means any natural or legal person, public authority, agency or any other body that processes personal data on behalf of the controller ;
• “Third party ” means any natural or legal person , public authority , agency or any other body that is not the data subject , controller , processor or persons who , under the direct control of the controller or processor, are authorized to process personal data ;
• “Data subject consent ” means a voluntary, specific , conscious and unambiguous statement by the data subject of consent to the processing of personal data concerning him or her by means of a statement or an unambiguous statement ;
• “Unauthorized access to personal data ” means a breach of security resulting in accidental or unlawful destruction, loss , alteration , unauthorized disclosure or unauthorized access to personal data transmitted , stored or otherwise processed ;
• “ Client ”: those who are interested in the Consultant's services in person, on the Website, by telephone, or in any other way, or who have entered into an agency agreement with the Consultant.
5. Scope of personal data, purpose , legal basis, and duration of data processing
Processing of the Consultant's data is based on contractual or legal obligations or voluntary consent .
The consultant processes the following personal data of clients for the purposes listed below :
5.1. Interest in consulting, intermediary , translation or other services by sending an email, in person, by phone , in instant messengers or otherwise
(a) name : information necessary to identify the client,
(b) email address, telephone number: information necessary to contact the client later,
(c) subject of interest ( eg details of the proposed transaction, other relevant data ) : data necessary to clarify the client's interests and respond accordingly based on the client's own communication.
The legal basis for data processing is the consent of the interested party . Data processing lasts for the period specified by the interested party or until consent is withdrawn.
Personal data processed by the Consultant may be disclosed to subcontractors and Consultant employees to the extent necessary to achieve the purpose of data processing specified in this section.
5.2. Individual request for service cost
(a) name: information necessary to identify the client
(b) email address, telephone number: information necessary to contact the client later,
(c) subject of interest ( circumstances of the case covered by a possible order ): data necessary to ascertain the client's interest and respond accordingly, based on the client's own communication.
The legal basis for data processing is the consent of the interested party. Data processing lasts for the period specified by the interested party or until consent is withdrawn.
5.3. Conclusion and execution of the contract of assignment to the Consultant
(a) name : information necessary to identify the client
(b) email address , telephone number: information necessary to contact by the client later ,
(c) information related to the subject of the contract ( for example , information about property , marital status , personal circumstances ): definition of the subject of the contract, data and circumstances necessary for the execution of the contract and the execution of the order ,
(d) mandatory data that must be registered mandatory and defined in the PMT ( for example , personal identification data , copies of identity cards , data on the quality of key government roles , data on the natural identity of beneficial owners ): data must be registered in accordance with with mandatory legal requirements .
The legal basis for data management is the execution of the contract and the provision of any legal disputes arising in connection with it , as well as the mandatory requirements of Pmt .
The duration of data processing is the duration of the contract plus 5 years ( the total period for fulfilling civil legal requirements ), in the case of generated and non-destroyable documents, the storage period is not limited, in the case of data collection on the basis of PMT 8 years from the date of termination of the assignment, which can be extended in exceptional cases provided by law .
In the absence of such a legal obligation, the Consultant will not verify the personal data provided to him . The person who provided the data bears full responsibility for the accuracy of the information provided . If the User or customer provides any of the email addresses involved , it is also their responsibility to ensure that they are the only one using the email address provided .
6. Addressees and categories of data processing addressees
The Advisor typically shares client personal information with the following third parties on a data controller to data controller basis :
- organizations providing services to the Consultant or clients ( for example, a law firm , law firm , translation companies , legal service providers , insurance companies , audit or IT services provider , etc. );
- third parties involved in the execution of the contract for consulting ( authorities , courts , experts , lawyers , accountants, translators , notaries or other service providers engaged by the Consultant or client );
- supervisory authority , other regulatory institutions and bodies .
Clients can request personal information about the processing of personal data processed by the Consultant in connection with them ( purpose of data processing, legal basis , volume of data , transfer of data, duration of processing ), via the following contacts: email: office@isthungary.hu ,
Tel .: +36 205977777,
Address: 1203 Budapest, Kinizsi utca 20. Fsz. 1. ajtó.
7. Method of storing personal data , security of personal data
The Consultant's computer systems and other data storage locations are located at its registered office and on appropriate servers.
The consultant selects and uses IT tools used for processing personal data when providing services , so that the processed data :
- were available only to those who have the right to do so;
- have the ability to ensure their authenticity and authentication ; - would be verifiable for immutability ;
- were protected from unauthorized access .
The Consultant takes appropriate measures to protect data , in particular from unauthorized access , modification , transmission , disclosure , deletion or destruction , as well as from accidental destruction , damage or inaccessibility as a result of changes in the technology used .
Taking into account the current state of technology, the Consultant shall ensure that the security of data processing is protected by technical and organizational measures that provide a reasonable level of protection commensurate with the risks associated with data processing .
At the same time, the Controller brings to the attention of interested parties that electronic communications transmitted over the Internet , regardless of protocol ( e.g. email, Internet, etc. ) , are vulnerable to network threats that lead to fraud, contract disputes or disclosure or modification of information. To protect against such threats, the Consultant takes all precautions required of it .
Data processed by the Consultant is primarily accessible to its employees and subcontractors and is disclosed to third parties solely for the purpose of fulfilling the Consultant's instructions or other legitimate interests ( eg debt collection ) , legal obligations or with the prior explicit consent of the data subject .
8. International transfer of personal data to a third country
Customers' personal data may also be transferred to controllers and processors in countries outside the European Economic Area and within the European Union if this is necessary to fulfill an order or with the customer's express consent based on information previously provided to him ( Article 49 GDPR).
Before concluding the contract, the Consultant informs the client that data transferred outside the European Union is adequately protected in relation to the recipient outside the European Union :
(a) through the general data protection provisions adopted by the Commission in accordance with the verification procedure referred to in paragraph (2) of Article 93 of the GDPR;
(b) through the general data protection provisions adopted by the supervisory authority and approved by the Commission in accordance with the verification procedure referred to in paragraph (2) of Article 93 of the GDPR;
(c) through an approved code of conduct in accordance with Article 40 of the GDPR and a legally binding and enforceable obligation on the controller or processor in the third country to apply appropriate security measures , including in relation to the rights of data subjects ;
(d) through an approved certification mechanism in accordance with Article 42 of the GDPR, together with a binding and enforceable undertaking by the third country controller or processor to apply appropriate security measures , including with regard to the rights of data subjects . In this context, the Consultant will endeavor to adopt the model contractual data protection clauses approved by the European Commission /NAIH with its third country partners .
9. Client rights
9.1 Customer access rights (Article 15 GDPR)
The client has access to his personal data. If the client requests that the Consultant provide feedback on whether it is processing his personal data, the Consultant is obliged to provide information within the framework established by law.
In some cases, the Consultant does not receive personal information from the data subject. In such cases, the Consultant assumes that the person from whom he received the data had the right to transfer it to the Consultant. If the Consultant does not receive data from the data subject, his or her obligation to inform the data subject is limited.
However, the Consultant is always at the disposal of the data subject in the event of a request from the data subject and provides the requested information within the limits of the law.
The client's right to receive feedback on whether the Consultant processes his personal data applies to personal data relating to him but does not apply to personal data not related to him.
The Consultant will provide access and a copy of personal information to the requesting client upon request . If the client requests an additional / repeated copy of his/her personal data , the Consultant may charge a reasonable fee to cover the administrative costs incurred in connection with the request and borne by the client .
9.2 Customer's right to rectification (Article 16 GDPR)
The client has the right to correct his personal data. This right applies to personal data concerning him; and does not apply to personal data that does not concern him.
At the request of the client, the Consultant undertakes, within the framework of the law, to appropriately correct or supplement his personal data, as well as to inform the recipients of such personal data ( if any ) about the correction of personal data, except in cases where this is impossible or disproportionate efforts are made to inform the recipients.
9.3 Customer's right to cancel (Article 17 GDPR)
Under certain conditions, the client has the right to delete his personal data.
The Consultant is obliged to delete the personal data if the Consultant processes this personal data and the client requests the deletion of his personal data, and the personal data is not necessary for the purposes for which the Consultant processes the personal data.
The Consultant is obliged to delete the client's personal data without undue delay if the Consultant processes the client's personal data and the client requests the deletion of his personal data, and the client withdraws his consent on which the processing of his data is based, and there are no other legal grounds for the client's data to be processed further.
The Consultant is obliged to delete the client's personal data if the processing is necessary to protect the legitimate interests of the Consultant or a third party, and the client objects to the Consultant's processing of his personal data, and the legitimate reason for the processing of such personal data does not take precedence over the customer's protest.
The Consultant is obliged to delete the client's personal data if the client requests the deletion of his personal data and the processing of such data by the Consultant is not illegal or the deletion is mandatory in accordance with applicable law, or the client's data was collected in relation to information society services.
The consultant informs the recipients of such personal data ( if any ) about the deletion of the client's personal data, except in cases where informing the recipients is impossible or disproportionate.
9.4 Client's right to restriction of data processing ( Article 18 GDPR)
The client may, within the framework of the law, request restrictions of the processing of his personal data.
The client's right to request restriction of the processing of his personal data applies to personal data relating to him ; and does not apply to personal data that does not concern him .
The Consultant restricts the processing of the client's personal data for a period during which he or she verifies the accuracy of such data if the client requests restriction of the processing of his or her personal data and the client disputes the accuracy of such data .
The consultant limits the processing of the client's personal data if the client requests to limit the processing of data , the processing of which is illegal , and the client objects to the deletion of such data .
The Consultant restricts the processing of the client's personal data if the client requests to limit the processing of his personal data and this data is no longer needed by the Consultant for the purposes of data processing and the client requests his data to store , enforce or defend a legal claim .
The Consultant limits the processing of the client's personal data if the client objects to the processing of personal data , which , however , is necessary for the legitimate interests of the Consultant, and the client expects confirmation of a legitimate reason for the Consultant to process the client's personal data , which reason shall prevail over the client's protest .
The Consultant informs the recipients of such personal data ( if any ) about any restrictions on the processing of the client's personal data , except in cases where informing the recipients is impossible or disproportionate .
If the Consultant limits the processing of the client’s personal data , then he may store such personal data ,
- can process such personal data with the client’s consent ,
- may process personal data for the establishment , assertion or defense of legal claims or for the protection of human rights .
9.5 Customer right to data portability (Article 12 GDPR)
The Client has the right to receive personal data about himself provided to the data controller in a structured , commonly used machine-readable format and to transfer this data to another data controller without hindrance ( if technically possible ). to whom the personal data was provided , if the processing is based on consent or is necessary for the performance of a contract and the processing is carried out in an automated way .
The client's right to data portability applies to personal data concerning him ; and does not apply to personal data that does not concern him .
9.6 Right to protest:
The data subject has the right to object to processing at any time on grounds relating to his or her situation , if this is necessary for the performance of a task in the public interest or within the framework of a public authority entrusted to the Data Controller , or if the Data Controller or a third party has a legitimate interest .
The consultant is obliged to provide the requested information in writing as soon as possible ( without undue delay ) from the date of submission of the application , but no later than within 30 days, or to delete the data in case of withdrawal of consent . In case of correction or deletion, the Consultant informs all recipients to whom the data was transferred .
If the Consultant is unable to comply with the data subject's request , it must inform the data subject within 30 days .
The Consultant informs data subjects that withdrawal of consent to data processing does not affect the lawfulness of data processing carried out on the basis of consent prior to withdrawal .
10. Unauthorized access to personal data
If unauthorized access to personal data in the Consultant's system may pose a high risk to the rights and freedoms of individuals , the Consultant will inform the data subject of the data security incident without undue delay .
to personal data is any event related to the unlawful handling or processing of personal data in connection with personal data processed , transmitted , stored or processed by the Data Controller , in particular unauthorized or accidental access , modification , transfer , deletion , loss or destruction , or accidental destruction resulting in injury .
The Controller shall, without undue delay and no later than 72 hours after becoming aware of unauthorized access to personal data , notify NAIH of the incident unless the Controller can demonstrate that the unauthorized access to personal data is unlikely to jeopardize individual rights and freedoms . If notice cannot be given within 72 hours , the reason for the delay must be stated and the required information can be provided in detail without further undue delay . The NAIH notice must contain at least the following information :
• the nature of unauthorized access to personal data , the number and category of data subjects and personal data ;
• name and contact details of the data controller ;
• probable consequences of unauthorized access to personal data ;
• measures taken or planned to eliminate , prevent or eliminate unauthorized access to personal data.
Where unauthorized access to personal data may pose a high risk , the Controller must notify data subjects of the data security incident via the Data Controller's website within 72 hours of discovery of the data security incident . The information must contain at least the information specified in this paragraph .
The data controller maintains a record of incidents of unauthorized access to personal data in order to monitor measures related to the data security incident and inform data subjects . The register must contain the following information :
11. Relationships with clients
If the client has any comments , questions or problems with the management of the Consultant's data or when using his services , he can contact him using the contact details on the Website.
12. Links to other websites
This site contains links to other providers that are not covered by this privacy statement. When a client leaves a Consultant's website, it is recommended that you carefully review the privacy policies of all relevant websites that collect personal information.
13. Other
The Consultant reserves the right to unilaterally amend this Privacy Information with notice to interested parties.
The Consultant informs its clients that they may contact the Consultant to provide information, disclose data, or provide documents to an investigative body, the National Data Protection and Freedom of Information Authority, or other bodies authorized by law.
14. Rules of procedure
The controller must provide, delete, and correct personal data information within 30 days. If the Controller does not comply with such a request from the data subject, it must notify the reasons for the refusal in writing within 30 days.
Company IST Hungary Kft. (hereinafter: “ Consultant”, “ Service Provider ”, “Controller” ), as the operator of the website accessible under the domain name www.immigrationlive.hu (hereinafter: “ Website ”, hereby publishes information about the processing of personal data in the framework of the provision of services related to the Website, other services provided by the Controller and specified in this document.
Users visiting the Website and using the services of the Controller ( hereinafter: “User” ) accept all the terms and conditions contained in this data processing document ( hereinafter: “ Regulation ” ), so please read this Regulation carefully and completely before using the Website and services.
1. Controller
Company IST Hungary Kft. (1203 Budapest, Kinizsi utca 20. Fsz. 1. ajtó, www.immigrationlive.hu, office@isthungary.hu, tel: +36205977777, tax number: 27966745-2-43), as controller, acknowledges the contents of these brochures are a must for yourself.
The purpose of this Regulation is to set out the principles of protection and processing of personal data, as well as the policy for the protection and processing of personal data applied by the Consultant.
In accordance with paragraph (1) of Article 37 of the GDPR, the Consultant is not required to appoint a data protection officer.
2. Scope of legislation on which the processing of personal data is based
- Law No. 53 of 2017 on the Prevention and Combating of Money Laundering and the Financing of Terrorism ( hereinafter: “ Pmt” ),
- Law No. 52 of 2017 on the application of financial and property restrictive measures prescribed by the European Union and the UN Security Council,
- Law No. 112 of 2011 on the right to information self-determination and freedom of information,
- Regulation 2016/679/ EU on the protection and processing of personal data of individuals and on the free movement of such data, and repealing Regulation No 95/46/ EC ( hereinafter: “ GDPR ”).
3. Principles of processing personal data
The Consultant undertakes that all processing of data related to his professional activities complies with the requirements set out in this Regulation, the GDPR, and applicable national law. The consultant makes every effort to protect the personal data of its clients and the personal data provided by them, as well as the rights of interested parties. The consultant treats personal information confidentially and takes all security measures, as well as technical and organizational measures to ensure the security of personal data.
Within the scope of the above, the Consultant takes appropriate steps to ensure that personal information about clients at all times:
- processed lawfully and fairly, and on an appropriate legal basis (lawfulness, fairness, and fairness );
- collected only for specified, clear, and legitimate purposes and not processed in a manner incompatible with these purposes ( purpose restrictions );
- limited to relevance and relevance, as well as necessity for the purposes of data processing ( data minimization );
- is accurate and, if necessary, updated; If possible, inaccurate personal data will be deleted or corrected without delay ( accuracy );
- stored in a form that allows clients to be identified only for as long as it is necessary for the purposes for which personal data is processed; storage of personal data for a longer period should only be carried out for statistical purposes, subject to the implementation of appropriate technical and organizational measures ( storage restrictions );
- processed in such a way as to ensure adequate security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage, through the application of appropriate technical or organizational measures ( integrity and confidentiality ).
At the same time, clients are required to ensure that data subjects, including persons specified in the assignment agreement and acting on behalf of clients or other persons whose personal data is transferred to the Consultant, receive a privacy notice by Article 13 of the GDPR.
4. Definitions:
• “Personal data ” means any information relating to an identified or identifiable natural person ( “data subject” ); an identified natural person is one who can be identified directly or indirectly , in particular by reference to one or more factors such as name , number, location , online identifier or physical, physiological, genetic , mental , economic , cultural or social identity of an identifiable individual ;
- “Data processing” means any operation or set of operations on personal data or files , whether automated or manual , such as collection , recording , organization , sorting , storage , transformation or modification , retrieval, consultation, use , transmission , dissemination or otherwise coordination , interconnection, limitation , removal or destruction ;
• “Controller” means the natural or legal person , public authority , agency or any other body which , alone or jointly with others, determines the purposes and means of the processing of personal data ; where the purposes and means of processing are determined by Union or Member State law, the controller or the specific criteria for the appointment of a controller may be determined by Union or Member State law ;
• “ Processor ” means any natural or legal person, public authority, agency or any other body that processes personal data on behalf of the controller ;
• “Third party ” means any natural or legal person , public authority , agency or any other body that is not the data subject , controller , processor or persons who , under the direct control of the controller or processor, are authorized to process personal data ;
• “Data subject consent ” means a voluntary, specific , conscious and unambiguous statement by the data subject of consent to the processing of personal data concerning him or her by means of a statement or an unambiguous statement ;
• “Unauthorized access to personal data ” means a breach of security resulting in accidental or unlawful destruction, loss , alteration , unauthorized disclosure or unauthorized access to personal data transmitted , stored or otherwise processed ;
• “ Client ”: those who are interested in the Consultant's services in person, on the Website, by telephone, or in any other way, or who have entered into an agency agreement with the Consultant.
5. Scope of personal data, purpose , legal basis, and duration of data processing
Processing of the Consultant's data is based on contractual or legal obligations or voluntary consent .
The consultant processes the following personal data of clients for the purposes listed below :
5.1. Interest in consulting, intermediary , translation or other services by sending an email, in person, by phone , in instant messengers or otherwise
(a) name : information necessary to identify the client,
(b) email address, telephone number: information necessary to contact the client later,
(c) subject of interest ( eg details of the proposed transaction, other relevant data ) : data necessary to clarify the client's interests and respond accordingly based on the client's own communication.
The legal basis for data processing is the consent of the interested party . Data processing lasts for the period specified by the interested party or until consent is withdrawn.
Personal data processed by the Consultant may be disclosed to subcontractors and Consultant employees to the extent necessary to achieve the purpose of data processing specified in this section.
5.2. Individual request for service cost
(a) name: information necessary to identify the client
(b) email address, telephone number: information necessary to contact the client later,
(c) subject of interest ( circumstances of the case covered by a possible order ): data necessary to ascertain the client's interest and respond accordingly, based on the client's own communication.
The legal basis for data processing is the consent of the interested party. Data processing lasts for the period specified by the interested party or until consent is withdrawn.
5.3. Conclusion and execution of the contract of assignment to the Consultant
(a) name : information necessary to identify the client
(b) email address , telephone number: information necessary to contact by the client later ,
(c) information related to the subject of the contract ( for example , information about property , marital status , personal circumstances ): definition of the subject of the contract, data and circumstances necessary for the execution of the contract and the execution of the order ,
(d) mandatory data that must be registered mandatory and defined in the PMT ( for example , personal identification data , copies of identity cards , data on the quality of key government roles , data on the natural identity of beneficial owners ): data must be registered in accordance with with mandatory legal requirements .
The legal basis for data management is the execution of the contract and the provision of any legal disputes arising in connection with it , as well as the mandatory requirements of Pmt .
The duration of data processing is the duration of the contract plus 5 years ( the total period for fulfilling civil legal requirements ), in the case of generated and non-destroyable documents, the storage period is not limited, in the case of data collection on the basis of PMT 8 years from the date of termination of the assignment, which can be extended in exceptional cases provided by law .
In the absence of such a legal obligation, the Consultant will not verify the personal data provided to him . The person who provided the data bears full responsibility for the accuracy of the information provided . If the User or customer provides any of the email addresses involved , it is also their responsibility to ensure that they are the only one using the email address provided .
6. Addressees and categories of data processing addressees
The Advisor typically shares client personal information with the following third parties on a data controller to data controller basis :
- organizations providing services to the Consultant or clients ( for example, a law firm , law firm , translation companies , legal service providers , insurance companies , audit or IT services provider , etc. );
- third parties involved in the execution of the contract for consulting ( authorities , courts , experts , lawyers , accountants, translators , notaries or other service providers engaged by the Consultant or client );
- supervisory authority , other regulatory institutions and bodies .
Clients can request personal information about the processing of personal data processed by the Consultant in connection with them ( purpose of data processing, legal basis , volume of data , transfer of data, duration of processing ), via the following contacts: email: office@isthungary.hu ,
Tel .: +36 205977777,
Address: 1203 Budapest, Kinizsi utca 20. Fsz. 1. ajtó.
7. Method of storing personal data , security of personal data
The Consultant's computer systems and other data storage locations are located at its registered office and on appropriate servers.
The consultant selects and uses IT tools used for processing personal data when providing services , so that the processed data :
- were available only to those who have the right to do so;
- have the ability to ensure their authenticity and authentication ; - would be verifiable for immutability ;
- were protected from unauthorized access .
The Consultant takes appropriate measures to protect data , in particular from unauthorized access , modification , transmission , disclosure , deletion or destruction , as well as from accidental destruction , damage or inaccessibility as a result of changes in the technology used .
Taking into account the current state of technology, the Consultant shall ensure that the security of data processing is protected by technical and organizational measures that provide a reasonable level of protection commensurate with the risks associated with data processing .
At the same time, the Controller brings to the attention of interested parties that electronic communications transmitted over the Internet , regardless of protocol ( e.g. email, Internet, etc. ) , are vulnerable to network threats that lead to fraud, contract disputes or disclosure or modification of information. To protect against such threats, the Consultant takes all precautions required of it .
Data processed by the Consultant is primarily accessible to its employees and subcontractors and is disclosed to third parties solely for the purpose of fulfilling the Consultant's instructions or other legitimate interests ( eg debt collection ) , legal obligations or with the prior explicit consent of the data subject .
8. International transfer of personal data to a third country
Customers' personal data may also be transferred to controllers and processors in countries outside the European Economic Area and within the European Union if this is necessary to fulfill an order or with the customer's express consent based on information previously provided to him ( Article 49 GDPR).
Before concluding the contract, the Consultant informs the client that data transferred outside the European Union is adequately protected in relation to the recipient outside the European Union :
(a) through the general data protection provisions adopted by the Commission in accordance with the verification procedure referred to in paragraph (2) of Article 93 of the GDPR;
(b) through the general data protection provisions adopted by the supervisory authority and approved by the Commission in accordance with the verification procedure referred to in paragraph (2) of Article 93 of the GDPR;
(c) through an approved code of conduct in accordance with Article 40 of the GDPR and a legally binding and enforceable obligation on the controller or processor in the third country to apply appropriate security measures , including in relation to the rights of data subjects ;
(d) through an approved certification mechanism in accordance with Article 42 of the GDPR, together with a binding and enforceable undertaking by the third country controller or processor to apply appropriate security measures , including with regard to the rights of data subjects . In this context, the Consultant will endeavor to adopt the model contractual data protection clauses approved by the European Commission /NAIH with its third country partners .
9. Client rights
9.1 Customer access rights (Article 15 GDPR)
The client has access to his personal data. If the client requests that the Consultant provide feedback on whether it is processing his personal data, the Consultant is obliged to provide information within the framework established by law.
In some cases, the Consultant does not receive personal information from the data subject. In such cases, the Consultant assumes that the person from whom he received the data had the right to transfer it to the Consultant. If the Consultant does not receive data from the data subject, his or her obligation to inform the data subject is limited.
However, the Consultant is always at the disposal of the data subject in the event of a request from the data subject and provides the requested information within the limits of the law.
The client's right to receive feedback on whether the Consultant processes his personal data applies to personal data relating to him but does not apply to personal data not related to him.
The Consultant will provide access and a copy of personal information to the requesting client upon request . If the client requests an additional / repeated copy of his/her personal data , the Consultant may charge a reasonable fee to cover the administrative costs incurred in connection with the request and borne by the client .
9.2 Customer's right to rectification (Article 16 GDPR)
The client has the right to correct his personal data. This right applies to personal data concerning him; and does not apply to personal data that does not concern him.
At the request of the client, the Consultant undertakes, within the framework of the law, to appropriately correct or supplement his personal data, as well as to inform the recipients of such personal data ( if any ) about the correction of personal data, except in cases where this is impossible or disproportionate efforts are made to inform the recipients.
9.3 Customer's right to cancel (Article 17 GDPR)
Under certain conditions, the client has the right to delete his personal data.
The Consultant is obliged to delete the personal data if the Consultant processes this personal data and the client requests the deletion of his personal data, and the personal data is not necessary for the purposes for which the Consultant processes the personal data.
The Consultant is obliged to delete the client's personal data without undue delay if the Consultant processes the client's personal data and the client requests the deletion of his personal data, and the client withdraws his consent on which the processing of his data is based, and there are no other legal grounds for the client's data to be processed further.
The Consultant is obliged to delete the client's personal data if the processing is necessary to protect the legitimate interests of the Consultant or a third party, and the client objects to the Consultant's processing of his personal data, and the legitimate reason for the processing of such personal data does not take precedence over the customer's protest.
The Consultant is obliged to delete the client's personal data if the client requests the deletion of his personal data and the processing of such data by the Consultant is not illegal or the deletion is mandatory in accordance with applicable law, or the client's data was collected in relation to information society services.
The consultant informs the recipients of such personal data ( if any ) about the deletion of the client's personal data, except in cases where informing the recipients is impossible or disproportionate.
9.4 Client's right to restriction of data processing ( Article 18 GDPR)
The client may, within the framework of the law, request restrictions of the processing of his personal data.
The client's right to request restriction of the processing of his personal data applies to personal data relating to him ; and does not apply to personal data that does not concern him .
The Consultant restricts the processing of the client's personal data for a period during which he or she verifies the accuracy of such data if the client requests restriction of the processing of his or her personal data and the client disputes the accuracy of such data .
The consultant limits the processing of the client's personal data if the client requests to limit the processing of data , the processing of which is illegal , and the client objects to the deletion of such data .
The Consultant restricts the processing of the client's personal data if the client requests to limit the processing of his personal data and this data is no longer needed by the Consultant for the purposes of data processing and the client requests his data to store , enforce or defend a legal claim .
The Consultant limits the processing of the client's personal data if the client objects to the processing of personal data , which , however , is necessary for the legitimate interests of the Consultant, and the client expects confirmation of a legitimate reason for the Consultant to process the client's personal data , which reason shall prevail over the client's protest .
The Consultant informs the recipients of such personal data ( if any ) about any restrictions on the processing of the client's personal data , except in cases where informing the recipients is impossible or disproportionate .
If the Consultant limits the processing of the client’s personal data , then he may store such personal data ,
- can process such personal data with the client’s consent ,
- may process personal data for the establishment , assertion or defense of legal claims or for the protection of human rights .
9.5 Customer right to data portability (Article 12 GDPR)
The Client has the right to receive personal data about himself provided to the data controller in a structured , commonly used machine-readable format and to transfer this data to another data controller without hindrance ( if technically possible ). to whom the personal data was provided , if the processing is based on consent or is necessary for the performance of a contract and the processing is carried out in an automated way .
The client's right to data portability applies to personal data concerning him ; and does not apply to personal data that does not concern him .
9.6 Right to protest:
The data subject has the right to object to processing at any time on grounds relating to his or her situation , if this is necessary for the performance of a task in the public interest or within the framework of a public authority entrusted to the Data Controller , or if the Data Controller or a third party has a legitimate interest .
The consultant is obliged to provide the requested information in writing as soon as possible ( without undue delay ) from the date of submission of the application , but no later than within 30 days, or to delete the data in case of withdrawal of consent . In case of correction or deletion, the Consultant informs all recipients to whom the data was transferred .
If the Consultant is unable to comply with the data subject's request , it must inform the data subject within 30 days .
The Consultant informs data subjects that withdrawal of consent to data processing does not affect the lawfulness of data processing carried out on the basis of consent prior to withdrawal .
10. Unauthorized access to personal data
If unauthorized access to personal data in the Consultant's system may pose a high risk to the rights and freedoms of individuals , the Consultant will inform the data subject of the data security incident without undue delay .
to personal data is any event related to the unlawful handling or processing of personal data in connection with personal data processed , transmitted , stored or processed by the Data Controller , in particular unauthorized or accidental access , modification , transfer , deletion , loss or destruction , or accidental destruction resulting in injury .
The Controller shall, without undue delay and no later than 72 hours after becoming aware of unauthorized access to personal data , notify NAIH of the incident unless the Controller can demonstrate that the unauthorized access to personal data is unlikely to jeopardize individual rights and freedoms . If notice cannot be given within 72 hours , the reason for the delay must be stated and the required information can be provided in detail without further undue delay . The NAIH notice must contain at least the following information :
• the nature of unauthorized access to personal data , the number and category of data subjects and personal data ;
• name and contact details of the data controller ;
• probable consequences of unauthorized access to personal data ;
• measures taken or planned to eliminate , prevent or eliminate unauthorized access to personal data.
Where unauthorized access to personal data may pose a high risk , the Controller must notify data subjects of the data security incident via the Data Controller's website within 72 hours of discovery of the data security incident . The information must contain at least the information specified in this paragraph .
The data controller maintains a record of incidents of unauthorized access to personal data in order to monitor measures related to the data security incident and inform data subjects . The register must contain the following information :
- the scope of the relevant personal data ;
- circle and number of interested parties ;
- date of the incident related to unauthorized access to personal data ;
- circumstances and consequences of an incident with unauthorized access to personal data ;
- measures taken to resolve an incident with unauthorized access to personal data .
11. Relationships with clients
If the client has any comments , questions or problems with the management of the Consultant's data or when using his services , he can contact him using the contact details on the Website.
12. Links to other websites
This site contains links to other providers that are not covered by this privacy statement. When a client leaves a Consultant's website, it is recommended that you carefully review the privacy policies of all relevant websites that collect personal information.
13. Other
The Consultant reserves the right to unilaterally amend this Privacy Information with notice to interested parties.
The Consultant informs its clients that they may contact the Consultant to provide information, disclose data, or provide documents to an investigative body, the National Data Protection and Freedom of Information Authority, or other bodies authorized by law.
14. Rules of procedure
The controller must provide, delete, and correct personal data information within 30 days. If the Controller does not comply with such a request from the data subject, it must notify the reasons for the refusal in writing within 30 days.