DATA PROTECTION AND DATA PROCESSING POLICY
of the OLELO Fordító és Tolmács Korlátolt Felelősségű Társaság (OLELO Translation and Interpreting Limited Liability Company)
I. Purpose of the policy
The purpose of the present Policy is to stipulate the data protection and data management principles of OLELO Translation and Interpreting Limited Liability Company (seat: 2170 Aszód, Petőfi utca 10., company register number: 13-09-143594, tax number: 231072363-2-13, hereinafter: Company) and the Company’s data protection and data management policy by which the Company considers itself to be bound.
Personal data or data: data relating to the given natural person (hereinafter: data subject), conclusions drawn from the data with respect to the data subject. In the course of data management personal data shall be considered as such as long as their connection with the data subject may be restored.
Data record: the sum of data processed in a single file.
Data processing: any operation or the totality of operations performed on the data, irrespective of the procedure applied; in particular, collecting, recording, registering, classifying, storing, modifying, using, querying, transferring, disclosing, synchronising or connecting, blocking, deleting and destructing the personal data, as well as preventing their further use.
Controller: data processing shall be carried out by the Company, that is, the OLELO Fordító és Tolmács Korlátolt Felelősségű Társaság.
Data process: shall mean performing data processing and technical tasks, irrespective of the method and means used for executing the operations, as well as the place of execution, provided that the technical task is performed on the data;
Data destruction: shall mean complete physical destruction of the data carrier recording the data.
Data transfer: shall mean ensuring access to the data for a third party.
Disclosure: shall mean ensuring open access to the data.
Data processor: shall mean any natural or legal person or organisation without legal personality processing personal data on the basis of a Contract concluded with the controller.
Data deletion: shall mean making data unrecognisable in a way that it can no longer be restored;
Automated data record: data lines processed automatically.
Automated process: includes the following operation in case those are carried out partly or wholly by automated tools: data storage, logic or arithmetic data operations, modification, deletion, retrieval or dissemination of data.
System: the sum of technical solutions operating the controller´s online pages and services.
User: natural person who registers and enters his data specified in point III. below.
III. Scope of personal data managed
3.1. In the course of data management, depending on the User´s choice (i.e. the User accesses/visits the Company´s website) the Company shall manage the following data in case of Users: IP address and the date of access.
3.2. The Company does not process special personal data, should these be shared by the Users on the websites, be entered into the Company’s database or should the Company become aware of such data the Company shall be entitled to delete them immediately.
3.3. The scope of the present Policy only covers the data communicated to the Company on the websites specified, its rules do not extend to those cases, where someone voluntarily discloses his personal data or part of the same on the websites or through the websites.
3.4. The Company shall not register data related to children or data entered by children without the permission of his parent or guardian. In case of persons under the age of 16 the processing of data is always conditional upon the written permission of his parent or guardian.
IV. Other data processed by the Company
4.1. To ensure individually optimized service the Company shall place data packages (so-called ‘cookies’) on the User’s computer. The aim of cookies is to ensure the highest level of operational quality of websites to improve user experience. Users can delete cookies from their computers or may adjust the settings of their computer in a way that cookies are blocked. By blocking cookies the User acknowledges that the operation of the given webpage will not be fully satisfactory without the cookie. The Company shall not exchange cookies with third party operated websites or external data providers.
4.2. Data technically recorded in the course of operating the systems: computer data of the User which are generated in the course of using the service and which are recorded by the Company’s system or the hosting provider as an automatic result of technical processes. Data automatically recorded will be automatically logged by the system at the time of login and logout without separate statement or action of the User. These data may only be accessed by the Company and the hosting provider.
V. Legal basis, goal and means of data processing
5.1. Data processing shall take place based on the voluntary, informed statement of the Company’s users, which statement shall contain the express permission of the User for the use of the personal data they enter or that are generated in relation to them while using the webpage. The legal basis of the data processing is Article 5 paragraph 1 point a) of Act No. CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: Infotv.) on the voluntary consent of the data subject.
5.2. Goal of the data processing is to ensure the provision of services available through the website of the Company, in particular online content delivery, presentation of individually optimized content and advertisements, building statistics, developing the IT system, protection of user rights, and facilitating correspondence with Users. The Company may use data made accessible by Users in the course of receiving services to build user groups and to present targeted content and/or advertisements to user groups on the Company’s website. The Company cannot use personal data entered for purposes other than those set forth in the present points. Unless otherwise provided for by law, personal data can only be disclosed to third persons or authorities upon a decision of the national authority or prior, express permission of the User.
5.3. The Company shall not check the personal data provided to it. The data subject is solely liable for the accuracy of the data provided.
5.4. The Company shall use its best efforts to ensure that the complete security of the IT systems it uses, in particular, by preventing unauthorized access to data stored on the webpage. The Company however declares that the IT systems containing the website are not operated by it, therefore, it is the hosting provider who shall be liable for possible breaches.
5.5. The www.olelo.hu website may provide connection to other websites not controlled by the Company and other websites not controlled by the Company may provide such connection to the Company’s webpages. The Company shall use its best efforts to provide connection only to those websites where the protection offered corresponds to the Company’s security and confidentiality guidelines. When the User leaves the Company’s webpage the Company shall not be liable for the security of information entered by the User on other webpages.
VI. Data processing principles
6.1. Data may only be acquired and processed fairly and lawfully.
6.2. Data can only be stored for specified and lawful purposes and cannot be used otherwise.
6.3. Data storage must be proportionate to, and must comply with the aim of the storage, without going beyond it.
6.4. Appropriate security measures must be taken to protect personal data stored in automated data records to prevent accidental or unlawful destruction, accidental loss, unauthorized access, modification or dissemination of the same.
VII. Data protection guidelines applied by the Company
7.1. The Company shall only use personal data indispensable and for the specified purpose of receiving its services, upon the permission of the data subjects.
7.2. The Company as Data Controller undertakes to manage the data acquired by it according to the provisions of the Infotv. and the data protection principles laid down in the present Policy and will not disclose these to third persons. An exception to those laid down in the present paragraph will be the use of the statistical aggregate of such data, which shall not contain the User’s name or any other data from which he may be identified and as such, does not qualify as Data processing or Data transfer.
7.3. In certain cases the Company will make the User’s data available to it accessible to third parties – upon official court or police request, legal proceedings for the violation or reasonable suspicion of the violation of copyright, property or other infringements jeopardizing Company interests or the provision of services.
7.4. The Company’s system may gather data on Users’ activity which cannot be connected to other data provided by Users at the time of registration or data produced in the course of using other websites or services.
7.5. The User must be informed about the purpose of the Data processing and of who will be managing and processing the data. The User will be considered to be informed where a legal act refers to existing Data processing or the recording of data through transfer or connecting.
7.6. In all cases where the Company wishes to use data provided for a purpose other than for which it had been originally provided, it will inform the User thereof and acquire his prior, express consent, and will make it possible for him to prohibit such use of the data.
7.7. In the course of registering, recording and processing data, the Company will adhere to the restrictions foreseen under the law at all times.
7.8. The Company shall take the necessary steps to ensure the security of the data, and will take all technical and organizational measures and elaborate those procedural rules that will ensure that registered, stored and processed data are protected, preventing their destruction, unauthorized use and unauthorized alteration.
7.9. The Company shall block Personal data in case the data subject so requires or where based on the information available it may be assumed that deletion would violate the data subject’s legitimate interests. Personal data so blocked shall only be processed until the purpose of data processing that excludes the deletion of the Personal data prevails.
7.10. The User affected and all those who have transferred the data for the purposes of Data processing must be informed of the correction, blocking or deletion of Personal Data processed. Providing such information may be waived where – with due regard to the purpose of Data processing – this does not violate the legitimate interests of the Data subject.
VIII. The duration of Data processing
8.1. Data registered automatically and technically in the course of the system’s operation shall be stored in the system starting with their generation for the duration necessary to ensure the operation of the system. The Company will ensure that these automatically registered data together with other, personal data of users – with the exceptions mandated by the law – cannot be connected. Where the User withdraws his consent to the processing of his Personal data he may no longer be identifiable from the technical data by anyone – not including law enforcement and experts. Session IDs produced in the course of using the website will automatically be deleted by closing the browser displaying the website.
IX. Disposing over personal data
9.1. Users are entitled to request information from the Company as Data controller about the management of their personal data at any time in writing, in certified or registered mail sent to the address of the Company or in e-mail addressed to firstname.lastname@example.org. The Company shall consider the request for information sent per mail to be authentic in case the User is clearly identifiable from the request sent. The request for information may extend to the User’s data managed by the Company, their source, the purpose, legal basis, duration of the data management, the name and address of possible data processors, activities related to data management and in case of a transfer of Personal data, information on who had received or receives the User’s data and for what purpose.
9.2. The Company is obliged to answer the questions related to data management within 15 working days from receipt. Where the request is made per e-mail the date of receipt shall be the first working day following the sending of the e-mail.
X. Processing of data
10.1. The Company shall not employ a separate processor. Where necessary, it shall process personal data with its own technical devices.
XI. External service providers
11.1. The independent measuring of the number of visits to the Company website and further web-analytical data will be supported by an external service provider (Google Analytics). Data entered into the external service provider’s systems will be governed by the data protection guidelines of the external service provider. Detailed information on the processing of measurement data shall be provided by the external service provider conducting the measurement. Contact: http://www.google.com/analytics/hu-HU/.
11.2. The Company also uses further external service providers’ reports, by employing the measurement techniques offered by Facebook, LindkedIn and Google+. ). Data entered into the external service providers’ systems will be governed by the data protection guidelines of the external service providers. Detailed information on the processing of measurement data shall be provided by the external service providers conducting the measurement. Contacts: https://www.facebook.com/about/privacy/, http://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv, http://www.google.com/intl/hu_ALL/policies/privacy/.
11.4. In case the website is visited, the hosting provider of www.olelo.hu shall log visitors’ data to ensure the service, control its functioning and to prevent abuse, such data comprise the IP address of the visitor, the date of the visit, the type of browser and version used for the visit, the country and city where the visitor accessed the webpage, the type and version of the browser’s operating system. In the course of the visit the hosting service provider may acquire certain data on internet usage (such as the IP address), which are not processed by the data controller; these instances are governed by the data processing guidelines of the given hosting provider.
11.5. In connection with the operation of the service the Company may transfer data entered by the User to external service providers, however, the external service provider can only use the data received for the purpose set forth in the present Policy.
XII. Possibility of data transfer
12.1. The Company as data controller is entitled and obliged to transfer all personal data available to it and duly stored by it to competent authorities when mandated by a legal act or a final decision of an authority. The Company shall not be liable for such data transfer and consequences ensuing from it.
12.2. Should the Company transfer the operation or utilization of the delivery of content and hosting service on its website partly or wholly to third persons, the data processed by it may be completely transferred without requesting a separate permission to do so. Such data transfer cannot put the User in a less favourable position than those guaranteed by the data processing rules set forth in the present policy.
XIII. Modification to the Data Processing Policy
13.1. The Company reserves the right to modify through its unilateral decision the present Data Processing Policy at any time.
13.2. With his next login the User accepts the effective provisions of the Data Processing Policy, no further request for the User’s permission shall be necessary.
XIV. Enforcement opportunities
14.1. The User can enforce his rights before the courts based on Infortv., furthermore, he may turn to the National Authority for Data Protection and Freedom of Information (1125 Budapest Szilágyi Erzsébet fasor 22/C; mailing address: 1530 Budapest, Pf. 5.) with all questions relating to personal data.
14.2. All questions and comments related to data processing may be directed to the Company’s employees under the email@example.com e-mail address.
Budapest, August 2018.