Privacy Policy
2220 Vecsés, BUD Nemzetközi Repülőtér Cargo City 324. A0 lph. 1217
HGL Group Hungary Kft.
Cg. 13-09-206323
The HGL Group Hungary Kft. (hereinafter referred to as the “Company” or “Data Controller”) engages in freight forwarding and logistics as its primary activities and provides related services (hereinafter referred to as the “Services”) to its clients. This Privacy Policy (hereinafter referred to as the “Policy”) aims to inform the clients and partners (hereinafter referred to as the “Data Subjects”) utilizing the Company’s Services about the data management practices the Company follows and implements during the provision of its Services and activities.
The Company is committed to protecting the personal data of the Data Subjects and places great importance on adhering to legal provisions when processing personal data. The Company declares that personal data is processed lawfully, fairly, and transparently, in accordance with the provisions of Act CXII of 2011 on Informational Self-determination and Freedom of Information (hereinafter referred to as the “Infotv.”) and the General Data Protection Regulation (EU) 2016/679 of the European Parliament and the Council (hereinafter referred to as the “GDPR”).
In accordance with this commitment, this Policy outlines the purposes and legal bases of data processing, the retention periods of personal data, as well as the rights and remedies of the Data Subjects regarding their personal data processed during the provision of the Company’s Services.
- General Provisions
HGL Group Hungary Kft
HQ: 2220 Vecsés, BUD Nemzetközi Repülőtér Cargo City 324. A0 lph. 1217.
Company Reg. nr: 13-09-206323
Tel: +36 30 551 55 55
E-mail: adatvedelem@hgllog.com
Website: www.hgllog.com
Please carefully read this Privacy Notice before using the services of the Data Controller.
The Company expressly draws the attention of the Data Subjects to the fact that if they have given their consent to any data processing described in this Notice, they are entitled to withdraw such consent at any time as follows:
Post: HU-2220 Vecsés, BUD Nemzetközi Repülőtér Cargo City 324. A0 lph. 1217.
E-mail: adatvedelem@hgllog.com
The Company informs Data Subjects that if the provision of personal data is based on legal or contractual obligations or is a prerequisite for entering into a contract, the Data Subject is required to provide the personal data described in this Privacy Notice. Failure to do so may result in the inability to use the Services.
Only individuals who have reached the age of 16 are entitled to provide personal data. Persons under the age of 16 may only provide personal data with the consent of their legal representative.
- Data Processing by the Company
2.1 Request for Proposal and Contracting
The Company enables Data Subjects to request a quote by providing the data detailed below.
Upon acceptance of the quote, a contract is established between the Company and the requesting Data Subject.
| Purpose of data processing | Legal basis for data processing | Scope of processed data | Data processing duration | Date of notification |
|---|---|---|---|---|
|
Request for proposal regarding the use of services provided by the Company; contracting, payment, invoicing, communication, and information sharing related to the service |
Actions taken at the request of the Data Subject prior to contract conclusion and the Data Subject’s consent contract formation issuance and retention of invoices: in accordance with Section 169 (2) of Act C of 2000 on Accounting |
Data related to a request for a quote: name, email address, phone number, and any other personal data provided by the data subject
Data related to contract conclusion: name, address, email address, phone number and contact person’s name. Billing data: name, address, bank account number and tax number |
In the case of an offer, 30 days after the expiration of the offer’s validity period.
If a contract is concluded between the Company and the Data subject as a result of the request for an offer, the data will be retained for 8 years following the termination of the contract.
For 8 years from the date of invoice issuance. |
Simultaneously with issuance of the invitation to tender. |
We draw the attention of the Data Subjects to the fact that in the absence of providing the above-mentioned data, the Company will not be able to fulfill the request for a quotation or the intention to enter into a contract.
Recipients of personal data and categories of recipients
| Data Processor | Data Processing Activity |
|---|---|
|
ZsÉ Kft.
HQ: 8000 Székesfehérvár, Széchenyi utca 19.
Selester Kft. HQ: 1113 Budapest, Kökörcsin u. 11. CCS Hungary Aircargo Informatikai és Ügyviteli Szolgáltató Kft. HQ: 1172 Budapest, Liget sor 34. |
Accounting tasks, invoicing-related activities and service fulfillment
Air freight, sea freight module, and invoicing module software support Recording and realization of orders, as well as the execution of ordered services within a closed network communication system with other participants in the air freight logistics chain |
2.2 Contract execution, freight forwarding
If the Company enters into a contract with an individual, data processing is based on the legal ground of contract performance. During the fulfillment of orders, the Company may use the services of subcontractors, who qualify as data processors. In such cases, the data subject can inquire about the contact details of the specific data processor at the email address adatvedelem@hgllog.com.
Personal data will only be transferred to a third country if it is necessary for the fulfillment of a contract serving the Client’s interests or if it is mandated by an international agreement. In the context of contract performance, our Company involves collaborators (e.g., carriers, air freight operators, handling companies, etc.). Personal data is transferred to these collaborators. Collaborators engaged in the assignment qualify as data processors, and their activities and data processing are governed by the data processing provisions of the relevant contracts or by international agreements and conventions applicable to the specific area.
| Purpose of data processing | Legal basis for data processing | Scope of processed data | Data processing duration | Date of notification |
|---|---|---|---|---|
|
During freight forwarding, the personal data of natural persons contracting with the Company—such as clients, customers, and suppliers—are processed in connection with the contractual relationship, particularly for the purposes of order registration, order realization, and the fulfillment of the services ordered. |
Contract performance
|
Name, address, phone number and email address of the individuals concerned. |
For 8 years following the termination of the contract. |
Simultaneously with the conclusion of the contract. |
We draw the attention of the data subjects to the fact that if the provision of the above-mentioned data is omitted, the Company will not be able to conclude a contract.
2.3 Claim Report
The Data Subjects may request the completion of a damage assessment letter and a damage report form in connection with any loss events arising in causal relation to the Company’s services.
| Purpose of data processing | Legal basis for data processing | Scope of processed data | Data processing duration | Date of notification |
|---|---|---|---|---|
|
Handling and record-keeping of events involving the Company’s liability for compensation. |
Based on legal provisions
Performance of contract |
Name, address, tax idetification number, bank account number of Data Subject, the data of the incident and the description of the goods and damages. |
It is stored for 5 years from the occurrence of the damage or until the withdrawal of the Data Subject’s consent. |
At the same time as the conclusion of the contract or the submission of the damage report. |
2.4. Customs administration, VPID number application
If the Data Subjects request a customs identification number (VPID number) in connection with the Company’s services, the following data processing activities will take place:
| Purpose of data processing | Legal basis for data processing | Scope of processed data | Data processing duration | Date of notification |
|---|---|---|---|---|
|
Under EU customs regulations, the customs authority is required to register the client based on the so-called customs identification number (VPID number), which can be requested by the data subject with the assistance of the Company.
Use of customs clearance services and export goods handling.
|
Based on the data subject’s authorization, with the data subject’s consent. |
The data subject’s name, address, tax identification number, tax number, passport number, and personal data contained in the attached documents. |
According to Act CLII of 2017, the data is stored for 10 years from the year of its creation or modification. |
Simultaneously with the conclusion of the contract. |
| Data Processor | Data Processing Activity |
|---|---|
|
Mind Soft Kft.
(1116 Budapest, Fehérvári út 144. Főépület II. 205.)
HGL Group Hungary Kft. (2220 Vecsés, BUD Nemzetközi Repülőtér Cargo City 324.) |
The Mind Soft Ltd. performs maintenance work on the program used by the Company for customs administration.
Data processing performed during customs administration activities. |
2.5. Insurance Contracting
The Company, in connection with insurance contracts mediated for the purpose of providing its services, conducts the following data processing activities:
| Purpose of data processing | Legal basis for data processing | Scope of processed data | Data processing duration | Date of notification |
|---|---|---|---|---|
|
The Company processes and transfers personal data (including special categories of personal data) for the purpose of establishing insurance contracts, maintaining existing insurance contracts, and providing services. |
The data subject’s voluntary consent for the transfer of their personal data to the insurer or broker. |
The data subject’s name, birth name, mother’s name, place and date of birth, permanent address, mailing address, email address, phone number, ID card number, and health data. |
It will be stored until the statute of limitations for exercising rights arising from the insurance contract expires. |
Simultaneously with the conclusion of the contract. |
Recipients of personal data and categories of recipients
| Data Processor | Data Processing Activity |
|---|---|
|
In individual cases, an appointed insurance intermediary. |
Mediation of insurance contracts and fulfillment of brokerage agreements for the Company. |
2.6. Data Processd During Contact Initiation
If the Data Subject has any questions, issues, or wishes to establish contact for other purposes while using the Services, they may reach out to the Company using the contact details provided in this Privacy Notice or via the “Contact” section on the website https://www.hgllog.com. Contact can be made through the provided phone numbers, postal address, or email address.
| Purpose of data processing | Legal basis for data processing | Scope of processed data | Data processing duration | Date of notification |
|---|---|---|---|---|
|
Informing the Data Subjects about the questions and observations raised during the contact process; ensuring the traceability of the information exchanged during the contact. |
Consent of the Data Subject. |
Name, company name, email address, phone number, subject of contact, date, time, and other personal data provided in the message. |
Until the withdrawal of the data subject’s consent, but no later than the last day of the year following the contact. |
Simultaneously with the contract. |
2.7. Data Management Related to Resumes
| Purpose of data processing | Legal basis for data processing | Scope of processed data | Data processing duration | Date of notification |
|---|---|---|---|---|
|
The Company processes the personal data of individuals applying for job positions from the start of the recruitment process. The purpose of the recruitment is to optimize the workforce and employ individuals with the appropriate competencies. |
Consent of the Data Subject. |
Personal data included in the résumé, particularly: name, address, date of birth, place of birth, personal preferences, educational background, etc. |
The Company electronically stores incoming résumés on its email server until the advertised position (application process) is filled.
Following the fulfillment of the position, résumés are retained exclusively with the consent of the data subject, for 1 year from the date of consent. |
Simultaneously with recruitment and job advertisement posting, or in the absence thereof, at the time of submitting the offer. |
2.8. Occupational Safety Activities
| Purpose of data processing | Legal basis for data processing | Scope of processed data | Data processing duration | Date of notification |
|---|---|---|---|---|
|
The Company conducts occupational safety measures and training for its employees, ensures safe working conditions, coordinates work processes, and investigates accidents. |
The fulfillment of the contract, investigation of accidents, and actions taken at the request of the data subject prior to the conclusion of the contract. |
The personal data of employees, particularly: name, address, date and place of birth, personal preferences, educational background, etc., as well as the name, email address, and telephone number of the safety officer and the occupational safety contact person for the project. |
If no contract is concluded, the data will be stored for 1 year from receipt.
For contracts with contractual partners, the data will be retained for 5 years following the termination of the agreement.
|
Upon starting employment, the initiation of an assignment, or in the event of an accident, concurrently with the related action. |
Recipients of personal data and categories of recipients
| Data Processor | Data Processing Activity |
|---|---|
|
HGL Group Hungary Kft. (2220 Vecsés, BUD Nemzetközi Repülőtér Cargo City 324.) |
The performance of the Company’s occupational safety activities based on a contractual relationship. |
2.9. Handling of personal data of natural person contracting parties
If the Company enters into a contract with a natural person or a sole proprietor, the other contracting party must be informed in the resulting contract that the data processing is based on the legal ground of fulfilling the contract. The contracting party must also be informed if their personal data will be transferred to a data processor. Personal data will only be transferred to a third country if it is necessary for the performance of the contract serving the interests of the Client or if required by an international agreement.
| Purpose of data processing | Legal basis for data processing | Scope of processed data | Data processing duration | Date of notification |
|---|---|---|---|---|
|
Contract conclusion, performance, and business communication.
|
Performance of the contract, as well as compliance with legal provisions. |
Name, place and date of birth, mother’s maiden name, address, VAT number, enterpreneur certificate number, ID number, phone number, email address, bank details |
8 years after the termination of the contract |
Simultaneously with the contract conclusion, within the framework of provisions that must be applied in the contracts. |
We draw the attention of the data subjects to the fact that if the provision of the above-mentioned data is omitted, the Company will not be able to conclude a contract.
2.10. Contact details of the representatives of the contracting parties who are natural persons in a legal entity
If the Company enters into a contract with a legal entity, the contracting partner must inform its representative or the designated employee responsible for communication that the processing of personal data necessary for communication is based on the legal basis of contract performance. Furthermore, the partner must inform its representative or contact person if their personal data is transferred to a data processor for the purpose of fulfilling the contract.
| Purpose of data processing | Legal basis for data processing | Scope of processed data | Data processing duration | Date of notification |
|---|---|---|---|---|
|
Contract performance, business communication |
Contract performance |
Name, address, phone number and email address of the contact person. |
As long as the status of the affected person’s representative/contact person exists |
Simultaneously with the conclusion of the contract, within the framework of a provision that is mandatory to be applied in the contracts.. |
We draw the attention of the data subjects to the fact that if the provision of the above-mentioned data is omitted, the Company will not be able to conclude a contract.
2.11. Handling of complaints
If the Data Subject has any objections regarding the Company’s services, the following conditions apply to the data processing related to this:
| Purpose of data processing | Legal basis for data processing | Scope of processed data | Data processing duration | Date of notification |
|---|---|---|---|---|
|
Handling of quality complaints related to the service provided by the Company. |
Consumer protection law (Fogytv.) 17/A. § (7)
|
Name, address, name of the service, date of purchase and complaint notification, description of the complaint. |
In relation to the records taken of the complaint and the copies of written responses to complaints: 5 years. |
Simultaneously with the conclusion of the contract or the submission of a complaint. |
We draw the attention of the data subjects to the fact that if the provision of the above-mentioned data is omitted, the Company will not be able to conclude a contract.
III. Data Processing Related tot he Company’s website
3.1 Data processing with cookies and log files
In accordance with Article 6(1)(f) of the GDPR, our website uses so-called cookies, which are necessary for certain functions of the website (e.g., language selection). We also use cookies to analyze how the website is used by visitors. A cookie is a file that stores certain information from the data subject (user) device (PC, Tablet, Smartphone, etc.). If the data subject (user) accesses our website again with their device, the website server evaluates the information stored in the cookie in various ways. Cookies are used, for example, to recognize the user or track their habits. This is of our legitimate interest in optimizing our website and improving the experience gained from visiting the website. We use both session cookies, which are deleted at the end of the browsing session, and persistent cookies, which remain on your device for a certain period.
The data subject can delete cookies at any time in their browser. The browser can also be set to accept cookies or to deactivate them completely or only for specific websites.
For further information on the processing of personal data via cookies, please refer to Section 3 of the Google Analytics Privacy Policy.
In accordance with Article 6(1)(f) of the GDPR, our website also uses so-called log files, which store access data whenever the website is visited. The stored data records contain the following details: the data subject’s IP address, the date and time of the visit, the status, the request sent by the data subject’s browser to the server, the amount of data transferred, and the webpage the data subject accessed the desired page from (referral), as well as the product and version of the browser, the data subject’s operating system, and the country information. The log data is routinely deleted after 14 days. In other words, all such data is irreversibly deleted. This temporary storage serves solely to protect our website from attacks and misuse. This is our legitimate interest in terms of storage. We do not use the log data for any other purposes.
We use cookies from external service providers on the website (Google, Facebook). In connection with the website, we use Google Analytics services, which helps measure website traffic and other web analytics data. The cookies are thus transferred and stored on external servers operated by Google. Google uses this information to track website traffic and create analyses of activities conducted on the website. Google is authorized to forward this data to third parties if required by law. Additionally, it may share this data with third parties it uses for data processing. For further information and detailed clarification, please refer to: http://www.google.com/analytics.
3.2 Google Analytics
In accordance with Article 6(1)(f) of the GDPR, the Company’s website uses Google Analytics, which is a website analytics service provided by Google, Inc., based in the USA (“Google”). Google Analytics uses cookies, which are text files placed on a computer to help track how users (data subjects) interact with the website. The information generated by the cookie about the use of the website is sent to a server located in the USA, where it is stored.
The Commission’s (EU) 2016/1250 Implementing Decision, dated July 12, 2016, allows data to be transferred from controllers or processors within the European Union to organizations in the USA that have committed to the EU-US Privacy Shield and its self-certification principles prescribed by the US Department of Commerce. Google is committed to these self-certification principles of the US Department of Commerce. If IP anonymization is enabled on the website, Google shortens the IP address within EU Member States or other countries that have joined the European Economic Area Agreement before sending it to the USA. Only in exceptional cases is the full IP address sent to Google’s servers in the USA, where it is shortened.
On this website, IP anonymization is active. Google uses this information on our behalf to analyze the website’s use, gather website activity reports, and provide other services related to website and internet use for us as website operators. Analyzing user habits is of legitimate interest to us for optimizing the website and advertisements.
By selecting the appropriate settings in the browser, the use of cookies can be disabled. We can also prevent Google from collecting data related to the website usage habits of the data subject (including the IP address) by downloading and installing the browser plugin available at the following location: https://tools.google.com/dlpage/gaoptout?hl=en-GB, which will stop Google from processing this data.
Google Analytics can also be prevented from collecting your data by turning off the following switch. A rejection cookie will be placed on the computer, which prevents the data subject’s data from being collected when visiting the website.
On Off ●
Current status: your data is not trackable.
The cookie must be set separately in every browser where the data subject wishes to completely prevent Google Analytics from tracking, as the data subject may be tracked again if the opt-out cookie is deleted from the browser or expires. Further privacy information can be found on Google’s website at https://www.google.de/intl/en/policies/privacy/.
3.2.1. Cookies that help the operation of the website and for marketing purposes
We display our advertisements on various websites (Google, Facebook), and these external service providers use cookies to store whether the user has previously visited our site, based on which they display personalized advertisements to the users. You can opt-out of external service providers’ cookies on the Network Advertising Initiative opt-out page (http://www.networkadvertising.org/choices/).
The data collected with the above-mentioned technologies cannot be used to identify the user, and we do not link it to any other data that could potentially be used for identification. The primary purpose of using such data is to ensure the proper functioning of the website, which requires tracking visitor data and filtering potential misuse related to the use of the website. Additionally, this data can be used to analyze usage trends, create statistics, etc. Examples of such data include (number of visitors, most viewed topics, content).
If the user does not want the information described above to be collected in connection with the use of our site, cookies can be partially or completely disabled in the browser settings, or the cookie settings can be modified. Most browsers automatically accept cookies by default; however, these settings can generally be changed. By changing the settings, automatic cookie acceptance can be prevented, and it can be set so that the browser offers the visitor the option to choose whether or not to allow cookies every time.
You can find information about cookie settings for the most popular browsers at the following links:
Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=hu
Firefox: https://support.mozilla.org/hu/products/firefox/protect-your-privacy/cookies
Explorer: https://support.microsoft.com/hu-hu/help/17442/windows-internet-explorer-delete-manage-cookies
Edge: https://support.microsoft.com/hu-hu/help/17442/windows-internet-explorer-delete-manage-cookies
Safari: https://support.apple.com/hu-hu/guide/safari/sfri11471/mac
3.6 Encoding
We transmit the data displayed on the website using SSL encryption. Our website and other systems are protected with technical and organizational measures against losses, damages, unauthorized access, modifications, or distribution caused by unauthorized individuals to the data of the Data Subject.
- Method of storing personal data, data processing security
Personal data is securely stored on the server located at the Company’s headquarters as well as in its archive.
The Company implements appropriate technical and organizational measures to ensure a level of data security corresponding to the risks associated with data processing, including, but not limited to, the following: (i) pseudonymization and encryption of personal data; (ii) ensuring the confidentiality, integrity, availability, and resilience of the systems and services used for processing personal data; (iii) the ability to restore access to personal data and the availability of the data in a timely manner in the event of a physical or technical incident; (iv) a procedure for regularly testing, assessing, and evaluating the effectiveness of the technical and organizational measures taken to guarantee the security of data processing.
Recipients of personal data and categories of recipients
| Data Processor | Data Processing Activity |
|---|---|
|
IT-PNG-System Kft. 1025 Budapest, Kútvölgyi út 50. |
The operation and maintenance of the Company’s IT systems are carried out under a contractual relationship. |
V. Rights of the Data Subject
5.1 General provisions
This Notice contains information about the Data Subject’s personal data. Upon the Data Subject’s request, oral information may also be provided, provided that their identity is verified. The Company may not refuse to fulfill the Data Subject’s request to exercise the rights outlined below, unless it proves that it is not able to identify the Data Subject. If the Company has reasonable doubts about the identity of the individual submitting the request, it may ask for additional information necessary to verify the Data Subject’s identity.
The Company will inform the Data Subject about the actions taken in response to their request without undue delay, and in any case within one month from the receipt of the request. If necessary, considering the complexity of the request and the number of requests, this deadline may be extended by an additional 2 months. The Company will inform the Data Subject about the extension of the deadline, indicating the reasons for the delay, within one month from receiving the request. If the Data Subject has submitted the request electronically, the information will, if possible, be provided electronically, unless the Data Subject requests otherwise.
If the Company does not take action in response to the Data Subject’s request, it will inform the data subject without undue delay, and at the latest within one month from receiving the request, about the reasons for not taking action, as well as the remedies available to the Data Subject as outlined in Section VII of this Notice. The Company will not charge any fees for providing information, for the notice, or for actions taken based on these. If the data subject’s request is clearly unfounded or, particularly due to its repetitive nature, excessive, the Company may charge a reasonable fee considering the administrative costs of providing the requested information or notice, or of taking the requested action, or may refuse to act on the request.
5.2 Rights of the Data Subject regarding data processing
5.2.1 Right of access
The Data Subject is entitled to request information at any time regarding whether the Company is processing their personal data, and if so, how, including the purposes of the data processing, the recipients with whom the data has been shared, or the source from which the Company obtained the data, the retention period, any rights related to the data processing, as well as information on automated decision-making and profiling. In case of data transfer to a third country or an international organization, the Data Subject is entitled to information about the guarantees related to such transfers.
When exercising the right of access, the data subject is also entitled to request a copy of the data. In the case of an electronically submitted request—unless the Data Subject requests otherwise—the Company will provide the requested information electronically (in PDF format).
If the exercise of the Data Subject’s right of access adversely affects the rights and freedoms of others, such as the business secrets or intellectual property of others, the Company is entitled to refuse to fulfill the request to the extent necessary and proportionate. If the Data Subject requests the above information in multiple copies, the Company may charge a reasonable and proportionate fee to cover the administrative costs of producing additional copies, at a rate of 300 HUF per page.
5.2.2 Right to rectification
The Company will rectify or complete personal data concerning the data subject upon their request. If there is any doubt regarding the corrected data, the Company may ask the Data Subject to provide proof of the corrected data, primarily through documentation, to substantiate it. If the Company has shared the personal data affected by this right with another person (e.g., a recipient such as a data processor), the Company will promptly inform these individuals of the correction, provided that this is not impossible or does not require disproportionate effort from the Company. Upon the Data Subject’s request, the Company will inform them of these recipients.
5.2.3 Right to erasure
The Data Subject is entitled to request the deletion of their personal data by the Company without undue delay, and the Company is obliged to delete the personal data concerning the data subject without undue delay if any of the following reasons apply:
(i) The personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
(ii) The Data Subject withdraws their consent, and there is no other legal basis for the data processing;
(iii) The Data Subject objects to the processing of their data, and there is no overriding legitimate reason for processing, or the data subject objects to the processing for direct marketing purposes;
(iv) The personal data has been processed unlawfully;
(v) The personal data must be deleted to comply with a legal obligation under Union or Member State law applicable to the Company;
(vi) The personal data was collected in relation to the offering of information society services to children.
If the Company has shared the personal data affected by this right with another person (e.g., a recipient such as a data processor), the Company will promptly inform those individuals after the deletion, provided this is not impossible or does not require disproportionate effort. Upon the data subject’s request, the Company will inform them of these recipients. The Company is not obliged to delete the data, particularly if the data processing is necessary for: (i) exercising the right of freedom of expression and information; (ii) compliance with a legal obligation or performance of a task carried out in the public interest; or (iii) the establishment, exercise, or defense of legal claims.
5.2.4 Right to restriction of processing
The Data Subject is entitled to request the Company to restrict the processing of their personal data if:
(i) The Data Subject disputes the accuracy of the personal data (in this case, the restriction applies for the period necessary for the Company to verify the accuracy of the personal data);
(ii) The processing is unlawful, and the Data Subject objects to the deletion of the data, instead requesting the restriction of its use;
(iii) The Company no longer needs the personal data for processing purposes, but the Data Subject requires it for the establishment, exercise, or defense of legal claims; or
(iv) The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Company, or for the purposes of the legitimate interests pursued by the Company or a third party, and the Data Subject has objected to the processing for those purposes (in this case, the restriction applies until it is determined whether the Company’s legitimate grounds override the Data Subject’s legitimate interests).
Restriction of processing means that, except for storage, the Company will not process the Data Subject’s personal data, or will only process it to the extent to which the data subject has consented, or the Company may process the data without consent for purposes of establishing, exercising, or defending legal claims, protecting the rights of other natural or legal persons, or when necessary for important public interests within the EU or a member state. The Company will notify the data subject in advance of the lifting of the restriction on processing.
If the Company has shared the personal data affected by this right with another person (e.g., a recipient such as a data processor), the Company will promptly inform those individuals about the restriction, provided that this is not impossible or does not require disproportionate effort. Upon the Data Subject’s request, the Company will inform them of these recipients.
5.2.5 Right to object
The Data Subject is entitled to object to the processing of their personal data at any time, on grounds related to their particular situation (including profiling), if the processing is necessary for the performance of a task carried out in the public interest or for the purposes of the legitimate interests pursued by the Company or a third party. In such cases, the Company must cease processing the personal data unless the Company demonstrates that the processing is justified by compelling legitimate grounds that override the Data Subject’s interests, rights, and freedoms, or that the processing is necessary for the establishment, exercise, or defense of legal claims.
If the processing of personal data is for direct marketing purposes, the Data Subject is entitled to object at any time to the processing of their personal data for this purpose, including profiling, where it is related to direct marketing. If the Data Subject objects to the processing of their personal data for direct marketing purposes, the personal data can no longer be processed for this purpose.
The right to object must be explicitly brought to the data subject’s attention no later than the first contact with them, and the information regarding this right must be clearly and separately presented from all other information.
If personal data is processed for statistical purposes, the Data Subject is entitled to object to the processing of their personal data on grounds related to their particular situation, unless the processing is necessary for the performance of a task carried out in the public interest.
5.2.6 Right to data portability
In the Company’s data processing activities, no processing takes place that would require ensuring data portability.
5.2.7 Automated decision-making in individual cases, including profiling
No automated decision-making takes place in the Company’s data processing activities..
5.2.8 Data Breach*
A data breach is a security violation that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data that is transmitted, stored, or otherwise processed. If the data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Company will inform the data subject of the data breach without undue delay. The notification must clearly and understandably describe the nature of the data breach and include the following information and measures: (i) the name and contact details of the person providing the information; (ii) the likely consequences of the data breach; (iii) the measures the Company has taken or plans to take to address the data breach.
The Data Subject does not need to be notified if any of the following conditions are met: (i) the Company has implemented appropriate technical and organizational protective measures, and these measures were applied to the affected data in the context of the data breach; (ii) the Company has taken additional measures after the data breach to ensure that the high risk to the rights and freedoms of the data subject is no longer likely to occur; (iii) notification would require disproportionate effort. In such cases, the data subject should be informed through publicly available information or other similar measures that ensure equally effective communication to the Data Subject.
5.2.9 Information ont he transfer of personal data to a third country
The Company transfers personal data outside the European Union solely for the purpose of entering into or fulfilling a contract that serves the interests of the data subject, as detailed above, pursuant to Article 49(1)(c) of the GDPR.
VI. Liability and Compensation
Anyone who has suffered material or non-material damage as a result of a violation of the Information Act (Infotv.) or the GDPR is entitled to compensation from the Company or another data controller specified in this Notice, or from the data processors.
Each data controller involved in the processing is liable for any damage caused by data processing that violates the Infotv. or the GDPR. The data processor is only liable for damages caused by the processing if it has not complied with the obligations explicitly imposed on data processors under the Infotv. or the GDPR, or if it disregarded or acted contrary to the lawful instructions of the Company.
The Company or the data processor is exempt from liability if it can prove that it is not responsible for the event that caused the damage. If multiple data controllers or data processors, or both the data controller and the data processor, are involved in the same data processing and are responsible for the damage caused by the processing, each data controller or data processor is jointly liable for the entire damage to ensure that the Data Subject is fully compensated.
VII. Complaint, Remedy
If the Data Subject has any questions, comments, or issues regarding the Company’s data processing, they should contact the Company using the contact details specified in Section I.
If the Data Subject believes that the Company’s processing of their personal data violates the applicable data protection laws, including the provisions of the Information Act (Infotv.) or the GDPR, they have the right to file a complaint with the National Authority for Data Protection and Freedom of Information (“NAIH”).
A NAIH contact details:
Website: http://naih.hu/
Address: 1055 Budapest, Falk Miksa u 9-11., Hungary
Postal address: 1530 Budapest, Pf.: 5.
Telephone: +36-1-391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
The Data Subject has the right to file a complaint with a supervisory authority established in any EU Member State, particularly in the state of their habitual residence, workplace, or the place of the alleged infringement.
Regardless of their right to lodge a complaint, the Data Subject may also turn to the court in the case of the above-mentioned infringement. In the case of a data controller, the competent court is the Metropolitan Court, but the Data Subject may also initiate the proceedings before the court of their place of residence. The contact details of the courts in Hungary can be found at the following link: http://birosag.hu/torvenyszekek. Furthermore, the data subject may also initiate the proceedings before the court with jurisdiction and competence in the Member State where their habitual residence is located if the data subject resides in another EU Member State.
The Data Subject is entitled to approach the court against a legally binding decision of the supervisory authority. Additionally, the data subject has the right to judicial remedy if the supervisory authority does not address the complaint or fails to inform the data subject about the procedural developments or the outcome of the complaint within three months. The Data Subject is also entitled to authorize a nonprofit organization or association, which has been established in accordance with the law of any EU Member State and whose statutes include the protection of public interest and the rights and freedoms of data subjects with regard to personal data, to submit the complaint on their behalf, to request judicial review of the supervisory authority’s decision, to initiate a lawsuit, and to exercise the right to compensation on their behalf.
This Notice is available at the Company’s headquarters and website, and will be provided to the data subject upon request. The establishment and modification of this Notice are within the authority of the managing director.
Budapest, 10th of June 2020.
AIR, OCEAN, ROAD — OR STRAIGHT FORWARD ON-BOARD COURIER, HGL HAVE SOLUTIONS WITH AN EXPERIENCED TEAM ABLE TO SATISFY THE MOST SUPERLATIVE REQUIREMENTS.
