DATA SUBJECTS RIGHTS REGARDING PERSONAL DATA PROCESSING: AN OVERVIEW

INTRODUCTION

In compliance with Regulation (EU) 2016/679, also known as the Regulation, which addresses the protection of natural persons concerning the processing of their personal data and the free movement of such data, and repeals Directive 95/46/EC, this document outlines the obligations of the Controller. The Regulation mandates that the Controller takes suitable measures to convey information regarding personal data processing to data subjects in a clear, concise, transparent, and easily accessible manner, using straightforward language. Furthermore, the Controller is obligated to facilitate the exercise of data subject rights. Additionally, Act CXII of 2011 on the freedom of information also necessitates the provision of information to data subjects before processing. The information presented here aims to fulfill the legal obligations of our Company in this regard.

CHAPTER I
RESPONSIBLE PARTY FOR DATA
The entity providing this information also serves as the data controller:

Company name: IST Hungary Kft.
Legal address: 2636 Tésa, Ady Endre utca 11, Hungary
Tax number: 27966745-2-13
Company registration number: 01-09-359424
Represented by: Igamnazarov Timur
Email: business@isthungary.hu
Website: isthungary.hu
Phone: +36-20-59-77777
(hereinafter referred to as Company)

CHAPTER II
IDENTIFICATION OF DATA PROCESSORS
The term ‘Processor’ refers to a natural or legal person, public authority, agency, or any other entity that processes personal data on behalf of the controller (as per Article 4(8) of the Regulation). While the involvement of a processor does not necessitate prior consent from the data subject, they must be duly informed. Consequently, we provide the following details:
Our Company’s IT Service Providers
To facilitate the operation and management of its IT systems, our Company engages data processors offering IT services (including hosting, email, system administration, and CRM services). These processors handle personal data provided through the website, email, or any other means related to our Company’s services during the contractual period. The list of processors includes:
Company Name: Microsoft
Registered Address: Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA
Service Type: Microsoft 365
Website: www.microsoft.com
Company Name: Versanus Informatikai és Szolgáltató Kft.
Registered Address: 1138 Budapest, Mura u. 4. 9. em. 7..
Tax Number: 13504786-2-41
Email Address: support@versanus.eu
Website: versanus.eu
Service Type: Hosting Service Provider
Our Company’s Accounting Service Providers
To meet tax and accounting obligations, our Company enlists external service providers. These providers process the personal data of individuals in contractual or payment relationships with our Company, ensuring compliance with tax and accounting regulations.

CHAPTER III
DATA PROCESSING IN CONNECTION WITH SERVICE PROVISION
Accessing the Website
Cookie Usage Information
(1) Following standard internet practices, our Company employs cookies on its website. A cookie is a small data file with a sequence of characters placed on the visitor’s computer during a website visit. Upon subsequent visits, the website recognizes the visitor’s browser through the cookie.

(2) Our Company’s website collects and processes the following visitor and device data:

  • IP address of the visitor,
  • Browser type,
  • Operating system settings of the browsing device (language settings),
  • Visit date,
  • Visited (sub)page, function, or service used.

(3) While accepting and enabling cookie usage is optional, visitors can reset their browser settings to reject or notify them about incoming cookies. Although most browsers automatically accept cookies by default, this setting can generally be modified to allow users to decide on a case-by-case basis.

For information on cookie settings for popular web browsers, click on the links below:

  • Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
  • Google Chrome: https://support.google.com/accounts/answer/61416?hl=en
  • Microsoft Internet Explorer 11: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11
  • Microsoft Internet Explorer 10: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-10-win-7
  • Microsoft Internet Explorer 9: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-9
  • Microsoft Internet Explorer 8: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-8
  • Microsoft Edge: http://windows.microsoft.com/en-us/windows-10/edge-privacy-faq
  • Safari: https://support.apple.com/en-us/HT201265

Please note that certain website functions or services may not work properly with disabled cookies.

(4) The cookies used on the Company’s website cannot, on their own, establish the user’s identity.
(5) Cookies on the Company’s website:
i) Strictly (technically) necessary session cookies:
These cookies enable smooth browsing and use of the website’s functions and services during a specific visit. They are retained only for the duration of the current visit and are automatically deleted when the session ends and the browser is closed. The legal basis for this processing is Article 13/A (3) of Act CVIII of 2001 on certain issues of electronic trading services and information society services. Processing purpose: Ensure proper website operation.
ii) Consent-based cookies:
These cookies allow the Company to remember user selections on the website. Users can object to this processing at any time. This data is not linked to user identification data and may not be disclosed to third parties without user consent.
ii.1. Functional cookies:
Processing purpose: Enhance service effectiveness, user experience, and website usability.
Processing period: 7 months.
Data processed: ZOPIM, ADDTOANY
ii.2. Performance cookies:
Google Analytics cookies – More information: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
Google Adwords cookies – More information: https://support.google.com/adwords/answer/2407785?hl=en
Facebook cookies – More information: https://www.facebook.com/policies/cookies/
Processing purpose: Optimize service performance and user experience.
(6) The legal basis for processing: User consent.

Processing Related to Newsletter Service

(1) Individuals subscribing to the newsletter on the website can provide consent by checking the relevant checkbox. Subscribers can unsubscribe at any time, revoking their consent, by clicking the “Unsubscribe” option in the newsletter or by contacting us via email. In such cases, all data, except the email address and the unsubscribe status, is promptly deleted.

(2) Processed data categories: Name (first and last), email address, country of origin, residence country, service group.

(3) Purposes of processing personal data:
• Sending newsletters about Company products and services.
• Sending promotional material.

(4) Legal basis for processing: User consent.

(5) Recipients of personal data with access to the eDm database within and outside the company: Company employees handling customer service and marketing duties; IT service provider employees as data processors for hosting services.

(6) Storage period for personal data: Until the newsletter service is provided or the data subject revokes consent (requests erasure).

Requesting Contact via Online Form or Email

(1) Individuals completing the online form for contact requests on the website can provide consent by checking the relevant checkbox.

(2) Processed data categories (may vary by service type): Name, phone number, email address, copy of passport and/or visa, date of birth, marital status, travel information.

(3) Purposes of processing personal data:

  • Electronic, phone, and SMS contact requests.
  • Sending information on news related to Company products, services, terms and conditions, special offers.
  • Assessing eligibility for services.
  • Providing offers related to website services.

(4) Legal basis for processing: User consent or responding to the data subject’s request.

(5) Recipients of personal data with access to the client database within and outside the company: Company employees handling customer service and marketing duties; IT service provider employees as data processors for hosting services.

(6) Storage period for personal data: 6 months or until the data subject revokes consent (requests erasure).

Processing Data of Contracted Partners – Customer and Supplier Administration

(1) The Company processes personal data of natural persons entering into business relationships as customers or suppliers based on legal obligations. This processing is deemed lawful, even if necessary to take steps at the data subject’s request before entering into a contract.

(2) Processed personal data categories: Name, name at birth, date of birth, mother’s maiden name, address, tax identification number, private entrepreneur’s card number, primary producer’s card number, identity card number, registered address, site address, phone number, email address, website address, bank account number, customer number, online identifier.

(3) Purposes of processing personal data: Entering into, performing, and terminating contracts; providing contractual discounts; fulfilling legal obligations specified in applicable laws and regulations.

(4) Legal basis for processing: Legal obligations and steps at the request of the data subject.

(5) Recipients of personal data: Company employees and data processors performing customer service, taxing, and accounting duties.

(6) Storage period for personal data: 5 years after the relevant contract termination.

Contact Details of Individuals Representing Legal Entity Clients, Customers, and Suppliers

(1) Processed personal data categories: Name, address, phone number, email address, online ID.

(2) Purposes of processing personal data: Performing contracts with legal entity partners; maintaining business relationships; legal basis: Company’s legitimate interest.

(3) Recipients or categories of recipients of personal data: Company employees performing customer service duties.

(4) Storage period for personal data: 5 years after the business relationship and assignment of the data subject as a representative cease.

Special Processing for Individual Services

CHAPTER IV
PROCESSING BASED ON LEGAL OBLIGATION

Processing for Fulfilling Tax and Accounting Obligations

(1) The Company is obligated to process pertinent personal data of individuals establishing a business relationship with the Company as customers or suppliers. This processing is carried out to fulfill the Company’s legal obligations regarding tax and accounting, as outlined in applicable laws and regulations. The processed data specifically encompass the following: tax number, name, address, and tax status based on Articles 169 and 202 of Act CXXVII of 2017 on Value Added Tax; the name, address, and the entity or individual ordering the business operation; the name of the person authorizing the payment order and certifying the operation’s execution, along with the controller’s signature in certain organizational contexts; recipient’s signature on the payment receipt and payer’s signature on the counter receipt; private entrepreneur’s card number, primary producer’s card number, and tax identification number.

(2) The duration for which personal data will be retained: 8 years after the cessation of the legal relationship establishing the processing’s legal basis.

(3) Recipients of personal data: Company employees and data processors responsible for taxing, accounting, payroll, and social security duties.

CHAPTER V
SUBMISSION OF REQUESTS RELATED TO CONTROLLER’S DATA PROCESSING ACTIONS

The Controller is obligated to promptly provide information regarding the actions taken in response to a data subject’s request to exercise their rights. This information must be provided without undue delay and, in any case, within one month from the receipt of the request. In situations where the complexity or volume of requests necessitates additional time, the Controller may extend this period by two months. The data subject shall be informed of any such extension and the reasons for the delay within one month of receiving the request.

In cases where a data subject submits their request electronically, and unless otherwise specified by the data subject, the information will be conveyed in a commonly used electronic format.

Should the Controller fail to act on the data subject’s request, they are required to inform the data subject promptly and no later than one month from receiving the request. This communication must include the reasons for not taking action and inform the data subject of their right to file a complaint with a supervisory authority or seek judicial remedies.

Information provided under Articles 13 and 14 of the Regulation, as well as any communication and actions taken on the data subject’s rights (Articles 15 to 22 and 34), are to be furnished free of charge by the Controller. However, if a data subject’s requests are deemed manifestly unfounded or excessive, particularly due to their repetitive nature, the Controller may, considering administrative costs, either charge a fee of 46.000 HUF or reject the request. The burden of demonstrating the manifestly unfounded or excessive nature of the request rests with the Controller.

In cases where the Controller harbors reasonable doubts about the identity of the requesting individual, they may request additional information to confirm the data subject’s identity.

IST Hungary Kft., Date: 17 July 2022