Data Protection NoticeLast update: 17th August, 2018
T.É.K. Műszaki Szolgáltató, Számítástechnikai és Kereskedelmi Korlátolt Felelősségű Társaság (registered office: Üllői út 119., H-1091 Budapest, Hungary, company registration number: 01-09-715942, “Language Service Provider”) is committed to protecting the personal data of its clients, therefore it pays particular attention to ensuring compliance with the provisions of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information, Act XLVIII of 2008 on Essential Conditions of and Certain Limitations to Business Advertising, Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services, Act CXIX of 1995 on the Use of Name and Address Information Serving the Purposes of Research and Direct Marketing, and Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data applicable as from 25 May 2018, i.e. the GDPR and other applicable laws, national and international recommendations during the collection, processing, use and transfer, if any, of personal data.
By concluding the Agreement with the Language Service Provider/By using the website you confirm that you have read this data processing information document and consent for your personal data to be processed and recorded by the Language Service Provider in compliance with the law; furthermore, you consent for your contact details to be recorded by the Language Service Provider in its database for the purpose of notifying you about information related to its services, changes in such services, changes concerning you and the latest news of the Language Service Provider.
|Data Subject||Any natural person directly or indirectly identifiable by reference to specific personal data.|
|Personal Data||Data relating to the data subject, in particular by reference to the name and identification number of the data subject or one or more factors specific to their physical, physiological, mental, economic, cultural or social identity as well as conclusions drawn from the data in regard to the data subject;|
|Sensitive Data||Personal data revealing racial origin or nationality, political opinions and any affiliation with political parties, religious or philosophical beliefs or trade-union membership, and personal data concerning sexuality, health, pathological addictions, or criminal record;|
|Criminal Personal Data||Personal data relating to the data subject or that pertain to any prior criminal offence committed by the data subject and that is obtained by organizations authorised to conduct criminal proceedings or investigations or by penal institutions during or prior to criminal proceedings in connection with a crime or criminal proceedings;|
|Data Subject’s Consent||Any freely and expressly given specific and informed indication of the will of the data subject by which he signifies his agreement to personal data relating to him being processed fully or to the extent of specific operations;|
|Objection||A declaration made by the data subject objecting to the processing of their personal data and requesting the termination of data processing, as well as the deletion of the data processed;|
|Controller||Natural or legal person, or organisation without legal personality which alone or jointly with others determines the purposes and means of the processing of data; makes and executes decisions concerning data processing (including the means used) or has it executed by a data processor;|
|Data Processing||Any operation or the totality of operations performed on the data, irrespective of the procedure applied; in particular, collecting, recording, registering, classifying, storing, modifying, using, querying, transferring, disclosing, synchronising or connecting, blocking, deleting and destroying the data, as well as preventing their further use, taking photos, making audio or visual recordings, as well as registering physical characteristics suitable for personal identification (such as fingerprints or palm prints, DNA samples, iris scans);|
|Data Transfer||Granting access to the data to specific third parties;|
|Disclosure||Granting open access to the data;|
|Data Deletion||Making data unrecognisable in such a way that it can never again be restored to a recognisable form;|
|Tagging of Data||Marking data with a special ID tag to differentiate it;|
|Blocking of Data||Marking data with a special ID tag to restrict its further processing indefinitely or for a specified period of time;|
|Data Destruction||Complete physical destruction of the data carrier recording the data;|
|Data Process||Performing technical tasks in connection with data processing operations, irrespective of the method and means used for executing the operations, as well as the place of execution, provided that the technical task is performed on the data;|
|Data Processor||Any natural or legal person or organisation without legal personality processing the data on the grounds of a contract, including contracts concluded pursuant to legislative provisions;|
|Data Set||All data processed in a single file;|
|Third Party||Any natural or legal person, or organisation without legal personality other than the data subject, the data controller and the data processor;|
|EEA Member State||Any Member State of the European Union and any State which is party to the Agreement on the European Economic Area, as well as any State the nationals of which enjoy the same legal status as nationals of States which are parties to the Agreement on the European Economic Area based on an international treaty concluded between the European Union and its Member States and a State which is not party to the Agreement on the European Economic Area;|
|Third Country||Any State that is not an EEA Member State;|
|Data Breach||The unlawful processing or process of personal data, in particular the unauthorised access, alteration, transfer, disclosure, deletion or destruction as well as the accidental destruction or damage thereof.|
2. Your Data Controller and Its Contact Details
Data Controller: T.É.K. Műszaki Szolgáltató, Számítástechnikai és Kereskedelmi Korlátolt Felelősségű Társaság (registered office: Üllői út 119., H-1091 Budapest, Hungary, company registration number: 01-09-715942)
Contact person: László Kovács
Contact details: email@example.com
3. Categories of Data Processed
3.1. General Definition
Personal Data processed by the Language Service Provider shall mean data that are or may be received by the Language Service Provider during the use and provision of the services of the Language Service Provider through the personal data provided by the people ordering the services of the Language Service Provider, the potential customers, people requesting a quote or using the online platform of the Language Service Provider, and also all the personal data transferred by you to the Language Service Provider.
Such personal data may include, but are not limited to the following:
- date and place of birth;
- mother’s name at birth;
- personal ID card No., address card No., address;
- personal identification code;
- social security number, tax ID No., bank account number;
- (workplace) email address, telephone number.
Sensitive Personal Data
- data regarding racial origin or nationality;
- data concerning health (weight, CBC, screening test results);
- data concerning pathological addictions;
- data concerning criminal record.
3.2. Data Processing Related to Contractual Relationship and Quoting
As part of its activity the Language Service Provider prepares quotes on services for its customers, enters into agreements and also performs procurement as well as archiving and document handling activities required for its operation. In this regard the Language Service Provider processes and stores the following data until the dates indicated and for the purposes defined below:
- communication (with a commercial purpose);
- concluding agreements;
- performing agreements;
- account management and debt management;
- enforcing legal claims under agreements (e.g. complaints, warranty claims);
- document handling and archiving after the termination (by performance or expiry) of the agreement.
a) Personal data for natural person customers:
The name, address, telephone number, email, customer code (client ref. number, order number) and online ID of natural persons who enter into an agreement with the Language Service Provider as customers shall be processed for the purposes indicated above. Data processing shall lawfully commence prior to the conclusion of the agreement subject to an enquiry from our customers regarding a request for quote.
b) Personal data of natural persons representing legal person customers:
Categories of personal data processed: name, address, telephone number, email address, online ID of the natural person.
3.3. Data Processed for All Customers
Both the source and target materials, including the personal data therein, are retained until the performance of the agreement and the expiry of the warranty period. Such data processing is required for the performance of the agreement in order for the Language Service Provider to comply with the legal obligations binding it as data controller.
3.4. Registration on the Website of the Language Service Provider
Visitors to our website are only required to provide us with their personal data if they want to register, log in for submitting a request for quote, place an order or if they request a quote on the dedicated online platform.
3.5. Other Contractual Partners
Data of our other contractual partners (sub-contractor linguists and other service providers) and our contractual partners in procurements shall be requested and processed as and for the term stipulated by the laws referenced in the introduction.
4. Categories of Data Subjects Affected by the Data Processing and the Legal Basis of Processing
The Language Service Provider processes the data of customers, potential customers and persons requesting a quote. This policy shall apply to our contractual partners and the visitors to our website, contractual partners, fulfilment partners and participants. In addition to this, we process the personal data of people whose data are indicated in documents to be translated as the subject matter of the service.
We only process the personal data of people who have consented to the processing of their personal data or to their transfer to third parties, or if such processing is required by the law or the regulation of the local government acting pursuant to the authorisation under the law and in cases stipulated therein, for a purpose arising from public interest.
The following user actions shall also constitute the provision of consent: ticking the appropriate box when visiting the internet website of the Language Service Provider; the personal data being sent to the mailing address, email address or other contact details of the Language Service Provider; choosing technical settings for information society services and any other statements or conduct which clearly indicate in this context the data subject’s consent to the proposed processing of their personal data.
In addition to this, personal data are only processed by us pursuant to Article 6. of the GDPR and Section 6 of the Privacy Act if obtaining the data subject’s consents is impossible or would involve disproportionately high costs, and processing is required for the performance of an obligation or the protection of a legitimate interest of ours or of third parties, and the enforcement of such interest is proportionate with the limitation of the right to protect personal data. Personal data received from your and other partners are processed if the data subject has consented to the transfer of its personal data to third parties or the Language Service Provider. The Language Service Provider shall not transfer the processed data for them to be used for marketing or other purposes without your express consent.
The data of natural persons contracted as customers or suppliers stipulated in the law shall be processed by the Language Service Provider for the purpose of performing obligations (accounting, taxation) stipulated by the law (Sections 169 and 202 of Act CXXVII of 2017 on Value Added Tax; Act CXVII of 1995 on Personal Income Tax; Act LIII of 2017 on the Prevention and Combatting of Money Laundering and Terrorist Financing, Act C of 2000 on Accounting) under the legal title of compliance with a legal obligation.
Documents of permanent value under Act LXVI of 1995 on Public Records, Public Archives, and the Protection of Private Archives, but otherwise not received by the customers shall be processed by the Language Service Provider pursuant to the performance of its legal obligation until such documents are handed over to the public archives.
The consent to the processing of data shall be deemed granted with the delivery of your personal data to the Language Service Provider.
By delivering the personal data to the Language Service Provider you declare and warrant that you have the right to process and, in particular, to transfer such data.
The Language Service Provider excludes its liability for claims enforced in relation to a breach of the declaration above, and at the same time you shall reimburse the Language Service Provider for damage incurred in relation to the false or incorrect nature of the declaration above.
5. The Purpose of Data Processing
With respect to the personal data received by the Language Service Provider, the purpose of data processing shall be:
- concluding agreements;
- performing the services of the Language Service Provider;
- providing discounts;
- providing notice on data related to services and on changes thereto;
- communication between Language Service Provider and customer;
- providing information by way of newsletters;
- providing customised quotes and services;
- providing information about news and matters of interest related to the Language Service Provider;
- pursuing marketing activity;
- building and maintaining a marketing database;
- pursuing direct marketing activity.
6. Duration of Data Processing
Processing shall only be performed to the extent and for the time required for achieving the purpose and it shall only involve personal data, the processing of which is essential to and otherwise suitable for achieving the purpose of the processing, in particular until the rights and obligations exist in connection with notifying you, providing the services and the related administration.
In case of Agreements the duration of data processing shall be
- the limitation period of the claims arising from the agreement between you and the Language Service Provider, or
- the limitation period of claims related to legal obligations binding the Language Service Provider under the Agreement,
whichever of the two is longer.
When you order the services of the Language Service Provider and you provide us with your email address, but in the end no Agreement is concluded, the duration of data processing shall be the period for which an agreement may be concluded between the Language Service Provider and you. If it is obvious that no contractual relationship will be established in the future (e.g. the company whose contact person provided their personal data ceases to exist), or if you request the deletion of the personal data, the personal data shall be immediately deleted.
7. The Processing of the Data
The Language Service Provider uses the participation and services of data processor(s) (including, but not limited to accountants, IT service providers) for performing the processing activities. Processing shall be governed by the data processing agreement concluded by and between the Language Service Provider and the controller which ensures the processor’s obligation of confidentiality and thus the security of processing.
8. People Authorised to Access the Data
The personal data provided by you may be accessed and processed by the employees, senior officers, advisors of the Language Service Provider, other members of its staff participating in data processing, and also by its partners with respect to whom you have consented to the transfer of data.
Language services are provided by the Language Service Provider with the help of external sub-contractors for the purpose of which the sub-contractors are provided, through the administrative system of the Language Service Provider, with the documents required for the performance of the language services.
Pursuant to the law, courts and specific authorities have the right to access the personal data processed by the Language Service Provider. The court, the public prosecutor’s office and other authorities (e.g. the police, tax authority, Hungarian National Authority for Data Protection and Freedom of Information) may contact the Language Service Provider and request the provision of information, the reporting of data or the delivery of documents. In such cases we are bound to comply with our data reporting obligation to the extent indispensable for the implementation of the purpose of the enquiry.
9. Transmission and Transfer of the Data
We are aware that your data represent a value and we use our best endeavours to protect them during processing.
Personal data provided to us are only disclosed to third parties cooperating with us or acting on our behalf in certain cases if such is required for the implementation of the purpose for which such data were provided by the data subject or you. Personal data may also be transferred by the Language Service Provider to other third parties if such is required for providing more effective services to you or if such third parties process the data subject’s data on behalf of the Language Service Provider.
However, we have ensured that such third parties protect the information and data appropriately and adequately.
Personal data may be transferred by the Language Service Provider to third party processors that ensure appropriate technical and organisational safeguards. According to the generally accepted data protection practice, the Language Service Provider may employ external service providers for the regular maintenance of its server(s), the storage of data or the performance of other IT related tasks.
Information is only disclosed to other third parties if
- we have the data subject’s consent to it;
- we are obliged to do so by the law; or
- such is required for the purpose of legal proceedings, for exercising or protecting rights related to such proceedings or granted by the law.
By providing the personal data, you expressly consent to the data being transferred for such purpose, and you declare and warrant that you have the right to disclose the personal data to the Language Service Provider for such purpose.
As soon as the conditions warranting the lawful processing or disclosing of the data cease to exist, the Language Service Provider shall immediately act for the deletion of the personal data from the database, and shall notify you about such deletion.
10. Transfer of Data to Third Countries
Personal data may be required to be transferred to third countries during the performance of the services ordered by you as in certain cases the employees, service providers, sub-contractors of the Language Service Provider are not located in EEA Member States and they perform the services ordered from such third party locations. In such cases data shall be transferred in compliance with Chapter V of the GDPR if the criteria stipulated there are met (e.g. the adequacy decision of the Commission, standard data protection clauses, binding corporate rules).
11. Data Security
Data received by the Language Service Provider during processing, including data stored both in the electronic information system and also on traditional printed media shall be processed with the utmost care and attention as strictly confidential, and the Language Service Provider shall undertake all lawful technical and organisational measures to protect them in particular against unauthorised access, alteration, transfer, disclosure and other types of infringement as well as deletion or destruction, and also against accidental destruction.
As part of the organisational measures, physical access is monitored at our premises, our employees regularly receive training and the printed documents are locked away under due and proper protection.
The closed IT system of the Language Service Provider provides adequate protection for processing the data in the electronic information system. Our data controllers and partners ensure the same protection for the data as that ensured by the Language Service Provider, and data are used by them strictly for the purpose for which they are intended. The data processed are accessible to people authorised to access them, the authenticity and certification of the data are ensured, the data remain unaltered, and the data are protected against unauthorised access.
The Language Service Provider has technical and organisational measures in place to ensure the security of the data which provides an adequate level of protection against risks arising in connection with processing. We have implemented standard technological and operational security solutions to prevent the loss, alteration, destruction or misuse of identifiable personal data. We use our best endeavours to ensure the protection of the personal data processed by the Language Service Provider through appropriate confidentiality undertakings as well as technical and security measures. Personal data may only be accessed by employees holding appropriate authorisation and accepting confidentiality, and also by controllers authorised to do so.
Please note that we undertake no full liability for the confidentiality, intactness and availability of the data transfer performed through our website since such are not only within the control of our Company. We comply with strict regulations regarding the data received in order to ensure the security of your data and to prevent unlawful access.
12. The Use of Translation Software and/or Other Tools
In order to provide the services ordered by you in the most effective way, the Language Service Provider uses translation software and/or other tools. The memory of the translation software stores the data entered into the system for a pre-defined time in order to ensure that certain parts of the text can be repeatedly used in the future.
The materials sent by our customers are kept separate for each customer, therefore only those parts of the text may be re-used during the performance of the service ordered by you which originate from documents previously provided by you.
We will use our best endeavours during the application of the software to ensure full compliance with the requirements specified above.
The software we use is expected to be enhanced in the future with the help of which personal data may be automatically anonymised, or deleted as the case may be. However, you are kindly requested to anonymise/delete all personal data included in the document to be translated that are not relevant to the translation (e.g. addresses of residence), prior to delivering such document to the Language Service Provider.
14. Data Subjects’ Rights Related to Processing
14.1. Request for Information
Data subjects may request information concerning the personal data provided by you and processed by the Language Service Provider, the sources thereof, the purpose, legal basis and duration of processing, the name and address of the data processor and its activities relating to data processing and, in the case of data transfer, the legal basis and the recipients of data transfer.
Request for information is only complied with by the Language Service Provider in person for the protection of the data subjects’ data. To this end, a request for information may be delivered to the Language Service Provider in writing by post in the form of a private document with full probative force, in email or fax, with the required identification data indicated. The Language Service Provider shall provide the requested information within the shortest time possible, but no later than 30 days, with a notice served to the address provided by the data subject.
Please note that information on one single dataset is provided free of charge once a year, but the Language Service Provider may charge a certain fee for all further information provided.
If the data subject notifies the Language Service Provider, with the personal data specified, that the personal data processed are inaccurate, or if the Language Service Provider otherwise becomes aware of the inaccuracy of the personal data and the correct data, the Language Service Provider shall rectify the relevant personal data. The Language Service Provider shall notify the data subject about the rectification or about the request for rectification being dismissed.
14.3. Deletion or blocking
Data subjects may have the right to request that their personal data be deleted or blocked. Personal data are blocked if, based on the information available, it is assumed that deletion would violate the legitimate interests of the data subject. The personal data thus blocked may only be processed by us as long as the purpose of processing that precluded the deletion of the personal data prevails. A notice of the deletion or blocking, or a notice of our dismissal of the request for deletion/blocking shall be delivered to the data subject.
If the accuracy of a personal data item is contested by the data subject and its accuracy or inaccuracy cannot be ascertained beyond doubt, the Language Service Provider shall tag that personal data item for the purpose of referencing.
Data subjects have the right to object to the processing of their personal data, with the exception of statutory processing,
- if processing or transfer of the data is required only for performing a legal obligation of the Language Service Provider or is necessary for the enforcement of a legitimate interest of the Language Service Provider or a third party;
- if their personal data are used or transferred for the purpose of direct marketing, public polling or scientific research provided that the data subjects did not consent to it; or
- in all other cases stipulated by the law.
Objections shall be considered by the Language Service Provider as soon as possible, but not later than 15 days after the submission of the request; a decision shall be adopted and delivered in writing to the applicant on the substantiated nature of the objection.
If the objection proves to be substantiated, the Language Service Provider shall cease the processing of those data, including the recording of further data and data transfer, the data shall be blocked and a notice of the objection and the measures taken pursuant to it shall be delivered to everyone who previously transferred the personal data affected by the objection, and such persons shall act to ensure the enforcement of the right of objection.
14.6. Data portability
Data subjects shall have the right to receive the personal data concerning them, which they have provided, in a structured, commonly used and machine-readable format, and they have the right to transfer those data without hindrance from us if processing is based on the consent of the data subjects and their personal data are processed in an automated manner.
14.7. Refusal of cooperation in relation to direct marketing
Data subjects may at any time refuse to cooperate in relation to so-called direct marketing letters, without any further justification. In this regard, data subjects have the right to refuse or prohibit the inclusion of their name in communication and marketing lists, the use of them for direct marketing purposes or for any other specific purpose within that and the disclosure of their name to third parties.
15. Reporting Data Change
You have the right and also the obligation to report all changes in your data processed by the Language Service Provider within 15 days. You shall be held fully liable for consequences arising from the failure to do so.
16. Withdrawal of consent
If the legal basis of processing is your consent, you may at any time withdraw your consent, in which case the withdrawal of your consent to processing does not affect the legal basis of processing prior to such withdrawal. If the legal basis of processing is only and exclusively your consent, upon the withdrawal of the consent we shall cease to process your personal data and the data shall be deleted from all our records.
17. Right to Remedy
Complaints related to the protection of personal data and enquiries related to processing may be submitted by data subjects to the Hungarian National Authority for Data Protection and Freedom of Information (1125 Budapest, Szilágyi Erzsébet fasor 22/c, mailing address: 1530 (Budapest), Pf.: 5), and data subjects may file action for remedy with a court.
18. Limitation of Rights
In exceptional cases, the rights above may be limited subject to certain legal provisions, in particular for the protection of data subject’s or third party rights.
The Language Service Provider may only and exclusively disclose data contrary to your data processing declaration at the request of the bodies authorised by the law and in the cases stipulated by the law.
19. Managing Data Breaches
In order to prevent and manage data breaches and to comply with the applicable legal regulations, the Language Service Provider shall log access and attempted access in its IT systems and it shall regularly analyse and monitor them.
Should Language Service Provider employees authorised to monitor identify data breaches during the performance of their tasks, they shall immediately notify the manager of the Language Service Provider thereof.
Employees of the Language Service Provider shall report to the manager of the Language Service Provider or the person exercising the employer’s rights if they become aware of data breaches or events suggesting such data breaches.
Data breaches may be reported to the Language Service Provider at the email address and telephone number stipulated in Clause 2 which the employees, contracting partners, data subjects may use to report the underlying events or security weaknesses. When a data breach is reported, the Language Service Provider shall immediately investigate the report, during which it shall identify the breach and decide whether it is an actual breach or a false alarm.
Upon the occurrence of a data breach, the relevant systems, persons and data shall be identified and separated and the Language Service Provider shall collect and retain the evidence underlying the occurrence of the breach. The Language Service Provider shall then start remedying the damage and restore lawful operation.
The Language Service Provider shall keep records of all personal data breaches. These records shall contain:
- the categories of personal data concerned;
- the categories and number of data subjects affected by the personal data breaches;
- the time of personal data breach;
- the circumstances and effects of personal data breach;
- the actions taken to remedy the personal data breach;
- other data stipulated by the law requiring processing.
Data pertaining to personal data breach recorded in the documentation shall be retained for 5 years.
20. Other Provisions
The Language Service Provider reserves the right to unilaterally amend this data processing information document at any time. We shall send you written notice in plain language informing you about all changes in the information document, delivered to one of the contact details provided, and we shall obtain consent as required.
Should you have any questions or comments, please do not hesitate to contact us using any of the contact details indicated herein.