PRIVACY POLICY
on the rights of the data subject natural person
- neve: | RÉVÉSZ TRANS Nemzetközi Fuvarozó Szállítmányozó és Szolgáltató Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság | ||||||||
- short name: | RÉVÉSZ TRANS Kft. | ||||||||
- registered seat: | 4441 Szorgalmatos, Klapka utca 18. | ||||||||
- tax number: | 11585783-2-15 | ||||||||
- company registration number: | 15-09-068049 | ||||||||
- represented by: | Bálint Révész | ||||||||
- general manager: | Gábor Maczkó | ||||||||
- e-mail address: | info@reveszgroup.com | ||||||||
- website: | www.revesztrans.hu | ||||||||
- phone number: |
In order to comply with and implement the requirements of Act CXII of 2011 on the right of informational self-determination and freedom of information and REGULATION (EU) 2016/679 – OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (GDPR, 27 April 2016) on the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation), we hereby inform you about the data processing of our Company:
1. Definitions in the privacy policy:
2. „personal data”: means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
3. „processing”: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
4. „controller”: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
5. „processor”: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
6. „consent of the data subject”: means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
7. „personal data breach”: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
8. Right to preliminary information The data subject shall have the right to receive information with regard to the facts and information related to the processing prior to the commencement of the processing.
9. Right of access of the data subject The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the related information defined in the Regulation.
10. Right to rectification The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
11. Right to erasure (“right to be forgotten”) The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the grounds defined in the Regulation applies.
12. Right to data portability. With the conditions described in the Regulation, the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
13. Communication of a personal data breach to the data subject. When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.
14. Right to lodge a complaint with a supervisory authority (right to appeal before authority) The data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.
2. Legal basis of the data processing related to services contract:
2.1. Data processing based on law
- Data processing regarding registration and data service obligations
2.2. Data processing based on legitimate interest
- Internal regulations
2.3. Data processing based on consent
- Services agreement
3. Processing of the data of the contractual partners – registry of the customers and suppliers
With the legal title of the performance of contracts, our Company processes the data of its contractual partners (buyers, suppliers) regarding the conclusion, the performance and the termination of the contract or to provide discounts.
3.1. Processing of the data of contractual partners
Scope of data providers | Delivered data | Period of data processing |
|
| ||||||
Customers, clients | - Name - Name of the contact person - Address - Telephone number - E-mail address |
|
| For the performance of the work determined in the contract, for the period open for legal remedy and, during the period stipulated by law. |
|
| ||||
Subcontractors, suppliers | - Name - Registered seat - Bank account number - Tax number - Name of the representative - Name of the contact person - elephone no., Fax no. - E-mail address |
|
| For the performance of the work determined in the contract, or the period open for legal remedy and during the period stipulated by law. |
|
|
4. For the processing of the requests of the data subject, intervention obligation
Measures on the basis of the request of the data subject
Our company, as data controller shall notify the data subject without undue delay, but within one month after the receipt of the request by all means, about the measures taken concerning his/her request on exercising his/her rights. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.
4.2. If the controller does not take action on the request of the data subject, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
4.3. Our company, as data controller provides the information according to the Article 13 and 14 of the Regulation, the notification on the rights of the data subject (Article 15–22 and 34 of the Regulation) and the measures free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either: charge a fee of HUF 6350 with respect to administrative costs of providing the information or communication or taking the action requested or refuse to act on the request. The controller shall bear the burden of demonstrating the manifestly unfounded or excessive character of the request.
4.4. Where our Company, as the controller has reasonable doubts concerning the identity of the natural person making the request, the controller may request the provision of additional information necessary to confirm the identity of the data subject.
22. május 2018, Budapest
Gábor Maczkó
general manager