Privacy notice

1. Introduction

DUNA -TELE 4 TAXI Bt. - hereinafter Taxitársaság - through the publication of this data protection information, fulfills the prior information obligation of the data subjects regarding the processing of personal data, as prescribed by REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL - hereinafter GDPR -, according to which each information must be made available to those affected by data management in a concise, transparent, comprehensible and easily accessible form, clearly and comprehensibly worded.

In order to protect the personal data of our dedicated customers, partners and employees, our taxi company considers it of utmost importance to respect the right of information self-determination of natural persons involved in data management. In this spirit, it treats personal data confidentially and ensures the security of this data with technical and organizational measures

As a data controller, we recognize the content of this legal notice as binding on us, and we hereby undertake that all data management and data processing related to our activities meet the requirements set out in this information sheet and the applicable legislation.

The data protection guidelines arising in connection with activities involving personal data management are continuously available on the company's website, online service interfaces, mobile taxi and order applications and all other online interfaces we use (e.g.: Facebook, etc.).

At the same time, we reserve the right to change the content of this data management information as necessary, but in accordance with the laws in force at the time.

We will notify our customers and visitors of the online content of the changes to the extent necessary.
If you would like more information about this brochure, write to our e-mail address below, and we will send you our answer in writing in the same way.

By reading the data management information, user interaction on the online and application interfaces, and consenting in other verifiable ways, you acknowledge and accept the contents of the data management information.

2. Presentation and data of the taxi company

Our company provides transport organization activities based on passenger transport by taxi. Contact with customers is carried out by our independent dispatch service under the trademark of our company, in such a way that it relays the passenger transport requests from passengers to the taxi passenger transport companies that have a contractual relationship with our company.

The operation of our company, the transport organization activity, the rules for the use and performance of the passenger taxi service, and the remuneration are contained in the General Terms and Conditions (GTC) document.

More important data of our company

Name : DUNA-TELE 4 TAXI Freight Organizer and Transport Service Limited Company
Headquarters : 9021 Győr, Árpád út 51. b. intact.
Tax number : 22409706-2-08
Company no. number : 08-06-001436
e-mail : dunatele4@taxigyor.hu

The person responsible for data protection tasks

Name : Csilla Udvardi
Address : 9021 Győr, Árpád út 51 b. intact.
e-mail : dunatele4@taxigyor.hu
phone : +36 96 444-444

3. Purpose and scope of the data protection information

The purpose of this information sheet is to record the data protection, data management, data processing and data transfer principles applied by the taxi company, which the company, as a data controller, recognizes as binding on itself.

Its purpose is also that, on the basis of these, the data subjects can receive adequate information about the data managed and processed by the taxi company, their source, the purpose, legal basis and duration of the data management, the names, addresses and activities related to the data management of the external data controllers and data processors involved in the data management, and - the data subject in case of transmission of your personal data - about the legal basis and recipient of the data transmission.

This information is valid until withdrawn.

4. Definitions

• personal data : any information relating to an identified or identifiable natural person ("data subject"); a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person can be identified
• data management : Regardless of the procedure and method used, any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as collection, recording, systematization, segmentation, storage, transformation or change, query, insight, use, communication, transmission , distribution or otherwise making available, coordination or linking, restriction, deletion or destruction
• profiling : any form of automated processing of personal data in which personal data is used to evaluate certain personal characteristics of a natural person, in particular characteristics related to work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movement used to analyze or predict
• pseudonymization : processing of personal data in such a way that, without the use of additional information, it is no longer possible to determine which specific natural person the personal data refers to, provided that such additional information is stored separately and technical and organizational measures are taken to ensure that this personal data cannot be linked to identified or identifiable natural persons
• registration system : the file of personal data divided in any way - centralized, decentralized or according to functional or geographical aspects - which is accessible based on specific criteria
• data controller : the natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others; if the purposes and means of data management are determined by EU or member state law, the data controller or the special aspects regarding the designation of the data controller may also be defined by EU or member state law
• data processor : the natural or legal person, public authority, agency or any other body that manages and processes personal data on behalf of the data controller or provides the technical background and application logic for data management
• third party : the natural or legal person, public authority, agency or any other body that is not the same as the data subject, the data controller, the data processor or the persons who have been authorized to process personal data under the direct control of the data controller or data processor
• the data subject's consent : the voluntary, specific and clearly informed declaration of the will of the data subject, by which the data subject indicates by means of a statement or an unmistakable act of confirmation that he gives his consent to the processing of his personal data
• data protection incident : a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise handled.

5. Information on the use of cookies

In accordance with common internet practice, our website also uses cookies to optimize performance and help users.

An HTTP cookie (usually simply a cookie, or cookie according to its English original) is a packet of information that the server sends to the web browser, and then the browser sends back to the server for every request directed to the server. Cookies are created by the web server itself using the browser on the user's computer, where they are stored in a separate directory. A cookie is therefore a small file that is placed on your computer when you visit a website.

The cookie can contain any information specified by the server, its purpose is to introduce the user status to the connection between the browser and the server. In the absence of cookies, the retrieval of each website would be an isolated event, so for example, if the user logs in to a page protected with a username and password and views content, then navigates to another subpage, the username/password pair would have to be requested again.

The purpose of cookies is therefore to facilitate the use of websites and to store information related to the user's session, but it is also suitable for collecting other information related to the use of the site.

Our taxi company uses cookies on its website exclusively for two purposes, which are not suitable for identifying users. We do not use advertising cookies, so we do not burden you with unwanted advertisements when browsing the pages.

Cookies to help use

These provide us with the opportunity to remember the function language and other usage-related choices on our website.

Performance cookies

We use Google Analytics cookies to collect information about how our visitors use our website. These cookies cannot identify you personally, they only collect information such as which page a visitor viewed, which part of the website they clicked on, how many pages they visited, and how long each page was viewed.

Avoiding the use of cookies

As we wrote earlier, the cookies used on our website do not store personally identifiable information, acceptance and authorization of the use of cookies is not mandatory, regardless of the functionality of our website, you will not suffer any damage if you reject the use of cookies. It is usually possible to manage cookies in the Tools/Settings menu of browsers under the Data Protection settings, under the name cookie or cookie.

6. General purpose of data management

In order to perform the transport organization and passenger transport service, the exercise of the rights and obligations arising from the service contract (Terms and Conditions) and the business contract concluded with the taxi passenger transport companies, the performance of the passenger transport service.

7. Legal basis of data management

Fulfillment of contractual obligations, consent of the data subject, legitimate interest of the data controller, legal obligation, as follows:

• Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free flow of such data and repealing Regulation 95/46/EC (general data protection regulation) - hereafter GDPR
• CXII of 2011 Act - on the right to informational self-determination and freedom of information - hereafter Infotv
• Act V of 2013 - on the Civil Code - hereinafter referred to as Ptk
• CVIII of 2001 Act - on certain issues of electronic commercial services and services related to the information society. - hereafter Ektv.
• Act C of 2000 - on accounting. - hereinafter Account. TV
• CVIII of 2001 Act - on certain issues of electronic commercial services and services related to the information society - hereinafter referred to as Eker. TV
• XLVIII of 2008 Act - on the basic conditions and certain limitations of economic advertising activity. - hereinafter Grt
• LXVI of 1995 Act on public records, public archives and the protection of private archive material (with regard to data that can be linked to employment)
• XLI of 2012 law on passenger transport services (related to the HolaTaxi system)
• CLV of 1997. Act on consumer protection. - hereafter Fgytv.
• 176/2015. (VII. 7.) Govt. decree on road passenger transport by car for a fee (related to the HolaTaxi system)
• CXXXIII of 2005 Act on personal and property protection, as well as the rules of private detective activity
• the capital city taxi ordinance, i.e. 31/2013. (IV. 18.) Main. Kg. decree on the conditions for the operation of the passenger transport service by passenger taxi and the service that mediates and organizes the passenger taxi service, the procedure for the establishment and use of taxi stations and the official price of the passenger taxi service)
• the agreement made with the customers - recorded in the contract (GTC).
• the service contract concluded with passenger transport (taxi) contractors
• the permission granted by the user regarding data management - clearly stated in writing or on the online and mobile application interfaces.
• prior to incoming calls to the company's dispatch center, a text (automated or announced by the dispatcher) informing about the fact and method of electronic announcement, which the caller verbally accepts and confirms.
• written information posted prior to entry regarding the camera asset protection surveillance system used by the company.

8. Duration of data management

31/2013 of the Municipality of the Capital City, the transport data directly related to the organization of the transport and the use of the service, provided by the natural person who uses the passenger transport service, compulsorily or as a result of his voluntary activity. taxi decree, as well as Government 176/2015. (VII.07-e) Govt. on the basis of the regulation on road passenger transport for a fee, our company is required to keep it for a period of 3 months.

For reasons of quality assurance, in order to provide faster, better and more modern service to passengers, data directly related to the transport organization will be kept beyond the mandatory data retention period, for 1 year as active data, and for another 1 year as archived data, if the person concerned does not request the deletion of the data.

We retain data not directly related to the organization of transport for the period prescribed by the relevant legislation or regulated by the contracts. The exact duration of the various data managements can be found in "9. They were recorded in the "Scope of processed personal data" chapter.

9. Scope of processed personal data

During phone calls

176/2015, our company (VII. 7.) Govt. decree on road passenger transport by private car for a fee maintains a dispatcher service authorized by law in order to increase the quality of the transport organization service.

Calls to the central telephone number of the dispatch service are not recorded, so no data processing takes place in this regard.

Data management related to freight organization

During the passenger taxi transport organization activity, our dispatch service receives transport requests from passengers and forwards them in an organized, automatic or manual form to the passenger taxis, which are contracted partnerships or sole proprietors using the taxi company's image elements.

During data processing, the dispatch service, as well as the online and mobile application interfaces suitable for ordering transport, request the data from private individuals requiring transport, which are necessary in order to be able to perform the service requested by them.

Delivery requests are received by the company as follows

• "seated" passenger
• on the phone from which a voice recording is made.
• by e-mail
• Android and iOS mobile appointment application
• order submitted from a partner portal
• a message sent from a marketing website or social media site.

Data from these individuals will be forwarded to the passenger transport companies in order to fulfill the transport

Method of transmission:

• typically in written form, appearing on the taxi mobile application
• occasionally via URH radio.

General legal basis and duration of data management

The mandatory duration of data storage and preservation is the following legislation

• 176/2015. (VII. 7.) Govt. decree on road passenger transport by car for a fee
• and the Capital City Taxi Ordinance (31/2013. (IV. 18.) Főv. Kgy. Decree on the conditions for the operation of the passenger transport service by private taxi and the service that mediates and organizes the private taxi service, the procedure for the establishment and use of taxi stations and the official price of the private taxi service )

based on a minimum period of 100 days. In the absence of a request from the users to delete the data, the data related to the transport organization will be archived and then deleted after 1 + 1 year.

Passenger transport

Direct personal data processing for taxi passenger carriers under contract with our company - when waiting at a taxi station or other place with a free signal, or by stopping or waving down a taxi with a free signal - boarding is usually not done, or only if the passenger

• the electronic or printed taxis issued by our company,
• or wish to use a named loyalty card
• and refers to the existing contract between our company and our partner companies - entitling to travel discounts, the use of alternative means of payment, or other services included in the contract

Scope of data registered and processed in the above cases

• passenger name
• electronic taxi receipt, points collection card, or other identity card - affected by the contract, entitling to travel, discounts or other services - or the unique serial number of the contract.
• stand-by address
• stand-by (passenger boarded) time
• use it
• arrival time
• route and distance traveled
• the freight fee
• discounts, amount of points credited or used
• other - data required based on the contractual obligation. For example, a cost center

Purpose of data management

Exercising the rights and obligations arising from the service, check or discount card usage contract concluded with partner companies or private individuals, the performance of the passenger transport service

Legal basis for data management

The exercise of rights and obligations arising from service contracts or GTC, the performance of the passenger transport service, the legitimate interest of the data controller, and the consent of the data subject.

Data processed during data recording following a telephone taxi order

Our company operates a dispatch service for the organization of transport, which receives transport requests from passengers and forwards them to passenger taxis in an organized, automatic or manual form.

One of the currently most common ways of receiving transport requests is for passengers to call the central telephone number of the taxi company and communicate information about their travel needs to the dispatch service. The dispatch service records the data related to the transport organization in the HolaTaxi system.

Scope of registered and managed data

• passenger's phone number
• name
• the time of the call and data recording
• audio recording of the telephone conversation between the passenger and the dispatcher
• stand-by address
• downtime
• in cases where the passenger wants to record, the destination
• in cases requested by the passenger, the pre-calculated amount of the freight charge
• other needs of the passenger - requested in connection with passenger transport.

Purpose of data management

Recording, transmission and preservation of data related to transport organization for the purpose of service performance and legal obligations.

Legal basis for data management

• Voluntary data communication by the passenger over the phone and consenting to data recording.
• XLI of 2012 law on passenger transport services
• 176/2015. (VII. 7.) Govt. decree on road passenger transport by car for a fee
• and the Capital City Taxi Ordinance (31/2013. (IV. 18.) Főv. Kgy. Decree on the conditions for the operation of the passenger transport service by private taxi and the service that mediates and organizes the private taxi service, the procedure for the establishment and use of taxi stations and the official price of the private taxi service )

Data management during orders placed on the mobile application

Our taxi company uses the HolaTaxi system created and provided by Mobile LBS Kft., which includes the "DunaTaxi" transport ordering application for the most common mobile platforms (Android and iOS) for the IT service and support of transport organization activities.

The application can be downloaded free of charge from the respective application stores, however, its actual use (ordering the transport) is subject to prior registration. During registration, based on the contractual conditions contained in the General Terms and Conditions, the passenger must record their name, telephone number and e-mail address, and actively (by reading and user interaction) accept our General Terms and Conditions and this Privacy Policy. By accepting these, the passenger gives his consent to the processing of the data listed below. During the actual taxi order, the passenger consents to the processing of additional data

Scope of registered and managed data

During registration

• name
• telephone number
• email address

When the transport is ordered, and thereafter until the end of the journey

• the previously registered name
• telephone number
• email address
• the date of the order
• stand-by address
• downtime
• in cases where the passenger wants to record, the destination
• in cases requested by the passenger, the pre-calculated amount of the freight charge
• other needs of the passenger - requested in connection with passenger transport.
• with the passenger's special permission, the location data of their mobile device

Location data provided by the mobile appointment application application

When entering the mobile application, the passenger is informed that the application collects the location data of his device in order to:

• the taxi driver can see the passenger's position in his own application in order for the passenger and the taxi driver to find each other as efficiently as possible.
• the passenger - by his own decision, consent and interaction - can use the "taxameter" function designed to check the fare on the go.

The passenger receives the same information when placing the actual order, and permission is requested whether or not the passenger consents to the disclosure of their location data. The permission can be granted or refused based on the passenger's own decision and choice, regardless of his decision, he is entitled to use the service. By refusing the location data service, you must do without the application functions based on it - listed above.

Purpose of data management

Recording, transmission and preservation of data related to transport organization for the purpose of service performance and legal obligations.

Legal basis for data management

• Voluntary consent by the passenger to data management
• XLI of 2012 law on passenger transport services
• 176/2015. (VII. 7.) Govt. decree on road passenger transport by car for a fee
• and the Capital City Taxi Ordinance (31/2013. (IV. 18.) Főv. Kgy. Decree on the conditions for the operation of the passenger transport service by private taxi and the service that mediates and organizes the private taxi service, the procedure for the establishment and use of taxi stations and the official price of the private taxi service )

Data management applied when ordering from online interfaces and by e-mail

Our company accepts taxi orders from customers in other electronic forms, in addition to the traditional telephone and app bookings.

• by e-mail (at the e-mail address indicated on the company's website and in the General Terms and Conditions)
• in the contact form on the company's website
• in a message sent from the company's social media page
• from the partner portal designed for contracted partners

Scope of registered and managed data

• passenger name
• phone number
• email address
• the date of the order
• stand-by address
• requested downtime
• in cases where the passenger wants to record, the destination
• other needs of the passenger - requested in connection with passenger transport.

Purpose of data management

Recording, transmission and preservation of data related to transport organization for the purpose of service performance and legal obligations.

Legal basis for data management

• Voluntary consent by the passenger to data management
• XLI of 2012 law on passenger transport services
• 176/2015. (VII. 7.) Govt. decree on road passenger transport by car for a fee
• and the Capital City Taxi Ordinance (31/2013. (IV. 18.) Főv. Kgy. Decree on the conditions for the operation of the passenger transport service by private taxi and the service that mediates and organizes the private taxi service, the procedure for the establishment and use of taxi stations and the official price of the private taxi service )

Data management related to taxi passenger transport contractors

The actual passenger transport is carried out by taxi passenger companies that have a contractual relationship with our taxi company.

In the course of the transport organization activity, our dispatch service receives transport requests from passengers and forwards them to the passenger taxi operators in an organized, automatic or manual form.

The taxi contractors are equipped with Android mobile communication devices, on which they run the LBS DunaTaxi application of the company's HolaTaxi system for the IT support of transport organization during their shift.

When this mobile application is on:

• continuously collects device location data and transmits it to the system.
• it is suitable for setting and indicating the taxi driver's busy and free, as well as intermediate transport statuses
• it is also suitable for receiving data related to transport organization and transport
• to start navigation to stop addresses and destinations
• to receive text messages
• and to display other information necessary for the efficient organization of transport

Scope of registered and managed data

In connection with the contract concluded with taxi passenger transport companies

• Taxis and the name of the business
• phone number
• place and time of birth
• his mother's name
• ID card number
• your tax number and/or tax ID
• your taxi license number
• license number, category and validity
• individual entrepreneur ID number
• your residential address and/or the address of your temporary residence
• previously performed transports
• identification data of your vehicle (with which you provide the passenger transport service).

In connection with the organization of transport and the fulfillment of deliveries

• the GPS coordinates of the taxi driver's mobile device during his shift
• busy or free indication
• information about completed and ongoing shipments

Location data provided by the mobile taxi application

When concluding a contract with the taxi company, the taxi driver accepts, in addition to other obligations included in the contract, that he must use the LBS DunaTaxi mobile application during the validity of the contract, including during the entire time spent in the shift . Together with the contract, you accept the taxi company's information on data management, which sets out the purpose and legal basis of data management, as well as the scope of the data recorded about it.

In addition, when entering the application, you will be informed that the application collects your device's location data both in the foreground and in the background in order to:

• the transport organization IT system and the company's dispatcher must know the taxi driver's geographical position with great accuracy
• using this, during the validity of the ride, the passenger ordered from the mobile application will receive information about the location and expected arrival time of the taxi selected for him
• for complaint handling and quality assurance purposes, later - during the data retention period - the entire route of the mobile device's movement can be queried
• the taxi driver can use the "Where is my passenger" function, based on the passenger's and his own decision, consent and interaction, designed to make it easier for the passenger and the taxi driver to find each other

The taxi driver can grant or refuse the permit based on his own decision and choice, but at the same time, due to his obligations contained in the contract, he cannot participate in the passenger transport if the permit is not granted.

Purpose of data management

In order to ensure efficient transport management, updating the status and availability of taxis at all times, forwarding data related to transport management to the taxi drivers providing the service for the purpose of service performance and legal obligations.

Legal basis for data management

• The contract with the taxi passenger transport company
• The taxi driver's voluntary consent to data management
• XLI of 2012 law on passenger transport services
• 176/2015. (VII. 7.) Govt. decree on road passenger transport by car for a fee
• and the Capital City Taxi Ordinance (31/2013. (IV. 18.) Főv. Kgy. Decree on the conditions for the operation of the passenger transport service by private taxi and the service that mediates and organizes the private taxi service, the procedure for the establishment and use of taxi stations and the official price of the private taxi service )

10. Transfer of data, additional data managers and processors

to data processors Our company uses additional data controllers and data processors in order to provide services and facilitate our own data management activities, as well as to fulfill the contract concluded with the party involved in data management or the legal requirements.

The reason for this is that we can ensure the security of some of our services, the IT processes that support them, and the operation only by using content, IT solutions, or their infrastructure provided by external service providers.

When using external data managers and data processors, we strive to ensure that only those data managers and data processors who provide contractual guarantees to comply with the requirements of data management contained in national and member state legislation and to implement appropriate technical and organizational measures to ensure the protection of the rights of the data subjects can participate.

Based on the above, private taxi contractors providing taxi passenger transport are also considered external data controllers and data processors.

By accepting this data management information, the natural person also accepts that the transfer of their data is necessary for the use of the given service, so if they do not agree to the transfer of their data, we cannot provide them with the relevant service.

Data managers and data processors related to the transport organization and the services provided

Mobile LBS Kft

We use the HolaTaxi system developed by Mobile LBS Kft and provided as a monthly fee service for the IT support of transport organization activities and service provision.

Activity performed by a data processor

The operation of the HolaTaxi automatic transport management system and the implementation of the necessary improvements, as well as the provision of the background IT infrastructure.

Data processor data

• Name: Mobile LBS Kft
• Headquarters: István utca 7, 7625 Pécs
• Tax number: 23560897-2-02
• Company register number: 23560897-2-02
• Phone: +36 80 296 890
• e-mail: info@hola.hu
• Responsible for data protection: Olivér Fehér, senior project manager
• Phone: +36 72 998 605
• e-mail: oliver.feher@whereis.eu

Google Inc.

We use the company's Google mail system for written contact with customers, and the document management system provided by the company for office applications, and Android systems on our mobile devices

Activity performed by a data processor

Provision of GMail mail account and related services.

Data processor data

• Headquarters: 1600 Amphitheater Parkway, Mountain View, CA 94043, USA

11. Data security

Basic principles of implementing data protection

• Our company may process personal data only during the activities set out in these regulations, only according to the specified data management purposes, rules and definitions
• we undertake to take all technical and organizational measures based on the state of science and technology and the costs of implementation, as well as the nature, scope, circumstances and purposes of data processing, as well as the varying probability and severity of the risk to the rights and freedoms of natural persons, which are absolutely necessary for the enforcement of data security legislation, data and privacy protection rules
• we will establish the procedural rules necessary for the enforcement of the above-defined legislation.
• we protect the data with appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction and damage
• we keep the data we manage in accordance with the applicable laws, ensuring that the data can only be seen by those employees and other persons acting in the interests of our company who need it in order to perform their duties and responsibilities
• employees may not forward personal data to a third person or organization that is not involved in the data management activity
• the data can only be accessed by those employees who have made a declaration of confidentiality in relation to the personal data being handled in relation to compliance with the data security rules.

Protection of IT-based records

Our company implements the following necessary measures for the implementation of data security with regard to its IT records

• Provides your computers, servers and storage devices with permanent protection against computer viruses
• it protects IT units prioritized from a data protection point of view with a firewall
• if necessary, limit the network addresses from which access is possible (IP filtering)
• ensures the physical protection of IT system hardware devices, including protection against elemental damage
• provides uninterrupted power supply to the most important devices (servers).
• ensures the protection of the IT system against unauthorized access, both in terms of software and hardware devices
• takes all the measures necessary to restore the data files, performs regular backups
• backup copies are stored separately

Protection of paper-based records

In order to protect paper-based records, our company takes the necessary measures, especially in terms of physical security and fire protection. These measures may be published in separate regulations

• our managers, employees and other persons acting in the interest of the company are obliged to securely store and protect data carriers containing personal data that we use or possess against unauthorized access, alteration, transmission, disclosure, deletion or destruction
• the documents are placed in a safe, tightly closed dry room or storage unit
• our buildings and premises are equipped with fire and property protection equipment
• the data processing employee may only leave the room where data processing takes place in the course of his/her work and at the time of his/her investment by locking the entrusted documents at their destination
• after the digitization of paper-based records, the protection of digitally stored documents is governed by IT records

12. Legal enforcement and remedies

Our company ensures the recognition, enforcement and legal remedy of rights related to personal data as follows. Access to personal data and requests related to the enforcement of the rights of the data subject described below can be initiated by the data subject in the following ways at the contact details provided in Chapter 2:

• by post addressed to our taxi company
• via e-mail
• on the phone

When submitting the application - regardless of its form - you must prove that you are entitled to exercise the data subject's rights on your own or on behalf of your legal representative.

In relation to the submitted legal remedy requests, we undertake to inform the person concerned of the measures taken based on the request without delay, within a maximum of 30 days from the date of receipt. The 30-day administrative deadline can be extended by 2 months - if necessary and justified. We will inform the data subject of the extension of the deadline, indicating the reasons for the delay, within 30 days of receiving the request.

If, based on your request, we do not take measures within the specified deadline, we will inform you as soon as possible, but no later than within 30 days, of the reasons for not taking action. If you do not agree with our legal remedial activity following your submitted request, you can file a complaint with the National Data Protection and Freedom of Information Authority, or in the case of illegal data processing, you can apply for legal redress to the competent court according to your place of residence or residence.

National Data Protection and Freedom of Information Authority

1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Mailing address: 1530 Budapest, PO Box: 5.

Phone: +36 -1-391-1400

E-mail: ugyfelszolgalat@naih.hu

The right to withdraw data processing consent

The data subject has the right to withdraw the previously given consent to data processing at any time, but this cannot be retroactive, i.e. it does not affect the legality of the data processing carried out on the basis of consent prior to the withdrawal of consent.

The right to information

At the written request of the data subject, we provide information about the data we manage or process, their source, the purpose, legal basis, duration of the data management, the name, address (headquarters) of the data controller and/or data processor and their activities related to data management, and - forwarding the data subject's personal data in the case of - about who and for what purpose the data is or was received. We will provide this information in writing within 30 days of submitting the application.

Right to correct or delete data

The right of the natural person concerned, the request for the correction of his personal data, and its fulfillment by us. Our company is obliged to correct personal data that does not correspond to reality.

We delete the personal data we manage if:

• handling is illegal
• requested by the person concerned
• incomplete or incorrect - and this condition cannot be legally corrected
• the purpose of data management has ceased
• the statutory period for data storage has expired
• Court, respectively
• ordered by the National Data Protection and Freedom of Information Authority

In addition to the above, the condition for deletion is that the deletion of data is not precluded by any law or other legislation

We would like to draw your attention to the fact that the Hungarian State may limit the data subject's rights to information, correction and deletion by law.

• for the sake of its external and internal security (national defense, national security, crime prevention or law enforcement, security of punishment)
• state or local government economic or financial interest
• from the significant economic or financial interest of the European Union
• for the purpose of preventing and uncovering violations of labor law and labor protection obligations

Our company is obliged to take action within 30 days regarding the modification or deletion of data. We will provide information in writing within the same 30 days. If we cannot fulfill the data subject's request for correction or deletion due to the reasons listed above, we will also inform the data subject in writing within 30 days

The right to restrict data processing

The data subject is entitled to limit data processing at his request if one of the following is met:

• the data subject disputes the accuracy of the personal data, in which case the limitation applies to the period that allows the data controller to check the accuracy of the personal data
• the data processing is illegal and the data subject opposes the deletion of the data and instead requests the restriction of its use
• our company no longer needs the personal data for data management purposes, but the data subject requires them
• if the data subject has objected to data processing, the restriction applies to the period until it is determined whether the legitimate reasons of our company take precedence over the legitimate reasons of the data subject

The right to data portability

The data subject is entitled to receive the personal data concerning him/her in a format that is clearly understandable, widespread and readable by a computer program, and is also entitled to transfer this data to another data controller without restriction, and is also entitled to - if this is technically feasible - request the direct transfer of personal data between data controllers.

The right to protest

The data subject has the right to object to the processing of his personal data at any time if the processing of personal data is carried out for the purpose of obtaining direct business. If the data subject objects to the processing of personal data for the purpose of direct business acquisition, then the personal data may no longer be processed for this purpose.