Data Protection and Data Management Policy

The privacy policy of Cedit 2000 Kft ("Privacy Policy") sets out the rules for the protection of personal data. The Data Protection Regulation reflects the provisions of the GDPR and the data protection legislation of the Member States.

Cedit 2000 Kft. takes the protection of personal data very seriously and handles the data with due care and responsibility in the course of its business activities.

Cedit 2000 Kft.'s data protection regulations are attached to the regulations in force CXII of 2011 on the right to self-determination of information and freedom of information. valid with the combined application of the Act.

Scope

This Privacy Policy applies to Cedit 2000 Kft. and its employees, as well as the processing of all personal data that is subject to the GDPR and the national data protection legislation of the EU member states.

Basic concepts/abbreviations

Affected

The identified or identifiable natural person; a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person can be identified

Data controller

The natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others

Data processor

The natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller

Personal data

Any information relating to an identified or identifiable natural person

Special category of personal data

Personal data referring to racial or ethnic origin, political opinion, religious or worldview beliefs or trade union membership, as well as genetic and biometric data aimed at the unique identification of natural persons, health data and personal data relating to the sex life or sexual orientation of natural persons.

Member State data protection legislation

Data protection legislation adopted in the Member States in accordance with the GDPR

Data handling

Any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or otherwise making it available , alignment or linking, restriction, deletion or destruction.

Anonymized information

Any information not relating to an identified or identifiable natural person, including data anonymized in such a way that the data subject is not or can no longer be identified.

Third person

Any legal person or natural person who is not an employee of the Company, with the exception of those concerned.

Contribution

The voluntary, concrete and clear declaration of the data subject's will based on adequate information, with which the data subject indicates by means of a statement or an unmistakable act of confirmation that he/she consents to the processing of personal data concerning him/her.

GDPR

Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and on the repeal of Regulation 95/46/EC (general data protection decree)

1. Procedure and tasks

The following provisions present the procedures to be followed by Cedit 2000 Kft. when handling personal data.

1.1 General obligation

Cedit 2000 Kft applies appropriate technical and organizational measures against misuse of personal data, loss of personal data or damage to personal data, as well as to handle the data in compliance with the provisions of the GDPR and the national data protection legislation of the relevant EU member states.
The data protection regulations apply to the handling of the personal data of Cedit 2000 Kft.'s business partners, colleagues, family members, job applicants and other natural persons whose personal data is managed by Cedit 2000 Kft.

1.2 Basic principles of personal data protection

Cedit 2000 Kft. respects the basic principles set by the GDPR regarding data management.

 The list of relevant principles is as follows:

HE  The principle of legality – there must be at least one legal basis to start processing personal data;

HE  Purpose-bound principle - personal data can only be processed for predetermined purposes;

HE  Principle of data saving: - data is processed only when necessary, any relevant personal data can only be processed for legal purposes

HE  Principle of correctness and transparency - open and transparent data management towards the data subject;

HE  The principle of integrity and confidentiality, the application of the "what we need to know" principle - the application of the necessary technical and organizational measures to ensure the avoidance of unauthorized or illegal data processing by restricting access;

HE  The principle of accuracy - accurate and up-to-date personal data must be handled;

HE  Controlled change management procedure – modification of the system for handling personal data or introduction of a new method based on the opinion of the data controller, followed by the conduct of a possible data management impact assessment;

1.3 Legal bases and purposes of data management

The processing of personal data must be based on some legal basis; this can be, among others, consent to data management, fulfillment of a legal obligation, fulfillment of a contract, legitimate interest, public interest or protection of the interests of the data subject. Cedit 2000 Kft carries out its activities in full consideration of these legal bases and objectives.

1.4 Transmission of personal data

Cedit 2000 Kft may provide personal data to third parties only under certain conditions. Personal data may only be forwarded to a third party acting as a data processor based on a data management contract. Based on relevant contracts, personal data may also be forwarded to a third party acting as contractual data controller or joint data controller.
If it is necessary to correct or delete personal data, or if there are circumstances restricting data management, Cedit 2000 Kft. will notify the third parties to whom it transferred the personal data, unless this cannot be solved or would involve a disproportionate effort. Upon special request, Cedit 2000 Kft. notifies the data subject of the third parties to whom the personal data has been transferred.
Cedit 2000 Kft. may forward personal data to third parties outside the EEA or the European Union, as well as to international organizations.

 

1.5 Rights of data subjects

Cedit 2000 Kft. takes the necessary steps for those concerned to exercise the rights provided for in the GDPR. In connection with the management of their personal data, the rights of the data subjects include the right to access personal data, the right to limit data processing, the right to correct data, the right to data portability and deletion, the right to object to data processing and the right not to be covered by exclusively automated data processing. the scope of the decision based on
Cedit 2000 Kft. ensures proper communication and cooperation in order to process all requests within the appropriate time frame. Cedit 2000 Kft. will do its best to respond to the person concerned within 30 days at the latest.

1.6 Duties prescribed for data owners and all employees

All data owners and employees within Cedit 2000 Kft. are obliged to handle the data in accordance with the first guidelines of Cedit 2000 Kft., the GDPR and the data protection legislation of the Member States.

1.7 Notification of a data protection incident

If there is a risk of a data protection incident or an attempt to do so, then Cedit 2000 Kft. will notify the supervisory authority and/or the affected parties, and its employees will fulfill this obligation within 72 hours of the incident.

1.8 Deletion of personal data

Cedit 2000 Kft. handles personal data only for as long as necessary. Personal data must be deleted or anonymized in the following cases:

HE  Cessation of the purpose of data management in such a way that there is no other legitimate purpose in its place;

HE  The personal data are no longer needed for the purpose for which they were collected or otherwise processed;

HE  The data subject withdraws his consent and there is no other legal basis for data processing;

HE  The data subject objects to the data processing, and there is no other legal basis that overrides the objection;

HE  Illegal handling of personal data.

 

Cedit 2000 Kft places the necessary emphasis on observing the necessary data protection measures when deleting or anonymizing data.