Cedit 2000 Kft Data protection and data management regulations
The data protection regulations of Cedit 2000 Kft (the “Data Protection Regulations”) formulate the rules concerning the protection of personal data. The Data Protection Policy reflects the provisions of the GDPR and the data protection legislation of the Member States.
Cedit 2000 Kft takes the protection of personal data very seriously, and handles the data with due care and responsibility in the course of its business activities.
The data protection regulations of Cedit 2000 Kft., Annexed to the regulations, are in force in accordance with Act CXII of 2011 on the right to information self-determination and freedom of information. valid in conjunction with the law.
Scope
This Privacy Policy covers Cedit 2000 Kft. And its employees, as well as the handling of all personal data that is subject to the GDPR and the national data protection laws of the EU Member States.
Basic concepts / abbreviations
An identified or identifiable natural person; identify a natural person who, directly or indirectly, in particular on the basis of an identifier such as name, number, location, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable
Any natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data
A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller
Any information relating to an identified or identifiable natural person
Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic and biometric data for the unique identification of natural persons, health data and personal data concerning the sexual life or sexual orientation of natural persons.
Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic and biometric data for the unique identification of natural persons, health data and personal data concerning the sexual life or sexual orientation of natural persons.
Any operation or set of operations on personal data or files, whether automated or non-automated, such as collecting, recording, organizing, segmenting, storing, transforming or altering, querying, inspecting, using, transmitting, disseminating or otherwise making available , harmonization or interconnection, restriction, deletion or destruction.
Not any information relating to an identified or identifiable natural person, including data anonymised in such a way that the data subject is not or can no longer be identified.
A voluntary, specific and well-informed and clear statement of the will of the data subject, by which the data subject indicates, by means of a statement or an act unequivocally expressing his or her consent, that he or she consents to the processing of personal data concerning him or her.
A voluntary, specific and well-informed and clear statement of the will of the data subject, by which the data subject indicates, by means of a statement or an act unequivocally expressing his or her consent, that he or she consents to the processing of personal data concerning him or her.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 2016 April 27 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 Regulation)
- Procedure and tasks
The following provisions describe the procedures to be followed by Cedit 2000 Kft during the processing of personal data.
1.1 General obligation
Cedit 2000 Kft applies appropriate technical and organizational measures against misuse of personal data, loss or damage to personal data, and to ensure that the data is handled in accordance with the provisions of the GDPR and the national data protection legislation of the relevant EU Member States.
The data protection regulations apply to the processing of the personal data of Cedit 2000 Kft's business partners, employees, family members, job applicants and other natural persons whose personal data is managed by Cedit 2000 Kft.
1.2 Principles of personal data protection
Cedit 2000 Kft respects the principles set out by the GDPR in relation to data management.
The list of relevant principles is as follows:
- Principle of lawfulness - there must be at least one legal basis for initiating the processing of personal data;
- Purpose limitation principle - personal data may only be processed for pre-defined purposes;
- Principle of data saving: - data is processed only when necessary, any relevant personal data may only be processed for lawful purposes
- Principle of fairness and transparency - open and transparent data management towards the data subject;
- Application of the principles of integrity and confidentiality, the "what we need to know" principle - the application of the necessary technical and organizational measures to ensure that access is prevented by preventing unauthorized or illegal data processing;
- The principle of accuracy - accurate and up-to-date personal data must be processed;
- Controlled change management policy - modification of the personal data management system or introduction of a new method based on the opinion of the data controller, followed by a possible data management impact assessment;
1.3 Legal bases and data management purposes
The processing of personal data must be based on some legal basis; such may include consent to data processing, performance of a legal obligation, performance of a contract, legitimate interest, public interest or protection of the interests of the data subject. Cedit 2000 Kft carries out its activities with full consideration of these legal bases and objectives.
1.4 Transfer of personal data
Cedit 2000 Kft may only make personal data available to third parties under certain conditions. Personal data may only be transferred to a third party acting as a data processor under a data management contract. Under the relevant contracts, personal data may also be transferred to a third party acting as a contractual controller or joint controller.
If the correction or deletion of personal data is necessary, or if there are circumstances restricting the processing of data, Cedit 2000 Kft will notify the third parties to whom it has transferred the personal data, unless this would be unsolvable or would involve a disproportionate effort. Cedit 2000 Kft. Shall notify the data subject of the third parties to whom the personal data has been transferred upon special request.
Cedit 2000 Kft may also transfer personal data to third parties outside the EEA or the European Union, as well as to international organizations.
1.5 Rights of data subjects
Cedit 2000 Kft takes the necessary steps for the exercise of the rights granted to the data subjects in the GDPR. In relation to the processing of their personal data, the rights of data subjects include the right to access personal data, the right to restrict data processing, the right to rectify data, the portability and deletion of data, the right to object to data processing and the right not to be subject to automated data processing only. scope of the decision based on
Cedit 2000 Kft ensures proper communication and cooperation in order to process all requests in a timely manner. Cedit 2000 Kft will do its best to respond to the data subject within 30 days at the latest.
1.6 Tasks required of data holders and all employees
Within Cedit 2000 Kft., All data holders and employees are obliged to handle the data in accordance with the first guidelines of Cedit 2000 Kftb, the GDPR and the data protection legislation of the Member States.
1.7 Reporting a Privacy Incident
If there is a risk of a data protection incident or an attempt to do so, Cedit 2000 Kft will be notified by the supervisory authority and / or the parties concerned, and its employees will fulfill this obligation within 72 hours of the incident.
1.8 Deletion of personal data
Cedit 2000 Kft handles personal data only for the necessary time. Personal data must be deleted or anonymised in the following cases:
- Termination of the purpose of the data processing without any other legitimate purpose;
- Personal data are no longer required for the purpose for which they were collected or otherwise processed;
- The data subject withdraws his or her consent and there is no other legal basis for the processing;
- The data subject objects to the data processing and there is no other legal basis to override the objection;
- Unlawful processing of personal data.
Cedit 2000 Kft. Places the necessary emphasis on complying with the necessary data protection measures when deleting or anonymizing data.