PSI Technology

Data processing

Information on Data Processing

Introduction

The operator of the website, PSI Technology Ltd. (headquarters: HU-6726 Szeged, Alsó kikötő sor, building 11.D., VAT number: 23022922-2-06) (hereinafter: “Controller” is subject to the following information on data processing.

In relation to Regulation (EU) 2016/679 of the European Parliament and of the Council (on the protection of natural persons with regard to the processing of personal data and on the free movement of such data), i.e. GDPR, and the provisions set forth under Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information, the following information is hereby provided.

The information herein governs the data processing of the www.psi-technology.hu website.

The information on data processing is available on the http://www.psi-technology.hu/en/data-protection-privacy-policy.html website.

Data Controller and Contact Details:

According to the General Data Protection Regulation and other national data protection laws of the Member States, as well as under other data protection legislation, the responsible entity is as follows:

Name: PSI Technology Ltd.

Headquarters: HU-6726 Szeged, Alsó kikötő sor, building 11.D.

E-mail: office [at] psi-technology.hu

Telephone: +36 30 733 7373

LEGAL BASIS OF PERSONAL DATA PROCESSING

Provided consent has been obtained from the data subject to process personal data, Art. 6 para (1) point (a) shall serve as legal basis .

If the processing of personal data is necessary for the performance of such a contract to which the data subject is a party to, Art. 6 para (1) point (b) of the GDPR shall provide legal basis. This shall also be applicable to necessary data processing actions in preparation to enter into contract.

If the processing of personal data is necessary for our company’s compliance with a legal obligation, Art. 6 para (1) point (c) shall serve as legal basis.

In such a case where vital interest of the data subject or other natural person makes the processing of data necessary, Art. 6 para (1) point (d) of the GDPR shall serve as legal basis.

If data processing serves the protection of legitimate interests of our company or a third party and the interests or fundamental rights and freedoms of the data subject do not precede the aforementioned interests, Art 6 par (1) point (f) shall serve as legal basis for data processing.

DEFINITIONS

1. ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
2. ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
3. ‘data controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
4. ‘data processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
5. ‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. 2However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
6. ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
7. ‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;

PRINCIPLES FOR PERSONAL DATA PROCESSING

Personal data:

• shall be processed lawfully and fairly, in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’)
• shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);
• shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimization’);
• shall be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);

• shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organizational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);

• shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).

The controller shall be responsible for, and be able to demonstrate compliance with the above (‘accountability’).

DATA PROCESSING

Sending messages, Initiating Contact

1. The fact of data collection, description, scope and purpose of data processing: 

Our system automatically records data and information about the IT system of the computer initiating the contact upon every request.

In such a case, we collect the following data:

1. Type of browser, version used
2. Operating system of the user
3. Internet provider of the user
4. IP address of the user
5. In case of contact: name, e-mail address, phone number and day and time of contact
6. Those websites from which the user’s system got to our website
7. Those websites that are called by the user through our website

2. Data subjects involved

Users visiting the website and those sending messages are the data subjects involved.

3. The duration of data processing, deadline for deletion of data: data processing shall endure until the data subject submits an erasure request.

Description of rights of data subjects regarding data processing:

• The data subject shall have the right to obtain from the data controller access to the personal data concerning him or her, correction of such data, erasure or restriction of processing of such data, and
• To object against the processing of such personal data, and
• the data subject shall have the right to data portability, furthermore to withdraw his or her consent at any time

The data subject may initiate requesting access to personal data, erasure of data, modification or restriction of data processed, data portability, and objection against data processing as follows:

• by post to this address: 6726 Szeged, Alsó kikötő sor 11.D.,
• via email to this e-mail address: office [at] psi-tehcnology.hu.

We inform you that

• data processing is based on your consent.
• you are obligated to provide personal information so that we can answer the inquires.
• failure to provide such data may result in our inability to fulfill your request

UTILIZED DATA PROCESSORS

1. The activity carried out by the data processor and its contact details:

Hosting provider

BlazeArts Kft.
VAT number 12539833-2-03
Company reg. no.: 03-09-109150
Headquarters: 6090 Kunszentmiklós, Damjanich utca 36. 1/8.

Website operator

PSI Technology Kft.
VAT number: 23022922-2-06
Company reg. no.:  06-09-016265
Headquarters: 6726 Szeged, Alsó kikötő sor 11.D. ép.

Provision of technical background

IntroWeb Kft.
VAT number: 13037176-2-06
Company reg. no.: 06-09-008564
Headquarters: 6724 Szeged, Gelei József u. 5.

USE OF COOKIES

1. The fact of data collection, description, scope and purpose of data processing

Our website uses cookies. Cookies are text files that are stored by the internet browser or the computer system of the user. Upon opening the website, a cookie can be placed on the user’s operating system. The placed cookie contains a chain of characters that enables the explicit identification of the browser upon the reopening of the website. The purpose of cookies is to make the website accessible, to provide technical background.

2. Data subjects involved

All website users/all data subjects involved under data processing by the controller.

3. Stored data 

Cookies store and forward the following data: user behavior, submitted search words, frequency of website openings, and usage of website-functions. Duration of data processing, deadline for erasure of data: Until the termination of the agreement between the controller and the provider or until the data subject submits an erasure request to the hosting provider.

You can get information about the most popular browser cookie settings, execution of restriction on the following links: 

• Google Chrome
• Firefox
• Microsoft Internet Explorer 11
• Microsoft Internet Explorer 10
• Microsoft Internet Explorer 9
• Microsoft Internet Explorer 8
• Safari

CONTACT FORM, E-MAIL CONTACT

The contact form on our website enables the User to send an electronic message to the operator. If the User chooses this option, then we shall retrieve and store the data entered into the data fields.

In addition to the data provided by the User, we also store the following data: IP address of the user, day and time the message was sent.

SOCIAL WEBSITES

1. The fact of data collection, presentation, scope and purpose of data processing

Registered name on Facebook / Google+ / Pinterest / Youtube / Instagram social sites and the user’s public profile. The purpose of data collection is to promote the website, the company, and its activity.

2. Data subjects involved 

All persons are data subjects who have registered on Facebook / Google+ / Pinterest / Youtube / Instagram social sites and use the website while logged on to the given site.

COMPLAINT HANDLING

Description of rights of data subjects regarding data processing

• The data subject shall have the right to obtain from the controller access to the personal data concerning him or her, correction of such data, erasure or restriction of processing of such data, and
• To object against the processing of such personal data, and
• the data subject has the right to data portability, furthermore to withdraw his or consent at any time

Access to personal data, erasure, modification or restriction of processing of them, the portability of data, the protest against data processing can be initiate in the following ways:

• by post to this address: 6726 Szeged, Alsó kikötő sor 11.D.,
• via email to this e-mail address: office [at] psi-tehcnology.hu.

CUSTOMER RELATIONS AND OTHER PROCESSING OF DATA

1. If a question should arise while using the controller’s services or the data subject faces a problem, he or she may get in touch with the controller in ways (telephone, e-mail, social sites etc.) provided on the website.

2. In 2 years at most from disclosure, the controller shall delete the e-mails / messages received, data given on telephone, Facebook etc. along with the inquirer’s name and e-mail address and other voluntarily provided personal data.

3. For data processing not listed herein, we shall provide information when the data is recorded.

4. Upon exceptional inquiry from an authority or in case of an inquiry from another entity based on authorization by legislation, the Provider shall be obligated to give information, data, to hand them over and to provide access to files.

5. In these cases, the Provider shall provide only the extent of information necessary to fulfill the request of the inquiry to the inquirer – insofar as he or she indicated the exact purpose and the scope of data.

RIGHTS OF DATA SUBJECTS

1. Right to access

Data subjects shall have the right to obtain from the controller confirmation as to whether or not personal data concerning them are being processed, and, where that is the case, access to the personal data.

2. Right to rectification

Data subjects shall have the right to obtain without undue delay from the controller the rectification of inaccurate personal data concerning them. Taking into account the purpose of the processing, data subjects shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

3. Right to erasure

Data subjects shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies. 

4. Right to be forgotten

Where the controller has made the personal data public and is obliged to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that You have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

5. Right to restriction of processing

You shall have the right to obtain from the controller restriction of processing where one of the following applies:

• the accuracy of the personal data is contested by You, for a period enabling the controller to verify the accuracy of the personal data;
• the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
• the controller no longer needs the personal data for the purposes of the processing, but they are required by the You for the establishment, exercise or defense of legal claims;
• You have objected to processing; in this case the restriction refers to the duration of verification whether the legitimate grounds of the controller override those of Yours.

Communication of a personal data breach to the data subject

When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.

The communication to the data subject shall describe in clear and plain language the nature of the personal data breach, the name and contacts of the data protection officer or other contact person giving further information; the consequences likely to materialize from the data breach; measures planned to implement or had implemented to remedy the data breach, containing in given situation measures aiming to ease consequences arising from the data breach that might be detrimental.

The communication to the data subject shall not be required if any of the following conditions are met:

• the controller has implemented appropriate technical and organizational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorized to access it, such as encryption;
• the controller has taken subsequent measures which ensure that the high risk to the rights and freedoms of data subjects is no longer likely to materialize;
• it would involve disproportionate effort. In such a case, there shall instead be a public communication or similar measure whereby the data subjects are informed in an equally effective manner.

NOTIFICATION OF A PERSONAL DATA BREACH TO THE SUPERVISORY AUTHORITY

In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.

RIGHT TO LODGE A COMPLAINT

You may lodge a complaint against the possible infringement of the controller at the National Authority for Data protection and freedom of information:

1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Postal address: 1530 Budapest, Postafiók: 5.
Telephone: +36 -1-391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu

FINAL PROVISIONS

Creating the informant we considered the following legislation:

 

• REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
• Act CXII of 2011 on information self-determination and freedom of information (hereinafter: Infoact.)
• Act CVIII of 2001 on certain issues of electronic commerce services and information society services (particularly Section 13/A)
• Act XLVII of 2008 on prohibition of unfair commercial practices in relation to consumers
• Act XLVIII of 2008 on basic requirements and certain restrictions of commercial advertising (particularly Section 6)
• Act XC of 2005 on freedom of electronic information
• Act C of 2003 on electronic communication (particularly Section 155)
• Opinion 16/2011 on the EASA/IASB proposition concerning the best practice of behavior-based online advertisement
• Recommendation of the National Authority for Data protection and freedom of information consequences of preliminary information

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC