Sysman Informatikai Zrt., as a data controller, respects the privacy of all individuals who provide personal data and is committed to protecting it. Based on Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, GDPR), and Section 16 of Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (Info Act), we provide the following information:
Sysman Informatikai Zrt. treats all personal data it records confidentially, in accordance with data protection laws and international recommendations, and in line with this data management policy. It takes all necessary security, technical, and organizational measures to guarantee the security of the data.
The purpose of this notice (hereinafter referred to as “Notice”) is to provide detailed information to the partners entering into customer relations (hereinafter referred to as “Data Subject” or “User”) about all essential facts related to the processing of their data, particularly the purpose and legal basis of the data processing, the persons authorized to process and handle the data, the duration of data processing, and who may access the data in accordance with the GDPR and Info Act.
Sysman Informatikai Zrt. (hereinafter referred to as “Data Controller” or “Company”) makes information regarding its data processing activities and the current version of this policy continuously available on the www.sysman.hu website. The Data Subject accepts the following and consents to the data processing described below.
Company Name
SYSMAN INFORMATIKAI ZRT.
Headquarters
1037 Budapest, Montevideo u. 10. I. em.
Company Registration Number
01 10 044874
Tax Number
12948901-2-41
Website
www.sysman.hu
Representative
Hermesz Miklós
Phone
+36 1 883 3471
Email
gdpr@sysman.hu
The scope of this Notice extends to everyone whose personal data is processed by the Company for business purposes or whose data is provided to the Company. By transmitting their personal data to the Company, the Data Subject accepts the provisions of this Notice and consents to the processing of their data in accordance with the Notice. The personal scope of this Notice extends to the Company and the individuals whose data is covered by the data processing activities under this Notice and those whose rights or legitimate interests are affected by the data processing.
The Company primarily processes the data of natural persons who, for example, establish contact electronically via sysman@sysman.hu, project@sysman.hu, info@sysman.hu, or gdpr@sysman.hu email addresses, through social media, by phone, or in person for the purpose of establishing customer relationships, requesting quotes, using or requesting the Company’s services, or for reasons or purposes outside the establishment of customer relationships. The Company also processes data provided by natural person customers, partners, and representatives or contacts of non-natural person customers or partners.
In the case of personal data where the Data Subject and the person providing personal data about the Data Subject are not the same, the person providing the data is responsible for having the appropriate authorization from the Data Subject and must inform the Data Subject of the provisions of this Notice.
This Notice applies to all electronic and/or paper-based data processing by the Company that contains personal data.
This Notice is effective from January 1, 2023, until further notice or revocation.
The Company reserves the right to unilaterally amend this Notice, with significant changes being communicated to the Data Subjects.
For the purposes of this Policy, the following definitions have the following meanings:
“Personal Data”: Any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;
“Processing”: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction;
“Controller”: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
“Processor”: A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller;
“Recipient”: A natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
“Third Party”: A natural or legal person, public authority, agency, or body other than the Data Subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
“Data Subject’s Consent”: Any freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
“Special Category Data”: Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation;
“Data Transfer”: Making personal data available to a specific recipient;
“Data Breach”: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
The GDPR and Info Act contain additional definitions as specified by law.
The Company ensures compliance with the data security rules prescribed by the relevant legislation. When defining and applying measures to ensure data security, the Company takes into account the current state of technology and chooses from among several possible data processing solutions the one that provides a higher level of protection for personal data unless it would entail disproportionate difficulty. The Company takes the technical and organizational measures and creates the procedural rules necessary to enforce the data and secret protection regulations and laws. The Company protects the data against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as accidental destruction and damage, and ensures that data become inaccessible due to changes in the applied technology.
Data Subjects may contact the Company through the website and request information by providing certain data. Acceptance of this Privacy Notice is required to use the customer contact point.
Scope of Data Subjects: Natural or legal persons or entities without legal personality who contact the Company and request information from the Company by providing their personal data.
Legal Basis for Data Processing: The Data Subject’s consent.
Scope of Processed Data: Name, email address, phone number, subject, message text, date and time, and any other personal data provided by the Data Subject.
Purpose of Data Processing: Contact, communication, response, information provision, information request.
Data Processing Duration: The duration of data processing is the time necessary for achieving the purpose of the data processing, which may be a maximum of 5 years from the date of data provision or the limitation period for any potential claims, but no longer than until the consent is withdrawn.
The website www.sysman.hu uses cookies. A cookie is a small data file that the website stores on your device, which can later be read from it. The website uses cookies for the following purposes: for statistical purposes using the Google Analytics system. You can delete cookies from your computer or disable their use in the Tools/Settings menu of your browser under Privacy/History/Custom settings for cookies/tracking. If you disable the use of cookies, some functions of the website may not work properly, and there may be issues with the website’s display.
Definition of Cookies: A cookie is a small text file containing data that is stored on the user’s device when visiting a website. Its purpose is to remember what the user did during their time on the website. It can store data such as whether the user clicked on certain links or pages, logged in with their username, or read certain pages on the website months or even years ago.
Categories of Cookies:
Strictly Necessary Cookies: These are vital for users to browse the website and use its features. Without them, services like registration and login cannot be provided. These cookies do not collect data for marketing purposes.
Performance Cookies: These collect information about how visitors use the website, such as the number of visits and error messages. They do not collect data that identifies individuals; all information is aggregated and anonymous.
Functional Cookies: These allow the website to remember user settings, such as language preferences and text size. The provider does not use functional cookies for marketing purposes.
Targeted Cookies: These connect the website to social networks. The site uses Facebook Pixel to help users connect to Facebook. This cookie might be used by the social network to deliver targeted advertisements to the user.
Users should have the option to choose whether to use cookies or not. If the user does not accept the use of cookies, certain functions may not be available to them. More information on deleting cookies can be found at the following links:
The data controller does not record voice calls. The company highlights that the lack of data provision or the lack of consent for data processing by the data subject may occasionally hinder the services provided by the company. The company excludes any liability for damages resulting from this.
Only employees of the company who need access to data for their job duties are authorized to access the data. Employees of the company who have access to personal data are subject to a confidentiality obligation regarding the personal data and other information they become aware of during their job duties or otherwise, and must not make it accessible to third parties.
The company ensures compliance with data security regulations prescribed by relevant legislation. The company takes into account the current state of technology and chooses the data processing solutions that provide a higher level of protection for personal data unless it would entail disproportionate difficulty. The company takes the necessary technical and organizational measures and establishes procedural rules necessary to enforce applicable data and confidentiality regulations. The company protects data against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as accidental destruction and damage, and ensures data is not rendered inaccessible due to changes in the applied technology. The company ensures the necessary training of employees involved in data security. The company provides the expected level of protection during data processing, such as storage, correction, restriction, or deletion, and during requests for information or objections by the data subject.
Storage and Processing of Personal Data
Personal data is generally stored electronically. The data controller stores all personal data on servers located at its headquarters, which only designated employees can access if necessary.
The company uses third-party services to achieve the data processing purposes defined in this Notice and to comply with legal obligations. These services may include the processing of personal data by third parties. The data processor processes data according to the company’s instructions and in compliance with applicable laws. Only the personal data necessary for the specific purpose is transferred to each data processor.
Data processors providing services to the company include:
The company takes all necessary steps to avoid data breaches. A data breach is a security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed.
The data controller reports the data breach to the National Authority for Data Protection and Freedom of Information without delay unless the data breach is unlikely to result in a risk to the rights and freedoms of the data subjects. The data controller records data breaches and related measures. If the breach is serious (i.e., likely to result in a high risk to the rights and freedoms of data subjects), the data controller informs the data subjects of the data breach without undue delay.
The company advises data subjects to first contact the company as the data controller for any complaints or remarks using the contact details provided in this Notice.
Data subjects can request information about the processing of their personal data, request the correction of their personal data, or, except for mandatory data processing, request the deletion, withdrawal, or restriction of their personal data, and exercise their data portability and objection rights as indicated at the time of data collection or through the contact details of the data controller primarily based on a written request. All incoming requests are documented in the data protection register. Any such request must be made in writing and sent by the data subject.
The data subject may contact the company’s representative with any requests or questions regarding their personal data through any of the provided contact details.
The company is required to assess the request within 30 days of receiving a written request (submitted electronically or by post). If necessary, considering the complexity of the request and the number of ongoing requests, the company may extend the deadline for assessing the request. The data subject must be informed in advance about the extension and the reasons for it.
If the data subject’s request is well-founded, the company will implement the requested measure within the procedural deadline and provide written notification to the data subject about the implementation. If necessary, considering the complexity of the request and the number of ongoing requests, this deadline may be extended by an additional two months. The data controller must inform the data subject of the extension and the reasons for the delay within one month of receiving the request. If the data subject submitted the request electronically, the response should, if possible, also be provided electronically unless the data subject requests otherwise.
If the company rejects the data subject’s request, it must issue a written decision detailing the factual basis and legal justification, including appropriate legal regulations and case law, and inform the data subject of the remedies available against the company’s decision.
If the data subject disagrees with the company’s decision or if the company fails to meet the procedural deadlines, the data subject may contact the supervisory authority or seek judicial remedy.
If the data subject believes that the processing of their personal data by the company violates applicable data protection laws, particularly concerning the processing of personal data, they have the right to file a complaint with the National Authority for Data Protection and Freedom of Information.
Website
https://naih.hu/
Address
1055 Budapest, Falk Miksa utca 9-11.
Postal Address
1363 Budapest, Pf.: 9.
Telefon
+36-1-391-1400
Fax
+36-1-391-1410
Email
ugyfelszolgalat@naih.hu
The data subject also has the right to lodge a complaint with a supervisory authority established in the EU member state of their habitual residence, workplace, or the place of the alleged infringement.
The data subject may seek judicial remedy independently of their right to file a complaint if their personal data is processed in violation of their rights defined by the GDPR and/or the Info Act. The data subject may initiate legal proceedings against the company as the data controller before a Hungarian court. If the data subject wishes to initiate legal proceedings against the data processor, they must do so before the court of the member state where the data processor has its activities.
The data subject can bring the case before the court of their place of residence or domicile. The contact information for Hungarian courts can be found at the following link: Hungarian Courts.
If the data subject’s habitual residence is in another EU member state, the case can be brought before the court of the member state where the data subject’s habitual residence is located.
The data controller reserves the right to unilaterally amend this Notice with effect from the date of the amendment. The data controller reserves the right to unilaterally modify or withdraw the provisions of this Notice at any time based on its discretion, notifying the data subject by making the current version of the Notice accessible. This Notice may be amended particularly if required by legislative changes, data protection authority practices, business needs, or newly discovered security risks.
Budapest, January 1, 2023.