1. Name of company

  • Name of Data Controller: DYNTELL Hungary Limited Liability Company
  • Company registration number of the Data Controller: 01-09-988735
  • Tax number of the data controller: 23587751-2-43
  • Data Controller’s registered office.
  • E-mail address of the Data Controller: info@dyntell.com
  • Data Controller’s representative: Péter Salga Managing Director

2. Data management rules

Since informational self-determination is a fundamental right of every natural person under the Fundamental Law, the Company shall only and exclusively process data in accordance with the provisions of the applicable legislation.

Personal data may only be processed for the exercise of a right or the performance of an obligation. The use of personal data processed by the Company for private purposes is prohibited. The processing must always comply with the purpose limitation principle.

The Company shall process personal data only for specified purposes, for the exercise of a right and the performance of an obligation, to the minimum extent and for the minimum time necessary to achieve the purpose. At all stages of processing, the purpose must be fulfilled – and if the purpose of the processing ceases to exist or the processing is otherwise unlawful, the data will be deleted. Deletion is carried out by the Company employee who actually processed the data. The erasure may be verified by the person who has effective control over the employee and by the Data Protection Officer.

The processing of personal data is lawful only if and insofar as at least one of the following conditions is met:

  1. the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  2. the processing is necessary for the performance of a contract to which the data subject is a party or for the purposes of taking steps at the request of the data subject prior to entering into a contract;
  3. processing is necessary for compliance with a legal obligation to which the controller is subject;
  4. processing is necessary to protect the vital interests of the data subject or of another natural person;
  5. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  6. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.

In all cases, the Company shall inform the data subject of the purpose of the processing and the legal basis for the processing before the data are collected.

3. Rights of data subjects and enforcement of data subjects' rights

Right to information

The principle of fair and transparent processing requires that the data subject is informed about the fact and purposes of the processing and other factors.

At the request of the data subject, the controller should provide information about the data of the data subject processed by the controller or by a processor to whom the controller or the processor has delegated the processing, the source of the data, the purposes, legal basis and duration of the processing, the name and address of the processor and the activities of the processor in relation to the processing, the circumstances of the personal data breach, its effects and the measures taken to remedy it, and, in the case of a transfer of personal data of the data subject, the legal basis and the recipient of the transfer.

The information shall, as a general rule, be provided free of charge if the person requesting the information has not yet submitted an information request to the Data Controller for the same set of data in the current year. In other cases, a fee may be charged. The amount of the reimbursement may be fixed in a contract between the parties. Reimbursement of costs already paid shall be made if the data have been processed unlawfully or if the request for information has led to a correction.

Right of access

The data subject is entitled to have access to personal data and the following information:

  1. the purpose of the processing;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipients to whom or which the personal data have been or will be disclosed, including recipients in third countries, international organisations;
  4. the envisaged period of storage of the personal data or, where this is not possible, the criteria for determining that period;
  5. the right of the data subject to obtain from the controller the rectification, erasure or restriction of the processing of personal data concerning him or her and to object to the processing of such personal data;
  6. the right to lodge a complaint with a supervisory authority;
  7. if the data have not been collected from the data subject, any available information on their source;
  8. the fact of automated decision-making, including profiling, and, at least in these cases, the logic used and clear information on the significance of such processing and its likely consequences for the data subject.

The data subject shall also have the right to obtain from the Data Controller a copy of the personal data which are the subject of the processing. The Controller may charge a reasonable fee for any additional copies requested by the data subject. If the data subject has made the request by electronic means, the information shall be provided in a commonly used electronic format, unless the data subject requests otherwise.

Right of rectification

The data subject shall have the right to obtain, at his or her request and without undue delay, the rectification of inaccurate personal data relating to him or her or a supplement to such data.

The head of the department processing the data shall correct the inaccurate data, provided that the necessary data and the supporting documents are available, and, where the grounds set out in Article 17 of the GDPR apply, shall arrange for the erasure of the personal data processed.

Right to erasure and oblivion

The data subject shall have the right to obtain, at his or her request and without undue delay, the erasure of personal data relating to him or her where one of the following grounds applies:

(a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
(b) the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;
(c) the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
(d) the personal data have been unlawfully processed;
(e) the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
(f) the personal data have been collected in connection with the provision of information society services to children under the age of 16;

If the controller has disclosed the personal data and the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, the controller shall delete them and shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the controllers that process the data that the data subject has requested the deletion of the links to or copies or replicas of the personal data in question.

Nor may the personal data be erased at the request of the data subject in the case of processing under Article 17(3) of the GDPR.

Right to restriction, blocking

The data subject shall have the right to obtain, at his or her request, the restriction of processing by the Company if one of the following conditions is met:

  1. the data subject contests the accuracy of the personal data, in which case the restriction shall apply for the period of time necessary to allow the Controller to verify the accuracy of the personal data;
  2. the processing is unlawful and the data subject opposes the erasure of the data and instead requests the restriction of their use;
  3. the controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or
  4. the data subject has objected to the processing, in which case the restriction shall apply for a period until it is established whether the legitimate grounds of the Controller prevail over the legitimate grounds of the data subject.

Notification obligations relating to rectification or erasure of personal data or restriction of processing

The Controller shall inform each recipient to whom or with which the personal data have been disclosed of any rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. At the request of the data subject, the Controller shall inform the data subject of these recipients.

Right to data portability

The data subject shall have the right, subject to the conditions of Article 27(1) of the GDPR, to receive the personal data concerning him or her which he or she has provided to the controller in a structured, commonly used, machine-readable format and to transmit such data to another controller.

Right to object

The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data in the public interest or in the exercise of official authority vested in the controller, or in the context of the legitimate interests pursued by the controller or a third party, including profiling based on the aforementioned provisions.

The data subject may object to the processing of his or her personal data:

  • where the processing or transfer of personal data is necessary solely for compliance with a legal obligation to which the controller is subject or for the purposes of the legitimate interests pursued by the controller, the recipient or a third party, except in cases of mandatory processing;
  • where the personal data are used or transmitted for direct marketing, public opinion polling or scientific research purposes; and
  • in other cases specified by law.

The Data Controller shall inform the data subject of the action taken in response to the request without undue delay and in any event within one month of receipt of the request. If necessary, taking into account the complexity of the request and the number of requests, this time limit may be extended by a further two months. The controller shall inform the data subject of the extension of the time limit within one month of receipt of the request, stating the reasons for the delay. Where the data subject has made the request by electronic means, the information shall be provided by electronic means where possible, unless the data subject requests otherwise.

If the Data Controller establishes that the data subject’s objection is justified, the Data Controller shall terminate the processing, including further collection and transmission of data, block the data and notify the objection and the measures taken on the basis of the objection to all those to whom the personal data concerned by the objection were previously disclosed and who are obliged to take action to enforce the right to object.

Right to apply to the courts and right to lodge a complaint

The Data Controller shall also compensate the damage caused to others by the unlawful processing of the data subject’s data or by the breach of data security requirements, as well as the damages in the event of a personal injury caused by the Data Controller or by a data processor engaged by the Data Controller. The Controller shall be exempted from liability for the damage caused and from the obligation to pay the damage fee if it proves that the damage or the infringement of the data subject’s personality rights was caused by an unforeseeable cause outside the scope of the processing. Likewise, it shall not compensate the damage if it was caused by the intentional or grossly negligent conduct of the injured party.

If the Data Controller fails to take action on the request of the data subject, the Data Controller shall inform the data subject without delay, but at the latest within one month of receipt of the request, of the reasons for the failure to take action and of the right to lodge a complaint with the NAIH (1125 Budapest, Szilágyi Erzsébet fasor 22/C.) and to exercise his or her right to judicial remedy, including before the competent court of law of the place of residence or domicile.

4. Data processing during the use of the website of DYNTELL Hungary Ltd.

The Locations of Data Processing:

  • Headquarters: 1117 Budapest, INFOPARK, Gábor Dénes utca 2. building D. 1. floor.
  • Branch(s): 4024 Debrecen, Csapó utca 28. 4. floor. 1.

Contact

The Company has its own website, which can be found at:

  • http://www.dyntell.com/

The website is operated by the Company.

The Company provides the possibility for the visitor to contact the Company through the websites. By filling in a form, the visitor can provide the relevant information required to contact the Company. However, the data can only be sent if the data subject accepts the Company’s privacy policy by ticking a box, otherwise they will not be able to send their message.

Purpose of Processing: to facilitate contact with the Company

Scope of Data Processed: name, company name, e-mail address, telephone number, message text

Legal Basis for Processing: data subject’s consent pursuant to Article 6(1)(a) GDPR

Time Limit for Data Storage: until the contact case is settled (until the purpose is achieved)

Method of Data Storage: electronic

Cookies

The Data Controller shall also compensate the damage caused to others by the unlawful processing of the data subject’s data or by the breach of data security requirements, as well as the damages in the event of a personal injury caused by the Data Controller or by a data processor engaged by the Data Controller. The Controller shall be exempted from liability for the damage caused and from the obligation to pay the damage fee if it proves that the damage or the infringement of the data subject’s personality rights was caused by an unforeseeable cause outside the scope of the processing. Likewise, it shall not compensate the damage if it was caused by the intentional or grossly negligent conduct of the injured party.

If the Data Controller fails to take action on the request of the data subject, the Data Controller shall inform the data subject without delay, but at the latest within one month of receipt of the request, of the reasons for the failure to take action and of the right to lodge a complaint with the NAIH (1125 Budapest, Szilágyi Erzsébet fasor 22/C.) and to exercise his or her right to judicial remedy, including before the competent court of law of the place of residence or domicile.

5. Issues not covered by this leaflet

In matters not specified in this notice, the rules of the Infotv. and Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) shall apply.

© 2024 Dyntell Software, All Rights Reserved.

SimplePay customer information