Pursuant to the Regulation 2016/679 of the European Parliament and of the Council on General Data Protection – GDPR – concerning the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
Version: 2 / 28/12/2019
Our main objective at BeLazy Kft. is to satisfy the needs of our clients through our translation project management services enabling them to attain, as far as possible, measurable financial benefits by operating their system(s).
Our firm, BeLazy Kft., as a data controller and a responsible company, has a voluntarily recognized mission to protect personal data to provide lawful, flexible and authentic guarantees for privacy protection to both its customers and other private persons as data subjects.
Within data protection, our main objective is to employ juridical, IT and management solutions pursuant to the EU Regulation No. 2016/679 on General Data Protection (also known as: “GDPR”) as well as to Hungarian statutes and thereby facilitate the enforcement of the rights and interests of private persons as data subjects associated internally or externally with our Company.
It is one of our core goals to ensure the highest possible security in our processes and operations connected to data processing, to do everything possible to prevent data breaches, which cannot be avoided with 100% certainty even with the technological advances in today’s information society.
To this end, we accurately identify and evaluate the specific data processing operations, we have developed solutions for the record-keeping of data processing, we carry out the necessary risk management and take measures to mitigate and eliminate the identified risks.
We have transformed our everyday activities and developed our policies, records, sample documents, applications and communications accordingly.
2. GENERAL INFORMATION
2.1. General Information for Private Persons as Data Subjects
We, as data controller, carry out our data processing activities pursuant to the Regulation No. 2016/679 of the European Parliament and of the Council on General Data Protection, also known as GDPR, which fundamentally regulates the protection of natural persons with regard to the processing of personal data and the free movement of such data within the EEC and their transfer to third countries. States, which are not members of the EEC, are considered third countries.
3. LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
Data of private persons may solely be processed if at least (minimum) one of the following applies:
3.1. Conditions for Data Processing Based on the Consent by the Data Subject
3.2. Data Processing for Compliance with a Legal Obligation
Data processing necessitated by compliance with legal obligations shall not require consent from the data subject, because the data is processed based on law.
Regardless of the mandatory nature of the data processing, the data subject must be informed before and during the processing of the data, that data processing is mandatory and cannot be avoided. Furthermore, the data subject must be provided clear and detailed information on all significant aspects concerning the processing of his/her data before any data processing is initiated.
3.3. Data Processing in Connection with the Performance of a Contract
3.4. Data Processing based on the Legitimate Interest of the Data Controller
4. DATA PROCESSING BY THE DATA CONTROLLER
4.1. Processing of Data Belonging to Contact Persons of Legal Entities
Processing contact details of representatives and contact persons of those customers and potential customers, partners, subcontractors or suppliers (companies, institutions), authorities and natural persons, who are not considered data subjects:
Official, paper-based, mailed items constitute an exception to the above, as these are stored on paper in the administrative office of our Company.
4.2. Data of Newsletter Recipients
4.3. Data Processing on the Website of the Data Controller
Cookies are tiny data files placed by the visited website on the user’s computer. The purpose of the cookie is to facilitate the Internet service and make it more user friendly.
Cookies do not contain personal data and are not suitable for identifying an individual user. Cookies usually contain identifiers stored on the visitor’s device.
The visitor can delete cookies from his/her computer, or can choose a setting in his/her browser so cookies are disabled.
You can find further information with regards to deleting cookies under the following links.
Data collected and managed by statistical programs when using websites
We as data controller use Google Analytics to measure visitor traffic of our website. As part of the service information containing web analytics is transmitted. The transferred data is not suitable for identifying individual data subjects.
5. DATA PROCESSORS
Our data processors provide our company, BeLazy Kft. with IT maintenance and development and accountancy services. The Data Processors shall store personal data on the basis of a contract with us as Data Controller. They are not authorised to access the personal data.
The Data Processor providing accountancy services shall participate in the bookkeeping of accounting documents based on a written contract with us as Data Controller. In doing so, the Data Processor processes the name and address of the data subject to the extent required for the accounting records for an appropriate period prescribed in the accounting legislation, and then deletes it immediately.
6. DATA SECURITY MEASURES
The GDPR, the European Union’s General Data Protection Regulation, imposes legal, IT, organisational and technical duties and consideration in general to prevent and address personal data breaches and to protect personal data.
Data security measures are used to prevent any personal data breach. The following measures have been introduced for addressing a personal data breach.
7.1. Definition of a Personal Data Breach
Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
In particular, any of the following incidents can be considered a personal data breach: theft or loss of a “corporate” laptop or mobile phone, unauthorized access to databases containing personal data.
7.2. Addressing a Personal Data Breach
8. RIGHTS OF DATA SUBJECTS
General information on the particular rights in plain language
The data subject shall be entitled at any time to be informed in a comprehensible manner of the facts and information relating to the processing of the data, and this right shall exist in particular prior to the commencement of the processing of the data.
The data subject shall have the right to obtain from the controller a concise and comprehensible confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the relating information stipulated in the EU Regulation.
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. The data subject shall have the right to have faulty, incomplete personal data amended, completed.
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay in certain cases.
This right of the data subject is particularly relevant to personal data processed on the basis of his/her consent. In certain other cases, e.g. when data is processed on the basis of fulfilling a legal obligation, this right is expressly limited.
Erasure is not applicable, where the processing of the data is a necessary:
The data subject shall have the right to obtain from the controller restriction of processing, where certain conditions are met. This case is mostly applicable in order to freeze a certain status of data processing, which is either a precedent of a dispute situation or a concrete dispute itself.
Notification obligation related to rectification or erasure of personal data or restriction of data processing
The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed. Exemption: the controller is not expected to fulfil this obligation if it proves impossible or involves a disproportionate effort.
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
The data subject shall have the right to object at any time to processing of personal data concerning him or her if processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or if processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. In this case the data subject may request manual, human intervention and decision making.
When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons concerned by the data breach, the controller shall communicate the personal data breach to the data subject without undue delay.
The data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement, if the data subject considers that the processing of personal data relating to him or her infringes the EU data protection regulation.
Every natural or legal person shall have the right to an effective judicial remedy against a legally binding decision of a supervisory authority concerning him/her.
The right still prevails, if the supervisory authority does not handle a complaint or does not inform the data subject within three months on the progress or outcome of the complaint lodged.
Nemzeti Adatvédelmi és Információszabadság Hatóság
Szilágyi Erzsébet fasor 22/c., Hungary
Phone: +36 1 391 1400https://www.naih.hu/general-information.html
Every data subject shall have the right to start a civil lawsuit where he or she considers that his or her rights have been infringed as a result of the processing of his or her personal data in non-compliance with the EU Regulation.
9. PROCEDURES RELATED TO REQUESTS BY A DATA SUBJECT
9.1. Submission of a Request by a Data Subject
In conjunction with identifying him/herself, the data subject may submit an application to us as data controller via any means of his/her choice, such as:
9.2. Evaluation of an Application Submitted by a Data Subject
If we as data controller wish to carry out further data processing for purposes other than the purpose for which they were collected, we will inform the individual concerned about the purpose of the data processing and about the following information: