Privacy Policy
- Definitions:
- Data processing data processing’ shall mean the technical operations involved in data control, irrespective of the method and instruments employed for such operations and the venue where it takes place, provided that such technical operations are carried out on the data.
- Data processor shall mean a natural or legal person or unincorporated organization that is engaged in processing operations within the framework of and under the conditions set out by law, acting on the controller’s behalf or following the controller’s instructions.
- Controlling of data shall mean any operation or set of operations that is performed upon data, whether or not by automatic means, such as in particular collection, recording, organization, storage, adaptation or alteration, use, retrieval, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction, and blocking them from further use, photographing, sound and video recording, and the recording of physical attributes for identification purposes (such as fingerprints and palm prints, DNA samples and retinal images).
- Privacy Policy shall mean the present regulations.
- Controller shall mean the natural or legal person, or unincorporated body which alone or jointly with others determines the purposes of the processing of data within the framework of law or binding legislation of the European Union, makes decisions regarding data processing (including the means) and implements such decisions itself or engages a data processor to execute them.
- Disclosure by transmission shall mean making data available to a specific third party.
- Erasure of data shall mean the destruction or elimination of data sufficient to make them irretrievable.
- Personal data breach shall mean a breach of data security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
- Interested person shall mean a natural or legal person, who is interested in the services provided by the Service Provider, but did not conclude a service agreement with the Service Provider.
- Data subject shall mean the Client the employees of the Client, Interested Persons and the guests entering into the territory of House of Business office.
- GDPR shall mean regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- Authority: shall mean the Hungarian National Authority for Data Protection and Freedom of Information (Seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/c, Postal address:1530 Budapest, P.O. Box.: 5.).
- Consent shall mean any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which the data subject, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
- Data Protection Act shall mean Act CXII of 2011 on the right of informational Self-Determination and on Freedom of Information.
- Service Provider shall mean House of Business Bank Center Korlátolt Felelősségű Társaság (Company Registry Number.: 01-09-331085, Seat: 1054 Budapest, Szabadság tér 7., e-mail: bankcenter@houseofbusiness.com).
- Public disclosure shall mean making data available to the general public.
- Webpage shall mean the https://www.houseofbusiness.com/ page.
- Hungarian Civil Code shall mean Act V of 2013 on the civil code.
- Personal data shall mean any information relating to the data subject, in particular by reference to his name, an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity, and any reference drawn from such information pertaining to the data subject.
- Client shall mean a natural or legal person who has entered into a service agreement with Service Provider.
- Principles relating to controlling of personal data
- Personal data shall be
- controlled lawfully, fairly and in a transparent manner in relation to the Data subject (principle of lawfulness, fairness and transparency);
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (principle of purpose limitation);
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (principle of data minimisation);
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (principle of accuracy);
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; (principle of storage limitation);
- controlled in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (principle of integrity and confidentiality);
- The Controller shall be responsible for, and be able to demonstrate compliance with Section 2.1.1.-2.1.6. of the Privacy Policy.
- Data controlling concluded by the Service Provider
Data control 1. Conclusion of Client Contracts |
|
Controlled data | In all cases: Name, e-mail address, phone number, postal address, place and date of birth, mother’s maiden name, ID card number, the contracted services and pertaining service fees, (In case of contract concluded with legal person): Position, Tax number, registration number, in case of private entrepreneurs tax number and registration number |
Purpose of data controlling | Making offer, negotiating about the contract, conclusion of the contract |
Legal basis of the data control | GDPR Article 6 (1) b) – Controlling is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract |
Planned time of the data control | Until the 15thday after the termination of the contract |
Data subjects | Clients and their representatives/contact persons |
Name and contact details of data controller | Service Provider (See section 1.15.) |
Data protection officer (DPO) | Fehér Attila managing director |
Contact details of the DPO | +36-1-8037600, bankcenter@houseofbusiness.com |
Are the data transmitted? | For the accountant after the conclusion of the contract; To the auditor once a year; upon official request to the authorities |
Are the data processed | Accountant, auditor |
Purpose of data procession (if applicable) | In order to comply with legal accounting and auditing obligation |
Form and place of storage | The controlled data are stored in encrypted form in a central client database on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled. The security backups are also encrypted. |
Persons entitled to know the data | Employees of Service Provider |
Data control 2. Preparation of entry card for tenants/employees which provides access to the office building and the recording of data regarding entrance |
|
Controlled data | Client/employee name, related company name, scope of authorization, card number, photo, time of entering into the office building |
Purpose of data controlling | Creating an access card and ensuring that only authorized persons can enter the premises of the office building |
Legal basis of the data control | GDPR Article 6 (1) f) Enforcing legitimate interests pursued by the controller and Article 32 Act CXXXIII. of 2005 (Security Services Act) |
Planned time of the data control | Until the 15thday after the card is being returned. The data regarding the entrance to the building shall be deleted after the 15th day of the entrance |
Data subjects | Clients and their employees |
Name and contact details of data controller | Service Provider (See section 1.15.) |
Data protection officer (DPO) | Fehér Attila managing director |
Contact details of the DPO | +36-1-8037600, bankcenter@houseofbusiness.com |
Are the data transmitted? | |
Are the data processed | |
Purpose of data procession | |
Form and place of storage | The controlled data are stored in encrypted form on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. |
Persons entitled to know the data | Employees of Service Provider |
Data control 3. Data control related to debt collection |
|
Controlled data | Name, e-mail address, delivery address, amount of debt and related invoices (in case of a legal entity): position in the organization |
Purpose of data controlling | Managing client data for debt collection purposes |
Legal basis of the data control | GDPR Article 6 (1) f): Enforcing the legitimate interests pursued by the controller |
Planned time of the data control | Until the debt is settled or until the statue of limitation of civil law claims related to the debt (the latter is typically 5 years) |
Data subjects | Clients and their representatives and contact persons |
Name and contact details of data controller | Service Provider (See section 1.15.) |
Data protection officer (DPO) | Fehér Attila managing director |
Contact details of the DPO | +36-1-8037600, bankcenter@houseofbusiness.com |
Are the data transmitted? | Yes, for the legal representative |
Are the data processed | Authorized legal representative of the Service Provider |
Purpose of data procession (if applicable) | Recovery of receivables |
Form and place of storage | The controlled data are stored in encrypted form in a central debt collection database and in the mail system on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data | Employees of Service Provider, authorized legal representative of the Service Provider |
Data control 4. Sending offers, replying to messages from Interested persons |
|
Controlled data | Contact person’s name, e‐mail address, phone number, subject of contact (in the case of a legal person): related company name |
Purpose of data controlling | Upon request of Data subject, sending price offer and information about the Service Provider’s services for the purpose of concluding a contract |
Legal basis of the data control | GDPR Article 6 (1) a): Consent of data subject |
Planned time of the data control | If the data subject does not become a Client of the Service Provider, until the settlement of the negotiating phase, if the data subject becomes a Client of the organization, the 1st data control operation (see above) shall take place from the conclusion of the contract (Conclusion of the Customer Contract) |
Data subjects | Interested persons regarding the services of the Service Provider |
Name and contact details of data controller | Service Provider (See section 1.15.) |
Data protection officer (DPO) | Fehér Attila managing director |
Contact details of the DPO | +36-1-8037600, bankcenter@houseofbusiness.com |
Are the data transmitted? | |
Are the data processed | |
Purpose of data procession | |
Form and place of storage | The controlled data are stored in encrypted form in the mail system of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data | Employees of Service Provider |
Data control 5. Sending out newsletters |
|
Controlled data | Name, e ‐ mail address |
Purpose of data controlling | Sending materials for marketing purposes in order to promote the services of the Service Provider |
Legal basis of the data control | GDPR Article 6 (1) a): Consent of data subject |
Planned time of the data control | Until withdrawal of consent |
Data subjects | Clients and Interested persons in the services of the Service Provider |
Name and contact details of data controller | Service Provider (See section 1.15.) |
Data protection officer (DPO) | Fehér Attila managing director |
Contact details of the DPO | +36-1-8037600, bankcenter@houseofbusiness.com |
Are the data transmitted? | |
Are the data processed | |
Purpose of data procession | |
Form and place of storage | The controlled data are stored in encrypted form in a central client database (operate system) and in the mail system on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data | Employees of Service Provider |
Data control 6. Sending out informational e-mails to Clients regarding the services |
|
Controlled data | Name, e‐mail address |
Purpose of data controlling | Informing Clients of important information related to the Services |
Legal basis of the data control | GDPR Article 6 (1) b): Performance of contract |
Planned time of the data control | Until the 15th day after the termination of the legal relationship with the Client |
Data subjects | Clients and their contact persons |
Name and contact details of data controller | Service Provider (See section 1.15.) |
Data protection officer (DPO) | Fehér Attila managing director |
Contact details of the DPO | +36-1-8037600, bankcenter@houseofbusiness.com |
Are the data transmitted? | |
Are the data processed | |
Purpose of data procession | |
Form and place of storage | The controlled data are stored in encrypted form in a central client database (operate system) and in the mail system on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data | Employees of Service Provider |
Data control 7. Filing and registering incoming documents |
|
Controlled data | Client/employee (consignee) name, date of receipt, name and address of consignor, consignment tracking number |
Purpose of data controlling | Keeping records in order to trace which Client/employee received consignment from whom and when |
Legal basis of the data control | GDPR Article 6 (1) b): Performance of contract |
Planned time of the data control | For 1 year after the receipt of the consignment, in order to confirm the receipt and traceability of the consignments |
Data subjects | Clients and their employees, consignees |
Name and contact details of data controller | Service Provider (See section 1.15.) |
Data protection officer (DPO) | Fehér Attila managing director |
Contact details of the DPO | +36-1-8037600, bankcenter@houseofbusiness.com |
Are the data transmitted? | |
Are the data processed | |
Purpose of data procession | |
Form and place of storage | In the postal register related to the filing of incoming documents, on paper, in a closed cabinet. |
Persons entitled to know the data | Employees of Service Provider |
Data control 8. Filing of outgoing documents for invoicing purposes |
|
Controlled data |
For both postal and courier items: Client/employee name, address, date of dispatch, consignee’s name, consignment tracking number (identification number) In the case of courier services, the following as well: consignee’s name, phone number, e-mail address |
Purpose of data controlling | Keeping records in order to invoice the costs of outgoing mails to the Client; and, in the case of courier, all contact details required for an effective delivery |
Legal basis of the data control |
GDPR Article 6 (1) b): Performance of Contract GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Invoicing) |
Planned time of the data control |
Until the 30th day after the end of the month to which the invoice relates, if invoice containing the costs of the letter is paid. In the event of default, until the end of the debt collection procedure In the case of courier items contact data controlled will be deleted 15 days after successful delivery. |
Data subjects | Clients and their employees, consignees |
Name and contact details of data controller | Service Provider (See section 1.15.) |
Data protection officer (DPO) | Fehér Attila managing director |
Contact details of the DPO | +36-1-8037600, bankcenter@houseofbusiness.com |
Are the data transmitted? | Yes, with the purpose of sending mail, courier items |
Are the data processed | Mail Services Kft., MBE Hungary Kft., Courier service |
Purpose of data procession | Posting of letters, packages |
Form and place of storage |
The controlled data are stored in encrypted form in a central client database (operate system) and in the mail system on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. The contact data required for the delivery of courier items will only be indicated on the item and will be forwarded to the courier service immediately for delivery. |
Persons entitled to know the data | Employees of Service Provider, Mail Services Kft., MBE Hungary Kft., Courier service |
Data control 9. Operating call center and invoicing of its costs |
|
Controlled data | Client name, phone number, detailed call log / detailed call list |
Purpose of data controlling | Keeping records of call expenses for Clients who requested IP-based phone system service, operating the connection between the central phone and the extensions |
Legal basis of the data control |
GDPR Article 6 (1) b): Performance of Contract GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Invoicing) |
Planned time of the data control | Until the 30th day after the end of the month to which the invoice relates, if the invoice containing the costs of the calls are paid. In the event of default, until the end of the debt collection procedure. |
Data subjects | Clients |
Name and contact details of data controller | Service Provider (See section 1.15.) |
Data protection officer (DPO) | Fehér Attila managing director |
Contact details of the DPO | +36-1-8037600, bankcenter@houseofbusiness.com |
Are the data transmitted? | |
Are the data processed | |
Purpose of data procession | |
Form and place of storage | The controlled data are stored in encrypted form in a central client database (operate system) on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. The summary of the call lists arrives from the telecommunication service provider to the Service Provider on paper, in aggregate form. |
Persons entitled to know the data | Employees of Service Provider |
Data control 10. Data control related to the reservation of meeting rooms |
|
Controlled data | Client name, date of meeting room use, duration, number of participants |
Purpose of data controlling | Keeping records of the costs of Clients who requested rental service regarding the meeting rooms, for invoicing purposes |
Legal basis of the data control |
GDPR Article 6 (1) b): Performance of Contract GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Invoicing) |
Planned time of the data control | Until the 30th day after the end of the month to which the invoice relates, if the invoice containing the meeting room rental fees is paid. In the event of default, until the end of the debt collection procedure |
Data subjects | Clients |
Name and contact details of data controller | Service Provider (See section 1.15.) |
Data protection officer (DPO) | Fehér Attila managing director |
Contact details of the DPO | +36-1-8037600, bankcenter@houseofbusiness.com |
Are the data transmitted? | |
Are the data processed | |
Purpose of data procession | |
Form and place of storage | The controlled data are stored in encrypted form in a central client database (operate system) on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data | Employees of Service Provider |
Data control 11. Data control related to private office use |
|
Controlled data | Client name, date of private office use |
Purpose of data controlling | Keeping records of the costs of Clients who requested rental service regarding private offices, for invoicing purposes |
Legal basis of the data control |
GDPR Article 6 (1) b): Performance of Contract GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Invoicing) |
Planned time of the data control | Until the 30th day after the end of the month to which the invoice relates, if the invoice containing the private office fees is paid. In the event of default, until the end of the debt collection procedure. |
Data subjects | Clients |
Name and contact details of data controller | Service Provider (See section 1.15.) |
Data protection officer (DPO) | Fehér Attila managing director |
Contact details of the DPO | +36-1-8037600, bankcenter@houseofbusiness.com |
Are the data transmitted? | |
Are the data processed | |
Purpose of data procession | |
Form and place of storage | The controlled data are stored in encrypted form in a central client database (operate system) on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data | Employees of Service Provider |
Data control 12. Invoicing related to prints and scans sent directly to the cloud-based printer by the Client |
|
Controlled data | Name, number of printed/scanned pages (the Service Provider does not have access to the content of the scanned / printed document) |
Purpose of data controlling | Keeping records of the costs of Clients who requested service regarding printing/scanning, for invoicing purposes |
Legal basis of the data control |
GDPR Article 6 (1) b): Performance of Contract GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Invoicing) |
Planned time of the data control | Until the 30th day after the end of the month to which the invoice relates, if the invoice containing the costs of printing/scanning is paid. In the event of default, until the end of the debt collection procedure. |
Data subjects | Clients |
Name and contact details of data controller | Service Provider (See section 1.15.) |
Data protection officer (DPO) | Fehér Attila managing director |
Contact details of the DPO | +36-1-8037600, bankcenter@houseofbusiness.com |
Are the data transmitted? | |
Are the data processed | |
Purpose of data procession | |
Form and place of storage | The controlled data are stored in a cloud-based electronic system. |
Persons entitled to know the data | Employees of Service Provider |
Data control 13. Data stored in connection with administrative assistance given to Clients |
|
Controlled data | Personal data provided by the Client with consent |
Purpose of data controlling | Administrative assistance given to Client (for printing, scanning etc.), only in exceptional cases and only at the express request of the Client |
Legal basis of the data control | GDPR Article 6 (1) a): Consent of data subject |
Planned time of the data control | If administrative assistance is not required for invoicing, the data will be deleted immediately after the assistance is performed. If the assistance is related to invoicing, until the 30th day after the end of the month to which the assistance relates, if the invoice containing the costs of the assistance is paid. In the event of default, until the end of the debt collection procedure. |
Data subjects | Clients |
Name and contact details of data controller | Service Provider (See section 1.15.) |
Data protection officer (DPO) | Fehér Attila managing director |
Contact details of the DPO | +36-1-8037600, bankcenter@houseofbusiness.com |
Are the data transmitted? | |
Are the data processed | |
Purpose of data procession | |
Form and place of storage |
The controlled data are stored in the form of which was made available by the Client. The controlled data are stored in encrypted form in a central client database (operate system) on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data | Employees of Service Provider |
Data control 14. Keeping records of the measures related to exercising data subject rights in accordance with GDPR |
|
Controlled data | Name, contact information, decision, submission, registration data |
Purpose of data controlling | Compliance with the obligation to register the exercise of data subject rights in accordance with GDPR (cp. Article 5 (2) and Article 12) |
Legal basis of the data control | GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject |
Planned time of the data control | For 5 years after the request is processed |
Data subjects | Individuals requesting data subject access rights |
Name and contact details of data controller | Service Provider (See section 1.15.) |
Data protection officer (DPO) | Fehér Attila managing director |
Contact details of the DPO | +36-1-8037600, bankcenter@houseofbusiness.com |
Are the data transmitted? | Only for the authorities upon authority request |
Are the data processed | |
Purpose of data procession | |
Form and place of storage | The controlled data are stored in electronic form on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data | Employees of Service Provider, the authority upon request of authorities |
Data control 15. Data control related to the invoicing of additional services used by the Client |
|
Controlled data |
Client name, additional service used and its remuneration Additional services: Exit painting, costs of construction works, kitchen services, internet service, administrative support, furniture sales, furniture rental, furniture delivery, Catering service, Envelope, CD, Scotch tape, battery, DVD, etiquette label, genotherm, rubber folder, extension cord, internet cable, corrector, staple folder, stapler set, copy paper, Post it, staple purchase, Mineral water purchase, plant rental and care, lamination, spiralling |
Purpose of data controlling | Invoicing for additional services used by the Clients |
Legal basis of the data control |
GDPR Article 6 (1) a): Consent of data subject GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Invoicing) |
Planned time of the data control | Until the 30th day after the end of the month to which the invoice relates, if the invoice containing the costs of the additional services is paid. In the event of default, until the end of the claim management procedure. |
Data subjects | Clients |
Name and contact details of data controller | Service Provider (See section 1.15.) |
Data protection officer (DPO) | Fehér Attila managing director |
Contact details of the DPO | +36-1-8037600, bankcenter@houseofbusiness.com |
Are the data transmitted? | |
Are the data processed | |
Purpose of data procession | |
Form and place of storage | The controlled data are stored in encrypted form in a central client database (operate system) on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data | Employees of Service Provider |
Data control 16. Issuance and storage of invoices and receipts |
|
Controlled data | Client name, seat/ address, e-mail address, tax number, services used, date of invoice and execution, payment deadline, amount payable |
Purpose of data controlling | Compliance with invoicing obligation in accordance with the laws |
Legal basis of the data control | GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject |
Planned time of the data control | For 8 years after the invoice has been issued in line with Accounting Act (currently Article 169 Act C of 2000) |
Data subjects | Clients |
Name and contact details of data controller | Service Provider (See section 1.15.) |
Data protection officer (DPO) | Fehér Attila managing director |
Contact details of the DPO | +36-1-8037600, bankcenter@houseofbusiness.com |
Are the data transmitted? | Yes, for the accountant and the Tax Authority (in order to comply with legal obligation) |
Are the data processed | Accountant |
Purpose of data procession | In order to comply with legal invoicing and bookkeeping obligation |
Form and place of storage |
Electronically in the szamlazz.hu system and in the mail system of the Service Provider. For those Clients who do not accept electronic invoices, the invoices are issued and stored on paper. |
Persons entitled to know the data | Employees of Service Provider, Accountant, Tax Authority |
Data control 17. Personal data control while providing virtual office / registered seat address services |
|
Controlled data | Natural identification data of the managing director/ representative and the beneficial owner, citizenship, address, type and number of identification document, in the case of delivery agent its name and address; in the case of managing director/representative a copy of the identity card and a copy of the address card’s side which does not include the personal identification number; in the case of beneficial owner, the nature and extent of the ownership interest, and if (s)he qualifies as a politically exposed person. |
Purpose of data controlling | Compliance with the obligations under the legislation on registered seat address service and money laundering |
Legal basis of the data control | GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Compliance with obligations under the Money Laundering Act) |
Planned time of the data control | For 8 years after the termination of virtual office/registered seat address service contract in line with Money Laundering Act |
Data subjects | Managing director/representative and the beneficial owner of the Clients, and the delivery agent of a member/managing director of a legal entity |
Name and contact details of data controller | Service Provider (See section 1.15.) |
Data protection officer (DPO) | Fehér Attila managing director |
Contact details of the DPO | +36-1-8037600, bankcenter@houseofbusiness.com |
Are the data transmitted? | Only to the competent authority upon official request |
Are the data processed | |
Purpose of data procession | |
Form and place of storage | On paper in accordance with the Service Provider’s internal regulations in line with the Money Laundering Act. The registered documents are stored in separate folders belonging to each Client, separated from the other documents of the Client. |
Persons entitled to know the data | Employees of Service Provider, authorities upon request |
Data control 18. Data control related to camera system |
|
Controlled data | During the operation of the Camera Systems, the portrait (moving image) and actions of the Data subjects who appear in the field of view of the cameras will be monitored and recorded. The camera system does not record any sound. |
Purpose of data controlling | The camera system installed in the territory of House of Business is solely for the purpose of protection of human life, physical integrity, personal freedom, prevention and proof of violations, and to protect the property of House of Business and the Clients. It is probable that the detection of violations and the actions of perpetrators, and the prevention and proof of these violent acts cannot be achieved by any other methods. The purpose of data control is not to monitor the behaviour and habits of people in the premises of House of Business. |
Legal basis of the data control | GDPR Article 6 (1) f): Enforcing the legitimate interests pursued by the controller |
Planned time of the data control | The portrait (moving image) or actions of Data subject recorded during the operation of the camera system will be stored for 15 days after the recording, the recordings will be automatically deleted afterwards – except for the case of use. Use is considered to be the use of the recorded image and other Personal Data as evidence in court or other official proceedings due to suspicion of a crime, violation of the law, unlawful conduct or damage, and if the Data subject wishes to inspect the recordings concerning himself/herself. |
Prior notice of data control |
Those wishing to enter or stay on the premises of House of Business will be informed in advance of the data controlled related to the camera system, the rights of Data subjects and of the identity and contact details of the operator.
|
Data subjects | Clients and their employees, guests and all persons entering the premises of House of Business |
Name and contact details of data controller | Service Provider (See section 1.15.) |
Data protection officer (DPO) | Fehér Attila managing director |
Contact details of the DPO | +36-1-8037600, bankcenter@houseofbusiness.com |
Are the data transmitted? | For the court or authority upon request |
Are the data processed | |
Purpose of data procession | |
Form and place of storage | The controlled data are stored in electronic form on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled. The security backups are also encrypted. |
Persons entitled to know the data |
The operator of the camera system and the managing director of the Service Provider. The operator of the camera system shall be a person specified in the Security Services Act.
A report shall be drawn up on the inspection of the recordings made by the camera system, which shall contain the data necessary in order to identify the recording, the name of the person who is entitled to know the data, as well as the purpose and time of access to the data. |
- Disposal of personal data
- If any changes occur in the controlled Personal Data, we ask the Data subjects to notify the Service Provider of the changes within 3 days, in order to ensure the data’s accuracy. In case the Data subject fails to notify the Service Provider of change, the Service Provider is not responsible for the accuracy of the data.
- Any request regarding personal data deletion shall be submitted to the Service Provider (via e-mail or in writing)
- Once the request to delete or modify personal data has been fulfilled, the previous (deleted) data can no longer be recovered.
- Rights of Data subjects regarding personal data control
Data subjects have the following rights in regards with data control
- Right of access: the Data Subject shall request information on the controlled data, the purpose and time of data controlling and to whom the data is transferred, as well as the source of the controlled data.
- Right to rectification: in case of change in the data of the Data subject, inaccurate or incomplete data recording, the Data subject shall have right to request correction, rectification or clarification.
- Right to erasure: Data Subject shall request the erasure of his/her Personal data in the cases described in the Data Protection Act and the GDPR.
- Right to restriction of controlling: Data Subject shall request the restriction of Personal data control in the cases described in Data Protection Act and the GDPR.
- If a request set forth in Section 5.1-5.4. has been submitted, the Controller shall act in accordance with the provisions of the Data Protection Act and the GDPR and shall inform the Data Subject within one month of the measures taken on the basis of the request.
- Right to withdraw consent: Data subject is entitled to withdraw Consent given for the controlling of Personal data which is controlled on the basis of Consent at any time, which, however, does not affect the lawfulness of the data control prior to the withdrawal.
- Right to lodge a complaint: Data Subject is entitled to submit a complaint to the competent supervisory Authority (see section 1.12.) in case of a violation regarding the controlling of Personal data.
- Right to remedy: Further the Data Subject is also entitled to bring an action against the Controller in front of the court in the event of a breach regarding personal data protection.
- Right to object: Data subject shall have the right to object to the Personal data control based on Article 6 (1) e) or f) of GDPR at any time, including profiling based on the mentioned provisions.
- Occurrence of Personal data breach
- In the event of Personal data breach Controller shall notify the Authority without undue delay and, if possible, within 72 hours after becoming aware of the breach, unless the Personal data breach is not likely to pose a risk to the rights and freedoms of natural persons. If the notification does not happen within 72 hours, the cause for the delay must be attached as well.
- The Data Processor shall notify the Controller of the Personal data breach without undue delay after becoming aware of the breach.
- If the Personal data breach is likely to pose a high risk to the rights and freedoms of natural persons, the Controller shall, without undue delay, inform the Data subject of the Personal data breach.
- Anonymous user IDs (cookies), data control for statistical purposes
- The Webpage uses anonymous user IDs (cookies) to increase the quality of the use and to make the use of the Webpage easier for visitors. (An anonymous user ID – cookie – is a series of tokens suitable for unique computer identification and storage of profile information, which is placed on the User’s computer by the service providers. The token itself cannot identify the User in any way, it is only suitable for recognizing the computer.) If you prefer the anonymous user ID to not be placed on your computer, you can configure your browser so that it does not allow them to be placed. In this case, however, you may not be able to have access to some services or not in the form in which you allow the placement of anonymous user IDs.
- The Service Provider collects anonymous information and data on the Webpage for statistical purposes. This information relates to an unidentified or unidentifiable natural person and to personal data which have been anonymised in such a way that the data subject is either not identified or can no longer be identified. The provisions of GDPR does not cover the control of these information [see recital 26 of GDRP].
- Data security measures
- During managing documents, the access to each document and data shall be restricted to the persons listed in the last rows of the tables published in section 3.
- Regarding physical data security, the Service Provider ensures the proper closing and protection of its doors and windows. Only those who duly substantiate their legal interest may inspect the documents.
- The premises in which data storage devices are placed have been designed by the Service Provider in a way that they are suitable to provide sufficient security against unauthorized or violent intrusion, fire or natural disaster.
- Assistance, comments, complaint handling
- Assistance to the Data subject regarding data control and securing Personal data rights is provided by the person designated as the Data Protection Officer at the Controller.
- Right of amendment
- The Service Provider reserves the right to unilaterally amend the Privacy Policy by informing Data subjects on the Webpage or via e-mail. The Service Provider shall publish the amended Privacy Policy on the Webpage on the tenth (10th) day before the amended Privacy Policy enters into force.
[Date]
- Definitions:
- Data processing data processing’ shall mean the technical operations involved in data control, irrespective of the method and instruments employed for such operations and the venue where it takes place, provided that such technical operations are carried out on the data.
- Data processor shall mean a natural or legal person or unincorporated organization that is engaged in processing operations within the framework of and under the conditions set out by law, acting on the controller’s behalf or following the controller’s instructions.
- Controlling of data shall mean any operation or set of operations that is performed upon data, whether or not by automatic means, such as in particular collection, recording, organization, storage, adaptation or alteration, use, retrieval, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction, and blocking them from further use, photographing, sound and video recording, and the recording of physical attributes for identification purposes (such as fingerprints and palm prints, DNA samples and retinal images).
- Privacy Policy shall mean the present regulations.
- Controller shall mean the natural or legal person, or unincorporated body which alone or jointly with others determines the purposes of the processing of data within the framework of law or binding legislation of the European Union, makes decisions regarding data processing (including the means) and implements such decisions itself or engages a data processor to execute them.
- Disclosure by transmission shall mean making data available to a specific third party.
- Erasure of data shall mean the destruction or elimination of data sufficient to make them irretrievable.
- Personal data breach shall mean a breach of data security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
- Interested person shall mean a natural or legal person, who is interested in the services provided by the Service Provider, but did not conclude a service agreement with the Service Provider.
- Data subject shall mean the Client the employees of the Client, Interested Persons and the guests entering into the territory of House of Business office.
- GDPR shall mean regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- Authority: shall mean the Hungarian National Authority for Data Protection and Freedom of Information (Seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/c, Postal address:1530 Budapest, P.O. Box.: 5.).
- Consent shall mean any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which the data subject, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
- Data Protection Act shall mean Act CXII of 2011 on the right of informational Self-Determination and on Freedom of Information.
- Service Provider shall mean House of Business Capital Square Korlátolt Felelősségű Társaság (Company Registry Number.: 01-09-377030, Seat: 1133 Budapest, Váci út 76., e-mail: capitalsquare@houseofbusiness.com).
- Public disclosure shall mean making data available to the general public.
- Webpage shall mean the https://www.houseofbusiness.com/ page.
- Hungarian Civil Code shall mean Act V of 2013 on the civil code.
- Personal data shall mean any information relating to the data subject, in particular by reference to his name, an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity, and any reference drawn from such information pertaining to the data subject.
- Client shall mean a natural or legal person who has entered into a service agreement with Service Provider.
- Principles relating to controlling of personal data
- Personal data shall be
- controlled lawfully, fairly and in a transparent manner in relation to the Data subject (principle of lawfulness, fairness and transparency);
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (principle of purpose limitation);
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (principle of data minimisation);
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (principle of accuracy);
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; (principle of storage limitation);
- controlled in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (principle of integrity and confidentiality);
- The Controller shall be responsible for, and be able to demonstrate compliance with Section 2.1.1.-2.1.6. of the Privacy Policy.
- Data controlling concluded by the Service Provider
|
Data control 1. |
Controlled data |
In all cases: Name, e-mail address, phone number, postal address, place and date of birth, mother’s maiden name, ID card number, the contracted services and pertaining service fees, (In case of contract concluded with legal person): Position, Tax number, registration number, in case of private entrepreneurs tax number and registration number |
Purpose of data controlling |
Making offer, negotiating about the contract, conclusion of the contract |
Legal basis of the data control |
GDPR Article 6 (1) b) – Controlling is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract |
Planned time of the data control |
Until the 15thday after the termination of the contract |
Data subjects |
Clients and their representatives/contact persons |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, capitalsquare@houseofbusiness.com |
Are the data transmitted? |
For the accountant after the conclusion of the contract; To the auditor once a year; upon official request to the authorities |
Are the data processed |
Accountant, auditor |
Purpose of data procession (if applicable) |
In order to comply with legal accounting and auditing obligation |
Form and place of storage |
The controlled data are stored in encrypted form in a central client database on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled. The security backups are also encrypted. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 2. |
Controlled data |
Client/employee name, related company name, scope of authorization, card number |
Purpose of data controlling |
Creating an access card and ensuring that only authorized persons can enter the premises of the office building |
Legal basis of the data control |
GDPR Article 6 (1) f) Enforcing legitimate interests pursued by the controller and Article 32 Act CXXXIII. of 2005 (Security Services Act) |
Planned time of the data control |
Until the 15thday after the card is being returned |
Data subjects |
Clients and their employees |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, capitalsquare@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in encrypted form on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 3. |
Controlled data |
Name, e-mail address, delivery address, amount of debt and related invoices (in case of a legal entity): position in the organization |
Purpose of data controlling |
Managing client data for debt collection purposes |
Legal basis of the data control |
GDPR Article 6 (1) f): Enforcing the legitimate interests pursued by the controller |
Planned time of the data control |
Until the debt is settled or until the statue of limitation of civil law claims related to the debt (the latter is typically 5 years) |
Data subjects |
Clients and their representatives and contact persons |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, capitalsquare@houseofbusiness.com |
Are the data transmitted? |
Yes, for the legal representative |
Are the data processed |
Authorized legal representative of the Service Provider |
Purpose of data procession (if applicable) |
Recovery of receivables |
Form and place of storage |
The controlled data are stored in encrypted form in a central debt collection database and in the mail system on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data |
Employees of Service Provider, authorized legal representative of the Service Provider |
|
Data control 4. |
Controlled data |
Contact person’s name, e‐mail address, phone number, subject of contact (in the case of a legal person): related company name |
Purpose of data controlling |
Upon request of Data subject, sending price offer and information about the Service Provider’s services for the purpose of concluding a contract |
Legal basis of the data control |
GDPR Article 6 (1) a): Consent of data subject |
Planned time of the data control |
If the data subject does not become a Client of the Service Provider, until the settlement of the negotiating phase, if the data subject becomes a Client of the organization, the 1st data control operation (see above) shall take place from the conclusion of the contract (Conclusion of the Customer Contract) |
Data subjects |
Interested persons regarding the services of the Service Provider |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, capitalsquare@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in encrypted form in the mail system of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 5. |
Controlled data |
Name, e ‐ mail address |
Purpose of data controlling |
Sending materials for marketing purposes in order to promote the services of the Service Provider |
Legal basis of the data control |
GDPR Article 6 (1) a): Consent of data subject |
Planned time of the data control |
Until withdrawal of consent |
Data subjects |
Clients and Interested persons in the services of the Service Provider |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, capitalsquare@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in encrypted form in a central client database (operate system) and in the mail system on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 6. |
Controlled data |
Name, e‐mail address |
Purpose of data controlling |
Informing Clients of important information related to the Services |
Legal basis of the data control |
GDPR Article 6 (1) b): Performance of contract |
Planned time of the data control |
Until the 15th day after the termination of the legal relationship with the Client |
Data subjects |
Clients and their contact persons |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, capitalsquare@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in encrypted form in a central client database (operate system) and in the mail system on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 7. |
Controlled data |
Client/employee (consignee) name, date of receipt, name and address of consignor, consignment tracking number |
Purpose of data controlling |
Keeping records in order to trace which Client/employee received consignment from whom and when |
Legal basis of the data control |
GDPR Article 6 (1) b): Performance of contract |
Planned time of the data control |
For 1 year after the receipt of the consignment, in order to confirm the receipt and traceability of the consignments |
Data subjects |
Clients and their employees, consignees |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, capitalsquare@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
In the postal register related to the filing of incoming documents, on paper, in a closed cabinet. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 8. Filing of outgoing documents for invoicing purposes |
Controlled data |
For both postal and courier items: Client/employee name, address, date of dispatch, consignee’s name, consignment tracking number (identification number) In the case of courier services, the following as well: consignee’s name, phone number, e-mail address |
Purpose of data controlling |
Keeping records in order to invoice the costs of outgoing mails to the Client; and, in the case of courier, all contact details required for an effective delivery |
Legal basis of the data control |
GDPR Article 6 (1) b): Performance of Contract GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Invoicing) |
Planned time of the data control |
Until the 30th day after the end of the month to which the invoice relates, if invoice containing the costs of the letter is paid. In the event of default, until the end of the debt collection procedure In the case of courier items contact data controlled will be deleted 15 days after successful delivery. |
Data subjects |
Clients and their employees, consignees |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, capitalsquare@houseofbusiness.com |
Are the data transmitted? |
Yes, with the purpose of sending mail, courier items |
Are the data processed |
Mail Services Kft., MBE Hungary Kft., Courier service |
Purpose of data procession |
Posting of letters, packages |
Form and place of storage |
The controlled data are stored in encrypted form in a central client database (operate system) and in the mail system on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. The contact data required for the delivery of courier items will only be indicated on the item and will be forwarded to the courier service immediately for delivery. |
Persons entitled to know the data |
Employees of Service Provider, Mail Services Kft., MBE Hungary Kft., Courier service |
|
Data control 9. |
Controlled data |
Client name, phone number, detailed call log / detailed call list |
Purpose of data controlling |
Keeping records of call expenses for Clients who requested IP-based phone system service, operating the connection between the central phone and the extensions |
Legal basis of the data control |
GDPR Article 6 (1) b): Performance of Contract GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Invoicing) |
Planned time of the data control |
Until the 30th day after the end of the month to which the invoice relates, if the invoice containing the costs of the calls are paid. In the event of default, until the end of the debt collection procedure. |
Data subjects |
Clients |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, capitalsquare@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in encrypted form in a central client database (operate system) on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. The summary of the call lists arrives from the telecommunication service provider to the Service Provider on paper, in aggregate form. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 10. |
Controlled data |
Client name, date of meeting room use, duration, number of participants |
Purpose of data controlling |
Keeping records of the costs of Clients who requested rental service regarding the meeting rooms, for invoicing purposes |
Legal basis of the data control |
GDPR Article 6 (1) b): Performance of Contract GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Invoicing) |
Planned time of the data control |
Until the 30th day after the end of the month to which the invoice relates, if the invoice containing the meeting room rental fees is paid. In the event of default, until the end of the debt collection procedure |
Data subjects |
Clients |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, capitalsquare@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in encrypted form in a central client database (operate system) on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 11. |
Controlled data |
Client name, date of private office use |
Purpose of data controlling |
Keeping records of the costs of Clients who requested rental service regarding private offices, for invoicing purposes |
Legal basis of the data control |
GDPR Article 6 (1) b): Performance of Contract GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Invoicing) |
Planned time of the data control |
Until the 30th day after the end of the month to which the invoice relates, if the invoice containing the private office fees is paid. In the event of default, until the end of the debt collection procedure. |
Data subjects |
Clients |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, capitalsquare@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in encrypted form in a central client database (operate system) on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 12. |
Controlled data |
Name, number of printed/scanned pages (the Service Provider does not have access to the content of the scanned / printed document) |
Purpose of data controlling |
Keeping records of the costs of Clients who requested service regarding printing/scanning, for invoicing purposes |
Legal basis of the data control |
GDPR Article 6 (1) b): Performance of Contract GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Invoicing) |
Planned time of the data control |
Until the 30th day after the end of the month to which the invoice relates, if the invoice containing the costs of printing/scanning is paid. In the event of default, until the end of the debt collection procedure. |
Data subjects |
Clients |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, capitalsquare@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in a cloud-based electronic system. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 13. |
Controlled data |
Personal data provided by the Client with consent |
Purpose of data controlling |
Administrative assistance given to Client (for printing, scanning etc.), only in exceptional cases and only at the express request of the Client |
Legal basis of the data control |
GDPR Article 6 (1) a): Consent of data subject |
Planned time of the data control |
If administrative assistance is not required for invoicing, the data will be deleted immediately after the assistance is performed. If the assistance is related to invoicing, until the 30th day after the end of the month to which the assistance relates, if the invoice containing the costs of the assistance is paid. In the event of default, until the end of the debt collection procedure. |
Data subjects |
Clients |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, capitalsquare@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in the form of which was made available by the Client. The controlled data are stored in encrypted form in a central client database (operate system) on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 14. |
Controlled data |
Name, contact information, decision, submission, registration data |
Purpose of data controlling |
Compliance with the obligation to register the exercise of data subject rights in accordance with GDPR (cp. Article 5 (2) and Article 12) |
Legal basis of the data control |
GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject |
Planned time of the data control |
For 5 years after the request is processed |
Data subjects |
Individuals requesting data subject access rights |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, capitalsquare@houseofbusiness.com |
Are the data transmitted? |
Only for the authorities upon authority request |
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in electronic form on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data |
Employees of Service Provider, the authority upon request of authorities |
|
Data control 15. |
Controlled data |
Client name, additional service used and its remuneration Additional services: Exit painting, costs of construction works, kitchen services, internet service, administrative support, furniture sales, furniture rental, furniture delivery, Catering service, Envelope, CD, Scotch tape, battery, DVD, etiquette label, genotherm, rubber folder, extension cord, internet cable, corrector, staple folder, stapler set, copy paper, Post it, staple purchase, Mineral water purchase, plant rental and care, lamination, spiralling |
Purpose of data controlling |
Invoicing for additional services used by the Clients |
Legal basis of the data control |
GDPR Article 6 (1) a): Consent of data subject GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Invoicing) |
Planned time of the data control |
Until the 30th day after the end of the month to which the invoice relates, if the invoice containing the costs of the additional services is paid. In the event of default, until the end of the claim management procedure. |
Data subjects |
Clients |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, capitalsquare@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in encrypted form in a central client database (operate system) on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 16. |
Controlled data |
Client name, seat/ address, e-mail address, tax number, services used, date of invoice and execution, payment deadline, amount payable |
Purpose of data controlling |
Compliance with invoicing obligation in accordance with the laws |
Legal basis of the data control |
GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject |
Planned time of the data control |
For 8 years after the invoice has been issued in line with Accounting Act (currently Article 169 Act C of 2000) |
Data subjects |
Clients |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, capitalsquare@houseofbusiness.com |
Are the data transmitted? |
Yes, for the accountant and the Tax Authority (in order to comply with legal obligation) |
Are the data processed |
Accountant |
Purpose of data procession |
In order to comply with legal invoicing and bookkeeping obligation |
Form and place of storage |
Electronically in the szamlazz.hu system and in the mail system of the Service Provider. For those Clients who do not accept electronic invoices, the invoices are issued and stored on paper. |
Persons entitled to know the data |
Employees of Service Provider, Accountant, Tax Authority |
|
Data control 17. |
Controlled data |
Natural identification data of the managing director/ representative and the beneficial owner, citizenship, address, type and number of identification document, in the case of delivery agent its name and address; in the case of managing director/representative a copy of the identity card and a copy of the address card’s side which does not include the personal identification number; in the case of beneficial owner, the nature and extent of the ownership interest, and if (s)he qualifies as a politically exposed person. |
Purpose of data controlling |
Compliance with the obligations under the legislation on registered seat address service and money laundering |
Legal basis of the data control |
GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Compliance with obligations under the Money Laundering Act) |
Planned time of the data control |
For 8 years after the termination of virtual office/registered seat address service contract in line with Money Laundering Act |
Data subjects |
Managing director/representative and the beneficial owner of the Clients, and the delivery agent of a member/managing director of a legal entity |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, capitalsquare@houseofbusiness.com |
Are the data transmitted? |
Only to the competent authority upon official request |
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
On paper in accordance with the Service Provider’s internal regulations in line with the Money Laundering Act. The registered documents are stored in separate folders belonging to each Client, separated from the other documents of the Client. |
Persons entitled to know the data |
Employees of Service Provider, authorities upon request |
|
Data control 18. |
Controlled data |
During the operation of the Camera Systems, the portrait (moving image) and actions of the Data subjects who appear in the field of view of the cameras will be monitored and recorded. The camera system does not record any sound. |
Purpose of data controlling |
The camera system installed in the territory of House of Business is solely for the purpose of protection of human life, physical integrity, personal freedom, prevention and proof of violations, and to protect the property of House of Business and the Clients. It is probable that the detection of violations and the actions of perpetrators, and the prevention and proof of these violent acts cannot be achieved by any other methods. The purpose of data control is not to monitor the behaviour and habits of people in the premises of House of Business. |
Legal basis of the data control |
GDPR Article 6 (1) f): Enforcing the legitimate interests pursued by the controller |
Planned time of the data control |
The portrait (moving image) or actions of Data subject recorded during the operation of the camera system will be stored for 15 days after the recording, the recordings will be automatically deleted afterwards – except for the case of use. Use is considered to be the use of the recorded image and other Personal Data as evidence in court or other official proceedings due to suspicion of a crime, violation of the law, unlawful conduct or damage, and if the Data subject wishes to inspect the recordings concerning himself/herself. |
Prior notice of data control |
Those wishing to enter or stay on the premises of House of Business will be informed in advance of the data controlled related to the camera system, the rights of Data subjects and of the identity and contact details of the operator.
|
Data subjects |
Clients and their employees, guests and all persons entering the premises of House of Business |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, capitalsquare@houseofbusiness.com |
Are the data transmitted? |
For the court or authority upon request |
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in electronic form on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled. The security backups are also encrypted. |
Persons entitled to know the data |
The operator of the camera system and the managing director of the Service Provider. The operator of the camera system shall be a person specified in the Security Services Act.
A report shall be drawn up on the inspection of the recordings made by the camera system, which shall contain the data necessary in order to identify the recording, the name of the person who is entitled to know the data, as well as the purpose and time of access to the data. |
- Disposal of personal data
- If any changes occur in the controlled Personal Data, we ask the Data subjects to notify the Service Provider of the changes within 3 days, in order to ensure the data’s accuracy. In case the Data subject fails to notify the Service Provider of change, the Service Provider is not responsible for the accuracy of the data.
- Any request regarding personal data deletion shall be submitted to the Service Provider (via e-mail or in writing)
- Once the request to delete or modify personal data has been fulfilled, the previous (deleted) data can no longer be recovered.
- Rights of Data subjects regarding personal data control
Data subjects have the following rights in regards with data control
- Right of access: the Data Subject shall request information on the controlled data, the purpose and time of data controlling and to whom the data is transferred, as well as the source of the controlled data.
- Right to rectification: in case of change in the data of the Data subject, inaccurate or incomplete data recording, the Data subject shall have right to request correction, rectification or clarification.
- Right to erasure: Data Subject shall request the erasure of his/her Personal data in the cases described in the Data Protection Act and the GDPR.
- Right to restriction of controlling: Data Subject shall request the restriction of Personal data control in the cases described in Data Protection Act and the GDPR.
- If a request set forth in Section 5.1-5.4. has been submitted, the Controller shall act in accordance with the provisions of the Data Protection Act and the GDPR and shall inform the Data Subject within one month of the measures taken on the basis of the request.
- Right to withdraw consent: Data subject is entitled to withdraw Consent given for the controlling of Personal data which is controlled on the basis of Consent at any time, which, however, does not affect the lawfulness of the data control prior to the withdrawal.
- Right to lodge a complaint: Data Subject is entitled to submit a complaint to the competent supervisory Authority (see section 1.12.) in case of a violation regarding the controlling of Personal data.
- Right to remedy: Further the Data Subject is also entitled to bring an action against the Controller in front of the court in the event of a breach regarding personal data protection.
- Right to object: Data subject shall have the right to object to the Personal data control based on Article 6 (1) e) or f) of GDPR at any time, including profiling based on the mentioned provisions.
- Occurrence of Personal data breach
- In the event of Personal data breach Controller shall notify the Authority without undue delay and, if possible, within 72 hours after becoming aware of the breach, unless the Personal data breach is not likely to pose a risk to the rights and freedoms of natural persons. If the notification does not happen within 72 hours, the cause for the delay must be attached as well.
- The Data Processor shall notify the Controller of the Personal data breach without undue delay after becoming aware of the breach.
- If the Personal data breach is likely to pose a high risk to the rights and freedoms of natural persons, the Controller shall, without undue delay, inform the Data subject of the Personal data breach.
- Anonymous user IDs (cookies), data control for statistical purposes
- The Webpage uses anonymous user IDs (cookies) to increase the quality of the use and to make the use of the Webpage easier for visitors. (An anonymous user ID – cookie – is a series of tokens suitable for unique computer identification and storage of profile information, which is placed on the User’s computer by the service providers. The token itself cannot identify the User in any way, it is only suitable for recognizing the computer.) If you prefer the anonymous user ID to not be placed on your computer, you can configure your browser so that it does not allow them to be placed. In this case, however, you may not be able to have access to some services or not in the form in which you allow the placement of anonymous user IDs.
- The Service Provider collects anonymous information and data on the Webpage for statistical purposes. This information relates to an unidentified or unidentifiable natural person and to personal data which have been anonymised in such a way that the data subject is either not identified or can no longer be identified. The provisions of GDPR does not cover the control of these information [see recital 26 of GDRP].
- Data security measures
- During managing documents, the access to each document and data shall be restricted to the persons listed in the last rows of the tables published in section 3.
- Regarding physical data security, the Service Provider ensures the proper closing and protection of its doors and windows. Only those who duly substantiate their legal interest may inspect the documents.
- The premises in which data storage devices are placed have been designed by the Service Provider in a way that they are suitable to provide sufficient security against unauthorized or violent intrusion, fire or natural disaster.
- Assistance, comments, complaint handling
- Assistance to the Data subject regarding data control and securing Personal data rights is provided by the person designated as the Data Protection Officer at the Controller.
- Right of amendment
- The Service Provider reserves the right to unilaterally amend the Privacy Policy by informing Data subjects on the Webpage or via e-mail. The Service Provider shall publish the amended Privacy Policy on the Webpage on the tenth (10th) day before the amended Privacy Policy enters into force.
[Date]
- Definitions:
- Data processing data processing’ shall mean the technical operations involved in data control, irrespective of the method and instruments employed for such operations and the venue where it takes place, provided that such technical operations are carried out on the data.
- Data processor shall mean a natural or legal person or unincorporated organization that is engaged in processing operations within the framework of and under the conditions set out by law, acting on the controller’s behalf or following the controller’s instructions.
- Controlling of data shall mean any operation or set of operations that is performed upon data, whether or not by automatic means, such as in particular collection, recording, organization, storage, adaptation or alteration, use, retrieval, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction, and blocking them from further use, photographing, sound and video recording, and the recording of physical attributes for identification purposes (such as fingerprints and palm prints, DNA samples and retinal images).
- Privacy Policy shall mean the present regulations.
- Controller shall mean the natural or legal person, or unincorporated body which alone or jointly with others determines the purposes of the processing of data within the framework of law or binding legislation of the European Union, makes decisions regarding data processing (including the means) and implements such decisions itself or engages a data processor to execute them.
- Disclosure by transmission shall mean making data available to a specific third party.
- Erasure of data shall mean the destruction or elimination of data sufficient to make them irretrievable.
- Personal data breach shall mean a breach of data security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
- Interested person shall mean a natural or legal person, who is interested in the services provided by the Service Provider, but did not conclude a service agreement with the Service Provider.
- Data subject shall mean the Client the employees of the Client, Interested Persons and the guests entering into the territory of House of Business office.
- GDPR shall mean regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- Authority: shall mean the Hungarian National Authority for Data Protection and Freedom of Information (Seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/c, Postal address:1530 Budapest, P.O. Box.: 5.).
- Consent shall mean any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which the data subject, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
- Data Protection Act shall mean Act CXII of 2011 on the right of informational Self-Determination and on Freedom of Information.
- Service Provider shall mean House of Business Roosevelt Korlátolt Felelősségű Társaság (Company Registry Number.: 01-09-275401, Seat: 1051 Budapest, Széchenyi István tér 7-8., e-mail: roosevelt@houseofbusiness.com).
- Public disclosure shall mean making data available to the general public.
- Webpage shall mean the https://www.houseofbusiness.com/ page.
- Hungarian Civil Code shall mean Act V of 2013 on the civil code.
- Personal data shall mean any information relating to the data subject, in particular by reference to his name, an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity, and any reference drawn from such information pertaining to the data subject.
- Client shall mean a natural or legal person who has entered into a service agreement with Service Provider.
- Principles relating to controlling of personal data
- Personal data shall be
- controlled lawfully, fairly and in a transparent manner in relation to the Data subject (principle of lawfulness, fairness and transparency);
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (principle of purpose limitation);
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (principle of data minimisation);
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (principle of accuracy);
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; (principle of storage limitation);
- controlled in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (principle of integrity and confidentiality);
- The Controller shall be responsible for, and be able to demonstrate compliance with Section 2.1.1.-2.1.6. of the Privacy Policy.
- Data controlling concluded by the Service Provider
|
Data control 1. |
Controlled data |
In all cases: Name, e-mail address, phone number, postal address, place and date of birth, mother’s maiden name, ID card number, the contracted services and pertaining service fees, (In case of contract concluded with legal person): Position, Tax number, registration number, in case of private entrepreneurs tax number and registration number |
Purpose of data controlling |
Making offer, negotiating about the contract, conclusion of the contract |
Legal basis of the data control |
GDPR Article 6 (1) b) – Controlling is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract |
Planned time of the data control |
Until the 15thday after the termination of the contract |
Data subjects |
Clients and their representatives/contact persons |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, roosevelt@houseofbusiness.com |
Are the data transmitted? |
For the accountant after the conclusion of the contract; To the auditor once a year; upon official request to the authorities |
Are the data processed |
Accountant, auditor |
Purpose of data procession (if applicable) |
In order to comply with legal accounting and auditing obligation |
Form and place of storage |
The controlled data are stored in encrypted form in a central client database on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled. The security backups are also encrypted. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 2. |
Controlled data |
Client/employee name, related company name, scope of authorization, card number |
Purpose of data controlling |
Creating an access card and ensuring that only authorized persons can enter the premises of the office building |
Legal basis of the data control |
GDPR Article 6 (1) f) Enforcing legitimate interests pursued by the controller and Article 32 Act CXXXIII. of 2005 (Security Services Act) |
Planned time of the data control |
Until the 15thday after the card is being returned |
Data subjects |
Clients and their employees |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, roosevelt@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in encrypted form on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 3. |
Controlled data |
Name, e-mail address, delivery address, amount of debt and related invoices (in case of a legal entity): position in the organization |
Purpose of data controlling |
Managing client data for debt collection purposes |
Legal basis of the data control |
GDPR Article 6 (1) f): Enforcing the legitimate interests pursued by the controller |
Planned time of the data control |
Until the debt is settled or until the statue of limitation of civil law claims related to the debt (the latter is typically 5 years) |
Data subjects |
Clients and their representatives and contact persons |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, roosevelt@houseofbusiness.com |
Are the data transmitted? |
Yes, for the legal representative |
Are the data processed |
Authorized legal representative of the Service Provider |
Purpose of data procession (if applicable) |
Recovery of receivables |
Form and place of storage |
The controlled data are stored in encrypted form in a central debt collection database and in the mail system on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data |
Employees of Service Provider, authorized legal representative of the Service Provider |
|
Data control 4. |
Controlled data |
Contact person’s name, e‐mail address, phone number, subject of contact (in the case of a legal person): related company name |
Purpose of data controlling |
Upon request of Data subject, sending price offer and information about the Service Provider’s services for the purpose of concluding a contract |
Legal basis of the data control |
GDPR Article 6 (1) a): Consent of data subject |
Planned time of the data control |
If the data subject does not become a Client of the Service Provider, until the settlement of the negotiating phase, if the data subject becomes a Client of the organization, the 1st data control operation (see above) shall take place from the conclusion of the contract (Conclusion of the Customer Contract) |
Data subjects |
Interested persons regarding the services of the Service Provider |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, roosevelt@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in encrypted form in the mail system of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 5. |
Controlled data |
Name, e ‐ mail address |
Purpose of data controlling |
Sending materials for marketing purposes in order to promote the services of the Service Provider |
Legal basis of the data control |
GDPR Article 6 (1) a): Consent of data subject |
Planned time of the data control |
Until withdrawal of consent |
Data subjects |
Clients and Interested persons in the services of the Service Provider |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, roosevelt@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in encrypted form in a central client database (operate system) and in the mail system on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 6. |
Controlled data |
Name, e‐mail address |
Purpose of data controlling |
Informing Clients of important information related to the Services |
Legal basis of the data control |
GDPR Article 6 (1) b): Performance of contract |
Planned time of the data control |
Until the 15th day after the termination of the legal relationship with the Client |
Data subjects |
Clients and their contact persons |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, roosevelt@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in encrypted form in a central client database (operate system) and in the mail system on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 7. |
Controlled data |
Client/employee (consignee) name, date of receipt, name and address of consignor, consignment tracking number |
Purpose of data controlling |
Keeping records in order to trace which Client/employee received consignment from whom and when |
Legal basis of the data control |
GDPR Article 6 (1) b): Performance of contract |
Planned time of the data control |
For 1 year after the receipt of the consignment, in order to confirm the receipt and traceability of the consignments |
Data subjects |
Clients and their employees, consignees |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, roosevelt@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
In the postal register related to the filing of incoming documents, on paper, in a closed cabinet. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 8. Filing of outgoing documents for invoicing purposes |
Controlled data |
For both postal and courier items: Client/employee name, address, date of dispatch, consignee’s name, consignment tracking number (identification number) In the case of courier services, the following as well: consignee’s name, phone number, e-mail address |
Purpose of data controlling |
Keeping records in order to invoice the costs of outgoing mails to the Client; and, in the case of courier, all contact details required for an effective delivery |
Legal basis of the data control |
GDPR Article 6 (1) b): Performance of Contract GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Invoicing) |
Planned time of the data control |
Until the 30th day after the end of the month to which the invoice relates, if invoice containing the costs of the letter is paid. In the event of default, until the end of the debt collection procedure In the case of courier items contact data controlled will be deleted 15 days after successful delivery. |
Data subjects |
Clients and their employees, consignees |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, roosevelt@houseofbusiness.com |
Are the data transmitted? |
Yes, with the purpose of sending mail, courier items |
Are the data processed |
Mail Services Kft., MBE Hungary Kft., Courier service |
Purpose of data procession |
Posting of letters, packages |
Form and place of storage |
The controlled data are stored in encrypted form in a central client database (operate system) and in the mail system on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. The contact data required for the delivery of courier items will only be indicated on the item and will be forwarded to the courier service immediately for delivery. |
Persons entitled to know the data |
Employees of Service Provider, Mail Services Kft., MBE Hungary Kft., Courier service |
|
Data control 9. |
Controlled data |
Client name, phone number, detailed call log / detailed call list |
Purpose of data controlling |
Keeping records of call expenses for Clients who requested IP-based phone system service, operating the connection between the central phone and the extensions |
Legal basis of the data control |
GDPR Article 6 (1) b): Performance of Contract GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Invoicing) |
Planned time of the data control |
Until the 30th day after the end of the month to which the invoice relates, if the invoice containing the costs of the calls are paid. In the event of default, until the end of the debt collection procedure. |
Data subjects |
Clients |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, roosevelt@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in encrypted form in a central client database (operate system) on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. The summary of the call lists arrives from the telecommunication service provider to the Service Provider on paper, in aggregate form. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 10. |
Controlled data |
Client name, date of meeting room use, duration, number of participants |
Purpose of data controlling |
Keeping records of the costs of Clients who requested rental service regarding the meeting rooms, for invoicing purposes |
Legal basis of the data control |
GDPR Article 6 (1) b): Performance of Contract GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Invoicing) |
Planned time of the data control |
Until the 30th day after the end of the month to which the invoice relates, if the invoice containing the meeting room rental fees is paid. In the event of default, until the end of the debt collection procedure |
Data subjects |
Clients |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, roosevelt@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in encrypted form in a central client database (operate system) on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 11. |
Controlled data |
Client name, date of private office use |
Purpose of data controlling |
Keeping records of the costs of Clients who requested rental service regarding private offices, for invoicing purposes |
Legal basis of the data control |
GDPR Article 6 (1) b): Performance of Contract GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Invoicing) |
Planned time of the data control |
Until the 30th day after the end of the month to which the invoice relates, if the invoice containing the private office fees is paid. In the event of default, until the end of the debt collection procedure. |
Data subjects |
Clients |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, roosevelt@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in encrypted form in a central client database (operate system) on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 12. |
Controlled data |
Name, number of printed/scanned pages (the Service Provider does not have access to the content of the scanned / printed document) |
Purpose of data controlling |
Keeping records of the costs of Clients who requested service regarding printing/scanning, for invoicing purposes |
Legal basis of the data control |
GDPR Article 6 (1) b): Performance of Contract GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Invoicing) |
Planned time of the data control |
Until the 30th day after the end of the month to which the invoice relates, if the invoice containing the costs of printing/scanning is paid. In the event of default, until the end of the debt collection procedure. |
Data subjects |
Clients |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, roosevelt@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in a cloud-based electronic system. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 13. |
Controlled data |
Personal data provided by the Client with consent |
Purpose of data controlling |
Administrative assistance given to Client (for printing, scanning etc.), only in exceptional cases and only at the express request of the Client |
Legal basis of the data control |
GDPR Article 6 (1) a): Consent of data subject |
Planned time of the data control |
If administrative assistance is not required for invoicing, the data will be deleted immediately after the assistance is performed. If the assistance is related to invoicing, until the 30th day after the end of the month to which the assistance relates, if the invoice containing the costs of the assistance is paid. In the event of default, until the end of the debt collection procedure. |
Data subjects |
Clients |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, roosevelt@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in the form of which was made available by the Client. The controlled data are stored in encrypted form in a central client database (operate system) on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 14. |
Controlled data |
Name, contact information, decision, submission, registration data |
Purpose of data controlling |
Compliance with the obligation to register the exercise of data subject rights in accordance with GDPR (cp. Article 5 (2) and Article 12) |
Legal basis of the data control |
GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject |
Planned time of the data control |
For 5 years after the request is processed |
Data subjects |
Individuals requesting data subject access rights |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, roosevelt@houseofbusiness.com |
Are the data transmitted? |
Only for the authorities upon authority request |
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in electronic form on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data |
Employees of Service Provider, the authority upon request of authorities |
|
Data control 15. |
Controlled data |
Client name, additional service used and its remuneration Additional services: Exit painting, costs of construction works, kitchen services, internet service, administrative support, furniture sales, furniture rental, furniture delivery, Catering service, Envelope, CD, Scotch tape, battery, DVD, etiquette label, genotherm, rubber folder, extension cord, internet cable, corrector, staple folder, stapler set, copy paper, Post it, staple purchase, Mineral water purchase, plant rental and care, lamination, spiralling |
Purpose of data controlling |
Invoicing for additional services used by the Clients |
Legal basis of the data control |
GDPR Article 6 (1) a): Consent of data subject GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Invoicing) |
Planned time of the data control |
Until the 30th day after the end of the month to which the invoice relates, if the invoice containing the costs of the additional services is paid. In the event of default, until the end of the claim management procedure. |
Data subjects |
Clients |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, roosevelt@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in encrypted form in a central client database (operate system) on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 16. |
Controlled data |
Client name, seat/ address, e-mail address, tax number, services used, date of invoice and execution, payment deadline, amount payable |
Purpose of data controlling |
Compliance with invoicing obligation in accordance with the laws |
Legal basis of the data control |
GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject |
Planned time of the data control |
For 8 years after the invoice has been issued in line with Accounting Act (currently Article 169 Act C of 2000) |
Data subjects |
Clients |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, roosevelt@houseofbusiness.com |
Are the data transmitted? |
Yes, for the accountant and the Tax Authority (in order to comply with legal obligation) |
Are the data processed |
Accountant |
Purpose of data procession |
In order to comply with legal invoicing and bookkeeping obligation |
Form and place of storage |
Electronically in the szamlazz.hu system and in the mail system of the Service Provider. For those Clients who do not accept electronic invoices, the invoices are issued and stored on paper. |
Persons entitled to know the data |
Employees of Service Provider, Accountant, Tax Authority |
|
Data control 17. |
Controlled data |
Natural identification data of the managing director/ representative and the beneficial owner, citizenship, address, type and number of identification document, in the case of delivery agent its name and address; in the case of managing director/representative a copy of the identity card and a copy of the address card’s side which does not include the personal identification number; in the case of beneficial owner, the nature and extent of the ownership interest, and if (s)he qualifies as a politically exposed person. |
Purpose of data controlling |
Compliance with the obligations under the legislation on registered seat address service and money laundering |
Legal basis of the data control |
GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Compliance with obligations under the Money Laundering Act) |
Planned time of the data control |
For 8 years after the termination of virtual office/registered seat address service contract in line with Money Laundering Act |
Data subjects |
Managing director/representative and the beneficial owner of the Clients, and the delivery agent of a member/managing director of a legal entity |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, roosevelt@houseofbusiness.com |
Are the data transmitted? |
Only to the competent authority upon official request |
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
On paper in accordance with the Service Provider’s internal regulations in line with the Money Laundering Act. The registered documents are stored in separate folders belonging to each Client, separated from the other documents of the Client. |
Persons entitled to know the data |
Employees of Service Provider, authorities upon request |
|
Data control 18. |
Controlled data |
During the operation of the Camera Systems, the portrait (moving image) and actions of the Data subjects who appear in the field of view of the cameras will be monitored and recorded. The camera system does not record any sound. |
Purpose of data controlling |
The camera system installed in the territory of House of Business is solely for the purpose of protection of human life, physical integrity, personal freedom, prevention and proof of violations, and to protect the property of House of Business and the Clients. It is probable that the detection of violations and the actions of perpetrators, and the prevention and proof of these violent acts cannot be achieved by any other methods. The purpose of data control is not to monitor the behaviour and habits of people in the premises of House of Business. |
Legal basis of the data control |
GDPR Article 6 (1) f): Enforcing the legitimate interests pursued by the controller |
Planned time of the data control |
The portrait (moving image) or actions of Data subject recorded during the operation of the camera system will be stored for 15 days after the recording, the recordings will be automatically deleted afterwards – except for the case of use. Use is considered to be the use of the recorded image and other Personal Data as evidence in court or other official proceedings due to suspicion of a crime, violation of the law, unlawful conduct or damage, and if the Data subject wishes to inspect the recordings concerning himself/herself. |
Prior notice of data control |
Those wishing to enter or stay on the premises of House of Business will be informed in advance of the data controlled related to the camera system, the rights of Data subjects and of the identity and contact details of the operator.
|
Data subjects |
Clients and their employees, guests and all persons entering the premises of House of Business |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, roosevelt@houseofbusiness.com |
Are the data transmitted? |
For the court or authority upon request |
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in electronic form on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled. The security backups are also encrypted. |
Persons entitled to know the data |
The operator of the camera system and the managing director of the Service Provider. The operator of the camera system shall be a person specified in the Security Services Act.
A report shall be drawn up on the inspection of the recordings made by the camera system, which shall contain the data necessary in order to identify the recording, the name of the person who is entitled to know the data, as well as the purpose and time of access to the data. |
|
Data control 19. |
Controlled data |
License plate, duration of parking |
Purpose of data controlling |
Administrative assistance for the Client in order to provide parking space for the Client’s guests |
Legal basis of the data control |
GDPR Article 6 (1) a): Consent of data subject |
Planned time of the data control |
Until the 5th working day after leaving the parking lot |
Data subjects |
Clients |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, roosevelt@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored the form of which was made available by the Client (typically on paper or via e-mail in the mail system). |
Persons entitled to know the data |
Employees of Service Provider |
- Disposal of personal data
- If any changes occur in the controlled Personal Data, we ask the Data subjects to notify the Service Provider of the changes within 3 days, in order to ensure the data’s accuracy. In case the Data subject fails to notify the Service Provider of change, the Service Provider is not responsible for the accuracy of the data.
- Any request regarding personal data deletion shall be submitted to the Service Provider (via e-mail or in writing)
- Once the request to delete or modify personal data has been fulfilled, the previous (deleted) data can no longer be recovered.
- Rights of Data subjects regarding personal data control
Data subjects have the following rights in regards with data control
- Right of access: the Data Subject shall request information on the controlled data, the purpose and time of data controlling and to whom the data is transferred, as well as the source of the controlled data.
- Right to rectification: in case of change in the data of the Data subject, inaccurate or incomplete data recording, the Data subject shall have right to request correction, rectification or clarification.
- Right to erasure: Data Subject shall request the erasure of his/her Personal data in the cases described in the Data Protection Act and the GDPR.
- Right to restriction of controlling: Data Subject shall request the restriction of Personal data control in the cases described in Data Protection Act and the GDPR.
- If a request set forth in Section 5.1-5.4. has been submitted, the Controller shall act in accordance with the provisions of the Data Protection Act and the GDPR and shall inform the Data Subject within one month of the measures taken on the basis of the request.
- Right to withdraw consent: Data subject is entitled to withdraw Consent given for the controlling of Personal data which is controlled on the basis of Consent at any time, which, however, does not affect the lawfulness of the data control prior to the withdrawal.
- Right to lodge a complaint: Data Subject is entitled to submit a complaint to the competent supervisory Authority (see section 1.12.) in case of a violation regarding the controlling of Personal data.
- Right to remedy: Further the Data Subject is also entitled to bring an action against the Controller in front of the court in the event of a breach regarding personal data protection.
- Right to object: Data subject shall have the right to object to the Personal data control based on Article 6 (1) e) or f) of GDPR at any time, including profiling based on the mentioned provisions.
- Occurrence of Personal data breach
- In the event of Personal data breach Controller shall notify the Authority without undue delay and, if possible, within 72 hours after becoming aware of the breach, unless the Personal data breach is not likely to pose a risk to the rights and freedoms of natural persons. If the notification does not happen within 72 hours, the cause for the delay must be attached as well.
- The Data Processor shall notify the Controller of the Personal data breach without undue delay after becoming aware of the breach.
- If the Personal data breach is likely to pose a high risk to the rights and freedoms of natural persons, the Controller shall, without undue delay, inform the Data subject of the Personal data breach.
- Anonymous user IDs (cookies), data control for statistical purposes
- The Webpage uses anonymous user IDs (cookies) to increase the quality of the use and to make the use of the Webpage easier for visitors. (An anonymous user ID – cookie – is a series of tokens suitable for unique computer identification and storage of profile information, which is placed on the User’s computer by the service providers. The token itself cannot identify the User in any way, it is only suitable for recognizing the computer.) If you prefer the anonymous user ID to not be placed on your computer, you can configure your browser so that it does not allow them to be placed. In this case, however, you may not be able to have access to some services or not in the form in which you allow the placement of anonymous user IDs.
- The Service Provider collects anonymous information and data on the Webpage for statistical purposes. This information relates to an unidentified or unidentifiable natural person and to personal data which have been anonymised in such a way that the data subject is either not identified or can no longer be identified. The provisions of GDPR does not cover the control of these information [see recital 26 of GDRP].
- Data security measures
- During managing documents, the access to each document and data shall be restricted to the persons listed in the last rows of the tables published in section 3.
- Regarding physical data security, the Service Provider ensures the proper closing and protection of its doors and windows. Only those who duly substantiate their legal interest may inspect the documents.
- The premises in which data storage devices are placed have been designed by the Service Provider in a way that they are suitable to provide sufficient security against unauthorized or violent intrusion, fire or natural disaster.
- Assistance, comments, complaint handling
- Assistance to the Data subject regarding data control and securing Personal data rights is provided by the person designated as the Data Protection Officer at the Controller.
- Right of amendment
- The Service Provider reserves the right to unilaterally amend the Privacy Policy by informing Data subjects on the Webpage or via e-mail. The Service Provider shall publish the amended Privacy Policy on the Webpage on the tenth (10th) day before the amended Privacy Policy enters into force.
[Date]
- Definitions:
- Data processing data processing’ shall mean the technical operations involved in data control, irrespective of the method and instruments employed for such operations and the venue where it takes place, provided that such technical operations are carried out on the data.
- Data processor shall mean a natural or legal person or unincorporated organization that is engaged in processing operations within the framework of and under the conditions set out by law, acting on the controller’s behalf or following the controller’s instructions.
- Controlling of data shall mean any operation or set of operations that is performed upon data, whether or not by automatic means, such as in particular collection, recording, organization, storage, adaptation or alteration, use, retrieval, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction, and blocking them from further use, photographing, sound and video recording, and the recording of physical attributes for identification purposes (such as fingerprints and palm prints, DNA samples and retinal images).
- Privacy Policy shall mean the present regulations.
- Controller shall mean the natural or legal person, or unincorporated body which alone or jointly with others determines the purposes of the processing of data within the framework of law or binding legislation of the European Union, makes decisions regarding data processing (including the means) and implements such decisions itself or engages a data processor to execute them.
- Disclosure by transmission shall mean making data available to a specific third party.
- Erasure of data shall mean the destruction or elimination of data sufficient to make them irretrievable.
- Personal data breach shall mean a breach of data security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
- Interested person shall mean a natural or legal person, who is interested in the services provided by the Service Provider, but did not conclude a service agreement with the Service Provider.
- Data subject shall mean the Client the employees of the Client, Interested Persons and the guests entering into the territory of House of Business office.
- GDPR shall mean regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- Authority: shall mean the Hungarian National Authority for Data Protection and Freedom of Information (Seat: 1055 Budapest, Falk Miksa utca 9-11., Postal address:1363 Budapest, P.O. Box.: 9.).
- Consent shall mean any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which the data subject, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
- Data Protection Act shall mean Act CXII of 2011 on the right of informational Self-Determination and on Freedom of Information.
- Service Provider shall mean House of Business MOM Park Korlátolt Felelősségű Társaság (Company Registry Number.: 01-09-392031, Seat: 1123 Budapest, Alkotás utca 53. A. ép. 6. em., e-mail: mompark@houseofbusiness.com).
- Public disclosure shall mean making data available to the general public.
- Webpage shall mean the https://www.houseofbusiness.com/
- Hungarian Civil Code shall mean Act V of 2013 on the civil code.
- Personal data shall mean any information relating to the data subject, in particular by reference to his name, an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity, and any reference drawn from such information pertaining to the data subject.
- Client shall mean a natural or legal person who has entered into a service agreement with Service Provider.
- Principles relating to controlling of personal data
- Personal data shall be
- controlled lawfully, fairly and in a transparent manner in relation to the Data subject (principle of lawfulness, fairness and transparency);
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (principle of purpose limitation);
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (principle of data minimisation);
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (principle of accuracy);
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; (principle of storage limitation);
- controlled in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (principle of integrity and confidentiality);
- The Controller shall be responsible for, and be able to demonstrate compliance with Section 2.1.1.-2.1.6. of the Privacy Policy (“principle of accountability”).
- Personal data shall be
- Data controlling concluded by the Service Provider
|
Data control 1. |
Controlled data |
In all cases: Name, e-mail address, phone number, postal address, place and date of birth, mother’s maiden name, ID card number, the contracted services and pertaining service fees, (In case of contract concluded with legal person): Position, Tax number, registration number, in case of private entrepreneurs tax number and registration number |
Purpose of data controlling |
Making offer, negotiating about the contract, conclusion of the contract |
Legal basis of the data control |
GDPR Article 6 (1) b) – Controlling is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract |
Planned time of the data control |
Until the 15thday after the termination of the contract |
Data subjects |
Clients and their representatives/contact persons |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, mompark@houseofbusiness.com |
Are the data transmitted? |
For the accountant after the conclusion of the contract; To the auditor once a year; upon official request to the authorities |
Are the data processed |
Accountant, auditor |
Purpose of data procession (if applicable) |
In order to comply with legal accounting and auditing obligation |
Form and place of storage |
The controlled data are stored in encrypted form in a central client database on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled. The security backups are also encrypted. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 2. |
Controlled data |
Client/employee name, related company name, scope of authorization, card number |
Purpose of data controlling |
Creating an access card and ensuring that only authorized persons can enter the premises of the office building |
Legal basis of the data control |
GDPR Article 6 (1) f) Enforcing legitimate interests pursued by the controller and Article 32 Act CXXXIII. of 2005 (Security Services Act) |
Planned time of the data control |
Until the 15thday after the card is being returned |
Data subjects |
Clients and their employees |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, mompark@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in encrypted form on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 3. |
Controlled data |
Name, e-mail address, delivery address, amount of debt and related invoices (in case of a legal entity): position in the organization |
Purpose of data controlling |
Managing client data for debt collection purposes |
Legal basis of the data control |
GDPR Article 6 (1) f): Enforcing the legitimate interests pursued by the controller |
Planned time of the data control |
Until the debt is settled or until the statue of limitation of civil law claims related to the debt (the latter is typically 5 years) |
Data subjects |
Clients and their representatives and contact persons |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, mompark@houseofbusiness.com |
Are the data transmitted? |
Yes, for the legal representative |
Are the data processed |
Authorized legal representative of the Service Provider |
Purpose of data procession (if applicable) |
Recovery of receivables |
Form and place of storage |
The controlled data are stored in encrypted form in a central debt collection database and in the mail system on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data |
Employees of Service Provider, authorized legal representative of the Service Provider |
|
Data control 4. |
Controlled data |
Contact person’s name, e‐mail address, phone number, subject of contact (in the case of a legal person): related company name |
Purpose of data controlling |
Upon request of Data subject, sending price offer and information about the Service Provider’s services for the purpose of concluding a contract |
Legal basis of the data control |
GDPR Article 6 (1) a): Consent of data subject |
Planned time of the data control |
If the data subject does not become a Client of the Service Provider, until the settlement of the negotiating phase, if the data subject becomes a Client of the organization, the 1st data control operation (see above) shall take place from the conclusion of the contract (Conclusion of the Customer Contract) |
Data subjects |
Interested persons regarding the services of the Service Provider |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, mompark@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in encrypted form in the mail system of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 5. |
Controlled data |
Name, e ‐ mail address |
Purpose of data controlling |
Sending materials for marketing purposes in order to promote the services of the Service Provider |
Legal basis of the data control |
GDPR Article 6 (1) a): Consent of data subject |
Planned time of the data control |
Until withdrawal of consent |
Data subjects |
Clients and Interested persons in the services of the Service Provider |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, mompark@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in encrypted form in a central client database (operate system) and in the mail system on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 6. |
Controlled data |
Name, e‐mail address |
Purpose of data controlling |
Informing Clients of important information related to the Services |
Legal basis of the data control |
GDPR Article 6 (1) b): Performance of contract |
Planned time of the data control |
Until the 15th day after the termination of the legal relationship with the Client |
Data subjects |
Clients and their contact persons |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, mompark@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in encrypted form in a central client database (operate system) and in the mail system on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 7. |
Controlled data |
Client/employee (consignee) name, date of receipt, name and address of consignor, consignment tracking number |
Purpose of data controlling |
Keeping records in order to trace which Client/employee received consignment from whom and when |
Legal basis of the data control |
GDPR Article 6 (1) b): Performance of contract |
Planned time of the data control |
For 1 year after the receipt of the consignment, in order to confirm the receipt and traceability of the consignments |
Data subjects |
Clients and their employees, consignees |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, mompark@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
In the postal register related to the filing of incoming documents, on paper, in a closed cabinet. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 8. Filing of outgoing documents for invoicing purposes |
Controlled data |
For both postal and courier items: Client/employee name, address, date of dispatch, consignee’s name, consignment tracking number (identification number) In the case of courier services, the following as well: consignee’s name, phone number, e-mail address |
Purpose of data controlling |
Keeping records in order to invoice the costs of outgoing mails to the Client; and, in the case of courier, all contact details required for an effective delivery |
Legal basis of the data control |
GDPR Article 6 (1) b): Performance of Contract GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Invoicing) |
Planned time of the data control |
Until the 30th day after the end of the month to which the invoice relates, if invoice containing the costs of the letter is paid. In the event of default, until the end of the debt collection procedure In the case of courier items contact data controlled will be deleted 15 days after successful delivery. |
Data subjects |
Clients and their employees, consignees |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, mompark@houseofbusiness.com |
Are the data transmitted? |
Yes, with the purpose of sending mail, courier items |
Are the data processed |
Mail Services Kft., MBE Hungary Kft., Courier service |
Purpose of data procession |
Posting of letters, packages |
Form and place of storage |
The controlled data are stored in encrypted form in a central client database (operate system) and in the mail system on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. The contact data required for the delivery of courier items will only be indicated on the item and will be forwarded to the courier service immediately for delivery. |
Persons entitled to know the data |
Employees of Service Provider, Mail Services Kft., MBE Hungary Kft., Courier service |
|
Data control 9. |
Controlled data |
Client name, phone number, detailed call log / detailed call list |
Purpose of data controlling |
Keeping records of call expenses for Clients who requested IP-based phone system service, operating the connection between the central phone and the extensions |
Legal basis of the data control |
GDPR Article 6 (1) b): Performance of Contract GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Invoicing) |
Planned time of the data control |
Until the 30th day after the end of the month to which the invoice relates, if the invoice containing the costs of the calls are paid. In the event of default, until the end of the debt collection procedure. |
Data subjects |
Clients |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, mompark@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in encrypted form in a central client database (operate system) on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. The summary of the call lists arrives from the telecommunication service provider to the Service Provider on paper, in aggregate form. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 10. |
Controlled data |
Client name, date of meeting room use, duration, number of participants |
Purpose of data controlling |
Keeping records of the costs of Clients who requested rental service regarding the meeting rooms, for invoicing purposes |
Legal basis of the data control |
GDPR Article 6 (1) b): Performance of Contract GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Invoicing) |
Planned time of the data control |
Until the 30th day after the end of the month to which the invoice relates, if the invoice containing the meeting room rental fees is paid. In the event of default, until the end of the debt collection procedure |
Data subjects |
Clients |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, mompark@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in encrypted form in a central client database (operate system) on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 11. |
Controlled data |
Client name, date of private office use |
Purpose of data controlling |
Keeping records of the costs of Clients who requested rental service regarding private offices, for invoicing purposes |
Legal basis of the data control |
GDPR Article 6 (1) b): Performance of Contract GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Invoicing) |
Planned time of the data control |
Until the 30th day after the end of the month to which the invoice relates, if the invoice containing the private office fees is paid. In the event of default, until the end of the debt collection procedure. |
Data subjects |
Clients |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, mompark@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in encrypted form in a central client database (operate system) on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 12. |
Controlled data |
Name, number of printed/scanned pages (the Service Provider does not have access to the content of the scanned / printed document) |
Purpose of data controlling |
Keeping records of the costs of Clients who requested service regarding printing/scanning, for invoicing purposes |
Legal basis of the data control |
GDPR Article 6 (1) b): Performance of Contract GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Invoicing) |
Planned time of the data control |
Until the 30th day after the end of the month to which the invoice relates, if the invoice containing the costs of printing/scanning is paid. In the event of default, until the end of the debt collection procedure. |
Data subjects |
Clients |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, mompark@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in a cloud-based electronic system. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 13. |
Controlled data |
Personal data provided by the Client with consent |
Purpose of data controlling |
Administrative assistance given to Client (for printing, scanning etc.), only in exceptional cases and only at the express request of the Client |
Legal basis of the data control |
GDPR Article 6 (1) a): Consent of data subject |
Planned time of the data control |
If administrative assistance is not required for invoicing, the data will be deleted immediately after the assistance is performed. If the assistance is related to invoicing, until the 30th day after the end of the month to which the assistance relates, if the invoice containing the costs of the assistance is paid. In the event of default, until the end of the debt collection procedure. |
Data subjects |
Clients |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, mompark@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in the form of which was made available by the Client. The controlled data are stored in encrypted form in a central client database (operate system) on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 14. |
Controlled data |
Name, contact information, decision, submission, registration data |
Purpose of data controlling |
Compliance with the obligation to register the exercise of data subject rights in accordance with GDPR (cp. Article 5 (2) and Article 12) |
Legal basis of the data control |
GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject |
Planned time of the data control |
For 5 years after the request is processed |
Data subjects |
Individuals requesting data subject access rights |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, mompark@houseofbusiness.com |
Are the data transmitted? |
Only for the authorities upon authority request |
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in electronic form on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data |
Employees of Service Provider, the authority upon request of authorities |
|
Data control 15. |
Controlled data |
Client name, additional service used and its remuneration Additional services: Exit painting, costs of construction works, kitchen services, internet service, administrative support, furniture sales, furniture rental, furniture delivery, Catering service, Envelope, CD, Scotch tape, battery, DVD, etiquette label, genotherm, rubber folder, extension cord, internet cable, corrector, staple folder, stapler set, copy paper, Post it, staple purchase, Mineral water purchase, plant rental and care, lamination, spiralling |
Purpose of data controlling |
Invoicing for additional services used by the Clients |
Legal basis of the data control |
GDPR Article 6 (1) a): Consent of data subject GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Invoicing) |
Planned time of the data control |
Until the 30th day after the end of the month to which the invoice relates, if the invoice containing the costs of the additional services is paid. In the event of default, until the end of the claim management procedure. |
Data subjects |
Clients |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, mompark@houseofbusiness.com |
Are the data transmitted? |
|
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in encrypted form in a central client database (operate system) on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. |
Persons entitled to know the data |
Employees of Service Provider |
|
Data control 16. |
Controlled data |
Client name, seat/ address, e-mail address, tax number, services used, date of invoice and execution, payment deadline, amount payable |
Purpose of data controlling |
Compliance with invoicing obligation in accordance with the laws |
Legal basis of the data control |
GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject |
Planned time of the data control |
For 8 years after the invoice has been issued in line with Accounting Act (currently Article 169 Act C of 2000) |
Data subjects |
Clients |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, mompark@houseofbusiness.com |
Are the data transmitted? |
Yes, for the accountant and the Tax Authority (in order to comply with legal obligation) |
Are the data processed |
Accountant |
Purpose of data procession |
In order to comply with legal invoicing and bookkeeping obligation |
Form and place of storage |
Electronically in the szamlazz.hu system and in the mail system of the Service Provider. For those Clients who do not accept electronic invoices, the invoices are issued and stored on paper. |
Persons entitled to know the data |
Employees of Service Provider, Accountant, Tax Authority |
|
Data control 17. |
Controlled data |
Natural identification data of the managing director/representative and the beneficial owner, citizenship, address, type and number of identification document, in the case of delivery agent its name and address; in the case of managing director/representative a copy of the identity card and a copy of the address card’s side which does not include the personal identification number; in the case of beneficial owner, the nature and extent of the ownership interest, and if (s)he qualifies as a politically exposed person. |
Purpose of data controlling |
Compliance with the obligations under the legislation on registered seat address service and money laundering |
Legal basis of the data control |
GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Compliance with obligations under the Money Laundering Act) |
Planned time of the data control |
For 8 years after the termination of virtual office/registered seat address service contract in line with Money Laundering Act |
Data subjects |
Managing director/representative and the beneficial owner of the Clients, and the delivery agent of a member/managing director of a legal entity |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, mompark@houseofbusiness.com |
Are the data transmitted? |
Only to the competent authority upon official request |
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
On paper in accordance with the Service Provider’s internal regulations in line with the Money Laundering Act. The registered documents are stored in separate folders belonging to each Client, separated from the other documents of the Client. |
Persons entitled to know the data |
Employees of Service Provider, authorities upon request |
|
Data control 18. |
Controlled data |
During the operation of the Camera Systems, the portrait (moving image) and actions of the Data subjects who appear in the field of view of the cameras will be monitored and recorded. The camera system does not record any sound. |
Purpose of data controlling |
The camera system installed in the territory of House of Business is solely for the purpose of protection of human life, physical integrity, personal freedom, prevention and proof of violations, and to protect the property of House of Business and the Clients. It is probable that the detection of violations and the actions of perpetrators, and the prevention and proof of these violent acts cannot be achieved by any other methods. The purpose of data control is not to monitor the behaviour and habits of people in the premises of House of Business. |
Legal basis of the data control |
GDPR Article 6 (1) f): Enforcing the legitimate interests pursued by the controller |
Planned time of the data control |
The portrait (moving image) or actions of Data subject recorded during the operation of the camera system will be stored for 15 days after the recording, the recordings will be automatically deleted afterwards – except for the case of use. Use is considered to be the use of the recorded image and other Personal Data as evidence in court or other official proceedings due to suspicion of a crime, violation of the law, unlawful conduct or damage, and if the Data subject wishes to inspect the recordings concerning himself/herself. |
Prior notice of data control |
Those wishing to enter or stay on the premises of House of Business will be informed in advance of the data controlled related to the camera system, the rights of Data subjects and of the identity and contact details of the operator. – On the premises of House of Business at all entrances “camera surveillance area” sign and a Camera System pictogram is displayed; – Present Privacy Policy is available at the reception of House of Business. |
Data subjects |
Clients and their employees, guests and all persons entering the premises of House of Business |
Name and contact details of data controller |
Service Provider (See section 1.15.) |
Data protection officer (DPO) |
Fehér Attila managing director |
Contact details of the DPO |
+36-1-8037600, mompark@houseofbusiness.com |
Are the data transmitted? |
For the court or authority upon request |
Are the data processed |
|
Purpose of data procession |
|
Form and place of storage |
The controlled data are stored in electronic form on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled. The security backups are also encrypted. |
Persons entitled to know the data |
The operator of the camera system and the managing director of the Service Provider. The operator of the camera system shall be a person specified in the Security Services Act. – In the case of suspicion of a criminal offense, infringement or damage, the competent authority or court; – In the case of suspicion of damage and violation of law, in the legitimate interest of the Service Provider, the managing director shall initiate the necessary proceedings; – Data subject, whose personal data is included in the recording. A report shall be drawn up on the inspection of the recordings made by the camera system, which shall contain the data necessary in order to identify the recording, the name of the person who is entitled to know the data, as well as the purpose and time of access to the data. |
- Disposal of personal data
- If any changes occur in the controlled Personal Data, we ask the Data subjects to notify the Service Provider of the changes within 3 days, in order to ensure the data’s accuracy. In case the Data subject fails to notify the Service Provider of change, the Service Provider is not responsible for the accuracy of the data.
- Any request regarding personal data deletion shall be submitted to the Service Provider (via e-mail or in writing)
- Once the request to delete or modify personal data has been fulfilled, the previous (deleted) data can no longer be recovered.
- Rights of Data subjects regarding personal data control
Data subjects have the following rights in regards with data control
- Right of access: the Data Subject shall request information on the controlled data, the purpose and time of data controlling and to whom the data is transferred, as well as the source of the controlled data.
- Right to rectification: in case of change in the data of the Data subject, inaccurate or incomplete data recording, the Data subject shall have right to request correction, rectification or clarification.
- Right to erasure: Data Subject shall request the erasure of his/her Personal data in the cases described in the Data Protection Act and the GDPR.
- Right to restriction of controlling: Data Subject shall request the restriction of Personal data control in the cases described in Data Protection Act and the GDPR.
- If a request set forth in Section 5.1-5.4. has been submitted, the Controller shall act in accordance with the provisions of the Data Protection Act and the GDPR and shall inform the Data Subject within one month of the measures taken on the basis of the request.
- Right to withdraw consent: Data subject is entitled to withdraw Consent given for the controlling of Personal data which is controlled on the basis of Consent at any time, which, however, does not affect the lawfulness of the data control prior to the withdrawal.
- Right to lodge a complaint: Data Subject is entitled to submit a complaint to the competent supervisory Authority (see section 1.12.) in case of a violation regarding the controlling of Personal data.
- Right to remedy: Further the Data Subject is also entitled to bring an action against the Controller in front of the court in the event of a breach regarding personal data protection.
- Right to object: Data subject shall have the right to object to the Personal data control based on Article 6 (1) e) or f) of GDPR at any time, including profiling based on the mentioned provisions.
- Occurrence of Personal data breach
- In the event of Personal data breach Controller shall notify the Authority without undue delay and, if possible, within 72 hours after becoming aware of the breach, unless the Personal data breach is not likely to pose a risk to the rights and freedoms of natural persons. If the notification does not happen within 72 hours, the cause for the delay must be attached as well.
- The Data Processor shall notify the Controller of the Personal data breach without undue delay after becoming aware of the breach.
- If the Personal data breach is likely to pose a high risk to the rights and freedoms of natural persons, the Controller shall, without undue delay, inform the Data subject of the Personal data breach.
- Anonymous user IDs (cookies), data control for statistical purposes
- The Webpage uses anonymous user IDs (cookies) to increase the quality of the use and to make the use of the Webpage easier for visitors. (An anonymous user ID – cookie – is a series of tokens suitable for unique computer identification and storage of profile information, which is placed on the User’s computer by the service providers. The token itself cannot identify the User in any way, it is only suitable for recognizing the computer.) If you prefer the anonymous user ID to not be placed on your computer, you can configure your browser so that it does not allow them to be placed. In this case, however, you may not be able to have access to some services or not in the form in which you allow the placement of anonymous user IDs.
- The Service Provider collects anonymous information and data on the Webpage for statistical purposes. This information relates to an unidentified or unidentifiable natural person and to personal data which have been anonymised in such a way that the data subject is either not identified or can no longer be identified. The provisions of GDPR does not cover the control of these information [see recital 26 of GDRP].
- Data security measures
- During managing documents, the access to each document and data shall be restricted to the persons listed in the last rows of the tables published in section 3.
- Regarding physical data security, the Service Provider ensures the proper closing and protection of its doors and windows. Only those who duly substantiate their legal interest may inspect the documents.
- The premises in which data storage devices are placed have been designed by the Service Provider in a way that they are suitable to provide sufficient security against unauthorized or violent intrusion, fire or natural disaster.
- Assistance, comments, complaint handling
- Assistance to the Data subject regarding data control and securing Personal data rights is provided by the person designated as the Data Protection Officer at the Controller.
- Right of amendment
- The Service Provider reserves the right to unilaterally amend the Privacy Policy by informing Data subjects on the Webpage or via e-mail. The Service Provider shall publish the amended Privacy Policy on the Webpage on the tenth (10th) day before the amended Privacy Policy enters into force.
-
- Definitions:
- Data processing data processing’ shall mean the technical operations involved in data control, irrespective of the method and instruments employed for such operations and the venue where it takes place, provided that such technical operations are carried out on the data.
- Data processor shall mean a natural or legal person or unincorporated organization that is engaged in processing operations within the framework of and under the conditions set out by law, acting on the controller’s behalf or following the controller’s instructions.
- Controlling of data shall mean any operation or set of operations that is performed upon data, whether or not by automatic means, such as in particular collection, recording, organization, storage, adaptation or alteration, use, retrieval, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction, and blocking them from further use, photographing, sound and video recording, and the recording of physical attributes for identification purposes (such as fingerprints and palm prints, DNA samples and retinal images).
- Privacy Policy shall mean the present regulations.
- Controller shall mean the natural or legal person, or unincorporated body which alone or jointly with others determines the purposes of the processing of data within the framework of law or binding legislation of the European Union, makes decisions regarding data processing (including the means) and implements such decisions itself or engages a data processor to execute them.
- Disclosure by transmission shall mean making data available to a specific third party.
- Erasure of data shall mean the destruction or elimination of data sufficient to make them irretrievable.
- Personal data breach shall mean a breach of data security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
- Interested person shall mean a natural or legal person, who is interested in the services provided by the Service Provider, but did not conclude a service agreement with the Service Provider.
- Data subject shall mean the Client the employees of the Client, Interested Persons and the guests entering into the territory of House of Business office.
- GDPR shall mean regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- Authority: shall mean the Hungarian National Authority for Data Protection and Freedom of Information (Seat: 1055 Budapest, Falk Miksa utca 9-11., Postal address:1363 Budapest, P.O. Box.: 9.).
- Consent shall mean any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which the data subject, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
- Data Protection Act shall mean Act CXII of 2011 on the right of informational Self-Determination and on Freedom of Information.
- Service Provider shall mean House of Business BEM Center Kft. (Company Registry Number.: 01-09-431378, e-mail: bemcenter@houseofbusiness.com).
- Public disclosure shall mean making data available to the general public.
- Webpage shall mean the https://www.houseofbusiness.com/
- Hungarian Civil Code shall mean Act V of 2013 on the civil code.
- Personal data shall mean any information relating to the data subject, in particular by reference to his name, an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity, and any reference drawn from such information pertaining to the data subject.
- Client shall mean a natural or legal person who has entered into a service agreement with Service Provider.
- Principles relating to controlling of personal data
- Personal data shall be
- controlled lawfully, fairly and in a transparent manner in relation to the Data subject (principle of lawfulness, fairness and transparency);
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (principle of purpose limitation);
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (principle of data minimisation);
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (principle of accuracy);
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; (principle of storage limitation);
- controlled in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (principle of integrity and confidentiality);
- The Controller shall be responsible for, and be able to demonstrate compliance with Section 2.1.1.-2.1.6. of the Privacy Policy (“principle of accountability”).
- Personal data shall be
- Data controlling concluded by the Service Provider
Data control 1.
Conclusion of Client ContractsControlled data
In all cases: Name, e-mail address, phone number, postal address, place and date of birth, mother’s maiden name, ID card number, the contracted services and pertaining service fees, (In case of contract concluded with legal person): Position, Tax number, registration number, in case of private entrepreneurs tax number and registration number
Purpose of data controlling
Making offer, negotiating about the contract, conclusion of the contract
Legal basis of the data control
GDPR Article 6 (1) b) – Controlling is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
Planned time of the data control
Until the 15thday after the termination of the contract
Data subjects
Clients and their representatives/contact persons
Name and contact details of data controller
Service Provider (See section 1.15.)
Data protection officer (DPO)
Fehér Attila managing director
Contact details of the DPO
+36-1-8037600, bemcenter@houseofbusiness.com
Are the data transmitted?
For the accountant after the conclusion of the contract; To the auditor once a year; upon official request to the authorities
Are the data processed
Accountant, auditor
Purpose of data procession (if applicable)
In order to comply with legal accounting and auditing obligation
Form and place of storage
The controlled data are stored in encrypted form in a central client database on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled. The security backups are also encrypted.
Persons entitled to know the data
Employees of Service Provider
Data control 2.
Preparation of entry card for tenants/employees which provides access to the office buildingControlled data
Client/employee name, related company name, scope of authorization, card number
Purpose of data controlling
Creating an access card and ensuring that only authorized persons can enter the premises of the office building
Legal basis of the data control
GDPR Article 6 (1) f) Enforcing legitimate interests pursued by the controller and Article 32 Act CXXXIII. of 2005 (Security Services Act)
Planned time of the data control
Until the 15thday after the card is being returned
Data subjects
Clients and their employees
Name and contact details of data controller
Service Provider (See section 1.15.)
Data protection officer (DPO)
Fehér Attila managing director
Contact details of the DPO
+36-1-8037600, bemcenter@houseofbusiness.com
Are the data transmitted?
Are the data processed
Purpose of data procession
Form and place of storage
The controlled data are stored in encrypted form on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to.
Persons entitled to know the data
Employees of Service Provider
Data control 3.
Data control related to debt collectionControlled data
Name, e-mail address, delivery address, amount of debt and related invoices (in case of a legal entity): position in the organization
Purpose of data controlling
Managing client data for debt collection purposes
Legal basis of the data control
GDPR Article 6 (1) f): Enforcing the legitimate interests pursued by the controller
Planned time of the data control
Until the debt is settled or until the statue of limitation of civil law claims related to the debt (the latter is typically 5 years)
Data subjects
Clients and their representatives and contact persons
Name and contact details of data controller
Service Provider (See section 1.15.)
Data protection officer (DPO)
Fehér Attila managing director
Contact details of the DPO
+36-1-8037600, bemcenter@houseofbusiness.com
Are the data transmitted?
Yes, for the legal representative
Are the data processed
Authorized legal representative of the Service Provider
Purpose of data procession (if applicable)
Recovery of receivables
Form and place of storage
The controlled data are stored in encrypted form in a central debt collection database and in the mail system on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted.
Persons entitled to know the data
Employees of Service Provider, authorized legal representative of the Service Provider
Data control 4.
Sending offers, replying to messages from Interested personsControlled data
Contact person’s name, e‐mail address, phone number, subject of contact (in the case of a legal person): related company name
Purpose of data controlling
Upon request of Data subject, sending price offer and information about the Service Provider’s services for the purpose of concluding a contract
Legal basis of the data control
GDPR Article 6 (1) a): Consent of data subject
Planned time of the data control
If the data subject does not become a Client of the Service Provider, until the settlement of the negotiating phase, if the data subject becomes a Client of the organization, the 1st data control operation (see above) shall take place from the conclusion of the contract (Conclusion of the Customer Contract)
Data subjects
Interested persons regarding the services of the Service Provider
Name and contact details of data controller
Service Provider (See section 1.15.)
Data protection officer (DPO)
Fehér Attila managing director
Contact details of the DPO
+36-1-8037600, bemcenter@houseofbusiness.com
Are the data transmitted?
Are the data processed
Purpose of data procession
Form and place of storage
The controlled data are stored in encrypted form in the mail system of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted.
Persons entitled to know the data
Employees of Service Provider
Data control 5.
Sending out newslettersControlled data
Name, e ‐ mail address
Purpose of data controlling
Sending materials for marketing purposes in order to promote the services of the Service Provider
Legal basis of the data control
GDPR Article 6 (1) a): Consent of data subject
Planned time of the data control
Until withdrawal of consent
Data subjects
Clients and Interested persons in the services of the Service Provider
Name and contact details of data controller
Service Provider (See section 1.15.)
Data protection officer (DPO)
Fehér Attila managing director
Contact details of the DPO
+36-1-8037600, bemcenter@houseofbusiness.com
Are the data transmitted?
Are the data processed
Purpose of data procession
Form and place of storage
The controlled data are stored in encrypted form in a central client database (operate system) and in the mail system on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted.
Persons entitled to know the data
Employees of Service Provider
Data control 6.
Sending out informational e-mails to Clients regarding the servicesControlled data
Name, e‐mail address
Purpose of data controlling
Informing Clients of important information related to the Services
Legal basis of the data control
GDPR Article 6 (1) b): Performance of contract
Planned time of the data control
Until the 15th day after the termination of the legal relationship with the Client
Data subjects
Clients and their contact persons
Name and contact details of data controller
Service Provider (See section 1.15.)
Data protection officer (DPO)
Fehér Attila managing director
Contact details of the DPO
+36-1-8037600, bemcenter@houseofbusiness.com
Are the data transmitted?
Are the data processed
Purpose of data procession
Form and place of storage
The controlled data are stored in encrypted form in a central client database (operate system) and in the mail system on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted.
Persons entitled to know the data
Employees of Service Provider
Data control 7.
Filing and registering incoming documentsControlled data
Client/employee (consignee) name, date of receipt, name and address of consignor, consignment tracking number
Purpose of data controlling
Keeping records in order to trace which Client/employee received consignment from whom and when
Legal basis of the data control
GDPR Article 6 (1) b): Performance of contract
Planned time of the data control
For 1 year after the receipt of the consignment, in order to confirm the receipt and traceability of the consignments
Data subjects
Clients and their employees, consignees
Name and contact details of data controller
Service Provider (See section 1.15.)
Data protection officer (DPO)
Fehér Attila managing director
Contact details of the DPO
+36-1-8037600, bemcenter@houseofbusiness.com
Are the data transmitted?
Are the data processed
Purpose of data procession
Form and place of storage
In the postal register related to the filing of incoming documents, on paper, in a closed cabinet.
Persons entitled to know the data
Employees of Service Provider
Data control 8.
Filing of outgoing documents for invoicing purposes
Controlled data
For both postal and courier items: Client/employee name, address, date of dispatch, consignee’s name, consignment tracking number (identification number)
In the case of courier services, the following as well: consignee’s name, phone number, e-mail address
Purpose of data controlling
Keeping records in order to invoice the costs of outgoing mails to the Client; and, in the case of courier, all contact details required for an effective delivery
Legal basis of the data control
GDPR Article 6 (1) b): Performance of Contract
GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Invoicing)
Planned time of the data control
Until the 30th day after the end of the month to which the invoice relates, if invoice containing the costs of the letter is paid. In the event of default, until the end of the debt collection procedure
In the case of courier items contact data controlled will be deleted 15 days after successful delivery.
Data subjects
Clients and their employees, consignees
Name and contact details of data controller
Service Provider (See section 1.15.)
Data protection officer (DPO)
Fehér Attila managing director
Contact details of the DPO
+36-1-8037600, bemcenter@houseofbusiness.com
Are the data transmitted?
Yes, with the purpose of sending mail, courier items
Are the data processed
Mail Services Kft., MBE Hungary Kft., Courier service
Purpose of data procession
Posting of letters, packages
Form and place of storage
The controlled data are stored in encrypted form in a central client database (operate system) and in the mail system on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted.
The contact data required for the delivery of courier items will only be indicated on the item and will be forwarded to the courier service immediately for delivery.
Persons entitled to know the data
Employees of Service Provider, Mail Services Kft., MBE Hungary Kft., Courier service
Data control 9.
Operating call center and invoicing of its costsControlled data
Client name, phone number, detailed call log / detailed call list
Purpose of data controlling
Keeping records of call expenses for Clients who requested IP-based phone system service, operating the connection between the central phone and the extensions
Legal basis of the data control
GDPR Article 6 (1) b): Performance of Contract
GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Invoicing)
Planned time of the data control
Until the 30th day after the end of the month to which the invoice relates, if the invoice containing the costs of the calls are paid. In the event of default, until the end of the debt collection procedure.
Data subjects
Clients
Name and contact details of data controller
Service Provider (See section 1.15.)
Data protection officer (DPO)
Fehér Attila managing director
Contact details of the DPO
+36-1-8037600, bemcenter@houseofbusiness.com
Are the data transmitted?
Are the data processed
Purpose of data procession
Form and place of storage
The controlled data are stored in encrypted form in a central client database (operate system) on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted. The summary of the call lists arrives from the telecommunication service provider to the Service Provider on paper, in aggregate form.
Persons entitled to know the data
Employees of Service Provider
Data control 10.
Data control related to the reservation of meeting roomsControlled data
Client name, date of meeting room use, duration, number of participants
Purpose of data controlling
Keeping records of the costs of Clients who requested rental service regarding the meeting rooms, for invoicing purposes
Legal basis of the data control
GDPR Article 6 (1) b): Performance of Contract
GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Invoicing)
Planned time of the data control
Until the 30th day after the end of the month to which the invoice relates, if the invoice containing the meeting room rental fees is paid. In the event of default, until the end of the debt collection procedure
Data subjects
Clients
Name and contact details of data controller
Service Provider (See section 1.15.)
Data protection officer (DPO)
Fehér Attila managing director
Contact details of the DPO
+36-1-8037600, bemcenter@houseofbusiness.com
Are the data transmitted?
Are the data processed
Purpose of data procession
Form and place of storage
The controlled data are stored in encrypted form in a central client database (operate system) on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted.
Persons entitled to know the data
Employees of Service Provider
Data control 11.
Data control related to private office useControlled data
Client name, date of private office use
Purpose of data controlling
Keeping records of the costs of Clients who requested rental service regarding private offices, for invoicing purposes
Legal basis of the data control
GDPR Article 6 (1) b): Performance of Contract
GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Invoicing)
Planned time of the data control
Until the 30th day after the end of the month to which the invoice relates, if the invoice containing the private office fees is paid. In the event of default, until the end of the debt collection procedure.
Data subjects
Clients
Name and contact details of data controller
Service Provider (See section 1.15.)
Data protection officer (DPO)
Fehér Attila managing director
Contact details of the DPO
+36-1-8037600, bemcenter@houseofbusiness.com
Are the data transmitted?
Are the data processed
Purpose of data procession
Form and place of storage
The controlled data are stored in encrypted form in a central client database (operate system) on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted.
Persons entitled to know the data
Employees of Service Provider
Data control 12.
Invoicing related to prints and scans sent directly to the cloud-based printer by the ClientControlled data
Name, number of printed/scanned pages (the Service Provider does not have access to the content of the scanned / printed document)
Purpose of data controlling
Keeping records of the costs of Clients who requested service regarding printing/scanning, for invoicing purposes
Legal basis of the data control
GDPR Article 6 (1) b): Performance of Contract
GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Invoicing)
Planned time of the data control
Until the 30th day after the end of the month to which the invoice relates, if the invoice containing the costs of printing/scanning is paid. In the event of default, until the end of the debt collection procedure.
Data subjects
Clients
Name and contact details of data controller
Service Provider (See section 1.15.)
Data protection officer (DPO)
Fehér Attila managing director
Contact details of the DPO
+36-1-8037600, bemcenter@houseofbusiness.com
Are the data transmitted?
Are the data processed
Purpose of data procession
Form and place of storage
The controlled data are stored in a cloud-based electronic system.
Persons entitled to know the data
Employees of Service Provider
Data control 13.
Data stored in connection with administrative assistance given to ClientsControlled data
Personal data provided by the Client with consent
Purpose of data controlling
Administrative assistance given to Client (for printing, scanning etc.), only in exceptional cases and only at the express request of the Client
Legal basis of the data control
GDPR Article 6 (1) a): Consent of data subject
Planned time of the data control
If administrative assistance is not required for invoicing, the data will be deleted immediately after the assistance is performed. If the assistance is related to invoicing, until the 30th day after the end of the month to which the assistance relates, if the invoice containing the costs of the assistance is paid. In the event of default, until the end of the debt collection procedure.
Data subjects
Clients
Name and contact details of data controller
Service Provider (See section 1.15.)
Data protection officer (DPO)
Fehér Attila managing director
Contact details of the DPO
+36-1-8037600, bemcenter@houseofbusiness.com
Are the data transmitted?
Are the data processed
Purpose of data procession
Form and place of storage
The controlled data are stored in the form of which was made available by the Client.
The controlled data are stored in encrypted form in a central client database (operate system) on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted.
Persons entitled to know the data
Employees of Service Provider
Data control 14.
Keeping records of the measures related to exercising data subject rights in accordance with GDPRControlled data
Name, contact information, decision, submission, registration data
Purpose of data controlling
Compliance with the obligation to register the exercise of data subject rights in accordance with GDPR (cp. Article 5 (2) and Article 12)
Legal basis of the data control
GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject
Planned time of the data control
For 5 years after the request is processed
Data subjects
Individuals requesting data subject access rights
Name and contact details of data controller
Service Provider (See section 1.15.)
Data protection officer (DPO)
Fehér Attila managing director
Contact details of the DPO
+36-1-8037600, bemcenter@houseofbusiness.com
Are the data transmitted?
Only for the authorities upon authority request
Are the data processed
Purpose of data procession
Form and place of storage
The controlled data are stored in electronic form on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted.
Persons entitled to know the data
Employees of Service Provider, the authority upon request of authorities
Data control 15.
Data control related to the invoicing of additional services used by the ClientControlled data
Client name, additional service used and its remuneration
Additional services: Exit painting, costs of construction works, kitchen services, internet service, administrative support, furniture sales, furniture rental, furniture delivery, Catering service, Envelope, CD, Scotch tape, battery, DVD, etiquette label, genotherm, rubber folder, extension cord, internet cable, corrector, staple folder, stapler set, copy paper, Post it, staple purchase, Mineral water purchase, plant rental and care, lamination, spiralling
Purpose of data controlling
Invoicing for additional services used by the Clients
Legal basis of the data control
GDPR Article 6 (1) a): Consent of data subject
GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Invoicing)
Planned time of the data control
Until the 30th day after the end of the month to which the invoice relates, if the invoice containing the costs of the additional services is paid. In the event of default, until the end of the claim management procedure.
Data subjects
Clients
Name and contact details of data controller
Service Provider (See section 1.15.)
Data protection officer (DPO)
Fehér Attila managing director
Contact details of the DPO
+36-1-8037600, bemcenter@houseofbusiness.com
Are the data transmitted?
Are the data processed
Purpose of data procession
Form and place of storage
The controlled data are stored in encrypted form in a central client database (operate system) on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled to. The security backups are also encrypted.
Persons entitled to know the data
Employees of Service Provider
Data control 16.
Issuance and storage of invoices and receiptsControlled data
Client name, seat/ address, e-mail address, tax number, services used, date of invoice and execution, payment deadline, amount payable
Purpose of data controlling
Compliance with invoicing obligation in accordance with the laws
Legal basis of the data control
GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject
Planned time of the data control
For 8 years after the invoice has been issued in line with Accounting Act (currently Article 169 Act C of 2000)
Data subjects
Clients
Name and contact details of data controller
Service Provider (See section 1.15.)
Data protection officer (DPO)
Fehér Attila managing director
Contact details of the DPO
+36-1-8037600, bemcenter@houseofbusiness.com
Are the data transmitted?
Yes, for the accountant and the Tax Authority (in order to comply with legal obligation)
Are the data processed
Accountant
Purpose of data procession
In order to comply with legal invoicing and bookkeeping obligation
Form and place of storage
Electronically in the szamlazz.hu system and in the mail system of the Service Provider.
For those Clients who do not accept electronic invoices, the invoices are issued and stored on paper.
Persons entitled to know the data
Employees of Service Provider, Accountant, Tax Authority
Data control 17.
Personal data control while providing virtual office / registered seat address servicesControlled data
Natural identification data of the managing director/representative and the beneficial owner, citizenship, address, type and number of identification document, in the case of delivery agent its name and address; in the case of managing director/representative a copy of the identity card and a copy of the address card’s side which does not include the personal identification number; in the case of beneficial owner, the nature and extent of the ownership interest, and if (s)he qualifies as a politically exposed person.
Purpose of data controlling
Compliance with the obligations under the legislation on registered seat address service and money laundering
Legal basis of the data control
GDPR Article 6 (1) c): Controlling is necessary for compliance with a legal obligation to which the controller is subject (Compliance with obligations under the Money Laundering Act)
Planned time of the data control
For 8 years after the termination of virtual office/registered seat address service contract in line with Money Laundering Act
Data subjects
Managing director/representative and the beneficial owner of the Clients, and the delivery agent of a member/managing director of a legal entity
Name and contact details of data controller
Service Provider (See section 1.15.)
Data protection officer (DPO)
Fehér Attila managing director
Contact details of the DPO
+36-1-8037600, bemcenter@houseofbusiness.com
Are the data transmitted?
Only to the competent authority upon official request
Are the data processed
Purpose of data procession
Form and place of storage
On paper in accordance with the Service Provider’s internal regulations in line with the Money Laundering Act. The registered documents are stored in separate folders belonging to each Client, separated from the other documents of the Client.
Persons entitled to know the data
Employees of Service Provider, authorities upon request
Data control 18.
Data control related to camera systemControlled data
During the operation of the Camera Systems, the portrait (moving image) and actions of the Data subjects who appear in the field of view of the cameras will be monitored and recorded. The camera system does not record any sound.
Purpose of data controlling
The camera system installed in the territory of House of Business is solely for the purpose of protection of human life, physical integrity, personal freedom, prevention and proof of violations, and to protect the property of House of Business and the Clients. It is probable that the detection of violations and the actions of perpetrators, and the prevention and proof of these violent acts cannot be achieved by any other methods. The purpose of data control is not to monitor the behaviour and habits of people in the premises of House of Business.
Legal basis of the data control
GDPR Article 6 (1) f): Enforcing the legitimate interests pursued by the controller
Planned time of the data control
The portrait (moving image) or actions of Data subject recorded during the operation of the camera system will be stored for 15 days after the recording, the recordings will be automatically deleted afterwards – except for the case of use. Use is considered to be the use of the recorded image and other Personal Data as evidence in court or other official proceedings due to suspicion of a crime, violation of the law, unlawful conduct or damage, and if the Data subject wishes to inspect the recordings concerning himself/herself.
Prior notice of data control
Those wishing to enter or stay on the premises of House of Business will be informed in advance of the data controlled related to the camera system, the rights of Data subjects and of the identity and contact details of the operator.
– On the premises of House of Business at all entrances “camera surveillance area” sign and a Camera System pictogram is displayed;
– Present Privacy Policy is available at the reception of House of Business.
Data subjects
Clients and their employees, guests and all persons entering the premises of House of Business
Name and contact details of data controller
Service Provider (See section 1.15.)
Data protection officer (DPO)
Fehér Attila managing director
Contact details of the DPO
+36-1-8037600, bemcenter@houseofbusiness.com
Are the data transmitted?
For the court or authority upon request
Are the data processed
Purpose of data procession
Form and place of storage
The controlled data are stored in electronic form on the server of the Service Provider, which guarantees that only those persons have access to the personal data who are entitled. The security backups are also encrypted.
Persons entitled to know the data
The operator of the camera system and the managing director of the Service Provider. The operator of the camera system shall be a person specified in the Security Services Act.
– In the case of suspicion of a criminal offense, infringement or damage, the competent authority or court;
– In the case of suspicion of damage and violation of law, in the legitimate interest of the Service Provider, the managing director shall initiate the necessary proceedings;
– Data subject, whose personal data is included in the recording.
A report shall be drawn up on the inspection of the recordings made by the camera system, which shall contain the data necessary in order to identify the recording, the name of the person who is entitled to know the data, as well as the purpose and time of access to the data.
Data control 19.
Data required to provide guest parkingControlled data
License plate, duration of parking
Purpose of data controlling
Administrative assistance for the Client in order to provide parking space for the Client’s guests
Legal basis of the data control
GDPR Article 6 (1) a): Consent of data subject
Planned time of the data control
Until the 5th working day after leaving the parking lot
Data subjects
Clients
Name and contact details of data controller
Service Provider (See section 1.15.)
Data protection officer (DPO)
Fehér Attila managing director
Contact details of the DPO
+36-1-8037600, bemcenter@houseofbusiness.com
Are the data transmitted?
Yes, for Parkl Digital Technologies Kft
Are the data processed
Parkl Digital Technologies Kft
Purpose of data procession
Booking of parking spaces, managing of guest parking
Form and place of storage
The controlled data are stored the form of which was made available by the Client (typically on paper or via e-mail in the mail system).
Persons entitled to know the data
Employees of Service Provider and Parkl Digital Technologies Kft
- Disposal of personal data
- If any changes occur in the controlled Personal Data, we ask the Data subjects to notify the Service Provider of the changes within 3 days, in order to ensure the data’s accuracy. In case the Data subject fails to notify the Service Provider of change, the Service Provider is not responsible for the accuracy of the data.
- Any request regarding personal data deletion shall be submitted to the Service Provider (via e-mail or in writing)
- Once the request to delete or modify personal data has been fulfilled, the previous (deleted) data can no longer be recovered.
- Rights of Data subjects regarding personal data control
Data subjects have the following rights in regards with data control
- Right of access: the Data Subject shall request information on the controlled data, the purpose and time of data controlling and to whom the data is transferred, as well as the source of the controlled data.
- Right to rectification: in case of change in the data of the Data subject, inaccurate or incomplete data recording, the Data subject shall have right to request correction, rectification or clarification.
- Right to erasure: Data Subject shall request the erasure of his/her Personal data in the cases described in the Data Protection Act and the GDPR.
- Right to restriction of controlling: Data Subject shall request the restriction of Personal data control in the cases described in Data Protection Act and the GDPR.
- If a request set forth in Section 5.1-5.4. has been submitted, the Controller shall act in accordance with the provisions of the Data Protection Act and the GDPR and shall inform the Data Subject within one month of the measures taken on the basis of the request.
- Right to withdraw consent: Data subject is entitled to withdraw Consent given for the controlling of Personal data which is controlled on the basis of Consent at any time, which, however, does not affect the lawfulness of the data control prior to the withdrawal.
- Right to lodge a complaint: Data Subject is entitled to submit a complaint to the competent supervisory Authority (see section 1.12.) in case of a violation regarding the controlling of Personal data.
- Right to remedy: Further the Data Subject is also entitled to bring an action against the Controller in front of the court in the event of a breach regarding personal data protection.
- Right to object: Data subject shall have the right to object to the Personal data control based on Article 6 (1) e) or f) of GDPR at any time, including profiling based on the mentioned provisions.
- Occurrence of Personal data breach
- In the event of Personal data breach Controller shall notify the Authority without undue delay and, if possible, within 72 hours after becoming aware of the breach, unless the Personal data breach is not likely to pose a risk to the rights and freedoms of natural persons. If the notification does not happen within 72 hours, the cause for the delay must be attached as well.
- The Data Processor shall notify the Controller of the Personal data breach without undue delay after becoming aware of the breach.
- If the Personal data breach is likely to pose a high risk to the rights and freedoms of natural persons, the Controller shall, without undue delay, inform the Data subject of the Personal data breach.
- Anonymous user IDs (cookies), data control for statistical purposes
- The Webpage uses anonymous user IDs (cookies) to increase the quality of the use and to make the use of the Webpage easier for visitors. (An anonymous user ID – cookie – is a series of tokens suitable for unique computer identification and storage of profile information, which is placed on the User’s computer by the service providers. The token itself cannot identify the User in any way, it is only suitable for recognizing the computer.) If you prefer the anonymous user ID to not be placed on your computer, you can configure your browser so that it does not allow them to be placed. In this case, however, you may not be able to have access to some services or not in the form in which you allow the placement of anonymous user IDs.
- The Service Provider collects anonymous information and data on the Webpage for statistical purposes. This information relates to an unidentified or unidentifiable natural person and to personal data which have been anonymised in such a way that the data subject is either not identified or can no longer be identified. The provisions of GDPR does not cover the control of these information [see recital 26 of GDRP].
- Data security measures
- During managing documents, the access to each document and data shall be restricted to the persons listed in the last rows of the tables published in section 3.
- Regarding physical data security, the Service Provider ensures the proper closing and protection of its doors and windows. Only those who duly substantiate their legal interest may inspect the documents.
- The premises in which data storage devices are placed have been designed by the Service Provider in a way that they are suitable to provide sufficient security against unauthorized or violent intrusion, fire or natural disaster.
- Assistance, comments, complaint handling
- Assistance to the Data subject regarding data control and securing Personal data rights is provided by the person designated as the Data Protection Officer at the Controller.
- Right of amendment
- The Service Provider reserves the right to unilaterally amend the Privacy Policy by informing Data subjects on the Webpage or via e-mail. The Service Provider shall publish the amended Privacy Policy on the Webpage on the tenth (10th) day before the amended Privacy Policy enters into force.
- Definitions: