By being a member of the Association or by using the website you confirm that you have read this data processing information document and consent for your personal data to be processed and recorded by the Association in compliance with the applicable law; furthermore, you consent for your contact details to be recorded by the Association in its database for the purpose of notifying you about information related to its services, changes in such services, changes concerning you and the latest news of the Association.
|Data Subject||Any natural person directly or indirectly identifiable by reference to specific personal data.|
|Personal Data||Data relating to the data subject, in particular by reference to the name and identification number of the data subject or one or more factors specific to their physical, physiological, mental, economic, cultural or social identity as well as conclusions drawn from the data in regard to the data subject;|
|Sensitive Data||Personal data revealing racial origin or nationality, political opinions and any affiliation with political parties, religious or philosophical beliefs or trade-union membership, and personal data concerning sexuality, health, pathological addictions, or criminal record;|
|Data Subject’s Consent||Any freely and expressly given specific and informed indication of the will of the data subject by which he signifies his agreement to personal data relating to him being processed fully or to the extent of specific operations;|
|Objection||A declaration made by the data subject objecting to the processing of their personal data and requesting the termination of data processing, as well as the deletion of the data processed;|
|Controller||Natural or legal person, or organisation without legal personality which alone or jointly with others determines the purposes and means of the processing of data; makes and executes decisions concerning data processing (including the means used) or has it executed by a data processor;|
|Data Processing||Any operation or the totality of operations performed on the data, irrespective of the procedure applied; in particular, collecting, recording, registering, classifying, storing, modifying, using, querying, transferring, disclosing, synchronising or connecting, blocking, deleting and destroying the data, as well as preventing their further use, taking photos, making audio or visual recordings, as well as registering physical characteristics suitable for personal identification (such as fingerprints or palm prints, DNA samples, iris scans);|
|Data Transfer||Granting access to the data to specific third parties;|
|Disclosure||Granting open access to the data;|
|Data Deletion||Making data unrecognisable in such a way that it can never again be restored to a recognisable form;|
|Tagging of Data||Marking data with a special ID tag to differentiate it;|
|Blocking of Data||Marking data with a special ID tag to restrict its further processing indefinitely or for a specified period of time;|
|Data Destruction||Complete physical destruction of the data carrier recording the data;|
|Data Process||Performing technical tasks in connection with data processing operations, irrespective of the method and means used for executing the operations, as well as the place of execution, provided that the technical task is performed on the data;|
|Data Processor||Any natural or legal person or organisation without legal personality processing the data on the grounds of a contract, including contracts concluded pursuant to legislative provisions;|
|Data Set||All data processed in a single file;|
|Third Party||Any natural or legal person, or organisation without legal personality other than the data subject, the data controller and the data processor;|
|EEA Member State||Any Member State of the European Union and any State which is party to the Agreement on the European Economic Area, as well as any State the nationals of which enjoy the same legal status as nationals of States which are parties to the Agreement on the European Economic Area based on an international treaty concluded between the European Union and its Member States and a State which is not party to the Agreement on the European Economic Area;|
|Third Country||Any State that is not an EEA Member State;|
|Data Breach||The unlawful processing or process of personal data, in particular the unauthorised access, alteration, transfer, disclosure, deletion or destruction as well as the accidental destruction or damage thereof.|
- Your Data Controller and Its Contact Details
Controller: Hungarian Association of Professional Language Service Providers
(registered office: 1056 Budapest, Belgrád rakpart 26. II. emelet 1. ajtó)
Contact person: Miklós Bán
Telephone: +36 1 239 80 43
- Categories of Data Processed
- General Definition
Personal Data processed by the Association shall mean data that are or may be received by the Association in relation to your membership in the Association or during the use and provision of the services of the Association through the personal data provided by the people ordering the services of the Association, the potential customers, people requesting a quote or using the online platform of the Association, and also all the personal data transferred by you to the Association.
Such personal data may include, but are not limited to the following:
- Personal Data
- date and place of birth;
- mother’s name at birth;
- personal ID card No., address card No., address;
- personal identification code;
- social security number, tax ID No., bank account number;
- (workplace) email address, telephone number.
- Sensitive Personal Data
- data regarding racial origin or nationality;
- Processing related to membership, communication
As part of its activity, the Association performs procurement as well as archiving and document handling activities required for its operation. In this regard the Association processes and stores the following data until the dates indicated and for the purposes defined below:
- performing the aims of the Association;
- compliance with legal obligations binding the Association;
- account management and debt management;
- enforcing claims arising from the membership;
- document handling and archiving after the termination of the membership.
- Personal data for natural persons:
The name, address, telephone number, email address, customer code (client ref. number, order number) and online ID of employees, contractors and other contracted partners of language service provider that are members of the Association, shall be processed for the purposes indicated above.
- Personal data of natural persons representing legal persons:
Categories of personal data processed: name, address, telephone number, email address, online ID of the natural person.
- Registration on the website of the Association
Visitors to our website are only required to provide us with their personal data if they want to register, log in for the purpose of communication or purchase items through the webshop on the dedicated online platform.
- Other Contractual Partners
Data of our other contractual partners (contractors and other service providers) and our contractual partners in procurements shall be requested and processed as and for the term stipulated by the laws referenced in the introduction.
- Categories of Data Subjects Affected by the Data Processing and the Legal Basis of Processing
The Association processes the personal data of the Association members, the potential members and their respective employees, contractors, contractual partners. This policy shall apply to the members of the Association and the visitors to our website, contractual partners, fulfilment partners and participants.
We only process the personal data of people who have consented to the processing of their personal data or to their transfer to third parties, or if such processing is required by the law or the regulation of the local government acting pursuant to the authorisation under the law and in cases stipulated therein, for a purpose arising from public interest.
The following user actions shall also constitute the provision of consent: ticking the appropriate box when visiting the internet website of the Association; the personal data being sent to the mailing address, email address or other contact details of the Association; choosing technical settings for information society services and any other statements or conduct which clearly indicate in this context the data subject's consent to the proposed processing of their personal data.
In addition to this, personal data are only processed by us pursuant to Article 6. of the GDPR and Section 6 of the Privacy Act if obtaining the data subject’s consents is impossible or would involve disproportionately high costs, and processing is required for the performance of an obligation or the protection of a legitimate interest of ours or of third parties, and the enforcement of such interest is proportionate with the limitation of the right to protect personal data. Personal data received from your and other partners are processed if the data subject has consented to the transfer of its personal data to third parties or the Association. The Association shall not transfer the processed data for them to be used for marketing or other purposes without your express consent.
The data of natural persons contracted as customers or suppliers stipulated in the law shall be processed by the Association for the purpose of performing obligations (accounting, taxation) stipulated by the law (Sections 169 and 202 of Act CXXVII of 2017 on Value Added Tax; Act CXVII of 1995 on Personal Income Tax; Act LIII of 2017 on the Prevention and Combatting of Money Laundering and Terrorist Financing, Act C of 2000 on Accounting) under the legal title of compliance with a legal obligation.
Documents of permanent value under Act LXVI of 1995 on Public Records, Public Archives, and the Protection of Private Archives, but otherwise not received by the customers shall be processed by the Association pursuant to the performance of its legal obligation until such documents are handed over to the public archives.
The consent to the processing of data shall be deemed granted with the delivery of your personal data to the Association.
By delivering the personal data to the Association you declare and warrant that you have the right to process and, in particular, to transfer such data.
The Association excludes its liability for claims enforced in relation to a breach of the declaration above, and at the same time you shall reimburse the Association for damage incurred in relation to the false or incorrect nature of the declaration above.
- The Purpose of Data Processing
With respect to the personal data received by the Association, the purpose of data processing shall be:
- performing the aims of the Association;
- compliance with legal obligations binding the Association;
- providing discounts;
- providing notice on data related to services and on changes thereto;
- communication between the Association and the language service provider;
- providing information by way of newsletters;
- providing customised quotes and services;
- providing information about news and matters of interest related to the Association;
- pursuing marketing activity;
- building and maintaining a marketing database;
- pursuing direct marketing activity.
- Duration of Data Processing
Processing shall only be performed to the extent and for the time required for achieving the purpose and it shall only involve personal data, the processing of which is essential to and otherwise suitable for achieving the purpose of the processing, in particular until the rights and obligations exist in connection with notifying you, providing the services and the related administration.
Duration of data processing in case of membership
- the limitation period of the claims arising from your membership in the Association, or
- the limitation period of claims related to legal obligations binding the Association pursuant to the membership,
whichever of the two is longer.
When you contact the Association and you provide us with your email address, but in the end you decide not to become a member of the Association, the duration of data processing shall be the period for which you may become a member of the Association. If it is obvious that no membership will be established in the future (e.g. the language service provider whose contact person provided its personal data ceases to exist), or if you request the deletion of the personal data, the personal data shall be immediately deleted.
- The Processing of the Data
The Association uses the participation and services of data processor(s) (including, but not limited to accountants, IT service providers) for performing the processing activities. Processing shall be governed by the data processing agreement concluded by and between the Association and the controller which ensures the processor’s obligation of confidentiality and thus the security of processing.
- People Authorised to Access the Data
The personal data provided by you may be accessed and processed by the employees, senior officers, advisors of the Association, other members of its staff as well as its contractors participating in data processing, and also by its partners with respect to whom you have consented to the transfer of data.
Pursuant to the law, courts and specific authorities have the right to access the personal data processed by the Association. The court, the public prosecutor’s office and other authorities (e.g. the police, tax authority, Hungarian National Authority for Data Protection and Freedom of Information) may contact the Association and request the provision of information, the reporting of data or the delivery of documents. In such cases we are bound to comply with our data reporting obligation to the extent indispensable for the implementation of the purpose of the enquiry.
- Transmission and Transfer of the Data
We are aware that your data represent a value and we use our best endeavours to protect them during processing.
Personal data provided to us are only disclosed to third parties cooperating with us or acting on our behalf in certain cases if such is required for the implementation of the purpose for which such data were provided by the data subject or you. Personal data may also be transferred by the Association to other third parties if such is required for providing more effective services to you or if such third parties process the data subject’s data on behalf of the Association.
However, we have ensured that such third parties protect the information and data appropriately and adequately.
Personal data may be transferred by the Association to third party processors that ensure appropriate technical and organisational safeguards. According to the generally accepted data protection practice, the Association may employ external service providers for the regular maintenance of its server(s), the storage of data or the performance of other IT related tasks.
Information is only disclosed to other third parties if
- we have the data subject’s consent to it;
- we are obliged to do so by the law; or
- such is required for the purpose of legal proceedings, for exercising or protecting rights related to such proceedings or granted by the law.
By providing the personal data, you expressly consent to the data being transferred for such purpose, and you declare and warrant that you have the right to disclose the personal data to the Association for such purpose.
As soon as the conditions warranting the lawful processing or disclosing of the data cease to exist, the Association shall immediately act for the deletion of the personal data from the database, and shall notify you about such deletion upon request.
- Transfer of Data to Third Countries
Personal data may be required to be transferred to third countries during the performance of the services ordered by you as in certain cases the employees, service providers, sub-contractors of Association members are not located in EEA Member States and they perform the services ordered from such third party locations. In such cases data shall be transferred in compliance with Chapter V of the GDPR if the criteria stipulated there are met (e.g. the adequacy decision of the Commission, standard data protection clauses, binding corporate rules).
- Data Security
Data received by the Association during processing, including data stored both in the electronic information system and also on traditional printed media shall be processed with the utmost care and attention as strictly confidential, and the Language Service Provider shall undertake all lawful technical and organisational measures to protect them in particular against unauthorised access, alteration, transfer, disclosure and other types of infringement as well as deletion or destruction, and also against accidental destruction.
As part of the organisational measures, physical access is monitored at our premises, our employees regularly receive training and the printed documents are locked away under due and proper protection.
The closed IT system of the Association provides adequate protection for processing the data in the electronic information system. Our data controllers and partners ensure the same protection for the data as that ensured by the Association, and data are used by them strictly for the purpose for which they are intended. The data processed are accessible to people authorised to access them, the authenticity and certification of the data are ensured, the data remain unaltered, and the data are protected against unauthorised access.
The Association has technical and organisational measures in place to ensure the security of the data which provides an adequate level of protection against risks arising in connection with processing. We have implemented standard technological and operational security solutions to prevent the loss, alteration, destruction or misuse of identifiable personal data. We use our best endeavours to ensure the protection of the personal data processed by the Association through appropriate confidentiality undertakings as well as technical and security measures. Personal data may only be accessed by employees holding appropriate authorisation and accepting confidentiality, and also by controllers authorised to do so.
Please note that we undertake no full liability for the confidentiality, intactness and availability of the data transfer performed through our website since such are not only within the control of our Association. We comply with strict regulations regarding the data received in order to ensure the security of your data and to prevent unlawful access.
By using the services of the Association and by providing us with your email address you consent to the Association sending professional and other Association related information and notices to the email address provided in the form of newsletters. Subscription to newsletters is voluntary and it may be withdrawn at any time via the link indicated in the newsletter or in a reply email.
The Association will create a database of the data of the persons providing their corporate contact details as contact persons (company name, name, position, company email address), and the organisations listed in the database will receive (to the company email address of the contact persons) regular newsletters regarding topics selected by them and other issues the Association may consider to be of interest to them. The contact details provided during subscription are stored by the customer management system of the Association, they shall be kept confidential, not be disclosed and/or transferred to unauthorised persons.
Newsletters are not targeted to the contact person as a private individual, rather to the organisations they represent, i.e. to you. Furthermore, the data provided, stored and processed in connection with the above processing shall not be stored and processed as the personal data of the contact person as a private individual, but as data used for communication with you, thus in such cases no personal data are processed.
The Association reserves the right to exclude anyone at any time from newsletter subscription. If you have provided us with an email address that is not a company email, the subscription and the data are deleted by the Association immediately upon it becoming aware of this fact, and the relevant organisation or contact person will be excluded from newsletter subscription.
The data are processed by the Association until the data subject requests the deletion thereof.
During the performance of the newsletter services, newsletters are sent by a third party contracted by the Association, therefore contact details are transmitted to such third party. The company providing newsletter services shall keep the data confidential, it shall not disclose or transfer them to unauthorised third parties, otherwise processing shall be governed by the information document of such third party.
- Mailing List
The Association has a mailing list for members based on which the names and e-mail addresses of its member language service providers, or in certain cases the employees, contractors or other contracted partners of such language service providers, are processed.
- Social Media
The Association operates a social media page for the purpose of promoting and marketing its products and services. Communication on the social media page of the Association shall not be a fact that creates a right or obligation; it is not used to conclude any agreements or request quotes.
The Association shall not process the personal data published by visitors on the social media page of the Association. Terms and Conditions of Data Protection and Service of the social media site shall apply to the visitors.
If unlawful or illegal content is published on the page, the Association may without prior notice delete the data subject as a member, or remove the comment. The Association shall not be liable for any infringing content and comment published by the users of the social media site. The Association shall not be liable for any defect, breakdown caused by the operation of the social media site or problems arising from a change in the operation of the system.
The Association operates a webshop for certain services provided by it. The personal data provided during the use of the website shall be treated by the Association as confidential, and they shall not be disclosed to third parties, unless such disclosure to a sub-contractor (e.g. courier) is required for the delivery of the order.
Technical information is recorded during the browsing of the webshop for statistical purposes. (IP address, duration of visit, etc.). Such data are only disclosed by the Association to the authorities if disclosure is legally reasonable and substantiated. Data recorded during making an order are used by the Association to perform the order. The details of the invoice issued by certain IT systems from orders placed in the webshop are recorded and stored together with the data provided in the process of ordering, but only for the period stipulated by the Accounting Act in effect. The data provided when subscribing to the newsletter while browsing or registering to the website, are processed by the Association as confidential, you may unsubscribe from our newsletter by contacting us at any of the contact details specified.
- Data Subjects’ Rights Related to Processing
- Request for Information
Data subjects may request information concerning the personal data provided by you and processed by the Association, the sources thereof, the purpose, legal basis and duration of processing, the name and address of the data processor and its activities relating to data processing and, in the case of data transfer, the legal basis and the recipients of data transfer.
Request for information is only complied with by the Association in person for the protection of the data subjects’ data. To this end, a request for information may be delivered to the Association in writing by post in the form of a private document with full probative force, in email or fax, with the required identification data indicated. The Association shall provide the requested information within the shortest time possible, but no later than 30 days, with a notice served to the address provided by the data subject.
Please note that information on one single dataset is provided free of charge once a year, but the Association may charge a certain fee for all further information provided.
If the data subject notifies the Association, with the personal data specified, that the personal data processed are inaccurate, or if the Association otherwise becomes aware of the inaccuracy of the personal data and the correct data, the Association shall rectify the relevant personal data. The Association shall notify the data subject about the rectification or about the request for rectification being dismissed upon request.
- Deletion or blocking
Data subjects may have the right to request that their personal data be deleted or blocked. Personal data are blocked if, based on the information available, it is assumed that deletion would violate the legitimate interests of the data subject. The personal data thus blocked may only be processed by us as long as the purpose of processing that precluded the deletion of the personal data prevails. A notice of the deletion or blocking, or a notice of our dismissal of the request for deletion/blocking shall be delivered to them upon request.
If the accuracy of a personal data item is contested by the data subject and its accuracy or inaccuracy cannot be ascertained beyond doubt, the Association shall tag that personal data item for the purpose of referencing.
Data subjects have the right to object to the processing of their personal data, with the exception of statutory processing,
- if processing or transfer of the data is required only for performing a legal obligation of the Association or is necessary for the enforcement of a legitimate interest of the Association or a third party;
- if their personal data are used or transferred for the purpose of direct marketing, public polling or scientific research provided that the data subjects did not consent to it; or
- in all other cases stipulated by the law.
Objections shall be considered by the Association as soon as possible, but not later than 15 days after the submission of the request; a decision shall be adopted and delivered in writing to the applicant on the substantiated nature of the objection.
If the objection proves to be substantiated, the Association shall cease the processing of those data, including the recording of further data and data transfer, the data shall be blocked and a notice of the objection and the measures taken pursuant to it shall be delivered to everyone who previously transferred the personal data affected by the objection, and such persons shall act to ensure the enforcement of the right of objection.
- Data portability
Data subjects shall have the right to receive the personal data concerning them, which they have provided, in a structured, commonly used and machine-readable format, and they have the right to transfer those data without hindrance from us if processing is based on the consent of the data subjects and their personal data are processed in an automated manner.
- Refusal of cooperation in relation to direct marketing
Data subjects may at any time refuse to cooperate in relation to so-called direct marketing letters, without any further justification. In this regard, data subjects have the right to refuse or prohibit the inclusion of their name in communication and marketing lists, the use of them for direct marketing purposes or for any other specific purpose within that and the disclosure of their name to third parties.
- Reporting Data Change
You have the right and also the obligation to report all changes in your data processed by the Association within 15 days. You shall be held fully liable for consequences arising from the failure to do so.
- Withdrawal of consent
If the legal basis of processing is your consent, you may at any time withdraw your consent, in which case the withdrawal of your consent to processing does not affect the legal basis of processing prior to such withdrawal. If the legal basis of processing is only and exclusively your consent, upon the withdrawal of the consent we shall cease to process your personal data and the data shall be deleted from all our records.
- Right to Remedy
Complaints related to the protection of personal data and enquiries related to processing may be submitted by data subjects to the Hungarian National Authority for Data Protection and Freedom of Information (1125 Budapest, Szilágyi Erzsébet fasor 22/c, mailing address: 1530 (Budapest), Pf.: 5), and data subjects may file action for remedy with a court.
- Limitation of Rights
In exceptional cases, the rights above may be limited subject to certain legal provisions, in particular for the protection of data subject’s or third party rights.
The Association may only and exclusively disclose data contrary to your data processing declaration at the request of the bodies authorised by the law and in the cases stipulated by the law.
- Managing Data Breaches
In order to prevent and manage data breaches and to comply with the applicable legal regulations, the Association shall log access and attempted access in its IT systems and it shall regularly analyse and monitor them.
Should Association employees authorised to monitor identify data breaches during the performance of their tasks, they shall immediately notify the chairman of the Association thereof.
Employees of the Association shall report to the chairman of the Association or the person exercising the employer’s rights if they become aware of data breaches or events suggesting such data breaches.
Data breaches may be reported to the Association at the email address and telephone number stipulated in Clause 2 which the employees, contracting partners, data subjects may use to report the underlying events or security weaknesses. When a data breach is reported, the Association shall immediately investigate the report, during which it shall identify the breach and decide whether it is an actual breach or a false alarm.
Upon the occurrence of a data breach, the relevant systems, persons and data shall be identified and separated, and the Association shall collect and retain the evidence underlying the occurrence of the breach. The Association shall then start remedying the damage and restore lawful operation.
The Association shall keep records of all personal data breaches. These records shall contain:
- the categories of personal data concerned;
- the categories and number of data subjects affected by the personal data breaches;
- the time of personal data breach;
- the circumstances and effects of personal data breach;
- the actions taken to remedy the personal data breach;
- other data stipulated by the law requiring processing.
Data pertaining to personal data breach recorded in the documentation shall be retained for 5 years.
- Other Provisions
The Association reserves the right to unilaterally amend this data processing information document at any time. We shall send you written notice in plain language informing you about all changes in the information document, delivered to one of the contact details provided, and we shall obtain consent as required.
Should you have any questions or comments, please do not hesitate to contact us using any of the contact details indicated herein.