Privacy policy

Information on the data management provided on the webpage of BORSODI MŰHELY Kft. and BORSODI FÉMMEGMUNKÁLÓ Kft. www.borsodimuhely.hu

 

1. Aim of the information:                                                          

Borsodi Műhely Kft./ 9027 Győr, Juharfa str.8. and BORSODI FÉMMEGMUNKÁLÓ Kft. 9027 Győr, Juharfa str. 8. Plant 9700 Szombathely, Varasd str.20. hereinafter referred to as Company perform its data processing-related activity in accordance with Act CXII of 2011 on the  Informational Self-Determination and Freedom of Information / Info act /, as well as meeting the rules of EU 2016/679 General Data Protection Regulation. The aim of this information is to provide information for the prospective employees visiting the career page of the Company about the data processed in the career page, as well as about any other activity arising in connection with data processing. The definitions contained in this Information are identical with those defined in EU 2016/679 General Data Protection Regulation.

 

2. Definitions:

  1. data subject: any national persons identified or identifiable on the basis of any information

    1.a identifiably natural person: identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

  2. personal data: any information relating to the data subject
  3. special data: any data belonging to the special categories of the personal data, revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation

    3a. genetic data: any personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question
    3b. biometric data: personal data resulting from specific technical processing relating to the physical, physio­logical or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data
    3c. data concerning health: personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status;

  4. personal data concerning criminal status: personal data generated during the criminal procedure or previously in connection with  the crime or the criminal procedure by the authorities entitled for holding criminal procedures and investigating crimes, the personal data generated by the   penal authorities that can be connected with the data subject, as well as personal data on criminal records;
  5. data of public interest: any information or knowledge managed by authorities or private persons performing national or local administration services or other public services provided by law, generated in connection with their activities or relating to performing their public services, not belonging to the definition of personal data, recorded in any way or form, irrespective of the way of their management, individual and collective alike, including especially the data for power, competence, organizational structure, professional activity including also the evaluation  of their effectiveness, data for the possessed kinds of data, the legislation regulating the operation, as well as for the management and the concluded contracts;
  6. public data in the public interest: any data not belonging to the data of public interest, the publicity, visibility or availability of which is specified by law in the public interest;
  7. consent: any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her
  8. objection: statement of the data subject expressing objection to the processing of his or her personal data, and requesting the  termination of the data processing and/or the deletion of the processed data;
  9. controller: the natural or legal person or any organisation not having legal personality, who or which – within the frameworks provided by law or the compulsory legal act of the European  Union – alone or jointly with others, determines the purposes of the processing of data, brings and performs the decisions for data processing (including the applied means) or has them performed by the data processor;
  10. data management: any operation or set of operations which is performed on the data, irrespective of the applied means , specially including collection, recording, organisation, storage, adaptation or alteration, use, retrieval, transfer, dissemination disclosure by transmission, or otherwise making available, alignment or combination, restriction, erasure or destruction, and hindering the further use of the data, making photo, sound or picture recording, as well as recording physical characteristics suitable for identifying the person (e.g. finger or palm print, DNS-patters, iris pictures)  

    10a. data management for the purpose of law enforcement: data management  performed by the authority or  a person – in their tasks and competence determined by the legislation - aimed at avoiding or preventing the dangers threatening the public order or the public security, enforcing the law, investigating crimes,  performing criminal procedures or taking part in such procedure, preventing and investigating offences, as well as performing infringement procedures or participation in such procedures,  and performing the execution of the legal consequences determined in the criminal procedures or the infringement procedures (hereinafter referred to as an organization performing data processing for the purpose of law enforcement) within the framework and for the purpose of such activity – including the processing of personal data for archival, scientific, or historical purposes (hereinafter referred to as law-enforcement purposes)
    10b. data management for the purpose of national security: data management performed in the role and competence by the public security services in the role and competence specified by law;
    10c. data management for the purpose of defence: data management belonging to the competence of the Act on the data management of armed forces. 

  11. data transfer: disclosing the data for a specified third person;

    11a. indirect data transfer: transferring the personal data to a data processor performing data processing activity in a third country or in the framework of an international organisation;
    11b. international organisation: an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries.

  12. disclosure: making the data available for anybody;
  13. data deletion: making the data unrecognisable by making the restoration no longer possible;
  14. data designation: rendering identification sign to the data, for distinction purposes;
  15.  restriction of processing: the marking of stored personal data with the aim of limiting their processing in the future;
  16. destruction of data: total physical destruction of the data carrier containing the data;
  17. data processing: performing the technical tasks connected with the data processing activities, irrespective of the method and means applied for the execution, as well as of the location of the application, provided the technical task is performed on  the data;
  18. data processor: the natural or legal person or any organisation not having legal personality who/which processes personal data  - within the frameworks provided by law or the compulsory legal act of the European  Union;
  19. data owner: the organisation performing public task that produced the data of public interest to be published compulsorily in an electronic way; such data were generated in the course of its activity;
  20. informant: the organisation providing public tasks which – in case the data owner does not publish the data itself – publishes the data provided to it by the data owner in a homepage;
  21. data records: the total data managed in one register;
  22. third person: a natural or legal person, or an organisation not having legal personality other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
  23. EEA-state: member state of the European Union and another state involved in the treaty on the European Economic Area, as well as the state the citizen of which enjoys identical legal status with the citizen included in the treaty on the European Economic Area, based on the international treaty between the European Union and its member states as well as the state not included in the treaty on the European Economic Area;
  24. third country: any states except EEA-states;
  25. compulsory organizational regulation: compulsory internal data protection regulation for the controller or the group of controllers accepted by a controller or a group of controllers pursuing activities in several counties, but at least in one EEA-state, and approved by the National Authority for Data Protection and Freedom of Information (hereinafter referred to as Authority), ensuring the protection of the personal data by way of unilateral commitment of the controller or group of controllers, in case the data are transferred to third countries;
  26. data protection incident: injury of data safety resulting in accidental or unlawful loss, modification, unlawful transfer or disclosure of the transferred, stored or otherwise processed personal data, or unlawful access to them;  
  27. profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
  28. recipient:  the natural or legal person or any organisation not having legal personality for whom/which the controller or the data processor discloses the personal data;
  29. pseudonymisation: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

3. Basic principles relating to personal data handling:

The data must be managed at the Company lawfully and fairly, connected to a target, in data-sparing manner, exactly, with limited storability, in a confidential manner, in an eligible and - for the data subject - in a transparent manner.   

Personal data:

  • may be collected only for a specified, unambiguous and lawful purpose
  • may be managed only in consistence with these purposes
  • should be appropriate and relevant
  • should be limited to the necessary minimum
  • should be exact and – if necessary – up-to-date
  • should be stored in a way that makes the identification of the data subjects possible only for the period needed for the purpose of processing the personal data
  • should be managed by insuring the adequate safety of the data, including the unauthorised or unlawful management, the loss, and the protection of the data against incidental loss, destruction or damage.

4. Data management on the career page:

The purpose of the data management on the career page: The Company operates a career page with the aim of providing information about the actual job offers that can be filled in. On the career page the applicants may fill up their C.V.  and other data connected with the job search. For filling up the C.V. on the career page, the data protection declaration contained on the homepage should be accepted.

Categories of the managed data: Name, email address, and other personal data contained in the C.V. filled up when filing the application. The Company does not store any special data/criminal personal data while managing the C.V., and the Company will immediately cancel any such data if contained in the C.V. filed through the career page.

Legal basis for the data management on the career page:   the applicant’s voluntary consent - by accepting the data management information – based on point a. paragraph (1) article 6 of EU 2016/679 General Data Protection Regulation.  

Time period of the data management on the career page: Until the applicant withdraws his or her consent, but maximum one year counting from the arrival of the C.V. The applicant may withdraw his or her consent to the storing of the C.V., at any time, at the contacts provided in the Data Safety and Data Protection regulation.

Processing the data for the data processor: Does not take place

Circle of the persons entitled for access to the data: Persons entitled for representing the Company, the employees of the Human Resources Department, and the data protection clerk.  


5. Operation of a contact point:

The fact and the purpose of the data collection: The Company operates a contact point on its webpage www.borsodimuhely.hu, with the purpose of making contact with the prospective partners. For activating the contact point, the data protection declaration contained in the homepage should be accepted.

Circle of the data subjects: Visitors giving their consent on the webpage, through the contact point

Circle of managed data: Date, time, e-mail address, telephone number, the contents of the message.

Legal basis of the data management: the applicant’s voluntary consent - by accepting the data management information – based on point a.) paragraph (1) article 6 of EU 2016/679 General Data Protection Regulation

Time period of the data management: Until the voluntary consent is withdrawn.

Processing the data for the data processor: Does not take place

Persons of the controllers entitled access to the personal data, and the recipients of the personal data:  The persons entitled for the representation of the Company, the responsible person for data protection, as well as the employees of the Secretary may manage the personal data revealed during the registration.


6. Application of a customer satisfaction questionnaire:

The fact and the purpose of the data collection: On its webpage www.borsodimuhely.hu the Company published a questionnaire suitable for the assessment of the so called customer satisfaction, with the purpose for the Company of the continuous improvement of the quality of its products and services.

Circle of data subjects: Buyers/customers of the Company.

Circle of managed data: Name, telephone number, email address of those filling in the questionnaire, as well as the name of the legal person.

Legal basis of the data management: the applicant’s voluntary consent - by accepting the data management information – based on point a.) paragraph (1) article 6 of EU 2016/679 General Data Protection Regulation

Time period of the data management: Until the voluntary consent is withdrawn.

Processing the data for the data processor: Does not take place

Persons of the controllers entitled to access to the personal data, and the recipients of the personal data:  The persons entitled for the representation of the Company, the responsible person for data protection, as well as the employees participating in the data processing may manage the personal data revealed during the registration.


7. The use of Google Analytics:

  • During the operation of the webpage the controller uses Google Analytics application, which is the web-analytic service of Google Inc. („Google”). Google Analytics applies so-celled „cookies”, text files saved on its computer, facilitating thereby the analysis of the webpage visited by the User.
  • The information produced with the cookies, connected with the webpage used by the User, generally arrives and is stored in one of the Google servers in the USA.By activating the IP-anonymization on the webpage, Google shortens the IP address of the User previously, within the member states of the European Union or in other member states involved in the treaty on the European Economic Area.
  • Transferring the full IP-address to the Google server in the USA and performing the shortening there happens only in exceptional cases. Based on the mandate of such webpage, Google will use the information for evaluating the way the User used the homepage, as well as for making reports for the user of the webpage regarding the activity of the homepage, and to render further services connected with the use of Internet.
  • Google - within the framework of Google Analytics - does not reconcile the IP-address forwarded by the browser of the User with any other data of Google. The User can prevent the storing of the cookies by the appropriate setting of its browser. By downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout?hl=hu the User can prevent Google from collecting and processing the User’s data related to the use of the webpage by the cookies (including also the IP-address).     


The data protection clerk is: Dr. Erős László Péter. E-mail: info@dreroslaszlo.hu Phone: +36 30 650 1718

Amendment, publication: The Company reserves the right to modify this information unilaterally for the future.  The employees will be informed about the modifications in the locally usual way / intranet, internal newsletter /.

Remedies:

Based on the data safety and data protection regulation of the Company, the data subject may request access to his or her personal data, the correction of the data, the limitation of managing the personal data, and also entitled for portability of the personal data, and – except for the data management obligation prescribed by law - to file a claim for deletion, at the contacts contained in the Information.

The Company will serve notice about the measures taken in connection with the requests relating to data management, within one month from receiving the request.   This deadline can be extended by 2 months, in case of a justified reason. The Controller will serve notice about the extension of the deadline within one month from receiving the request, specifying the reasons of the delay.  In case the Company does not take measures in response to the request of the person involved in the data management, then – without delay, but not later than within one month from receiving the request - it will serve notice about the reason of not taking measures, and how to lodge complain with the supervisory authority and with the court.   

The involved person can initiate the access to the data, their deletion and modification, the portability of the data or the limitation of their processing, the protest against the data processing in the following ways:

  • By mail to the address of BORSODI MŰHELY Kft., 9027 Győr, Juharfa str. 8.
  • By e-mail to the address of info@borsodimuhely.hu
  • By telephone to the telephone number of +36 96 529 071
  • Dr. Erős László data protection officer: info@dreroslaszlo.hu

The involved person can make a statement/can contact the following authorities in case of a breach of his/her rights or for comment:

  • The Győr General Court competent according to the registered offices of the Company as data controller,  or the General Court competent according to the home address of the involved/reporting person, or the General Court competent according to the place of residence of the involved/reporting person.

    The competent courts are available at https://birosag.hu/birosag-kereso.
     
  • Nemzeti Adatvédelmi és Információszabadság Hatóság (National Data Protection and Freedom of Information Authority): 1055 Budapest, Falk Miksa str.. 9-11. (Mail address: 1363 Budapest, Pf. 9.)

I have read the information for data management, and I give my consent to my personal data be processed.