• Air Cargo RFS
  • Guaranteed security
  • Certification
  • International transport

Privacy Policy

PRIVACY POLICY OF PREVOST HUNGÁRIA KFT

 

DEFINITIONS USED IN THE PRIVACY POLICY

 

The definitions used in the privacy policy comply with the definitions defined in the Privacy Act and the GDPR and their interpretation. The policy uses the following definitions of Section 4 of the GDPR:

-          “Personal data”: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

-          “Processing”: any operation or set of operations that is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

-          “Restriction of processing”: the marking of stored personal data with the aim of limiting their processing in the future.

 

-          “Controller”: the natural or legal person, public authority, agency or other body that, alone or jointly with others, determines the purposes and means of processing personal data.

 

-          “Processor”: a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

 

-          “Recipient”: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.

 

-          “Third party”: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons that, under the direct authority of the controller or processor, is authorised to process personal data.

 

 

-          “Consent of the data subject”: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 

-          “Supervisory authority”: an independent public authority that is established by a Member State pursuant to Article 51 of the GDPR.

 

-         “Personal data breach”: a breach of security leading to the accidental or unlawful destruction, loss, alteration or unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

 

PRINCIPLES RELATING TO PROCESSING PERSONAL DATA

 

At the Company, personal data are processed on the basis of the following principles:

-          The Company shall process the data lawfully, fairly and in a transparent manner in relation to the data subject. To this end, it shall disclose the data protection rules applied in the Company’s business and internal processes to the customers and employees by the General Privacy Policy and specific privacy policy attached to several documents. (“principle of lawfulness, fairness and transparency”)

 

-          Personal data shall only be collected for explicit and legitimate purposes and further processed only in a manner compatible with these purposes. (“principle of purpose limitation”)

 

-          The processing shall be adequate, relevant and limited to what is necessary in relation to the purposes. (principle of data minimisation”)

 

-          The processed data shall be accurate and kept up to date in the entire workflow; therefore the Company shall take every reasonable step to ensure that any inaccurate personal data are rectified or, where necessary, erased as soon as possible. (“principle of accuracy”)

 

-          The Company shall process personal data for no longer than it is necessary for the purposes or than the legal basis exists, except in the case when further processing is required by law. (“storage limitation”)

 

-          The Company shall ensure the security of the processed personal data against personal data breaches using appropriate technical and organisational measures. (“principle of integrity and confidentiality”)

 

-         The Company shall be responsible for, and be able to demonstrate the compliance of the data security rules and the processing practices based thereon with the regulations of the Privacy Act and GDPR. (principle of accountability”)

 

LEGAL BASIS OF DATA PROCESSING USED BY THE COMPANY

 

The legal basis of the Company’s personal data processing are the following:

-          Voluntary and explicit consent of the data subject.

-          The processing is based on legislative provisions.

-          The processing is necessary for the performance of a contract, to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

-         The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data. In these cases, the Company shall always carry out the necessary risk analysis and shall decide on the processing based on the results of the analysis.

 

ENSURING THE RIGHTS OF DATA SUBJECTS

 

The Company shall pay particular attention to informing the data subject accurately and clearly on every relevant circumstance concerning the processing of their personal data, in particular:

-          identity of the Company as controller and possible processor,

-          name and contact details of the Company’s representative,

-          the purpose and legal basis of personal data processing,

-          if the legal basis is based on the consent of the data subject, it shall be obtained; if the legal basis is a legislative provision, it shall be disclosed to the data subject and if the legal basis is the legitimate interest of the controller or a third party, the data subject shall be informed of

-          the recipients of the personal data, where it is transmitted,

-          the period of personal data processing,

-           the rights and legal remedies concerning personal data processing,

-          if the personal data are not obtained from the data subject, in addition to the foregoing, they shall be informed of the source from which the Company obtained the personal data and whether the source was openly accessible.

 

If the Company obtained the data from the data subject, it shall provide information at the commencement of data collection. If the data collection is derived from other sources, the Company shall inform the data subject within a reasonable period - no later than within one month - from obtaining the data or upon the first contact with the data subject (“data subject’s right to information”)

 

The Company shall ensure that the data subject obtains confirmation as to whether or not personal data concerning them are being processed and of the purpose of processing in the given phase. The data subject has the right to receive information on all such questions, of which the Company shall inform them at the beginning of the processing. (“data subject’s right of access”)

 

The Company shall rectify, without delay, any inaccurate personal data concerning the data subject at the request of the data subject or upon its detection by itself. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed. (“data subject’s right to rectification”)

 

The Company shall erase the personal data concerning the data subject without delay if:

-          the purpose of personal data processing or the legal basis of the processing no longer exists,

-          the personal data have been unlawfully processed. (“data subject’s right to erasure - to be forgotten”)

 

The Company shall restrict the processing at the request of the data subject, if:

-          the data subject requests the correction of the personal data, for the period enabling the Company to verify the accuracy of the personal data,

-          the legality of the processing no longer exists but the data subject requests the restriction of data use and not their erasure.

If any personal data have been restricted at the Company, such data shall, with the exception of storage, only be processed with the data subject’s consent or for actions concerning legal claims or for the protection of the rights of another natural or legal person. (“data subject’s right to restriction of processing”)

The Company shall communicate any rectification, erasure of the personal data processed by him or restriction of processing to each recipient to whom the personal data have been disclosed to allow the recipients to implement the necessary measures concerning the data.

 

The Company shall ensure, at the request of the data subject, that they shall receive the personal data concerning them, and which they have provided to the Company in a structured, commonly used and machine-readable format and transmit those data at the request of the data subject to another controller specified by the data subject. (“data subject’s right to data portability”)

 

The Company shall ensure - where this does happen - that the data subject objects to personal data concerning them being used for direct marketing purposes. In this case, the personal data shall no longer be processed for such purposes. (“data subject’s right to object”)

 

The data subject shall have the right to lodge a complaint with the Supervisory Authority concerning the processing of their personal data by the Company, and have the right to a judicial remedy against the Company or the processor, if they consider that the processing does not comply with the provisions of the data protection legislation.

 

The Company shall take actions in connection with the request of the data subject concerning the personal data processing as follows:

-          as a general rule, the Company shall inform the data subject on the actions taken based on the request within one month from the receipt of request,

-          if it is justified by the complexity of the request or the large number of requests, the deadline may be extended by two months,

-          if the data subject submitted the request electronically, the Company shall respond electronically, unless otherwise requested by the data subject,

-          in the response, the Company shall draw the attention of the data subject to the available legal remedies,

-          if the Company has reasonable doubt concerning the identity of the person submitting the request, it may ask further confirmatory information to confirm their identity,

-         the Company provides the actions taken at the request of the data subject free of charge; however, if the request of the data subject is obviously unfounded or repeated several times, the Company may charge an administration fee or may refuse to take actions based on the request.

 

PROCESSING CONCERNING THE WEBSITE AND SOCIAL MEDIA SITES OF THE COMPANY

 

The Company applies short data files, cookies on its website, that are placed on the user’s computer by the website. The Company shall provide information on the cookies on the website and they are installed on their computer only in the event of the visitor’s explicit consent.

It is possible to send messages to the Company on the website of the Company.

The processed personal data:

-                   name of message sender,

-                   e-mail address.

The purpose of data processing:

-                   contact with customers.

Legal basis of data processing:

-                   voluntary and explicit consent of the data subject.

Recipients of data processing:

-                   the employees of the Company responsible for contact.

Period of data processing:

-        until the message is answered or the administration of the message is terminated.

 

The Company is present on Facebook in order to introduce and promote its activity and professional activity. The personal data disclosed by the visitors to the website are not processed by the Company. The privacy policy and terms of services of the social media site shall apply to the visitors.

In the event of disclosure of unlawful or harmful content, the Company may exclude the visitor from the website without prior warning or notice or may cancel their entry.

The Company does not take responsibility for data content and comments in breach of the law that have been published by the users of the social media site. Furthermore, the Company does not take responsibility for any error resulting from the operation of the social media site or problems resulting from the operation of the system.

 

PROCESSING CONCERNING JOB APPLICANTS

 

Acting in this function, the Company shall process the personal data of natural person job applicants.

The processed personal data:

-          name of natural person,

-          date of birth,

-          place of birth,

-          mother’s maiden name

-          address,

-          qualifications,

-          telephone number,

-          e-mail address,

-          data relevant to the job application.

Purpose of processing: application, assessment of application, awarding the job.

Legal basis of processing: voluntary and explicit consent of the data subject.

Recipients of data: the Company’s manager responsible for exercising employer’s rights.

Period of processing: application, until the assessment of the application. The personal data of applicants not selected shall be deleted and the same shall apply to the personal data of any applicant who withdraws their application during the application period.

After the end of the recruitment period and the publication of the results, the Company may process the personal data of the applicants only with their voluntary and explicit consent. The Company shall ask for the consent in a notice sent on the closure of the recruitment procedure, giving a reasonable deadline for the response. The reasonable period of further processing shall be specified in this notice. If the data subject does not respond to the letter or does not give consent to the further processing, the Company shall delete their personal data.

 

PROCESSING CONCERNING INDIVIDUALS IN A CONTRACTUAL RELATIONSHIP WITH THE COMPANY AND SELF-EMPLOYED PERSONS

 

The processed personal data:

-                     name of the contracted or self-employed person,

-                     permanent address of the contracted person or registered address of the self-employed person

-                     taxpayer identification number of the contracted person or tax number of the self-employed person,

-                     registration number of the self-employed person,

-                     amount of remuneration,

-                     bank account number.

Purpose of personal data processing: conclusion and performance of the contract.

Legal basis of the personal data processing: applicable provisions of the Civil Code.

Recipients of the personal data: managing director of the Company, employee responsible for accounting and taxation.

Period of personal data processing: 5 years after the termination of the contract, 8 years for the accounting data.

At the conclusion of the contract, the Company shall inform the contracting natural person of the purpose, legal basis, expected duration of the processing, on the transmission of data to the processor and that detailed information about the data protection rules of the Company is available in the privacy policy published on the website.

 

PROCESSING OF THE DATA OF NATURAL PERSON REPRESENTATIVES OF LEGAL PERSON CUSTOMERS RECORDED IN THE CONTRACT

 

The processed personal data:

-                     name of natural person,

-                     telephone number,

-                     e-mail address.

Purpose of personal data processing: conclusion and performance of the contract with the legal person customer of the Company, smooth business contact.

Legal basis of the personal data processing: applicable provisions of the Civil Code.

Recipients of the personal data: managing director of the Company, employee responsible for accounting and taxation.

Period of personal data processing: 5 years after the termination of the contractual relationship or the right of representation of the natural person, 8 years for the accounting data.

 

RULES OF CAMERA SURVEILLANCE APPLIED IN CLOSED AREAS OF THE COMPANY

 

The Company shall apply a camera system to its closed areas to enforce the requirements of property and occupational safety and to clarify the circumstances of any eventual accident.

Legal background of operating a camera system:

-                     Act I of 2012 on the Labour Code (hereinafter referred to as: Labour Code),

-                     Act CXXXIII of 2005 on the rules of personal and property protection activities and private investigation (hereinafter referred to as: Szvtv),

-                     Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter referred to as: Privacy Act),

-                     regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as: GDPR).

A separate camera policy contains the rules of operating the camera system.

 

RULES OF PROCESSING CONCERNING GPS TRACKING DEVICES APPLIED IN THE VEHICLES OF THE COMPANY

 

The Company applies GPS tracking devices in its vehicles to enforce the requirements of property and occupational safety.

Legal background of operating the GPS devices:

-                     Act I of 2012 on the Labour Code (hereinafter referred to as: Labour Code),

-                     Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter referred to as: Privacy Act),

-                     regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as: GDPR).

A separate policy contains the rules of operating GPS devices.

 

RULES CONCERNING PERSONAL DATA PROCESSED IN THE COMPANY’S ENTRY CONTROL SYSTEM

 

The Company is engaged in the road transportation of air cargo, therefore it operates under strict safety requirements according to the relevant international conventions and the requirements of domestic legislation. The strict safety rules include the entry to the area.

The Company’s employees having an entry card may automatically pass the entry gate - in respect of their entitlement. The data installed on the entry card may be different according to the entitlement. The entry data, if they are stored, shall be deleted after 6 months.

Personal data processed upon entry of employees not having a Company entry card:

-        name of entering person,

-        details of arrival.

The purpose of data processing: registration of entry.

Legal basis of the personal data processing: legal provisions specifying the security conditions of air cargo transportation.

Method of processing: electronic recording.

Recipients of the personal data: managing director of the Company, employees maintaining the Company security system.

Period of personal data processing: not more than 6 months according to the Labour Code.

 

Processed personal data of external persons (visitors) arriving to the Company:

-        name of the visitor,

-        number of document used to verify identity (identity card or passport),

-        date of arrival.

The purpose of data processing: registration of entry.

Legal basis of the personal data processing: legal provisions specifying the security conditions of air cargo transportation.

Method of processing: electronic and manual recording.

Recipients of the personal data: managing director of the Company, employees maintaining the Company security system.

Period of personal data processing: 24 hours after exit, pursuant to the Szvtv.

 

 

 

Who's online

We have 331 guests and no members online