In its activities, DAM Invisible Technology Plc. pays special attention to the protection of personal data and compliance with mandatory legal provisions. DAM Invisible Technology Plc. takes particular care of the principles of fairness, transparency and purpose limitation, data economy, accuracy, limited storage, integrity and confidentiality, and accountability.
I. The data manager
Name: DAM Invisible Technology Plc.
Registered office: 64. Budaörsi Road, 1118, Budapest, Hungary
Postal address: 64. Budaörsi Road, 1118, Budapest, Hungary
E-mail address: firstname.lastname@example.org
Central telephone number: (+36-1 666 3 777)
II. Interpretative provisions
The person concerned: any natural person identified on the basis of specific personal data and any natural person who can be identified directly or indirectly.
Personal data: any information relating to the person concerned. A natural person who can be identified (directly or indirectly) in particular by reference to an identifier such as name, number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data managing: any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not automatised, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, usage, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or annullation.
Data manager: the natural or legal person, public authority, agency or any other organisation, which alone or jointly with others determines the purposes and means of the managing of personal data. Where the purposes and means of the managing are determined by the EU or Member State law, the law may also determine the manager or the specific criteria for the designation of the manager.
Data manager: the natural or legal person, public authority, agency or any other organisation that manages personal data on behalf of the Curia.
Consent of the person concerned: aa freely given, specific, informed and unambiguous indication of the person concerned's wishes, by which the person concerned signifies, by a statement or by an act unambiguously expressing their consent, that they give their consent to the processing of personal data concerning them.
Data protection incident: a damage of security that results in the accidental or unlawful destruction, annullation, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise managed.
IP address: a unique network identifier used to identify devices that use the TCP/IP network protocol to access the Internet. Every IT device connected to the Internet has an unique IP address through which it can be identified.
Cookie: a data package (file) that is generated by the web content server and passed to the web browser. Cookies may contain information about searches made on a particular internet server, information provided which is also stored on the server. The primary purpose of the use of the cookies is to store user profile information which is primarily used to store the user's preferred settings so that the they can access the website in the way they are used to.
Cookies are stored by the browser program in a separate directory on the devices used by the person concerned (computer, tablet, smartphone, etc.). The cookie uniquely identifies and allows the web server to recognize the user and the device used by them on the Internet. The GDPR also enlist cookies and other identifiers placed on the device used by the user as personal data.
Web beacons (web bugs): :invisible images on websites or in emails that enable the tracking and measurement of actions taken by users (e.g. opening a newsletter, clicking on URLs (links), etc.). Web beacons are commonly used together with cookies to provide additional information for profiling users online.
Internet profiling: any form of automated processing of personal data by web servers in which personal data are used to evaluate the characteristics of a natural person. It may contain information, findings and conclusions about the user's interests, activities on the Internet and the data they provide there. In certain cases, it may benefit the user, as individual websites may be presented in a way that they prefer, making information available that is likely to be of interest to them, but which may also be open to abuse (e.g. measuring work activity, using information about health, travel).
Objection: a statement by the person concerned objecting to the processing of their personal data.
Supervisory Authority: an independent public authority established in accordance with Article 51 of the GDPR, in Hungary it is the National Authority for Data Protection and Freedom of Information.
III. Legal basis for managing
The provisions of Article 6 of the GDPR.
If the company provides others’ data, they are obliged to obtain the prior consent of the person concerned, which DAM Invisible Technology Plc. assumes.
- Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR),
- Act CXII. of year 2011 on the Right to Informational Self-Determination and Freedom of Information,
- Act V. of year 2013 on the Civil Code (hereinafter: Civil Code),
- Act C. of year 2012 on the Criminal Code (hereinafter: Criminal Code),
- Act C. of year 2003 on electronic communications,
- Act C. of year 2000 on Accounting,
- Act CL. of year 2017 on the Rules of Taxation,
- Instruction No 18/2017 (XII. 20.) of the National Office for the Judiciary on the press information activities of courts and the National Office for the Judiciary.
IV. Purpose of data managing
The scope, purpose, legal basis and duration of the managing of personal data are set out in Chapter VIII.
V. Processors, persons entitled to access the data
Personal data must be processed by authorised employees of DAM Invisible Technology Plc.
VI. Rights and remedies of the person concerned in relation to data managing
1. Rights of the person concerned in relation to data managing
- The right to be informed
The person concerned may request in writing to be informed by DAM Invisible Technology Plc. via the contact details provided in point I:
- which personal data,
- on what legal basis,
- for what purposes,
- from what source,
- for how long it manages them,
and to whom, when, under what law, to which personal data DAM Invisible Technology Plc. has granted access or transferred your personal data.
- The right to rectification
The person concerned may request DAM Invisible Technology Plc. to correct inaccurate personal data concerning them or, if compatible with the purposes of the managing, to extend personal data (e.g. changed e-mail address or postal address) in writing to the contact details provided in point I.
- The right to erasure
The person concerned may request in writing, via the contact details provided in point I, that DAM Invisible Technology Plc. delete any of their personal data. The request may not be granted if DAM Invisible Technology Plc. carries out mandatory personal data managing required by law.
- The right to restriction
The person concerned may request in writing, via the contact details provided in point I, that their personal data may be blocked by DAM Invisible Technology Plc. if one of the conditions set out in Article 18 (1) GDPR is met.
- The right to protest
The person concerned may object in writing, on grounds relating to their particular situation, to the managing of their personal data using the contact details provided in point I.
The person concerned may submit a request in writing to enforce the above rights, which DAM Invisible Technology Plc. will examine within 25 days of delivery, or without delay in the case of a request for rectification. If the legitimacy of the request of the person concerned can be clearly established, DAM Invisible Technology Plc. will take the necessary action and will inform the person concerned of this in the same way as the request (electronically or on paper). If the request cannot be complied with, it will decide to reject it and will notify the person concerned by means of a reasoned decision in the same manner as the request (electronically or on paper).
2. Available remedies to the person concerned
The person concerned may contact DAM Invisible Technology Plc. in writing with any information or questions regarding the managing of their personal data using the contact details provided in pont I. Following the request of the person concerned, DAM Invisible Technology Plc. will take the necessary measures within 25 days, or immediately in the case of a request for rectification. If no action is taken within 25 days of receipt of the request, DAM Invisible Technology Plc. shall inform the person concerned of the reasons for the failure to take action and of the possibility to lodge a complaint with the Supervisory Authority and to use their right to judicial remedy.
- Name and contact details of the Supervisory Authority
Title: National Authority for Data Protection and Freedom of Information (NAIH)
Registered office: 22/C Erzsébet Szilágyi Alley , 1125 Budapest, Hungary
Postal address: PB. 5., 1530 Budapest, Hungary
- Initiation of court proceedings
In the event of unlawful data processing experienced by the percon concerned, they may contact the Supervisory Authority or initiate a civil action against DAM Invisible Technology Plc. The Metropolitan Court of Budapest is competent to decide on the lawsuit. The lawsuit may also be brought – by the preference of the person concerned- before the court of their place of residence.
VII. Data security measures
DAM Invisible Technology Plc. takes appropriate measures to protect personal data against accidental or unlawful destruction, loss, alteration, damage, unauthorized disclosure or access.
DAM Invisible Technology Plc. regulates access to personal data managed on paper and in electronic form in such a way that only designated employees are entitled to access the data in order to achieve the purpose of the managing. DAM Invisible Technology Plc. has established specific levels of authorisation for the managing of personal data, firewalls IT systems and provides adequate virus protection.
Access to electronically managed personal data is logged by the software used, and a record is kept of the access and any transmission. Any data protection incidents are recorded by the Curia and reported to the Supervisory Authority within 72 hours.
VIII. Specific rules for certain personal data managing
Personal data managing related to the use of electronic messaging (e-mail)
The person concerned has the possibility to contact DAM Invisible Technology Plc. via the e-mail addresses on the website. In this case, DAM Invisible Technology Plc. will manage the e-mail address received.
If the e-mail contains other personal data, the communicator is obliged to obtain the prior consent of the person concerned, which DAM Invisible Technology Plc. assumes.
Data stored: name and e-mail address, which will be stored for 12 months, except where the person concerned specifies otherwise.
Personal data managing related to phone usage
The person concerned has the possibility to contact DAM Invisible Technology Plc. via the telephone numbers on the website. In this case, DAM Invisible Technology Plc. will manage the number used by the person concerned and then automatically delete it depending on the storage capacity. DAM Invisible Technology Plc. will not use the telephone number used by the person concerned for identification purposes. DAM Invisible Technology Plc. will not disclose the personal data thus obtained to third parties, except for requests based on a legally authorised request.
Mananging of personal data in connection with applications for vacancies advertised by DAM Invisible Technology Plc.
DAM Invisible Technology Plc. job vacancies can be filled by application or advertisement.
In the case of an application for a job or a job advertisement, DAM Invisible Technology Plc., as the data manager, manages the personal data contained in the CV and cover letter of the applicant (the person concerned) in paper format.
The legal basis for the personal data managing is the consent of the person concerned, which DAM Invisible Technology Plc. considers as given by the application for a job or job advertisement, and the fulfilment of the legal obligation of DAM Invisible Technology Plc.
DAM Invisible Technology Plc. will not disclose the data of the person concerned to third parties.
Data management of the IR:IS mobile application owned by DAM Invisible Technology Plc.
This notice summarizes how and for what purpose the data manager collects and uses the personal data of the users of the Android and iOS-based IR:IS smartphone application (hereinafter referred to as the Application) operated by the data manager.
Users: the users of the Application developed by DAM Invisible Technology Plc. are strictly the employees and contracted partners of DAM Invisible Technology Plc. The application stores the following personal data provided by them:
- E-mail address
- Phone number
The purpose of our data management is to provide the services available in the IR:IS mobile application, to support the software and services we distribute and to enable us to contact our customers.
The application stores personal data until the formal termination of the employment relationship or contract. The personal data provided will never be used for purposes other than those mentioned above. The disclosure of personal data to third parties is only possible with your prior explicit consent.