POSeidon Solutions Ltd. (H-1131 Budapest, Rokolya street 1-13.) (hereinafter: POSeidon Solutions, service provider, controller) as controller informs you on its data processing practices related to the poseidonsolutions.com website and on your rights as data subject as follows.
POSeidon Solutions Ltd. is committed regarding the protection of personal data of its clients, employees and partners, and considers it extremely important to respect the rights of informational self-determination of its clients. POSeidon Solutions Ltd. processes the personal data confidentially and takes every security, technical and organisational measure that guarantees data security. You can request more information thereon from the Data Protection Officer via the contact details below.
POSeidon Solutions Ltd. reserves the right to alter this privacy notice in accordance with the effective legislation, but prior to this it expressly informs the data subjects of the data processing.
Based on Article 13 of the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and on repealing Directive 95/46/EC (“general data protection regulation” or “GDPR”), it informs the data subjects on the details of the data processing on its website (poseidonsolutions.com) as follows.
- Controller’s data and contact details
POSeidon Solutions Ltd. (reg. seat: H-1131 Budapest, Rokolya street 1-13.; comp. reg. no: Cg. 01-09-325855; tax no: 26355647-2-41, bank acc. no: OTP Bank 11705008-22530835, repr. by: György Kovács, hereinafter: Controller).
- Data Protection Officer
Data Protection Officer’s name: Dr. Balázs Bartóki-Gönczy PhD.
Contact details of the DPO: firstname.lastname@example.org
- Purpose of data processing
The purpose of data processing is the optimisation of Controller’s services, offering the most proper service to data subject, informing data subject on the news and services related to the Controller.
- The way of obtaining data
Disclosers of data may enter their personal data with their consent based on their free will on POSeidon Solutions Ltd.'s website if they are interested in our services or would like to request a service.
The visitors of the website may subscribe to the newsletter of the Controller upon their freely given consent.
- Handover of personal data to third parties
Personal data are not transferred to third parties with the following exceptions. Controller shall not carry out profiling, automated decision-making from gathered data.
Controller hands over the following data to Justice Security Ltd. (Reg. seat: H-1131 Budapest, Rokolya street 1-13.): data of those requesting consultation and subscribing to newsletters. Purpose of data processing agreement: contact with those requesting consultation, operation of the newsletter sending service.
Controller hands over data for data processing to BlazeAlerts Ltd. (Reg. seat: H-6090 Kunszentmiklós, Damjanich street. 36. 1/8) operating the website, who is unauthorised to use them for business purposes; its task is exclusively the IT operation of the website.
Controller hands over the following data to REISSWOLF Budapest Adat- és Dokumentumkezelő Ltd. (Reg. seat: H-1097 Budapest, Kén street 6.): data of those requesting consultation and subscribing to newsletters. Purpose of data processing agreement: destruction of media.
Controller hands over the following data to SUPER11 Creative Ltd. (Reg. seat: H-1118 Budapest, Homonna street 2-4.): data of those requesting consultation and subscribing to newsletters. Purpose of data processing agreement: continuous website development, operating newsletter sending service.
- Processed data
- Name of data subject;
- Email address of data subject;
- Phone number of data subject;
- Message typed in by data subject.
- Legal basis of data processing
The legal basis of data processing is data subject's consent to processing his/her data [(Section 6(1) a) of GDPR)].
- Safety of data processing
The IT systems and other data retention places of POSeidon Solutions Ltd. can be found at its seat, premises and the seat and premises of its clients and at the address of HW Stúdió Ltd. (H-6000 Kecskemét, Petőfi Sándor street 1. B).
POSeidon Solutions Ltd. chooses and operates the IT tools applied during the service provision for the processing of personal data that:
- the processed data shall be available to authorised persons (availability);
- its authenticity and authentication are provided (authenticity of data processing);
- its unaffectedness is justified (data integrity);
- the processed data is protected against unauthorised access (confidentiality of data).
POSeidon Solutions Ltd. protects data with proper measures particularly against unauthorised access, alteration, transfer, disclosure, erasure or destruction and destruction by accident, damage and unavailability due to the alteration of the applied technology.
POSeidon Solutions Ltd. provides with the proper technical solution for the protection of the set of data processed electronically in its various records that the stored data cannot be combined directly and assigned to the data subject – except if the law allows.
POSeidon Solutions Ltd., with regard to the current development of technology, provides technical and organisational measures for the protection of the security of data processing that offer a protection level appropriate for the risks arising in connection with data processing.
POSeidon Solutions Ltd. retains confidentiality during data processing:
- it protects information to allow only authorised persons to access them;
- integrity: it protects the accuracy and integrity of the information and the way of processing;
- availability: it provides access to the desired information when the authorised user needs it and makes available the related tools.
POSeidon Solution Ltd.’s IT system and network are protected against computer-assisted fraud, espionage, sabotage, vandalism, fire and flood and computer viruses, computer intrusion and denial-of-service attacks. POSeidon Solutions Ltd. provides security with protection procedures on server and application levels.
We inform our visitors that the electronic messages transferred via the internet are vulnerable irrespective of the protocol (email, web, ftp, etc.) to network threats that lead to dishonest activities, challenging of the contract or the disclosure and alteration of the information. For the protection from such threat the service provider takes every protective measure expected from it. It observes the systems in order to be able to record every security derogation and to have proof in the case of every security event. System observation also makes possible the control of the effectiveness of the applied protective measures.
- The period of data processing
The data in the database established based on the requests received via the website are immediately erased after the request of the client if there is no service between the client and the Company. In other cases the storage time of data is maximum 1 year.
In the case of subscribing to a newsletter we process the data in the database after the subscription of the client until the data subject's objection to the processing of his/her personal data or unsubscription from the newsletter.
- Information on the data subject’s rights
The data subject whose right or legitimate interest is affected by video recording may request from the controller by justifying his/her right or legitimate interest not to destroy the recording or not to erase it until the request of the court or authority but maximum until 30 days. The person appearing in the recording may also request the controller to inform him/her in writing on what is seen on such recording. Data subject may only get a copy of a recording on which others do not appear or only unrecognisably. If those above cannot be fulfilled, the controller makes it possible for the data subject to watch the recording containing him/her (too).
Data subject may request information on the processing of his/her personal data and may request the rectification thereof, and except for the obligatory data processing, the erasure, withdrawal thereof, the limitation of data processing, and may exercise data portability and objection rights at the controller.
Data subject is entitled to get a feedback from controller regarding whether the processing of his/her personal data is in process and if so, he/she is entitled to get access to the personal data and the information regarding the data processing.
Data subject, in the case of a reason listed by the GDPR, is entitled to that upon his/her request POSeidon Solutions Ltd. shall delete the personal data concerning him/her without undue delay or limit the data processing.
Data subject may object to the processing of his/her personal data or the profiling using them.
Controller shall inform the data subject within one month from the receipt of the request on the measures taken based on it.
Data subject may turn to controller with his/her remark, and may enforce his/her rights before the court of his/her place of abode or the seat of controller, and may file a complaint to the Hungarian National Authority for Data Protection and Freedom of Information. (H-1125 Budapest, Szilágyi Erzsébet fasor 22/C.)
Data subject may request information on the processing of his/her personal data and may request the rectification thereof, and except for the obligatory processing, the erasure or blocking thereof in a way indicated upon data recording and via its contact details set out in Section 6.
POSeidon Solutions Ltd. shall notify data subject and those to whom it transferred the data for processing on the rectification, blocking and erasure. It avoids notification if this does not infringe the legitimate interest of the data subject with regard to the purpose of processing.
Data subject may object to the processing of his/her personal data
- if the processing or transfer of such data is only necessary for the performance of legal obligation regarding the controller or the enforcement of the legitimate interest of controller, data importer or third party, except if data processing is ordered by law;
- the use or transfer of personal data is for direct marketing purposes, opinion polls or scientific research;
- other cases set out by legislation.
POSeidon Solutions Ltd. examines the objection as promptly as possible from the submission of the request but in no more than 15 days; it makes a decision regarding its grounding and informs the requester on its decision in writing.
If the controller establishes that data subject’s objection is grounded, it terminates the data processing, including the additional data recording and data transfer, and blocks the data and informs those to whom it transferred the personal data concerned with objection on the objection and the measures taken based on it and who shall proceed for the enforcement of the right to object.
If data subject disagrees with the decision of the controller, it may turn to the court against it within 30 days of its disclosure.
POSeidon Solutions Ltd. shall not erase data subject’s data if the data processing is ordered by law. However, data shall not be transferred to data importer if the controller agreed with the objection and the court has established the legitimacy of the objection.
Data subject may turn to the court against controller if his/her rights are violated. The court shall proceed forthwith.
POSeidon Solutions Ltd. shall reimburse the damage caused by the unlawful processing of data subject’s data or by the violation of data security requirements. Controller shall be exempted from liability if the damage was caused by an unavoidable cause falling outside the scope of data processing.
It does not reimburse the damage if it derived from the wilful or gross negligent behaviour of the aggrieved party.
POSeidon Solutions Ltd. reports to the data protection authority the personal data breach it becomes aware of without undue delay and, if possible, within 72 hours at the latest after it becomes known, except if the personal data breach possibly does not pose risk to the rights and freedoms of natural persons.
At the same time, POSeidon Solutions Ltd. keeps a record on personal data breaches which includes the facts related to personal data breach, its effects and the measures taken to avoid the effects of the personal data breach.
Thereby it makes possible for the supervisory authority to control the compliance with the requirements. The private security guard shall notify POSeidon Solutions Ltd. immediately if it becomes aware of a personal data breach.
In case of questions and comments the data subjects may turn to the data protection officer of POSeidon Solutions Ltd.
Legal remedy and filing a complaint are possible at the competent court and the National Authority for Data Protection and Freedom of Information:
Name: National Authority for Data Protection and Freedom of Information
data subject: a natural person identified or identifiable based on any information;
identifiable natural person: a natural person who can be identified directly or indirectly based on, in particular, an identifier, e.g. name, identification number, position data, online identifier or one or more factors;
personal data: any information regarding the data subject;
sensitive data: every data belonging to the special categories of personal data, i.e. personal data revealing racial or ethnic origin, political opinion, religion or beliefs or trade union membership and genetic data, biometric data for the unique identification of natural persons, data concerning health and data concerning a natural person's sex life or sexual orientation;
consent: the clear expression of the data subject’s will based on voluntary, explicit and proper information with which the data subject indicates by statement or by any other behaviour unambiguously expressing his/her will that it agrees to the processing of personal data concerning him/her;
controller: a natural or legal person or organisation without legal personality who or which – within the framework determined in the law or in the mandatory legal act of the European Union – alone or jointly with others determines the purpose of processing, makes the decisions regarding processing (including the used means) and implements them or have them implemented with the processor;
data processing: regardless of the applied procedure the operation or set of operations performed on the data, in particular the collection, recording, capture, structuring, storage, alteration, use, retrieval, transfer, disclosure, alignment or combination, blocking, erasure and destruction and the prevention of further use of data, taking pictures, making voice or video recordings, and the capturing of physical characteristics suitable for the identification of the person (e.g. fingerprint or palm print, DNA-sample, retinal image);
data transfer: making the data available to a certain third party;
disclosure: making the data available to anyone;
erasure of data: making the data unrecognisable in a way that its restoration is not possible anymore;
restriction of data processing: blocking of the stored data by way of marking them with the aim of limiting their further processing;
destruction of data: the total physical destruction of the media containing the data;
data processing: all processing operations carried out by processor acting on behalf of or at the order of the controller;
processor: a natural or legal person or organisation without legal personality who or which – within the framework of and with the conditions determined in the law or in the mandatory legal act of the European Union – processes personal data on behalf of or at the order of the controller;
third party: a natural or legal person or organisation without legal personality other than the data subject, controller, processor or as those who carry out operations regarding the processing of personal data under the direct authority of the controller or the processor;
personal data breach: the breach of data security that results in the accidental or unlawful destruction, loss, alteration, unauthorised transfer or disclosure of the transferred, stored or otherwise processed personal data or in the unauthorised access to such data;
profiling: any automated processing of personal data which aims at the evaluation, analysis or prediction of characteristics related to the personal characteristics, in particular the performance at work, economic situation, health, personal preferences or interests, reliability, behaviour, location or movements of the data subject;
recipient: a natural or legal person or organisation without legal personality to whom or which the controller or the processor makes available personal data;
pseudonymisation: the processing of personal data in a way that the personal data can no longer be attributed to a specific data subject without the use of additional information stored separately from the personal data and provides technical and organisational measures to ensure that the personal data cannot be attributed to an identified or identifiable natural person;