Privacy Policy

Data Management Information 

1. General Provisions  

Szinergia Project, Operations and Change Management Ltd. (registered office: 1022 Budapest, Bimbó út 1-5., C lh., I/1., company registration number: 01 09 364617; hereinafter: “Szinergia Ltd.”, “service provider”, “data controller”), as the data controller, acknowledges the content of this information as binding upon itself. It undertakes to ensure that its data management related to its services complies with the expectations set forth in this information. 

The legal guidelines applicable to the www.szinergia.hu portal are continuously available. Szinergia Ltd. reserves the right to change this information at any time and will notify its audience of any changes in due time. If the user has any questions that are not clear based on this statement, please write to us, and our colleague will answer your question. 

We handle personal data in the course of our economic activities. We ensure the legality and purposefulness of data management in relation to all personal data processed. The purpose of this information is to provide adequate information to the data subjects before providing their personal data on how our company manages their personal data, for what purpose, under what conditions and guarantees, and for how long. 

Our company adheres to the provisions of this information in all cases of personal data management and considers the contents herein binding upon itself. We reserve the right to change the contents of this unilateral legal declaration, with appropriate notification to the data subjects. 

Our data management activities are based on the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, hereinafter: “GDPR”) and Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: “Info Act”). 

2. Definitions 

2.1. Data Subject: any identified or identifiable natural person based on any specific personal data; 

2.2. Personal Data: any data related to the data subject – in particular, the name, identification number of the data subject, as well as one or more pieces of information characteristic of the physical, physiological, mental, economic, cultural, or social identity of the data subject – and any conclusion that can be drawn from the data regarding the data subject; 

2.3. Consent: a voluntary and explicit declaration of the will of the data subject, based on appropriate information, giving unambiguous consent to the processing of personal data concerning them – either comprehensively or for specific operations; 

2.4. Objection: the data subject’s declaration objecting to the processing of their personal data and requesting the termination of data processing or the deletion of the processed data; 

2.5. Data Controller: the natural or legal person, or an organization without legal personality, who or which, alone or jointly with others, determines the purposes of data processing, makes and executes decisions regarding data processing (including the tools used) or has them executed by the data processor; 

2.6. Data Processing: any operation or set of operations performed on data, regardless of the method applied, such as collecting, recording, organizing, storing, altering, using, retrieving, transmitting, disclosing, aligning or combining, blocking, deleting, and destroying data, as well as preventing the further use of data, taking photos, making audio or video recordings, and recording physical characteristics suitable for identifying the person (e.g., fingerprint or palmprint, DNA sample, iris image); 

2.7. Data Transfer: making data available to a specific third party; 

2.8. Public Disclosure: making data accessible to anyone; 

2.9. Data Deletion: rendering data unrecognizable in such a way that their restoration is no longer possible; 

2.10. Data Blocking: marking data with an identifier to limit their further processing, either permanently or for a specified period; 

2.11. Data Destruction: complete physical destruction of the data carrier containing the data; 

2.12. Data Processing: performing technical tasks related to data processing operations, regardless of the method and tool used for executing the operations and the place of application, provided that the technical task is performed on the data; 

2.13. Data Processor: a natural or legal person, or an organization without legal personality, who or which processes data based on a contract – including a contract concluded under legal provisions; 

2.14. Third Party: a natural or legal person, or an organization without legal personality, who or which is not identical with the data subject, the data controller, or the data processor; 

2.15. Third Country: any country that is not a member of the European Economic Area; 

2.16. Cookie: a text file not exceeding 4 kilobytes, stored by the internet browser on our computer from visited servers. Its function is to make browsing more convenient, as it allows the storage of various personal data, passwords, etc. It enables websites to be customized and, by knowing the browsing history, is also suitable for targeted advertising campaigns. 

3. PRINCIPLES OF DATA PROCESSING AT SZINERGIA KFT. 

3.1. Personal data can be processed if: 

a) the data subject consents, or b) it is ordered by law or, based on the authorization of law, by a local government decree for a purpose in the public interest. 

Note: The validity of a legal declaration containing the consent of a minor over the age of 16 does not require the consent or subsequent approval of their legal representative. 

3.2. Personal data may only be processed for a specific purpose, to exercise a right, or to fulfill an obligation. Data processing must comply with this purpose in all stages, and the collection and processing of data must be fair and lawful. Only personal data that is essential for the realization of the purpose of data processing and suitable for achieving the purpose may be processed, and only to the extent and for the duration necessary to achieve the purpose. 

3.3. Personal data may only be processed with informed consent. The data subject must be clearly, comprehensibly, and thoroughly informed of all facts related to the processing of their data, especially the purpose and legal basis of data processing, the person authorized to process and handle the data, the duration of data processing, and who may access the data. The information must also cover the data subject’s rights related to data processing and the available legal remedies. 

4. RULES ON DATA PROCESSING BY SZINERGIA KFT. 

4.1. Legal basis for data processing: 

In accordance with Section 5 (1) (a) of the Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: “Data Protection Act”), the legal basis for data processing is your informed consent. Providing consent is voluntary. By giving your consent, you agree that Szinergia Kft. may process your personal data, including images of you (hereinafter collectively: “Data”), for the pre-determined purpose and perform operations on the Data, such as collecting, recording, organizing, storing, using, and deleting them, in accordance with the provisions set out in this Data Processing Information. 

In cases where data processing is based on the data subject’s consent, the data subject may give their consent to the processing of their personal data electronically, by express conduct on Szinergia Kft.’s website, by filling out a checkbox, or by making technical settings related to the use of services in the information society. Any statement or act that clearly indicates the data subject’s consent to the intended processing of their personal data in the given context is also acceptable. Silence, pre-ticked boxes, or inactivity do not constitute consent. 

Consent covers all data processing activities carried out for the same purpose or purposes. If data processing serves multiple purposes simultaneously, Szinergia Kft. requests consent for all purposes. If the data subject gives their consent following Szinergia Kft.’s electronic request, the request must always be clear and concise and must not unnecessarily hinder the use of the service for which Szinergia Kft. is requesting consent. 

The data subject has the right to withdraw their consent at any time. Withdrawal of consent does not affect the lawfulness of data processing based on consent before its withdrawal. Szinergia Kft. informs the data subject about this before giving consent. Szinergia Kft. provides the same easy means for withdrawing consent as for giving it. 

If personal data is collected with the consent of the data subject, Szinergia Kft. may process the collected data without further specific consent and after the withdrawal of consent if it is necessary to fulfill a legal obligation applicable to Szinergia Kft. 

4.2. Data Controller and Data Processor: 

The Data is processed by Szinergia Kft. as the data controller. For providing marketing services, our company uses a data processor. 

4.3. Duration of data processing: 

Data processing is for an indefinite period, but at most until you prohibit the use of the Data for the intended purpose or request the termination of data processing. 

4.4. Persons with access to the Data: 

Employees of Szinergia Kft. and the current authorized representatives entitled to sign on behalf of the company have access rights to the Data. 

4.5. Rights of the Data Subjects: 

I. Right to information 

1.1. The data subject has the right to receive information from Szinergia Kft. about data processing activities before they commence. 

1.2. During the collection of personal data, Szinergia Kft. provides the data subject with the following information: 

  • The name and contact details of Szinergia Kft. and its representative; 
  • The purpose of the planned processing of personal data and the legal basis for processing; 
  • In the case of data processing based on legitimate interests, the legitimate interests of Szinergia Kft. or third parties; 
  • Where applicable, the recipients or categories of recipients of the personal data; 
  • The fact if Szinergia Kft. intends to transfer personal data to a third country or international organization. 

1.3. In addition to the information mentioned in point 1.2, Szinergia Kft. informs the data subject at the time of data collection, to ensure fair and transparent data processing, about the following additional information: 

  • The duration of personal data storage, or if this is not possible, the criteria for determining this period; 
  • The right of the data subject to request access to, rectification, erasure, or restriction of the processing of personal data, to object to such processing, and the right to data portability; 
  • The right to withdraw consent at any time, which does not affect the lawfulness of processing based on consent before its withdrawal; 
  • The right to lodge a complaint with a supervisory authority; 
  • Whether the provision of personal data is based on a legal or contractual obligation or a precondition for entering into a contract, and whether the data subject is obliged to provide the personal data, and the possible consequences of failing to provide such data; 
  • The fact of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR, and at least in these cases, meaningful information about the logic involved and the significance and envisaged consequences of such processing for the data subject. 
  • If Szinergia Kft. intends to further process the personal data for a purpose other than that for which they were collected, it informs the data subject about this different purpose and any relevant additional information mentioned in points 1.2 and 1.3 before the further processing. 

II. Right of access by the data subject 

2.1. The data subject has the right to receive confirmation from Szinergia Kft. as to whether personal data concerning them are being processed, and if so, to access the personal data and the following information (Article 15 of the GDPR): 

  • The purposes of data processing; 
  • The categories of personal data concerned; 
  • The recipients or categories of recipients to whom the personal data have been or will be disclosed, particularly recipients in third countries or international organizations; 
  • Where possible, the envisaged period for which personal data will be stored, or if not possible, the criteria used to determine that period; 
  • The right to request rectification or erasure of personal data or restriction of processing and to object to processing; 
  • The right to lodge a complaint with a supervisory authority; 
  • Where the personal data is not collected from the data subject, any available information about their source; 
  • The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR, and meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject. 

2.2. Where personal data is transferred to a third country or international organization, the data subject has the right to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR relating to the transfer. 

2.3. Szinergia Kft. provides a copy of the personal data undergoing processing. For any further copies requested by the data subject, Szinergia Kft. may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested, the information is provided in a commonly used electronic format. 

III. The Right to Rectification 

3.1 The data subject has the right to have Szinergia Kft. rectify inaccurate personal data concerning them without undue delay upon request. 

3.2 Considering the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement. 

IV. The Right to Erasure (“the right to be forgotten”) 

4.1 The data subject has the right to request Szinergia Kft. to erase personal data concerning them without undue delay, and Szinergia Kft. is obligated to erase personal data without undue delay if: 

  • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed by Szinergia Kft.; 
  • the data subject withdraws the consent on which the processing is based, and there is no other legal ground for the processing; 
  • the data subject objects to the processing, and there are no overriding legitimate grounds for the processing; 
  • the personal data have been unlawfully processed by Szinergia Kft.; 
  • the personal data have to be erased for compliance with a legal obligation under Union or Member State law to which Szinergia Kft. is subject; 
  • the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the Regulation. 

4.2 The right to erasure does not apply to the extent that processing is necessary: 

  • for exercising the right of freedom of expression and information; 
  • for compliance with a legal obligation which requires processing by Union or Member State law to which Szinergia Kft. is subject, or for the performance of a task carried out in the public interest; 
  • for reasons of public interest in the area of public health; 
  • for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, insofar as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or 
  • for the establishment, exercise, or defense of legal claims. 

V. The Right to Restrict Data Processing 

5.1 In the case of restriction of data processing, such personal data, with the exception of storage, may only be processed with the consent of the data subject, or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State. 

5.2 The data subject has the right to request Szinergia Kft. to restrict data processing if any of the following conditions are met: 

  • the data subject contests the accuracy of the personal data, in which case the restriction applies for a period enabling Szinergia Kft. to verify the accuracy of the personal data; 
  • the data processing by Szinergia Kft. is unlawful and the data subject opposes the erasure of the data and requests the restriction of their use instead; 
  • Szinergia Kft. no longer needs the personal data for processing purposes, but the data subject requires them for the establishment, exercise, or defense of legal claims; or 
  • the data subject has objected to the processing; in this case, the restriction applies for a period until it is verified whether the legitimate grounds of Szinergia Kft. override those of the data subject. 

5.3 Szinergia Kft. shall inform the data subject before lifting the restriction of data processing. 

VI.  

Szinergia Kft. shall communicate any rectification, erasure, or restriction of data processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. 

VII. The Right to Data Portability 

7.1 The data subject has the right to receive the personal data concerning them, which they have provided to Szinergia Kft., in a structured, commonly used, and machine-readable format, and has the right to transmit those data to another controller without hindrance from Szinergia Kft., if: 

  • the processing is based on consent or on a contract; and 
  • the processing is carried out by automated means. 

7.2 In exercising the right to data portability pursuant to point 7.1, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible. 

7.3 The exercise of the right to data portability shall not adversely affect the rights and freedoms of others and shall not be in violation of Article 17 of the Regulation (the right to erasure). This right does not apply to processing necessary for the performance of a task carried out in the public interest. 

VIII. The Right to Object 

8.1 The data subject has the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on the performance of a task carried out in the public interest or in the exercise of official authority vested in Szinergia Kft., or the processing is necessary for the purposes of the legitimate interests pursued by Szinergia Kft. or by a third party (Article 6(1)(e) or (f) of the Regulation), including profiling based on those provisions. In such cases, Szinergia Kft. shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims. 

8.2 If personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing. If the data subject objects to processing for direct marketing purposes, Szinergia Kft. shall no longer process the personal data for such purposes. 

8.3 The right referred to in points 8.1 and 8.2 shall be explicitly brought to the attention of the data subject at the latest at the time of the first communication with the data subject, and shall be presented clearly and separately from any other information. 

8.4 The data subject may exercise the right to object by automated means using technical specifications. 

8.5 Where personal data are processed for scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the Regulation, the data subject, on grounds relating to their particular situation, shall have the right to object to processing of personal data concerning them, unless the processing is necessary for the performance of a task carried out for reasons of public interest. 

IX. The Right to Exemption from Automated Decision-Making 

9.1 The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. 

9.2 Point 9.1 shall not apply if the decision: 

  • is necessary for entering into, or performance of, a contract between the data subject and Szinergia Kft.; 
  • is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or 
  • is based on the data subject’s explicit consent. 

9.3 In the cases referred to in points 9.2(a) and 9.2(c), Szinergia Kft. shall implement suitable measures to safeguard the data subject’s rights, freedoms, and legitimate interests, at least the right to obtain human intervention on the part of Szinergia Kft., to express their point of view, and to contest the decision. 

X. The Right of the Data Subject to Lodge a Complaint and Seek Redress 

10.1 The right to lodge a complaint with the supervisory authority: Pursuant to Article 77 of the Regulation, the data subject has the right to lodge a complaint with a supervisory authority if they consider that the processing of personal data relating to them infringes the Regulation. The supervisory authority to which the complaint has been submitted shall inform the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the Regulation. The data subject can exercise their right to lodge a complaint via the following contact details: National Authority for Data Protection and Freedom of Information Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c Phone: +36 (1) 391-1400 Fax: +36 (1) 391-1410 Website: http://www.naih.hu Email: ugyfelszolgalat@naih.hu 

10.2 The right to an effective judicial remedy against a supervisory authority: Without prejudice to any other administrative or non-judicial remedy, every natural and legal person has the right to an effective judicial remedy against a legally binding decision of a supervisory authority concerning them. Without prejudice to any other administrative or non-judicial remedy, every data subject has the right to an effective judicial remedy where the competent supervisory authority does not handle a complaint or does not inform the data subject within three months on the progress or outcome of the complaint lodged pursuant to Article 77 of the Regulation. Proceedings against a supervisory authority shall be brought before the courts of the Member State where the supervisory authority is established. 

10.3 The right to an effective judicial remedy against a controller or processor: Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority under Article 77, every data subject has the right to an effective judicial remedy where they consider that their rights under the Regulation have been infringed as a result of the processing of their personal data in non-compliance with the Regulation. Proceedings against a controller or processor shall be brought before the courts of the Member State where the controller or processor has an establishment. Such proceedings may be brought before the courts of the Member State where the data subject has their habitual residence unless the controller or processor is a public authority of a Member State acting in the exercise of its public powers. 

XI. Notification of a Data Protection Breach 

11.1 If the data protection breach is likely to result in a high risk to the rights and freedoms of natural persons, Szinergia Kft. shall communicate the data protection breach to the data subject without undue delay. 

11.2 In the communication referred to in point 11.1 to the data subject, Szinergia Kft. shall describe in clear and plain language the nature of the data protection breach and shall, at least: 

  • provide the name and contact details of the data protection officer or other contact point where more information can be obtained; 
  • describe the likely consequences of the data protection breach; 
  • describe the measures taken or proposed by Szinergia Kft. to address the data protection breach, including, where appropriate, measures to mitigate its possible adverse effects. 

11.3 The data subject shall not be informed if any of the following conditions are met: 

  • Szinergia Kft. has implemented appropriate technical and organizational protection measures, and those measures were applied to the personal data affected by the data protection breach, in particular those measures that render the personal data unintelligible to any person who is not authorized to access it, such as encryption; 
  • Szinergia Kft. has taken subsequent measures that ensure that the high risk to the rights and freedoms of data subjects referred to in point 11.1 is no longer likely to materialize; 
  • it would involve disproportionate effort. In such a case, there shall instead be a public communication or similar measure whereby the data subjects are informed in an equally effective manner. 

XII. Procedure Applicable Upon the Data Subject’s Request 

12.1 Szinergia Kft. facilitates the exercise of the data subject’s rights and may not refuse to act on a request by the data subject to exercise their rights as set out in this Policy unless it demonstrates that it is not in a position to identify the data subject. The data subject may send their request or inquiry regarding data processing to the following address: 

  • By post: 1022 Budapest, Bimbó út 1-5. C lh. I. em. 1. 

Szinergia Kft. will send its response to the address specified by the data subject without undue delay, but no later than within 30 days. 

12.2 Szinergia Kft. shall inform the data subject about the actions taken in response to their request without undue delay, and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. Szinergia Kft. shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. 

12.3 Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject. 

12.4 If Szinergia Kft. does not take action on the request of the data subject, it shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action, and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy. 

12.5 Information provided under Articles 13 and 14 of the Regulation, and any communication and any actions taken under Articles 15 to 22 and 34 of the Regulation (providing feedback on the processing of personal data, access to the processed data, rectification, erasure, restriction of data processing, data portability, objection to data processing, notification of a data breach) shall be provided free of charge to the data subject. 

12.6 Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, Szinergia Kft. may either: 

  • charge a reasonable fee of 10,000 HUF, taking into account the administrative costs of providing the information or communication or taking the action requested; or 
  • refuse to act on the request. 

Szinergia Kft. shall bear the burden of demonstrating the manifestly unfounded or excessive character of the request. If Szinergia Kft. has reasonable doubts concerning the identity of the natural person making the request under Articles 15 to 21 of the Regulation, it may request the provision of additional information necessary to confirm the identity of the data subject. 

12.7 Purposes of data processing: 

A.) EVENT REGISTRATION Szinergia Kft. may occasionally send information and promotional offers related to available training courses to individuals who register for events via email and post. Event registration can be done periodically by registering on the website www.szinergia.hu. By registering for an event, you consent to Szinergia Kft. taking photographs of you during the event and using them as part of its educational materials and promotional materials indefinitely, without compensation, in any manner (including internet advertisements, printed media, and other promotional materials) and without geographical limitation. 

Please note that, according to the amendment of Act LXXVII of 2013, adult education providers must request the personal identification data of all participants in training courses. The received data must be reported to the Adult Education Data Service System as required by law. The data must be provided to Szinergia Kft. and will be processed until the last day of the eighth year following the date of training. With the exception of “gender” and “highest level of education,” you can prohibit the provision of data to the Adult Education Data Service System for reporting purposes by sending us a declaration. (Data blocking is possible if the participant has an educational identifier.) 

If you no longer wish to receive information and promotional offers from Szinergia Kft., you can unsubscribe from the newsletter by clicking on the link “If you no longer want to receive information about our latest events, you can unsubscribe here” in the newsletter footer, or you can make a declaration by email to kepzes@szinergia.hu

Applicants are responsible for the accuracy of the personal data provided. If false data is provided or someone else’s personal data is given, the affected person may suffer harm, in which case civil, criminal, and administrative proceedings may be initiated. 

B.) APPLICATION FOR TRAINING Applications for training can be made on the website www.szinergia.hu under the TRAININGS menu. Some personal data must be provided for the application, which is detailed in point 12.7/A. Additionally, uploading a CV may be necessary for job advertisements. Szinergia Kft. may occasionally send information and promotional offers related to available training courses to individuals who apply via email or post. The personal data provided during the application are necessary for communication and sending information and offers related to the training, as well as for preparing for the interview and completing the training. By applying for training, you consent to Szinergia Kft. taking photographs of you during the training and using them as part of its educational materials and promotional materials indefinitely, without compensation, in any manner (including internet advertisements, printed media, and other promotional materials) and without geographical limitation. 

If you no longer wish to receive information and promotional offers from Szinergia Kft., you can unsubscribe from the newsletter by clicking on the link “If you no longer want to receive information about our latest events, you can unsubscribe here” in the newsletter footer, or you can make a declaration by email to kepzes@szinergia.hu

Applicants are responsible for the accuracy of the personal data provided. If false data is provided or someone else’s personal data is given, the affected person may suffer harm, in which case civil, criminal, and administrative proceedings may be initiated. 

C.) Data processing related to orders, requests for offers, and contact on the Szinergia Kft. website Some services available on the website (orders, requests for offers) require the data subject to voluntarily provide personal data. Further data provision is also necessary in accordance with point 12.7/A. Accordingly, placing an order, sending a request for an offer to Szinergia Kft., or providing data during contact implies voluntary acceptance of this Policy and consent to data processing. 

The legal basis for data processing is the data subject’s voluntary provision of data, which is given by ticking the box next to the order/request for offer/contact text on the Szinergia Kft. website after being informed about data processing. 

Data subject group: any natural person who consents to the processing of their personal data on the Szinergia Kft. website. 

Processed data: the name, email address, and phone number of the natural person. 

Purpose of personal data processing: the provision of services available on the website, fulfilling orders, processing requests for offers, contacting for contract preparation or other purposes, and providing information about Szinergia Kft.’s products, services, contract terms, and promotions. 

Recipients or categories of recipients of personal data: the executive officers of Szinergia Kft., employees responsible for customer service and marketing activities, and employees of the service provider responsible for operating the Szinergia Kft. website as data processors. 

Storage period of personal data: until the order or request for an offer is fulfilled or until the data subject withdraws their consent (requests deletion). 

D.) Data processing related to direct marketing activities The legal basis for direct marketing data processing by Szinergia Kft. is the data subject’s explicit and unambiguous consent. The data subject gives their explicit, unambiguous prior consent to the processing of their data for direct marketing purposes by ticking the box next to the consent for direct marketing contact text on the Szinergia Kft. website or in the relevant business contract after being informed about data processing. 

Data subject group: any natural person who gives their explicit, unambiguous consent for the Company to process their personal data for direct marketing purposes. 

Purpose of personal data processing: direct marketing activities related to the activities of Szinergia Kft., such as sending promotional materials, newsletters, and current offers in printed (postal) or electronic (email) form regularly or periodically to the contact details provided during registration or contract signing. 

Recipients or categories of recipients of personal data: the executive officers of Szinergia Kft., employees responsible for customer service and marketing activities, and employees of the service provider responsible for operating the Szinergia Kft. website as data processors. 

Processed personal data: the name, address, phone number, and email address of the natural person. 

Duration of data processing: until the data subject withdraws their consent for direct marketing purposes. 

XIII. OTHER RULES RELATED TO INTERNET USE 

13.1. DATA OF WEBSITE VISITORS Viewing the / website is possible without providing personal data for anyone. During visits to the / website, a small file, called a “cookie” (hereinafter collectively referred to as “Cookie”), is stored on the user’s computer (or other internet-enabled devices, such as a smartphone or tablet), which makes the user’s browser uniquely identifiable, provided that the user has given their explicit (active) consent to this following clear and unambiguous information by continuing to browse the website. By visiting (browsing) the / website, the data subject consents to Szinergia Kft. processing and recording non-personal data. Non-personal data are technical data from which the data subject cannot be identified, thus not falling under the scope of the Info Act. Such information includes, in particular, the IP address, the time of the visit to the / website, the type of operating system of the computer, the address of the website that directed the data subject to the / website, etc. These non-personal data are processed for statistical and development purposes in an automated manner for a maximum of 60 days following the visit. Cookies are essential for the proper functioning of the / website and collect information about the website’s use to improve the user experience, making the site more convenient and useful. Some Cookies are stored only temporarily (until the browser is closed), while others remain on the computer for a more extended period. During visits to the website, the following data are recorded and processed about the visitor and the device used for browsing: the IP address used by the visitor, the type of browser, the characteristics of the operating system of the device used for browsing (set language), the time of the visit, the visited (sub)page, function, or service, click. The Cookies used on the website do not store information suitable for personal identification, and Szinergia Kft. does not perform personal data processing in this regard. By using the / website, the user consents to the use of Cookies as described in this point 1. Most internet browsers are set to allow Cookies to be stored by default without specific user intervention and/or notification. If the user does not agree with the use of Cookies, they need to set their browser accordingly. The user can change the default settings of the browser to block Cookies or request a warning about the Cookies used by the visited website. For more information or to change settings, the user can find help in the browser’s help section. 

13.2. DATA COLLECTION BY EXTERNAL SERVICE PROVIDERS ON THE WEBSITE The HTML code of the www.szinergia.hu website may contain references to and from external servers independent of Szinergia Kft. The external server assists in the independent auditing of visit and other web analytical data on the website. The web analytics service provider, on behalf of Szinergia Kft., is authorized to process only anonymized data, not personal data. Currently, the web analytics service is provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043) within the framework of the Google Analytics service. Info: www.google.com. Online card payments are processed through the Barion system. Card data is not transmitted to the merchant. The service provider, Barion Payment Zrt., is an institution supervised by the Hungarian National Bank, with license number: H-EN-I-1064/2013. 

XIV. DATA SECURITY MEASURES Data Security Measures 

14.1. Szinergia Kft. may only process personal data in connection with the activities specified in this Policy and solely for the purpose of data processing. 

14.2. Szinergia Kft. ensures the security of the data, undertaking to take all technical and organizational measures necessary to enforce data security, data protection, and secrecy protection laws and regulations, and to develop the procedural rules necessary to enforce the above laws. 

14.3. Szinergia Kft. protects the data with appropriate measures against accidental or unlawful destruction, loss, alteration, transmission, damage, unauthorized disclosure, or access, and against becoming inaccessible due to changes in the applied technology. The technical and organizational measures implemented by Szinergia Kft. aim to: 

  • pseudonymize and encrypt personal data; 
  • ensure the ongoing confidentiality, integrity, availability, and resilience of systems and services used for processing personal data; 
  • restore access to and availability of personal data in a timely manner in the event of a physical or technical incident; 
  • regularly test, assess, and evaluate the effectiveness of technical and organizational measures to ensure the security of processing. 

14.4. Szinergia Kft. ensures that personal data processed by it can only be accessed by employees and persons acting on behalf of Szinergia Kft. who genuinely need access to perform their job duties. 

14.5. Szinergia Kft. stores the personal data provided during each data processing activity separately from other data, ensuring that only employees with appropriate access rights can access the separated data files. 

14.6. Szinergia Kft. classifies and treats personal data as confidential information. Employees who handle personal data in the course of their job duties are required to maintain confidentiality regarding personal data. Szinergia Kft. restricts access to personal data by assigning authorization levels. 

14.7. To ensure data security in its IT records, Szinergia Kft. implements the following necessary measures: 

  • provides constant protection against computer viruses for the data files it manages, using real-time antivirus software; 
  • ensures the physical protection of its IT system hardware, including protection against elemental damage; 
  • protects its IT system against unauthorized access, both in terms of software and hardware; 
  • takes all measures necessary for data file recovery, regularly performs security backups, and ensures the separate, secure handling of security copies. 

14.8. To protect paper-based records, Szinergia Kft. takes the necessary measures, particularly regarding physical security and fire protection. Szinergia Kft. management, employees, and others acting on behalf of Szinergia Kft. must securely store and protect data carriers containing personal data, regardless of the recording method, against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as accidental destruction and damage. 

14.9. Szinergia Kft. ensures that during the automated processing of personal data: 

  • unauthorized data input is prevented; 
  • the use of automated data processing systems by unauthorized persons using data transmission equipment is prevented; 
  • it can be verified and established which bodies have received or may receive personal data through data transmission equipment; 
  • it can be verified and established which personal data were entered, when, and by whom into automated data processing systems; 
  • the installed systems can be restored in case of malfunction, and; 
  • reports are made of errors occurring during automated processing. 

14.10. To protect personal data, Szinergia Kft. monitors incoming and outgoing communications conducted electronically. 

14.11. Szinergia Kft. does not permit the sharing of personal data it manages on the internet, nor the use of file download, gaming, chat, or sexual service websites. The use of unauthorized programs received from external sources or downloaded is also prohibited. 

14.12. Only authorized employees can access ongoing work and documents under processing, and Szinergia Kft. ensures the secure storage of personnel, payroll, and other personal data-containing documents. Szinergia Kft. ensures the proper physical protection of data, the devices carrying them, the IT system hardware, and the documents. 

XV. HANDLING DATA BREACHES 

Definition of a Data Breach 

15.1 A data breach is a security incident that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed (Regulation Article 4, point 12). 

15.2 A data breach includes incidents such as the loss of a device containing personal data (e.g., laptop, mobile phone), insecure storage of personal data (e.g., labor documents thrown into the trash), insecure transmission of data, unauthorized copying, transmission, or disclosure of customer and partner lists, IT system attacks, and mistakenly sent emails containing personal data. 

Handling and Remedying Data Breaches 

15.3 Preventing, handling, and complying with the relevant legal requirements concerning data breaches is the responsibility of the executive officer of Szinergia Kft. 

15.4 Upon detecting a data breach, the executive officer of Szinergia Kft. shall immediately conduct an investigation to identify the data breach and determine its possible consequences. In this context, Szinergia Kft. will examine and establish: 

  • the time and place of the incident, 
  • a description of the incident, its circumstances, and effects, 
  • the scope and volume of compromised data, 
  • the scope of individuals affected by the compromised data, 
  • the measures taken to mitigate the incident, 
  • the measures taken to prevent, mitigate, or reduce damage. 

In the event of a data breach, Szinergia Kft. will contain, isolate, and ensure the collection and preservation of evidence supporting the occurrence of the breach. Following this, Szinergia Kft. will begin restoring the damage and reinstating lawful operations. 

15.5 Szinergia Kft. shall notify the competent supervisory authority of the data breach without undue delay and, if possible, no later than 72 hours after becoming aware of it unless the data breach is unlikely to result in a risk to the rights and freedoms of natural persons. 

Recording Data Breaches 

15.6 Szinergia Kft. maintains a record of data breaches, which includes: 

  • the scope of the affected personal data, 
  • the scope and number of individuals affected by the data breach, 
  • the time of the data breach, 
  • the circumstances and effects of the data breach, 
  • the measures taken to remedy the data breach, 
  • other data specified by law governing data processing. 

15.7 Szinergia Kft. retains data related to data breaches in the record for 5 years. 

XVI. CHANGING THE CONTENT OF THE WEBSITE AND THE DATA PROCESSING INFORMATION 

Szinergia Kft. expressly reserves the right to unilaterally change, without restriction or notice, the content of the website it operates and the content of this Data Processing Information at any time, as well as to terminate or suspend any service. 

Contact

© 2024 Szinergia Projekt-, Működés- és Változásmenedzsment Kft. – All rights reserved. Made by: EP