Contact
- Szinergia Projekt-, Működés- és Változásmenedzsment Kft.
- 1022 Budapest, Bimbó út 5.
- Tel.: +36 70 360 7188
- Email: szinergia@szinergia.hu
- Adult Education Registration Number: B/2020/002774
No products in the basket.
Data Management Information
1. General Provisions
Szinergia Project, Operations and Change Management Ltd. (registered office: 1022 Budapest, Bimbó út 1-5., C lh., I/1., company registration number: 01 09 364617; hereinafter: “Szinergia Ltd.”, “service provider”, “data controller”), as the data controller, acknowledges the content of this information as binding upon itself. It undertakes to ensure that its data management related to its services complies with the expectations set forth in this information.
The legal guidelines applicable to the www.szinergia.hu portal are continuously available. Szinergia Ltd. reserves the right to change this information at any time and will notify its audience of any changes in due time. If the user has any questions that are not clear based on this statement, please write to us, and our colleague will answer your question.
We handle personal data in the course of our economic activities. We ensure the legality and purposefulness of data management in relation to all personal data processed. The purpose of this information is to provide adequate information to the data subjects before providing their personal data on how our company manages their personal data, for what purpose, under what conditions and guarantees, and for how long.
Our company adheres to the provisions of this information in all cases of personal data management and considers the contents herein binding upon itself. We reserve the right to change the contents of this unilateral legal declaration, with appropriate notification to the data subjects.
Our data management activities are based on the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, hereinafter: “GDPR”) and Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: “Info Act”).
2. Definitions
2.1. Data Subject: any identified or identifiable natural person based on any specific personal data;
2.2. Personal Data: any data related to the data subject – in particular, the name, identification number of the data subject, as well as one or more pieces of information characteristic of the physical, physiological, mental, economic, cultural, or social identity of the data subject – and any conclusion that can be drawn from the data regarding the data subject;
2.3. Consent: a voluntary and explicit declaration of the will of the data subject, based on appropriate information, giving unambiguous consent to the processing of personal data concerning them – either comprehensively or for specific operations;
2.4. Objection: the data subject’s declaration objecting to the processing of their personal data and requesting the termination of data processing or the deletion of the processed data;
2.5. Data Controller: the natural or legal person, or an organization without legal personality, who or which, alone or jointly with others, determines the purposes of data processing, makes and executes decisions regarding data processing (including the tools used) or has them executed by the data processor;
2.6. Data Processing: any operation or set of operations performed on data, regardless of the method applied, such as collecting, recording, organizing, storing, altering, using, retrieving, transmitting, disclosing, aligning or combining, blocking, deleting, and destroying data, as well as preventing the further use of data, taking photos, making audio or video recordings, and recording physical characteristics suitable for identifying the person (e.g., fingerprint or palmprint, DNA sample, iris image);
2.7. Data Transfer: making data available to a specific third party;
2.8. Public Disclosure: making data accessible to anyone;
2.9. Data Deletion: rendering data unrecognizable in such a way that their restoration is no longer possible;
2.10. Data Blocking: marking data with an identifier to limit their further processing, either permanently or for a specified period;
2.11. Data Destruction: complete physical destruction of the data carrier containing the data;
2.12. Data Processing: performing technical tasks related to data processing operations, regardless of the method and tool used for executing the operations and the place of application, provided that the technical task is performed on the data;
2.13. Data Processor: a natural or legal person, or an organization without legal personality, who or which processes data based on a contract – including a contract concluded under legal provisions;
2.14. Third Party: a natural or legal person, or an organization without legal personality, who or which is not identical with the data subject, the data controller, or the data processor;
2.15. Third Country: any country that is not a member of the European Economic Area;
2.16. Cookie: a text file not exceeding 4 kilobytes, stored by the internet browser on our computer from visited servers. Its function is to make browsing more convenient, as it allows the storage of various personal data, passwords, etc. It enables websites to be customized and, by knowing the browsing history, is also suitable for targeted advertising campaigns.
3. PRINCIPLES OF DATA PROCESSING AT SZINERGIA KFT.
3.1. Personal data can be processed if:
a) the data subject consents, or b) it is ordered by law or, based on the authorization of law, by a local government decree for a purpose in the public interest.
Note: The validity of a legal declaration containing the consent of a minor over the age of 16 does not require the consent or subsequent approval of their legal representative.
3.2. Personal data may only be processed for a specific purpose, to exercise a right, or to fulfill an obligation. Data processing must comply with this purpose in all stages, and the collection and processing of data must be fair and lawful. Only personal data that is essential for the realization of the purpose of data processing and suitable for achieving the purpose may be processed, and only to the extent and for the duration necessary to achieve the purpose.
3.3. Personal data may only be processed with informed consent. The data subject must be clearly, comprehensibly, and thoroughly informed of all facts related to the processing of their data, especially the purpose and legal basis of data processing, the person authorized to process and handle the data, the duration of data processing, and who may access the data. The information must also cover the data subject’s rights related to data processing and the available legal remedies.
4. RULES ON DATA PROCESSING BY SZINERGIA KFT.
4.1. Legal basis for data processing:
In accordance with Section 5 (1) (a) of the Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: “Data Protection Act”), the legal basis for data processing is your informed consent. Providing consent is voluntary. By giving your consent, you agree that Szinergia Kft. may process your personal data, including images of you (hereinafter collectively: “Data”), for the pre-determined purpose and perform operations on the Data, such as collecting, recording, organizing, storing, using, and deleting them, in accordance with the provisions set out in this Data Processing Information.
In cases where data processing is based on the data subject’s consent, the data subject may give their consent to the processing of their personal data electronically, by express conduct on Szinergia Kft.’s website, by filling out a checkbox, or by making technical settings related to the use of services in the information society. Any statement or act that clearly indicates the data subject’s consent to the intended processing of their personal data in the given context is also acceptable. Silence, pre-ticked boxes, or inactivity do not constitute consent.
Consent covers all data processing activities carried out for the same purpose or purposes. If data processing serves multiple purposes simultaneously, Szinergia Kft. requests consent for all purposes. If the data subject gives their consent following Szinergia Kft.’s electronic request, the request must always be clear and concise and must not unnecessarily hinder the use of the service for which Szinergia Kft. is requesting consent.
The data subject has the right to withdraw their consent at any time. Withdrawal of consent does not affect the lawfulness of data processing based on consent before its withdrawal. Szinergia Kft. informs the data subject about this before giving consent. Szinergia Kft. provides the same easy means for withdrawing consent as for giving it.
If personal data is collected with the consent of the data subject, Szinergia Kft. may process the collected data without further specific consent and after the withdrawal of consent if it is necessary to fulfill a legal obligation applicable to Szinergia Kft.
4.2. Data Controller and Data Processor:
The Data is processed by Szinergia Kft. as the data controller. For providing marketing services, our company uses a data processor.
4.3. Duration of data processing:
Data processing is for an indefinite period, but at most until you prohibit the use of the Data for the intended purpose or request the termination of data processing.
4.4. Persons with access to the Data:
Employees of Szinergia Kft. and the current authorized representatives entitled to sign on behalf of the company have access rights to the Data.
4.5. Rights of the Data Subjects:
I. Right to information
1.1. The data subject has the right to receive information from Szinergia Kft. about data processing activities before they commence.
1.2. During the collection of personal data, Szinergia Kft. provides the data subject with the following information:
1.3. In addition to the information mentioned in point 1.2, Szinergia Kft. informs the data subject at the time of data collection, to ensure fair and transparent data processing, about the following additional information:
II. Right of access by the data subject
2.1. The data subject has the right to receive confirmation from Szinergia Kft. as to whether personal data concerning them are being processed, and if so, to access the personal data and the following information (Article 15 of the GDPR):
2.2. Where personal data is transferred to a third country or international organization, the data subject has the right to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR relating to the transfer.
2.3. Szinergia Kft. provides a copy of the personal data undergoing processing. For any further copies requested by the data subject, Szinergia Kft. may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested, the information is provided in a commonly used electronic format.
III. The Right to Rectification
3.1 The data subject has the right to have Szinergia Kft. rectify inaccurate personal data concerning them without undue delay upon request.
3.2 Considering the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
IV. The Right to Erasure (“the right to be forgotten”)
4.1 The data subject has the right to request Szinergia Kft. to erase personal data concerning them without undue delay, and Szinergia Kft. is obligated to erase personal data without undue delay if:
4.2 The right to erasure does not apply to the extent that processing is necessary:
V. The Right to Restrict Data Processing
5.1 In the case of restriction of data processing, such personal data, with the exception of storage, may only be processed with the consent of the data subject, or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.
5.2 The data subject has the right to request Szinergia Kft. to restrict data processing if any of the following conditions are met:
5.3 Szinergia Kft. shall inform the data subject before lifting the restriction of data processing.
VI.
Szinergia Kft. shall communicate any rectification, erasure, or restriction of data processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
VII. The Right to Data Portability
7.1 The data subject has the right to receive the personal data concerning them, which they have provided to Szinergia Kft., in a structured, commonly used, and machine-readable format, and has the right to transmit those data to another controller without hindrance from Szinergia Kft., if:
7.2 In exercising the right to data portability pursuant to point 7.1, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible.
7.3 The exercise of the right to data portability shall not adversely affect the rights and freedoms of others and shall not be in violation of Article 17 of the Regulation (the right to erasure). This right does not apply to processing necessary for the performance of a task carried out in the public interest.
VIII. The Right to Object
8.1 The data subject has the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on the performance of a task carried out in the public interest or in the exercise of official authority vested in Szinergia Kft., or the processing is necessary for the purposes of the legitimate interests pursued by Szinergia Kft. or by a third party (Article 6(1)(e) or (f) of the Regulation), including profiling based on those provisions. In such cases, Szinergia Kft. shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.
8.2 If personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing. If the data subject objects to processing for direct marketing purposes, Szinergia Kft. shall no longer process the personal data for such purposes.
8.3 The right referred to in points 8.1 and 8.2 shall be explicitly brought to the attention of the data subject at the latest at the time of the first communication with the data subject, and shall be presented clearly and separately from any other information.
8.4 The data subject may exercise the right to object by automated means using technical specifications.
8.5 Where personal data are processed for scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the Regulation, the data subject, on grounds relating to their particular situation, shall have the right to object to processing of personal data concerning them, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
IX. The Right to Exemption from Automated Decision-Making
9.1 The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
9.2 Point 9.1 shall not apply if the decision:
9.3 In the cases referred to in points 9.2(a) and 9.2(c), Szinergia Kft. shall implement suitable measures to safeguard the data subject’s rights, freedoms, and legitimate interests, at least the right to obtain human intervention on the part of Szinergia Kft., to express their point of view, and to contest the decision.
X. The Right of the Data Subject to Lodge a Complaint and Seek Redress
10.1 The right to lodge a complaint with the supervisory authority: Pursuant to Article 77 of the Regulation, the data subject has the right to lodge a complaint with a supervisory authority if they consider that the processing of personal data relating to them infringes the Regulation. The supervisory authority to which the complaint has been submitted shall inform the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the Regulation. The data subject can exercise their right to lodge a complaint via the following contact details: National Authority for Data Protection and Freedom of Information Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c Phone: +36 (1) 391-1400 Fax: +36 (1) 391-1410 Website: http://www.naih.hu Email: ugyfelszolgalat@naih.hu
10.2 The right to an effective judicial remedy against a supervisory authority: Without prejudice to any other administrative or non-judicial remedy, every natural and legal person has the right to an effective judicial remedy against a legally binding decision of a supervisory authority concerning them. Without prejudice to any other administrative or non-judicial remedy, every data subject has the right to an effective judicial remedy where the competent supervisory authority does not handle a complaint or does not inform the data subject within three months on the progress or outcome of the complaint lodged pursuant to Article 77 of the Regulation. Proceedings against a supervisory authority shall be brought before the courts of the Member State where the supervisory authority is established.
10.3 The right to an effective judicial remedy against a controller or processor: Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority under Article 77, every data subject has the right to an effective judicial remedy where they consider that their rights under the Regulation have been infringed as a result of the processing of their personal data in non-compliance with the Regulation. Proceedings against a controller or processor shall be brought before the courts of the Member State where the controller or processor has an establishment. Such proceedings may be brought before the courts of the Member State where the data subject has their habitual residence unless the controller or processor is a public authority of a Member State acting in the exercise of its public powers.
XI. Notification of a Data Protection Breach
11.1 If the data protection breach is likely to result in a high risk to the rights and freedoms of natural persons, Szinergia Kft. shall communicate the data protection breach to the data subject without undue delay.
11.2 In the communication referred to in point 11.1 to the data subject, Szinergia Kft. shall describe in clear and plain language the nature of the data protection breach and shall, at least:
11.3 The data subject shall not be informed if any of the following conditions are met:
XII. Procedure Applicable Upon the Data Subject’s Request
12.1 Szinergia Kft. facilitates the exercise of the data subject’s rights and may not refuse to act on a request by the data subject to exercise their rights as set out in this Policy unless it demonstrates that it is not in a position to identify the data subject. The data subject may send their request or inquiry regarding data processing to the following address:
Szinergia Kft. will send its response to the address specified by the data subject without undue delay, but no later than within 30 days.
12.2 Szinergia Kft. shall inform the data subject about the actions taken in response to their request without undue delay, and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. Szinergia Kft. shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay.
12.3 Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.
12.4 If Szinergia Kft. does not take action on the request of the data subject, it shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action, and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
12.5 Information provided under Articles 13 and 14 of the Regulation, and any communication and any actions taken under Articles 15 to 22 and 34 of the Regulation (providing feedback on the processing of personal data, access to the processed data, rectification, erasure, restriction of data processing, data portability, objection to data processing, notification of a data breach) shall be provided free of charge to the data subject.
12.6 Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, Szinergia Kft. may either:
Szinergia Kft. shall bear the burden of demonstrating the manifestly unfounded or excessive character of the request. If Szinergia Kft. has reasonable doubts concerning the identity of the natural person making the request under Articles 15 to 21 of the Regulation, it may request the provision of additional information necessary to confirm the identity of the data subject.
12.7 Purposes of data processing:
A.) EVENT REGISTRATION Szinergia Kft. may occasionally send information and promotional offers related to available training courses to individuals who register for events via email and post. Event registration can be done periodically by registering on the website www.szinergia.hu. By registering for an event, you consent to Szinergia Kft. taking photographs of you during the event and using them as part of its educational materials and promotional materials indefinitely, without compensation, in any manner (including internet advertisements, printed media, and other promotional materials) and without geographical limitation.
Please note that, according to the amendment of Act LXXVII of 2013, adult education providers must request the personal identification data of all participants in training courses. The received data must be reported to the Adult Education Data Service System as required by law. The data must be provided to Szinergia Kft. and will be processed until the last day of the eighth year following the date of training. With the exception of “gender” and “highest level of education,” you can prohibit the provision of data to the Adult Education Data Service System for reporting purposes by sending us a declaration. (Data blocking is possible if the participant has an educational identifier.)
If you no longer wish to receive information and promotional offers from Szinergia Kft., you can unsubscribe from the newsletter by clicking on the link “If you no longer want to receive information about our latest events, you can unsubscribe here” in the newsletter footer, or you can make a declaration by email to kepzes@szinergia.hu.
Applicants are responsible for the accuracy of the personal data provided. If false data is provided or someone else’s personal data is given, the affected person may suffer harm, in which case civil, criminal, and administrative proceedings may be initiated.
B.) APPLICATION FOR TRAINING Applications for training can be made on the website www.szinergia.hu under the TRAININGS menu. Some personal data must be provided for the application, which is detailed in point 12.7/A. Additionally, uploading a CV may be necessary for job advertisements. Szinergia Kft. may occasionally send information and promotional offers related to available training courses to individuals who apply via email or post. The personal data provided during the application are necessary for communication and sending information and offers related to the training, as well as for preparing for the interview and completing the training. By applying for training, you consent to Szinergia Kft. taking photographs of you during the training and using them as part of its educational materials and promotional materials indefinitely, without compensation, in any manner (including internet advertisements, printed media, and other promotional materials) and without geographical limitation.
If you no longer wish to receive information and promotional offers from Szinergia Kft., you can unsubscribe from the newsletter by clicking on the link “If you no longer want to receive information about our latest events, you can unsubscribe here” in the newsletter footer, or you can make a declaration by email to kepzes@szinergia.hu.
Applicants are responsible for the accuracy of the personal data provided. If false data is provided or someone else’s personal data is given, the affected person may suffer harm, in which case civil, criminal, and administrative proceedings may be initiated.
C.) Data processing related to orders, requests for offers, and contact on the Szinergia Kft. website Some services available on the website (orders, requests for offers) require the data subject to voluntarily provide personal data. Further data provision is also necessary in accordance with point 12.7/A. Accordingly, placing an order, sending a request for an offer to Szinergia Kft., or providing data during contact implies voluntary acceptance of this Policy and consent to data processing.
The legal basis for data processing is the data subject’s voluntary provision of data, which is given by ticking the box next to the order/request for offer/contact text on the Szinergia Kft. website after being informed about data processing.
Data subject group: any natural person who consents to the processing of their personal data on the Szinergia Kft. website.
Processed data: the name, email address, and phone number of the natural person.
Purpose of personal data processing: the provision of services available on the website, fulfilling orders, processing requests for offers, contacting for contract preparation or other purposes, and providing information about Szinergia Kft.’s products, services, contract terms, and promotions.
Recipients or categories of recipients of personal data: the executive officers of Szinergia Kft., employees responsible for customer service and marketing activities, and employees of the service provider responsible for operating the Szinergia Kft. website as data processors.
Storage period of personal data: until the order or request for an offer is fulfilled or until the data subject withdraws their consent (requests deletion).
D.) Data processing related to direct marketing activities The legal basis for direct marketing data processing by Szinergia Kft. is the data subject’s explicit and unambiguous consent. The data subject gives their explicit, unambiguous prior consent to the processing of their data for direct marketing purposes by ticking the box next to the consent for direct marketing contact text on the Szinergia Kft. website or in the relevant business contract after being informed about data processing.
Data subject group: any natural person who gives their explicit, unambiguous consent for the Company to process their personal data for direct marketing purposes.
Purpose of personal data processing: direct marketing activities related to the activities of Szinergia Kft., such as sending promotional materials, newsletters, and current offers in printed (postal) or electronic (email) form regularly or periodically to the contact details provided during registration or contract signing.
Recipients or categories of recipients of personal data: the executive officers of Szinergia Kft., employees responsible for customer service and marketing activities, and employees of the service provider responsible for operating the Szinergia Kft. website as data processors.
Processed personal data: the name, address, phone number, and email address of the natural person.
Duration of data processing: until the data subject withdraws their consent for direct marketing purposes.
XIII. OTHER RULES RELATED TO INTERNET USE
13.1. DATA OF WEBSITE VISITORS Viewing the / website is possible without providing personal data for anyone. During visits to the / website, a small file, called a “cookie” (hereinafter collectively referred to as “Cookie”), is stored on the user’s computer (or other internet-enabled devices, such as a smartphone or tablet), which makes the user’s browser uniquely identifiable, provided that the user has given their explicit (active) consent to this following clear and unambiguous information by continuing to browse the website. By visiting (browsing) the / website, the data subject consents to Szinergia Kft. processing and recording non-personal data. Non-personal data are technical data from which the data subject cannot be identified, thus not falling under the scope of the Info Act. Such information includes, in particular, the IP address, the time of the visit to the / website, the type of operating system of the computer, the address of the website that directed the data subject to the / website, etc. These non-personal data are processed for statistical and development purposes in an automated manner for a maximum of 60 days following the visit. Cookies are essential for the proper functioning of the / website and collect information about the website’s use to improve the user experience, making the site more convenient and useful. Some Cookies are stored only temporarily (until the browser is closed), while others remain on the computer for a more extended period. During visits to the website, the following data are recorded and processed about the visitor and the device used for browsing: the IP address used by the visitor, the type of browser, the characteristics of the operating system of the device used for browsing (set language), the time of the visit, the visited (sub)page, function, or service, click. The Cookies used on the website do not store information suitable for personal identification, and Szinergia Kft. does not perform personal data processing in this regard. By using the / website, the user consents to the use of Cookies as described in this point 1. Most internet browsers are set to allow Cookies to be stored by default without specific user intervention and/or notification. If the user does not agree with the use of Cookies, they need to set their browser accordingly. The user can change the default settings of the browser to block Cookies or request a warning about the Cookies used by the visited website. For more information or to change settings, the user can find help in the browser’s help section.
13.2. DATA COLLECTION BY EXTERNAL SERVICE PROVIDERS ON THE WEBSITE The HTML code of the www.szinergia.hu website may contain references to and from external servers independent of Szinergia Kft. The external server assists in the independent auditing of visit and other web analytical data on the website. The web analytics service provider, on behalf of Szinergia Kft., is authorized to process only anonymized data, not personal data. Currently, the web analytics service is provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043) within the framework of the Google Analytics service. Info: www.google.com. Online card payments are processed through the Barion system. Card data is not transmitted to the merchant. The service provider, Barion Payment Zrt., is an institution supervised by the Hungarian National Bank, with license number: H-EN-I-1064/2013.
XIV. DATA SECURITY MEASURES Data Security Measures
14.1. Szinergia Kft. may only process personal data in connection with the activities specified in this Policy and solely for the purpose of data processing.
14.2. Szinergia Kft. ensures the security of the data, undertaking to take all technical and organizational measures necessary to enforce data security, data protection, and secrecy protection laws and regulations, and to develop the procedural rules necessary to enforce the above laws.
14.3. Szinergia Kft. protects the data with appropriate measures against accidental or unlawful destruction, loss, alteration, transmission, damage, unauthorized disclosure, or access, and against becoming inaccessible due to changes in the applied technology. The technical and organizational measures implemented by Szinergia Kft. aim to:
14.4. Szinergia Kft. ensures that personal data processed by it can only be accessed by employees and persons acting on behalf of Szinergia Kft. who genuinely need access to perform their job duties.
14.5. Szinergia Kft. stores the personal data provided during each data processing activity separately from other data, ensuring that only employees with appropriate access rights can access the separated data files.
14.6. Szinergia Kft. classifies and treats personal data as confidential information. Employees who handle personal data in the course of their job duties are required to maintain confidentiality regarding personal data. Szinergia Kft. restricts access to personal data by assigning authorization levels.
14.7. To ensure data security in its IT records, Szinergia Kft. implements the following necessary measures:
14.8. To protect paper-based records, Szinergia Kft. takes the necessary measures, particularly regarding physical security and fire protection. Szinergia Kft. management, employees, and others acting on behalf of Szinergia Kft. must securely store and protect data carriers containing personal data, regardless of the recording method, against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as accidental destruction and damage.
14.9. Szinergia Kft. ensures that during the automated processing of personal data:
14.10. To protect personal data, Szinergia Kft. monitors incoming and outgoing communications conducted electronically.
14.11. Szinergia Kft. does not permit the sharing of personal data it manages on the internet, nor the use of file download, gaming, chat, or sexual service websites. The use of unauthorized programs received from external sources or downloaded is also prohibited.
14.12. Only authorized employees can access ongoing work and documents under processing, and Szinergia Kft. ensures the secure storage of personnel, payroll, and other personal data-containing documents. Szinergia Kft. ensures the proper physical protection of data, the devices carrying them, the IT system hardware, and the documents.
XV. HANDLING DATA BREACHES
Definition of a Data Breach
15.1 A data breach is a security incident that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed (Regulation Article 4, point 12).
15.2 A data breach includes incidents such as the loss of a device containing personal data (e.g., laptop, mobile phone), insecure storage of personal data (e.g., labor documents thrown into the trash), insecure transmission of data, unauthorized copying, transmission, or disclosure of customer and partner lists, IT system attacks, and mistakenly sent emails containing personal data.
Handling and Remedying Data Breaches
15.3 Preventing, handling, and complying with the relevant legal requirements concerning data breaches is the responsibility of the executive officer of Szinergia Kft.
15.4 Upon detecting a data breach, the executive officer of Szinergia Kft. shall immediately conduct an investigation to identify the data breach and determine its possible consequences. In this context, Szinergia Kft. will examine and establish:
In the event of a data breach, Szinergia Kft. will contain, isolate, and ensure the collection and preservation of evidence supporting the occurrence of the breach. Following this, Szinergia Kft. will begin restoring the damage and reinstating lawful operations.
15.5 Szinergia Kft. shall notify the competent supervisory authority of the data breach without undue delay and, if possible, no later than 72 hours after becoming aware of it unless the data breach is unlikely to result in a risk to the rights and freedoms of natural persons.
Recording Data Breaches
15.6 Szinergia Kft. maintains a record of data breaches, which includes:
15.7 Szinergia Kft. retains data related to data breaches in the record for 5 years.
XVI. CHANGING THE CONTENT OF THE WEBSITE AND THE DATA PROCESSING INFORMATION
Szinergia Kft. expressly reserves the right to unilaterally change, without restriction or notice, the content of the website it operates and the content of this Data Processing Information at any time, as well as to terminate or suspend any service.