Privacy Policy

 PART ONE

General provisions

1. Purpose and scope of the regulations 

The purpose of this regulation is to determine the legal order of the operation of the records kept by the Company and to ensure the enforcement of the constitutional principles of data protection, the right to informational self-determination, and the requirements of data security. The scope of the regulation extends to all data processing involving personal data carried out by the Company and all its organizational units.

2. Legal background
   

This policy is governed by the following regulations:

– Act CXII of 2011 on the right to informational self-determination and freedom of information

– Act I of 2012 (Mt.) and Act CCXXXVII of 2013 on credit institutions and financial undertakings

– Regulation 2016/679 of the European Parliament and of the Council (General Data Protection Regulation – GDPR)

– Act CXIX of 1995 on the processing of name and address data for research and direct marketing purposes

3. Basic concepts and principles of data protection

This section defines key terms such as personal data, data processing, restriction of processing, pseudonymization, profiling, data breach, data controller, processor, and recipient, ensuring compliance with GDPR principles, including:

– Lawfulness, fairness, and transparency

– Purpose limitation

– Data minimization

– Accuracy

– Storage limitation

– Integrity and confidentiality

The Company is responsible for demonstrating compliance with these principles (accountability).

4. Data processing rules

Personal data processing by the Company is lawful only if at least one of the following conditions is met:

– The data subject has given explicit consent.

– Processing is necessary for contractual performance.

– Processing is required for compliance with a legal obligation.

– Processing is necessary to protect vital interests.

– Processing is conducted in the public interest or for legitimate interests pursued by the Company, provided these do not override data subject rights.

5. Data protection register

The Company maintains records of data processing activities, including:

– Name and contact details of the Company and its data protection officer

– Purpose of data processing

– Categories of data subjects and personal data

– Categories of recipients

– Information on data transfers to third countries, if applicable

– Retention periods

– Security measures implemented

6. Rights of the data subject

 The data subject has the right to:

– Withdraw consent at any time

– Access, rectify, or delete their personal data

– Restrict processing

– Object to processing

– Data portability

– Not be subject to automated decision-making, including profiling

The Company ensures transparency in processing and provides responses to requests within 30 days.

7. Obligations of the Data Controller and the Data Processor

 The Company implements appropriate technical and organizational measures to ensure compliance with GDPR, including pseudonymization, encryption, access control, and regular audits.

8. Data disclosures and transfers

 Personal data may be disclosed:

– To fulfill legal obligations

– Based on the data subject’s consent

– For the performance of a contract

– For public interest purposes

Transfers to third countries or international organizations are only conducted under GDPR-compliant safeguards.

9. Data security regulations

 The Company ensures data security through:

– Pseudonymization and encryption

– Access control and authentication measures

– Backup and recovery protocols

– Incident response measures for data breaches

10. Data recording, data deletion

 Data is retained as per the applicable legal requirements and is deleted upon expiration of retention periods or at the request of the data subject, unless otherwise required by law.

11. Data protection training and audits

 The Company provides regular data protection training to employees and conducts annual data protection audits to ensure compliance with this policy.

PART TWO

 Specific data processing activities

1. Electronic invoicing and document exchange services

 The Company processes personal data of business partners, including names, addresses, phone numbers, and email addresses, to facilitate contractual obligations related to digital invoicing and document exchange.

2. Employee and payroll data

 Employee data is processed for payroll, taxation, and regulatory compliance, including:

– Personal identifiers (name, birth date, contact information)

– Employment and social security details

– Payroll and compensation records

– Leave and benefits administration

3. Market research and surveys

 The Company processes contact details of business representatives and stakeholders for legitimate market research and survey activities, ensuring compliance with consent and data protection principles.

4. Customer service and communications

 Personal data may be collected through customer support interactions and online forms, ensuring appropriate security measures to protect this data.

 Contact Information

For further information or to exercise data protection rights, please contact:

 J-B Faktor Zrt. (FactR)  

Company registration number 01-10-049291

1139 Budapest, Gömb utca 48/D IV 6  

Email: info@factr.online 

Website: https://factr.online  

 
This Privacy Policy is reviewed annually and updated as necessary.