Information on Privacy Policy & Information about the Website
LEG Magyarország Zrt.
Last updated: 04/12/2018
CONTENTS
1 Purpose of the Information on Privacy Policy »
8 Data processing by LEG Zrt »
- 8.1 Personal data given in the course of enquiries, requests for quotation and
communications - 8.2 Using the website; cookies
- 8.3 CV data sent to vacancy notices
- 8.4 Translators’ data given in CVs
- 8.4.1 Translators’ CVs submitted to LEG Zrt
- 8.4.2 Translators’ CV data loaded in the online database
- 8.5 Contact details of clients in the course of performing translation tasks
- 8.6 Personal data included in the materials to be translated
- 8.7 Social networking sites of LEG Zrt
11 The data subject’s rights and remedies »
- 11.1 The right to transparent information
- 11.2 Right of access
- 11.3 Right to data portability
- 11.4 Right to rectification
- 11.5 Right to be forgotten
- 11.6 Right to object
- 11.7 Right to restriction of processing
- 11.8 Automated individual decision-making, including profiling
1. Purpose of the Information on Privacy Policy
The aim of this Information on Privacy Policy is to define the principles and rules of processing personal data other than the employee’s personal data by LEG Magyarország Zrt (hereinafter referred to as ‘LEG Zrt’ or ‘LEG’) in order to enforce the principles of data privacy and the requirements of data security.
2. Tracking changes
The data protection directives relating to the processing of data by LEG Zrt are available on a continuous basis at https://leg.eu/index.php/hu/adatvedelem.
LEG Zrt reserves the right to amend this Information at any time.
3. General provisions
LEG Zrt carries out any processing of personal data in compliance with the following basic principles:
- LEG Zrt processes all personal data confidentially, in accordance with the effective legal regulations, provides for their security, and takes all necessary administrative, logical, physical security and organizational measures and also details as elaborates the procedural rules needed for the enforcement of the relevant provisions of the legislation in force.
- In the course of processing data, LEG Zrt maintains confidentiality i.e. protects the information so that only the persons authorized thereto can have access to it; maintains integrity i.e. protects the accuracy and completeness of the information and the method of processing; maintains availability i.e. ensures that when an authorized user needs the information, he can have access to it, and all instruments relating thereto will be available.
- LEG Zrt as controller warrants that any processing related to its activities will comply with the provisions set out in this Information on Privacy Policy and also in the relevant legislation in force.
4. Legislative background
LEG Zrt is obliged to comply in each phase of data processing with all the relevant regulations concerning the processing of personal data. In respect of data processing performed by LEG, it is primarily the provisions laid down in the following legislation that shall apply:
- Act V of 2013 on the Civil Code (‘Ptk’)
- Regulation (EC) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; ‘GDPR’);
- Act CXII of 2011 on Informational Self-Determination and Freedom of Information (‘Privacy Act’)
5. Definitions
Term | Description |
data subject | Any natural person identified or identifiable - directly or indirectly - on the basis of specific personal data. |
personal data | Any information which could be attributed to a data subject, in particular the name or any identifier of the data subject, or any knowledge characteristic of the data subject’s one or more physical, physiological, mental, financial, cultural or social identities, and any conclusion relating to the data subject that can be drawn from the information. |
consent | Any specific and informed indication of the will of the data subject, given freely and expressly, by which he/she unambiguously gives his/her agreement to personal data relating to him/her being processed fully or to the extent of specific operations. |
objection | The statement of the data subject, by which he/she objects to the management of his/her personal data and requests the termination of data processing or the deletion of the data processed. |
technical data processing | Irrespective of the procedure applied, any operation or the total of operations performed in connection with personal data, such as collection, entering, recording, organisation, storage, alteration, use, transmission, public entry, alignment or combination, blocking, erasure or destruction of personal data, and the prevention of their further use, taking photographs, recording sounds or images, as well as recording physical characteristics suitable for personal identification (e.g. finger or palm prints, DNA samples, iris images). |
technical data processing | The performance of technical tasks associated with data processing operations, irrespective of the methods and means used to perform those operations, and of the place of applying such methods and means, provided that the technical task is performed on the data. |
data transfer | Making the data available to a specific third party. |
public disclosure | Making the data accessible for anyone. |
controller | A natural or legal person or an unincorporated organisation who or which determines - independently or jointly with others - the purpose of the processing of personal data, who or which makes and implements the decisions concerning data processing (including the means used), and who or which may have a data processor carry out those decisions. |
processor | A natural or legal person, or unincorporated organisation who or which carries out data processing under a contract, also including contracts entered into in pursuance of any provision of law. |
erasure | The process of making data unrecognizable in such a way that their restoration is no longer possible. |
set of data | The total data processed in one register. |
third person | A natural or legal person, or unincorporated organisation other than the data subject, the controller or the processor. |
6. The controller’s details
-
- Name of the controller company: LEG Magyarország Zrt.
- Seat of the controller: 1075 Budapest, Madách Imre út 11. II/1.
- Registered address of the controller: the same as above
- Company registration number: 01-10-047451
- Tax number: 14525616-2-42
- Contact person: Boglárka Tímea Tési
- Telephone number of the controller: +36-1-439-0650
- E-mail address: info@leg.eu
7. The processors
LEG Zrt involves third parties to carry out the operational tasks of its website available at www.leg.eu and of its IT system. The requirements related to personal data protection are set out for third parties in a contract in accordance with this Information on Privacy Policy.
8. Data processing by LEG Zrt
8.1 Personal data given in the course of enquiries, requests for quotation and communications
Purpose of processing | To provide customised services to the data subjects, and to send price quotations and give information upon the data subjects’ request. |
Legal basis of processing | The data subject’s voluntary consent to data processing; entering the data is initiated by the data subject. |
Scope of the data processed | The data subject’s name, telephone number and own e-mail address. |
Relevant data subjects | All relevant persons making enquiries in the course of the data processing who make contact with LEG Zrt. |
Duration of data processing | Should there be no business relationship established within one year upon sending the quotation, the data will be erased. |
Withdrawal of consent | The consent may be withdrawn by e-mail or by phone, however withdrawal of consent does not affect the lawfulness of any processing carried out prior to such withdrawal. |
Obligation to provide personal data / Consequences of refusing to provide personal data | The data subject is obliged to provide the data because no future identification can be made without the information listed. If the data subject fails to provide the personal data, no quotation can be given. |
8.2 Using the website; cookies
The service provider places anonymous identifiers (cookies) in the data subject’s computer; those cookies are not in any way capable of identifying the data subject in themselves but are suitable only for recognizing the data subject’s computer. There is no need to give the name, e-mail address or any other personal information because, when applying the solution, the user will not provide any personal data to the service provider; data exchange will be carried out only and exclusively between computers.
By setting up his/her browser, the user is entitled to prohibit the placement of unique identifiers (cookies) in his/her computer. The user is entitled to prohibit the application of cookies of marketing or another nature in the pop-up window when visiting various sites.
Purpose of processing | The service provider processes the cookies for the purpose of data processing i.e. to gain more detailed information on the data subjects’ use patterns of using information, and thus could improve the level of its services, and could pop up customized pages and marketing (advertising) materials when visiting the website. |
Legal basis of processing | The data subject’s voluntary consent forms the legal basis of data processing; when opening the website, the data subject can set up the operation of cookies in a pop-up window. |
Scope of the data processed | The personal data to be processed are the cookies used by Google Analytics, the cookies enhancing the operation of the website, and the cookies serving marketing purposes. |
Relevant data subjects | All relevant persons making enquiries in the course of the data processing who make contact with the company. |
Duration of data processing | One year upon visiting the website. |
Withdrawal of the consent | The consent may be withdrawn by e-mail or by phone; however, the withdrawal of consent does not affect the lawfulness of any processing carried out prior to such withdrawal. |
Obligation to provide personal data / Consequences of refusing to provide personal data | Should the data subject refuse to give his/her consent to running cookies, he/she will be able to browse on the website “more slowly”. |
8.3 CV data sent to vacancy notices
CVs may be sent to the contact addresses (e-mail address) given in vacancy notices advertised on the website/other surfaces.
Purpose of processing | Filling the posts advertised by the service provider; establishing an employment relationship. |
Legal basis of processing | The data subject’s voluntary consent forms the legal basis of data processing. By sending his/her CV, the person concerned voluntarily consents to the processing of his/her data. |
Scope of the data processed | Personal data to be processed are the data subject’s name, phone number, e-mail address, educational background and other data included in his/her CV. |
Relevant data subjects | All relevant persons affected by the processing who voluntarily apply for a job advertised. |
Duration of data processing | Duration of storage is maximum 6 months upon receipt of the data (In case if the post concerned will be filled by another person than the data subject). |
Withdrawal of the consent | The consent may be withdrawn by e-mail or by phone; however, the withdrawal of consent does not affect the lawfulness of any processing carried out prior to such withdrawal. |
Obligation to provide personal data / Consequences of refusing to provide personal data | The data subject is obliged to provide the data; the recruitment procedure may not be started in the absence of the information requested. If the data subject fails to provide the personal data then the application will automatically be rejected. |
8.4 Translators’ data given in CVs
8.4.1 Translators’ CVs submitted to LEG Zrt
Translators’ CVs may be sent to the contact addresses (e-mail address) given on the website/other surfaces.
Purpose of processing | Business cooperation. Subcontracting translation tasks to subcontractors by LEG Zrt. |
Legal basis of processing | The data subject’s voluntary consent forms the legal basis of data processing; by sending his/her CV, the person concerned voluntarily consents to the processing of his/her data. |
Scope of the data processed | Personal data to be processed are the data subject’s name, phone number, e-mail address, educational background and other data included in his/her CV. |
Relevant data subjects | All relevant persons affected by the processing who voluntarily apply for a job advertised. |
Duration of data processing | Until the end of cooperation. |
Withdrawal of the consent | The consent may be withdrawn by e-mail or by phone; however, the withdrawal of consent does not affect the lawfulness of any processing carried out prior to such withdrawal. |
Obligation to provide personal data / Consequences of refusing to provide personal data | If the data subject fails to provide the personal data then the possibility of further cooperation will be terminated. |
8.4.2 Translators’ CV data loaded in the online database
LEG Zrt has subscriptions to translators’ databases operated by third parties. On the basis of the business model of the organisation operating the translators’ database, translators can load their CVs into the database, and translation agencies and other customers can have access to the translators’ CVs in accordance with the Data processing rules of the operator of the site.
In relation to certain translation tasks, LEG Zrt may entrust translators with jobs, relying upon the translators’ CVs included in the online database.
8.5 Contact details of clients in the course of performing translation tasks
Purpose of processing | Business cooperation |
Legal basis of processing | Fulfillment of the agreement |
Scope of the data processed | Contact information |
Relevant data subjects | The contact persons affected by data processing, appointed by the client in the course of the fulfilment of the contract/order concerned. |
Duration of data processing | Until the end of cooperation. |
Withdrawal of the consent | The consent may be withdrawn by e-mail or by phone; however, the withdrawal of consent does not affect the lawfulness of any processing carried out prior to such withdrawal. |
Obligation to provide personal data / Consequences of refusing to provide personal data | Non-fulfilment of the contract |
8.6 Personal data included in the materials to be translated
The personal data included in the materials to be translated are not verified by LEG Zrt. The customer is responsible for notifying LEG Zrt in the course of the ordering process if the material to be translated contains personal data. The customer is responsible for obtaining consent from the data subjects to the transmission of personal data included in the material to be translated. Furthermore, the customer is responsible for not providing personal data to LEG Zrt when there is no justification for doing so.
LEG Zrt will handle all translation materials in accordance with the guidelines on information security and the requirements of data processing.
8.7 Social networking sites of LEG Zrt
LEG Zrt operates Facebook (https://www.facebook.com/legtranslations/) and LinkedIn (https://www.linkedin.com/company/language-experts-group/) social networking sites. The personal data of the users registering or sending messages on the sites are accessible in accordance with the Data processing rules of Facebook or LinkedIn.
9. Data transfer
LEG Zrt is entitled and obliged to transfer all available and lawfully stored personal data to the competent authorities, the transfer of which is provided for by law or a compulsory order from a public authority. The controller may not be held liable for any such transfer or any circumstance arising therefrom. No data transfer will be effected to other parties or third countries.
10. Description of the technical and organisational measures applied to guarantee the security of data
The level of complex information security necessary and appropriate for processing personal data is ensured by the following measures/regulatory instruments with regard to confidentiality, integrity and availability:
- physical protection measures
- administrative and technical protection measures and controls
- provision of adequate resources
- personal security measures
training related to information security and personal data processing
11. The data subject’s rights and remedies
11.1 The right to transparent information
The right to appropriate, transparent information is a fundamental right of the data subject, which is an obligation imposed on the controller. The controller informs the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, of the circumstances of the processing, and also of the rights the data subject is entitled to.
In the event of any request for information, the controller provides such information without undue delay but maximum within 30 days.
11.2 Right of access
The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him/her are being processed, and, where that is the case, the data subject has the right to obtain access to the personal data and the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- the envisaged period for which the personal data will be stored;
- the right to rectification or erasure of the data or restriction of processing, and the right to object to the processing;
- the right to lodge a complaint with a supervisory authority;
- any available information as to the data sources;
- the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
The controller gives the information within one month of submitting the request at the latest.
11.3 Right to data portability
The data subject has the right to receive the personal data concerning him/her, which he/she has provided to the controller, in a structured, commonly used and machine-readable format, and has the right to transmit those data to another controller.
11.4 Right to rectification
The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him/her.
11.5 Right to be forgotten
The controller is obliged to erase all personal data concerning the data subject without undue delay where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data subject withdraws his/her consent on which the processing is based, and there is no other legal ground for the processing;
- the data subject objects to the processing, and there are no overriding legitimate grounds for the processing;
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- the personal data have been collected in relation to the offer of information society services.
Should the data processed be required for enforcing rights or e.g. for reporting to authorities, the processing can be carried out for compliance with a legal obligation or on the grounds of the existence of a legitimate interest.
When erasing data, the obligation of erasure also applies to all processors involved.
11.6 Right to object
The data subject has the right to object, on grounds relating to his/her particular situation, at any time to processing personal data concerning him/her where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or on grounds of the legitimate interests of a controller or a third party, including profiling based on those provisions. Should the data subject object to processing, the controller will no longer process the personal data unless it is justified by compelling legitimate grounds for the processing that override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
11.7 Right to restriction of processing
In the event of a restriction, personal data may only be stored and any other processing can be carried out only with the data subject’s consent, for the establishment of legal claims, or on public interest grounds. The data subject has the right to obtain from the controller a restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
- the data subject has objected to processing, pending the verification whether the legitimate grounds of the controller override those of the data subject.
11.8 Automated individual decision-making, including profiling
No profiling is carried out by LEG Zrt.
12. Referral to the court
We hereby inform the users that if the data subject’s rights are violated, the data subject may seek judicial remedy against the controller. Such court proceedings will be conducted under an expedited procedure. The regional court has jurisdiction to adjudicate on the action. The proceedings may also be brought before the regional court of where the controller’s registered address is located or, at the data subject’s option, of where the data subject’s place of residence or abode is located. Any person is considered to have the capacity to be a party in legal proceedings even if he/she is otherwise lacking legal capacity.
Should the controller cause damage to another person through the unlawful processing of the data subject’s data or through the breach of the requirements of data security, he/she will be held liable for such damage. Should the controller infringe the data subject’s rights relating to personality through the unlawful processing of the data subject’s data or through the breach of the requirements of data security, the data subject will have the right to claim a grievance award from the controller. The controller will be exempted from the liability for the damage caused and for the obligation to pay a grievance award if it proves that the damage or the breach of the data subject’s rights relating to personality has been caused by an unavoidable factor that is out of the scope of the processing. The controller will not be liable to pay the compensation for the damage, and no grievance award may be claimed, if the damage has arisen from the injured party’s intentional conduct or serious negligence, or the grievance caused by the breach of rights relating to personality has arisen from the data subject’s intentional conduct or serious negligence.
13. Administrative action
The data subject is entitled to make a complaint to, or request information also from the Authority:
- Name: National Authority for Data Protection and Freedom of Information
- Registered address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
- Postal address: 1530 Budapest, Pf.: 5.
- Mailing address: 1530 Budapest, Pf.: 5.
- Telephone: +36 (1) 391-1400
- Fax: +36 (1) 391-1410
- E-mail: ugyfelszolgalat@naih.hu
- Website: https://naih.hu
14. Miscellaneous provisions
We shall give information on any data processing activity not listed in this information document when receiving the data concerned. We hereby inform our clients that the courts, the public prosecutor, the investigating authority, the authority dealing with administrative offences, the administrative authority, the National Authority for Data Protection and Freedom of Information, the National Bank of Hungary, or other bodies upon statutory authorisation may ask the controller to give information, disclose or transfer data, or provide documents to them.
LEG Zrt - if the authority precisely specified the purpose and the scope of data - will disclose personal data to authorities only to the extent strictly necessary for achieving the purpose of the inquiry.