1. Introduction
EPDB Printing Centre Plc. (1117 Budapest, Budafoki road 107-109., hereinafter referred to as the data controller), the data controller, acknowledges that it is bound by the contents of this legal notice. It undertakes to ensure that all data processing related to its activities complies with the requirements set out in this policy and in the applicable legislation.
Contact details of the Data Protection Officer:
E-mail address: gdpr@epdb.hu
phone number: +36 1 371 46 30
The data protection policies arising in connection with the data processing of EPDB Printing Centre Plc., are continuously available at www.epdb.hu/en/privacy-policy.
EPDB Printing Centre Plc. reserves the right to change this information at any time. Of course, the clients will be informed in good time about any changes.
If you have a question that is not clear from this notice, please write us and we will answer your question.
EPDB Printing Centre Plc. is committed to protecting the personal data of its customers and partners, and considers it of utmost importance to respect the right of its customers to self-determination in information. EPDB Printing Centre Plc. treats personal data confidentially and takes all security, technical and organizational measures that guarantee the security of the data.
EPDB Printing Centre Ltd. describes below its data management principles and the expectations it has set and adheres to as a data controller. The principles of data processing are in accordance with the applicable legislation on data protection, in particular with the following:
– Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, “GDPR”)
– Act CXII of 2011 — on the right to informational self-determination and freedom of information (Infotv.) ;
– Act CVIII of 2001 – on certain issues of electronic commerce services and information society services (Eker. tv.);
– Act CXXXIII of 2005 — on the rules of personal and property protection and private investigation activities (Act on the Protection of Private Investigators).
2. Principles of data processing by EPDB Printing Centre Plc.
In the processing of personal data, the EPDB Printing Centre Plc respects the following data protection principles in order to safeguard the data subject’s right to personal data:
(a) processes personal data lawfully and fairly and in a manner that is transparent to the data subject;
b) processes personal data only in connection with a specific, clear and legitimate purpose;
c) only processes personal data appropriate and relevant to the purpose of the processing, to the extent necessary (data saving principle)
(d) ensures that personal data are accurate and, where necessary, kept up-to-date, and take all reasonable measures to ensure that personal data inaccurate for the purposes of the processing are deleted or rectified without delay;
e) stores the personal data in a form that allows the identification of data subjects only for the time necessary to achieve the purposes for which the personal data are processed, ensuring limited storage;
f) takes technical and organisational measures in accordance with the principles of integrity and confidentiality to ensure data security, i.e. it protects personal data against unauthorised or unlawful processing, accidental loss, destruction or damage when processing personal data;
(g) the processing of personal data in accordance with the principle of accountability is carried out in such a way as to be able to demonstrate compliance with the above principles.
This Privacy Notice serves the principle of transparent data management.
3. Scope of personal data, purpose, legal title and duration of data processing
EPDB Printing Centre Plc. carries out the data processing of its activities on the legal bases and for the purposes specified below for each data processing. Some data processing is not included in this general data management information, in these cases a specific data management information is provided, which the data subject can consult when using the service.
Please note that if you provide EPDB Printing Centre Plc. with personal data other than your own, the data provider is obliged to inform the data subject and obtain consent for the data subject’s data to be transferred to EPDB Printing Centre Plc. by the data provider, or to obtain authorisation to give consent on the data subject’s behalf.
Certain data processing of the epdb.hu website
Purpose of data management: during the visit to the website, the service provider records visitor data in order to control the operation of the service, provide personalized service and prevent abuse.
Legal basis for data processing: the legitimate interest of the controller (Art. 6 (1) (f) GDPR).
The scope of the processed data: date, time, IP address, the address of the page visited, the address of the page previously visited, as well as other data generally accepted when using the Internet, used to measure the data of the visits.
Duration of data processing: 30 days from the date of viewing the website
The operator of the epdb.hu website places and reads back a small data package, a so-called cookie, on the user’s computer in order to provide a personalised service. If the browser sends back a previously saved cookie, the provider managing the cookie has the possibility to link the user’s current visit to the previous one, but only with regard to its own content.
Cookies necessary for the operation of the website and the functions of the website
The cookies listed below are necessary for the website to work.
In this case, the consent of the user is not required, the legal basis for processing is the legitimate interest of the controller [Article 6(1)(f) GDPR]..
Name | Service provider | Purpose of data processing | Validity period |
qtrans_cookie_test | epdb.hu | identification of the current session of users, storage of data entered during it, prevention of data loss | end of the session |
Data processor:
Name | Registered office | Data processor’s task |
Fee Collection Holding Plc. | 1117 Budapest, Budafoki Street 107-109. | website operation |
The cookie, which is valid until the session is closed, remains on the computer only until the browser is closed.
More information about cookies is available at: https://www.adatvedelmiszakerto.hu/cookie
The user can delete the cookie from his computer or disable the use of cookies in his browser. You can usually manage cookies by going to the Tools/Preferences menu of your browser and selecting Privacy settings, and then selecting the cookie or cookie option.
The purpose of data processing: to distinguish contracting entities from each other, to prepare a personalized quotation for them, to maintain contact.
Legal basis for data processing: consent of the data subject (Art. 6 (1) (a) GDPR).
Scope of the processed data: identification number, company name, name, job title, telephone number, e-mail address, date, time, data of the work concerned, as well as other personal data provided by the user
Duration of data processing: 5 years from the date of sending the form.
The controller of the personal data is: the Fee Collection Holding Plc., the Török Security Service Co. Ltd. (1026 Budapest, Gábor Áron str. 38.) and its subcontractor, Hun-Őr Guard Co. Ltd. (1158 Budapest, Késmárk str. 7/b).
The purpose of data processing is: to prevent and detect and catch infringements in order to protect property, to detect infringements, to prosecute the perpetrator, and to prove infringements.
The legal basis for data processing is: the legitimate interest and protection of personal and property of Fee Collection Holding Plc.
The scope of the processed data: identification number, name, name of the organization represented, signature, ID of the access card, date and time of issue and return of the access card, as well as data on the use of the card.
Duration of data processing: In the absence of use, 24 hours after the departure of a visitor with occasional, non-permanent access rights.
The controller of personal data: the Fee Collection Holding Plc. (1117 Budapest, Budafoki str. 107-109.)
Data processor: Őrmester Asset Protection Plc. (1142 Budapest, Ógyalla square 8.), Preventív-Protection Co. Ltd. (2330 Dunaharaszti, Némedi road 64.), Defend Guard Zone Co. Ltd. (1149 Budapest, Bíbor str.14-16. ground floor 3.) and T-Systems Hungary Plc. (1097 Budapest, Kőnyves Kálmán boulevard 36.)
The purpose of data processing is: to prevent, detect, prosecute and prove violations in order to protect human life, physical integrity, property, and cash, business, banking and payment secrets of significant value.
Legal basis for data processing: Article 6 (1) (f) GDPR, because Fee Collection Holding Plc has a legitimate interest in personal and property protection.
Type of personal data processed: facial images and other personal data of persons entering the EPDB Printing Centre’s premises, as shown in the images, as well as the date and time of the image recording.
Duration of data processing: up to 3 days in the absence of use.
Information about the storage of data: some of the recordings are stored locally and others on a server located at T-Systems, with increased data security measures, thus ensuring that unauthorized persons cannot view and copy the recordings.
Access to the images: only the employees of the Fee Collection Holding Plc. appointed for this purpose and the guardians designated as data processors are entitled to view the current image of the cameras, to view the recordings, to record them on a data carrier, in order to achieve the data processing purposes indicated in this notice.
Logging: insights into recorded recordings and recordings on a data medium are recorded in a protocol with the name of the person making them, the reason and the date of accessing the data by the Fee Collection Holding Plc.
Persons entitled to view the current image of the cameras: eligible employees of Fee Collecting Holding Plc.
Persons entitled to view the recording of the cameras: eligible employees of Fee Collecting Holding Plc., as well as those whose rights or legitimate interests are affected by the recording.
Persons entitled to record camera recordings on a data carrier: appointed employees of the Fee Collection Holding Plc.
The recordings stored in the camera surveillance and recording system operated by the Fee Collector Holding Plc. may be viewed by authorised persons only for the purpose of proving violations of human life, physical integrity, and property and for the identification of the perpetrator. Data subjects whose rights or legitimate interests are affected by the recording of the image may request a copy of the recordings made of them by the electronic surveillance system and may ask for the deletion of the recordings.
The Data Controller shall keep a record of the access to the recorded data, the name of the person who accessed the recorded data, the reason for access and the time of access.
If you have any questions or problems while using our services, you can contact the data controller at the contact details provided in this notice or on the website.
EPDB Printing Centre Plc. provides letters received by post or fax with a number for customer inquiries, and then keeps the sender’s name and the date of arrival in its system for 5 years.
EPDB Printing Centre Plc. deletes the received emails with the sender’s name and e-mail address, as well as other voluntarily provided personal data, after a maximum of 5 years from the date of data disclosure.
We will inform you about data processing not listed in this notice at the time of data collection.
We inform our customers that the court, the prosecutor, the investigating authority, the infringement authority, the administrative authority, the National Authority for Data Protection and Freedom of Information, or other bodies authorized by law may contact the data controller in order to provide information, communicate data, transfer or provide documents.
EPDB Printing Centre Plc. discloses personal data to the authorities, if the authority has indicated the exact purpose and scope of the data, only as much and to the extent that is absolutely necessary for the realization of the purpose of the request.
4. Method of storage of personal data, security of data management
EPDB Printing Centre Plc’s computer systems and other data storage locations can be found at its registered office, at the headquarters and premises of Fee Collection Holding Plc., or on servers rented by EPDB Printing Centre Plc.. Physical location of the servers: Budafoki road 107. Additional storage is provided by sub-processors: T-Systems Co. Ltd., and Invitech Plc. Datacenter server hotel.
EPDB Printing Centre Plc. selects and operates the IT tools used for the processing of personal data during the provision of the service in such a way that the processed data:
(a) are accessible to those entitled to do so (availability);
b) their authenticity and authentication is ensured (authenticity of data processing);
(c) their invariance is verifiable (data integrity);
d) they are protected against unauthorized access (confidentiality of data)
EPDB Printing Centre Plc. protects the data with appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, erasure or destruction, as well as accidental destruction, damage and becoming inaccessible due to changes in the technology used.
In order to protect the electronically managed data files in its various registers, EPDB Printing Centre Plc. ensures that the stored data, unless permitted by law, cannot be directly linked and assigned to the data subject.
EPDB Printing Centre Plc. takes technical and organisational measures to protect the security of data processing in view of the current state of the art, which provide a level of protection corresponding to the risks arising from data processing.
EPDB Printing Centre Zrt. keeps during its data processing
(a) confidentiality: protects information so that it can only be accessed by those who have the right to do so;
(b) integrity: protects the accuracy and completeness of the information and the method of processing;
(c) availability: ensures that when the authorised user needs it, he can actually access the information he wants and that the means to do so are available.
The IT system and network of EPDB Printing Centre Plc. and its partners are protected against computer-aided fraud, espionage, sabotage, vandalism, fire and flood, as well as against computer viruses, computer intrusions and denial of service attacks. The operator ensures security through server-level and application-level protection procedures.
We inform users that electronic messages transmitted over the Internet, regardless of protocol (e-mail, web, ftp, etc.), are vulnerable to network threats that lead to unfair activity, dispute of contract or disclosure or modification of information. In order to protect against such threats, the controller shall take all precautions that may be expected of him. It monitors systems in order to record any security discrepancies and provide evidence for each security incident. System monitoring also makes it possible to check the effectiveness of the precautions applied.
5. Data and contact details of the data controller
Name: EPDB Printing Centre Plc.
Registered office: 1117 Budapest, Budafoki str. 107-109.
Contact of the Data Protection Officer: gdpr@epdb.hu
Company registration number: 01-10-048079
Name of the court of registration: Registry Court of the Capital City Court
Tax ID: 24924243-2-43
Email: gdpr@epdb.hu
Data and contact details of the data processors
CRITERION Holding Limited Liability Company (Registered Office: 1033 Budapest, Polgár str. 8-10., Hungary; company registration number: 01-09-911723)
Fee Collection Holding Private Limited Company (Registered Office: 1117 Budapest, Budafoki str. 107-109. ; company registration number: 01-10-042094)
Török Security Service Ltd. (1026 Budapest, Gábor Áron road 38. ; 01-09-364266)
The list of data processors is not exhaustive, EPDB Printing Centre Plc. reserves the right to use additional data processors, the identity of which will be notified individually at the latest at the start of data processing.
6. Rights affected
If EPDB Printing Centre Plc. is a data processor, the rights of the data subjects can basically be enforced against the ordering data controller.
If EPDB Printing Centre Plc. is the data controller, in accordance with Articles 13-21 of the GDPR, (or, if appropriate, his representative) the concerned has the following rights:
The data subject has the right to receive feedback from the Controller as to whether his or her personal data is being processed and, if such processing is in progress, he or she is entitled to have access to the personal data and to the following information (otherwise appearing in the data processing notice):
(a) the purposes of the processing;
(b) the categories of personal data concerned;
(c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, including in particular recipients in third countries or international organisations;
(d) where applicable, the envisaged period for which the personal data will be stored or, if this is not possible, the criteria for determining that period;
e) the right of the data subject to request from the Controller rectification, erasure or restriction of processing of personal data concerning him or her and to object to the processing of such personal data;
(f) the right to lodge a complaint with a supervisory authority;
(g) if the data were not collected from the data subject, all available information on their source;
(h) the fact of automated decision-making, including profiling, and, at least in these cases, understandable information on the logic used and the significance of such processing as well as the expected consequences for the data subject.
The Data Controller shall provide the data subject with a copy of the personal data subject to data processing. For additional copies requested by the data subject, the Controller may charge a reasonable fee based on administrative costs. Where the data subject has submitted the request electronically, the information shall be made available in a widely used electronic format, unless otherwise requested by the data subject. The right to request a copy shall not adversely affect the rights and freedoms of others.
Pursuant to Article 16 of the GDPR, the data subject has the right to request the rectification of personal data.
Upon the relevant request of the data subject, the Data Controller is obliged to correct inaccurate personal data relating to him without undue delay. Taking into account the purpose of the data processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
Pursuant to Article 17 of the GDPR, the data subject has the right to request the personal data to be deleted, however, before making such a request, please note the following:
The data subject has the right to request the Data Controller to delete personal data concerning him or her. The Controller is obliged to delete the personal data concerning the data subject without undue delay in the following cases:
(a) the personal data are no longer necessary for the purpose for which they were collected or otherwise processed;
b) the data subject withdraws his consent on which the data processing is based and there is no other legal basis for the processing;
c) the data subject objects to the processing of the data in the public interest, in order to exercise a public authority or in the legitimate interests of the controller (third party) and there is no overriding legitimate reason for the processing, or the data subject objects to the processing for direct marketing purposes;
d) the personal data have been processed unlawfully;
e) the personal data must be deleted in order to comply with a legal obligation under Union or Member State law (Hungarian law) applicable to the Controller;
(f) the personal data were collected in connection with the provision of information society services.
The restriction of the data subject’s right to erasure can only take place in the presence of the following exceptions in the GDPR, i.e. in the presence of the above reasons, the further retention of personal data may be considered lawful in the following cases:
(a) the exercise of the right to freedom of opinion expression and information, or
(b) compliance with a legal obligation, or
(c) the performance of a task carried out in the public interest, or
(d) by reason of the exercise of a public authority vested in the controller, or
(e) if it is in the interest of the public interest in the field of public health,
(f) for archiving purposes in the public interest, or
(g) for scientific and historical research or statistical purposes, or
(h) if necessary for the establishment, exercise or defence of legal claims.
Pursuant to Article 18 of the GDPR, the data subject has the right to request the Controller to restrict the processing of personal data concerning him or her (temporary measure) as follows:
The data subject shall have the right, at his request, to restrict the processing of the data if one of the following is fulfilled:
a) the data subject disputes the accuracy of the personal data, in which case the limitation applies to the period of time that allows the Controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject objects to the deletion of the data and instead requests the restriction of their use;
c) the Controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or
d) the data subject has objected to the processing of the data in the public interest, in order to exercise a public authority or in the legitimate interests of the controller (third party); in this case, the restriction applies for the period until it is established whether the legitimate reasons of the Controller take precedence over the legitimate reasons of the data subject.
Where processing is restricted on the basis of the above, such personal data, with the exception of storage, may only be processed with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
The Data Controller shall inform the data subject at whose request the processing has been restricted pursuant to paragraph 1 of this Article about the lifting of the restriction of processing.
Pursuant to Article 21 of the GDPR, the data subject has the right to object to the processing of personal data concerning him or her by the Controller as follows:
Right of objection: the data subject has the right to object at any time to the processing of his personal data based on Article 6 (1) (f) GDPR on grounds relating to his or her situation. In this case, the Controller may no longer process the personal data, unless the controller proves that the processing is justified by compelling legitimate reasons that override the interests, rights and freedoms of the data subject or which are related to the establishment, exercise or defence of legal claims.
The data subject has the right to object at any time on grounds relating to his or her own situation to the processing of his or her personal data in the public interest, in order to exercise a public authority or in the legitimate interests of the controller (third party), including profiling based on this. In this case, the Controller may no longer process the personal data, unless the Controller proves that the processing is justified by compelling legitimate reasons which override the interests, rights and freedoms of the data subject or which are related to the establishment, exercise or defence of legal claims.
If personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him for this purpose, including profiling, insofar as it is related to direct marketing. If the data subject objects to the processing of personal data for direct marketing purposes, the personal data may no longer be processed for this purpose.
The right to object must be explicitly brought to the attention of the data subject at the latest at the first contact and the information on this subject must be displayed clearly and separately from all other information.
In connection with the use of information society services and by way of derogation from Directive 2002/58/EC, the data subject may also exercise the right to object by automated means based on technical specifications.
If the processing of personal data is carried out for scientific and historical research purposes or for statistical purposes, the data subject has the right to object to the processing of personal data concerning him on grounds relating to his or her situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
Pursuant to Article 20 of the GDPR, the data subject is entitled to the portability of personal data concerning him or her as follows:
The data subject shall have the right to receive the personal data concerning him or her that he or she has provided to a controller in a structured, widely used, machine-readable format and to transmit such data to another controller without hindrance from the controller to whom he or she has made the personal data available, if:
a) if the legal basis for the processing is the consent of the Data Subject or the performance of a contract concluded with the Data Subject
b) and the data processing is carried out in an automated manner.
In exercising the right to data portability, the data subject shall have the right, where technically feasible, to request the direct transfer of personal data between data controllers.
Exercising the right to data portability must not prejudice the right to erasure. The right to data portability shall not apply where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of the controller’s public powers. The right to data portability shall not adversely affect the rights and freedoms of others.
Complaint:
If the data subject has a complaint regarding EPDB Printing Centre Plc.’s data processing, he or she may send his or her letter to the e-mail address gdpr@epdb.hu or to the postal address 1117 Budapest, Budafoki road 107-109.
If EPDB Printing Centre Plc. receives a complaint within the scope of its data processing activities, it shall forward it to the controller within a reasonable period of time.
Right to apply to the court:
In case of violation of his/her rights, the data subject may take legal action against the controller. The case may be brought before the Metropolitan Court of Justice or, at the choice of the person concerned, before the court of his or her place of residence (the list and contact details of the courts can be found at the following link: http://birosag.hu/torvenyszekek
Data protection authority procedure:
Complaints can be lodged with the National Authority for Data Protection and Freedom of Information:
Name: National Authority for Data Protection and Freedom of Information
Registered office: 1055 Budapest, Falk Miksa str. 9-11.
Mailing address: 1363 Budapest, P.O.Box 9.
Phone: 06 30 683 5969
Email: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu