1. DATA CONTROLLER

Name of the Data Controller: Windt Corporation Kft (hereinafter referred to as: ’Company’)
Representative of the Data Controller: Windt Robin Károly, Managing Director
Seat: 1021 Budapest, Labanc utca 7/A 1. em. 1.
E-mail: info@tarrasch07.com
Website: www.tarrasch07.com

2. LEGAL BACKGROUND TO DATA PROCESSING

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as: GDPR).

3. PROCESSING OF DATA

3.1. DATA PROCESSING IN RELATION TO ELECTRONIC CONTACT AND NEWSLETTERS
3.1.1. PROCESSING DATA AND THE AIM OF PROCESSING
Personal data Purpose of date processing
First name and surname The communication between the data subject and the company and the individualization of services.
E-mail The communication between the data subject and the company
3.1.2. LEGAL BASIS TO DATA PROCESSING

Legal basis is the consent of the data subject to the processing: GDPR article 6, point (a).

3.1.3. DURATION OF THE DATA PROCESSING

The Company processes the date received via messages until the withdrawal of the consent given by the data subject. The deletion of the registration can be initialized within the system by clicking on button ‘Deletion of Registration’. Personal data is destructed following this.

3.2. PERSONAL DATA IN RELATION TO ONLINE TESTS
3.2.1. PROCESSED PERSONAL DATA AND PURPOSE OF PROCESSING
Personal data Purpose of date processing
First name and surname The Company prepares complex personality and behavioral analyses based on the online-fulfilled tests. Giving this personal data is part of the test.
Date of birth The Company prepares complex personality and behavioral analyses based on the online-fulfilled tests. Giving this personal data is part of the test.
Results of the assessment The Company prepares complex personality and behavioral analyses based on the online-fulfilled tests.

The Company transfers the personal data above to the Customer of the complex personality and behavioral analysis.

3.2.2 LEGAL BASIS TO DATA PROCESSING

Legal basis is the consent of the data subject to the processing: GDPR article 6. paragraph 1. point (a).

3.2.3. DURATION OF THE DATA PROCESSING

The company stores data designated here for 4 (four) months following the creation date, then erases them automatically.

3.3. OTHER PERSONAL DATA STORED BY THE SYSTEM
3.3.1. PROCESSED PERSONAL DATA AND PURPOSE OF PROCESSING
Personal data Purpose of date processing
IP address Identifier number assigned by the internet provider to the asset used by the user logging into the system. The company processes it ensure network and information security.
Login date Date of a user logging into the system. The company processes it to ensure network and information security.
3.3.2 LEGAL BASIS TO DATA PROCESSING

Legal basis to data processing is to ensure network and information security, therefore it is a purpose of the legitimate interests pursued by the controller: GDPR article 6. paragraph 1. point (a). The storage of the above designated data is necessary for the ability of the information system to resist, at a given level of confidence, accidental events or unlawful or malicious actions hat compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data, and the security of the related services offered by. Storing the above personal data is proportionate for the purposes of ensuring network and information security. Please find an assessment proving this conclusion as Annex 1 to this policy.

3.3.3. DURATION OF THE DATA PROCESSING

The company stores data designated here to an extent necessary and proportionate for the purpose for 3 (three) months following the creation date, then erases them automatically.

4. ACCESSIBILITY TO PERSONAL DATA AND RELATED SECURITY MEASUREMENTS

4.1. ACCESSIBILITY TO DATA AND DATA TRANSFER
4.1.1. DATA CONTROLLERS ENTITLED POSSIBLE TO ACCESS PERSONAL DATA

Employees of the Data Controller, to an extent necessary and proportionate to carry out their duties.

4.1.2 DATA PROCESSORS

Data Processors not mentioned at certain data processing:

Name of the Data Processors: Colibree Design & Development Kft.
Seat: H-1163 Budapest, Máté utca 2.
Purpose of data processing: Development and maintenance of the website

Name of the Data Processors: EZIT Kft.
Seat: H-1132 Budapest, Victor Hugo utca 18-22.
Purpose of data processing: Provider of data storage

4.2. DATA SECURITY MEASUREMENTS

The Company stores personal data on servers located at its seat, (1112 Budapest Hegyalja út 118/b) The Company undertakes the necessary information technology, technical and human resources measurements in order to protect personal data controlled by the Company against unauthorized access or against unauthorized changes. The company processes data with highest possible discretion and strict confidentiality.

5. RIGHTS OF THE DATA SUBJECT

5.1. INFORMATION

The data subject can make a written inquiry through contact stated at point 1 in relation to which personal data is processed, on which basis, for what purpose, from what kind of source, for how long and can also inquire who had access to those personal data and whom it was transferred.
The Company addresses the inquiry latest within one month by sending a mail or e-mail to contacts determined by the inquirer.

5.2. RIGHT TO RECTIFICATION

The data subject can request the rectification of inaccurate data through contact stated at point 1 in a written form (e.g. changing e-mail or postal address). The Company addresses the request latest within one month and notifies the requestor by mail or e-mail to contacts determined by the data subject.

5.3. RIGHT TO ERASE

The data subject can request the erasure of personal data through contact stated at point 1 in a written form. The Company refuse the request if processing is necessary for compliance with a legal obligation to which the controller is subject: GDPR article 6. paragraph 1. point (c). If there is no such obligation, than the Company fulfills the request within 1 month and notifies the requestor by mail or e-mail to contacts determined by the data subject.

5.4 RIGHT TO RESTRICTION OF PROCESSING

The data subject can request the restriction of processing of personal data through contact stated at point 1 in a written form (expressing clearly the restriction and separation from other data). Restriction takes place until the reason marked by the data subject makes the restriction necessary. The restriction of data can be requested for example if the data subject thinks that its petition is treated unlawfully by the Company, but the data should not be erased due to an initiated course of action in front of the court or initiated by authorities. In this case the Company continues to store the personal data until the enquiry of the court or authorities (e.g. the relevant petition), then erase the data.

5.5. RIGHT TO OBJECT

The data subject has the right to object against the data processing through contact stated at point 1 in a written form if the Company transfers or uses data for research purposes.

6. LAW ENFORCEMENT POSSIBILITIES

6.1. INITIATING CIVIL PROCEDURE, LITIGATION

The data subject can initiate a civil procedure against the Company if experiences illegality in relation to data processing. The lawsuit can be initiated – according to the choice of the data subject – in front of the court of justice competent according to the home place of the data subject (please see listing and availability of such courts on the following link: http://birosag.hu/torvenyszekek).

6.2. NAIH PROCEDURE

The data subject can make a complaint at the Hungarian National Authority for Data Protection and Freedom of Information if experiences illegality in relation to data processing. Please see the link: https://www.naih.hu/online-uegyinditas.html.
An appointment can be arranged on Tuesday and Wednesday between 9 a.m. and 12 p.m. and between 1 p.m. and 4 p.m. on the following phone: +36 (1) 391-1400.
We kindly draw your attention to the fact that the Authority only inspects complaints once the data subject has contacted the Data Controller and failed to reach a conclusion.