1. Names of Data Controllers
Pursuant to Subsection 9 of Section 3 of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: Privacy Act), a data controller is any natural or legal person or organisation without legal personality which alone or jointly with others determines the purposes and means of the processing of data; makes and executes decisions concerning data processing (including the means used) or has these decisions executed by a data processor.
The purposes and rules of data processing of the sites available at the domain names listed below shall be, in line with Subsection 9 of Section 3 of the Privacy Act, jointly determined by Future FM Zrt., Future Service Kft., Future Security Zrt. and Future Fleet Kft. (hereinafter jointly: Data Controllers), therefore these shall be considered joint data controllers.
Name of Data Controller (1): Future FM Zrt.
Company registration number of Data Controller (1): Cg. 01-10-045958
Registered seat of Data Controller (1): 1148 Budapest, Fogarasi út 5.
Name of Data Controller (2): Future Service Kft.
Company registration number of Data Controller (2): Cg. 01-09-895240
Registered seat of Data Controller (2): 1148 Budapest, Fogarasi út 5.
Name of Data Controller (3): Future Security Zrt.
Company registration number of Data Controller (3): Cg.01-10-042931
Registered seat of Data Controller (3): 1148 Budapest, Fogarasi út 5.
Name of Data Controller (4): Future Fleet Kft.
Company registration number of Data Controller (4): Cg. 01-09-935850
Registered seat of Data Controller (4): 1148 Budapest, Fogarasi út 5.
Electronic availability of the Data Controllers: email@example.com
The technical background of Services is provided and the software installed on servers is operated by Dots Amazing Bt.
2. Rules of Data Control
Executive Officers of the Data Controllers shall, with regards to the characteristics of each Data Controller, establish the organization of privacy protection, scopes of responsibility and authority of privacy protection and related activities, and shall designate a person to oversee data control.
The Data Controllers control personal data related to this interface based on their joint Privacy and Data Security Policy. The scope of this Policy extends to all procedures performed at all business units of the Data Controllers that meet the criteria for the processing of personal data as defined in Subsection 2 of Section 3 of the Privacy Act.
The terminology of this Policy conforms to the glossary set out in Section 3 of the Privacy Act.
According to legal regulations, personal data may only be processed in order to exercise a right or to fulfil an obligation. The Data Controllers herewith declare that they shall not use the personal data controlled by them for private purposes. Their data processing shall at all times conform to the principle of purpose limitation.
Consequently, the Data Controllers shall process personal data only for purposes defined in their Privacy and Data Security Policy, in pursuance of exercising a right, to the minimum extent and for the shortest period of time necessary for reaching the purpose. The data processing shall in all its stages conform to the purpose - and in case the purpose of the data processing ceases to persist or the data processing proves unlawful in any other way, the data shall be deleted.
The Data Controllers shall process personal data only based on the prior consent of those concerned or based on law or statutory authorization.
Before registering the data, the Data Controllers shall at all times communicate the purpose of data processing to those concerned, as well as the legal basis of such. The Data Controllers fulfil this obligation through the present information handout.
The Data Controllers declare that their employees involved in data processing at their business units, as well as all employees of organizations involved in the data processing on behalf of the Data Controllers who are active in any operation of such, shall treat the personal data disclosed to them as trade secrets.
Employees of the Data Controllers shall make sure during their work that no unauthorized persons can have access to personal data and that the storage and location of the personal data should be performed in such a way that no unauthorized persons can access, know, change or delete any of the data.
3. Enforcement of the Rights of Those Concerned
The persons concerned can request information as to the processing of their personal data and can also request the correction and - with the exception of data processing required by law - the deletion of their personal data at any of the availabilities of the Data Controllers as shown in this information document.
The head of the business unit with the responsibility and authority shall, regarding the processing of the data of the person concerned, reply within 15 days - 5 days in case of exercising the right of objection - upon the receipt of such request at the latest, in writing, in an easily comprehensible form.
In case the necessary data and public documents attesting them are available, incorrect data shall be corrected by the head of the business unit controlling the data, or in case of conditions set forth in Subsection (2) of Section 17 of the Privacy Act, measures shall be taken to delete the personal data concerned.
For the period necessary to evaluate the objection of the person concerned against the processing of their personal data (but not longer than for 5 days) the head of the business unit processing the data shall suspend data processing, evaluate the grounds of the objection and make a decision, about which the applicant shall be informed pursuant to Subsection (2) of Section 21 of the Privacy Act.
If the objection is justified, the head of the business unit processing the data shall act in compliance with Subsection (3) of Section 21 of the Privacy Act.
The Data Controllers shall compensate for damages caused to third persons by the unlawful processing of the data of the persons concerned or by the breach of data safety obligations, and shall also settle the grievance payment due in case of a privacy breach committed by the Data Controller or a data processor acting on its behalf. However, the Data Processors call the attention of those concerned to the fact that the Data Processors will be exempt from any responsibility concerning the damage caused and from the settlement of the grievance payment if they prove that the damage or the privacy breach was caused by an unavoidable factor falling outside the scope of the data processing. Similarly, no damages shall be paid for cases caused by the wilful action or the gross negligence of the aggrieved party.
Those concerned may file their complaints about the data processing procedures of the Data Controllers to the National Authority for Data Protection and Freedom of Information (NAIH):
Name: Nemzeti Adatvédelmi és Információszabadság Hatóság (National Authority for Data Protection and Freedom of Information)
Seat: 1024 Budapest, Szilágyi Erzsébet fasor 22/C.
4. Data processing occurring during the use of the website of the Data Controllers
Place and technical background of the data processing procedures:
1148 Budapest, Fogarasi út 5. - Technical background of the data processing is provided by Dots Amazing Bt., also providing for the operation of the software on the servers.
The Operators are the Data Managers of personal data managed in connection with the Services, who do not employ data processors. The personal data managed by the Operators are exclusively made known to the Operators and their employees. The data relating to the users of Services are stored on the servers of the Operators.
There are two ways the Users can provide information and data about themselves on the Website:
4.1 Management of data relating to the number of the website's visitors
A software analysing the number of visitors is running on the websites of the Data Controllers designated hereunder. However, this software does not process any personal data as defined in the Privacy Act; instead, it records data related to the visits. The Data Controllers receive information automatically created about the visitors of their website: the Internet Protocol address (IP address) of the visitor, the time of the visit, data of the visited pages, name of the browser application used. The Data Controllers shall not link the IP addresses of the users to any other data that would make it possible to identify the user.
As based on the international practice and that of the National Authority for Data Protection and Freedom of Information, an IP address can even become personal data, so the Data Controllers shall protect all data that are disclosed to them during the data processing of the website in line with the protection due to personal data as stipulated hereunder; still the Data Controllers declare that their processing of IP addresses shall not qualify as data processing under the scope of the Privacy Act.
Use and purpose and cookies and web beacons
During the use of the web service the Data Controllers use small-size that cannot be directly linked to the user on the user's computer in order to identify the users, facilitate the users’ future visits to the website, improve the efficiency of Services, present targeted promotions or other targeted content to the users or conduct market research. The data obtained by the Operators as a result of using the data files may not be linked to any of the users' identifying data. The so-called session cookies are automatically deleted after the expiry of a deadline set in the cookies.
The users have the following options regarding cookies in their browser software.
It should be emphasized that if cookies are not accepted, then some of the pages or functions will not be working properly, and the user might not have authorization to gain access to certain data. Please visit http://www.cookiecentral.com for further information on cookies.
In addition to the cookies deployed by the Operators, data files might be installed by third parties to the user's computer. In such an event, the user visits another website in the context of the Services.
For the above-mentioned purposes the web beacons (or web bugs) from third parties may be embedded into the Operators' website. A web beacon is an image embedded into a website that allows for the tracking of visits to the website. This information is also called "click stream data". These data enable the analysis of visitors' behaviour, which leads to an improvement in the quality of the website and displaying of promotions and advertisements. The web beacons are similar to cookies in their function; however, these are used for tracking the online movement of users. The main difference between the two lies in that web beacons are not visible on the website. In addition to that, the users cannot disable the downloading of web bugs as opposed to cookies. For more information on web beacons visit http://en.wikipedia.org/wiki/Web_beacon
However, the operation of web beacons does not constitute data processing under the scope of the Privacy Act.
Visitors can contact the Data Controllers on the Data Controllers’ website (for example for requesting a quotation, applying for employment). Visitors can provide relevant data required to contact them by filling out a form. Before the submission of the data, the form shows a warning by the Data Controllers regarding the data processing rules that the User in question has accepted by their use of the website.
Data processing registration numbers:
Purpose of the data processing: Providing a way to communicate with the Data Controllers
Scope of processed data: Name, email address, phone number, subject of the communication, text of message
Legal basis of data processing: Consent of the person concerned pursuant to Paragraph a) of Subsection (1) of Section 5 of the Privacy Act.
Term of data storage: One year upon the registration of data, until the subject matter of communication is settled (the goal is attained)
Method of data storage: Electronic
5. Purpose and term of data processing
The purpose of data management by the Operators in connection with the Services:
The Data Controller shall control the personal data as long as the purpose of the data processing persists, that is primarily as long as the legal relationship with the User in question persists (as soon as this period is over, the data related to and provided by the User in question shall be deleted), or until the User requests the deletion of such data or until the User revokes their consent.
6. Data transmission, data management by third parties
In the absence of applicable legal provisions, any personal identification data may only be disclosed to third parties with the explicit consent of the user. The same applies to data obtained by the Operators in the course of using data files. Certain personal identification data may only be disclosed to third parties in the following cases:
7. Data security rules
The Data Controllers apply industry standard security measures to ensure the security of the data.
The users shall assume exclusive responsibility for the use of their username and password, including all activities related to the use of the username and password. To this end, it is recommended that the username and the associated password are kept secret. If the user discloses these data to third parties, then as a consequence he/she might lose the right to have control over the data managed by the Operator with regard to the Services.
Budapest, April 1, 2015