(effective from 01.04.2023)
The eNET Hungary Ltd. (hereinafter referred to as eNET, Company) processes personal data obtained or recorded in the course of its activities in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and those of Act CXII of 2011 on the Right to Self-Determination of Information and Freedom of Information, as follows.
Purpose and scope of the prospectus
The purpose of this prospectus is to set out the data protection and management principles applied by eNET and its data protection and management policy, which eNET, as the data controller, recognizes as binding on itself.
eNET, as the data controller, informs data subjects about the general information on the processing of personal data by publishing this prospectus.
Unless otherwise specified, the prospectus does not cover data processing carried out in the course of official proceedings.
Data controller
eNET Hungary Ltd.
Headquarters: 5 Ipar Street, Budapest 1095
Tel: (+36 1) 373-0779
E-mail: info@enet.hu
Website: https://enet.hu/
Data protection officer: Viktória Deme, phone: +36 1 373 07 79, e-mail: adatvedelem@enet.hu
What principles do we follow in our data management?
Our Company follows the following principles in its data management:
a) We process your personal data lawfully and in a fair way, and transparently for you.
b) Personal data are only collected for specified, explicit and legitimate purposes and will not be processed in a way incompatible with those purposes.
c) The personal data we collect and process is appropriate and relevant to the purposes of the data processing and is limited to what is necessary.
d) Our Company takes all reasonable steps to ensure that the data we process is accurate and, where necessary, up-to-date, and inaccurate personal data are deleted or corrected immediately.
e) We store personal data in such a way that you can only be identified for the time necessary to achieve the purposes for which the personal data are processed.
f) We ensure that personal data is adequately protected against unauthorized or unlawful processing, accidental loss, destruction or damage to personal data by applying appropriate technical and organizational measures.
The way our Company handles your personal information
a) We handle, collect, record, organize, store and use data with your prior informed consent and only to the extent necessary and in all cases for the intended purpose.
b) In some cases, the processing of your data is based on legal regulations and is mandatory, in which case we draw your attention to this fact.
c) In certain cases, our Company or a third party has a legitimate interest in the processing of your personal data, such as the operation, development and security of our website.
Data management information about the use of our website
Data we manage:
Name of data management
Data handled during your visit to our website.
Scope of data processed
Information provided when using the website.
At present, our website is for information purposes only, we do not ask to provide personal information.
If you have any questions regarding data management, you can request further information by sending an e-mail to adatvedelem@enet.hu or a letter to our postal address, and we will send you our answer to the contact details you have provided within 25 days at the latest.
Legal basis for data management:
Name of data management
Data handled during your visit to our website.
Legal basis for data management
Your consent.
Purpose of data management:
Name of data management
Data handled during your visit to our website.
Purpose of data management
Website operation.
Time of data management:
Name of data management
Data processed during the visit to our website.
Time of data management
With regard to the technical data collected during the visit to our website, the time required for the purpose and registration is currently not included in our website.
Whose data we handle, stakeholders:
Name of data management
Data processed during the visit to our website.
Stakeholders of data management
Natural persons visiting our website.
What are cookies and how do we handle them?
Cookies are small data files (“cookies”) that are sent to your computer via the website, through the use of the website and are saved and stored by your web browser. The majority of the most commonly used Internet browsers (Chrome, Firefox, etc.) accept and allow the download and use of cookies by default, but it is up to you to refuse or disable them by changing your browser settings, or to delete cookies already stored on your computer. For more information on the use of cookies, see the “help” menu item in each browser.
There are cookies that do not require your prior consent. Our website provides brief information about these when you start your first visit, such as authentication, a multimedia player, load balancing, session cookies to help you customize your user interface, and user-centric security cookies.
If the data processing starts already by visiting the site, our Company will inform you about the cookies that require consent at the beginning of the first visit, and we will ask for your consent.
Our Company does not use or allow cookies that allow third parties to collect data without your consent.
Acceptance of cookies is not mandatory; however, our Company is not responsible if, in the absence of cookies, our website may not function as expected.
Details about third party cookies can be found here https://www.google.com/policies/technologies/types/, and information about privacy can be read here: https://www.google.com/analytics/learn/privacy.html?hl=hu.
Data processing in relation to the abuse reporting system
Data we manage:
Name of data management
Data processed in the context of reporting abuse.
Scope of data processed
Details of the notifier and the content of the notification.
The name and contact details of the whistleblower submitting the notification pursuant to Act XXV of 2023 on the Rules for Reporting Abuse (Complaints Act), the content of the notification and any attachments, the content of any additions to the notification, the name and contact details of the person giving rise to the notification, the name and contact details of the person with relevant information, and any additional personal data of such persons necessary for the investigation of the notification, and any additional data voluntarily provided by the whistleblower.
Legal basis for data management:
Name of data management
Data processed in the context of reporting abuse.
Legal basis for data management
To comply with a legal obligation under Article 6(1)(c) of the GDPR. The legal obligation is laid down in the Complaints Act.
Purpose of data management:
Name of data management
Data processed in the context of reporting abuse.
Purpose of data management
Conducting an investigation under the Complaints Act, investigating the complaint and remedying or terminating the conduct that is the subject of the complaint.
Time of data management:
Name of data management
Data processed in the context of reporting abuse.
Time of data management
If the investigation does not reveal any abuse, the investigation data will be deleted 60 days after the investigation is closed. Where deletion is not possible or would be prejudicial to the interests of the whistleblower or other employees, the investigation data shall be blocked and only accessed by authorised persons on the basis of a specific documented authorisation. If the investigation reveals misuse, the data relating to the investigation may be processed until the purpose of the procedure has been achieved. If the investigation leads to legal proceedings or disciplinary action, the data relating to the report may be processed up to the final conclusion of the proceedings based on the report, after which they shall be deleted.
Whose data we handle, stakeholders:
Name of data management
Data processed in the context of reporting abuse.
Stakeholders of data management
The person who made the report, whose conduct or omission gave rise to the report, and who may have material information about the facts contained in the report.
Additional data management information
Data transmission
We may only transfer your data within the limits set by law, and in the case of our data processors, we ensure that your personal data may not be used for purposes contrary to your consent. Contributors and employees of our Company involved in data management and data processing are entitled to access your personal data to a predetermined extent, subject to the obligation of confidentiality.
Our Company may only transfer data abroad in accordance with the GDPR (Chapter V) and the relevant provisions of the Infotv.
The court, the prosecution and other authorities (e.g. police, tax authorities, National Authority for Data Protection and Freedom of Information) may contact our Company for information, data or documents. In such cases, we must comply with our obligation to provide information, but only to the extent strictly necessary to achieve the purpose of the request.
Data security
Contributors and employees of our Company involved in data management and / or data processing are entitled to access your personal data to a predetermined extent, subject to the obligation of confidentiality.
We protect your personal information through appropriate technical and other measures and ensure the security and availability of your information, as well as protect it from unauthorized access, alteration, damage or disclosure, and any other unauthorized use.
As part of organizational measures, we control physical access to our buildings, train our employees on an ongoing basis, and keep paper-based documents secure. We use encryption, password protection and anti-virus software as part of our technical measures. However, please note that data transmission over the Internet is not considered to be a completely secure data transmission. Our Company makes every effort to make our processes as secure as possible, but we cannot take full responsibility for the transmission of data through our website, but we adhere to strict standards regarding the security of your data and the prevention of unauthorized access to the data we receive from our Company.
In order to provide high-quality service to our customers, our Company uses the following data processors:
NAME | ADDRESS | ACTIVITY |
Badak Audit Könyvvizsgáló és Szolgáltató Korlátolt Felelősségű Társaság | 54 Liliom Street, Pomáz, 2013 | auditor |
Hajtás Pajtás Kft. | 20. Vörösmarty Street, Budapest, 1074 | courier service |
If we change the scope of our data processors, the changes will be reflected in this prospectus.
What are your rights and remedies in relation to your data processing?
Right to information and access:
Through our Company’s contact information, you can request the following information from eNET in writing:
- what kind of personal data
- on what legal basis
- for what purpose
- from what source
- how long it is processed
- do we still process your personal data
- to whom, when, for what reason and to which personal data we have provided access or to whom your personal data was transferred.
In addition, you may request a copy of your personal information stored with our Company.
eNET will, upon your request for written information, provide the requested information within a maximum of 30 days in a response letter to the contact details provided in the request. We will also send you our reply electronically to your request sent electronically. If you would like to receive our response in a different way, please indicate this in your request.
We may refuse to provide information only in cases provided for by law, indicating the specific act and providing information on the possibility of legal redress or submitting an appeal to the Authority.
Right to rectification
Through the contact details of our Company, you can request in writing the modification or clarification of any of your personal information.
eNET will, upon your written request, provide the information to be modified without delay, but within a maximum of 30 days, and will notify you of this in the response letter provided in the request. We will also send you our reply electronically to your request sent electronically. If you would like to receive our response in a different way, please indicate this in your request.
Right to deletion of data
You can request the deletion of your personal data in writing through the contact details of our Company.
If the Company is required by law to further store your personal information, we will reject your request for deletion. If we do not have such a legal obligation, your data will be deleted without delay, but within a maximum of 30 days, and you will be notified in the reply letter sent to you at the contact details provided in the letter of request. We will also send you our reply electronically to your request sent electronically. If you would like to receive our response in a different way, please indicate this in your request.
Right to restrict data processing
You can request a restriction on the processing of your personal data in writing through the contact details of our Company. Restrictions on data processing mean that our Company may only store your personal data, we may only perform other data processing activities with the consent of the person requesting the restriction for the purpose of submitting a legal claim or in the public interest.
You can request a data restriction if:
- In your opinion, your information is inaccurate,
- You think your data has been handled illegally by eNET, but you do not want the data deleted,
- You require data management to enforce or protect your legal claim, but eNET no longer needs this data.
eNET will, upon your written request, comply with your request for data restriction without delay, but within a maximum of 30 days, and will notify you of this in a response letter sent to the contact details provided in the request. We will also send you our reply electronically to your request sent electronically. If you would like to receive our response in a different way, please indicate this in your request.
Right to withdraw consent
Through the contact details of our Company, you may withdraw your consent to data management in writing at any time during the data processing period. In the event of withdrawal of consent, the management of eNET carried out prior to withdrawal shall remain lawful.
eNET will, upon your written request, comply with your request for revocation of data processing without delay, but within a maximum of 30 days, and will notify you of this in a response letter sent to the contact details provided in the request. We will also send you a reply to your request electronically. If you would like to receive our response in a different way, please indicate this in your request.
Common rules for rectification, deletion, restriction and withdrawal
Our Company will notify you of the rectification, restriction and deletion of personal data, as well as all those to whom you have previously transferred your data for data processing purposes, unless failure to do so would not harm your legitimate interests.
If we do not comply with your request for rectification, restriction or deletion, we will inform you of the reasons for our refusal in writing or, with your consent, electronically as soon as possible after receipt of the request, and will inform you of the possibility of legal remedy and of submitting an appeal to the Authority.
If you object to the processing of your personal data, we will examine the objection as soon as possible after the application has been submitted (but no later than within 25 days) and will inform you in writing of our decision. If we have determined that your objection is well-founded, we will terminate the processing of data, including further data collection and transfer, and will notify all persons to whom we have previously transferred the personal data concerned of the objection and the action taken on it, and who are obliged to take action to enforce the right to object.
We will refuse to comply with your request if we prove that the processing is justified for compelling legitimate reasons which take precedence over your interests, rights and freedoms or which relate to the submission, enforcement or defence of legal claims. If you do not agree with our decision, or if we miss the deadline, you can go to court within 30 days of being notified of the decision or of the last day of the deadline.
Remedies
If, in your opinion, our Company’s data processing has not complied with the legal requirements, you may request the eNET Data Protection Officer to take action, or you may take legal action.
In addition, by filing a complaint with the National Data Protection and Freedom of Information Authority (NAIH), you may initiate an investigation with a claim that your rights related to the processing of your personal data have been violated or are in imminent danger.
Contact details of the National Data Protection and Freedom of Information Authority:
National Data Protection and Freedom of Information Authority
Headquarters: 22/C Szilágyi Erzsébet fasor, Budapest 1125
Postal address: P.O.B.: 5, Budapest 1530
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat@naih.hu
Website: https://naih.hu/
Before contacting the supervisory authority or going to court, please contact our Company for a consultation and to resolve any issues as quickly as possible.
Data protection lawsuits fall within the jurisdiction of the tribunal, which may, at the option of the data subject, be adjudicated in the court of the data subject’s domicile or of the place of residence. A foreign national may lodge a complaint with the competent supervisory authority according to his or her usual place of residence or employment.
What are the main laws governing our business?
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR)
- Act CXII of 2011 on the right to information self-determination and freedom of information
- Act V of 2013 on the Civil Code
- Act CVIII of 2001 on certain issues in electronic commerce services and information society services
- Act C of 2003 on electronic communications
- the CLV Act 1997 on consumer protection
- Act CLXV of 2013 on complaints and notices of public interest.
- Act XLVIII of 2008 on the basic conditions and certain restrictions of commercial advertising
Modification of the data management information
Our Company reserves the right to amend this Privacy Policy, of which we will inform those concerned accordingly. Information related to data management is published on the website https://enet.hu/.