1. General guidelines
Data protection is very important to ASRP-Systems Kft. The use of the Internet pages is possible without providing any personal data. However, if you would like to use the company’s services through our website, processing of personal data could become necessary. In all cases, the handling of personal data – such as the name, e-mail address or telephone number of the person concerned – must comply with the General Data Protection Regulation (GDPR) as well as country-specific data protection.
With this data protection declaration, our company would like to inform you about the purpose of the personal data collected, used and processed by us.
As the controller, ASRP-Systems Kft. implemented various technical and organizational measures in order to ensure the complete protection of personal data processed through the website. However, internet-based data transmission may have security gaps, so absolute protection cannot be fully guaranteed.
In order to make our data protection declaration understandable to our customers, business partners and website visitors, we would like to explain the terminology used. The terms in this privacy statement are based on terms used in the General Data Protection Regulation (GDPR):
2.1 Personal data means any information relating to an identified or identifiable natural person („data subject”). An identifiable natural person is one who can be identified, directly or indirectly, especially on the bases of an identifier such as a name, an identification number, location data.
2.2 Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
2.3 Data processing is any operation or set of operations which is performed on personal data or a set of personal data, whether automated or not, such as collection, recording, organization, structuring, storage, adaption or change, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.
2.4 Restriction of the processing is the marking of stored personal data with the aim of restricting their future processing.
2.5 The data controller responsible for the processing is the natural or legal person, public authority, agency or other body which alone or with others, determines the purposes and means of processing of personal data. If the purposes and means of such processing are determined by European Union or Member State law, the controller or the specific criteria for its nomination may be provided by European Union or Member State law.
2.6 The data processor is the natural or legal person, authority, agency or other body that processes data on behalf of the data controller.
2.7 Recipient is the natural or legal person, authority, agency or other body to whom the personal data is transferred, regardless of whether it is a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with European Union or Member State law shall not be regarded as recipients, the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according tot he purposes of the processing.
2.8 Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons, who, under the direct authority of the controller or processor, are authorised to process personal data.
2.9 Consent of the data subject is any freely given, specific, informed and unambigous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement tot he processing of personal data relating to him or her.
3. Name and address of the data controller, name of the data protection officer
Data controller in application of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member States of the European Union and other provisions related to data protection is:
Name: ASRP-Systems Kft.
Address: Harkály utca 10., 6000 Kecskemét, Hungary
Data protection officer: Éva Gönczi-Papp
Phone: +36 (70) 597 4066
Any interested party (data subject) can contact our data protection officer directly with all questions concerning data protection at any time.
4. Collection of general data and information
The website of ASRP-Systems Kft. collects general data and information, when a data subject or automated system calls up the website. This general data and information is stored in server log files. It may be collected:
a) the browser types and versions used,
b) the operating system used by the access system,
c) the website from which an accessing system reaches our website (referrers),
d) the sub-websites,
e) date and time of access to the website,
f) an Internet protocol address (IP address),
g) the Internet service provider of the accessing system, and
h) any other similar data and information that may be used in the event of attacks on our information technology systems.
5. Collection and Storage of Personal Data (nature, purpose and use)
5.1 Type of data: in case of a written request for an offer, the following personal information will be collected:
- First name, last name
- Email address
- Phone number
- Fax number (if necessary)
5.2 In additon, all other information is collected that is necessary to start the business relationship and fulfill the contract. The collection of personal data takes place:
- To identify a customer,
- To provide appropriate advice,
- To fulfill contractual obligations,
- For correspondence with a customer,
- For invoicing (send a reminder if necessary).
5.3 The personal data collected will be stored until the end of the statutory retention period (8 years from the end of the calendar year of termination of the contractual relationship; if the offer was not followed by contract, then the retention period is 1 year) and then deleted. This does not apply if we are obliged to store for longer periods due to tax or other storage requirements or if you have consented to an additional storage.
5.4 Business-related data processing. These data will be processed for business related use additionally:
- contract data,
- payment and invoicing data,
- contactual-services from our customers, potential customers and business partners.
5.5 Safety measures
We will take appropriate technical and organisational measures, taking into account the state of the art, the cost of implementation and the nature, scope, circumstances and purpose of data processing. Measures include ensuring the confidentiality, integrity and availability of data by controlling physical access to data, as well as their access, input, disclosure, availability and separation.
5.7 Use of Google Maps
6. Routine erasure and blocking of personal data
The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose the storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to. If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
7. Rights of the data subject
7.1 Right of confirmation: each data subject shall have the right granted by the European legislator to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed. If the data subject wishes to use the right of this confirmation, he or she may contact any employee of the controller at any time.
7.2 Right of access: each data subject shall have the right granted by the European legislator to obtain from the controller free information about his or her personal data stored and a copy of this information at any time. Furthermore, the European directives and regulations provide access tot he following information for the data subject: the purpose of the data processing; the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients located in third countries or international organizations; where possible, the envisaged period for which the personal data will be stored, or, of not possible, the criteria used to determine that period; request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject; the existence of the right to complain to the supervisory authority. The data subject shall have a right to obtain information as to whether personal data are transferred to a third country or to an international organization. If this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating tot he transfer. If the data subject wishes to use the right of access, he or she may contact any employee of the controller at any time.
7.3 Right to rectification: each data subject shall have the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of data processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementery statement. If the data subject wishes to exercise this right of rectification, he or she may contact any employee of the controller at any time.
7.4 Right to erasure: each data subject shall have the right granted by the European legislator to obtain from the controller to erasure of personal data concerning him or her without undue delay, and the controller shall have the obligation to erase personal data without undue delay if one of the following reasons exists, as long as the data processing is no longer necessary: the personal data are no longer needed for the purpose for which these were collected; the data subject withdraws the consent that is the basis of the data processing; personal data has been processed unlawfully; personal data must be erased in order to comply with the legal obligation of the controller in European Union or Member State law. If one of the above-mentioned reasons exists and the data subject wishes to request the deletion of his or her personal data stored by ASRP-Systems Kft., he or she may contact any employee of the controller at any time. The employee responsible for data processing at ASRP-Systems Kft. is obliged to ensure the immediate fulfillment of the deletion request.
7.5 Right of restriction of processing: each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies: the processing is unlawful; the controller no longer needs the personal data for the purposes of the processing; the data subject objected tot he data processing until it was checked whether the legitimate reasons of the data controller take precedence over the reasons of the data subject. If one of the above-mentioned reasons exists and the data subject wishes to request the restriction of his or her personal data stored by ASRP-Systems Kft., he or she may contact any employee of the data controller at any time, who will arrange the restriction of the processing.
7.6 Right to withdraw data protection consent: each data subject shall have the right granted by the European legislator to withdraw his or her consent to processing of his or her personal data at any time. If the data subject wishes to exercise this right to withdraw the consent, he or she may contact any employee of the controller at any time.
8. Data protection of applicants and application procedure
8.1 The data controller shall collect and process the personal data of applicants for the purpose of the processing of the application procedure. Data processing can also be done electronically (the application documents will be sent by email).
8.2 If the data controller concludes an employment contract with an applicant, the submitted data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If no employment contract is concluded with the applicant by the controller, the application documents shall be automatically erased three months after notification of the refusal decision, provided that no other legitimate interests of the controller are opposed tot he erasure (for example, burden of proof in proceedings under the General Equality Act).
9. Period of storage of personal data
The criteria used to determine the storage period of personal data is the applicable legal retention period. After expiration of this period, the relevant data are routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initation of the contract.
10. Provision of personal data as a statutory or contractual requirements
The provision of personal data is partly required by law or can also result from contractual provisions. For example, the data subject is obliged to provide us with personal data when ASRP-Systems Kft. signs a contract with him or her. The non-provison of the personal data would have the consequence that the contract with the data subject cannot be concluded. Before personal data is provided by the data subject, the data subject must contact the data controller at ASRP-Systems Kft, who will clarify tot he data subject whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data
Date of last update: 19 November 2023