GENERAL PRIVACY INFORMATION

EDITING CLOSED: 09.11.2021

As a data controller, our company determines the purposes and means of processing personal data independently or together with others, and as a data processor, it processes personal data on behalf of the data controller.

Data management is any set of operations or operations performed on personal data or files in an automated or non-automated manner, such as collecting, recording, organizing, segmenting, storing, transforming, or altering, retrieving, viewing, using, communicating, transmitting or otherwise harmonization, interconnection, restriction, deletion, or destruction.

Data processing is data management of a technical nature, it does not have the right to dispose of and decide on the data.

Any information about an identified or identifiable natural person ("data subject") is considered personal data. A natural person may be identified if, directly or indirectly, one or more factors relating to an identifier, such as a name, number, location, online identifier, or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable by.

As a data controller and processor, our company respects the privacy of all individuals to whom personal information is provided and is committed to protecting it.

I.

Pursuant to Article 13 of the GDPR, our company provides the following information to the persons concerned:

Data Controller:

Company name: Grüne Antwort Kft.
Address: H-1119 Budapest, Tétényi út. 93
Website: http://gruneantwort.com/
Contact person: Máté Árkossy
Phone: +36 70 625 8953
Email: mate.arkossy@gruneantwort.com

Data processing:
No data processor is used.

Data Protection Officer:
- Our company is not obliged to appoint a data protection officer under Article 37 of the GDPR.

Privacy requests:
If you have any requests or questions regarding data management, you can send your request by post to 1119 Budapest, Tétényi út 93 or electronically to support@gruneantwort.com. We will send our answers without delay, but within 30 days to the address you specify.

Data transfer abroad:
- No data transfer abroad.

II.

The purpose, legal basis and duration of the data management of our company:

Data management purposes:
Our company handles data in accordance with the law for the following purposes:

(a) marketing activities to potential customers;
(b) processing of data of employees and applicants (under conditions specified in separate regulations);
(c) managing the contact details of contractors for the performance of the contract;
d) fulfillment of customer orders;
e) protection of property, personal security;
f) for the purpose of fulfilling an obligation specified by law

Legal basis for data management:

Article 6 (1) (a) GDPR: consent of the data subject
GDPR Article 6 (1) (b): required for performance of the contract
GDPR Article 6 (1) (c): necessary to fulfill a legal obligation
GDPR Article 6 (1) (a): legitimate interest, balance of interests always required

Legal basis for each data management activity:

(a) issue of an invoice in accordance with accounting legislation: legal basis: Article 6 (1) (c) GDPR
(b) contact: legal basis (data processing for partners' employee data): Article 6 (1) (f) GDPR. The legitimate interest of the data controller: business continuity.
(c) processing of employee data: Article 6 (1) (b) and (c) GDPR.
(d) processing of data of contractual partners: legal basis Article 6 (1) (b) GDPR
(e) marketing activity: legal basis: Article 6 (1) (a) GDPR.
f) For the purpose of marketing activities, there is also a facebook page, however, an independent database is not created or profiled.
(g) Legal basis for online registration: Article 6 (1) (a) GDPR
(h) security camera operation legal basis: Article 6 (1) (f) GDPR. Legitimate interest of the controller: property protection, in the case of employees, the legitimate interest of the employer as defined in the Labour Code.

In the case of the processing of the personal data concerned based on legitimate interests, we carry out a balance of interests, during which:

- identify and record a legitimate interest
- identify and record the interests and rights of the data subject
- consideration based on the principles of necessity and proportionality, purpose limitation, data saving, limited storage
- inform the data subject of the balance of interests

The data subject has the right to object, on the basis of which the personal data will not be further processed, if the processing is justified by compelling reasons (eg in the case of data that must be processed in connection with the employment relationship)

There is no compelling reason for direct marketing, in case of protest the data must be deleted.
(Direct marketing includes advertisements that directly address their potential customers. This can be done electronically, by phone call, by mail, etc. The special rules of each method apply. The person concerned will be the recipient of the advertisement here, ie the person to whom the advertisement is addressed. reaches or is directed.

The personal data of the data subject, e.g. managed by a website or web store operator.)

Data processing time:

The accounts will be kept for at least 8 years due to a legal obligation. The retention period of the documents on which the invoice is based is 8 years.
Retention period of documents on which the employment relationship is based: 50 years.
The retention period of the contact-related data is 1 year after the termination of the contact.
Retention of data related to the performance of the contract: 5 years.

III.

Rights concerned:

In connection with your personal data, the data subject has the rights specified by law.
(a) right of access (knowledge of data, whether data are being processed);
(b) if a piece of data is out of date or incorrect, correct it;
(c) deletion (only for data processing based on consent);
(d) restrictions on the processing of data;
(e) prohibit the use of personal data for direct marketing purposes;
(f) transfer or prohibit the transfer of personal data to a third-party service provider;
(g) request a copy of any personal data processed by the controller, obsession
h) protest the use of personal data.

IV.

Privacy Incident:

A breach of data security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal information processed. Our company ensures data security commensurate with the degree of risk associated with data processing, in the event of which our data protection officer or, in the absence thereof, the data controller / processor or his / her representative shall notify the supervisory authority without delay, but no later than 72 hours after becoming aware of it.

Our company shall take the necessary security measures immediately after becoming aware of the data protection incident to eliminate or restore the damage that gave rise to the data protection incident. The data subject will be notified of the measures taken and their outcome.

V.

Remedies information:

In Hungary, the data protection supervisory authority is The National Authority for Data Protection and Freedom of Information (hereinafter "the Authority" or "the NAIH", address: 1055 Budapest, Falk Miksa utca 9-11., e-mail address: ugyfelszolgalat@naih.hu). The data subject may submit a complaint to the NAIH if, in his or her opinion, the processing of personal data concerning him or her does not comply with the legal obligations.

A judicial review may be initiated against the decision of the NAIH.

VI.

Information on records:

Our company handles and processes the data legally, transparently and verifiably, and in order to achieve these goals, it keeps the following records:

1. Records of data management

- until the entry into force of the GDPR, the Infotv. Pursuant to § 65, the NAIH leads
Contents:
serial number
activity
processed data
- data management purpose
- data management legal basis
- method and time of storage
- name and contact details of the data controller
- name and contact details of the Data Protection Officer
- data transmission, recipients
- technical and organizational measures
Records of data management must be kept separately for each activity.

2. Records of data transfers

Contents:
serial number
- date
consignee
- scope of personal data
- purpose of data management and processing
- legal basis for data management and processing
- name and contact details of the data controller
- name and contact details of the Data Protection Officer
- technical and organizational measures
- time limit for erasure
- other data specified by law (eg auditor's chamber ID)

3. Records of cessation of data management

Contents:
serial number
date of application
- name and identification of the person concerned
- the content of the application
- name of the measure
date of action
- name and contact details of the data controller
- name and contact details of the Data Protection Officer

4. Record privacy incidents

Contents:
serial number
time of incident
- name of the incident
- the range of stakeholders
personal data concerned
impact of an incident
- provisions
- name and contact details of the data controller
- name and contact details of the Data Protection Officer

5. Record of relevant and official requests and responses

Contents:
serial number
- subject and time of the request
- the range of stakeholders
personal data concerned
- provisions
- name and contact details of the data controller
- name and contact details of the Data Protection Officer

6.Record of the activities of the Data Protection Officer

Contents:
serial number
- time of activity
activity
- compliance check
- Impact assessment comment
- supervisory cooperation

7. Register of “lost” data, inquiries

Contents:
serial number
- arrival time
subject of the application
- action (eg return)
- name and contact details of the data controller
- name and contact details of the Data Protection Officer

8. record of prior data protection impact assessment

Contents:
serial number
- time of impact assessment
- description of operations, purpose of data processing, legitimate interest
- examination of necessity and proportionality
- risk analysis and management
- name and contact details of the Data Protection Officer
- the opinion of the Data Protection Officer

Date: Budapest, 09.11.2021

GRÜNE ANTWORT KFT.
As a data controller / processor
Represented by: Máté Árkossy

Contact us