Privacy Policy

NIVEO Szolgáltató és Kereskedelmi Kft., the operator of prolocate.eu website, as data controller (hereinafter referred to as ’Company’ or ’Controller’) provides the following information to the website visitors (hereinafter referred to as ‘Data Subject’) about its data processing practices, its organizational and technical measures concerning personal data and the legal remedies available to visitors, taking into account the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46/EC (hereinafter referred to as ‘GDPR’) and the provisions of Hungarian Act CXII of 2011 on the Right to Information Self-Determination and Freedom of Information (hereinafter referred to as "Infotv.").

‍

The data controller: NIVEO Szolgáltató és Kereskedelmi Kft.

Registered office: H-2363 Felsőpakony, Attila utca 11.

Company registry number: 13-09-148321

Phone number: +36 20 248 6996

Email: office@prolocate.eu

Internet: prolocate.eu

1. Principles relating to the processing of personal data

Our Company processes personal data lawfully and fairly, and in a transparent manner for the data subject, for specified purposes only, in accordance with the principle of data minimisation. We only process personal data that is necessary for the purpose of the processing and is adequate for the purpose. We process personal data only to the extent and for the time necessary to achieve the purpose and in accordance with the applicable legal requirements.

Our Company is committed to processing your personal data in accordance with applicable data protection laws, guidelines, and to respecting your rights to the protection of your personal data. The security of your personal data is our priority!

This privacy policy provides information about our data management activities in relation to the provision of our services and the operation and use of the website.

2. Data processing for marketing purposes related to the operation of the website

When the data subject visits the prolocate.eu website operated by the Company, the website places cookies, i.e. short data files, on the computer of the visitor as data subject. This allows our website to recognise the device used by the data subject when a connection is established between the data subject's device and our website. Temporary cookies are placed on the visitor's device by the website only during a particular session and are deleted when the session is completed. The website also uses permanent cookies which remain on the computer until the visitor deletes them. The website uses cookies that collects information about the internet browsing habits of the data subject in order to provide the data subject with personalised advertising.

Cookies used on prolocate.eu website:

name of the cookie: Google Analytics,
purpose of the cookie: collection of composite statistical data,
type of the cookie: behavioural tracking cookie,
period of the cookie: 1 year,
basis of the data processing: consent of the data subject based on Article 6 paragraph (1) point a) of GDPR, Article 5. § paragraph (1) point a) of Infotv. and Article 13/A. § paragraph (4) of Hungarian Act CVIII of 2001.

Through the website, the Company receives messages from visitors of the website, who may provide the following personal data:

name,
email address,
telephone number,
subject and content of the message.

The legal basis for the processing is the consent of the data subject. The purpose of data processing is to process messages and enquiries from visitors, to answer questions, and to provide a quotation on request. The Company processes the above data for a maximum of 5 years or until the data subject's request for deletion.

3. Other data processing activities

Contact details of business partners

The Company processes the following personal data of contact persons acting on behalf of its business partners:

name,
position,
e-mail address,
telephone number.

These personal data are provided to the Company by the business partner or the data subject and are processed by the Company pursuant to Article 6 paragraph (1) points (b) and (f) of the GDPR for the duration of the existing business relationship.

The Company shall ensure the data subject's rights to data processing remedies in this regard and shall take the necessary measures to delete the personal data in the event of the data subject's objection.

Recruitment, job application

The Company processes the application material, including CVs, of persons applying for job, based on the data subject's consent until the selection process is completed or the data subject's consent is withdrawn.

Where the data subject's application material has not been received directly from the data subject, it shall be ensured that the data subject has given his or her consent to the processing or the transfer of his or her personal data for such purposes and if necessary, shall be informed of the processing by the Company as controller and the rights of the data subject under point IV. shall be ensured.

The Company may use a competency test during the selection process, based on the consent of the person concerned. The Company will only use a competency test that assesses the skills or abilities of the candidate to perform the job applied for. The Company will not use a competency test that would result in learning such data about the candidates that belongs to the special categories of personal data according to GDPR.

If the Company wishes to retain the application files of candidates after the completion of the selection process, it must obtain the written consent of the candidates concerned for further processing. If the data subject fails to respond to the request within 15 days, the processing shall be terminated and the personal data of the data subject shall be deleted.

During the selection process and also after its completion, the Company shall ensure that the data subjects have the possibility to exercise their rights in relation to data processing.

4. Data security measures applied by the Company

The Company ensures the protection of personal data through the following organisational and technical measures:

According to its internal rules, access to personal data is limited to those employees whose work requires the processing of personal data.
Paper-based personal data is stored according to strict internal rules to prevent unauthorized access.
Personal data stored electronically is protected by continuous virus protection, firewalls and logging activities, which also allow to control who has accessed to personal data and when. These solutions ensure that the IT system is protected against computer fraud and intrusion.
The Company stores personal data in its internal IT system.
Physical protection of the servers storing personal data is ensured by security management solutions.

5. Information and rights of the data subjects

The right to information of the data subject

According to the principal of the fair and transparent data processing, the data subjects of the processing shall be informed on the fact, the legal basis, the purpose and the period of the processing and if the Company as controller uses a processor for the data processing.

If the personal data was collected from the data subject, the data subject shall be informed whether the provision of the personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data.

The information of the data subject on the personal data processing has to be given while collecting the personal data. If the personal data was not collected from the data subject, but from another source, the information has be given him/her in reasonable time, taking into consideration the circumstances of the case.

The data subject is entitled to ask for information if the Company processes his/her personal data and about the legal basis, the purpose, the source and the period of the processing. The information has to be sent to the data subject without delay, but not later than 30 days to the contact given by the data subject. If necessary, and taking into account the complexity of the application and the number of requests, this deadline may be extended by further two months. The Company shall inform the data subject of the extension of the deadline within one month of receipt of the request, stating the reasons for the delay. If the Company does not take action on the request of the data subject, it shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with the supervisory authority and seeking a judicial remedy.

The Company shall provide information and any concerning actions free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the Company may either

charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or
refuse to act on the request.

The controller shall bear the burden of demonstrating the manifestly unfounded or excessive character of the request.

If the Controller has reasonable doubts concerning the identity of the natural person making the request, it may request the provision of additional information necessary to confirm the identity of the data subject.

The right to access of the data subject

The data subject shall have the right to obtain from the Company as controller confirmation as to whether or not personal data concerning him or her are being processed.

The data subject is entitled to have access to the collected data concerning him/her and to exercise this right simply and at reasonable intervals in order to verify if his/her data are processed lawfully.

Where data processing is ongoing concerning the data subject, the data subject has the right to access to personal data and the following information:

the purposes of the processing;
the categories of personal data concerned;
the recipients or categories of recipients to whom or with whom the personal data have been or will be disclosed, including in particular recipients in third countries or international organisations;
where applicable, the envisaged duration of the storage of the personal data or, where this is not possible, the criteria for determining that duration;
the right of the data subject to obtain from the controller the rectification, erasure or restriction of the processing of personal data concerning him or her and to object to the processing of such personal data;
the right to lodge a complaint with the supervisory authority;
where the data have not been collected from the data subject, any available information concerning their source;
the fact of automated decision-making, including profiling, and, at least in these cases, the logic used and clear information on the significance of such processing and its likely consequences for the data subject.

The Controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.

Right to rectification of the data subject

The data subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. This have to be arranged without delay, but not later than 30 days and a notice has to be sent to the given contact of the data subject.

The Controller shall inform all recipients to whom or with whom the personal data have been disclosed of the rectification, unless this proves impossible or involves a disproportionate effort. Upon request, the Controller shall inform the data subject of those recipients.

Right to erasure of the data subject (‘right to be forgotten’)

The data subject is entitled to ask for the erasure of its personal data and that his/her personal data shall not be processed any more in the following cases:

the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,
the data subject withdraws consent and there is no other legal ground for the processing,
the data subject objects to the processing and there are no overriding legitimate grounds for the processing,
the personal data have been unlawfully processed,
the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

The above provision does not apply where the processing is necessary:

for the purposes of complying with an obligation under Union or Member State law to which the controller is subject to which the processing of personal data is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
for the establishment, exercise or defence of legal claims.

If the request for the erasure of the personal data is well-founded, the erasure has to be carried out without delay, but not later than 30 days and a notice has to be sent to the contact given by the data subject. The Controller shall inform all recipients to whom or with whom the personal data have been disclosed of the erasure, unless this proves impossible or involves a disproportionate effort. Upon request, the Controller shall inform the data subject of those recipients.

Right to restriction to processing of the data subject

The data subject is entitled to ask for the restriction of the data processing in the following cases:

the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data,
the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead,
the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims,
the data subject has objected to processing, pending the verification whether the legitimate grounds of the controller override those of the data subject.

The restriction of the data processing lasts until the indicated reason makes the data processing necessary. The restriction shall be done without delay, but not later than 8 days and a notice has to be sent to the given contact of the data subject.

If the processing is restricted, such personal data may be processed, except for storage, only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or of an important public interest of the Union or of a Member State.

If the restriction of the data processing is lifted, the data subject has to be informed in advance. The Controller shall inform all recipients to whom or with whom the personal data have been disclosed of the restriction, unless this proves impossible or involves a disproportionate effort. Upon request, the Controller shall inform the data subject of those recipients.

The right to object of the data subject

The data subject is entitled to object to the data processing if the legal basis of the processing is the legitimate interest of the controller or a third party. In such a case, the controller shall no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such purposes, including profiling, where it is related to direct marketing. If the data subject objects to the processing of personal data for direct marketing purposes, the personal data may no longer be processed for those purposes.

The objection has to be examined in 15 days from the submission of the request, a decision has to be made on its grounds and it has to be sent to the given contact of the data subject.

Right to data portability of the data subject

The data subject shall have the right to receive the personal data concerning him/her, which he/she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, if

the processing is based on consent or on a contract and
the processing is carried out by automated means.

In exercising his/her right to data portability, the data subject shall have the right to have the personal data transmitted directly from one controller to another where technically feasible.

Enforcement possibilities connected to data processing

The data subject is entitled to submit a complaint or a request to the Company as the data controller at the following contact details:

by post: H-2363 Felsőpakony, Attila utca 11.
by email: office@prolocate.eu

In case of the violation of the rights connected to personal data processing, the data subject is entitled to submit a complaint to the Hungarian National Authority for Data Protection and Freedom of Information.

‍

Hungarian National Authority for Data Protection and Freedom of Information

Address: H-1055 Budapest, Falk Miksa utca 9-11.

Postal address: 1363 Budapest, Pf.: 9.

Phone number: +36 (1) 391-1400, +36 (30) 683-5969, +36 (30) 549-6838

Fax: +36 (1) 391-1410

E-mail: ugyfelszolgalat@naih.hu

URL: https://naih.hu

‍

The data subject can submit a claim to the competent court in case of the violation of its rights. The court proceeds with priority in the case. The data subject – by choice – is entitled to submit the claim to the court competent according to the permanent or temporary residence of the data subject. The Controller shall compensate the damage caused by the unlawful processing of your data or by the breach of data security requirements by the controller or the processor. If the Controller infringes your privacy rights by unlawfully processing your data or by breaching the requirements of data security, the data subject may claim damages.