Data Management and Data Protection Notice

1. INTRODUCTION

As a data controller, we respect your personal rights, which is why we have prepared the following Data Management and Privacy Notice (hereinafter: Notice).

1.1 Who is this notice for?

This Notice applies to all natural persons whose data is managed by the Data Controller.

2. DATA CONTROLLER INFORMATION

Under the scope of this notice, the following company acts as the data controller:

  • Omnit Solutions Kft (Registration no.: 01 09 952396)
  • Registered office: 1137 Budapest, Radnóti Miklós u. 2.
  • Email: info@omnit.hu
  • Phone: +36 30 235 0100
  • Company registration number: 01-09-952396
  • Represented by: Fekszi Csaba, Managing Director
  • Tax number: 23089071-2-41

3. LAWS AND PRINCIPLES

3.1 The laws that bind us during data processing

  • • GDPR (General Data Protection Regulation) - REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (27 April 2016) on the protection of natural persons concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
  • • Act CXII of 2011 on the Right to Informational Self-Determination and on Freedom of Information and the implementing regulations thereof.
  • • Act CVIII of 2001 on certain issues of electronic commerce services and information society services.
  • • Act V of 2013 on the Civil Code.
  • • Act CL of 2017 on the Rules of Taxation and the implementing regulations thereof.
  • • Act C of 2000 on Accounting and the implementing regulations thereof.
  • • Act XLVIII of 2008 on the basic requirements and certain restrictions of commercial advertising.
  • • Act C of 2003 on Electronic Communications, Section 155. §
  • • Directive 2002/58/EC of the European Parliament and of the Council (12 July 2002) concerning the processing of personal data and the protection of privacy in the electronic communications sector ("ePrivacy Directive").
  • • Directive (EU) 2019/1937 of the European Parliament and of the Council (23 October 2019) on the protection of persons who report breaches of Union law.
  • • Act XXV of 2023 on complaints, public interest disclosures, and rules related to reporting abuses.

3.2 Our principles during data processing

We only process personal data for the purposes and duration specified here. We only process personal data that is essential for achieving the purpose of data processing and is suitable for that purpose. The personal data obtained during data processing can only be accessed by persons who are either employed by or are contracted by the Data Controller and have a task related to the specific data processing.

4. DEFINITIONS

“Personal data”: Any information relating to a natural person (data subject), such as a name, number, location data, online identifier, or data relating to the physical, physiological, genetic, mental, economic, cultural, or social identity of the natural person.

“Special categories of data”: These include personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data and biometric data processed to uniquely identify a natural person, data concerning health, and data concerning a natural person’s sex life or sexual orientation.

“Health data”: Personal data related to the physical or mental health of a natural person, including data regarding the provision of health services, which reveal information about the natural person’s health status.

“Data subject”: An identifiable natural person to whom the personal data relates. (For example, a website visitor, a person subscribing to a newsletter, or a job applicant.)

“Data processing”: Any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

“Data controller”: The natural or legal person, public authority, agency, or other body that determines the purposes and means of the processing of personal data, whether alone or jointly with others.

“Data processing”: The performance of technical tasks related to the data processing operations.

“Data processor”: A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the data controller.

“Profiling”: Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

“Third party”: A natural or legal person, public authority, agency, or other body other than the data subject, data controller, data processor, and persons who, under the direct authority of the data controller or data processor, are authorized to process personal data.

“Consent of the data subject”: Any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

“Whistleblower”: A natural person who reports information on unlawful or suspected unlawful activities or omissions, or other abuses, through the whistleblowing website operated by IdeSol Security Kft. as a data processor. Whistleblowers may be individuals with a contractual relationship with the data controller with whom IdeSol Security Kft. has a contract.

  • a) A person employed by the Data Controller (employer).
  • b) A person whose employment relationship with the Data Controller (employer) has ended.
  • c) A person intending to establish an employment relationship with the Data Controller (employer), and for whom the process of establishing such a relationship has begun.
  • d) A sole trader or a sole proprietorship, if they are in a contractual relationship with the Data Controller (employer).
  • e) A person with ownership interest in the Data Controller (employer), and members of the management, executive, or supervisory bodies of the Data Controller (employer), including non-executive members.
  • f) A person who has begun or is in a contractual relationship with the Data Controller (employer) or intends to establish such a relationship.
  • g) An intern or volunteer working for the Data Controller (employer).
  • h) A person intending to establish a contractual relationship under points d), e), or f) with the Data Controller (employer) and for whom the process of establishing such a relationship has begun.
  • i) A person whose relationship under points d), e), or f) with the Data Controller (employer) has ended.

5. DATA PROCESSING ACTIVITIES

This Notice only covers the data processing activities related to the operation of the Data Controller's whistleblowing system.

5.1. Purpose of Data Processing – Contact Form

Omnit Solutions Ltd. collects and stores personal data through the contact form for the purpose of establishing contact.

  • • The form can be freely completed by anyone.
  • • Based on the provided data, Omnit Solutions Kft. will initiate contact.

6. YOUR RIGHTS

Regarding data processing, you have the following rights detailed below. If you wish to exercise your rights, please contact us through one of the following means:

  • Address: Omnit Solutions Kft., 1137 Budapest, Radnóti Miklós u. 2.
  • Email: info@omnit.hu

Identification
Before fulfilling your request, we must verify your identity. If we are unable to identify you, unfortunately, we cannot fulfill your request.

Response to Request
Once identified, we will provide information regarding your request in writing, electronically, or verbally upon your request. Please note that if you submitted your request electronically, we will respond electronically. Of course, you may also request another form of response.

Response Time
We will inform you of the actions taken in response to your request within one (1) month from the date of receipt. If necessary, considering the complexity of the request and the number of requests, this period may be extended by an additional two (2) months, of which we will inform you within the original one-month response time. We are also obliged to inform you of any lack of action within the one-month response time. You may lodge a complaint with the NAIH and exercise your right to judicial remedy.

Cost of Processing Requests
The requested information and actions are free of charge. Exceptions apply if the request is clearly unfounded or - especially due to its repetitive nature - excessive. In such cases, we may charge a fee or refuse to fulfill the request.

6. Right to Access

You have the right to request confirmation as to whether personal data concerning you is being processed (GDPR Article 15), and if so:

  • ✓ What is the purpose?
  • ✓ What specific data is being processed?
  • ✓ To whom do we transmit this data?
  • ✓ How long will we store this data?
  • ✓ What are your rights and remedies regarding this?
  • ✓ From whom did we receive your data?
  • ✓ Do we make automated decisions concerning you based on your personal data? In such cases, you can also request information about the logic (method) applied and the significance and consequences of such data processing.
  • ✓ If your data has been transferred to an international organization or a third country (non-EU member), you may request information about how the adequate protection of your personal data is ensured.
  • ✓ You may request a copy of your processed personal data. (We may charge an administrative fee for additional copies.)

6.2 Right to Rectification

You have the right to request the correction or completion of inaccurate or incomplete personal data concerning you (GDPR Article 16).

6.3 Right to Erasure

You have the right to request the erasure of your personal data (GDPR Article 17) if:

  • • The personal data is no longer necessary for the purposes for which it was processed;
  • • It is established that the personal data was processed unlawfully;
  • • Union or national law requires it.

We cannot erase personal data if it is necessary for:

  • • The exercise of the right to freedom of expression and information;
  • • Compliance with a legal obligation to which the data controller is subject under Union or national law or for reasons of public interest;
  • • Reasons of public interest in the area of public health;
  • • Archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, provided that erasure would likely render impossible or seriously impair the achievement of the objectives of that processing; or
  • • The establishment, exercise, or defense of legal claims.

6.4 Right to Restrict Processing

You have the right to request the restriction of data processing (GDPR Article 18) if any of the following apply:

  • • You contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data;
  • • The processing is unlawful, but you oppose the erasure of the data and request the restriction of its use instead;
  • • We no longer need the personal data for processing purposes, but you require it for the establishment, exercise, or defense of legal claims;
  • • You have objected to processing, pending verification of whether our legitimate grounds override yours.

In case of restriction, personal data will only be processed with your consent, for the establishment, exercise, or defense of legal claims, to protect the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.

We will inform you before the restriction is lifted.

6.5 Right to Data Portability

You have the right to receive your personal data, processed by us, in a machine-readable format (GDPR Article 20), and you also have the right to transmit that data to another data controller, or request that we transmit it if the data processing is based solely on your consent or a contract with you or for your benefit, and the processing is carried out by automated means.

This right does not apply if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. It must not infringe upon the right to erasure or adversely affect the rights and freedoms of others.

6.6 Right to Object

You have the right to object to the processing of your personal data (GDPR Article 21), if:

  • • The data processing is necessary for the purposes of the legitimate interests pursued by the data controller or a third party, including profiling based on those interests.

In such cases, we will erase the personal data unless there are compelling legitimate grounds for processing that override your interests, rights, and freedoms, or the data is necessary for the establishment, exercise, or defense of legal claims.

You can also object to the processing of your personal data if:

  • • The data is processed for direct marketing purposes (including profiling related to such purposes). In this case, we will erase the personal data.
  • • The data is processed for scientific or historical research purposes or statistical purposes. In this case, we will erase the personal data unless the processing is necessary for the performance of a task carried out for reasons of public interest.

6.7 Remedies

6.7.1 Filing a complaint with the NAIH

If you believe that the processing of personal data concerning you violates the provisions of the Data Protection Regulation, you have the right to file a complaint with the National Authority for Data Protection and Freedom of Information (NAIH).

  • President: dr. Péterfalvi Attila
  • Mailing address: 1363 Budapest, Pf.: 9.
  • Address: 1055 Budapest, Falk Miksa utca 9-11
  • Phone: +36 (1) 391-1400
  • Fax: +36 (1) 391-1410
  • Website: http://naih.hu
  • Email: ugyfelszolgalat@naih.hu

6.7.2 Right to Judicial Remedy

If you believe that the processing of personal data concerning you violates the provisions of the Data Protection Regulation and thus infringes your rights under the Regulation, you have the right to turn to the court.

The court will have jurisdiction over the case. The lawsuit can also be initiated before the court of your place of residence or domicile. The National Authority for Data Protection and Freedom of Information (NAIH) may intervene in the proceedings to support your claim.

In addition to the provisions of the Data Protection Regulation, the rules of the Civil Code (Act V of 2013, Second Book, Part Three, Title XII, Sections 2:51-2:54) and other applicable legal regulations shall apply to court proceedings.

6.7.3 Compensation and Damages

If the Data Controller causes damage by unlawfully processing personal data, or if they infringe the data subject’s personality rights, the Data Controller can be liable for damages. The Data Controller can be exempted from liability for damages and payment of compensation if they prove that the damage or the infringement of personality rights was caused by an unavoidable reason outside the scope of the data processing.

7. DATA PROTECTION AND DATA SECURITY

We have carefully designed our data protection, data security, and information security controls, and we continually develop them. We take all necessary steps to ensure, considering the current state of science and technology, the costs of implementation, the nature of data processing, and the risks to the rights and freedoms of natural persons, that appropriate technical and organizational measures are in place to guarantee a level of data security appropriate to the risks involved.

Personal data is always processed confidentially, with restricted access, encryption, and the highest possible resilience. In case of an issue, restoration is ensured. Our systems are regularly tested to guarantee security.

When determining the appropriate level of security, we consider the risks posed by data processing, especially the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to transmitted, stored, or otherwise processed personal data.

We do everything necessary to ensure that persons acting under our authority who have access to personal data may only process the data following our instructions unless Union or Member State law requires otherwise.

7. DATA PROCESSORS

We do not transmit data to third parties; the data is used solely by Omnit Solutions Kft. for the purposes and conditions specified in this document.