Privacy and cookie policy

Faith In Trance Management (Imprint) as a data controller and owner of the websites faithintrance.hu, trancegivingday.hu, theoffice.website, theoffice.hu (Data Controller) hereby informs the stakeholders that the personal rights of the stakeholders are respected in accordance with GDPR, the material and procedural rules of the Hungarian applicable law, the current Data Protection and Privacy Policy and other internal regulations as follows.

This privacy and cookie policy is a brief extract from the Data Controller’s Data Protection and Privacy Policy (hereafter referred to as the “Policy”) to inform the stakeholders in an easily understandable way about the most important rules regarding data protection by the Data Controller. Regarding the issues not discussed in this document, the provisions of the Policies and the relevant legislation shall be governed and interpreted in conjunction with these. This document and further Policies are available in full at the actual location of the data handling.

Stakeholders
Any person identified or directly or indirectly identifiable by personal data is affected whose data is managed by the Data Controller. So, the people concerned are the visitors of the website, our own employees, the representatives of non-natural persons, contacts, or other employees, natural persons, partners (hereinafter referred to as “Affected”).

Data handling goals
The Data Controller performs data management for the following purposes in accordance with the law:
a) in connection with the provision of IT advisory services, we handle the data of the recipients of the service in order to fulfill a legal obligation and to maintain a customer relationship;
b) information service for potential customers;
c) management of employee data;
d) management of contact details of Partners;
e) fulfillment of customer orders;
f) property protection, personal security;
g) facilitating internal administration,

According to Article 37 of the GDPR, the Data Controller is not obliged to appoint a Data Protection Officer and informs the data subjects that data processors are used for data processing.

Possible Aspects of Data Handling:

Information Requests
The request for information is based on a voluntary consent, and the information provided does not need to include personal data.
Stakeholders: Any and all natural person who contacts the Data Controller and requests information from the Data Controller with entering his / her personal data.
Scope and Purpose of Data Handled:
name: identification
phone number: contact
e-mail address: contact
Subject matter / question content: answer
The purpose of data handling is to provide the person with the right information and establish contact with the person concerned.
Data handling duration: until the goal is achieved.

Request for Proposal
The request for proposals is based on a voluntary consent.
Stakeholders: Any and all natural person, who ask for a proposal regarding the service and / or product provided by the Data Controller with entering his / her personal data.
Scope and Purpose of Data Handled:
name: identification
phone number: contact
e-mail address: contact
Subject matter / question content: answer
The purpose of data handling is to provide a suitable offer and establish contact with the person concerned.
Data handling duration: expiration of validity of proposal.

Handling of Banking Data
Bank transfers and the processing of related data by the Data Controller is based on a voluntary contribution.
Target group: Any and all natural person who wishes to pay by bank transfer.
The scope and purpose of the data processed:
account holder’s name: identification
bank account number: identification
communication: identification
Amount: Identification
The purpose of the data handling is to facilitate and monitor the financial performance of Stakeholders.
Data handling duration: for identity and contact information, until the expiration of the enforceability of the rights and obligations deriving from the legal relationship by which the data controller handles personal data, for data that are filed to accounting documents and supporting documents Pursuant to Article 169 (2) of Act C of 2000, at least eight years.

Employee records
The establishment of a legal relationship is based on a voluntary contribution, but data management is mandatory for the 2003 XCII. and Section LXXV of 2010 on Simplified Employment, Act No. 3 and Section 11.
Stakeholders: Any and all natural person who establishes an employment relationship with the Data Controller or establishes other legal relationship regarding which the Data Controller has a report duty.
Scope of data handled in case of employment:
family name and surname, place of birth, date of birth, mother’s name, address, tax identification number, TAJ number, education, qualification, vocational qualification, name of the institution issuing the certificate of the former, number of documentary evidence, FEOR number, , length of insurance termination, probationary period, gross personal wage, net personal wage, bank account number
identity card number, phone number, e-mail address, personal image, foreign language skills, job description, job description, management mandates, internship, exam, probation, disciplinary procedure, punishment, exemption, criminal record, activity, time spent at work, time to employment, rating data, honors, prizes and other honors, titles

Scope of data handled in the case of an assignment relationship:
family name, family name, place of birth, date of birth, mother’s name, address, tax identification number, TAJ number, start of legal relationship, FEOR number, start date, code, termination of insurance, insurance termination period, place of work
The purpose of data handling is to fulfill the legal obligations.
Data handling duration: The data controller records the data for a period of 5 years from the end of the calendar year of the Employee / Employee’s withdrawal, with the obligation not to discard employment, wage and social security records (50 years).

Handling of Advisory Data
Participation in advisory services is based on a voluntary consent.
Stakeholders: Any and all natural person who wishes to participate in the information technology and information security consultancy provided by the Data Controller by voluntarily providing his / her data.
Scope and Purpose of Data Handled:
name: identification
phone number: contact
e-mail address: contact
The purpose of data handling is to provide a service (education, training) to the person concerned at a specific time, duration and content and establish contact with the person concerned.
Data handling duration: for identity and contact information, until the expiration of the enforceability of the rights and obligations deriving from the legal relationship by which the data controller handles personal data, for data that are filed to accounting documents and supporting documents Pursuant to Article 169 (2) of Act C of 2000, at least eight years.

The Data handler
The data is processed by the Data hanler’s Employees only to the extent strictly necessary to carry out their duties.

Data forwarding
The processing of personal data is performed by the Data Controller by default or if it is outsourced to a Data Processor (eg accounting, payroll, domain server, email hosting), the processing is performed by the Processors specified in the Annex to this Regulation. In this case, the Data handler forwards data to the data processors and is responsible for the activities of data processors. Non-public customer information is not transferred / forwarded by the company.

The Data handler may forward the Stakeholders’s data, if the legitimacy of the data handling has been clarified (eg Stakeholder previously and voluntarily consented to it), and the data is absolutely necessary for filling that position, or assuming rights.

Rights of Stakeholders
According to the Info Info Act and Regulation (EU) 2016/679 of the European Parliament and of the Council, the rights of the data subject are: right of information, right of rectification, right of cancellation, right to restriction, right to protest, right to a court, right to appeal. The detailed definitions and limitations of each rights are defined in the Regulations.

Information on the handling and transmission of data
The Data Handler draws the attention of the Stakeholders to the fact that exercising information requests and other rights, if not excluded by law, can be made to info AT CEG or to other availabilities of the Data handler. The Data Handler will examine the request within the shortest possible time, but within 15 working days of receipt, and will take the necessary steps according to the request, the Policy, the Rules and the Statutes. Where combined, joint data handling happens, you may exercise these rights at any data handler concerned.

Rights Enforcement
National Privacy and Freedom Authority
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22 / c
Phone: 00361 3911400
Fax: 00361 3911410
Web: http://www.naih.hu
E-mail: ugyfelszolgalat@naih.hu

In violation of the rights of minor offending, hateful, exculpatory content, rectification, the rights of a deceased person, breach of good repute:
National Media and Communications Authority
Address: 1015 Budapest, Ostrom u. 23-25.
Mail address: H1525 Budapest Pf. 75
Tel: 00361 4577100
Fax: 00361 3565520
Web: http://www.nmhh.hu
E-mail: info@nmhh.hu

You may contact a court in case of violation of your privacy rights. The court proceeds out of turn. The Data Controller must demonstrate that data management is in compliance with the law. In the event that the Data Handler breaches the personality right of the data subject by the unlawful handling of the data concerned or the violation of the requirements of data security, the data subject may demand a damages charge from the Data Handler.

Data security
Data handler ensures data security. To achieve this, takes the technical and organizational measures, and establish the procedural rules that are necessary to enforce applicable laws, data and privacy rules. The Data handler protects the data by appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as unavailability due to accidental destruction or damage, as well as the technique used. Data security is ensured by the Data Controller beside the methods described in this policy through internal policies, instructions and procedural rules. In defining and applying data security measures, the Data Controller takes into account the state of the art at all times and selects several possible data management solutions that provide for a higher level of protection of personal data, unless disproportionate.

The Data Handler will, in the context of his IT security tasks, in particular:
– take measures to protect against unauthorized access, including protection of software and hardware, and physical protection (access protection, network protection);
– take measures to ensure data recovery, including systematic backups and separate, secure management of backups (mirroring, backup);
– take measures to protect files against viruses (virus protection);
– take measures to ensure physical protection of data files and their devices, including protection against fire damage, water damage, lightning strike, other damage to the environment, and restoration of damage caused by such events (archiving, fire protection).

The data Handler declares that
– does not perform data-management activities that are subject to notification,
– maintains the right to change the Policy, to ensure its alignment with the Policies, regulations, laws and other Internal Rules.

The Legal basis for using your personal information
The use of your personal information is based on the following legal basis:
(a) contact: legal basis: GDPR Article 6 (1) (f). For the employees of the partners and their employees, the legal basis for the handling of data, interest weighing. The data controller has a legitimate interest: business continuity.
(b) management of employee data: GDPR Article 6 (1) (b), (c).
c) management of contractual partners and customer data: legal basis GDPR Article 6 (1) (b)
(d) Marketing activity: legal basis: GDPR Article 6 (1) (a). For marketing purposes, a facebook page is not running, creating a stand-alone database and profiling is not done on this site as well.
(e) issuing an invoice complying with accounting law: legal basis: Article 6 (1) (c) GDPR
f) issuing an invoice complying with accounting law: legal basis: Article 6 (1) (c) GDPR.

Cookies
While you are browsing our site, we don’t collect any personal data that can identify you, neither do we store any such data. We do create technical files though, which are called cookies, that provide usage information about the computer that you are using to access our website.

Cookies collect information about how visitors browse our pages, where they click on our site or what browser they are using and we link this information to the above mentioned computer. Cookies help us to provide the best browsing experience possible, increases our systems operational security, and makes us able to show offers and ads more relevant to our visitors and, to store visitor consent regarding our cookies. The cookie works and delivers transaction data based on the above automatically and we collect them at our hosting partner and Google Analytics (GA). We are using GA to aid and optimize our marketing and business strategy by utilizing its capacity to showcase through charts and stats how our website visitors browse our website. GA uses cookies (_ga, _gat, _gid) to gather information about the computer the visitors are using to access our website.

Cookies are used with your consent, as you have to Accept Cookies to browse our site and through this process you are actively agreeing to the use of cookies. You can deny any and all Cookies in your browser settings and so revoke your authorization to use cookies on our website.

 


 

In case you have questions of comments regarding the visitor data automatically stored by Faith in Trance Management Ltd. please contact us on any of our availabilities on our webpage theoffice.website.