DATA MANAGEMENT STATEMENT AND DATA MANAGEMENT RULES
Before managing the data, we inform you that data management is always based on your consent.
2. Term Definitions
● Legislation in force for processing the Users’personal data: Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: Act CXII of 2011).
shall mean data relating to the data subject, in particular by reference to
the name and identification number of the data subject or one or more factors specific to his
physical, physiological, mental, economic, cultural or social identity as well as conclusions
drawn from the data in regard to the data subject
2. Data Subject:
shall mean any narural person directly or indirectly identifiable by reference to specific personal data
shall mean the natural or legal person, or organisation without legal personality, which alone or jointly with others determins the purposes and means of the processing of data; makes and executes decisions concerning data processing (including the means used) or have it executed by a data processor (Charter-System Ltd – Car Rentals)
4. Data Processing:
shall mean any operation or the totality of operations performed on the data, irrespective of the procedure applied; in particular, storing, modifying, using, querying, transferring, disclosing, synchronising or connecting, blocking, deleting and destructing the data, as well as preventing their further use, taking photos, making audio or visual recordings, as well as fingerprints or palm prints, DNA samples, iris scans)
5. Data Storage:
irrespective of the method used, the Controller does not perform any operation or any sets of operation on the data, in particular he or she does not systematize, modify, use, query, transmit, disclose, coordinate or interconnect, there is no further use of the data
6. Data Deletion:
shall mean making the data unrecognisable in a way that it can never again be restored
7. Data Process:
shall mean performing technical tasks in connection with data processing operations, irrespective of the method and means used for executing the operations, as well as the place of execution, provided that the technical task is performed on the data
8. Data Set:
shall mean all data processed in a single file
9. Third Party:
any natural or legal person, or organisation without legal personality other than the data subject, the Data Controller or the data processor
10. Data Public on Grounds of Public Interest:
any data, other than public information, that are prescribedby law to be published, made available or otherwise disclosed for the benefit of the general public
11. Electronic Commerce Service:
a service related to the information society aimed at the commercial sale, purchase, exchange or any other recourse of a commercially available movable property - including money and securities, and the natural resources that can be used in the way of things -, services, property, and property rights (collectively: goods)
12. System Operator:
the company that operates the IT systems of the enterprise (Charter Bt. Kozármisleny, Munkácsy Mihály Street 14; Tax Number: 20059680-1-02; Premises: 7761 Kozármisleny Munkácsy M. Street 14; Contact Details: informatika.charter.hu +36-30/9971-010; Representative: Levente Morvai
the company that runs the company’s web-systems (WAWONA Internet Kft, 7621 Pécs, Perczel M. u. 35. Tax Number: 13696164-2-02; Contact Details: wawona.hu +36-72/227-718; Representative: Németi Roland
3. Scope of Users:
The user is a natural person who is not registered on the site but makes use of the website services, makes a request, is identified, directly or indirectly, on the basis of any specific resonal data
4. Processing, Storage
The company does not process the data obtained, it only stores them!
5. The Scope of the Stored Personal Data
The personal data handled by the Data Controller are the following:
Website users (call for proposals):
● Type of rent (private person/company)
● Destination (home country/abroad)
● Name (name/company name)
● Address (settlement, street, house number)
● Phone number
● E- mail address
Rental Service Users:
● ID card details (ID number, family and name, sex, place of birth, date of birth, mother's name)
● Information of the residence card showing permanent address (ID number, name, place of birth, date of birth, mother's name, permanent and temporary address)
● Driver's license details (license number, name, place of birth, date of birth, mother's name, permanent and temporary address)
● Phone number
● E- mail address
The Data Controller is not responsible for the authenticity of stored personal data! For the personal data provided, the responsibility lies solely with the User.
6. Storage Time of the Data:
The Data Controller stores the personal data of the person as described above until the owner’s written withdrawal, in the absence of such; data are stored for 10 years from the date of data collection.
7. Withdrawal of Consent:
We hereby inform you that the consent can be revoked free of charge without limitation or justification. In this case, the name of the declarant and all other personal data will be deleted from our electronic records.
A notice of withdrawal may be made by the person concerned, both by post and by electronic means, so that the person making the notice can be identified clearly.
8. Data Disclosure:
The Data Controller will provide the personal data he or she records to the Authority only, after a written request
9. The purpose and legal basis for managing personal data
Data Management Goals:
The purpose of data management is to enable Users to access the services provided by the Data Controller and to allow for the performance of the Data Controller, to monitor service sales, to identify the User, and to allow the user to receive information on the request for quotation.
The Legal Basis and Method of Data Management:
The recording and storage of personal data in the course of request for qoutation done on the Web- site and in the course the use of the service is based on the User's voluntary contribution.
This consent is provided by the User by sending a request for quotation on the Website.
10. The Person Authorized for Data Management and Data Processing
The person is authorized to manage and process personal data as Data Controller. Personal data managed may be accessed by the Data Controller's current legal representative (s), his or her employees / agents / contributors. The Data Controller will not transfer personal data to third parties, unless the person concerned expressly agrees to it.
11. Data Management Duration
The personal data provided by the User pursuant to the consent of the User will be handled by the Data Controller until the purpose of data storage exists or until the withdrawal of the User's consent. The Data Controller will manage the User's personal data provided during the granting of his or her data until the request is answered or the service is terminated.
The Data Controller will disclose the personal data collected in the absence of a different law, a) in order to fulfill its legal obligation, or b) to enforce the legitimate interests of the Data Controller or a third party, if the enforcement of this interest is proportionate to the limitation of the right to the protection of personal data, as well as the withdrawal of the consent of the person concerned. / Act CXII of 2011 (6) (5) /
The Data Controller will keep and store the personal data provided by the User for the purposes of fulfilling the accounting obligations pursuant to Section 169 of Act C of 2000 for eight years, and to the Act XCII of 2003 on the Order of Taxation, respectively, within the limitation period specified by law.
12. Data Transmission
The Data Controller will not sell, rent or provide personal data or information on the User to any other person or entity other than the data required to fulfill the accounting obligation or to the Authority.
The Data Controller will ensure the proper security of the data as he or she is expected to do and will take the technical and organizational measures that guarantee the enforcement of the data protection rules and principles and promote the security of personal data.
We would like to inform our dear Users that the Data Controller will not transmit personal data to any third party or persons.
The duration of the data management: until the purpose of the data management is completed or the withdrawal of the User's consent, in the absence of this for 10 years from the date of data collection.
14. User’s Rights with Regard to the Processing of their Personal Data, Enforcement and Legal Remedy
The User has the right to request information from the Data Controller about handling his or her personal data; in addition, the User may request the rectification of his or her personal data as well as the cancellation or blocking of his or her personal data.
If the User requests it in writing, the Data Controller will provide information about the data of the User managed the Data Controller.
In addition, according to such request, the Data Controller will provide information in e-mail on the source of the personal data he or she manages, the purpose, legal basis, duration of the data managing, the name, the address and data management activities of the data processor, the circumstances, effects and measures done for averting the data protection incident, and, in the case of transmission of the personal data of the person concerned, on the legal basis and the addressee of the data transmission.
Please note that in the case of a postal request, the Data Controller will be able to send a reply in writing by post to letters arriving by post to the User, if the User indicates his or her postal address in his or her request for the purpose of replying.
The User is also entitled to request the deletion of his data in a written request addressed to the Data Controller, under the contact details of the Data Controller as specified in Point 1.
The User is entitled at any time to request his or her incorrect, altered or incorrectly recorded data to be corrected or deleted. The Data Controller will within a reasonable time, but at the latest within 30 days after the receipt of the request, delete or modify the data indicated by the User.
We hereby inform you that the deletion does not apply to the data processing required under the law (eg accounting rules), which the Data Controller is obliged to keep for the period of time laid down in law.
Instead of deleting, the Data Controller will block the personal data if the data subject so requests or if, on the basis of the information available to him or her, it is assumed that the deletion would harm the legitimate interests of the data subject. Personal data so blocked can only be managed as long as there is a data management target that excludes the deletion of personal data.
If the User feels that his or her personal data processing rights may be infringed, he or she should notify us in writing under the contact details of the Data Controller given above.
In the case of the infringement of the personal data of the User, the User may turn to the National Data Protection and Information Authority (NAIH) under Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (address of the Authority: 1125 Budapest, Szilágyi Erzsébet fasor 22 / C, Postal Address: 1530 Budapest, PO-box: 5), or may ultimately assert his or her rights before court. The General Court has jurisdiction over the lawsuit.
15. The Force of the Regulation
16. Compliance with the Law
In particular, the Data Controller shall keep in mind the provisions laid dawn in the following legislation in the course of the data management:
● Act CXII of 2011 – on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: Act CXII)
● Act CVIII of 2001 on Electronic Commerce and on Information Services (especially Section 13/A)
● Act XLVII of 2008 on the Prohibition of Unfair Business-to-Consumer Commercial Practices
● Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (especially Section 6)
● Act XC of 2005 on Electronic Freedom of Information
● Act C of 2003 on Electronic Communications (especially Section 155)
● Opinion 16/2011 on EASA/IAB Best Practice Recommendation on Online Behavioural Advertising
The development of the IT system is based on current technologies and GDPR data security, which is the common responsibility of the System Operator and the System Owner.
The system operator ensures for the IT system:
- the data security according to the required and expected technology
- the possibility of restoration in case of data damage
- the prevention of external and thirdparty access
The system operator shall be bound by a confidentiality obligation with respect to all data of the Data Controller, as set out in the Annex.
The system operator has issued the following security rules, the compliance of which must be enforced and verified by the Data Controller, with the assistance of the system operator.
Password Management Policy:
Password created for staff member can be stored only in memory format.
Additional passwords are stored in a multi-secured electronic way by the system operator.
The access to the IT system is in each case multiply password protected, which is guaranteed by the system operator.
Any party to the IT system-access requires the acceptance of a confidentiality statement, which is recorded as an attachment to the employment contract.