DATA PROTECTION

OUR DATA MANAGEMENT INFORMATION OFFICER

Valid: from July 1, 2024

 1. INTRODUCTION

WISER Group Kft., as data controller (hereinafter: "Data controller") this document (hereinafter: "Informational"), wishes to provide you with information such as www.wisergroup.hu about the activity of a natural person visiting the website or interacting online with the Data Controller in connection with the processing of their personal data.

Please read the information sheet carefully and if you have any questions, please feel free to contact our colleague at the contact details listed in point 2! The information contained in the Information is primarily based on the relevant provisions of the following domestic and EU legislation:

• the European Parliament and the Council (EU) 2016/679. on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, as well as on the repeal of Regulation 95/46/EC, i.e. the European Union's General Data Protection Regulation (GDPR)
• CXII of 2011 on the right to information self-determination and freedom of information. law (Infotv.)
• Act V of 2013 on the Civil Code (Ptk.)

2. WHO MANAGES YOUR DATA?

Name: WISER Group Kft.

Address: 1065 Budapest, Révay köz 4.

Tax number: 27928181-2-42

Company registration number: 01-09-357551

Registering court: Company Court of the Capital City Court

Legal representative: Managing Director László Kozák

E-mail: info@wisergroup.hu

Phone number: +36 30 336 08 16

Data protection officer: Based on Article 37 of the GDPR, the data controller is not obliged to appoint a data protection officer

3. OUR DATA MANAGEMENT GUIDELINES

Personal data may only be processed for a clearly defined, lawful purpose, in order to exercise a right and fulfill an obligation. In all stages of data management, the purpose of data management must be met, the collection and management of data must be fair and legal. ("legality, due process and transparency")

Only personal data that is essential for the realization of the purpose of data management and suitable for achieving the purpose can be processed. Personal data can only be processed to the extent and for the time necessary to achieve the purpose. ("purposefulness")

Personal data must be appropriate and relevant for the purposes of data management, and must be limited to what is necessary. ("data saving”) During data management, the accuracy, completeness and – if necessary in view of the purpose of the data management – up-to-dateness of the data must be ensured, as well as that the data subject can only be identified for the time necessary for the purpose of the data management. ("accuracy")

Personal data must be stored in a form that allows the identification of the data subjects only for the time necessary to achieve the goals of personal data management. During data processing, personal data will retain its quality as long as the relationship with the data subject can be restored. The relationship with the data subject can be restored if the data controller has the technical conditions necessary for restoration. ("limited storage capacity")

In the course of data management, appropriate security of personal data must be ensured by applying suitable technical or organizational measures, especially those that create protection against unauthorized or illegal processing, accidental loss, destruction or damage. ("integrity and confidentiality")

The Data Controller is responsible for compliance with the above guidelines and must be able to demonstrate compliance. ("accountability")

4. CONCEPTS

"affected”: natural person identified or identifiable on the basis of any information;

"personal data": any information about the data subject;

"contribution": the voluntary, definite and clear declaration of the data subject's will based on adequate information, by which the data subject indicates through a statement or other behavior that clearly expresses his will that he gives his consent to the processing of his personal data;

"data controller”: the natural or legal person or organization without legal personality who, within the framework defined by law or a mandatory legal act of the European Union, independently or together with others, determines the purpose of the data management, the data management (including the device used) makes and implements relevant decisions, or has them implemented by the data processor;

"data handling": regardless of the procedure used, any operation performed on the data or the set of operations, including in particular the collection, recording, recording, organization, storage, change, use, query, transmission, disclosure, coordination or connection, locking, deletion and destruction of the data, as well as preventing its further use, taking photographs, audio or video recordings, and recording physical characteristics suitable for identifying the person (e.g. fingerprint or palm print, DNA sample, iris image);

"data transfer": making the data available to specific third parties;

"data processing”: the totality of data processing operations performed by a data processor acting on behalf of or at the request of the data controller;

"data processor": the natural or legal person or organization without legal personality who - within the framework and conditions defined by law or a mandatory legal act of the European Union - processes personal data on behalf of or at the direction of the data controller;

"third person": a natural or legal person, or an organization without legal personality, who is not the same as the data subject, the data manager, the data processor or the persons who carry out operations aimed at processing personal data under the direct control of the data manager or data processor;

"data protection incident": a breach of data security that results in the accidental or unlawful destruction, loss, modification, unauthorized transmission or disclosure of transmitted, stored or otherwise handled personal data, or unauthorized access to them;

"profiling": any processing of personal data - in an automated manner - aimed at evaluating, analyzing or predicting the data subject's personal characteristics, in particular those related to his performance at work, economic situation, health, personal preferences or interests, reliability, behavior, location or movement;

"addressee": the natural or legal person or organization without legal personality to whom the data manager or the data processor makes personal data available.

5. DESCRIPTION OF CERTAIN DATA PROCESSES

5.1.      Tracking

In order to make our website even more attractive www.wisergroup.hu We use so-called "cookies" to provide you with our website operated under the name and enable the use of certain functions. These are small text files that we store on your device. Some of the cookies we use are deleted when you end browsing, i.e. by closing the browser (so-called temporary cookies), while other cookies remain on your device and enable us to recognize your browser on subsequent visits (permanent cookies). When you open the website for the first time, you will receive information about the placement of cookies and you can decide whether to accept their use on your device. If you do not accept cookies, the usability of our website may be limited. You can find more information in the cookie information sheet after this information sheet.

5.2. Operation and operation of a website

Purpose of data management: THE www.wisergroup.hu operation of the website, contact through the website.  

Legal basis for data management: Your informed consent (GDPR Article 6(1)(a)).

Scope of processed personal data: The IP address associated with the data subject's device (and based on it the location of the data subject), the so-called session identifier identifying the data subject's device.

Duration of data management: 1 i.e. one year from the start of data management.

Data transfer (recipients): The Data Controller a  www.wisergroup.hu uses service providers as data processors in the context of website operation. Name and contact information of the online hosting service provider performing data processing: Websupport Magyarország Kft. (1119 Budapest, Fehérvári út 97-99, e-mail address: info@mhosting.hu).

5.3. Contact

Purpose of data management: If you are a www.wisergroup.hu If you wish to use a business service provided by the Data Controller via the website and in this context fill out the contact form on the website, your personal data provided there will be processed solely for the purpose of responding to these inquiries. Data management includes the case where you contact the Data Controller directly by e-mail or by telephone using the contact details published by the Data Controller as part of its business activities. The purpose of data management is therefore for you to be in direct contact with the Data Controller, to obtain information about the services provided by the Data Controller, and to establish a contractual relationship with the Data Controller.

Legal basis for data management: Your duly informed consent (GDPR Article 6 (1) point a)

Scope of processed personal data: Personal data provided by you (primarily: name, e-mail address, telephone number).

Duration of data management: Until the purpose of data management exists. In the case of telephone contact, the telephone conversation is not recorded, therefore the data management lasts for the duration of the telephone conversation.

Data transfer (recipients): Your personal data provided in the form is managed and processed by the Data Controller, the personal data provided by you is also managed by the online hosting provider and the service provider responsible for the operation of the e-mail system. Name and contact information of the online hosting provider: Websupport Magyarország Kft. (1119 Budapest, Fehérvári út 97-99, e-mail address: info@mhosting.hu).

5.4. Applying for a job advertisement

Purpose of data management: Operated by the Data Controller www.wisergroup.hu application for job advertisements published on the website.

Legal basis for data management: Your informed consent (GDPR Article 6(1)(a)).

Scope of processed personal data: Personal data provided by you (primarily: name, e-mail address, telephone number).

Duration of data management: We store your data as long as the purpose of the data management exists or until you withdraw your consent.

Data transfer (recipients): The Data Controller a  www.wisergroup.hu uses service providers as data processors in the context of website operation. The data processing service provider: Websupport Magyarország Kft. (1119 Budapest, Fehérvári út 97-99, e-mail address: info@mhosting.hu).

5.5. Presence on social media sites

General information: The Data Controller is also active on social networking sites (especially on the Facebook and LinkedIn channels) in order to provide interested parties with information about its services and advertise its services. In the case of Facebook, through the pop-up chat box built into the website, users (interested persons) can have a conversation, so-called they can start a chat with the Data Controller's Facebook profile after logging into the Facebook Messenger service. Through this, the user/person concerned can request general information, as well as request information about their individual order. The Data Controller has also created a professional social page on the LinkedIn social site, in order to share news, news, events and other invitations related to the Data Controller's activities to those interested. Interested parties have the opportunity to follow the Data Controller's page, and also have the opportunity to comment, like, share, and react to the content shared by the Data Controller. We would like to inform you that the Data Controller's social platforms are primarily governed by the social platform provider's data protection policy and data management principles, which can be accessed on the following interface:

• https://www.facebook.com/privacy/policy
• Facebook's data protection officer can be contacted online: https://www.facebook.com/help/contact/540977946302970
• LinkedIn Privacy Policy
• https://www.linkedin.com/legal/cookie-policy

The purpose of data management: Through the Social pages/platforms, users can view the social page/channel operated by the Data Controller, like or share posts, write comments or send messages. The purpose of data management is to respond to messages and comments written by users. In the case of the chatbox, the purpose of data management is to conduct user-initiated conversations and provide quick and efficient information. In the case of LinkedIn, the purpose of data management is to ensure contact, maintain contact, and provide information.

Legal basis for data management: Your duly informed consent (GDPR Article 6 (1) point a)

Scope of processed personal data: The personal data displayed in your user profile (in particular, including the user profile name, possibly displayed profile picture) in the event that the user has allowed it to the operator of the social site in his own settings. Any personal data provided by the user during the chatbox conversation, as well as the personal data displayed in the Facebook user profile of the interested party (especially the user profile name, possibly displayed profile picture) in the event that the person concerned has enabled it in their Facebook/Messenger settings social platform operator

Duration of data management: Until your message or comment is answered. After that, the Data Controller does not carry out further data management outside the social platform (including keeping a separate record of replies to comments or saving comments). The duration and method of data management are also determined by the data management rules and settings of the social platform.

Recipient of data transmission:

• Facebook Meta Platforms Ireland Limited - social media service (Registered at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland); Website: facebook.com
• LinkedIn Corporation, 1000 West Maude Avenue Sunnyvale, CA 94085 USA. LinkedIn's data protection officer can be contacted online: https://www.linkedin.com/help/linkedin/ask/ppq

6. ADDRESSES, DATA PROCESSING

In addition to the contracted data processors, only those employees of the Data Controller who are absolutely necessary for the performance of their duties are entitled to access the personal data. The contracted data processor carries out the data management according to the instructions of the Data Controller, cannot make substantive decisions regarding data management, may process the personal data that comes to his knowledge only in accordance with the provisions of the Data Controller, may not carry out data processing for his own purposes, and is also obliged to store and preserve the personal data in accordance with the provisions of the Data Controller and keep it secret. The data processor may not use additional data processors without the prior written authorization of the Data Controller on a case-by-case or general basis. We use different companies to process your data. Your data is and may be processed by the following contracted data processors on a permanent basis:

As stated in point 5, the Data Controller uses Websupport Magyarország Kft. (1119 Budapest, Fehérvári út 97-99., e-mail address: info@mhosting.hu) service.

According to the provisions of point 5, the Data Controller uses the service provided in the measurement of visits to websites operated by Google LLC. Google LLC. contact information: Address: 1600 Amphitheater Parkway, Mountain View, CA 94043, USA Privacy information: https://policies.google.com/privacy?hl=hu. Google LLC may store data in third countries (at the locations indicated here: https://www.google.com/about/datacenters/locations/). In order to ensure that the data is transferred on the basis of the appropriate guarantees according to the GDPR, the Data Controller and Google LLC have entered into a data processing agreement that contains the general contractual conditions according to the European Commission's Decision No. 2010/87/EU. Further information on the data protection compliance of this data processor is available at the following link: https://privacy.google.com/businesses/compliance/

The Data Controller has a contractual relationship with Microsoft Corporation (1 Microsoft Way, Redmond, WA, United States of America) for the purpose of investigating the activities of the data subjects on the Website, which are therefore classified as data processors. The purpose of using these data processing services is for the Data Controller to better understand its users (for example, how much time they spend using the Website, what they click on, what they don't like). This enables the Data Controller to develop the Website in accordance with user needs, compile the appropriate advertising audience, measure conversion between devices, enable it to target advertisements, optimize them for the appropriate audience, display personalized advertisements and advertisements, and reports , preparing statements about the Website and its visitor data. It collects data using cookies and other technologies. The data processing information of the data processor is available via the following link: https://www.microsoft.com/hu-hu/trust-center/privacy/data-management.

7. SECURITY MEASURES WITH AUTOMATED DECISION MAKING

In accordance with point f) of Article 13, paragraph (2) of the GDPR, we hereby inform you that no automated decision-making takes place within the Data Controller's data management activities. The Data Controller ensures the security of the data commensurate with the risk, and also takes the technical and organizational measures and establishes the procedural rules that are necessary to enforce the GDPR, Infotv., and other data and privacy protection rules. The Data Controller protects the data with measures commensurate with the risk, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction and damage, as well as inaccessibility resulting from changes in the technology used. The Data Controller obtains, as necessary, a confidentiality statement from the persons who have a legal relationship with it and who manage personal data on its behalf.  

In the case of data management in an electronic system, personal data is stored in a password-protected or encrypted database that is changed regularly. Access to such electronic data files is made possible by the Data Controller using a unique name and password, which also enables the verification of which personal data was entered into the given electronic systems, when and by whom. These accesses are also reviewed by the Data Controller at least annually. The Data Controller protects the data managed on the electronic device with firewalls, Antivirus programs, encryption mechanisms, content filtering and other technical and process solutions within the framework of protection proportionate to the risk, applies backups to avoid data loss and damage, and ensures that the installed systems are restored in the event of a malfunction its reparability. Documents handled on paper and containing personal data are stored by the Data Controller in a well-locked room equipped with fire and property protection, to which physical access is also restricted. Manually managed documents containing personal data are stored in a file cabinet in order to comply with the retention obligation of the data controller, which room is also a well-locked, fire and property protected area.

Prior to the introduction of new data management, the Data Controller shall, if necessary, conduct an impact assessment and continuously monitor any data protection incidents. If the data protection incident is likely to pose a high risk to the rights and freedoms of natural persons, the Data Controller shall comply with its statutory information/notification obligation without undue delay.

8. RIGHTS AND REMEDIES

You can exercise your rights listed in the points below by submitting a request to the Data Controller. The contact details of the Data Controller are contained in point 2 of the Information. The Data Controller evaluates the request for the enforcement of the rights - given the circumstances of the data management - in the shortest time from its submission, but no later than 25 (twenty-five) days and notifies the data subject of its decision in writing or, if the data subject submitted the request electronically, electronically.

8.1. INFORMATION ABOUT THE HANDLING OF YOUR PERSONAL DATA

At the request of the data subject, the Data Controller provides information about the data subject's data managed by it or processed by the data processor commissioned by it or at its disposal, its source, the purpose, legal basis, duration of the data processing, the name and address of the data processor and its activities related to data processing, the circumstances of the data protection incident , its effects and the measures taken to prevent them, and - in the case of forwarding the data subject's personal data - the legal basis and recipient of the data transfer.

8.2. ACCESS TO PERSONAL INFORMATION

The data subject has the right to receive feedback from the Data Controller as to whether his personal data is being processed, and if such data processing is underway, he is entitled to access the personal data and the following information:

1. the purposes of data management;
2. categories of personal data concerned;
3. the recipients or categories of recipients to whom or to whom the personal data has been or will be communicated, including in particular recipients in third countries and international organizations;
4. where appropriate, the planned period of storage of personal data or, if this is not possible, the criteria for determining this period;
5. the right of the data subject to request from the Data Controller the correction, deletion or restriction of processing of personal data concerning him and to object to the processing of such personal data;
6. the right to submit a complaint to a supervisory authority;
7. if the data were not collected from the data subject, all available information about their source;
8. the fact of automated decision-making, including profiling, as well as, at least in these cases, understandable information about the logic used and the significance of such data management and the expected consequences for the data subject.

If personal data is transferred to a third country or to an international organization, the data subject is entitled to receive information about the appropriate guarantees regarding the transfer. The Data Controller provides a copy of the personal data that is the subject of data management to the data subject. For additional copies requested by the data subject, the Data Controller may charge a reasonable fee based on administrative costs. If the data subject submitted the request electronically, the information must be provided in a widely used electronic format, unless the data subject requests otherwise. The right to request a copy must not adversely affect the rights and freedoms of others.

8.3. RIGHT TO CORRECTION

The data subject is entitled to have the Data Controller correct inaccurate personal data concerning him without undue delay upon request. Taking into account the purpose of the data management, the data subject is entitled to request the completion of incomplete personal data, including by means of a supplementary statement.

8.4. RIGHT TO DELETE (RIGHT TO BE FORGOTTEN)

The data subject has the right to request that the Data Controller delete the personal data concerning him without undue delay, and the Data Controller is obliged to delete the personal data concerning the data subject without undue delay if one of the following reasons exists:

1. the personal data are no longer needed for the purpose for which they were collected or otherwise processed;
2. the data subject withdraws the consent that forms the basis of the data management, and there is no other legal basis for the data management;
3. the data subject objects to data processing and there is no overriding legal reason for data processing;
4. personal data has been processed unlawfully;
5. the personal data must be deleted in order to fulfill the legal obligation prescribed by EU or member state law applicable to the Data Controller;
6. the collection of personal data took place in connection with the offering of services related to the information society.

If the Data Controller has disclosed the personal data and is obliged to delete it according to the above, it will take reasonable steps, including technical measures, taking into account the available technology and the costs of implementation, in order to inform the Data Controllers handling the data that the data subject has requested from them deleting the links to the personal data in question or the copy or duplicate of this personal data.

Data deletion cannot be initiated if data management is necessary: for the purpose of exercising the right to freedom of expression and information; for the purpose of fulfilling the obligation under EU or member state law applicable to the Data Controller requiring the processing of personal data, or for the execution of a task carried out in the public interest or in the context of the exercise of public authority vested in the Data Controller; affecting the field of public health, or for archival, scientific and historical research purposes or for statistical purposes, on the basis of public interest; or to submit, assert or defend legal claims.

8.5. RIGHT TO LIMIT DATA PROCESSING

The data subject has the right to request that the Data Controller restricts data processing if one of the following conditions is met:

1. the data subject disputes the accuracy of the personal data, in which case the limitation applies to the period that allows the Data Controller to check the accuracy of the personal data;
2. the data processing is illegal and the data subject opposes the deletion of the data and instead requests the restriction of its use;
3. the Data Controller no longer needs the personal data for the purpose of data management, but the data subject requires them to present, enforce or defend legal claims; obsession
4. the data subject objected to data processing; in this case, the restriction applies to the period until it is determined whether the Data Controller's legitimate reasons take precedence over the data subject's legitimate reasons.

If data processing is subject to restrictions based on the above, such personal data, with the exception of storage, will only be processed with the consent of the data subject, or for the presentation, enforcement or defense of legal claims, or for the protection of the rights of another natural or legal person, or in the important public interest of the Union or a member state can be handled.

The Data Controller informs the data subject at whose request the data processing was restricted in advance of the lifting of the data processing restriction. The Data Controller informs all recipients of the correction, deletion or data processing restriction to whom or to whom the personal data was disclosed, unless this proves to be impossible, or requires a disproportionate amount of effort. At the request of the data subject, the Data Controller informs about these recipients.

8.6. RIGHT TO DATA PORTABILITY

The data subject has the right to receive the personal data concerning him/her provided to a Data Controller in a segmented, widely used, machine-readable format, and is also entitled to transmit this data to another Data Controller without being hindered by the Data Controller whose provided the personal data if:

1. data management is based on the consent of the data subject or a contract; and
2. data management is automated.

When exercising the right to data portability as described above, the data subject is entitled to - if this is technically possible - request the direct transmission of personal data between Data Controllers. The exercise of this right may not violate the right to erasure. The aforementioned right does not apply in the event that the data processing is in the public interest or is necessary for the execution of a task performed in the context of the exercise of the public authority delegated to the Data Controller. The right mentioned in the paragraph may not adversely affect the rights and freedoms of others.

8.7. RIGHT OF WITHDRAWAL

The data subject is entitled to withdraw his consent to the processing of his personal data at any time, the exercise of which right does not affect the legality of the data processing carried out on the basis of the consent prior to the withdrawal.

8.8. SUBMITTING A COMPLAINT TO A SUPERVISORY AUTHORITY

The concerned National Data Protection and Freedom of Information Authority (hereinafter: "Authorities") may initiate an investigation in order to investigate the legality of the Data Controller's action if the Data Controller restricts the enforcement of the data subject's rights or rejects his request for the enforcement of these rights, and the data subject may request the conduct of the Authority's data protection official procedure if, in his judgment, the Data Controller, or the the data processor commissioned by him or acting on the basis of his instructions violates the regulations regarding the handling of personal data, defined in law or in a binding legal act of the European Union.

Name: National Data Protection and Freedom of Information Authority

Headquarters: 1055 Budapest, Falk Miksa utca 9-11

Mailing address: 1363 Budapest, Pf.: 9.

Phone: +36 (1) 391 1400

Fax: 06 1 391 1410

E-mail: ugyfelszolgalat@naih.hu

Website: http://www.naih.hu

8.9. RIGHT TO COURT

The data subject may go to court against the Data Controller or – in connection with the data processing operations within the scope of the data processor’s activity – the data processor, if, in his opinion, the Data Controller or the data processor entrusted by him or acting on the basis of his instructions has used his personal data in accordance with the law or the European It is treated in violation of the regulations defined in the mandatory legal act of the Union.

The Data Controller or the data processor is obliged to prove that the data management complies with the regulations for the management of personal data defined in legislation or in a mandatory legal act of the European Union.

The lawsuit may be initiated by the person concerned - at his or her choice - before the court competent for his or her place of residence. A person who otherwise does not have legal capacity can be a party to the lawsuit. The Authority may intervene in the lawsuit in order to win the case for the person concerned.

9. FINAL PROVISIONS            

The Data Controller regularly reviews the content of the Notice and reserves the right to modify it at any time at its discretion and according to the content of the relevant legislation. Amendments to the Notice shall enter into force at the same time as publication.