In order to ensure the legality of the internal data management processes of VIP Limuzin Kft. And HBSZ Termelő Kft. (Hereinafter: the Companies) and the rights of the data subjects, the following data protection information is described.
Name of data controller: VIP Limuzin Kft.
Company registration number of the data controller: 01-09-309077
Data controller tax number: 26230362-1-43
Headquarters of the data controller: 1239 Budapest, Fakopács street 5/a
Representative of the data controller: Ábel Hajdú
Email address of the data controller: info@viplimuzin.hu
Our company handles personal data in accordance with all applicable, but primarily the following legal regulations:
Our company treats personal data confidentially, and in order to preserve the data, it takes all technical and organizational measures related to data storage and data management that promote secure data management.
Management of personal data related to travel, names and lists of bus passengers
The purpose of the data management is to create a passenger list of bus passengers in case of special passenger transport performed by the Company.
The legal basis for data processing is the fulfillment of a legal obligation pursuant to Article 6 (1) (c) of the Regulation. (XII. 7.) means the fulfillment of the provisions of Paragraph 22 S (8) of the Government Decree, according to which “in the case of special passenger transport performed by an economic organization established in the territory of Hungary, a passenger list shall be prepared. The passenger list is annexed to the journey form. According to Act C of 2000 on Accounting, the Company is obliged to keep the journey form for 8 years.”
Legal background and legal basis of data management: The background of data management is defined in Act CXII of 2011 on the right to informational self-determination and freedom of information. Act (Info Act) and the European Parliament and Council (EU) 2016/679 Regulation (GDPR). The legal basis for data processing is your consent in accordance with section 5 (1) (a) of the Info Act and section 6 (1) (a) of the GDPR and, in the event of withdrawal of your consent, fulfillment of the legal obligation of the Data Controller pursuant to Section 6 (5) (a) of the Info Act.
Email address, password, name, address, phone number, billing information, contact information, customer service information, tax number, account number. The data stored during data management is typically not the data of natural persons, unless they open a web store as a sole proprietor. The reason for storing large amounts of data is to ensure that online stores comply with consumer protection considerations.
Email address, address, phone number, billing information, contact information, customer service information, tax number, account number, passenger list.
Data processing will be terminated irrevocably upon the termination of all ordered services by the customer or service provider, or upon the expiration of 15 calendar days after the smooth fulfillment of the service, it will be permanently deleted if it is not used in court or official proceedings. Deleted data will not be archived or filed by the company. The customer can asf for the termination and change of data in the customer interface provided by the service provider by e-mail. The provisions of the TC apply to cases of extraordinary termination.
Legal background and legal basis of data management: The background of data management is the provisions of Act C of 2000 on Accounting. In the event of the withdrawal of the consent for data management, the fulfillment of the legal obligation of the Data Controller set out in the Act shall prevail. Purpose of data management: Issuance of an invoice in accordance with the law and fulfillment of the obligation to keep accounting documents. Pursuant to Section 169 (1) – (2) of the Accounting Act, companies must keep the accounting document directly and indirectly supporting the accounting records. The scope of the managed data: billing name, billing address, e-mail address, telephone number, tax number. Duration of data management: In accordance with Section 169 (2) of the Accounting Act, the issued invoices must be kept for 8 years from the date of issue of the invoice. We would like to inform you that if you withdraw your consent to the issuance of the invoice, the Data Controller is entitled to keep the personal data obtained during the issuance of the invoice for 8 years pursuant to Section 6 (5) a) of the Info Act.
Legal background and legal basis of data management: The background of data management is defined in Act CXII of 2011 on the right to informational self-determination and freedom of information (Info Act) and Act XLVIII of 2008 on the basic conditions and certain restrictions of commercial advertising. Act (Grt.). The legal basis for data processing is your consent in accordance with Section 5 (1) (a) of the Information Act and Section 6 (1) – (2) of the Commercial Advertising Act. The purpose of data management: Information letters are not intended for advertising purposes only. The purpose of data management is to keep the customer first-hand informed of the company’s current situation, important developments, professional news, news and promotions. The scope of data managed: the customer’s e-mail address. Duration of data processing: Until the consent of the data subject is withdrawn. The cancellation of data management can be submitted by email to info@viplimuzin.hu.
Furthermore, pursuant to Section 8/3 of Act XLI of 2012, the service provider shall process data for the protection of the life, physical integrity and property of passengers and the service provider’s employees and agents, as well as its vehicles, equipment, devices, other property and national property. Service Provider may take and manage recorded images and sound recordings at the locations specified in this paragraph. The Companies will permanently and irrevocably delete the processed data and recordings on the 16th day from the date of recording, if it is not used in court or official proceedings.
If the Data Controller wishes to perform further data processing, it shall provide preliminary information on the essential circumstances of the data processing (legal background and legal basis of the data processing, purpose of the data processing, scope of the processed data, duration of the data processing). We would like to inform you that the Data Controller must comply with the written data requests of the authorities based on legal authorization. The Data Controller shall keep a record of the data transfers in accordance with Section 15 (2) – (3) of the Info Act (to which authority, what personal data, on what legal basis, when the Data Controller transmitted), the content of which the Data Controller shall provide upon request, unless information is prohibited by law.
The customer and the tour operator.
The personal data of the data subject may only be disclosed to the employees of the Companies who are required to do so by their job duties. Our Company does not use a data processor for data management.
Our Company does not transfer the relevant data to any third country or other organization.
None of this happens during data management.
The provision of personal data and the list of passengers may not be omitted in the case of occasional passenger transport.
The data subject has the right to the information related to data management, which the Companies provide by providing this information.
If the legal basis of a data processing is the consent of the data subject, he or she has the right to withdraw his or her consent to the data processing at any time. However, it is important to know that the withdrawal of consent can only apply to data for which there is no legal basis for processing. Unless there is another legal basis for the processing of the personal data concerned, the Companies will permanently and irrevocably delete the personal data after the withdrawal of the consent. The revocation of the consent pursuant to the Decree shall not affect the lawfulness of the data processing carried out on the basis of the consent before the revocation.
Upon request, the Companies shall inform the data subject at any time whether the data subject’s personal data is being processed and, if so, shall provide access to the personal data and the following information:
The data subject has the right at any time to have inaccurate personal data concerning him or her rectified at his or her request without undue delay. Taking into account the purpose of the data processing, the data subject is also entitled to request the incomplete personal data to be supplemented, inter alia, by means of a supplementary statement. It is necessary for the Companies to notify the data subject of any change in their personal data as soon as possible, thus facilitating the lawful data processing and the enforcement of the data subject’s rights.
At the request of the data subject, the Companies shall delete the personal data of the data subject without undue delay if any of the following reasons exist:
The Companies will not comply with the data subject’s request for cancellation if further data processing is required for one of the following reasons:
At his or her request, the data subject has the right to ask for the restriction of the processing of data if any of the following is met:
If the processing is subject to restrictions, such personal data, with the exception of storage, shall only be handled:
If the data subject has a legitimate interest in the processing of personal data (Article 6 (1) (f) of the Regulation) or the processing is necessary for the performance of a task performed in the exercise of public authority conferred on the controller (Article 6 (1) (e) of the Regulation) the data subject shall have the right to object at any time to the processing of his or her personal data, including profiling based on those provisions, for reasons related to his own situation.
In this case, the Companies may not further process personal data unless they demonstrate that the processing is justified by compelling legitimate reasons which take precedence over the interests, rights and freedoms of the data subject or which relate to the submission, enforcement or defence of legal claims.
If the data subject’s personal data is processed by the Companies for the purpose of direct business (for example, by sending information letters), they have the right to object at any time to the processing of their personal data for this purpose, including profiling insofar as it relates to the direct business. If the data subject objects to the processing of his or her personal data for the purpose of direct business acquisition, the personal data may no longer be processed by the Companies for this purpose.
The data subject shall have the right to receive the personal data concerning him or her made available to the Companies in a structured, widely used machine-readable format and, the data subject shall have the right to ask Companies to transfer such data to another data controller if:
The data subject may exercise the above rights by sending an e-mail to info@viplimuzin.hu to the registered office of the Companies (1239 Budapest, Fakopács utca 5 / a). Companies shall begin to examine and process the data subject’s claim without undue delay upon receipt. We will inform the person concerned of our action on the request within 30 days of receipt. If we are unable to comply with your request, we will notify you within 30 days of the reasons for your denial and your right of appeal.
If the data subject considers that the processing of personal data concerning him or her violates the Regulation or the Info Act, he or she has the right to lodge a complaint with a supervisory authority, without prejudice to other administrative or judicial remedies. The authority must then investigate the complaint and notify the person concerned of the outcome of the investigation. The person concerned shall have the right to lodge a complaint with any authority of a Member State of the European Union, in particular the Member State in which he or she has his or her habitual residence, place of employment or suspected infringement. You can read the contact details of the Hungarian data protection authority below.
In order to enforce his or her right to a judicial remedy, the data subject may apply to the courts if, in his opinion, the Companies or the data processor or joint data controller acting on their behalf or at their disposal comply infringes the law on the processing of personal data or in case of a breach of the requirements set out in a binding act of the European Union.
The court is acting out of turn in the case. The court has authority to hear the case. The lawsuit may also be initiated before the court of the place of residence or stay of the person concerned or the place of residence of the person concerned (DISTRICT XX, XXI and XXIII of BUDAPEST).
By filing a complaint with the National Data Protection and Freedom of Information Authority, anyone may initiate an investigation against the Companies on the grounds that there has been a breach of law in connection with the processing of personal data, there is an imminent danger thereof, or that the exercise of their rights related to data processing is restricted by the Companies or their request to enforce these rights is rejected. The notification can be made at one of the following contacts:
National Data Protection and Freedom of Information Authority (NAIH)
Postal address: 1530 Budapest, Pf .: 5.
Address: 1125 Budapest, Szilágyi Erzsébet avenue 22 / c
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat@naih.hu
URL: https://naih.hu/