en

Terms & Conditions

 1. INTRODUCTION

The purpose of the current Policy is to ensure the lawful and proper management of personal data and public information in accordance with the Hungarian Act CXII. of 2011. on the Right of Informational Self – Determination and on Freedom of Information and the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter GDPR). ) and the adequate harmonization of administrative activities with other internal policies and regulations for the protection of fundamental rights and freedoms of natural persons.

Furthermore, by familiarization and compliance by the employees of the organization, the leaders of every organizational unit will be able to lawfully manage personal data.

With these goals in mind the current policies summarize the data protection measures and procedures governing personal data processing.

1.1 Legal commitment

SIC Hungary Kft., as data controller:

  • agrees to be bound by the content of this legal notice;
  • attaches great importance to the widest possible disclosure of data of public interest;
  • commits itself to comply with the current policy requirements and applicable laws regarding its data processing activities;
  • reserves the right to change the current policy, provided that data subjects are notified in due time and through proper channels;
  • is commited to the personal data protection of its data subjects and attributes utmost importance to their right to informational self-determination;
  • processes personal information with confidentiality and will take security measures – administrational, physical and logical – to guarantee data security.
1.2 Legal enviroment

SIC Kft. describes its data protection principles below, outlining the expectations it has set out and which it adheres to as a data controller. Data protection principles are inline with current data protection legislation in force and applicable legal data processing requirements, in particular:

  • Act LXVI of 1995 on Public Records, Public Archives, and the Protection of Private Archives
  • Act CLV of 1997 on consumer protection;
  • Act C. of 2000. on Accounting;
  • Act CVIII of 2001 on certain issues of electronic commerce activities and information society services;
  • Act V of 2006 on Public Company Information, Company Registration and Winding-up Proceedings;
  • Act CXII. of 2011. on the Right of Informational Self – Determination and on Freedom of Information;
  • Act I. of 2012. on the Labour Code;
  • Act V. of 2013. on the Civil Code;
  • REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
  • Act CL of 2017 on the rules of taxation;

SIC Kft’s policy is also guided by decrees, resolutions and recommandations issued by the chairman of the National Data Protection and Freedom of Information Authority.

1.3 Scope of the Policy

The Policy(’s):

  • Material scope – The material scope of the Policy applies to all data processing and managment activities by the Kft. – involving personal data – being it by manual, computerized or automated means;
  • Personal scope – The personal scope of the Policy extends to contractual relationships – as stipulated in the contract or on the basis of the confidentiality statement / non-disclosure agreement – and/or to natural-, legal persons, non-legal entities (hereinafter referred to as the “External person”) who come in contact with the information system(s) and services of the Kft;
  • takes into account – in particular, but not limited to – the Information Security Policy;
  • Issues not addressed by this Policy shall be governed by the provisions of the Information Act of 2011. (Act CXII. of 2011), the Hungarian Civil Code and the EUs General Data Protection Regulation, as well as the other applicable legal provisions in force; 
  • is effective until revoked;
1.4 Publication

The current policy is continuously available through the offical company website in electronic format and in paper-form, visibly posted on the billboards at the headquarters, premises of the company.

 

2. DEFINITIONS

2.1 The Kft throughout its current policy and data processing activities uses the following definitions as they are layed out in the GDPR and the Information Act CXII. of 2011.
  1. data subject shall mean any natural person directly or indirectly identifiable by reference to specific personal data;
  2. personal data shall mean data relating to the data subject, in particular by reference to the name and identification number of the data subject or one or more factors specific to his physical, physiological, mental, economic, cultural or social identity as well as conclusions drawn from the data in regard to the data subject;
  3. special data shall mean: a) personal data revealing racial origin or nationality, political opinions and any affiliation with political parties, religious or philosophical beliefs or tradeunion membership, and personal data concerning sex life; b) personal data concerning health, pathological addictions, or criminal record;
  4. criminal personal data shall mean personal data relating to the data subject or that pertain to any prior criminal offense committed by the data subject and that is obtained by organizations authorized to conduct criminal proceedings or investigations or by penal institutions during or prior to criminal proceedings in connection with a crime or criminal proceedings;
  5. data of public interest shall mean information or data other than personal data, registered in any mode or form, controlled by the body or individual performing state or local government responsibilities, as well as other public tasks defined by legislation, concerning their activities or generated in the course of performing their public tasks, irrespective of the method or format in which it is recorded, its single or collective nature; in particular data concerning the scope of authority, competence, organisational structure, professional activities and the evaluation of such activities covering various aspects thereof, the type of data held and the regulations governing operations, as well as data concerning financial management and concluded contracts;
  6. data public on grounds of public interest shall mean any data, other than public information, that are prescribed by law to be published, made available or otherwise disclosed for the benefit of the general public;
  7. consent shall mean any freely and expressly given specific and informed indication of the will of the data subject by which he signifies his agreement to personal data relating to him being processed fully or to the extent of specific operations;
  8. objection shall mean a declaration made by the data subject objecting to the processing of his/her personal data and requesting the termination of data processing, as well as the deletion of the data processed;
  9. controller shall mean natural or legal person, or organisation without legal personality which alone or jointly with others determines the purposes and means of the processing of data; makes and executes decisions concerning data processing (including the means used) or have it executed by a data processor;
  10. data processing shall mean any operation or the totality of operations performed on the data, irrespective of the procedure applied; in particular, collecting, recording, registering, classifying, storing, modifying, using, querying, transferring, disclosing, synchronising or connecting, blocking, deleting and destructing the data, as well as preventing their further use, taking photos, making audio or visual recordings, as well as registering physical characteristics suitable for personal identification (such as fingerprints or palm prints, DNA samples, iris scans);
  11. data transfer shall mean ensuring access to the data for a third party;
  12. disclosure shall mean ensuring open access to the data;
  13. data deletion shall mean making data unrecognisable in a way that it can never again be restored;
  14. tagging data shall mean marking data with a special ID tag to differentiate it;
  15. blocking of data shall mean marking data with a special ID tag to indefinitely or definitely restrict its further processing;
  16. data destruction shall mean complete physical destruction of the data carrier recording the data;
  17. data processing shall mean performing technical tasks in connection with data processing operations, irrespective of the method and means used for executing the operations, as well as the place of execution, provided that the technical task is performed on the data;
  18. data processor shall mean any natural or legal person or organisation without legal personality processing the data on the grounds of a contract, including contracts concluded pursuant to legislative provisions;
  19. data source shall mean the body responsible for undertaking the public responsibility which generated the data of public interest that must be disclosed through electronic means, or during the course of operation in which this data was generated;
  20. data disseminator shall mean the body responsible for undertaking the public responsibility which uploads the data sent by the data source it has not published the data;
  21. data set shall mean all data processed in a single file;
  22. third party any natural or legal person, or organisation without legal personality other than the data subject, the data controller or the data processor;
  23. EEA Member State any Member State of the European Union and any State which is party to the Agreement on the European Economic Area, as well as any State the nationals of which enjoy the same legal status as nationals of States which are parties to the Agreement on the European Economic Area, based on an international treaty concluded between the European Union and its Member States and a State which is not party to the Agreement on the European Economic Area;
  24. third country any State that is not an EEA State;
  25. binding corporate rules shall mean internal data protection rules adopted by a data controller or a group of data controllers operating in multiple countries, at least in one EEA Member State, and approved by the National Authority for Data Protection and Freedom of Information (hereinafter referred to as Authority) binding upon the data controller or group of data controllers that, in case of a data transfer to third countries, ensures the protection of these data by unilateral commitment of the respective controller or group of controllers;
  26. data incident shall mean the unlawful processing or process of personal data, in particular the illegitimate access, alteration, transfer, disclosure, deletion or destruction as well as the accidental destruction or damage.

3. ORGANIZATIONAL DATA

SIC Hungary Kft. data and contact information:

Name: SIC Hungary Kft.
Legal headquarters: 3060 Pásztó, Mária tanya 2.
Tax No.: 11211084-2-12
Registration No.: 12-09-002809
Tel.: info@sickft.hu
Email: +36 32 563 040
Data controllers representative: Michel Albert Viktor Alliance

4. SETS OF PERSONAL DATA – PURPOSE, SUBJECT AND DURATION OF DATAPROCESSING

As leading member of the rubber manufacturing industry in the Central European region, SIC Hungary Kft. manufactures unique quality in-house rubber products, as well as providing specialized product development and individual manufacturing solutions to companies.

Legal bases of data management applied by SIC Kft

  1. Consent – The data subject can give consent following form: in writing, in the form of a statement consentiung to data processing, by electronic means – clearly indication of consent to the intended processing of his or her personal data.
  2. Contractual performance – necessary for the performance of a contract in which the party concerned is required to take steps at the request of one of the parties or before the conclusion of the contract.
  3. Fulfillment of a legal obligation or protection of the vital interests of the data subject or another natural person – The legal basis for data processing in case of fulfillment of a legal obligation is determined by law, so the data subject’s consent is not required for the processing of his/her personal data. The data controller is obliged to inform the data subject about the purpose, legal basis and duration of the data processing, about the person of the data controller, as well as about his/her rights and legal remedies.

To achieve its goals and to support its production and commercial activities SIC Kft. performs the following purpose limited data processing activities:

4.1 Official website

a) Website messaging

Sending and receiving messages: SIC Kft. uses a web-based messaging service to answer the information requested by website visitors, to receive RFQs and / or to handle complaints, during which the parties concerned must indicate – in addition to the name and company name – telephone and e-mail their contact details. Automated outgoing messages are also enabled messages to  clients in order to provide detailed information about the processing level of their order.
Purpose of processing: 

  • identification and registration of our customers,
  • recording customer needs for an accurate quotation,
  • informing our customers and providing marketing-services,
  • to provide a fluent service, handling of warranty, complaints or repair needs, – to improve our services and work processes;

Legal basis for data processing: 

  • Article 6 (1) (a) of the GDPR and Info. Law 5§ (1) a) on voluntary consent of the data subject (user) on processing their data.
    Scope of personal data:

    • name
    • company name
    • telephone number
    • e-mail address

Data retention period: 

  • until the withdrawal of the voluntary consent

Possible consequences of unperformed data collection:

  • Without providing data, no order or complaint can be accepted, no substantive information can be provided.

Recipients of personal data: The data processed by the data controller shall not be disclosed to third parties except the data processor (s) indicated in points 5 and 7. Recorded data can only be accessed by the data controllers employees and by the dedicated staff of the data processor(s).

Data subjects affected by data processing: Visitors using the website messaging service

Location of data processing and retention: In the SIC mail system (by the messaging function)

b) Cookies

Cookies: Visitors can view the official website without providing any personal information. However, during use, technical data that is not directly related to a natural person may be collected. It is widely used to make the operation of websites and web services efficient.

Purpose of processing: 

  • The purpose of cookies is to record information about user habits associated with a website, internet settings of a given device (PC, tablet, phone) or visit duration, providing statistical basis for the improvement of user experience, optimal operation and/or functionality or personalized user-friendly browsing. Data is collected in anonymous or aggregated form, which makes it extremely difficult to identify individual devices or users. Cookies are used on a voluntary basis.

Legal basis for data processing: 

  • Article 6 (1) (a) of the GDPR on voluntary consent of the data subject (user) on processing their data.

Scope of personal data: see table

Data retention period: see table

Possible consequences of unperformed data collection:

Should the user not wish to consent to such data management, he or she may disable the use of cookies by using the offered configuration options.

Recipients of personal data: The data processed by the data controller shall not be disclosed to third parties except the data processor (s) indicated in points 5 and 7. Recorded data can only be accessed by the data controllers employees and by the dedicated staff of the data processor(s).

Data subjects affected by data processing: Website visitors 

Location of data processing and retention: Users web-browser (cookies) 

 

Cookie type

Purpose

Storage time

Lanuage information

Storing language information 

1 year

Login information

Storing login information when a user enters a page (2x cookies with the same

content)

Clears on closing the site or

2 weeks if the user activates the “Remind me” feature

Google Analytics tracking

Number of visitors

2 years

Google Analytics throttle info

Facilitating the visitor count process 

10 mins.

 

c) Webstatistics

Purpose processing

  • Online advertising based on data from statistical analyzes for marketing purposes using Google, Facebook and Youtube. During use, technical data may be processed which cannot be directly contacted by a specific natural person.

Legal basis for data processing

  • Article 6 (1) (a) of the GDPR on voluntary consent of the data subject (user) on processing their data.

Scope of processed data

  • time of visit,
  • address of visited page,
  • referenced paged (where visitor originate from),
  • visitors IP-address,
  • visitors browser-header (aka. user agent), which contains the type and version of the client operation system and internet browser.

Data retention period: 

  • Personal data is processed on a purpose-based principle until the withdrawl of voluntary consent by the data subject.

Possible consequences of unperformed data collection:

Reduced level of online services or failure to provide online service.

Recipients of personal data: The data processed by the data controller shall not be disclosed to third parties except the data processor (s) indicated in points 5 and 7. Recorded data can only be accessed by the data controllers employees and by the dedicated staff of the data processor(s).

Data subjects affected by data processing: Website visitors  Location of data processing and retention:  

  • In webserver logs (through web traffic logging)

Data processors used in connection with the official website: 7.6 / a) – e).

 

Content and Copyright:

The content of the official website of SIC Hungary Kft. is protected by copyright. The form and content of the website, including any pictorial, textual or other information elements may be only used or reproduced with the prior written permission of SIC Kft. as the rightful owner. SIC Kft. is the author and responsible editor of the entire website as a collected work, however, its rights do not affect the independent rights of the authors of the selected works.

The official website may contain links to other content. SIC Kft. assumes no responsibility for the content of these pages, the information contained therein, the software or any other product, services or consequences of their use, or their privacy and data processing policies.

The company assumes no liability for any damage resulting from visiting its official website.

4.2 Security cameras

SIC Kft. operates outdoor and indoor cameras at its premises for security, industrial safety and occupational safety purposes. Information boards at the entrance of the company premises and at the factory buildings informs visitors and employees about the presence of security cameras and about the fact that their image is recorded, as well as the data processings principles and practices regarding these records.

Purpose of processing: 

  • Property and personal protection

Legal basis for data processing:

  • It is in the legitimate interest of SIC Kft. to monitor the activities of persons entering its premises – for property protection and personal safety concerns – and to be able to prove any illegal activity in the court of law or in other legal proceedings according to GPDR article 6., paragraph (1), point d).

Scope of personal data:

  • Personal image

Data retention period: 

  • 21 days from the time of recording

Possible consequences of unperformed data collection:

The scope of operational security, the chances for gathering evidence and legal remedy would be significantly reduced. Conversely, this would increases the risk of material damage and personal injury, whether intentional damage, theft or general workplace and operational safety.

Recipients of personal data: The data processed by the data controller shall not be disclosed to third parties except the data processor (s) indicated under 5. Recorded data can only be accessed by the data controllers employees and by the dedicated staff of the data processor(s).

Data subjects affected by data processing: Visitors of SIC Kft. premises and employees. Location of data processing and retention: Digital image recorder images

4.3 Invoice issuance and receipt

SIC Kft. manages the data of the natural persons in contractual relations based on legal obligation set out in the provisions on accounting practices.

Purpose of processing: 

  • Issuance of invoice for the customer, compliance with legal requirements; During billing, SIC Kft. will issue a paper invoice to the customer.
  • Receiving an invoice from the issuer, compliance with legal requirements; SIC Kft. will receive and accept paper and electronic invoices.

Legal basis for data processing: 

  • GPDR article 6., paragraph (1), point b) – necessary for the performance of a contract
  • GPDR article 6., paragraph (1), point c) – necessary for compliance with a legal obligation
    – Act C. of 2000. on Accounting, 166. § (1)
    Scope of personal data:

    • Buyers name on invoice
    • Buyers address
    • Sellers name on invoice
    • Sellers address
    • TAX ID
    • Bank account number
    • Contact information (e-mail and telephone number)
  •  Data retention period:
    • According to 78. § (3) of the Act on the Rules of Taxation (Act CL of 2017), 5 years.
    • According to 169. § (2) of Act C. of 2000. on Accounting – 8 years from invoice issuance

Possible consequences of unperformed data collection: An invoice cannot be issued without the required data.

Recipients of personal data: The data processed by the data controller shall not be disclosed to third parties except the data processor (s) indicated under 5. Recorded data can only be accessed by the data controllers employees and by the dedicated staff of the data processor(s).

Data subjects affected by data processing: Data subjects for whom an invoice is issued or data subjects from whom an invoice is accepted from the data controller.

Location of data processing and retention: The records shall be kept in electronic and paper form in Accounting.

The employees of SIC Kft., tasked with invoicing and accounting are authorized to access and process personal data.

4.4 Employment

SIC Kft. contracts employees for maufacturing, commercial, logistics, quality assurance, security, infocommunication, administrative, and other services. Personal data of the employees’ is processed within the legal frames of employment. Employer’s rights are exercised by the managing director of the company.

Purpose of processing: Fulfillment of obligations arising from legal employment and exercise of rights arising from establishing and termination of employment. In addition, to complete payrolling, billing, invoicing, payments and the necessary filing and payment of taxes according to the terms of the contract.

Legal basis for data processing: 

  • GPDR article 6., paragraph (1), point c) – necessary for compliance with the legal obligation to Act I. of 2012. on the Labour Code 10. § (1) and (3) and also 11. § (1) and (2);
  • Act LXXXI of 1997. on social security pensions. 99/A §

Scope of personal data:

  • Name
  • Place and date of birth
  • Mothers maiden name
  • Residential address
  • Social Security Number
  • TAX ID
  • Bank account number
  • Highest education
  • Motor vehicle information
  • Contact information (e-mail and telephone number)
  • Salary/wage
  • Sum of wage related deductions and taxes
  • Bank account number of the holder of deductions and foreclosures
  • Names and social security numbers of children and dependents;  Name and contact details of the nearest relative to be notified.
  • Act LXXXI of 1997. on social security pensions. 99/A § “for five years after reaching the retirement age for (…) the insured.”

Data retention period: 

  • According to 78. § (4) of the Act on the Rules of Taxation (Act CL of 2017) – 5 years.
  • According to 169. § (2) of Act C. of 2000. on Accounting – 8 years from invoice issuance
  • Act LXXXI of 1997. on social security pensions. 99/A § “for five years after reaching the retirement age for (…) the insured.”
  • According to the Act LXVI of 1995. Public Records, records of permanent value must be retained until transfered to the Public Archives.

Possible consequences of unperformed data collection: Without the data, a legal employment status is not possible. 

Recipients of personal data: The data processed by the data controller shall not be disclosed to third parties except the data processor (s) indicated in points 5 and 7. Recorded data can only be accessed by the data controllers employees and by the dedicated staff of the data processor(s).

Data subjects affected by data processing: Employees of SIC Kft.

Location of data processing and retention: 

Employment records/documents such as employment contracts, certificates, time- sheets, tax declarations, declaration forms, payslips and payroll summaries are kept in the Accounting files.

In accordance with the legal provisions determining the tax regime, SIC Kft. submits an electronic return on a monthly basis until the 12th day of the month following the relevant month on all taxes, contributions and mandatory data related to payments and benefits to natural persons resulting in tax and / or social security obligations.

The data management is performed by SIC Kft. employess responsible for payrolling and accounting. Data in connection with the fulfillment of tax and contribution obligations is processed in accordance with legal provisions on taxation for the prescribed period and limits.

4.5 Company information, bodies and ownership

Purpose of processing: Data recording and reporting obligations under the Act V of 2006, directed at senior officers, members of the supervisory board, senior management, and employees of the organization who are authorized signatories and have authorized access to the company bank account.

Legal basis for data processing: 

  • GPDR article 6., paragraph (1), point c) – necessary for compliance with a legal obligation
  • Act V of 2006 on Public Company Information, Company Registration and Winding-up Proceedings 27. § (3); Scope of personal data:
    • Name
    • Address
    • Place and date of birth
    • Mothers maiden name
    • Residential address
    • Contact information (e-mail and telephone number)

Data retention period: 

According to the Act V. of 2006., until termination of membership;

Possible consequences of unperformed data collection: necessary to comply with legal obligation;

Recipients of personal data: The data processed by the data controller shall not be disclosed to third parties except the data processor (s) indicated under 5. Recorded data can only be accessed by the data controllers employees and by the dedicated staff of the data processor(s). Data subjects affected by data processing: senior executives, members of the supervisory board, senior employees, and employees who are authorized signatories for the company and/or have the right to dispose over the company bank account.

Location of data processing and retention: Articles of Association, Register of Members, minutes and notes of meetings, declarations, authorizations.

4.6 Contracts and agreements

SIC Kft., as Data Controller, maintains contact and communicates with respective partner organizations during the preparation, or finalization of contractual relations through designated contact persons. The prerequisite for this process is the identification of the legal representative(s) and authorized contact person(s) concerned and the verification of their procedural authority.

Purpose of processing: Identification of the legal representative(s) and authorized contact person(s) concerned and the verification of their procedural authority necessary to maintain contractual relations which define the operation of the organization and the performance of its tasks.

Liaison with the natural person of the contractor, enforcement of claims arising from the contract and fulfillment of obligations arising from the contract.

Legal basis for data processing: 

  • GPDR article 6., paragraph (1), point b) – necessary for the performance of a contract
  • GPDR article 6., paragraph (1), point c) – necessary for compliance with a legal obligation
    – Act C. of 2000. on Accounting, 166. § (1) 

Scope of personal data:

For contact persons, name, contact details and for legal representatives the following data is necessary for identification:

  • Name
  • Residential address
  • TAX ID. / TAX No.
  • Personal ID card number
  • Place and date of birth
  • Mothers maiden name
  • Contact information (e-mail and telephone number)

Data retention period: 

  • According to 78. § (4) of the Act on the Rules of Taxation (Act CL of 2017), 5 years.
  • According to the Act LXVI of 1995. Public Records, records of permanent value must be retained until transfered to the Public Archives.

Possible consequences of unperformed data collection: The provision of data is subject to the conclusion of the contract.

Recipients of personal data: The data processed by the data controller shall not be disclosed to third parties except the data processor (s) indicated under 5. Recorded data can only be accessed by the data controllers employees and by the dedicated staff of the data processor(s). Data subjects affected by data processing: With whom SIC Kft. concludes an agreement or contract

Location of data processing and retention: On on-site company server in electronic format.

4.7 Quotations

Data processing related to price calculation requests (quotations)

Purpose of processing: Contact information is necessary to make and provide price calculation. 

Legal basis for data processing: 

  • GPDR article 6., paragraph (1), point a) – prior voluntary consent;

Scope of personal data processed:

  • Name of the organization or person
  • Headquarters and / or location
  • Shipping, mailing address
  • Tax number
  • Contact name, email address, phone number

Data retention period: Until the withdrawl of voluntary consent by the data subject.

Possible consequences of unperformed data collection: failure of the information service

Recipients of personal data: The data processed by the data controller shall not be disclosed to third parties except the data processor (s) indicated under 5. Recorded data can only be accessed by the data controllers employees and by the dedicated staff of the data processor(s).

Data subjects affected by data processing: customer(s) requesting information.

Location of data processing and retention: 

On on-site company server in electronic format.

Quotations (electronic) spreadsheet

4.8 Job applications

Management of personal data contained in CVs, motivation letters and related documents submitted in for job application are necessary to determine the suitability of the applicant and for conclusion of the employment contract.

In case the applicant is rejected, the applications will be retained for 2 years from the date of application.  

Purpose of processing:

  • Assessing the application, determining the suitability to perform the job, as well as concluding the employment contract and keeping in touch with the candidate. Legal basis for data processing:
  • GPDR article 6., paragraph (1), point a) – prior voluntary consent; Scope of personal data:
    • Photo – personal image
    • Name
    • Place and date of birth
    • Mothers maiden name
    • Residential address
    • Qualifications and grades
    • Professional experience
    • Contact information (e-mail and telephone number)

Data retention period: 

  • Based on voluntary consent, for 2 years begining from the date of the job application. Possible consequences of unperformed data collection: The provision of the data is a prerequisite for assessing the applicant’s abilities and concluding the employment contract. Recipients of personal data: The data processed by the data controller shall not be disclosed to third parties except the data processor (s) indicated under 5. Recorded data can only be accessed by the data controllers employees and by the dedicated staff of the data processor(s). Data subjects affected by data processing: Job applicants Location of data processing and retention: 

On on-site company server in electronic format.

The purpose of processing the personal data of an applicant who withdraws his / her application before the evaluation of the application is voided at the moment of the withdrawal of the application and therefore his / her personal data must be deleted without delay.

There is no obligation to delete personal data if the applicant expressly consents to the continuined processing of his / her personal data after being notified of his/her unsuccessful application. The personal data will be stored so SIC Kft can notify him/her about future job opportunities.

4.9 Marketing and promotional images

SIC Kft. produces short films and video recordings of its manufacturing process for marketing and promotional purposes, which may contain identifiable personal images of employees. Records are taken occasionally, once every 5-8 years, with the involvement of a subcontractor.

The pictures and videos will be displayed on the company’s official website, Youtube channel and Facebook page in a way that is accessible to the public.

Purpose of processing:

  • The purpose of data processing is the marketing/promotion of the company’s activities

Legal basis for data processing: 

  • GPDR article 6., paragraph (1), point a) – prior voluntary consent;

Scope of personal data:

  • Photo – personal image

Data retention period: 

  • Until the withdrawl of voluntary consent

Possible consequences of unperformed data collection

Failure to conduct multimedia marketing and promotional activities. 

Recipients of personal data: Data shall only be communicated to data processor (s) indicated in points 5 and 7/b. for editorial purposes and made available to the public in the form of short films and visuals;

Data subjects affected by data processing: employees of the organization Location of data processing and retention: 

Electronically on the corporate IT systems data storage of the Data Controller at its headquarters and at the data processor, as well as on the official website of the Data Controller, on its Youtube channel and Facebook page.

4.10 Newsletter

The purpose of the data processing regarding corporate newsletters is to inform the recipient in a general or in a personalized manner about the latest actions, events, news of the data controller and to notify about changes or outages in the provided services.

Purpose of processing: to provide general or personalized information to the data subject. Legal basis for data processing: GPDR article 6., paragraph (1), point a) – prior voluntary consent;

Scope of personal data:

  • e-mail address
  • name
  • method and time of addition
  • time of last data change

Data retention period: Until the data subject unsubscribes from the newsletter list.

Possible consequences of unperformed data collection: failure to provide information services. 

Recipients of personal data: The data processed by the data controller shall not be disclosed to third parties except the data processor (s) indicated in points 5 and 7. Recorded data can only be accessed by the data controllers employees and by the dedicated staff of the data processor(s).

Data subjects affected by data processing: Subscribers, users of the newsletter service. Location of data processing and retention: Electronic newsletter address-list

Recipients can unsubscribe from the newsletter at any time by using the link at the bottom of the emails, or by sending an email to info@sickft.hu.

5 DATA TRANSFER AND DATA TRANSMISSION

5.1 Data transfer is a data processing operation in which SIC Kft. as the data controller or data processor, according to the appropriate legal basis, transmits personal data to external private or legal persons, supervisory body, in a specific manner and through a storage medium, on a regular basis, to a data controller (hereinafter data receiver).

5.2 Authorities, public bodies, courts may contact the Kft. for the purpose of requesting communication of personal data. Our company transfers personal data to these bodies – provided that the body concerned indicates the exact purpose and scope of the data – only to the extent that it is indispensable to achieve the purpose of the request and only if compliance is required by law.

5.3 Data transfer requests from other bodies, organizations or individuals can only be complied with if the person concerned provides the requestor with a notarized written authorization or a private document with full evidentiary force. The data subject may grant such an authorization in advance, which may apply for a specific time period and for a specific range of people seeking information.

5.4 Data transmission and transfer is recorded in the data transfer record (electronic table).

6 TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS

SIC Kft. does not transmit the processed personal data to any third country or other international organization.

 

7 REQUISITION OF INFORMATION ABOUT DATA PROCESSOR

7.1 When contracting an external data processor, the rights and obligations of the data processor in relation to the processing of personal data shall be determined by SIC Kft., as a data controller, in accordance with the Information Act of 2011, the GDPR and sectoral legislation on data processing. The SIC Kft. is fully responsible for the legality of the instructions it issues.

7.2 Agreements on data processing shall be made in writing. Organizations which have direct business interest in the usage of the processed personal data cannot be entrusted with data processing. The selected data processor may not use another data processor when performing its activities.

7.3 Data processors: 

a) Webhosting

Name: Viacom Informatikai Kereskedelmi és Szolgáltató Kft.

Address 2225 Üllő, Gyár utca 8.

Company Registration no.: 13-09-109794

Tax no.: 13810359-2-13

Viacom Ltd. provides web server hosting services, ensuring the reliable operation of the hardware and software frameworks serving as the platform of the website. Viacom, as a service provider, provides automated server logging for security and quality reasons.

b) Online marketing

Name: Industrial Marketing Kft.

Address: 3065 Pásztó, Alkotmány út 78.

Company Registration no: 12-09-011090

Tax no.: 28733311-2-12

Website traffic measurement, statistics, and Google Analytics and Adwords remarketing are all done by Industrial Marketing.

c) Website

Name: WEBBEN DESIGN Kft.

Address: 3200 Gyöngyös, Kossuth Lajos utca 20. 3. ép. mfsz 2.

Company Registration no.: 10-09-032025

Tax no.: 23411322-2-10

The website is maintained and developed by WEBBEN Kft.

d) Webstatistics

Name: Lead Forensics Ltd

Address: 3000 Lakeside, North Harbour, Hampshire, PO6 3EN

Company Registration no.: 7158006

Tax no.: GB111 315 182

Lead Forensics measures the traffic to our website and compiles statistics.

e) IT solutions

Name: Infosector Kft.

Address: 2013 Pomáz, Kond utca 14.

Company Registration no.: 14280597-2-13

Tax no.: 13-09-119475

Infrastructure development, delivery of hardware and software tools, technical supervision, user support.

f) Accounting Auditor

Name: CZ-CONTROLL Kft.

Address: 1133 Budapest, Visegrádi u. 76. 3.em.1.

Company Registration no.: 01-09-707854

Tax no.: 11205319-2-41

Audit of annual report, issuance of accounting auditor’s report.

8 METHODS FOR STORING PERSONAL DATA, SECURITY OF DATAMANAGEMENT

8.1 The technical (physical, logical) and organizational solutions for data protection are detailed within the information security regulations.

Our organization’s data processing information systems are located at the premises of our headquarters. SIC Kft. – in accordance with its information security regulations – selects and manages its IT tools for personal data management, so that the processed data is:

  1. available to the authorized personal (availability),
  2. credibile and authentic (credibility of data management),
  3. of verifiable integrity (data intergrity),
  4. protected against unauthorized access (data confidentiality).

8.2 Data is protected by appropriate measures, particularly against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against unavailability due to accidental damage or technical changes.

8.3 The IT system and network of SIC Kft. is protected against computer-aided fraud, malware, intrusion and denial of service attacks.

9 DATA PROTECTION INCIDENT MANAGMENT

9.1 A data protection incident is the unlawful processing of personal data which, if not addressed promptly, could material or non-material damage to the data subjects involved. Incidents may result in the loss of control over their personal data, restrictions of their rights, in discrimination and / or in the misuse of their identity.

9.2 In the event of a data protection incident, there is a data controller obligation to report the incident to the National Authority for Data Protection and Freedom of Information as supervisory authority. 

9.3 In accordance with its legal obligations SIC Kft: 

  • Notifies the Authority without undue delay, but no later than 72 hours after the occurrence of the data protection incident;
  • In the event of an incident, prompt action is taken to minimize risks and prevent damages;
  • Shall inform the persons concerned without delay if a data protection incident is likely to pose a high risk to the rights and freedoms of a data subjects in order to take the necessary precautions;
  • Records the data protection incident in the electronic Incident Log.

9.4 Incident Log

In an event of an incident SIC Kft. logs data for the purpose of auditing and informing the concerned data subject. These records contain: scope of affected personal data, scope and number of data subjects involved, the date, circumstances, effects, protective measures and other data according sectorial data managment provisions and regulations.

10 RIGHTS OF DATA SUBJECTS, LEGAL REMEDIES

10.1 The data subject can:
  1. request information regarding their personal data,
  2. request access to their personal data,
  3. request their rectification,
  4. request their erasure,
  5. request a restriction on the processing of their personal data,
  6. object to the processing of their personal data,
  7. exercise the right to data portability;

I. Right to information:

SIC Kft. shall take all appropriate measures to ensure that all information on personal data processing, referred to in Articles 13-14. of the GDPR, and according to Article 15-22. and 34. in a concise, transparent, comprehensible and easily accessible form, in a clear and straightforward, but precise manner.

The right to information can be exercised in writing through the contact details given under section 3. At the request of the data subject – after verifying his/her identity – information may be given verbally. 

We inform our clients that if our associates have any doubt about the identity of the data subject, we may request information to confirm the subject’s identity.

II. Right to access:

The data subject has the right to be informed by SIC Kft. as data controller about whether his personal data is being processed. If personal data processing is in progress, the data subjects has the right to have access to it and the information listed below.

  • Purpose of data processing;
  • Scope of personal data;
  • the categories of recipients or recipients with whom personal data will be communicated or disclosed;
  • planned personal data retention period;
  • Information concerning the data source; the fact of automated decision making, including profiling, as well as the logic used and the comprehensible information on the significance of such data management and the likely consequences for the data subject.

In addition, in the event of the transfer of personal data to a third country or to an international organization, the data subject shall have the right to be informed of appropriate guarantees regarding the transfer.

III. Right to rectification:

Anyone has the right to request the rectification of their inaccurate personal data processed by SIC Kft.  and also to request its completion if incomplete.

IV. Right to be forgotten / Right to erasure:

  1. The data subject has the right, on any of the following grounds, to request the deletion of his/her personal data without undue delay if:
    1. personal data are no longer required for the purpose from which they have been collected or otherwise processed;
    2. the data subject withdraws the consent for processing and the data controller does not have any other legal basis for data processing;
    3. the data subject is objecting to the data processing and there is no legitimate reason with higher legal priority for data processing;
    4. the unlawful processing of personal data can be established;
    5. the personal data are to be deleted in order to comply with the legal obligation imposed upon the data controller by Union or Member State law;
    6. the collection of personal data is in connection with the provision of information society services.

 

  1. Data deletion can not be initiated if data processing is required for any of the following purposes:
    1. to exercise the right to freedom of expression and the right to information;
    2. the fulfillment of a legal obligation under EU or State law applicable to the data controller, or for the performance of a task carried out in the public interest or in the excercise of official authority vested in the controller;
    3. for public health or archaeological, scientific and historical research, statistical purposes in the public interest;
    4. for the submission, validation or protection of legal claims.

V. Right to restriction of data processing:

Upon the request of the data subject we restrict data processing according to existing conditions under Article 18. of the GDPR, therefor if:

  1. the data subject disputes the accuracy of the personal data; in this case, the restriction concerns the period of time which allows the accuracy of the personal data to be verified;
  2. the data processing is unlawful and the data subject is opposed to the deletion, instead requests the processing be restricted;
  3. SIC Kft. as data controller no longer in need of the personal data for processing, but the data subject requires them to submit, enforce or protect legal claims; or
  4. the data subject objected to the data processing; in this case, the restriction applies to the duration of determining whether the data controller’s legitimate reasons prevail over the legitimate interests of the data subject.

If data processing is restricted – with exception of storage – personal data may only be processed with the consent of the person concerned or with the purpose of protecting the submission and enforcement of legal claims or other rights of a natural or legal person, or in the public interest of the European Union or a Member State. The data subject shall be informed in advance about the lifting of the data processing restriction.

VI. Right to data portability:

The data subject shall have the right to receive their personal data which they provided to the data controller, in a structured, commonly used machine-readable format and have the right to transmit those data to another controller(s). SIC Kft. can comply with such requests by providing the data in MS *.doc(x) or *.xls(x) format.

VII. Right to object:

The data subject(s) shall have the right to object, on grounds relating to their particular situation, at any time to processing of personal data. Where the data subject objects to processing based on legitimate grounds the personal data shall no longer be processed for such purposes. 

VIII. Right to withdraw consent:

The data subject concerned has the right to withdraw his consent at any time. The withdrawl of consent does not affect the lawfulness of the data processing prior to the withdrawal.

10.2 Procedural deadlines
  • 10.2.1 SIC Kft. as data controller shall provide information on action taken upon a request under Articles 15 to 22 the GDPR to the data subject without undue delay and in any event within one month of receipt of the request. If the data subject makes the request in electronic form or by electronic means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.
  • 10.2.2 If the information cannot be communicated to the data subject within 15 days, given the complexity and the number of requests, SIC Kft. will notify the data subject specifying the reasons for the delay and provide the information requested within 25 days. Requests of data subjects to enforce rights will be executed free of charge.
  • 10.2.3 If the Kft. as data controller does not take action upon the request of the data subject, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
  • 10.2.4 The Kft. as data controller informs all concerned recipients of any data rectification, deletion or limitation unless it proves impossible or requires disproportionate effort. The data subject is informed about the recipients if requested.
  • 10.2.5 Without the breach of Article 11 of the Regulation, if the controller has reasonable doubts about the identity of the natural person (of Articles 15 to 21 of the Regulation) submitting the application pursuant to Article 1, he may request the provision of additional information necessary to confirm the identity of the data subject.
10.3 Compensation and liability

Any person who has suffered material or non-material damage as a result of a violation of the Data Protection Regulation is entitled to compensation for the damage sustained by the data controller or the data processor. The data processor shall only be held liable for damages caused by data processing if it has not complied with the statutory obligations specifically imposed on the data processor or if the data controller’s legitimate instructions have been disregarded or contravened. If several data controllers or multiple data processors or both the data controller and the data processor are involved in the same data processing and are responsible for the damage caused by the data processing, each data controller or data processor is jointly and severally liable for the total damage.

The data controller or data processor shall be exempt from liability if it can prove that it was not responsible in any way for the event(s) giving rise to the damage.

10.4 Right to court and Data Protection Authority procedure

In the event of a request for rectification, erasure or restriction, the controller shall inform the data subject of the possibility of a judicial remedy and of recourse to the Authority.

Complaints can be lodged with the National Authority for Data Protection and Freedom of Information:

Nemzeti Adatvédelmi és Információszabadság Hatóság 1125 Budapest, Szilágyi Erzsébet fasor 22/C Mail: 1530 Budapest, Pf.: 5.

Tel.: +36-1-391.1400

E-mail ugyfelszolgalat@naih.hu

Date: Pásztó, 2021. 05. 03.

Producing Rubber Beyond Imagination Since 1936
Tell us about the rubber part you need. We deliver it to you. Partner up with Sic! We reply to all enquiries quickly.