DATA PROTECTION AND PRIVACY NOTICE

Please read this Notice carefully in order to understand how we process your personal data and to become familiar with your rights related to data protection.

The Privacy Policy and Terms and Conditions extract will be sent via email if you contact us by email.

When drafting the provisions of this Notice, Szabadulás Kaland Limited Liability Company (hereinafter referred to as the Company) paid particular attention to the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation or GDPR), Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (Infotv.), and Act V of 2013 on the Civil Code (Civil Code).

As a data controller, the Company respects the privacy of all individuals who provide personal data to it and is committed to protecting such data. Pursuant to Article 13 of the General Data Protection Regulation (Regulation (EU) 2016/679, hereinafter: GDPR), the Company provides the following information:

---

Data Controller Details

Company name:
Szabadulás Kaland Limited Liability Company

Registered office:
1155 Budapest, Csajág utca 4., Hungary

Website:
www.szabaduloszobagyor.hu

Telephone:
+36 20 219 0153

Email:
info@szabaduloszobagyor.hu

---

Data Protection Officer

Pursuant to Article 37 of the GDPR, the data controller is not obliged to appoint a Data Protection Officer.

---

Data Protection Requests

If you have any requests or questions regarding data processing, you may submit your request by post or electronically to the following addresses:
1155 Budapest, Csajág utca 4., Hungary
or via email at: info@szabaduloszobagyor.hu

We will respond without undue delay, but no later than within 30 days, to the address you specify.

---

Data Processing Activities

Data processing takes place in relation to payroll, accounting, auditing, and occupational health basic services.

---

International Data Transfers

No transfer of personal data to foreign countries takes place.

---

Purposes of Data Processing

The data controller processes personal data for the following purposes in accordance with applicable legislation:

• processing the data of users of services related to the Company’s main activity for the purpose of fulfilling legal obligations and maintaining customer relationships;
• processing personal data of employees and job applicants;
• processing contact details of partners’ representatives;
• fulfilling customer orders;
• facilitating internal administration.

---

Legal Bases for the Processing of Personal Data

The processing of your personal data is based on the following legal grounds:

• issuance of invoices in accordance with accounting legislation:
  legal basis: Article 6(1)(c) GDPR;
• communication and contact management:
  legal basis: Article 6(1)(f) GDPR.
  In the case of data relating to employees or representatives of partners, processing is based on a balancing of legitimate interests.
  Legitimate interest: continuity of business operations;
• processing of employees’ personal data:
  legal basis: Article 6(1)(b) and (c) GDPR;
• processing of contractual partners’ data:
  legal basis: Article 6(1)(b) GDPR;
• marketing activities:
  legal basis: Article 6(1)(a) GDPR.
  A Facebook page is operated for marketing purposes; however, no separate database is created and no profiling is carried out;
• online registration:
  legal basis: Article 6(1)(a) GDPR.

---

Duration of Data Processing

• Invoices are retained for at least eight (8) years due to legal obligations.
  Documents underlying invoice issuance are also retained for eight (8) years.
• Documents related to employment relationships are retained for fifty (50) years.
• Data provided for contact purposes are retained for a maximum of one (1) year following the termination of the relationship.
• Data related to contract performance are retained for five (5) years.

---

Data Subject Rights

Data subjects have the rights defined by applicable legislation in relation to their personal data.

These rights include:

• the right of access (to obtain information on whether personal data processing is taking place);
• the right to rectification if data are inaccurate or outdated;
• the right to erasure (applicable only in the case of processing based on consent);
• the right to restriction of processing;
• the right to object to the use of personal data for direct marketing purposes;
• the right to allow or prohibit the transfer of personal data to third-party service providers;
• the right to request a copy of any personal data processed by the data controller; and
• the right to object to the processing of personal data.

---

Legal Remedies

In Hungary, the data protection supervisory authority is the National Authority for Data Protection and Freedom of Information
(1125 Budapest, Szilágyi Erzsébet fasor 22/C, Hungary)
Email: ugyfelszolgalat@naih.hu

Judicial remedy:
Data protection disputes fall within the jurisdiction of the competent court. Proceedings may be initiated, at the choice of the data subject, before the court having jurisdiction over the data subject’s place of residence or place of stay.

---

Final Provisions

This Notice and any amendments thereto shall enter into force upon publication on the website www.szabaduloszobagyor.hu.
Szabadulás Kaland Limited Liability Company, as the data controller, reserves the right to amend this Notice at any time.