Tel: +36-24-898-257 | E-mail:
Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein!
| Adresse: Fő út 162., H-2330 Dunaharaszti
Das Unternehmen hat sich als ein Dienstleister für fremdsprachige Kommunikation im Mai 2009 geformt.
DATA HANDLING AND DATA SECURITY REGULATION OF M&M TRANSLATION SERVICES KFT.
M&M Translation Services Kft.
M&M Translation Services Kft. (Company registration number: Cg. 13-09-128970, registered seat: 2335 Taksony, Dózsa György utca 14/B., represented by: Mátyás Tamás Kreisz, Managing Director, hereinafter referred to as Service Provider or Controller), operator of the www.mmts.hu website (hereinafter referred to as the Website) hereby publishes the following Data Protection Notice, whose content the Service Provider agrees to be bound by in its capacity as Controller.
I. Scope of the regulation
a) The scope of the present regulation covers the entire M&M TS KFT enterprise and the persons it employs (hereinafter referred to as the Enterprise).
II. Objective of the regulation
a) The objective of the Regulation is to ensure the protection of personal data according to the Fundamental Law of Hungary, implement informational self-determination, and set the rules for data protection and data security to be applied during data handling of personal data handled by the enterprise.
III. Applicable legislative provisions
a) During data handling the enterprise must follow the rules specified in the following legislative provisions, as stipulated in its current internal regulation:
IV. Personal data related to the activity of the enterprise
a) The Service Provider provides opportunity for online quote requests and order placement for its services presented on the Website to persons obtaining information on the Website (hereinafter referred to as User/Users) via the Website and e-mail. The Service Provider handles the data of Users provided by them during quote requests and the data of potential suppliers applying to the Service Provider via e-mail (CVs, personal contact data) and collects data using cookies on visitors to the Website for statistical purposes. In connection with data handling the Service Provider hereby informs Users of the personal data handled by it on the Website, the principles and practices it follows in connection with the handling of personal data, and the method and options of data subjects for exercising their rights.
b) The Service Provider respects the rights relating to personality of visitors to its Website and handles recorded personal data confidentially, in conformity with Act CXII of 2011 (Information Act) in force in Hungary, Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”), the recommendation of the Hungarian National Authority for Data Protection and Freedom of Information (“NAIH”), international recommendations, and the present Data Protection Notice.
1) Categories of handled data and the purpose of data handling
a. The following data are recorded in connection with users:
b. Data handling is only performed to facilitate contact with Users, provide customised products/services, enable order placement related to products/services and invoicing, and perform the established contracts.
c. All stages of data handling are in line with the purpose of data handling, that is, the Service Provider shall only handle personal data of Users to the extent and for the duration necessary for achieving this purpose.
2) Legal grounds for data handling
3) Controller and persons with right to access data:
4) Duration of data handling
V. Data security measures
b) Taking into account the state of science and technology, implementation costs, the nature, scope, circumstances and purposes of data handling, and the risk of varying probability and severity to the rights and freedoms of natural persons, the Service Provider shall take appropriate technical and organisational measures to guarantee data security of an appropriate level for the risk. Pursuant to the above the enterprise must guarantee the confidentiality, inviolability, and availability of data it handles. In order to determine the data security measures of appropriate level the enterprise shall assess each data file it handles in terms of protection requirements and classify them in terms of security.
c) To determine the security class of individual data handling operations the following must be analysed:
a) the risk associated with unauthorised access to or alteration or deletion of personal data handled and with damage to hardware devices and software, together with the expected damage;
b) whether the damaged data file can be recovered, the expenses of potential recovery, the availability of data sources necessary for reproducing personal data, and the possibility of recovering lost data from the manual background register;
c) whether special security rules should be applied in light of the nature of handled personal data;
d) other risk elements that threaten data security;
d) To ensure the security of data handling the Enterprise employs a combination of physical, logical, and administrative controls.
e) The Enterprise employs at least the following physical controls:
a) to prevent unauthorised access to data, whether handled electronically or in hard copy the Enterprise ensures that unauthorised persons cannot physically access handled data. This is ensured by locking premises with a key and protecting computers with a password.
f) The Enterprise employs at least the following logical controls:
a) the Enterprise ensures that only persons with appropriate privileges can access the data it handles. This is ensured by requiring a username and password for access to internal computers or computer networks.
g) The Enterprise employs at least the following administrative controls:
a) the Enterprise ensures that any access to personal data is retraceable in documents. This is ensured by the use of a unique alarm code and a register for personal keys to rooms.
b) the Enterprise shall develop document management procedures which ensure that any documents containing personal data it receives by mistake are filtered out at the earliest opportunity and only become known to the most limited circle of persons possible. This is ensured by mail being opened personally by management.
VI. Handling of data protection incidents
h) Without appropriate measures being taken in time, data protection incidents can cause physical, material, or non-material damage to natural persons, including the loss of control over their personal data, restriction of their rights, discrimination, identity theft or identity fraud, financial loss, damage to reputation, loss of the confidential nature of personal data protected by a professional confidentiality obligation, or other significant economic or social disadvantage affecting the natural person in question.
i) The Enterprise shall report data protection incidents to the relevant authority without undue delay – if possible, within 72 hours of becoming aware of the data protection incident.
j) Data protection incidents do not need to be reported to the authority if they are unlikely to pose a risk to the rights and freedoms of natural persons.
k) If the report is made beyond 72 hours, the reasons for the delay must also be attached to it.
l) If a data protection incident has to be reported to the authority, then the report must include:
a) a description of the nature of the data protection incident, including – if possible – the categories and approximate number of data subjects concerned and of the data involved in the incident;
b) the name and contact details of the data protection officer or other contact person who can provide further information;
c) the probable consequences of the data protection incident;
d) the measures taken or planned by the Enterprise in order to remedy the data protection incident, including, if appropriate, the measures aimed at mitigating any negative consequences of the data protection incident.
m) If the data protection incident is likely to pose a high risk to the rights and freedoms of natural persons, the Enterprise shall inform the data subject of the data protection incident without undue delay. The information provided must describe the nature of the data protection incident using clear and accessible language and must include the following:
a) the name and contact details of the data protection officer or other contact person who can provide further information;
b) the probable consequences of the data protection incident;
c) the measures taken or planned by the Enterprise in order to remedy the data protection incident, including, if appropriate, the measures aimed at mitigating any negative consequences of the data protection incident.
n) The Enterprise shall without delay inform the Controller on whose behalf it is performing data processing activity of any data protection incident that occurs within the scope of its data processing activity.
The contract between the Enterprise and the data processor it employs shall stipulate that the data processor is obliged to report any data protection incident during its activity to the Enterprise without delay.
VII. Use of cookies
1. Disabling cookies
If you wish to disable the web activity of Analytics, visit the page for disabling Google Analytics, and download the extension for your browser. For further information about installing and removing the extension see the Help function of the given browser.
Rights and legal remedy options of Users
Contact details: Nemzeti Adatvédelmi és Információszabadság Hatóság (Hungarian National Authority for Data Protection and Freedom of Information)
H-1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, Pf. 5.
Telephone: +36 -1-391-1400
Fax: +36-1-391-1410
E-mail: Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein!
5) Miscellaneous provisions