Data Processing Policy
For data processing through the electronic Pneumobil system
The information below applies to the processing of personal data of users logging into (registering in) the digital Pneumobil Pneureg system.
- Controller details
Controller: Aventics Hungary Kft (Pneumobil Organiser)
Registered office: 3300 Eger, Bánki Donát str 3
Postal address: 3300 Eger, Bánki Donát str 3.
Phone: +36(36) 531-600
Fax: +36(36) 531-600
- Legislation governing data processing
Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: GDPR)
- Processing of data submitted for registration
3.1. Processed categories of data and purpose of data processing
username — A username is indispensable to identify the user in the database for the purpose of registration. It also serves the purpose of liaison and staff contact.
email address — An email address is indispensable to identify the user in the database for the purpose of registration. It also serves the purpose of liaison and staff contact.
password — It offers secure access to the user’s account.
3.2. Legal basis for data processing
The legal basis for processing the data above, submitted for registration of a user account, is the consent of the person involved.
3.3. Duration of data processing
The Organiser may process contact data submitted upon registration until the user withdraws their consent. The system provides for the erasure or exchange of a person or their data within a registered team. The team name itself does not contain personal data, erasure is therefore not possible.
- Data processing of users logging in
4.1. Processed categories of data and purpose of data processing
team name — The name of a registered team. The team name itself does not contain personal data. The purpose of data processing is to identify the individual teams.
team members’ names — The names of the members of a registered team containing personal data. The purpose of data processing is to identify the team members and also serves the purpose of liaison and staff contact.
email address — The email address of the person in charge of registration, which the Organiser may use as a contact address for matters concerning registration. The Organiser will send registration confirmation to this address. The purpose of data processing is to send confirmation of the registration and also serves the purpose of liaison and staff contact.
4.2. Legal basis for data processing
Data processing is required for the tasks connected to registration.
4.3. Duration of data processing
The Organiser manages registration in line with applicable legislation.
- Data processing connected to registration
5.1. Processed categories of data and purpose of data processing
Please find the Organiser’s details in Section 1.
5.2. Legal basis for data processing
The Organiser needs to process data to complete their tasks connected to registration and to enforce the legislation applicable to the protection of personal data.
5.3. Duration of data processing
When processing registrations, the Organiser shall observe legal requirements pertaining to agencies on records management, data processing and time limits.
- Other personal data logged by the system
6.1. Processed categories of data and purpose of data processing
Personal details: name, place and date of birth, ID card number, residential address, email address, telephone number.
Purpose of data processing: registration, reservation of accommodation, financial transactions, contact with staff.
IP address — An identity protocol number assigned by the internet service provider to the user’s device. The Organiser may manage it to ensure the system’s IT security.
login date — the time a user logged into the system. The Organiser may manage it to ensure the system’s IT security.
6.2. Legal basis for data processing
The legal basis for data processing rests on the Organiser’s legitimate interest to protect the data in the system and the security of the IT infrastructure supporting the system operation. It is indispensable to log the above data to screen eventual malignant or abusive actions, to cater for the appropriate data and information security measures (e.g. vulnerability and traffic tests), and for internal audit purposes. The legitimate interest to provide for a secure system is proportionate to the processing of the above personal data recorded upon login.
6.3. Duration of data processing
The system stores the above data for 24 months after generation and will automatically erase them afterwards.
- Data access and data security measures
7.1. Access to data and data transfer
Only Organisers and the HR organization at Emerson Group have access to personal data to be able to perform their tasks.
The Organiser and the HR organization at Emerson Group may only hand over personal data processed by them to other persons in the manner and for the purposes laid down in the legislation.
7.2. Data security measures
The Organiser shall store personal data submitted upon registration on the servers at Pneumobil headquarters (Aventics Hungary Kft, 3300 Eger, Bánki Donát út 3) and on the servers of the contracted data processor. The Organiser shall have the right to receive the relevant personal data, which they have provided to an external controller, in a structured, commonly used and machine-readable format, and to transmit those data to another controller within an automatic system.
The Organiser and the external partner shall ensure the appropriate technical and personal measures to protect the personal data controlled by them from unauthorised access or unauthorised modification among other things. For example, the access to data stored in the IT system is logged by the system. Thus, it can always be monitored who accessed which personal data and when.
- Data processing rights
8.1. Right to information
The person involved may contact the Organiser in writing at the contacts listed in Section 1 to find out the following:
– the list of personal data,
– the legal basis,
– the purpose of data processing,
– the legal source,
– the duration of processing
– and the recipient of the right to access, the time and the legal basis of said access and the list of personal data accessed, as well as the recipient of the forwarded data, as provided by the Organiser.
The Organiser shall respond within a month at the latest and in writing, sent to the address specified by the person involved.
8.2. Right to rectification
The person involved may rectify their personal data on their own or may request the Organiser to do so in writing, sent to the contacts listed in Section 1 (e.g. they may modify their email or postal addresses at any time). Such modifications shall be done until the deadlines specified.
8.3. Right to erasure
The person involved may request erasure of their personal data from the Organiser in writing, sent to the contacts listed in Section 1.
The Organiser may refuse such a request in the event the internal procedures require that these personal data be stored for a longer period of time, for example, when the retention period has not expired yet. If not bound by such obligations, the Organiser may grant the request within a month at the latest, and shall notify the person involved of the erasure by mail sent to the contacts specified for such purposes.
8.4. Right to block (to limit) the data processing
The person involved may request in writing, sent to the contacts listed in Section 1 that the Organiser block their personal data (clearly marking the limits of data processing and ensuring that processing is done separately from other data). Such a restriction lasts as long as the reason given by the person involved requires data blockage.
The person involved may request data blockage if they think the Organiser processed their submission in an illegal manner, however the initiated official or court proceedings require the Organiser not to erase the submitted data. In such an event the Organiser shall store the personal data as long as the authorities or the court require, and will erase them afterwards.
8.5. Right to object
The person involved has the right to object against data processing in writing, sent to the contacts listed in Section 1, should the Organiser use or forward the personal data for other purposes, e.g. research. For example, an objection may be raised if the Organiser uses the personal data for scientific research, without consent.
- Enforcement of rights related to data processing
9.1. Submission of complaints
National Authority for Data Protection and Freedom of Information (NAIH)
Registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Postal address: 1530 Budapest, Pf.: 5
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
9.2. Initiation of court proceedings
In the event the involved person finds that their data are illegally processed, civil action may be initiated at the Court of Eger.
Eger, 25 September 2019