Get in touch

a

M

Get in touch

Privacy Notice

THE PROTECTION OF NATURAL PERSONS RIGHTS WITH REGARD TO THE PROCESSING OF PERSONAL DATA

INTRODUCTION

Why is this privacy notice made?

During its operation, the Data Controller handles personal data for several purposes, while respecting the rights of the data subjects and fulfilling legal obligations. The Data Controller also considers it important to present to the data subject the handling and the most important characteristics of the personal data that came to the controller’s knowledge during the data processing activities.

What is the legal basis of processing the data subjects’ personal data?

Personal data is only processed for a specific purpose and on an appropriate legal basis. These purposes and legal bases are presented individually, in relation to specific data processing.

What external assistance is used to process your personal data?

Personal data is mostly processed by the Data Controller at own premises. However, there are operations for which a data processor’s external help is necessary. The data processor may change according to the characteristics of each data processing.

Who is processing your personal data?

The data subject may receive information about the data processors employed by the Data Controller and their contact details in section II of this privacy notice.

SECTION I.

NAME OF THE DATA CONTROLLER

The issuer of this privacy notice and the Data Controller:

COMPANY NAME: Photon Technologies Limited Liability Company

REGISTERED SEAT: 9022 Győr, Liszt Ferenc utca 40.

COMPANY REGISTRATION NUMBER: 08-09-034570

TAX NUMBER: 26218362-2-08

EUID IDENTIFIER: HUOCCSZ.08-09-034570

REPRESENTS: Volom Anna Sára Managing Director

EMAIL: [email protected]

CONTACT: https://thephoton.eu/ and http://thephoton.de/ “contact” menu

(hereinafter: Company)

SECTION II

NAME OF THE DATA PROCESSORS

Data Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; (Regulation 2016/679 Article 4 8.)

To use a data processor, prior consent from the data subject is not required, but he or she must be notified. Accordingly, the following information is provided:

Data processor performing invoicing and payroll tasks:

COMPANY NAME: Reliable Account Szolgáltató Korlátolt Felelősségű Társaság

REGISTERED SEAT: 1043 Budapest, Csányi László utca 34

COMPANY REGISTRATION NUMBER: 01-09-969884

TAX NUMBER: 23529515-2-41

Data processor with administrative tasks:

NAME: SALGÓ-VÉTEK EMESE E.V.

REGISTERED SEAT: 1112 Budapest, Kékperje street 8. Fsz. 2.door

REGISTRATION NUMBER: 50013447

TAX NUMBER: 67296060-1-43

Data processor performing invoicing activities:

COMPANY NAME: Billingo Technologies Zártkörűen Működő Részvénytársaság

REGISTERED SEAT: 1133 Budapest, Árbóc utca 6.

COMPANY REGISTRATION NUMBER: 01-10-140802

TAX NUMBER: 27926309-2-41

CONTACT: https://www.billingo.hu/

IT service provider:

COMPANY NAME: Hotjar Ltd.

REGISTERED SEAT: Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141, Malta

IT service provider:

COMPANY NAME: Optimonk International Zártkörűen Működő Részvénytársaság

REGISTERED SEAT: 4028 Debrecen, Kassai út 129.

COMPANY REGISTRATION NUMBER: 09-10-000583

TAX NUMBER: 26335498-2-09

CONTACT: https://www.optimonk.hu/

Credit card payment service provider:

COMPANY NAME: Barion Payment Zrt.

REGISTERED SEAT: 1117 Budapest, Irinyi József utca 4-20. 2. em

COMPANY REGISTRATION NUMBER: 01-10-048552

TAX NUMBER: 25353192-2-43

CONTACT: https://www.barion.com/hu/

The data controller also transfers data to the respective photo- and videographer contract partners.

Recipients:

COMPANY NAME: Google LLC 

REGISTERED SEAT: Mountain View, California, USA

CONTACT: https://mail.google.com/

COMPANY NAME: Meta Platforms, Inc.

REGISTERED SEAT: 1601 Willow Road, Menlo Park, California, 94025

COMPANY NAME: PayPal Holdings, Inc.

REGISTERED SEAT: 2211 North First Street, San Jose, CA 95131, US

CONTACT: https://www.paypal.com/

COMPANY NAME: Stripe, Inc.

REGISTERED SEAT: 185 BERRY ST #550, SAN FRANCISCO, CA 94107 (USA)

CONTACT: https://stripe.com/en-hu

COMPANY NAME: ADOBE SYSTEMS SOFTWARE IRELAND LIMITED

REGISTERED SEAT: 4-6 RIVERWALK CITYWEST BUSINESS PARK DUBLIN 24 IRELAND

TAX NUMBER: IE 6364992

CONTACT: https://www.adobe.com/

COMPANY NAME: MailChimp

REGISTERED SEAT: 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, Georgia 30308

CONTACT: https://mailchimp.com/

COMPANY NAME: SendGrid

REGISTERED SEAT: 1801 California St, Denver, Colorado 80202, US

CONTACT: https://sendgrid.com/

COMPANY NAME: IBM CLOUD C/O SOFTLAYER INC.

REGISTERED SEAT: 14001 North Dallas Parkway, Suite M100 Dallas, TX 75240

CONTACT: https://cloud.ibm.com/

COMPANY NAME: CLOSTE LLC

REGISTERED SEAT: 1603 Capitol Ave., Suite 310 A546, Cheyenne, Wyoming 82001

CONTACT: https://www.closte.com/

COMPANY NAME: JN PROJECTS, INC // HELLOSIGN INC (DROPBOX INC COVERED)

REGISTERED SEAT: 333 Brannan St San Francisco, CA, 94107-1810 United States

CONTACT: https://www.hellosign.com/

COMPANY NAME: WeTransfer B.V.

REGISTERED SEAT: Willem Fenengastraat 19 1096 BL Amsterdam The Netherlands

TAX NUMBER: NL826110976B01

CONTACT: https://wetransfer.com/

Where the Privacy Notice generally refers to transfers to the Company’s data processors, in those cases it should also be understood to refer to transfers to the above recipients.

SECTION III.

LAWFULNESS OF PROCESSING

1. Data processing based on the data subject’s consent 

1.1. Where the Company intends to carry out data processing based on consent, the data subject’s consent to the processing of his or her personal data shall be obtained by means of the data request form and information as set out in the Data Processing Policy. 

1.2. Consent shall also be deemed to be given if the data subject ticks a box when viewing the Company’s website, makes the relevant technical settings when using information society services, or makes any other statement or takes any other action which clearly indicates the data subject’s consent to the intended processing of his or her personal data in the relevant context. Silence, ticking a box or inaction therefore does not constitute consent.  The continuation of a telephone call after having been duly informed shall constitute consent.

1.3. Consent covers all processing activities carried out for the same purpose or purposes. Where processing is carried out for more than one purpose, consent shall be given for all the purposes for which the processing is carried out. 

1.4. Where the data subject gives his or her consent in the context of a written statement which also relates to other matters, such as the conclusion of a sales or service contract, the request for consent must be presented in a manner clearly distinguishable from those other matters, in a clear and easily accessible form, in clear and plain language. Any part of such a statement containing the consent of the data subject which is in breach of the Regulation shall not be binding.

1.5. The Company shall not make the conclusion or performance of a contract conditional on the giving of consent to the processing of personal data which are not necessary for the performance of the contract.

1.6. The data subject may withdraw his/her consent at any time by sending an e-mail to the e-mail address indicated in Chapter I.

1.7. If the data subject withdraws his/her consent, the controller may no longer process his/her data. Where consent is withdrawn, the controller must ensure that the data are erased, unless another legal basis allows for the processing of those data (e.g. storage requirements or the need to perform a contract). Where processing has been carried out for more than one purpose, the controller may not use the personal data for the purpose for which the data subject has withdrawn consent.

2. Data processing based on performing legal obligations 

2.1. In the case of data processing based on performing legal obligations, the scope of the data that can be processed, the purpose of the data processing, the duration of data storage and the recipients are governed by the provisions of the underlying legislation.

2.2. The processing of personal data for compliance with a legal obligation is based on the regulation, regardless of the consent of the data subject.

In this case, prior to the processing of the data, the data subject shall be informed that the data processing is obligatory and shall be clearly and in detail informed of all facts concerning the processing, in particular the purpose and legal basis of the data processing, the person authorized to handle and process the data, the duration of the data processing, whether the personal data of the data subject are processed by the Data Controller on the basis of the legal obligation applicable to him or her, and who can get access to the data. The information shall include the rights and remedies available to the data subject. In the case of mandatory data processing, the information may also take place with the publication of a reference to the legislative provisions which contain the foregoing information.

3. Data processing based on legitimate interests

3.1. The legitimate interests of the Company or a third party may provide a legal basis for the processing, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. The reasonable expectations of the data subject based on his or her relationship with the controller should be taken into account, so that the processing of personal data for contact purposes, even for direct marketing purposes, may be considered to be based on legitimate interests.

3.2. The processing based on legitimate interests requires a balancing of interests test, in which the Company will always take into account the current circumstances and the situation of the controller and the data subjects. In the case of processing in the interest of the Company, the balancing of interests tests carried out separately have led to the following result: in the balancing of interests test, the Company has concluded, taking into account the conditions described for the processing in question, that the processing is justified subject to the appropriate safeguards, as set out in this Policy, without which the Company would not be able to operate competitively. In this light, the emotional impact on data subjects and the harm to their right to privacy can be considered proportionate. 

4. Data processing for the protection of the vital interests of the data subject or other natural person

4.1. The protection of the vital interests of the data subject or of another natural person may also provide a legal basis for processing, given that the right to data protection is fundamental but not exclusive, and that the right to the protection of personal data is naturally overridden by the right to life in a life and death context.

5. Data processing based on contractual interests

5.1. Data processing may also be based on a contractual interest if it is necessary for the performance of a contract in which the data subject is a party or if it is requested by the data subject in order to prepare the contract.

6. Promoting the rights of the data subject

6.1. The Company is obliged to ensure the exercise of the rights of the data subject during all data processing.

SECTION IV.

INFORMATION ABOUT DATA PROCESSING BY THE COMPANY

Customer data: managing data of contracting partners, contacts – registering customers, suppliers

(1) The Company may process the name, name at birth, date of birth, mother’s name and address of the natural person who has a contractual relationship with it for the purposes of preparing, concluding, performing, terminating or granting a contractual benefit, in summary, supporting economic processes in the common interest, for the purpose of the performance of a contract, tax identification number, tax number, entrepreneur’s or self-employed person’s identity card number, personal identity card number, address, address of registered office, address of premises, telephone number, e-mail address, website address, bank account number, customer number (customer number, order number), online identifier (list of customers, suppliers, frequent buyer lists), medical fitness documents, certificate. This processing is also lawful if it is necessary to take steps at the request of the data subject prior to the conclusion of the contract. Recipients of personal data: the Company’s employees performing customer service tasks, employees performing accounting, tax, business, invoicing tasks and data processors. The period of storage of personal data is 8 years after the termination of the contract in view of the long-term business relationship of the Company. 

(2) The legal basis for the processing of the data of the natural person contracting party provided in the contract for accounting and taxation purposes is the fulfilment of a legal obligation, in this context the storage period is 8 years.

(3) The Company shall process the personal data of the natural person acting on behalf of the legal person contracting with it – the person signing the contract – provided in the contract, as well as his/her address, e-mail address and telephone number, online identification number for the purposes of contract preparation, contact, exercise of rights and obligations arising from the contract – in summary, support of economic processes arising in the common interest – for the legal title of contract performance. The storage period of these data is 8 years after the termination of the contract. In the case of processing based on legitimate interest, the data subject has the specific right to object to the processing.

(4) The Company shall process the name, address, telephone number, e-mail address, online identifier of the natural person – not a signatory – designated as a contact person in a contract concluded with it for the purpose of maintaining contact and exercising rights and obligations arising from the contract – in summary, to support economic processes in the common interest – for the performance of the contract, taking into account that the contact person is in an employment relationship with the contracting party, so that this processing does not adversely affect the rights of the data subject. The Contracting Party declares that it has informed the contact person concerned of the processing relating to his capacity as contact person. The storage period of this data shall be 8 years after the contact has been established.

(5) With regard to all data subjects, the recipients of personal data are: the Company’s senior management, employees performing customer service tasks, contact persons, the Company’s data processors, in particular employees performing accounting, tax and business processing tasks, and data processors.

(6) Personal data may be transferred for data processing to the accounting office appointed by the Company for taxation and accounting purposes, to the Hungarian Postal Service or the appointed courier service for postal delivery, to the Company’s security agent for asset protection purposes, to the Company’s data processors.

(7) The processing shall be considered lawful if it is necessary in the context of a contract or the intention to conclude a contract (Preamble 44) if it is necessary for the purposes of taking steps at the request of the data subject prior to the conclusion of the contract (Article 6 (1) b.). Thus, personal data collected in the context of contractual offers may also be processed for the purposes of the performance of a contract as described in this point. When making or receiving an offer, the Company is obliged to inform the offeror or the offeree of the offer. 

(8) The data processing clauses and information to be applied in the contracts to be concluded by the Company are set out in Annex 5 to these Rules. It is the duty and obligation of the Company’s employees to ensure that these data processing clauses are included in the text of the contract.

Inquiry on the Company’s website

  1. The natural person using the website (user) can give his/her consent to the processing of his/her personal data by ticking the relevant box. It is prohibited to tick the box in advance.
  1. The scope of personal data processed: the name of the natural person (surname, first name), e-mail address, phone number, company name
  1. Purpose of the processing of personal data: 

search for a product, request information or a quote

  1. The legal basis for the processing is the consent of the data subject.
  1. Recipients of the personal data: the Company’s IT data controllers; data processors
  1. Duration of storage of personal data: 5 years or until the data subject’s consent is withdrawn (request for erasure).
  1. The data subject acknowledges that the provision of data is not a prerequisite for the conclusion of a contract and is not obliged to provide his/her personal data.

Data management in the Company’s webshop

(1) Purchases made in the webshop operated by the Company shall be deemed to be a contract, subject to Article 13/A of Act CVIII of 2001 on certain issues of electronic commerce services and information society services, and to Government Decree 45/2014 (26.II.) on the detailed rules of contracts between consumers and businesses. In the case of purchases made in a webshop, the legal basis for data processing is the contract.

(2) The Company may process the natural personal identification data and the address of the customer registering in the webshop for the purpose of creating, defining the content of, amending and monitoring the performance of the contract for the provision of information society services, invoicing the fees arising therefrom, and enforcing the claims related thereto, in accordance with Article 13/A (1) of Act CVIII of 2001, and the telephone number, e-mail address, bank account number and online identifier of the customer registering in the webshop, and in accordance with the consent.

(3) For billing purposes, the Company may process personal data relating to the use of information society services, address, delivery address, as well as data relating to the time, duration and place of use of the service, pursuant to Article 13/A (2) of Act CVIII of 2001.

(4) Recipients and categories of recipients of personal data: employees of the Company performing tasks related to customer service, money management, transport, marketing activities, as data processors, data processors of the Company, in particular employees of the company performing tax and accounting tasks of the Company, for the purpose of fulfilling tax and accounting obligations, employees of the Company’s IT service provider for the purpose of fulfilling hosting services, employees of the courier service for the purpose of delivery data (name, address, telephone number).

(5) Duration of the processing of personal data: until the registration/service is completed or until the data subject’s consent is withdrawn (request for deletion), in case of a purchase, until the end of the 5th year following the year of purchase. 

(6) When shopping in the online shop, the Privacy Policy must be made available with a link and the customer must accept it.

Data processing related to the newsletter service 

(1) By ticking the relevant box, the natural person registering for the newsletter service on the website, acting on behalf of a legal entity, acknowledges that the Company processes his/her data for the purpose of sending newsletters, marketing enquiries and information materials on the basis of the legitimate (other commercial) interest of the data controller and the consent of the data subject until the service is active or until the receipt of a request for cancellation (unsubscribe request sent by email). It is prohibited to tick the box in advance. When subscribing, the Privacy Notice (Annex 2) must be made available via a link. The data subject may unsubscribe from the newsletter at any time by giving a written or e-mail declaration. In such a case, all data of the objector shall be deleted immediately. 

(2) The scope of personal data that may be processed: name (surname, first name), e-mail address, telephone number of the natural person.

(3) Purpose of the processing of personal data: 

1. sending newsletters about the Company’s services

2. sending advertising material, information material 

3. marketing enquiries

(4) Legal basis for processing: consent of the data subject, legitimate interest of the controller. Based on the balancing of interests test, the direct commercial interest of the Company (GDPR Preamble 47) is greater than the risk of processing personal data related to the newsletter service, given that it is a commercial company. The legal consequence of not giving consent: the service will not be provided.

(5) Recipients or categories of recipients of personal data: employees of the Company performing tasks related to customer service and marketing activities, employees of the Company’s data processor as data processor, in particular, employees of the newsletter sender, marketing and IT service provider for the purpose of providing the hosting service.

(6) Duration of the storage of personal data: until the newsletter service is provided or until the data subject’s consent is withdrawn (request for deletion).

(7) The data subject acknowledges that the provision of data is not a prerequisite for the conclusion of a contract and is not obliged to provide his/her personal data. Failure to provide the data may result in the non-supply of the newsletter.

Data processing for direct marketing purposes

(1) Article 6 (5) of Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activities: advertisers, advertising service providers and advertisement publishers shall keep records of the personal data of persons who have given their consent. The data recorded in this register – relating to the recipient of the advertising – may only be processed in accordance with the consent given in the declaration of consent, until it is withdrawn, and may only be disclosed to third parties with the prior consent of the person concerned.

(2) The scope of personal data that the Company may process for the purpose of advertising mailing enquiries: the name, address, telephone number, e-mail address, online identifier of the natural person.

(3) The purpose of processing personal data is to carry out direct marketing activities related to the Company’s activities, i.e. sending advertising publications, newsletters, current offers in printed (postal) or electronic form (e-mail), on a regular or periodic basis, to the contact details provided at the time of registration.

(4) Legal basis for processing: consent of the data subject. 

(5) Recipients or categories of recipients of personal data: employees of the Company performing customer service tasks, data processors of the Company as data processors, in particular employees of the Company’s IT, Marketing, Postal Service in case of postal delivery.

(6) Duration of storage of personal data: until consent is withdrawn.

(7) For the consent to data processing for direct marketing purposes, the data request form in Annex 1 to this Policy may be used.

Data management in relation to social media (Facebook, Instagram)

(1) Our Company has only limited influence on the data processing of social media platform operators. In those places where we can influence and parameterize it, we will facilitate its data processing in a manner that is appropriate from a data protection point of view within the range of possibilities available to us. In most cases, however, we have no control over the operator’s activities, so we have no information about exactly what data is processed.

Facebook’s privacy policy can be found at: 

https://www.facebook.com/privacy/explanation/

Instagram’s privacy policy can be found at: 

https://help.instagram.com/519522125107875

(2) The Controller manages its own page on Facebook. The data subject can subscribe to the news feeds published on the Facebook page’s message board by clicking on the “like” or “like” link on the pages. To be able to contact the Data Controller via Facebook, you must be logged in. For this purpose, Facebook also requests, stores and processes personal data. The Controller has no control over the type, scope and processing of these data and does not receive personal data from the Facebook operator. On Facebook pages, the Data Controller processes the personal data of followers on the basis of the voluntary consent of the followers, which is deemed to have been given by the fact that the person concerned likes, follows or comments on the page or posts. The data subject declares that he/she is over 16 years of age when requesting services on the Facebook page of the Controller. A person under the age of 16 requires the consent of his or her legal representative in order for his or her declaration of consent to the processing to be valid pursuant to Article 8(1) of the GDPR. The controller is not in a position to verify the age and entitlement of the person giving consent, so the data subject warrants that the data he or she has provided is accurate.

(3) Purpose of processing: to provide information on current information, news concerning the Data Controller, advertising on social media, presentation and promotion of services. The Facebook page is used by the Data Controller for marketing purposes in order to inform interested parties about its services and to enable them to contact the Data Controller.

(4) Legal basis for processing: voluntary consent of the data subject (in accordance with Facebook, Instagram policies)

(5) Data subject: name of the data subject; data subjects: users of the social media platform

(6) Duration of data processing: the data subject can unsubscribe from the Facebook page of the Data Controller by clicking on the “dislike” or “do not like” button or delete unwanted content by using the settings on the message board. The active status of the service

(7) Recipients: the employees of the data controller performing tasks related to customer service and marketing, the Company’s data processors as data processors, in particular the Company’s IT service provider.

  1. The data subject acknowledges that the provision of data is not a prerequisite for the conclusion of a contract and is not obliged to provide his/her personal data. The possible consequence of not providing the data is the failure to inform the Data Controller about current news and services concerning the Data Controller.

Data processing related to the organisation of a prize draw 

(1) If the company organises a gift draw (Article 23 of Act XXXIV of 1991), it may process the name, address, telephone number, e-mail address, online identifier and tax identification number of the natural person concerned on the basis of his or her consent. Participation in the game is voluntary. Consent to the processing of personal data is deemed to have been given by accepting this policy and participating in the game.

(2) The purpose of processing personal data is to identify and notify the winner of the prize draw, to send the prize, to contact you for marketing purposes and to send you information material. Legal basis for processing: consent of the data subject.

(3) Recipients or categories of recipients of personal data: employees of the company performing marketing and customer service tasks, data processors of the Company as data processors, in particular the Company’s IT service provider, accounting employees, courier service employees and other data processors of the Company named in the other data processing regulations. With explicit consent, the Company may display the names of the winners on its Facebook, Instagram pages, drawing the attention of the data subjects to the fact that the news may be shared by others in the privacy notice. On social networking sites, implicit behaviour may be considered as consent.

(4) Duration of storage of personal data: 5 years, 8 years in the case of winners for the purpose of keeping accounting records.

Processing of data of applicants for employment, applications, CVs 

(1) The scope of personal data processed: name, date of birth, place of birth, mother’s name, address, qualifications, photograph, telephone number, e-mail address of the natural person, employer’s note on the applicant (if any).

(2) Purpose of the processing of personal data: application, assessment of the application, conclusion of an employment contract with the selected person. The data subject must be informed if the employer has not chosen him/her for the job in question.

(3) Legal basis for the processing: consent of the data subject (to be deemed to have been given when the application is sent). The legal consequence of withdrawing consent is non-application.

(4) Recipients and categories of recipients of personal data: managers and employees with employment duties who are entitled to exercise employer’s rights in the Company. 

(5) Duration of storage of personal data: until the application or tender is assessed, up to a maximum of 2 years. Personal data of applicants who are not selected shall be deleted. The data of those who withdraw their application or candidature shall also be deleted.

Management of recruitment data, applications, CVs 

(1) The personal data that may be processed include: the name, date and place of birth, mother’s name, address, qualifications, photograph, telephone number, e-mail address of the natural person, employer’s record of the applicant (if any).

(2) Purpose of the processing of personal data: application, assessment of the application, conclusion of an employment contract with the selected person. The data subject must be informed if the employer has not chosen him/her for the job in question.

(3) Legal basis for the processing: the data subject’s consent (deemed to have been given at the time of sending the application). The legal consequence of withdrawing consent is non-recruitment.

(4) Recipients or categories of recipients of personal data: managers and employees performing labour-related tasks who are entitled to exercise employer rights at the Company. 

(5) Duration of storage of personal data. Until the application or tender is assessed, for a maximum of 2 years. Personal data of unsuccessful applicants will be deleted. The data of candidates who withdraw their application or candidature must also be deleted.

Data processing for tax and accounting obligations 

(1) The Company shall process the data of natural persons who have come into contact with it for the purposes of fulfilling a legal obligation, tax and accounting obligations (bookkeeping, taxation) as provided for by law.  §-of the Act of 2000 on Accounting: name, address, designation of the person or organisation ordering the transaction, signature of the person ordering the transaction and the person certifying the execution of the order, and, depending on the organisation, the signature of the controller; on stock movement vouchers and cash management vouchers: signature of the recipient and on counterfoils: signature of the payer, and under Act CXVII of 1995 on Personal Income Tax: tax identification number. 

(2) Data processing related to the keeping of the driver’s logbook and the driver’s logbook (in relation to vehicles used by more than one holder): the Company processes the data specified by law (name of the driver, type of vehicle, registration number, date and purpose of the journey, route taken, name of the business partner visited) for the purposes of legal obligations, cost accounting, supporting documents, tax assessment and fuel saving. The relevant legislation is Act No. CXVII of 1995 (Tax Act), § 27/2/, Annex 3, item 6 and Annex 5, item 7.

(3) The period of storage of personal data shall be 8 years after the termination of the legal relationship giving rise to the legal basis.

(4) Recipients of personal data: employees and data processors of the Company performing tax, accounting, payroll and social security functions.

Payer data processing 

(1) The Company shall process the personal data of the data subjects – employees, their family members, workers, recipients of other benefits – with whom it has a relationship as a paying agent (Act 2017: CL. on the Order of Taxation (Art.), § 7.31.) for the purposes of fulfilling its legal obligations, tax and contribution obligations (tax, advance tax, contributions, payroll, social security, pension administration). The scope of the data processed is defined in Art. Article 50 of the Act defines the data subject of the data subject, specifically highlighting: the natural person’s natural person identification data (including previous name and title), gender, nationality, tax identification number, social security number (social security number). If the tax laws impose a legal consequence, the Company may process data relating to employees’ membership of health (Section 40 of the Social Security Act) and trade unions (Section 47(2) b) of the Social Security Act) for the purposes of meeting tax and contribution obligations (payroll accounting, social security administration).

(2) The period of storage of personal data shall be 8 years after the termination of the legal relationship giving rise to the legal basis.

(3) Recipients of personal data: employees and data processors of the Company performing tax, payroll, social security (payroll) tasks. 

Processing of documents of lasting value under the Archives Act 

(1) The Company shall, in the performance of its legal obligation, process documents of permanent value pursuant to Act LXVI of 1995 on public records, public archives and the protection of private archival material (Archives Act), in order to ensure that the permanent value of the Company’s archival material is preserved intact and in a usable condition for future generations. Duration of storage: until the transfer to the public archives. 

(2) Recipients of the personal data: the head of the Company, employees of the Company who are responsible for the management and archiving of the records, employees of the public archives.

SECTION V.

COOKIE POLICY ON THE WEBSITE OF THE COMPANY 

(1) Cookies are text files with small pieces of data, that are stored in the user’s computer or phone (HDD, SSD) until their expiration date, and if a user returns to that site in the future, the web browser returns that data to the web server. Their purpose is to store data regarding visiting the website, and personal adjustments, but these are not personal data of the user. Cookies help to create a user friendly website and to improve the user’s experience. If the user does not agree to use cookies, the use of the website will be intermitted. 

(2) Purpose of personal data processing: improvement in user’s internet experience, storage of personal adjustments

(3) Legal basis of data processing: the data subject’s freely given consent  

(4) Categories of processed personal data: the Data Controller stores every analytical information without name or any other personal data 

(5) Period for which the personal data are stored: The data subject can delete the cookies anytime on his or her computer or phone

SECTION VI.

INFORMATION ABOUT THE RIGHTS OF DATA SUBJECT

You can find further information about the rights of the data subject in General Data Protection Regulation (https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN)

  • Information and access to personal data (Article 13 and 14)
  • Right of access by the data subject (Article 15)
  • Right to rectification (Article 16)
  • Right to erasure (‘right to be forgotten’ – Article 17)
  • Right to restriction of processing (Article 18)
  • Right to data portability (Article 20)
  • Right to object (Article 21)
  • Right to not be subject to automated individual decision-making, including profiling (Article 22),
  • Right for remedies (Article 77-82).

Right to lodge a complaint with a supervisory authority: 

(1) Every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes General Data Protection Regulation. You can find further information about remedies under Article 77. 

(2) Contact of the supervisory authority: 

Hungarian National Authority for Data Protection and Freedom of Information

1055 Budapest, Falk Miksa utca 9-11

Postal address:1363 Budapest, Pf.: 9.

Tel.: +36 (1) 391-1400

E-mail: [email protected]

Website: https://www.naih.hu/

To download and view this Privacy Notice in a printer-friendly format, please click here.

Place and date: Győr, 1 March 2023.

Photon Technologies Limited Liability Company

Volom Anna Sára Managing Director