header_mail-icon

Írjon nekünk!

info@qplan.hu
header_phone-icon

Hívjon most!

+36-1-250-87-07
header_clock-icon

Nyitvatartás:

H-P 07:30-16:00H
Szerviz ügyelet: 0-24H

Csak szerződött ügyfeleink részére!

General Data Protection Regulation

  1. Controller

Name: QPLAN Cooling Technical Design & Services Co. Ltd.
Short name: QPLAN Ltd.
Budapest, Csillaghegyi str 43. H-1037
Phone: +36 1 250 8707
Email: info@qplan.hu
Company registration number: 01-09-711-597
Tax identification number: 12950603-2-41
Website: www.qplan.hu and www.qplanrefrigeration.com

  1. Data protection directives

2.1. As a Controller, QPLAN Cooling Technical Design & Services Co. Ltd. undertakes that all data processing related to its activities complies with the requirements specified in these regulations and in the applicable national law, as well as in the legal acts of the European Union.

2.2. The Controller is entitled to unilaterally change its data processing regulations.

2.3. The Controller is committed to protecting of the personal data of its customers and partners, and considers it particularly important to respect for right to information self-determination. To this effect, it treats personal data confidentially and takes all security, technical and organizational measures which guarantee the security of the data.

2.4. The data processing principles of the Controller are consistent with the applicable data protection legislation, in particular the following.

  • Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Infotv.); - Regulation (Eu) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR)
  • Act V of 2013 - on the Civil Code (Civil Code)
  • Act C of 2000 - on Accounting (Act on Accounting)
  • Act CXXXVI. of 2007 – on the Prevention and Combating of Money Laundering and Terrorist Financing

2.5. The data processing of the Controller's activity it is based on the voluntary consent of the data subject or rather a legal authorization. In the case of data processings based on voluntary consent, data subjects may withdraw their consent at any stage of the data processing. The management, storage and transmission of a set of provided data is currently permitted by law in certain cases.

2.6. The Controller undertakes that in all cases if the personal data provided the company intends to use for an other purpose than the purpose of the original data collection, Controller informs the user and obtains prior express consent of the user or provides an opportunity for the user to prohibit the use.

  1. The goal and title of data processing

3.1. The Controller uses the personal data on the basis of pleas in the GDPR and only for legitimate purpose. They are not treated in a way incompatible with those purposes.

3.2. The data processing principles of the Controller are consistent with the applicable data protection legislation, in particular the following: a. Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Infotv); b. Regulation (Eu) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR); c. Act V of 2013 - on the Civil Code (Civil Code); d. Act C of 2000 - on Accounting (Act on Accounting).

  1. Scope of managed data

4.1. The condition of cooperation between the Controller and its customers and partners is verbal and written communication,

for which the Controller only uses and storages data officially provided by its customers and partners, for example: data provided in corporate email, which may include:

  • Name
  • Position
  • Phone number
  • Mobile phone number
  • E-mail address
  1. Data transfer to third parties

5.1. The Controller only transfers the data to a third party with the written consent of the data subject and /or legal obligation.

  1. Logging of the web server of Controller

6.1. The web server does not record any personal user data when the website of Controller is visited.

  1. Contract-related data processing

7.1. The Controller manages the name, address, company headquarters, settlement, telephone number, e-mail address, bank account number of the natural person who acts as the buyer or supplier, or the natural person who represents the legal person for the performance of the contract, for the purpose of concluding, performing, terminating the contract, providing a contractual discount.

7.2. Such data processing is also legal if the data processing necessary to take steps at the request of the data subject previous to the contract. (For example: on-site survey)

7.3. Recipients of personal data: customer service employees of the company,

employees performing accounting and tax tasks, and data processors or any natural person designated by clients of Controller to relationship.

7.4. Duration of storage of personal data: the warranty period of the equipment or work which is the subject of the contract.

7.5. The relevant natural person must be informed before the start of the data processing, that the data processing is based on the title of the performance of the contract, the information may also be provided in the contract. The data subject must be informed about the transfer of his or her personal data to the data processor.

7.6. The data collection statement must be presented by the employee related to the customer, buyer or supplier to the relevant person, and request for consent to the handling of his / her personal data by signing the statement, if the providing of this data is indispensable for cooperation. The statement must be kept for the duration of the data processing.

  1. Handling of other data

8.1. The Controller operates a camera monitoring system inside and outside the buildings as specified by law.

8.2. Camera recording will only be checked in case of suspicion of an offense and / or crime and will be automatically deleted after 1 month.

8.3. We would like to inform you that the Controller may be contacted by the court, the prosecutor, the investigating authority, infringements of the rule of law authority, the administrative authority, the Hungarian National Authority for Data Protection and Freedom of Information, the Hungarian National Bank, the National Protective Service, and also by other bodies on basis of empowerment of legislation, owing to the purpose of providing information, communication of data, handover and also making available documents. Controller shall provide personal data to the autorities, in case the authority has indicated the exact purpose and scope of the data, only to the extent which is absolutely necessary to achieve the purpose of the request.

  1. Correspondence and telephone customer service of Controller customer

9.1 If you contact our Company, you may contact the Controller at the contact details provided in this prospectus or on the website. QPLAN Cooling Technical Design & Services Co. Ltd. deletes all e-mails received by it, together with the name of sender, e-mail address, date and time data and other personal data provided in the message, after 1 year from the provision of information. Conversations are not recorded in case of telephone inquiry.

  1. The way of personal data stored and the security of data processing

10.1. The computer system of the Controller and other data storage locations are located at its headquarters and data processors. The Controller selects and operates the IT tools used to manage personal data during the provision of the service in such a way that the managed data:

  • Available to those entitled to it (availability)
  • Authenticity and authentication ensured (authenticity of data processing)
  • Protect against unauthorized access (data confidentiality).

10.2. The IT systems and network of the Controller are protected against computer-assisted fraud, espionage, as well as computer viruses, computer hackings and attacks.

We inform users that electronic messages transmitted over the Internet, regardless of the protocol (e-mail, web, ftp, etc.), are vulnerable to network threats that lead to fraudulent activity, contract discussion, or the reveal, modification of information.

To protect against such threats, the Controller shall take all precautionary measures required of him. It monitors the systems to record any security incidents and provide evidence in case of any security incidents. System monitoring also makes it possible to check the effectiveness of the precautions taken.

10.3. The data when they are generated must be recorded on appropriate quality data medium. The person who records the data is responsible for the readability and accuracy of the data.

10.4. Due to the properties of the data handling system, each user can only access any data according to their authority.

  1. Right of access by the data subject

11.1. The data subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data.

11.2. If personal data are transferred to another country or to an international organization, the data subject shall have the right to be informed of the transfer.

11.3. The Controller shall provide a copy of the personal data undergoing processing.

  1. Right to rectification

12.1 The data subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the data processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

  1. Right to erasure (‘right to be forgotten’)

13.1. The data subject shall have the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay and the Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,
  • The data subject withdraws consent on which the data processing is based and there is no other legal ground for the data processing,
  • The data subject objects to the processing of the data and there are no overriding legitimate grounds for the processing,
  • The personal data have been unlawfully processed,

13.2 The right to erasure cannot be enforced if data processing is necessary ...

  • The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject,
  • To pleading, enforce or defend a legal claims (warranted interest),
  1. Right to restriction of data processing

14.1. The data subject can request the Controller to restrict the data processing of personal data concerning him or her.

The right to restriction exists in the following cases:

  • The accuracy of the personal data is contested by the data subject, for a period enabling the Controller to verify the accuracy of the personal data;
  • The data processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • The Controller no longer needs the personal data for the purposes of the data processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  • The data subject has objected to the data processing pending the verification whether the legitimate grounds of the Controller override those of the data subject.

14.2 The data subject shall be informed in advance by the Controller before the restriction of data processing is lifted.

  1. Right of withdrawal

15.1  The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of data processing based on consent before its withdrawal.

  1. Personal data breaches

16.1. The ‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

16.2. The prevention and management of personal data breaches, the observance of the relevant legal rules is the responsibility of the Controller

as the head of the company or rather if such a person is designated, the data protection officer.

16.3. Access and access attempts on IT systems should be logged and continuously analyzed. If the Company's authorized employees detect a personal data breach

in the performance of their duties, they must immediately notify the manager of the Company. The employees of the Company are obliged to report to the manager of the Company or exerciser of employer's rights if a personal data breach or an occurrence referring to it is detected.

16.4. The personal data breach can be reported to the central e-mail address and telephone number of the Company.

In the case of personal data breach is reported, the Data Protection Officer, with the involvement of the IT, financial and operational leads, will immediately investigate the report, identifying the incident and deciding whether it is a real incident or a false alarm. In the course of the procedure, the following must be examined and established.

  • The date and place of the personal data breach,
  • Description, circumstances, effects of the personal data breach,
  • The scope, multiplicity of data compromised during the personal data breach,
  • The scope of persons affected by the compromised data,
  • A description of the measures taken to deal with the personal data breach,
  • A description of the measures taken to prevent, avert and reduce the damage.
  • In the case of personal data breach, the systems, persons and data concerned must be demarcated and segregated and evidence must be collected and preserved to support the occurrence of the personal data breach. After that, it may begin repairing the damage and restoring to legal operation.

16.5. It must keep records of personal data breach, which shall include the scope of relevant personal data, the scope and number of persons concerned with personal data breach, the date of personal data breach, the circumstances and effects of the personal data breach, measures taken to remedy the personal data breach and other data specified in the legislation requiring for data processing. Data relating to personal data breach on the register must be kept for 5 years.

16.6. In matters not regulated in these regulations, the provisions of Hungarian and directly applicable European Union legislation shall prevail.

  1. Data protection authority procedure

17.1 Complaints can be lodged with National Authority for Data Protection and Freedom of Information.

Name: National Data Protection and Freedom of Information Authority
Headquarter: 1125, Budapest, Szilágyi Erzsébet avenue 22/C.
Mailing address: 1530 Budapest, Pf.: 5.
Phone: 061-391-1400 Fax: 061-391-1410
E-mail: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu

QPLAN Ltd.

Budapest, 01/01/2020