Contents
Cerbona Élelmiszergyártó és -forgalmazó Korlátolt Felelősségű Társaság (hereinafter: “Cerbona” or “Data Controller”) hereby informs visitors of www.cerbona.huand www.cerbona.com (hereinafter collectively: the “Website”) of the principles and practice of processing of personal data, measures taken for ensuring data security, and the rights of the visitors in connection with this, as well as the options to remedies in accordance with the provisions of Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter: “Privacy Act”) and Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter: Data Protection Regulation).
The Data Controller respects the rights of the visitor of the Website; personal information is handled in accordance with the provisions of this Privacy Policy, in accordance with data protection laws and international recommendations.
According to the Privacy Act, Section 20, § (1) bekezdése szerint az érintettel (azaz a Honlap látogatójával, tehát a felhasználóval, az állásra jelentkezővel, stb., a továbbiakban együtt: User or Data Subject) shall be informed prior to the processing of the data that the data processing is based on consent or mandatory.
The Data Subject must be clearly and thoroughly informed about all facts in connection with the data processing, especially the purpose and legal basis of the data processing, about the person authorized to perform data processing and handling, and the duration of the data processing. This information shall also cover the rights and remedies concerning the Data Subject.
This Privacy Policy is based on the specifications for content above and applies to the websites www.cerbona.hu and www.cerbona.com.
This Privacy Policy and information on the use of the Website is subject to change without notice in advance from the Data Controller, with the changes in effect from the date of the modification, periodically due to various updates. In view of this, regular visits to the Website are recommended to monitor the changes and whether they are acceptable.
2.2. Duration: This Privacy Policy is effective as of 25 May 2018.
Cerbona Élelmiszergyártó és -forgalmazó Korlátolt Felelősségű Társaság
Headquarters: 1037 Budapest, Montevideo u. 7.
Place of business: 8000 Székesfehérvár, Váralja sor 1-3.
Postal address: 8002 Székesfehérvár, Pf. 126
Company registration number: 01-09-899963
Tax number: 14349229-2-41
Telephone: +36306036621
Email: adatvedelem@cerbona.hu
Website: www.cerbona.com
Represented by: Tamás Mészáros, managing director
Data Protection Officer: HR administrator
A jelen Adatkezelési tájékoztató vonatkozásában (ABC sorrend szerint):
This shall mean performing technical tasks in connection with data processing operations, regardless of the method and means used for executing the operations, as well as the place of use, provided that the technical task is performed on the data.
This shall mean a natural or legal person, public authority or any other organisation which performs data handling on behalf of the data controller, on the grounds of a contract.
This shall mean any operation or the totality of operations performed on personal data or data files, in either an automated or not an automated manner, in particular, collecting, recording, systematizing, classifying, storing, transforming or modifying, querying, viewing, utilizing, transferring, disclosing by dissemination or by other methods, synchronising or connecting, restricting, deleting or destructing the data.
This shall mean a natural or legal person, public authority or any other organisation which alone or jointly with others determines the purposes and means of the processing of data.
This shall mean the marking of data by a special ID tag to differentiate it.
Az adatokat tartalmazó adathordozó teljes fizikai megsemmisítése.
This shall mean ensuring access to the data for a third party.
This shall mean making data unrecognisable in a way that it can never again be restored.
This shall mean marking data with a special ID tag to indefinitely or definitely restrict its further processing.
This shall mean any natural person – directly or indirectly – identifiable by reference
to specific personal data.
Any natural or legal person, or organisation without legal personality other than the Data Subject, the Data Controller or the data processor.
This shall mean any freely and expressly given specific and informed indication of the will of the Data Subject by which he signifies his or her agreement to personal data relating to him or her being processed – fully or to the extent of specific operations.
This shall mean ensuring open access to the data.
This shall mean data relating to the User as a Data Subject (in particular by reference to the name and identification number of the Data Subject or one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity) as well as conclusions that may be drawn from the data with regard to the Data Subject.
In the course of data processing, the data in question shall be treated as personal as long as the Data Subject remains identifiable through it.
Any information in connection with a natural person (“Data Subject”) is considered identified or identifiable. The act of identification may not need to be performed, the Data Subject shall already be considered identifiable (“identifiable”) if the Data Controller is in possession of a way to perform identification.
This shall mean a declaration made by the Data Subject objecting to the processing of their personal data and requesting the termination of data processing, as well as the deletion of the data processed. For example: objection to the creation of a profile or automated data processing.
Personal data may be typically processed by the Data Controller on the legal basis as follows:
5.1. Consent by the Data Subject
Consent by the Data Subject is an acceptable legal basis for data processing if it’s based on voluntary, express and sufficiently informed consent.
The party concerned may give his or her consent in a statement (e.g. in a contract, in a form, etc) or by means of any act providing an unambiguous expression (but in a verifiable way) of confirming his or her consent to the data processing. In case of doubt, the Data Controller presumes that the party concerned did not provide the consent.
When processing is necessary as decreed by law (e.g. payroll in connection to tax and contribution payments), data processing is mandatory. The Data Subject is informed about this by the Data Controller. If the law is in force and effect, the Data Controller is obliged to act accordingly, without the ability to examine the expediency, professionalism or constitutionality of the law.
In the case of data processing of personal data in connection with this legal basis, the Data Controller informs the Data Subject of this legal basis, conducts an interest balancing test, which the Data Controller also informs the Data Subject as well as of his or her rights of objection.
If the Data Subject is unable to give his or her consent due to possessing no legal capacity to give consent or for any other reason beyond his or her control, the personal data of the Data Subject may be processed to the extent necessary for the protection of the vital interests of the Data Subject or another person or to prevent or avert a direct threat to the life, physical integrity or possessions of people.
If the personal data was collected with the consent of the Data Subject, the Data Controller may process the recorded data in the absence of any different provision of the law in order to fulfill legal obligations pertaining to the Data Controller or to enforce a legitimate interest of the Data Controller or a third party, provided that the enforcement of this interest is proportional to the restriction of the right to the protection of personal data, where such data processing may be performed without further specific consent as well as after the withdrawal of the consent of the Data Subject.
The Data Controller informs the Data Subject if his or her personal data is processed based on this legal background.
Adatkezelő tárhely-szolgáltatója:
Name | Headquarters | Data processor task |
Tárhelypark Kft. | 2724 Újlengyel, Határ út 12. | Hosting service |
9.2. The processed data are as follows:
9.2.2. Special Data:
If the job applicant communicates any type of special data in the Application to the Data Controller during the application process for any purpose and reason, (e.g. data relating to his or her health, such as altered working ability), the Data Controller considers this
as express consent for data processing but reserves the right to delete such data without delay.
The Data Controller does not request submission of a good-conduct certificate, and does not process data
in this regard.
9.3. The Data Subjects:
9.4. Source of data:
9.5. The purpose of the data processing:
– to ensure the participation of the candidate in further workforce selection processes for later vacancies to be filled in at the Data Controller, to reuse the Application submitted for a previous job posting for the purpose of the selection of suitable prospective employees to fill posts, as well as
certain data for the purpose of contact (e.g. name, contact details), other data (e.g. qualifications, work experience) for the selection process, or to determine rights and obligations (e.g. birth time for age-based compensatory leave) are required.
9.5.3. In the case of data processing regarding Applications submitted for a specific job without an advertisement
9.7. The duration of data processing:
In the case of a labour dispute (e.g. the Data Subject initiates such a procedure on the basis of a claim of breach of equal treatment), the Data Controller shall store the Application for the required period of time, based on its legitimate interest. In the case of a labour dispute (e.g. the Data Subject initiates such a procedure on the basis of a claim of breach of equal treatment), the Data Controller shall store the Application for the required period of time, based on its legitimate interest.
10.2. The processed data are as follows:
The name and address
– the place and date of the recording of the report,
at the time of registration of the data.
In these cases, the Data Controller shall provide the requesting party – provided such party indicates the exact purpose and scope of the data – with personal data only to the extent that it is essential to achieve the purpose of the inquiry.
The Data Controller ensures the security of the data, takes technical and organizational measures and establishes the procedural rules necessary to enforce governing laws, data protection and confidentiality regulations also in respect of data files stored on traditional paper-based media.
The Data Controller protects the data by appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as inadvertent destruction and damage as well as against the data becoming unavailable due of changes in the utilized technology.
The Data Controller is continually aware of the state of the art of technology when defining and applying data security measures. The Data Controller chooses from several possible data processing solutions the one that provides a higher level of protection of personal data unless it poses disproportionate difficulties in implementation.
In order to prevent unauthorized access to personal data, alteration of the data or disclosure or utilization of such data, the Data Controller shall ensure:
– the controlled selection and supervision of employees for providing the service,
The Data Controller handles electronic and paper-based records on the basis of universally applied principles, taking into account the varying features of the different media utilized for record-keeping.
By proper implementation of a record-keeping system, a system of access rights and other organizational measures the Data Controller ensures that the personal data being processed shall only be accessed by employees and other persons acting on behalf the Data Controller who are required to view such data in order to perform their duties.
The practice of the management of data files, the safe storage of them, the access rights, the utilization of the data and the documentation is strictly in accordance with the regulations and instructions in effect in the organization of the Data Controller.
With the practice of technical and organizational measures, the Data Controller shall ensure in particular:
The Data Controller ensures that the processed data
13.1. Right to information
The Data Controller informs the Data Subjects about the details of the data processing before commencement of processing. The obligation of the Data Controller regarding providing of such information exists without any specific request communicated by the Data Subject. Information may also be provided by the Data Controller by the publication of information about the details of data processing and informs the Data Subject of the publication.
The Data Subject may request information from the Data Controller in writing by means of the contact details provided in Section 3 of this Privacy Policy, regarding the following:
– also, if the personal data was not collected directly from the data subject by the Data Controller, information on the actual source and whether it is publicly available.
The Data Controller shall fulfill the request for information by the Data Subject in writing within a maximum of 30 calendar days upon receipt of the request, by delivering the response to the address specified by the Data Subject.
If necessary, this deadline may be extended by another 60 days, taking into account the complexity of the request and the overall number of requests. Information is provided free of charge if the applicant for information has not yet submitted an information request for the same topic in the current year. In other cases, reimbursement may be required. Reimbursement already paid should be refunded if the data was unlawfully handled or the request for information resulted in a correction.
The Data Controller shall only deny information from the data subject if permitted by law. The Data Controller shall inform the Data Subject of the reasons for refusal of providing of information. In this case, the Data Controller informs the Data Subject of any legal opportunities to appeal.
13.2. Right of access
The Data Subject has the right to receive feedback from the Data Controller about whether his or her personal information is currently being processed and, if such processing is in progress, he or she has the right to gain access to his or her personal information and the following information:
– the purposes of data processing;
– the categories of recipients with whom or with which personal data have been communicated or will be communicated to,
possible, the criteria for determining such a time period;
– if the Data Controller did not collect the data from the Data Subject, all available information about their source.
There is no automated decision-making or creation of a data profile, and no data is transmitted to a third country or international organization.
The Data Controller shall provide the Data Subject with a copy of the personal data subject to the data processing. For additional copies requested by the Data Subject, the Data Controller charges 5 Forint + VAT for each A4 page. If the Data Subject submitted the request electronically, the information will be provided by the Data Controller in a widely used electronic format, unless otherwise requested by the Data Subject.
The Data Controller shall fulfill the request for information by the Data Subject in writing within a maximum of 30 calendar days upon receipt of the request, by delivering the response to the address specified by the Data Subject.
If necessary, this deadline may be extended by another 60 days, taking into account the complexity of the request and the overall number of requests.
13.3. Right to data portability
In the case of data processing based on the consent by Data Subject or on the basis of the performance of a contract, the Data Subject shall be entitled to receive his or her personal data provided to the Data Controller in a widely used, well-formatted and machine-readable format and to transfer this data to another Data Controller in which the Data Subject is not hindered by the Data Controller.
The Data Subject may also request the Data Controller to pass personal data directly to another Data Controller.
The Data Controller fulfills the request of the Data Subject within a maximum of 30 calendar days upon receipt of the request. If necessary, this deadline may be extended by another 60 days, taking into account the complexity of the request the overall number of requests.
13.4. Right to rectification
The Data Subject may contact the Data Controller in writing to request the
Data Controller to modify his or her personal data via the contact details specified in Section 3 of this Privacy Policy.
The Data Controller shall comply with the request of the Data Subject within a maximum of 30 calendar days upon
receipt of the request.
In the event that data is being provided regularly on the basis of the data that is to be corrected, the Data Controller informs the recipient of the data supply of the correction, provided this is necessary, and calls the attention of the Data Subject to the necessity of initiating this correction with any other Data Controller as well.
13.5. Right to deletion
The Data Subject may request in writing to have his or her personal data to be deleted or erased (deletion at any possible access point regarding the data), by submitting this request via the contact details specified in Section 3 of this Privacy Policy – with the exception of data processing that is based on the legitimate interest of the Data Controller, or required by a legal regulation without explicit consent.
The Data Controller shall fulfill the request within a maximum of 30 calendar days upon receipt – provided that the conditions for it are met (the Data Subject entitled to this right filed the request, the request is legitimate and there is no other legal basis for data processing under which the Data Controller may or shall deny the request). The Data Controller informs the Data Subject of the fact of the deletion or of the reason for refusal to comply with the deletion request.
The Data Controller will ensure the personal data is deleted by all those who have gained access to this personal data through the Data Controller.
If consent-based data processing is a prerequisite for the establishment and maintenance of an employment relationship, the Data Controller informs the data subject of this and the expected consequences.
13.6. Right to objection
The Data Subject may object in writing – but may not need to justify the objection – via
the contact details provided in Section 3 of this Privacy Policy if
The Data Controller informs the Data Subject of the right of objection in advance. The Data Controller must investigate the objection and make a decision regarding it within a maximum of 30 calendar days upon receipt of the request and inform the Data Subject in writing. If necessary, this deadline may be extended by another 60 days, taking into account the complexity of the request and the overall number of requests.
If the Data Controller establishes the validity of the objection by the Data Subject, data processing – including further data retrieval and data transmission – will be terminated, the data concerned will be placed under a block, and the Data Controller will notify all persons to whom the personal data had previously been possibly transferred to, of the fact of the objection and the measures taken based on it, and whom are also required to take action to enforce the right to objection.
If the Data Controller has a legitimate interest in the processing of data, the Data Controller may demonstrate that such legitimate interests have priority over the rights and freedoms of the Data Subject, or are related to the submission, validation or protection of such legal claims.
The Data Controller calls the attention of the Data Subjects to the fundamental difference between the right to objection and to deletion: the right of objection has the purpose of preventing the further processing of the personal data being processed for a predetermined purpose, while in case of deletion, the option for processing personal data for any purpose shall be prohibited and the Data Controller shall no longer store such data either. In some cases, the right to objection also entails an obligation for data deletion (e.g. data processing for the purposes of direct acquisition of business).
13.7. The right to restriction
The Data Subject may contact the Data Controller in writing via the contact details specified in Section 3 of this Privacy Policy to request restriction of the processing of his or her personal data if
The personal data affected by the restriction shall only be stored by the Data Controller, other data processing may be performed solely with the consent of the Data Subject, for the purposes of submitting, enforcing or protecting legal claims or protecting the rights of another natural or legal person or in the public interest.
The Data Controller informs everyone whom the data affected by the restriction had been communicated to previously, of the fact of the restriction of the personal data.
The Data Controller shall fulfill the request for information by the Data Subject in writing within a maximum of 30 calendar days upon receipt of the request, by delivering the response to the address specified by the Data Subject.
If necessary, this deadline may be extended by another 60 days, taking into account the complexity of the request and the overall number of requests.
14.1. Internal route
In the event of a violation of the law, the Data Subject may request a review of the senior manager of the person acting on behalf of the Data Controller or contact the Data Protection Officer appointed by the Data Controller.
14.2. Judicial route
The Data Subject, upon violation of his or her rights, may seek judicial remedy to enforce his rights under applicable law.
14.3. Authoritative route
The Data Subject, upon violation of his or her rights, may additionally lodge a complaint to the National Authority for Data Protection and Freedom of Information (1125 Budapest, Szilágyi Erzsébet fasor 22/C., postal address: 1530 Budapest, Pf. 5.,
telephone: +36 -1-391-1400, fax: +36-1-391-1410, e-mail: ugyfelszolgalat@naih.hu) and may request a review by the Authority.
14.4. Claim for compensation
The Data Controller shall be obliged to reimburse any damage caused by the unlawful processing of the data of the Data Subject or damage caused by the breach of the requirements of data security. In addition, the Data Controller is liable to Data Subject for any damage caused by the data processor. The Data Controller is exempt from liability upon proving that the damage was caused by an unavertable cause outside the scope of data processing. No compensation is required for the damage if it was caused by the intentional or gross negligence of the injured party. The provisions of Hungarian civil law (Ptk.) are applicable for the general and civil liability of the Data Controller.
The Data Controller provides detailed information on options for legal steps at the request of the Data Subject.
Act CXII of 2011 on Informational Self-Determination and Freedom of Information Regulation (EU) 2016/679 of the European Parliament and of the Council
Oldalunkon sütiket használunk a jobb működésért. További információ
A süti beállítások ennél a honlapnál engedélyezett a legjobb felhasználói élmény érdekében. Amennyiben a beállítás változtatása nélkül kerül sor a honlap használatára, vagy az "Elfogadás" gombra történik kattintás, azzal a felhasználó elfogadja a sütik használatát.