Disclaimer2009. 07. 01.
Sanoma Budapest Zrt.
INFORMATION NOTE ON DATA MANAGEMENT
28th april 2009
3. Basic principles applicable to the data management carried out by Sanoma
4. The scope of personal data, the purpose, legal ground and period of data management
4.1. The data of the visitors of www.sanomabp.hu website
4.2. Correspondence with clients in relation to the services
4.3. Data management for other purposes
5. Method of personal data storage and data management security
6. Data and availability of the controller
Sanoma Budapest Zrt. (1037 Budapest, Montevideo u. 9.) (hereinafter referred to as "Sanoma", "service provider", "controller"), acting as controller, accepts the content of this legal notice as binding for itself. In addition, Sanoma Budapest Zrt. also assumes the obligation that all data management related to its activities comply with the requirements laid down in this set of rules and the legislation in force.
The data protection directives relevant to the data management of the webpage at http://www.sanomabp.hu are permanently available at:
Sanoma shall reserve the right to amend this information note. Of course, the public will be informed on the possible modifications in timely manner.
Should you have questions that are not clear on the basis of this notice, please, write us, and our colleague will provide you with the answers..
One of Sanoma's objectives is to give priority, within the framework of its service provision, to the protection of its users' personal data.
Sanoma is committed to the protection of its users' and partners' personal data, and considers the respect of its clients' information sovereignty of high priority. Sanoma is handling all personal data confidentially, and is taking all security, technical and organizational measures that ensure the data security.
Sanoma hereinafter presents its data management principles, and is highlighting all those expectations that it has formulated towards itself, as a controller, and which it observes. Its data management principles are in line with the data protection legislation in force, in particular with the following:
- Act LXIII of 1992 – the Protection of Personal Data and the Disclosure of Information of Public Interest (hereinafter referred to as Avtv., Data Protection Act);
- Act CVIII of 2001 – on certain aspects of electronic commerce and information society services (Eker. tv.).
1.1.personal data: shall mean any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject") and any reference drawn from such information. In the course of data management, such information shall be treated as personal data as long as the data subject remains identifiable through it. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;
1.2.the data subject's consent: shall mean any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed without limitation or with regard to specific operations;
1.3.the data subject's objection: shall mean an indication of his wishes by which the data subject objects to the processing of his data and requests that the processing of data relating to him be terminated and/or the processed data be deleted;
1.4.controller: shall mean a natural or legal person or unincorporated organization that determines the purpose of the processing of personal data, makes decisions regarding data management (including the means) and implements such decisions itself or engages a processor to implement them;
1.5.data management: shall mean any operation or set of operations, irrespective of the methods used, that is performed upon personal data, such as collection, recording, organization, storage, adaptation or alteration, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, deletion or destruction, and blocking them from further use. Photographing, sound and video recording, and the recording of physical attributes for identification purposes (such as fingerprints and palm prints, DNA samples and retinal images);
1.6.disclosure by transmission: shall mean making data available to a specific third party;
1.7.public disclosure: shall mean making data available to the general public;
1.8.deletion of data: shall mean the destruction or elimination of data sufficient to make them irretrievable;
1.9.blocking of data: shall mean preventing – permanently or for a predetermined period – the transmission, access to, disclosure, adaptation or alteration, destruction, deletion, alignment or combination, and the use of data;
1.10. destruction of data: shall mean the complete physical destruction of data or the medium containing the data;
1.11. data processing: shall mean the technical operations involved in data management, irrespective of the method and instruments employed for such operations and the venue where it takes place;
1.12. processor: shall mean a natural or legal person or unincorporated organization that is engaged in the processing of personal data on behalf of a controller;
1.13. third person: shall mean any natural or legal person or unincorporated organization other than the data subject, the controller or the processor;
1.14. third country: shall mean any country that is not a member of the European Economic Area.
3. BASIC PRINCIPLES APPLICABLE TO THE DATA MANAGEMENT CARRIED OUT BY SANOMA
Personal data may be processed if
a) the data subject has given his consent, or
b) decreed by law or by a local authority based on authorization conferred by law concerning specific data defined therein.
Declarations of a legally incapable person and minors having limited capacity require the consent of his/her legal representative, with the exception of those parts of the service in respect of which the declaration is aimed to registration occurring en masse in everyday life and do not require special consideration.
Personal data may be processed only for specified and explicit purposes, where it is necessary for carrying out certain rights or obligations. This purpose must be satisfied in all stages of operations of data processing.
The personal data processed must be essential for the purpose for which it was collected, it must be suitable to achieve that purpose, and it may be processed to the extent and the duration necessary to achieve that purpose.
Personal data may be processed only on the basis of a consent based on appropriate information.
The data subject shall be clearly, unambiguously and elaborately informed of all aspects concerning the processing of his/her personal data, such as the purpose for which his data is required and the legal grounds, the person entitled to carry out the processing, the duration of the proposed processing operation and the persons to whom his data may be disclosed. Information shall also be provided on the data subject's rights and remedies.
Personal data collected for processing must be:
a) processed fairly and lawfully;
b) accurate, complete and, where necessary, kept up to date;
c) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected.
The use of personal identification codes or any other identifier of general application shall not be permitted.
Data may be transferred, whether in a single or in a set of operations, if the data subject has given his consent or if the transfer is legally permitted, and if the safeguards for data processing are satisfied with regard to each and every personal data.
Personal data (including special data) may be transferred – irrespective of the medium and the manner in which it is transferred – to a third-country controller or processor if the data subject has given his consent, if the transfer is permitted by law, and the laws of the third country in question afford an adequate level of protection within the meaning of Community standards with respect to the processing of the data transferred. Transmission of data to the EEA States shall be treated as transmission within the territory of the Republic of Hungary.
4. THE SCOPE OF PERSONAL DATA, THE PURPOSE, LEGAL GROUND AND PERIOD OF DATA MANAGEMENT
Data management in relation to Sanoma's portal available at www.sanomabp.hu is based on voluntary consent.
The purpose of data management: in order to perform the service, check its functioning, and prevent any abuses, the service provider registers the data of visitors, when visiting the website.
Legal ground of data management: the data subject's consent, as well as paragraph (3) of Art. 13/A of the Act CVIII of 2001 on certain aspects of electronic commerce and information society services.
The scope of the data managed: the date and time of the visit, IP address, the address of the content visited.
The period of data management: 90 days from the visit of the website.
The html code of the portal contains references to external servers and coming from external servers, independent from Sanoma. Service providers of such references are able to collect users' data through the direct connection to their servers.
Independent measurement and auditing of the data related to the popularity of the website and other analytical web data are facilitated by external servers (Medián Webaudit, Google Analytics). Detailed information on the management of measurement data can be provided by the controllers.
In order to provide tailor-made services and to avoid multiple voting and evaluation, the service provider installs a small data package, a so-called "cookie" on the user's computer.
Should you have any questions or problems while using our services, you can contact the editors of the services in the manner described in box "Contact" of the service.
The Sanoma, within a maximum of 1 month from settling the case, shall delete incoming mails, together with the sender's name and e-mail address, and other personal data provided voluntarily.
Concerning the types of data management not listed in this information note information shall be provided when registering data..
Other services of Sanoma Budapest Zrt. can be found at: www.sanomabp.hu.
These services and information notes on data management carried out in relation to the services of Sanoma Zrt. registered under other domains are available at the individual websites of the services in question.
We kindly inform our clients that the controller can be requested by courts, public prosecutors, investigating authorities, authorities dealing with administrative offences, the data protection commissioner, and, based on delegation conferred by law, other bodies, in order to provide information, communicate and transfer of data, or submit documents.
In case the requesting authority has indicated the exact purpose and scope of data, the personal data made available by Sanoma to such authorities are limited to the data and extent essential to achieve the objective of the request.
5. METHOD OF PERSONAL DATA STORAGE AND DATA MANAGEMENT SECURITY
Computer systems and other data storage facilities of Sanoma are located at its registered seat and in the Dataplex Server Hotel (1087 Budapest, Asztalos Sándor u. 13.) operated by Invitel Zrt.
Sanoma selects and operates all its equipment for personal data management during the service provision that::
a) the managed data remains accessible for authorized persons (availability);
b) authenticity and authenticating of the managed data is assured (authenticity of data management);
c) continuity of data management can be certified (data integrity);
d) the managed data are protected against unauthorized access (data security).
Sanoma takes technical, organization and organizational measures to protect data management security, that provide adequate level of protection against risks related to data management.
In the course of data management Sanoma maintains
a) secrecy: protects the information and grants access authorized persons only;
b) integrity: maintains the accuracy and entirety of the information and of management method;
c) availability: makes the information and the necessary equipment available to authorized persons anytime when needed.
The IT systems and network of Sanoma Budapest Zrt. and its partners are protected against computer fraud, espionage, sabotage, vandalism, fire, flood, computer viruses, computer breaches and service denial attacks. The operators maintains security using service level and application level security procedures.
Our users are kindly informed that electronic messages transmitted over the internet, irrespective of the used protocol (e-mail, web, ftp, etc.) are vulnerable against network threats that may result in unfair activities, contractual disputes, information disclosure or modification. In order to protect against such threats the service provider takes all reasonable measures. The service provider monitors the systems in order to record all security discrepancies and collect evidence regarding all security events. System monitoring also allows the supervision of efficiency of the applied measures.
6. DATA AND AVAUKABUKUTY OF THE CONTROLLER
Name: Sanoma Budapest Zrt.
Registered seat: 1037 Budapest, Montevideo u. 9.
Company registration number: 01-10-044658
Court of registration: Metropolitan Court
Tax number: 12715134-2-44
List of our data managements reported to the data protection commissioner is available at the below address:http://abiweb.obh.hu/BASIS/AVENTA/PUB/adatkezeles/SDW?W%3DADKO_ANYS+%3D+00633+%26M%3D1%26R%3DN
The data subject may request information regarding the management of its personal data, correction of its personal data and, with the exception of mandatory statutory data management, deletion by the means indicated upon data registration or at customer service.
Upon request by the data subject, Sanoma as controller provides information about the data managed by Sanoma or processed by the processor commissioned by Sanoma, about the purpose of data management, about the legal ground for and period of the data management, about the name and address (registered seat) of the processor, about activities related to the data management and about, in case of data disclosure, about the identity of the recipients and the purpose of the disclosure. Within the shortest period after submission of the request, but no later than 30 days, the controller provides the information in a generally understandable manner in writing. This information is free of charge, if the requestor has not submitted to the controller a request for information regarding the same area during the same year. Otherwise Sanoma will impose a fee.
Sanoma deletes the personal data if its management is unlawful, deletion is requested by the data subject, the purpose of the data management is terminated, the statutory period or data storage expired, or ordered by the court or the data protection commissioner.
Sanoma informs the data subject and those who were transferred the data for data management purposes earlier about correction and deletion of the data. No information is provided if it is not required by the lawful interest of the data subject based on the purpose of the data management.
The data subject may object against management of its personal data, if
a) management (transfer) of the personal data is necessary solely to the enforcement or rights or lawful interests of the controller or recipient of such data, unless data management was ordered by law;
b) the personal data were used or transferred for the purposes of direct marketing, public opinion polls or scientific research;
c) the right to object may be otherwise exercised under applicable legislation.
Sanoma – while suspending the data management – examines the objection within the shortest possible period after submission, but no later than 15 days and informs the requestor about the findings in writing. If the objection is justified, the controller terminates the data management - including further data collection and data transfer - and closes the data. Sanoma also informs those who were transferred the objected personal data earlier and those who are bound to take action to enforce the right to object about the objection, the grounds therefore and the measures taken. In case the data subject does not agree with the decision of the controller, it may file its request at court within 30 days after communication of the decision..
Sanoma cannot delete the data of the data subject if data management was required by law. However, the data may not be transferred to the recipient if the controller agrees with the objection or a court of law established the lawfulness of the objection.
In case of violation of the rights of the data subject the controller may go to court. In such cases the court proceeds out of turn.
Sanoma is liable for damages caused to others by unlawful management of the data of the data subject and by violating the technical requirements of data protection. The controller is excused from liability if the damages was caused by inevitable causes beyond the scope of data management.
Parts of the damages that are due to the deliberate or grossly negligent actions of the damaged person will not be covered.
This is one reason for the trust of the clients of Sanoma toward its services.
Should you have any problems regarding the data management by Sanoma Budapest Zrt., please contact our data protection auditor: www.ppos.hu/audit
Legal remedies may be sought and complaints may be filed at the office of the data protection commissioner:
Name: Data protection commissioner Hivatala
Registered seat: 1051 Budapest, Nádor u. 22.
Postal address: 1387 Budapest, Pf.: 40.
Phone: 06.1.475.7186, 475.7100