CEOS KFT. PRIVACY POLICY
PREAMBLE
CEOS Ltd. (registered office: 1118 Budaörs, Dayka Gábor u 3.) (hereinafter referred to as CEOS) attaches great importance to the protection of the personal data of all its business partners and employees. Accordingly, we continuously ensure the security of personal data during its processing, and CEOS processes personal data in accordance with the applicable legal regulations and data security.
1. SCOPE
Substantive validity: the policy covers the processing of personal data within CEOS.
Personal scope: this policy applies to all employees, partners, customers and suppliers of CEOS, as well as to all persons who may be associated with CEOS business.
Validity over time: this policy will enter into force on 25.05.2018 and will apply as a minimum principle to the processing of personal data.
2. THE PURPOSE OF PROCESSING
CEOS processes personal data of employees, partners and customers only to the extent and for the purposes necessary for the fulfilment of its business objectives, contractual obligations and legal compliance related to its business activities.
2.1. Processing of business customers’ data: CEOS stores and processes the personal data provided by interested parties, customers and suppliers, etc. for the purpose of preparing offers and processing orders. Contact data and documents received in this way are processed electronically for the purpose of establishing a legal relationship. We will only keep personal data for as long as you consent.
2.2. Processing of data of employees, applicants: CEOS stores and processes the personal data provided by interested parties, applicants and employees, expressly for the purpose for which the data was provided. Contact data and documents received in this way will be electronically processed to the extent necessary for the original purpose. We will only keep personal data for as long as you consent.
2.3. Website & Google-Analytics: Our website uses “Google Analytics”, a website traffic analysis service provided by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses so-called “cookies”, text data that are stored on your end-user device. The information collected by the “cookies” is transferred to a Google server in the United States and stored there. In the framework of the data processing agreement concluded between the website operator and Google Inc., Google will use the information stored by means of cookies to analyse your use of the website, compile reports on website activity and provide the website operator with additional services relating to website and internet usage.
You can prevent the storage of “cookies” on your device by configuring your search software accordingly. However, we cannot guarantee that you will have unrestricted access to all the functions of our website if you do not allow the use of “cookies” in your search engine. Furthermore, you can use the search engine plugin to prevent the information collected by “cookies” (including your IP address) from being sent to Google Inc. and processed by Google Inc. The following link will take you to the appropriate plugin:
https://tools.google.com/dlpage/gaoptout?hl=de [tools.google.com]
Alternatively, you can click on this link to prevent Google Analytics from collecting data about you through this site:
http://tools.google.com/dlpage/gaoptout?hl=de [tools.google.com].
By clicking on the link above, you will download what is known as an “Opt-Out-Cookie”.
Your search engine will therefore by default allow cookies to be stored. However, you must click on the link each time you visit the website to erase the cookies regularly. Here you will find more information about the use of data by Google Inc:
https://support.google.com/analytics/answer/6004245?hl=de [support.google.com]
3. LEGAL GROUND FOR PROCESSING
In accordance with EU data protection legislation, a legal ground is required for the processing of personal data. The applicable legal ground depends on the purposes for which the data are processed:
In some cases, your consent is required for the recording and processing of data. Where you give your consent, you can withdraw it at any time later. Please note that the withdrawal of your consent does not affect processing that has already taken place.
In other cases, the processing of personal data may be necessary to comply with applicable legal decisions and regulations or to fulfil an obligation we have entered into with you.
In other cases, we may process your personal data for legitimate interests in order to provide you with our services.
4. PRINCIPLES FOR PROCESSING PERSONAL DATA
The processing of personal data at CEOS is based on strict principles which place the protection and security of data and the rights of data subjects at the forefront of our values.
Lawfulness and transparency: Processing is performed lawfully, based on mutual trust. The data subject is informed of the use to which his or her data will be put when the data are collected.
Purpose of data: data will be used and processed only for specified, explicit and legitimate purposes for which they were originally collected.
Data minimisation: we only collect and process data that is strictly necessary for the purpose for which it is collected. Where the purpose for which the data is collected allows it and the use is appropriate, only anonymous data will be processed.
Retention limits and erasure: we erase personal data as soon as they have served their original purpose and are not prevented from being deleted by law relating to retention periods.
If there are arguments in favour of retaining the data, we will retain the data until the outstanding arguments have been satisfactorily resolved from a legal point of view.
Data security: personal data are protected by data confidentiality. Data must be treated confidentially and protected by appropriate organisational and technical measures against unauthorised access, unlawful treatment or transfer, loss or corruption.
Content accuracy: personal data must be accurate, complete and kept up to date. Appropriate measures are taken to correct old, incorrect or incomplete data. Our company shall not be liable for any damage to data management resulting from incorrect processing.
5. DATA TRANSFER
Transfer of personal data to recipients outside CEOS and to countries outside the EU may only be made in accordance with applicable laws and to the highest standards of confidentiality and data security. We do not sell or rent data to third parties in any form or for any purpose.
Personal data will be transferred to recipients within CEOS in accordance with the law and the Group’s simplified business administration. In this case, too, the transfer of data must only take place in accordance with the law.
According to Article 13(1) of the General Data Protection Regulation, data may be sent to the following categories of recipients:
Subcontractors, general contractors, suppliers
Delegated data processors
Offices, authorities, public bodies and institutions
Notaries, legal and tax advisers, claims handlers and experts in the enforcement, exercise or defence of legal claims
Audit firms
Insurance companies
Credit and financial institutions or similar organisations
Courts of law enforcing, administering or defending legal claims
Conciliation bodies
6. DATA CONFIDENTIALITY OBLIGATIONS
All VEOS employees and contractors are bound by an obligation of employee confidentiality. They receive regular training on the handling of personal data and other critical information.
7. DATA SECURITY
The protection of the confidentiality, availability and integrity of data is an important task within CEOS. This applies to trade secrets, customer data, personal data and other critical information.
These objectives are served by IT security technology and organisational measures through solutions based on expert experience and security standards.
8. DATA PROTECTION OFFICER
According to Article 37e(1) of the EU Data Protection Act, CEOS is not required to appoint a Data Protection Officer. However, due to the importance of data protection, CEOS has decided to voluntarily appoint a Data Protection Officer. This person will act as a liaison between data subjects and data protection authorities and will deal with data protection issues in the company.
9. DATA SUBJECTS’ RIGHTS
All data subjects whose data is processed by CEOS have the right to invoke their rights at any time and to assert them with the CEOS Data Protection Officer.
To assert your data subject rights, you may at any time send an e-mail to the ceos@ceos.eu address.
Right to information: data subjects may at any time request information about which personal data are processed and for what purpose.
Right of rectification: data subjects have the right to obtain the rectification of their personal data without undue delay.
Right of access: data subjects have the right to restrict processing where the accuracy of the data relating to them is contested, the processing is unlawful, the data are not necessary for the processing for an excessive period of time or the data subjects object to the processing.
Right of withdrawal: data subjects have the right to withdraw their consent to the processing of their data at any time.
Right to data portability: data subjects have the right to receive personal data relating to them that they have provided to CEOS in a structured, commonly used, machine-readable format. They also have the right to have this data transferred to another responsible person, if technically feasible. The transferability applies only to personal data that can be processed by automated means.
Erasure – Right to be forgotten: data subjects have the right to obtain the erasure of personal data concerning them without undue delay where the legal ground for the processing no longer exists or is no longer valid, if the processing may be refused, the processing is unlawful and the time limit for data retention laid down by law does not prevent erasure.
10. CONTINUOUS MONITORING AND IMPROVEMENT
Quality and continuous improvement of processes play a very important role within CEOS. There are specific processes in place to ensure continuous improvement of quality, which has been confirmed for many years by our ISO 9001 quality assurance. These processes are used to measure and improve our compliance with data protection legislation and the effectiveness of our data protection and data security measures in order to ensure an optimal process of data protection measures.