PRIVACY POLICY
I. PURPOSE OF PRIVACY POLICY
This Privacy Policy contains all information regarding the processing of personal data provided by potential and existing clients of i-Cell Informatikai Fejlesztő és Szolgáltató Kft. and the visitors of the website https://icell.hu/ (the “Website”) before the conclusion of the contracts, at the time of the conclusion of the contracts or during the provision of the services, with the aim of ensuring that data subjects are fully aware, prior to the disclosure of their personal data, of the purposes and conditions of the data processing, the risks and guarantees involved and the rights to which they are entitled (hereinafter referred to as:” Policy”).
This Privacy Policy -in accordance with the provisions of the Regulation 2016/679 of the European Parliament and of the Council (EU) (General Data Protection Regulation” hereinafter referred to as: „GDPR”), and of the Act CXII of 2011 on the right of informational self-determination and on freedom of information (hereinafter referred to as: „Infotv”)- ensures the enforcement of the principle for lawful, fair and transparent data processing and the right of clients to informational self-determination.
II. NAME OF THE CONTROLLER
Controller for personal data:
- i-Cell Informatikai Fejlesztő és Szolgáltató Kft.
- Seat and postal address: 1037 Budapest Bécsi út 269.
- E-mail address: info@icell.hu
- Phone number: +36 1 467 1750
-
Website: https://icell.hu/
- Registration number for data processing: NAIH-87935
III. PURPOSE, LEGAL BASIS AND DURATION OF PROCESSING ACTIVITIES, DATA PROCESSORS
1. Data processing activities in connection with the conclusion and performance of contracts
1.1. Data processing activities in relation to vehicle tracking and fleet management |
|
|---|---|
| Purpose of the processing | tracking of the clients’ vehicles, management of the vehicle fleet |
| Legal basis of processing activities | Execution of the contract concluded between the Controller and the client and the legitimate interests of the client to know the route of his vehicles and to be able to control his vehicles and drivers [Article 6 (1)(b) and (f) GDPR] |
| Data under processing activities | name of the client, place of residence (registered office), e-mail address, telephone number, registration number and other characteristics of the vehicle or vehicle combination, identification of the on-board equipment and other equipment; the route of the motor vehicles, name and telephone number of the drivers |
| Duration of processing | The Controller will keep the data for a duration of maximum 5 years from their creation. |
1.2. Data processing in connection with the services of toll declaration operators |
|
|---|---|
| Purpose of the processing | Completion of the data provision for the NÚSZ required for the declaration of the toll payment for the use of toll sections that can be used in the toll system by vehicles and vehicle combinations. |
| Legal basis of processing activities | Compliance with the contract concluded between the Controller and the Client and the Client’s legitimate interests in ensuring that the statutory toll obligation can be fulfilled properly by the Client [Article 6(1)(b) and (f) GDPR]. |
| Data under processing activities | name, place of residence (registered office), e-mail address, telephone number of the client, registration number, characteristics required to determine the toll category, total weight, axle load, size, identification data of on-board equipment and any other equipment of the vehicle or vehicle combination, place and time of road use |
| Duration of processing | The Controller will retain the data for a duration of maximum 2 years from the creation of the data. If the NÚSZ notifies the Controller within this period that a complaint procedure or a legal dispute has occurred, the Controller shall retain the data of the client concerned until the notification of the conclusion of the complaint procedure or the legal dispute. |
1.3. Data processing activities for contact keeping |
|
|---|---|
| Purpose of the processing | contact keeping between the parties in connection with the conclusion and fulfillment of the contract |
| Legal basis of processing activities | az the legitimate interests of the Controller and the Client in ensuring that contact is maintained during and for the purposes of the conclusion and performance of the contracts and the consent of the data subject [Article 6(1)(a) and (f) of the GDPR]. |
| Data under processing activities | name, e-mail address, telephone number, postal address of contact person |
| Duration of processing | until the termination of the contract or the termination of the employment relationship of the data subject or the withdrawal of his/her consent |
1.4. Data processing for invoicing purposes |
|
|---|---|
| Purpose of the processing | issuing invoices for service fees arising from the contract |
| Legal basis of processing activities | Compliance with a legal obligation toward the Controller [Article 6(1)(c)GDPR]. |
| Data under processing activities | name, registered office, tax number, invoicing address of the client |
| Duration of processing | until the claims for payment of service fees under the contract lapse (5 years) |
1.5. Data processing in connection with debt collection |
|
|---|---|
| Purpose of the processing | Collection of payment claims for service fees arising from the contract |
| Legal basis of processing activities | the legitimate interest of the Controller in being able to enforce his claim for payment of service fees under the contract [Article 6(1)(f) GDPR]. |
| Data under processing activities | name, place of residence (registered office), tax number, bank account number of the client |
| Duration of processing | until the claims for payment of service fees under the contract lapse (5 years) |
1.6. Data processing in connection with the fulfillment of the payment receipt preservation ob-ligation |
|
|---|---|
| Purpose of the processing | Fulfillment of Controller’s obligation to preserve payment receipts |
| Legal basis of processing activities | Compliance with the legal obligation to which the Controller is subject [Article 6(1)(c) GDPR ]. |
| Data under processing activities | Accounting documents and contracts to support bookkeeping accounts |
| Duration of processing | The Controller is obliged to keep the accounting documents generated in connection with the sale of its products and services, which directly and indirectly support the bookkeeping accounts, thus the personal data relating to the fulfilment of its obligation to preserve documents for 8 years (Sztv. § 169 (2)] |
1.7. Data processing for marketing purposes |
|
|---|---|
| Purpose of the processing | Sending newsletters, brochures, questionnaires and other marketing materials to clients about news, events, special offers, promotions related to the Controller and/or the services provided by the Controller in order to expand the existing business relationship or establish a new business relationship |
| Legal basis of processing activities | Consent of the data subject [Article 6(1)(a) GDPR] |
| Data under processing activities | name, e-mail address and telephone number of the client’s contact person |
| Duration of processing | until the claims for payment of service fees under the contract lapse (5 years) |
| Data processors | until the employment relationship of the data subject is terminated or his/her consent is withdrawn. |
1.8. Data transfer to a business partner to make business cooperation easier |
|
|---|---|
| Purpose of data processing | The Company is entitled to transfer the customer’s contact data to MOL Plc. (headquarters: 1117 Budapest, Október huszonharmadika u. 18., telephone number: +36-1-886-5000, website: www.mol.hu, e-mail address: ugyfelszolgalat@mol.hu) as a business partner in order to send messages for advertising purposes to the customer (promotional offers, coupons, invitations to events via regular post, e-mail or SMS) and to initiate telephone calls for advertising purposes. |
| Legal basis of data processing | consent of the data subject [Article 6(1)(a) of GDPR] |
| Scope of data processed | name, email address, telephone number of the customer’s contact person |
| Duration of processing | For the duration of the contract concluded between the Company and the business partner or until the data subject’s consent is withdrawn (whichever is the earlier) |
| Data controller partner | The Company’s data controller partner, MOL, acts as an independent data controller in compliance with its own data privacy policy. |
2. Data processing in relation to customer service
2.1. Data processing in connection with personal contacting |
|
|---|---|
| Purpose of the processing | Investigation of complaints, errors and other inquiries submitted by the client |
| Legal basis of processing activities | The legitimate interests of the Controller and the client in ensuring that the Controller is able to provide the services in accordance with the contract and to resolve properly any possible errors in the delivery of the service and client complaints [Article 6(1)(f) GDPR]. |
| Data under processing activities | Name, e-mail address, telephone number of the reporting person, content of the report, other data provided by the reporting person, unique identification number of the complaint; place and time of the filed complaint; other documents provided by the reporting person, response to the complaint |
| Duration of processing | until the claims under the contract lapse (5 years) |
2.2. Data processing in connection with contacting by phone call |
|
|---|---|
| Purpose of the processing | Investigation of complaints, errors and other inquiries submitted by the client |
| Legal basis of processing activities | The legitimate interests of the Controller and the client in ensuring that the Controller is able to provide the services in accordance with the contract and to resolve properly any possible errors in the delivery of the service and client complaints [Article 6(1)(f) GDPR]. |
| Data under processing activities | in case of a voice recording, the voice of the reporting person, the complaint submitted by the reporting person; in relation to the investigation of the complaint: the name, e-mail address, telephone number of the reporting person, the content of the complaint, other data provided by the reporting person, the unique identification number of the complaint; the place and time of filing the complaint; other documents provided by the reporting person, response to the complaint. |
| Duration of processing | until the claims for payment of service fees under the contract lapse (5 years) |
2.3. Data processing in connection with written requests |
|
|---|---|
| Purpose of the processing | Investigation of complaints and other inquiries submitted by the client |
| Legal basis of processing activities | The legitimate interests of the Controller and the client in ensuring that the Controller is able to provide the services in accordance with the contract and to resolve properly any possible errors in the delivery of the service and client complaints [Article 6(1)(f) GDPR]. |
| Data under processing activities | client’s name, e-mail address, telephone number, content of the submitted complaint, other data provided by the client, unique identification number of the complaint; place and time of lodging the complaint; other documents provided by the person lodging the complaint, written response given to the complaint. |
| Duration of processing | until the claims under the contract lapse (5 years) |
3. Data processing activities in relation to the data collected on the website
3.1. Data processing in connection with the question placed on the website |
|
|---|---|
| Purpose of the processing | a Answering a question asked on the Website by a visitor of the Webseite |
| Legal basis of processing activities | Consent of the data subject [Article 6(1)(a) GDPR] |
| Data under processing activities | Name, phone number, e-mail address of the questioner, answer to the question |
| Duration of processing | until the withdrawal of the data subject’s consent, for no longer than 15 days |
3.2. Data processing in connection with the request for quotation submitted on the website |
|
|---|---|
| Purpose of the processing | Sending an contract offer according to the request for offer made by the Website visitor |
| Legal basis of processing activities | Consent of the data subject [Article 6(1)(a) GDPR] |
| Data under processing activities | name, e-mail address, telephone number, postal code of the requester, company name, message of the requester, fleet size, content of the contract offer sent for the request |
| Duration of processing | until the withdrawal of the data subject’s consent, for no longer than 60 days |
3.3. Data processing in connection with the order placed in the webshop |
|
|---|---|
| Purpose of the processing | Identification of the client, contact keeping, invoicing and product delivery in order to execute the order placed through the web shop |
| Legal basis of processing activities | Data processing is necessary for the performance of the contract [Article 6(1)(b) GDPR ]. |
| Data under processing activities | Client’s name, e-mail address, telephone number, company name, registered office, tax number, payment currency, delivery address, client comments |
| Duration of processing | until the expiry of the limitation period for claims arising from termination of contract (5 years) |
| Data processors | For the transaction of payments via bank card the data processor engaged by the Controller shall be OTP Mobil Kft., to which the Controller communicates the details of each ordered item (name, quantity, price, tax), customer data (account name / company name, country, state, city, postal code, address (street, house number), telephone number, shipping address (name / company name, country, state, city, zip code, address (street house number), phone number order number, customer email address, language chosen on the website of the client.
The nature and purpose of the data processing operations performed by the processor are available in the SimplePay Privacy Policy at the following link: http://simplepay.hu/vasarlo-aff. . For the delivery of products ordered on the website for delivery by courier, the data processor used by the Controller is GLS General Logistics Systems Hungary Csomag- és Logisztikai Kft. (registered office: 2351 Alsónémedi, GLS Európa u. 2; commercial register number: 13-09-111755; tax number: 12369410-2-44) to which the Controller communicates the name, telephone number and delivery address of the client. |
3.4. Data processing for cookies |
|
|---|---|
| Purpose of the processing | customizing the services of the Controller to the needs of the site visitor by collecting and storing information about the site visitor’s browsing activity, personal settings and identification on the site |
| Legal basis of processing activities | Consent of the data subject [Article 6(1)(a) GDPR] |
| Data under processing activities | date and time of the visit, IP address of the computer of the person concerned, type of its browser, address of the website viewed and visited previously |
| Duration of processing | until withdrawal of the consent of the data subject |
IV. TRANSFER OF DATA TO A THIRD PARTY, OFFICIAL DATA PROVISION
The Controller may only transfer the client’s personal data to another party in exceptional cases if the transfer of the data is necessary to fulfill the legal obligation with respect to the Controller.
For example, if a court procedure is initiated in a case in which the client is involved and the court requires the transmission of documents containing the client’s personal data or the police contacts the Controller and requests the transmission of documents containing the client’s personal data for the purpose of investigation
V. TECHNICAL AND ORGANIZATIONAL MEASURES FOR DATA SECURITY
The Controller shall ensure the security of the client’s personal data, protection against unauthorized or unlawful processing, accidental loss, destruction or damage of data by applying technical and organizational measures appropriate to the level of risk including the protection of the confidentiality, integrity, availability and breakdown security of IT systems and tools used for processing personal data.
VI. RIGHTS IN CONNECTION WITH DATA PROCESSING
1. Right to information/ access
The data subject shall have the right to obtain information from the Controller, in writing or by e-mail using one of the contact details of the Controller indicated above, as to whether or not personal data concerning him or her are being processed. If such data processing is in progress, the data subject shall have the right to obtain from the controller information as to which personal data are being processed, on what legal basis, for what purpose, from what source and for how long they are being processed, to whom, when and under which legal provisions it has granted access to its personal data and to whom it has forwarded his/her personal data, including in particular recipients from third countries or international organizations.
The Controller shall respond to the data subject’s request for information within a maximum of 30 days by sending a letter or e-mail to the contact details provided by the data subject. The data subject has the right of access to his or her personal data, so that the Controller sends to the data subject the personal data concerned in writing or by e-mail.
2. Right to rectification
The data subject may request, by writing or by e-mail using the contact details of the controller provided above, that the controller modify his personal data without delay or request the completion of his personal data provided in an incomplete manner. For example, the data subject may change its e-mail address or password at any time. The Controller will comply with the request within a maximum of 30 days and notify him by letter or e-mail sent to the contact details provided by the data subject.
3. Right to erasure/ right to be forgotten
The data subject may request the Controller to erasure his or her personal data without delay, in writing or by e-mail, using the contact details of the Controller provided above, if one of the following reasons exists:
- a) the personal data is not necessary anymore for the purpose it was processed by the Collector
- b) the data subject revokes their consent that is the basis of data processing and the data processing has no other legal basis
- c) the data subject objects to the data processing and there is no legitimate cause for the data processing
- d) the personal data was processed by the Controller illegally
- e) the personal data shall be erased for the performance of legal obligations applicable to the Controller
- f) Personal data was collected in connection with the offering of information society services to children.
The Controller must comply with the request of the data subject within a maximum of 30 days and notify the data subject by sending a letter to the contact details provided by the data subject. If the Controller has transferred his/her personal data to another party, the Controller shall inform the other controllers/processors within 30 days that the data subject has requested the erasure of a copy of his/her personal data.
4. Right to block/restriction of processing
The data subject may request, in writing or by e-mail through the contact details of the Controller provided above, that the Controller block his personal data or restrict the processing of his personal data, if one of the following conditions is met:
- a) the accuracy of the personal data is contested by the data subject. In this case, the block/restriction shall apply for the period of time that enables the controller to verify the accuracy of the personal data;
- b) the data processing is unlawful and the data subject objects to the deletion of the data and requests instead a restriction of its use;
- c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or
- d) the data subject has objected to data processing, in which case the restriction continues to apply as long as it is determined whether the legitimate grounds of the controller override those of the data subject.
In the event of blocking/restriction of data, such personal data, with the exception of storage, may only be processed with the consent of the person concerned or for the purpose of establishing, exercising or defending legal claims or defending the rights of another natural or legal person or in the important public interest. The blockage/restriction shall continue for as long as the reason specified by the data subject requires the data to be stored.
5. Right to Data Portability
The data subject shall have the right, through the contact details of the Controller given above, in writing or by e-mail , to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit
those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent of the data subject or on a contract and the processing is carried out by automated means
In exercising his or her right to data portability, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The controller must respond to the data subject’s request within a maximum of 30 days and notify the data subject by sending a letter to the contact details provided by the data subject.
6. Right to object
The data subject may object to the processing of his/her personal data at any time on the basis of the legitimate interests pursued by the controller or of a third party, in writing or by e-mail using the contact details provided above. In this case, the Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. The data subject may, at any time, using the contact details of the controller provided above, object in writing or by e-mail to the processing of his/her personal data for the purpose of direct marketing purposes. In this case, his or her personal data shall no longer be processed for such purposes.
7. Automated decision making in individual cases, including profiling
The Controller does not make decisions based solely on automated data processing, including profiling.
Should the Controller introduce a decision procedure based on such data processing in the future, he will inform the data subject in advance by e-mail about the logic, method and nature applied and will provide the data subject with the opportunity to request human intervention on the part of the Controller, to express his opinion or to lodge objections to the decision.
VII. LEGAL REMEDY IN RELATION TO DATA PROCESSING
If the data subject experiences an unlawful data processing, it is recommended to inform the Controller of his complaint first, before legal proceedings are initiated, as this will enable the Controller to restore the lawful status on his own initiative.
By lodging a notice (complaint) with the supervisory authority, the data subject may initiate an investigation on the grounds that he/she has been infringed or is in imminent danger of being infringed in connection with the processing of his/her personal data. The name and contact details of the supervisory authority are as follows:
- National Authority for data Protection and Freedom of Information
- Registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
- Postal address: 1530 Budapest, Pf.: 5
- E-mail address: ugyfelszolgalat@naih.hu
- Telephone: +36 (1) 391-1400
- Fax: +36 (1) 391-1410
-
Website: www.naih.hu
In the event of unlawful processing of data of which the data subject becomes aware, he may bring a civil action in court. The proceeding falls under the competence of the court. At the discretion of the data subject, the action may also be brought before the court responsible for his place of residence. You
can find the list and contact details of the courts by clicking on the following link: http://birosag.hu/torvenyszekek.
VIII. REVISION AND MODIFICATION OF THE PRIVACY POLICY
The circumstances of data processing may change from time to time and the Controller may decide at any time to add a new data processing purpose to his current data processing activities. Therefore, the Controller reserves the right to amend this Privacy Policy at any time. The Controller will notify the data subject in advance of any changes to this Privacy Policy.
IX. APPLICABLE LEGISLATION RELATING TO DATA PROCESSING
Legal provisions on the processing of personal data of the data subject:
- Act I of 2012 on the Labour Code („Mt.”)
- REGULATION 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (EU) (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) („GDPR”)
- Act CXII of 2011 on the right of informational self-determination and on freedom of infor-mation („Infotv”)
