Short data protection information of TPA Consulting Adótanácsadó Kft. and TPA Control Könyvvizsgáló Kft.
Present document is the short data protection information of TPA Group’s member firms in Hungary, i.e. TPA Consulting Adótanácsadó Kft. (1024 Budapest, Buday László u. 12. I. em., registry no.: 01 09 266578, tax no.: 10869983-2-41, telephone: +36 (1) 345 4500, e-mail: office@tpa-group.hu, fax: +36 (1) 345 4502, independently represented by: Szemerédi József managing director) (hereinafter: Data Controller) and TPA Control Könyvvizsgáló Kft. (1024 Budapest, Buday László u. 12. I. em., registration no.: 01 09 266578, tax no.: 12061239-2-41, telephone: +36 (1) 345 4500, e-mail: office@tpa-group.hu, fax: +36 (1) 345 4502, independently represented by: Jakab György managing director) (hereinafter: Data Controller).
Data Controllers declare the followings.
Data Controllers consider the appreciation and enforcement of their clients’ rights and of any other involved natural persons (hereinafter: data subjects) in connection to data processing to be important; they respect the data subjects’ individual rights, and in the course of carrying out their data processing tasks, Data Controllers comply with the effective, substantive and procedural rules of the European Union and of the Hungarian legislation as well as the Data Protection Regulations and other internal bylaws.
Present short data protection information is a shortened extract of the Data Protection and Data Security Regulation of Data Controllers (hereinafter: Regulation) drafted with the purpose that the data subjects are informed of Data Controllers’ key rules in connection to data protection.
Present Information shall be regarded as the annex of the Regulations, and in connection to any issues, topics not included in the Information, the Data Controllers’ Regulations and the relevant legislation shall prevail and it shall be read in conjunction with those.
The Information and the Regulation is available in full length at all times in printed form at the actual premises of data processing, at the seat of Data Controllers.
Categories of data subjects:
Data subject is any natural person, who is identified based on specific personal data or is – directly or indirectly – identifiable, whose data are managed by Data Controllers.
Therefore, data subjects are primarily the users of Data Controllers’ services, persons interested in Data Controllers and/or in their services, natural person clients of Data Controllers, or representatives, contact persons or other employees of non-natural person clients.
Data processing activity of Data Controllers, its purposes and term:
1. Requesting one-time information
The information request is voluntary.
Scope of data subjects:
all natural persons having contacted Data Controllers and requesting information from Data Controllers besides providing their own personal data.
Scope and purpose of controlled data:
name: identification
telephone number: maintaining contact
e-mail address: maintaining contact
question’s content: answering
Purpose of data processing: providing appropriate information for the data subject and maintaining contact.
Term of data processing: until the achieving of the goal.
-
Request for proposal
The request for proposal is voluntary.
Scope of data subjects:
All natural persons requesting proposal in connection to the service provided by Data Controllers besides providing their own personal data.
Scope and purpose of processed data:
name: identification
telephone number: maintaining contact
e-mail address: maintaining contact
question’s content: answering
selection of chosen service: for provision of proposal
naming the ordered service: for provision of proposal
requested deadline for delivery of service: for provision of proposal
selection of other special needs: for provision of proposal
Purpose of data processing: provision of a suitable proposal for data subject and maintaining contact.
Term of data processing: until the expiration of the proposal’s validity.
-
Service ordering:
Ordering is voluntary.
Scope of data subjects:
All natural persons concluding service agreement with Data Controllers besides providing their own personal data.
Scope and purpose of processed data:
name: identification
telephone number: maintaining contact
e-mail address: maintaining contact
content of request/question: answering, maintaining contact
Purpose of data processing: provision of service for data subject.
Term of data processing: during the term of the contractual relationship, and during the period of time while a claim is enforceable in connection to the legal relationship.
-
Job application:
Application for a job is voluntary.
Scope of data subjects:
All natural persons submitting a job application in electronic form (CV, cover letter) to Data Controllers with the purpose of filling a position.
Scope and purpose of processed data:
name: identification
telephone number: maintaining contact
e-mail address: maintaining contact
studies, earlier workplaces, qualifications, skills, references, applied positions, salary demand: selection
Purpose of data processing: filling the open position at Data Controllers.
Term of data processing: 6 months from the sending of the job application or until requesting erasure.
-
Newsletter
Subscription to newsletter is voluntary.
Scope of data subjects: natural persons wishing to be regularly informed of Data Controllers’ latest news, events, changes of law in connection to Data Controllers’ activity, who therefore subscribe to the newsletter service by providing their personal data.
Scope and purpose of processed data:
name: identification (mandatory information according to the law)
e-mail address: sending newsletter (mandatory information according to the law)
Purpose of data processing: notifying data subject of Data Controllers’ latest news, events, changes of law in connection to Data Controllers’ activity.
Term of data processing: until request for deletion by data subject.
Unsubscribing from TPA Newsletter:
-
Website address:
Cookies:
Specific service provider partners of Data Controllers might use internet cookies for the purpose of data collection in the course of Webpage visiting. Such information enables for Data Controllers the personalization of the internet user experience and the improvement of the website’s performance.
Data Controllers hereby inform the users that most internet browsers automatically accept cookies, but users can have these deleted or automatically disabled.
Since the browsers are different, the users can set up their cookie preferences individually, with the help of the browser’s tools.
Data Controllers hereby inform the users that certain attributes might not be available on the website, if they decide not to use cookies.
Purpose of data processing:
The identification of users, distinguishing them from each other, identification of users’ current session, storage of thus given data, preventing data loss, tracking of users.
The legal basis for data processing:
The Data Controllers have legitimate interest in identifying the users and serving them in a personalized manner.
Scope of processed data: identification number, date, time, and the previously visited page.
Data Processors:
| Name | Seat | Data processing task |
| TPA Group Administration und Steuerberatung GmbH | Praterstraße 62-64 1020 Wien |
Ensuring online storage |
| Reinhard Janits, 1080 Vienna, NetzwerkBerater B&W OG, 3470 Kirchberg | 1080 Vienna, NetzwerkBerater B&W OG, 3470 Kirchberg. | Savings in connection to the website, development and database-related tasks |
Data Controllers apply the following cookies:
| Name | Purpose | Expiration time |
| WordPress test cookie | accepts wordpress cookies on the website | – |
| wp-settings-1 | supports optimized display and use of the wordpress website by the administrator | 1 year |
| wp-settings-time | allows optimized display and use of the wordpress website by the administrator | 1 year |
| _ga | Used to distinguish users | 2 years |
| _gid | Used to distinguish users | 24 hours |
| _gat | Used to throttle request rate | 1 minute |
| cerber_groove | A security cookie used to validate the user session | – |
| _icl_current_language | Saves the current language | 24 hours |
| cookie_notice_accepted | Saves the cookie notice acceptance | 2 years |
Google Analytics
Data Controllers use Google Analytics system for collecting visitors’ data in connection to the webpage. Such data are not attributable to persons and are not identifiable individually. In order that the users themselves can decide about the collected data, the system enables opting out from data collection:
https://tools.google.com/dlpage/gaoptout
Location information
When using Google services, Data Controllers might collect information regarding the current location of users and might process this information.
Links:
The webpage might contain links to pages, which are not ran by Data Controllers, but only serve information provision for users. Data Controllers have no influence on the content and security of the webpages ran by partner companies, and are therefore not liable for such webpages.
Persons having the right to the processing of data:
The data might be processed by employees of Data Controllers only to the extent required for the fulfilment of their duties.
Transferring, forwarding of data by Data Controllers:
The processing of personal data is basically carried out by Data Controllers, or, if the task is outsourced, this shall be agreed upon in advance in a contract. In such case, Data Controllers transfer data to the data processors and they shall be liable for the activity of the data processors.
The Data Controllers might forward the data specified by data subject to their contractual Partners, if prior to the forwarding of data they have informed data subject of the name of the Partner, the expected period of data processing, its aim, and if data subject has agreed to the forwarding of data.
In case of request by a competent authority, Data Controllers might forward data to the requesting authority under their legal right.
In case the data processing activity carried out by Data Controllers for their Partners requires, Data Controllers might forward the data to authorities, or to persons specified by the law or by data processing agreement.
Rights:
Based on Act CXII of 2011 about the right of informational self-determination and freedom of information, and on Regulation 2016/679 of the European Parliament and the European Council, data subject has the following rights:
Right to information, right to rectification, right to erasure, the “right to be forgotten”, the right to block/limit the data, right to object, right to apply to the courts, right to apply to authority.
The detailed description and limitations of certain rights are included in the Regulations.
Requesting detailed information about data processing, forwarding, right enforcement:
Data Controllers hereby inform data subjects that they can submit requests for information and exercise their other rights – except when this is not excluded by the law – by sending a request to the email address office@tpa-group.hu. Data Controllers shall examine the subject matter and reply to it, and take the necessary steps in accordance with the request, the Regulations and the law, within the shortest time possible from the reception of the request, but no later than 15 days.
In case of infringing self-determination right, the competent authority:
Hungarian National Authority for Data Protection and Freedom of Information
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Telephone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
www: http://www.naih.hu
e-mail: ugyfelszolgalat@naih.hu
Data subjects may engage in court procedures in case their right has been infringed. Such case is processed by the court with priority. It is the Data Controllers’ task to ensure that data processing is in compliance with the legislation.
In case Data Controllers infringe the rights of data subject related to personality by the unlawful proceeding of data subject’s data or by the infringement of the data security liability, data subject might request indemnification from Data Controllers.
Data Controllers shall ensure the security of data in the following manners:
Data Controllers ensure the security of data. For this purpose, they take those technical and organizational measures and make those procedural regulations that are necessary for the enforcement of the relevant laws and data- and confidentiality regulations.
Data Controllers protect the data with the proper measures against unauthorized access, alteration, forwarding, publication, erasure or destruction, unintentional destruction and damage, as well as against becoming inaccessible due to the alteration of the applied technique.
The enforcement of data security rules is also ensured by the Data Controllers through internal bylaws, instructions and procedure systems, which are distinct from the Data Protection and Data Security Regulation and from present Information regarding both content and form.
In the course of establishing and applying the measures serving the security of data, Data Controllers consider the current level of technological development, and from the different available solutions for data processing, they choose the one, which ensures higher level of personal data protection, except in case this would cause an excessive burden.
Within the scope of their tasks in connection to IT security, Data Controllers especially ensure the followings:
- Measures against unauthorized access, including the protection of software and hardware, and physical protection (access control, network protection);
- Measures ensuring the chance to restore data, including regular backup savings and separate, secure management of the copies (mirroring, backup saving);
- Protection of data against viruses (antivirus protection);
- Physical protection of data and of the physical devices carrying the data, including protection against fire damage, water damage, thunder stroke and other natural disaster, and ensuring the recoverability of damages arising from such events (archiving, fire protection).
Other information
Data Controllers reserve the right to change the Information by reason of synchronization with the subsequent modifications of the legal background, with the Regulations and other internal bylaws.