ZÁÉV Construction Ltd. as a workplace Our Company is one of the leading, dynamically developing construction contractors in the country. We have been shaping our built environment and everyday life for more than seventy years with our high-level work. We offer our employees an exciting and challenging work environment with opportunities for development and excellence. Our determined employees work together with a high level of knowledge, as a real team, in order to jointly implement the tasks undertaken by our Company. We are energetic, responsible and ready for challenges because ZÁÉV Ltd. is the Master Builder.look
GENERAL PRIVACY AND DATA MANAGEMENT INFORMATION
The protection of personal data has paramount importance for ZÁÉV Construction Ltd. (hereinafter: ZÁÉV Ltd., Data Controller), thus in accordance with the legislation in force, and in particular the General Data Protection Regulation (GDPR) of the European Union, sets out and publishes the applied data protection and data processing principles, the general rules of personal data processing, the rights and enforcement of Data Subjects and all the related practical information. In the Communication, we primarily provide information on the legal basis, purpose, duration, etc. of data processing in a general manner. Jobseekers, senders of consignments and contractual contact persons can read detailed information about data management concerning them. Natural persons who use the service, establish a contractual relationship or contact our Company for other purposes can find the general data management and protection rules, as well as the description of enforcement options in this Communication. Other specific information is provided in the contract or in a separate Communication.
This Communication has been prepared in accordance with the following legislation: GDPR: Regulation 2016/679 of the European Parliament and of the Council (EU) on the protection of individuals with regards to the processing of personal data, the free movement of such data, and repealing Regulation (EC) No 95/46 (General Data Protection Regulation).
- Privacy Act: Act CXII. of 2012 on the Right to Information Self-Determination and Freedom of Information
- Civil Code: Act V. of 2013 on the Civil Code
The most important information related to data management can be summarized as follows: Name of the data controller: ZÁÉV Ltd.
Contact details: H-8900 Zalaegerszeg, 1. Millennium köz, Hungary
During data management, we always provide information on the legal basis on which we process each of your personal data (e.g. name, e-mail address, telephone number) – e.g. due to a legal requirement or necessary for the performance of a contract, possibly based on your consent (legal basis for data processing); for what purpose the data is processed (purpose of data processing); to whom we transmit the data (recipients); domestically or abroad; for how long we store them (duration of storage). You have the right to access the personal data we process, request their rectification, deletion or object to data processing. In some cases, you may exercise your right to data portability, or request a restriction of data processing (until a decision is made on the fate of the data) and lodge a complaint with the competent authority (Hungarian National Authority for Data Protection and Freedom of Information – www.naih.hu). We will respond to your requests within one month.
If we process your data with your consent, you may withdraw your consent at any time, but this does not affect the lawfulness of previous data processing. If your data is not given by you, we will inform you about its source. In the case of automated decision making (including profiling), we also provide information. Below you will find a detailed description of the rules on data management and protection.
1. Concept definitions:
The terms used in this Communication shall be understood in accordance with the relevant legislation, in particular as defined in GDPR and Privacy Act. In particular: Affected: an identified or identifiable natural person. A natural person may be identified directly or indirectly by an identifier such as name, number, location, online identifier or one or more factors relating to the natural, physiological, genetic, mental, economic, cultural or social identity. Hereinafter: Affected or You.
Personal data: any information about the Data Subject.
Data Processing: Any operation or set of operations on Personal Data or data files, whether automated or nonautomated, such as collecting, recording, organizing, segmenting, storing, transforming, altering, querying, viewing, using, communicating, transmitting, distributing or otherwise making available, harmonization or interconnection, restriction, deletion, destruction.
Data Controller: determines the purpose of Data Management - alone or together with others. For the purpose of this Communication, Data Controller is ZÁÉV Construction Ltd. (Registered office: H-8900 Zalaegerszeg, 1. Millennium köz, Hungary; Company Registration Number: 20-10-040034).
Data Processor: natural or legal person, public authority, agency or any other body that processes personal data on behalf of the Data Controller. Data Subject’s consent: a voluntary, specific and well-informed and unambiguous statement of the Data Subject’s intention to indicate his or her consent to the processing of Personal Data concerning him or her by means of a statement or an act which unequivocally expresses the confirmation.
2. General principles of data management:
Our Company always acts in accordance with the following principles when handling Personal Data and enforces them during certain steps of Data Management: Legality, fairness and transparency: The processing of Personal Data is carried out lawfully and fairly and in a way that is transparent to Data Subject.
Purpose limitation: Personal Data is collected only for specified, explicit and legitimate purposes and is not processed in a way incompatible with these purposes. Data minimisation: Personal Data is adequate and relevant to the purposes of Data Management and limited to the data necessary to achieve the purpose.
Accuracy: Personal Data must be accurate and, where necessary, up to date; we will take all reasonable steps to delete or correct Personal Data that is inaccurate for the purposes of Data Management without delay.
Storage limitation: Personal Data must be stored in a form that allows the identification of Data Subject, only for the time necessary to achieve the purposes of Personal Data processing; Personal Data may be stored for a longer period of time only if Personal Data will be processed for archiving public interest, scientific and historical research purposes or statistical purposes, and to implement the appropriate technical and organizational measures provided for in the Regulation.
Integrity and confidentiality: we protect the processing of Personal Data in a way to ensure the adequate security by applying appropriate technical or organizational measures, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage. Accountability: Data Controller is responsible for compliance with the above principles, compliance with the law and must be able to prove this compliance. Privacy by design: Data Controller shall take into account the state of science and technology and the costs of its implementation, as well as the nature, scope, circumstances and purposes of Data Processing and the varying probability and severity of the risk to the rights and freedoms of natural persons; implement appropriate technical and organizational measures such as pseudonymisation, to effectively implement data protection principles such as data saving, and to incorporate the guarantees necessary to meet the requirements of the Regulation and to protect the rights of data subjects in data processing process.
Data protection by design and by default: Data Controller shall implement appropriate technical and organizational measures to ensure that, by default, only Personal Data necessary for the specific data processing purpose will be processed. This obligation applies to the amount of Personal Data collected, the extent to which they are processed, the duration of their storage and their availability. These measures should ensure that Personal Data cannot be accessed by an indefinite number of persons without the intervention of a natural person.
3. Legal basis for Data Management:
Our Company handles Personal Data primarily on the basis of Data Subject’s consent, the fulfilment of the contract concluded with Data Subject, the fulfilment of a legal obligation, or the enforcement of the legitimate interests of our Company as Data Controller or a third party.
In addition, data processing may be necessary for the protection of Data Subject’s Personal Data or another natural person’s Personal Data, or in connection with the performance of a task in the public interest or in the exercise of a public authority granted to our Company.
If you apply for our job advertisement or send us a CV voluntarily or other document containing Personal Data, until a contractual relationship is established between you and ZÁÉV Ltd., the legal basis of data processing is your consent, which you can withdraw at any time.
f you act as a contact person for one of our existing or future contractual partners, the legal basis of data management is the legitimate interest of Data Controller and (future) contractual partner, which is to fulfil the rights and obligations arising from the contract and to ensure contact between the parties.
4. Purpose of data management:
Data management goals are determined individually, of which Data Subject is informed. Our company does not use automated decision making, including profiling. If you apply for our job advertisement or voluntarily send us a CV or other document containing Personal Data, the purpose of data management is to decide on the establishment of a contractual legal relationship, as well as to keep in touch and to track consignments. If you act as a contact person for one of our existing or future contractual partners, the purpose of data management is decision making on the establishment of a business relationship and maintenance of business continuity by contacting and administrating internally.
5. Scope of Personal Data handled:
The types of Personal Data of Stakeholders who contact our Company, are determined in accordance with individual data management purposes, considering the principle of data saving, and Stakeholders are informed. If you apply for our job advertisement or voluntarily send us a CV or other document containing Personal Data, we process only the Personal Data you provide (including e-mail or postal address, telephone / fax number from which the consignment arrives). If you act as a contact person for one of our existing or future contractual partners, the scope of Personal Data managed: name, position, address, telephone number, fax number, e-mail address.
6. Transfer of Personal Data:
Our company provides information in connection with each data processing if it is passed on to other persons (recipients). We will only transfer Personal Data outside the European Union if we can provide the appropriate level of protection established by the European Commission.
If you apply for our job advertisement or voluntarily send us a CV or other Personal Data, we do not forward them until you expressly authorize us to do so. If you act as a contact person for one of our existing or future contractors, we do not transfer your Personal Data until you or your employer expressly authorizes you to do so (e.g.: in connection with a public procurement procedure).
7. Duration of data storage:
Our Company handles and stores Personal Data until the purpose of data processing is achieved and until the expiration of the retention period prescribed by law. If you apply for our job advertisement or voluntarily send us a CV or other Personal Data, we will only retain the data until a decision has been made about a contractual relationship with you. In case of a CV, if you consent, we will keep it for up to 2 years. Postal / fax items are registered for 5 years. If you act as a contact person for one of our existing or future contractors, we process personal data until the end of the contact status, but at most, in case of contractual contact data, for the period of accounting documents’ preservation prescribed by law or until warranty is terminated.
8. Rights of Data Subject:
8.1. Right of access
Data Subject is entitled to receive feedback from Data Controller whether the processing of his / her Personal Data is in progress and, if so, is entitled to access personal data and information required by law. That is, Data Subject may request information from our Company whether we process his / her Personal Data and, if so, access to them, as well as information on the followings:
− the purpose of data management
− the categories of Personal Data concerned
− the recipients to whom Personal Data has been or will be communicated
− the planned period of Personal Data storage
− rights to rectification, erasure, restriction, protest, complaint
− if data was not collected from Data Subject, information on the source.
8.2. Right to rectification
Data Subject has the right to have inaccurate Personal Data relating to him or her corrected by our Company upon request or - considering the purpose of Data Management- to request the completion of incomplete Personal Data by means of an additional statement.
8.3. Right to erasure
In case of
- Personal Data is no longer required for the purpose it was collected or processed, or
- Data Management was based solely on the consent of Data Subject and Data Subject withdraws the consent, or
- Data Subject lawfully objects to Data Management, or
- Personal Data has been processed unlawfully, or
- Personal Data must be deleted due to a legal requirement, or
- data was collected for business acquisition purposes
Data Subject is entitled to request the deletion of Personal Data relating to him / her.
If Personal Data has been disclosed, in case of obligation to delete it (considering available technology and implementation costs), we will take the reasonably expected steps to inform other Data Controllers that Data Subject has requested the deletion of the link to Personal Data or to the copy of the data. The right of cancellation cannot be enforced if Data Management is necessary for the exercise of the right to freedom of expression and information, due to compliance with a legal obligation, due to public interest as regards public health, in the context of public archiving, data management for scientific and historical researches, statistical purposes or to submit, enforce and protect legal claims.
8.4. Right to Restrict Data Management
In the following cases, Data Subject is entitled to request our Company to restrict data processing:
- for as long as our Company verifies the accuracy of Personal Data because it is disputed by Data Subject;
- In case of illegal Data Management, if Data Subject requests a restriction on use instead of deletion;
- Our company no longer needs to handle Personal Data, but Data Subject requires them to submit, enforce and protect legal claims;
- Data Subject has objected to Data Management while our Company examines the objection request. If data processing is subject to restrictions, Personal Data may be processed - with the exception of storage - only with the consent of Data Subject or to bring, assert, defend or defend the rights of others and public interests. We shall inform Data Subject before lifting the restriction of processing.
8.5. Right to data portability
If Data Subject has provided his / her Personal Data - which are managed by our Company in an automated manner - on the basis of voluntary consent or for the purpose of concluding a contract, Data Subject is entitled to request to receive them in an articulated, widely used, machine-readable format and forward them to another Data Controller or, if technically possible, request its direct transmission.
8.6. Right to object
If Data Management was carried out for the purpose of direct business acquisition, Data Subject is entitled to protest against Data Management. In this case, Personal Data may no longer be processed for this purpose.
If Data Management is carried out on the basis of other legitimate interests of Data Controller, Data Subject is entitled to protest against Data Management. In this case, we will not further process Personal Data, unless we prove that Data Processing is justified by compelling legitimate reasons that take precedence over the interests and rights of Data Subject, or are necessary for the submission, enforcement and protection of legal claims.
9. Enforcing the rights of Data Subject:
In accordance with the principle of transparency, our Company shall take appropriate measures, both in informing Data Subject and in enforcing its rights, in order to ensure that Data Subject is informed in a concise, transparent, comprehensible and easily accessible form, clearly and intelligibly worded and to promote the exercise of other rights of Data Subjects.
The information will be provided primarily in writing (including electronic form), or orally at the request of Data Subject. Requests submitted electronically will be answered electronically (unless Data Subject requests otherwise).
Requests for the exercise of rights of Data Subject - if the identity of the applicant can be established - shall be answered as soon as possible, but at least within 1 month from the receipt of the request and inform Data Subject of the measures taken. Depending on the complexity of the application or the number of applications, this deadline may be extended by a maximum of 2 months, but we will inform you within 1 month of receiving the application, stating the reasons.
If no action is taken on the request, we will also notify Data Subject about it, as well as the reasons, no later than within 1 month from the receipt of the request, indicating the possibility of filing a complaint and legal remedy.
The response to Data Management information and to the requests relating to the exercise of the rights listed above is provided by our Company free of charge. However, if the request is clearly unfounded or excessive - particularly because of its repetitive nature-, we are entitled to charge a reasonable fee or refuse to act. We will notify all recipients to whom we have communicated Personal Data of correction, deletion or restriction measures taken as a result of the relevant requests, unless this is impossible or requires a disproportionate effort. At the request of Data Subject, we will provide information on these recipients. In the event of a data protection incident, if it is likely to pose a high risk to the rights of Data Subject, we will immediately provide information in person or through a public notice.
10. Body temperature measurement when entering office buildings and construction areas
Purpose of Data Management: prevention of coronavirus epidemic, screening of persons suspected of being infected, creating a healthy and safe working environment for workers. Source of personal data: the result of the instrumental examination carried out at the entrance by the employees designated by Data Controller, using a non-contact hand-held thermometer from 1 October 2020 until revoked.
Legal basis for data processing: Article 9 (2) (h) of the General Data Protection Regulation, preventive health or occupational health purpose gives authorization.
Data management, storage: Data Controller does not record or store the results of temperature measurement, only ensures that if the Data Subject’s temperature exceeds a certain value (37.0 °C), his or her entry is prohibited.
11. Contact details:
The use of a data protection officer is not obligatory, requests and any inquiries related to Data Management can be sent to our Company at the following contact details:
Postal address: H-8900 Zalaegerszeg, 1. Millennium köz, Hungary
Complaints about data management can be addressed directly to the National Data Protection and Freedom of Information Authority (Address: H-1055 Budapest, 9-11. Falk Miska út, Hungary, phone number: +36-1-391-1400, e-mail: firstname.lastname@example.org, webpage: www.naih.hu).
In case of violation of the rights of Data Subject, he / she may go to the court. According to the Code of Civil Procedure, the court has jurisdiction over judicial remedies.
12. Entry into force:
This amended Communication shall enter into force on 15.12.2020.