ServicesCareer GuidanceFor CompaniesDevicesBlogFAQAbout usContactX

Privacy Policy of PractiWort Zrt.

February 15. 2022.

  1. General provisions

The aim of this Policy is to provide sufficient information to employees, business partners or other natural persons with whom the company comes in contact about the personal data handled by PractiWork Zrt. (hereinafter referred to as PractiWork Zrt. or Controller). This is the nature of the handled personal data, the aim and method of data collection and all other information regarding the handling of this data which includes, but is not limited to their rights in connection with data processing. This is done according to the statutory regulations in effect.

1.1. The Person in position of Controller

PractiWork Zrt.

Company registration number: 01-10-141111

Tax number: 28949767-2-41

Principal place of business: 103. Jablonka Street, Budapest 1037, Hungary

Representative: dr. Ákos Kálmán Zsuffa, CEO

Phone number: +36 (30) 9645900

E-mail: info@practi.hu

The Controller is a registered company in Hungary. The Controller’s activities are in effect on the practi.online webpage (hereinafter referred to as “Webpage”).

1.2. Guiding Principles

The Controller’s activities are in line with European and Hungarian statuary regulations. Data processing is mostly regulated by the European Union regulation (2016/679 General Data Protection Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and the 95/46/EK repealed regulation; hereinafter referred to as “GDPR”).

1.3. Scope of the Policy, the concerned party

The scope of this Policy is limited to those actions of the Controller which involve the handling of personal data of natural persons. This also includes the data management of the Webpage.

According to GDPR: Personal data are any information which is related to an identified or identifiable natural person. The data subjects are identifiable if they can be directly or indirectly identified, especially by reference to an identifier such as a name, an identification number, location data, an online identifier or one of several special characteristics, which express the physical, physiological, genetic, mental, commercial, cultural or social identity of these natural persons.

The scope of this Policy encapsulates the personal data of the person who gets in contact with the Controller, provides data and consents to the processing of this data.

Based on all of this, this Policy’s scope does not include data that does not belong to natural persons (ex: company data), or data that cannot be linked to natural persons (ex: statistic data, anonymized data).

  1. The principles, aim and lawful basis of data processing

2.1. Principles of data processing

The Controller handles the collected data in a way that is lawful, fair and easy to see through. The Controller aims to have the collected data as accurate and as up-to-date as possible. The Controller ensures that the rights of the concerned party remain legally valid and does everything in their power to abide by the rules and regulations so that the data management is lawful throughout all phases of the process.

2.2. The aim of data processing

The data processing of the Controller aims to:

2.3. The lawful basis of data processing

The lawful basis of data processing is based on the consent of the concerned parties. The Controller only has access to the concerned party’s reported data and handles that according to their consents. Consenting is voluntary. By giving consent, the concerned is accepting this Policy.

  1. The liabilities of the Controller

3.1. Liability to inform

3.1.1. If the data is acquired from the concerned party, the Controller at the same time is informing them about the articles below:

3.1.2. If the data is not acquired from the concerned party, the Controller is informing the concerned party about the articles below:

3.2. Promoting the enforcement of the rights of the concerned party

The Controller promotes the concerned party exercising their rights.

3.3. Keeping records

The Controller and the Representative of the Controller keep records of the data processing activities they are responsible for.

3.4. Cooperation with authorities

The Controller and the Representative of the Controller are cooperating (based on their requests) with the supervising authorities.

3.5. Complying with data security requirements

3.5.1. The Controller pays particular attention to ensuring data safety and applies the best accessible security technologies to do so.

3.5.2. The technology used by the Controller protects the concerned party’s personal data not only from unauthorized access, editing, deletion or disclosure but against damage or destruction as well.

3.6. Obligations related to the data security incident

3.6.1. The Controller upon becoming aware of the data security incident, without undue delay informs the supervising authority. An exception from this is if the data security incident is not likely to risk the rights and freedom of the natural persons.

3.6.2. If the data security incident is likely to pose high risks to the rights and freedom of the concerned parties, the Controller without undue delay informs the concerned parties of the data security incident.

3.6.3. The Controller keeps a record of data security incidents, listing the fact related to the data security incidents, it’s effects and the measures taken to remedy the situation.

3.7. Data protection impact and risk assessment

If any type of data processing (especially the ones incorporating new technologies), with a focus on its characteristics, scope, circumstances and aims, is of high risk to the rights and freedom of natural persons, then the Controller does an impact evaluation based on how the planned procedures would affect the protection of personal data.

3.8. Data transfer

The PractiWork Zrt. is not transferring data into a third country or to an international organisation either as data handler or processor.

3.9. Data Protection Officer

3.9.1. According to the GDPR article 37. (1) paragraph b) section, the Controller appoint a data protection officer.

3.9.2. The data protection officer’s name and contact information:

Name: Róbert Sinka

E-mail: sinka.robert@practi.hu

Phone number: +36 (30) 6386190

  1. The rights of the concerned party

The concerned party in connection with their personal data has the rights to:

  1. The scope of those entitled to access the data

Accessing the data is only allowed to those employees of the Controller who are appointed by the Controller to process the data and are compliant with the required confidentiality.

  1. Legal remedies

The concerned party can request the termination of processing of their data from the Controller in case of violation of their rights. This request is accessed by the Controller in all cases and then the concerned party is informed of the result.

The concerned party can report their complaint according to the contact information listed in paragraph 1.1.

The concerned party can also file a complaint with the National Authority for Data Protection and Freedom of Information (address: 22/c. Szilágyi Erzsébet alley, Budapest 1125, Hungary; phone number: +36 (1) 3911400; e-mail: ugyfelszolgalat@naih.hu; webpage: www.naih.hu).

The concerned party has the right to bring the matter before a court in case of violation of their rights. The Controller provides detailed information about a court with authority and jurisdiction to adjudicate the lawsuit and about the possibility of filing a lawsuit at request of the concerned party.