The web page accessible under www.railcargo.hu (hereinafter the Web page) is operated by Rail Cargo Hungaria Zrt. (registered office: 92 Váci út, 1133 - Budapest, Hungary, company register nr.: 01-10-045318, e-mail: firstname.lastname@example.org tel.: +36 1 512-7300 (hereinafter: Controller).
This Handout (Hereinafter: Handout) contains the personal and other data protection policy, practice and commitments related to the operation of the web page management by the Controller.
The Controller reserves the right for changing any content of this Handout or any pages related, with a special regard to the modification of relevant legal regulations, or modifying it with a dedicated advance or subsequent notice or terminating it considering the relevant Hungarian legal regulation.
1.1 The Controller respects and protects the personal data of the one using the services of the Web page (hereinafter: User). The Controller handles the data specified by the User in confidentiality, upon the all time effective Hungarian data protection law and other relevant legal regulation. The Controller does not give it out to a third party, does not publish it and only uses it for private use, in the extent of and as long as the Controller's activity allows.
1.2 In the course of establishing the Controller's data protection policy, the procedure conformed with and considered the following regulations:
- Act LXIII of 1992 on the protection of personal data and disclosure of information of public interest (Data Protection Law);
- Act CVIII of 2001 on Electronic Commerce and on Information Society Services
- Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities
1.3 The content of phrases applied in this Handout comply with the content recorded in the special provisions of Data Protection Law
Relevant definitions and explanations of the currently effective Data Protection Law:
Personal data: shall mean any information relating to an identified or identifiable natural person (hereinafter referred to as ‘data subject') and any reference drawn, whether directly or indirectly, from such information. In the course of data processing, such information shall be treated as personal data as long as the data subject remains identifiable through it. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;
The data subject's consent: shall mean any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed without limitation or with regard to specific operations;
The data subject's objection: shall mean an indication of his wishes by which the data subject objects to the processing of his data and requests that the processing of data relating to him be terminated and/or the processed data be deleted;
Controller: shall mean a natural or legal person or unincorporated organization that determines the purpose of the processing of data, makes decisions regarding data management (including the means) and implements such decisions itself or engages a processor to implement them;
Data management: shall mean any operation or set of operations that is performed upon data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, deletion or destruction, and blocking them from further use. Photographing, sound and video recording, and the recording of physical attributes for identification purposes (such as fingerprints and palm prints, DNA samples and retinal images
Disclosure by transmission: shall mean making data available to a specific third party;
Public disclosure: shall mean making data available to the general public;
Blocking of data: shall mean preventing - permanently or for a predetermined period - the transmission, access to, disclosure, adaptation or alteration, destruction, deletion, alignment or combination, and the use of data;
Data processing: shall mean the technical operations involved in data management, irrespective of the method and instruments employed for such operations and the venue where it takes place;
Processor: shall mean a natural or legal person or unincorporated organization that is engaged in the processing of personal data on behalf of a controller - including when ordered by virtue of legal regulation;
Set of data: shall mean all data contained in a filing system;
Third person: shall mean any natural or legal person or unincorporated organization other than the data subject, the controller or the processor;
2.1 Rail Cargo Hungaria Zrt.is the Controller of the collected and recorded personal data related to the operation of the Web page. In the course of data management, the Controller does not avail the Data processor.
2.2 The aim of the Web page operation related data management is that the Controller secures information via the Web page and provides counseling, services connected to the activity of the Company, and sends a newsletter to the partners.
2.3 The data management is voluntary in all cases, the Controller uses the personal data only for the sake of the service selected by the User, according to the data subject's consent specified by the User and within its scope. The data management complies with this aim in all its articles. The legal ground of the data management performed by the Controller is the conversant consent of the User, which the User specifies with approving the conditions of this Handout.
2.4 If the Controller wished to use personal data in such a way that deviates from the policies and aims announced when collecting the personal data, the Controller should notify the affected ones via e-mail preliminary and offer the opportunity to decide whether they consent the management of their personal data deviating from the earlier management.
2.5 The data storage is done at the server network of the informatics Service Provider of the Controller. The controlled data shall not be forwarded to a Controller being in a third country or to a data processor.
2.6 The Controller ensures the data security, the enforcement of data and confidentiality regulations by organizational arrangements by establishing security rules of procedure, during its activity.
2.7 Beside the most recent hardware and software support, the Controller particularly protects the data from unauthorized access, change, forward, delete or extermination, and against accidental annihilation, damage.
2.8 Those who are affected by data management by the Controller (the registered Users and the visitors of the Web page involved) may withdraw their consent given earlier to the Controller for data management anytime. They may withdraw their consent on certain data and may limit them to data management actions, or complaint against their personal data management in particular cases ascertained in the Data Protection Law by e-mail to the registered office of the Controller at: email@example.com or by regular letter to: 92 Váci út, 1133 - Budapest, or by tel.: +36-1 512 7430.
2.9 The Controller performs the data management cancellation within 5 working days by E-mail, regular post, or telephone, whereby it annihilates all data requested to be cancelled.
3.1 If the User subscribes for an online service of the Controller, inquires about the services, fills out a form or forms an opinion, the Controller may ask for her/his personal or company data to specify. Among these data, the User's name or the Company's name, address, e-mail address, fax and telephone number may be figured.
3.2 During viewing the Web page, the view's starting and finishing time by the User is automatically recorded because of the technical operation and in certain cases - depending on the settings of the User's computer -, the data of the browser and the operational system, the IP address of the User and the URL of the login and logout pages. The system automatically generates statistic data from these data. The Controller does not link these data to other personal data, they are only used for preparing attendance statistics.
3.3 The Controller has established a double-level authorization for the utilization of the Web page:
a) the Web page may be visited by anyone without specifying any personal data beyond the automatic technical data management.
b) The Controller obliges a registration for the usage of particular accessible services on the Web page. The registered Users are authorized to access contents placed on the website and to subscribe for newsletters.
3.4 For availing the newsletter service, the affected Users are required to specify certain personal data by the Controller (see the list below). During the registration, the User must only specify such personal data, which is essential for the realization of the specified data service and is adaptable for accessing the goal.
3.5 During the registration the following data are required to specify:
- Company name
- E-mail address
3.6 The Controller keeps a record on those persons according to the regular statutory instruments in force, who declared their requests in a written form about receiving advertisements by using the newsletter service. For those persons who are not figured in the records, the Controller does not send newsletters, which are qualified to be advertisements. The Controller may only give out the records to a third party, with the prior consent of the one availing.
3.7 The User is authorized to request to change or delete all her/his data in or from the database, which s/he specified when registering.
3.8 All newsletters sent by the Controller informs the addressee about the electronic mailing address and other contacts, where s/he may claim to proscribe other letters to be sent.
4.1 The aim of the personal data management transmitted to the Controller, is in the service of availing the Web page service, and assures the communication between the service provider and the User in order to ensure the service. The statistics targeted usage of these data summarized, will be done.
4.2 In case the User registers for the newsletter service, the goal of the e-mail address management is delivering the newsletter.
The User may request to delete the specified personal data anytime, and the Controller may her/himself delete it if the service discontinued, or the availing of the service was forbidden.
6.1 The data managed by the Controller - upon the main regulation - may only be acquainted by the employees participating in the data management target realization of this Handout, who are responsible with professional confidentiality in the respect of all data they got acquainted with on the basis of the relevant legal regulations of their contract and their.
6.2 The personal data - apart from the colleagues and the ones involved - are not provided to third parties by the Controller. This does not concern the possible disclosure by transmission obliged, specified by legal regulation. The Controller examines the truth of the legal ground of the disclosure by transmission in every case, should it prove necessary, asks for the opinion of the data protection commissioner.
7.1 In case of further questions and remarks, Users may request information on the management of their personal data at the following contacts: e-mail: firstname.lastname@example.org, or tel.: +36-1-512 7300.
7.2 In case of requests in the above described issue, the Controller provides detailed information on the data managed by her/him, the goal of data management, the legal ground, the duration and the data management related activity, who and with what reason receive/d the data.
7.3 The Controller answers in an easy to understand, electronic, written form, in the shortest time after the request submitted, but max. 30 days.
7.4. The User may request for correction and deletion of her/his personal data, and - with the exception of the data management ascertained in the legal regulation. The Controller is obliged to delete the data in the following cases:
- If the data management is unlawful;
- If the User requests it;
- If the data is incomplete or inaccurate and that status may not be corrected lawfully;
- If the goal of data management has ceased;
- If the deletion was ordained by the data protection commissioner.
The User may object against her/his personal data management in obedience to the applicable statutory provisions.
The data subject's objection - with the simultaneous suspension of the data management - the soonest after the request was submitted, but within 15 days, is examined. The Controller informs the User about the result in a written form.
In case the data subject's objection is justified, the Controller terminates the data management - the further data-survey and disclosure by transmission involved -, seizes the data, and notifies all of those, who s/he earlier transmitted the personal data to, and those, who are obliged to take measures in the interest of enforcing the objection right, about the objection and the arrangements done according to it.
In case the User does not agree with the decision adopted on the basis of the objection, s/he may seek remedy at the court in 30 days after the notification of it. The court shall proceed immediately with special dispatch. The lawsuit - in accordance with choice - may be started in the court of the registered residence (habitation) of the User (affected one).
8.1 The Web page may contain links to other pages, but the Controller does not assume responsibility for the data protection practice of these pages. In case these web pages also collect personal data, it is recommended for the User to inquire the data protection regulation of these pages as well.
The data protection policy of this Handout only applies for the pages managed by the Controller.
This Handout is in effect from 1st July 2010.