Privacy Policy

Regulation (EU) 2016/679  of the European Parliament and of the Council (‘the Regulation’) provides for the protection of natural persons with regard to the processing of their personal data. It requires the controller to take appropriate measures to provide the data subject with each information concerning the processing of personal data.

With this Policy, we are complying with our legal obligation.

Authoritative, abstract definitions:

personal data: any information and data relating to the natural person (“data subject”) by which he or she can be identified

data processing: any operation performed on personal data

data controller: the natural or legal person, public authority, etc. which, alone or jointly with others, determines the purposes and means of the processing of personal data

data processor: a natural or legal person, public authority which processes personal data on behalf of the data controller

consent of the data subject: the voluntary expression of the will of the data subject by which he or she gives his or her consent to the processing of personal data concerning him or her

personal data breach: breach of data protection security Furthermore, the term “Company” means NAGOYA Kft.

General information

The full regulation on data protection is contained in GDPR 2018 E1-2 Data processing procedure.

The Company places and makes available its General Data Protection Information on its website and on the Information Boards at its premises.

Data protection activity

Our Company declares that it performs its data processing activities – by implementing appropriate internal rules, technical and organizational measures – in such a way as to comply with the Data Protection Regulation.

Risk assessment of data protection activities

During the risk assessment, the Company – depending on the outcome – takes the necessary measures to reduce the risks related to data protection.

Information on individual data processing

Main data processing activities of our Company as Data Controller, according to data management purposes: Main data processing related to employment:

• Labour and personnel records
• Data processing in connection with employee aptitude assessments
• Processing of data of employees applying for employment (applications, CVs)
• Data processing related to the control of devices provided by the employer
• Data processing related to camera surveillance at work

In connection with the contracting partners, it carries out the following main data processing::

• Customer data: data processing of contact persons of contracting partners (customers, suppliers) (name, position, telephone number, E-mail address)

In order to comply with a legal obligation, it carries out the following main data processing:

• Data processing for the purpose of fulfilling tax and accounting obligations

Legal basis for data processing

Personal data may be processed on the following legal bases:

1. the data subject has given his/her consent
2. data processing is necessary for the performance of a contract
3. processing is necessary for compliance with a legal obligation to which the controller is subject
4. processing is necessary to protect the vital interests of the data subject
5. processing is necessary in the exercise of public interest or official authority;
6. processing is necessary for the enforcement of the legitimate interests pursued by the controller or by a third party.

Ensuring the lawfulness of data processing

Data processing based on the consent of the data subject

Before commencing data processing, the Company shall inform the data subject (in a publicly accessible form) of the facts related to the processing of his or her data, the purpose and legal basis of data processing. If the data subject gives his/her consent by signing the Statement, the Company will process the data for the specified purposes. The data subject also has the possibility to withdraw consent.

It also qualifies as consent if the data subject gives his or her consent on the Company’s website.

The Company processes the data for the purpose of fulfilling the legal obligation to which it is subject,  even after the withdrawal of the consent of the data subject. 

In the case of processing the data of employees applying for employment, applications, CVs: name, date of birth, place, address, qualification documents, telephone number, e-mail address, employer record data of the applicant, if the applicant has provided these data.  The purpose of data processing: application, evaluation of application  , conclusion of an employment contract with the selected person. It shall inform the data subject if the employer has not chosen him.

Legal basis for data processing: consent of the data subject (also consent if someone submits an application)

Duration of storage of personal data: The data recorded during the application will be kept until the evaluation of the application. The personal data of unselected applicants will be deleted by the Company.

The purpose of data processing related to aptitude tests is to assess medical fitness for the given position, in accordance with the employment rule.  Scope of personal data that can be processed: the fact of job suitability and the conditions required for this.  Legal basis for data processing: legitimate interest of the employer. Purpose of processing personal data: establishing and maintaining an employment relationship, filling a position. The employer receives only the data whether he is suitable for the job or not, and under what conditions.

In the labour and personnel records, the employer records and processes only those data specified by law that are necessary for the establishment, maintenance and termination of the employment relationship and for the provision of social and welfare benefits.

Processing of special data: The Company processes the personal data of data subjects with whom it has a paying relationship for the purpose of fulfilling tax and contribution obligations (tax, tax advance, determination of contributions, payroll, social security administration).

The Company regulated the data processing provided to the employee exclusively for the performance of his/her job duties: computer, laptop, tablet, Company mobile phone, workplace Internet use.

The Company uses an electronic surveillance system – a camera – at its headquarters, which also enables image recording, in order to protect property and ensure security for the performance of its tasks. Personal data can also be considered the conduct of the data subject, which is recorded by the camera. If you do not consent to being recorded, please do not enter the enclosed area. It is considered implied conduct if you enter the area despite the information sign or description. Signs telling you how to take a shot  will alert you before you enter.  Legal basis for data processing: enforcement of the legitimate interests of the employer. The recorded recordings – in the absence of use – are kept for a maximum of 5 (five) working days.

Data processing related to the contract: The contact details of natural person contractual partners and natural person representatives of legal entity customers, buyers and suppliers are processed by the Company for the purpose of fulfilling legal obligations and performance of contracts, tax and accounting obligations. Duration of storage of these personal data: 5 years after the existence of the business relationship or the existence of the data subject’s capacity as representative.

Data security measures: The Company takes and has taken the technical and organizational measures and develops rules necessary to enforce the Regulation in order to ensure the security of personal data. NAGOYA Kft. protects the data with appropriate measures against accidental or unlawful destruction, loss, etc. or unauthorized access. The Company imposes confidentiality obligations on employees regarding the processing of personal data. IT systems are protected by firewalls and virus protection.

Our Company uses a Data Processor as data controller and informs the data subjects thereof.

Handling data breaches

In the event of a breach of data security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed, the Company shall investigate the incident within the framework of a regulated procedure and take the necessary measures to mitigate the damage. The prevention and management of personal data breaches is the responsibility of the managing director.

A personal data breach can be reported at the Company’s central e-mail address and phone number.