Budapest Transport Closely Held Corporation (official seat: 1980 Budapest, Akácfa u. 15, company register number: 01-10-043037; hereinafter referred to as Data Controller) processes personal data provided by you in connection with the registration for the services available on the website on the basis of your consent as follows.

General information

Data Controller declares that the data obtained in connection with its activity shall be processed in accordance with the provisions of this Notice and the legislation in force.

Data Controller furthermore declares, that it will process the personal data of the data subjects (the natural persons whose data are processed) only for the purposes set out in this notice, in accordance with the principles of fair and lawful processing, to the extent and for the duration necessary. The Data Controller shall ensure that the data are accurate, complete, up-to-date and that the data subject can be identified only for the time necessary for the purposes for which they are processed.

The Data Controller shall in all cases process the personal data provided to it in compliance with the applicable Hungarian and European legislation and its data protection policy (https://www.bkv.hu/hu/adatvedelmi_politika?jid=), and shall in all cases take the technical and organisational measures necessary for the proper and secure processing of the data.

Please note that the processing of personal data is carried out in particular on the basis of the following applicable legislation:

• Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (27 April 2016) (GDPR), the current text of which is available via the link below:

http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG&toc=OJ:L:2016:119:TOC);

• Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information, the current text of which is available via the following link:

http://njt.hu/cgi_bin/njt_doc.cgi?docid=139257.338504).

This Notice discloses the information we are required by law to provide to you about our data processing, as follows. 

 

1. The purposes for which the personal data are intended to be processed:

- Registration for services available on the website. Purpose of data processing: user identification /ID number: N5/.

 

2. Legal basis for processing:

- the data subject has given his or her consent to the processing of his or her personal data.

 

3. If applicable, the recipients of the personal data and the categories of recipients:

- all employees of the Data Controller and the contractual partners, and the persons designated by the contractual partners, who perform tasks or monitor the performance of tasks in the operation of the website, in ensuring the security of the system, or monitor the performance of the tasks.

 

4. Duration of storage of personal data:

- up to 10 years after the last active use.

 

5. Rights of data subjects and how to exercise them:

 

The Controller shall inform the data subject of the action taken on the request without undue delay, but within one month of receipt of the request. If necessary, taking into account the complexity of the request and the number of requests, this time limit may be extended by a further two months. The Data Controller shall inform the data subject of the extension, stating the reasons for the delay, within one month of receipt of the request.

The data subject may exercise his or her rights vis-à-vis the Data Controller by using the following contact details: 1980 Budapest, Pf. 11; phone: +36-1/461-6500; e-mail: bkv@bkv.hu.

 

5.1. Access to data   

The data subject is entitled to be informed whether or not his or her personal data are being processed and, if so, to be informed of his or her personal data and of the information provided in points 1, 3, 4, 5.2 to 5.4 and 8 of this Notice.

The Data Controller shall provide the data subject with a copy of the personal data processed. It may charge a reasonable fee based on administrative costs for additional copies requested by the data subject. Where the data subject has made a request by electronic means, the information shall be provided in a commonly used electronic format, unless the data subject requests otherwise.

 

5.2. Correction of personal data

The data subject shall be entitled to have inaccurate personal data relating to him or her corrected by the Data Controller without undue delay upon his or her request. Having regard to the purposes of the processing, the data subject shall have the right to obtain the rectification of incomplete personal data.

 

5.3. Deletion of personal data

The data subject shall be entitled to have his or her personal data relating to him or her erased by the Data Controller without undue delay where one of the following grounds applies:

- the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

- the data subject withdraws consent to the processing of personal data and there is no other legal basis for the processing;

- the data subject objects to the processing and there are no overriding legitimate grounds for the processing;

- the personal data have been unlawfully processed;

- the personal data must be erased in order to comply with a legal obligation under European Union or Member State law to which the Data Controller is subject.

The Data Controller shall not delete personal data if the processing is necessary:

- to exercise the right to freedom of expression and information;

- to comply with an obligation under European Union or Member State law that requires the Data Controller to process personal data for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;

- on grounds of public interest in the field of public health;

- for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes, where the data subject's right to erasure would be likely to render the processing impossible or seriously jeopardise it;

- for the presentation, exercise or defence of legal claims.

 

5.4. Restriction of processing personal data

The data subject shall have the right to request from the Data Controller restriction of processing where one of the following applies:

-       the accuracy of the personal data is contested by the data subject, in which case the restriction applies for a period enabling the Data Controller to verify the accuracy of the personal data;

-       the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

-       the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of a legal claim;

-       the data subject has objected to the processing; in this case, the restriction applies for the period until it is established whether the legitimate reasons of the Data Controller override those of the data subject.

The Data Controller shall inform the data subject at whose request processing has been restricted in advance about the lifting the restriction of processing.

 

5.5. Notification obligation related to rectification, erasure or restriction of processing of personal data

The Data Controller shall communicate the rectification, erasure or restriction of processing of personal data to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. At the request of the data subject, the Data Controller shall inform him or her of these recipients.

 

5.6. Data portability

The data subject is entitled to receive the personal data concerning him or her, which he or she has provided to the Data Controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another data controller without hindrance from the Data Controller, where processing is based on the data subject's consent or on a contract; or the processing is carried out by automated means.

When exercising his or her right to data portability, the data subject shall have the right to have personal data transmitted directly from one data controller to another, where technically feasible.

 

5.7. Withdrawal of the consent

If processing is based on the consent of the data subject, the data subject may withdraw his or her consent at any time. The withdrawal shall not affect the lawfulness of the processing carried out on the basis of consent prior to its withdrawal.

 

6. Contact details of the Data Controller and the Data Protection Officer 

 

6.1. Responsible for data management

BKV Zrt’s organizational units implementing the given data processing purpose.

 

6.2 Contact details of Data Protection Officer:

 

Name:	dr. Valcz Tamás
Phone:	+36 (1) 461-6500
E-mail:	adatvedelem@bkv.hu

 

 

 

 

 

7. Data security:

 

We inform you that the Data Controller ensures the security of personal data through its relevant internal regulations, in particular the Corporate Data Protection and Data Security Policy, the IT Security Policy and the Document Management Policy, and takes the technical and organizational measures and establishes the procedural rules necessary to enforce the GDPR and other data and confidentiality rules.

The Data Controller processes personal data with the utmost care, in strict confidentiality, only to the extent necessary for the use of services, and in case of consent, in accordance with the provisions of the given person. The Data Controller shall ensure that the personal data processed:

• is protected against unauthorized access (confidentiality of data),
• is accessible to authorised persons (availability),
• its authenticity and authentication are ensured (credibility of data processing),
• its unchangedness can be proven (data integrity).

 

8. Remedies:

 

In case of violation of his rights, the data subject may turn to court. The person concerned may, at his or her choice, bring the action before the court of his/her domicile or residence.

The data subject shall have the right to lodge a complaint with the National Authority for Data Protection and Freedom of Information (hereinafter: Authority) regarding the processing of his or her personal data. Any person may initiate an investigation by reporting it to the Authority on the grounds that a violation of rights has occurred or there is an imminent threat thereof in connection with the processing of personal data. The contact details of the Authority shall be as follows:

 

Nemzeti Adatvédelmi és Információszabadság Hatóság (National Authority for Data Protection and Freedom of Information)

Seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Postal address: 1350 Budapest, Pf.: 5.

Phone: +3613911400

Fax: +3613911400

E-mail: ugyfelszolgalat@naih.hu

Webpage: https://www.naih.hu

 

9. Other information:

 

The Data Controller shall not collect or obtain any other data during the registration process, apart from the data to fill in the data fields. The personal data provided during the processing will be used by the Data Controller exclusively for the purpose of providing the chosen service.

The Data Controller shall use the data obtained through the registration procedure exclusively for the purpose indicated therein and shall not combine it with its databases from other sources.

The Data Controller shall not disclose the data obtained via the registration process to third parties in any form – with the exception when the Webshop purchase is performed by postal delivery.

During the registration process, Data Controller places small text pieces (cookies) on users’ computers to facilitate future logins of users who have completed the registration process. Acceptance of cookies does not give the Data Controller access to the user's computer or personal information other than the data that the user chooses to disclose. This procedure is strictly adhered to by the Data Controller. The visitor may choose whether or not to accept cookies. If he or she does not wish to accept the use of cookies, he or she can set his or her browser to notify him or her of the request to set cookies or to automatically disable their use.

The Data Controller shall do its utmost to keep the data in its possession confidential and to comply with the requirements of data security, but cannot be held liable for the disclosure of data due to a force majeure event.