X

Privacy policy

Privacy policy

Privacy Policy

Effective: From May 7, 2024, until revoked

  1. I.Introduction
  2. In connection with Team Compass, the Data Controllers are committed to complying with the protection of natural persons with regard to the processing of personal data and the free movement of such data, as well as the repeal of Directive 95/46/EC (General Data Protection Regulation) set out in Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter: GDPR), and the rules of Act CXII of 2011 on the right to informational self-determination and freedom of information; the processing of personal data in accordance with legal requirements and the security of data are of utmost importance to the Data Controllers.
  3. The Data Controllers provide the following information (hereinafter: Notice) in connection with the personal data processed in relation to the use of Team Compass.
  4. The purpose of the Notice is to record, in accordance with the relevant legal provisions, among other things, the purposes for which, the duration, the legal basis, and the manner in which the Data Controllers process the personal data provided to them, as well as the rights enforcement and legal remedy options available to the data subjects in relation to the data processing.
  5. If any questions or comments arise regarding the information provided here, the Data Controllers can be contacted at the email address info@teamcompass.hu or through their other contact details.
  6. II.Basic Concepts
  7. The most important concepts appearing in the Notice are summarized below:
  8. 1.Personal data: Any information relating to the Data Subject that enables their identification or identifiability. A natural person is identifiable, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. The Data Subject’s email address qualifies as personal data.
  9. 2.Data processing: Any operation or set of operations performed on data, regardless of the procedure applied, including collection, recording, organization, storage, alteration, use, retrieval, transmission, disclosure, alignment or combination, restriction, erasure, or destruction, as well as preventing further use of the data.
  10. 3.Data Controller: A natural or legal person, public authority, agency, or any other body that determines the purposes and means of processing personal data, alone or jointly with others. In the context of the data processing described in this Notice, the designated Data Controllers are considered joint Data Controllers.
  11. 4.Data Processor: A natural or legal person, public authority, agency, or any other body that processes personal data on behalf of the Data Controller (e.g., a hosting provider).
  12. 5.Data Subject: An identified or identifiable natural person; in the context of using Team Compass, the participating team members are considered Data Subjects.
  13. 6.Authority: The National Authority for Data Protection and Freedom of Information (address: 1055 Budapest, Falk Miska u. 9-11.; email: ugyfelszolgalat@naih.hu; website: http://naih.hu; phone: +36 (1) 391-1400).
  14. 7.Recipient: A natural or legal person, public authority, agency, or any other body with whom or which the personal data is shared, regardless of whether they are a third party.
  15. III.The Data Controllers
  16. In connection with the provision of the Team Compass service, the following Data Controllers jointly participate in the data processing activities, thus engaging in joint data processing. The Data Controllers jointly determine the purpose and means of data processing, and they jointly provide the service to the users.
  17. 1.Data Controller:
  18. Company name: Nyitott Világ Betéti Társaság
  19. Registered office and mailing address: 2900 Komárom, Arany János utca 11/A
  20. Company registration number: 11-06-010615
  21. Tax number: 20202589-1-11
  22. Email: izabellcsordas@gmail.com
  23. Representative of the Data Controller:
  24. Name: Csordás Izabella
  25. Mailing address: 1124 Budapest, Fürj utca 28/B, 1st floor, door 6
  26. Email: izabellcsordas@gmail.com
  27. 2.Data Controller:
  28. Name: Édelmann Eszter Zsófia
  29. Entrepreneur registration number: 58116719
  30. Mailing address: 1141 Budapest, Egressy út 113, Building C, 5th floor, door 2
  31. Email: e.edelmann@gmail.com
  32. IV.Data Processing Principles
  33. The data processing principles adhered to by the Data Controllers during data processing activities are summarized below.
  34. 1.Lawfulness, fairness, and transparency:
  35. The processing of the Data Subject’s personal data is carried out exclusively in a lawful and fair manner, and in a way that is transparent to the Data Subject. The Data Controller makes the current version of the Notice freely and continuously available to Data Subjects by publishing it on their website. The Data Controller does not process the provided personal data in an unfair manner or for purposes beyond those specified in this Notice, and during data processing activities, they always act in accordance with this Notice and applicable laws.
  36. 2.Purpose limitation:
  37. The Data Controllers may process personal data only for the clear and lawful purposes specified in this Notice.
  38. 3.Storage limitation:
  39. The Data Controllers ensure that the storage of the Data Subject’s personal data is carried out in a form that allows identification of the Data Subjects only for the period necessary to achieve the purposes of the data processing.
  40. 4.Data minimization:
  41. The Data Controller processes only the personal data that is necessary and relevant for the purpose of the data processing.
  42. 5.Accuracy:
  43. The Data Controller aims to ensure that the recorded personal data remain up-to-date and accurate with respect to the data processing purposes, and to this end, the Data Controllers take all reasonable measures. If there is a change in the Data Subject’s personal data, please notify the Data Controllers accordingly.
  44. 6.Data protection principle / integrity and confidentiality:
  45. The Data Controllers place great importance on the protection of personal data, and therefore take all necessary and reasonable technical and organizational measures, aligned with the current state of technology, to ensure the appropriate security of personal data, as well as protection against unauthorized or unlawful processing, accidental loss, destruction, or damage.
  46. 7.Accountability:
  47. The Data Controllers are responsible for compliance with the above principles and must be able to demonstrate such compliance.
  48. V.Purpose of Data Processing, Data Processing During the Use of Team Compass
  49. -Purpose of data processing: Evaluation of responses provided in the Team Compass questionnaire and, in connection with this, the assessment of teams for organizational development purposes.
  50. -Scope of processed data: Name, email address.
  51. -Data Subject: Employees of the client company.
  52. -Legal basis for data processing: Legitimate interest of the Data Controllers [GDPR Article 6(1)(f)] – the Data Controllers conducted an interest balancing test in a separate document, concluding that the processing of team members’ personal data is essential for fulfilling the contract with the client company and providing the Team Compass service.
  53. -Duration of data processing: One year from the date of the team assessment prepared based on Team Compass.
  54. VI.Data Processors, Recipients
  55. -The hosting provider for the teamcompass.hu website is DrawJob Reklám és Grafika Korlátolt Felelősségű Társaság (company registration number: 13-09-207373; registered office: 2000 Szentendre, Egres út 40.; represented by: Surmann Gyula, managing director; contact: info@drawjob.hu).
  56. -Server services for the Data Controllers are provided by DrawJob Reklám és Grafika Korlátolt Felelősségű Társaság.
  57. -The developer of Team Compass is DrawJob Reklám és Grafika Korlátolt FeGREENsségű Társaság.
  58. VII.Rights Enforcement and Legal Remedies
  59. Rules for exercising Data Subject rights:
  60. The Data Controller is obliged to provide the requested information without undue delay, but no later than one month from the receipt of the request for information. If necessary, taking into account the complexity of the request and the number of requests, this period may be extended by an additional two months. The Data Controller informs the Data Subject of the extension, stating the reasons for the delay, within one month of receiving the request.
  61. If the Data Controller does not take action on the Data Subject’s request, they shall inform the Data Subject without delay, and no later than one month from the receipt of the request, of the reasons for not taking action and of the possibility for the Data Subject to lodge a complaint with the Authority and to seek judicial remedy.
  62. If the Data Controller has reasonable doubts about the identity of the person submitting the request, they may request additional information to confirm the identity.
  63. Communication with the Data Controller:
  64. Communication between the Data Subject and the Data Controllers primarily takes place via email. The Data Controllers have designated Édelmann Eszter as the contact person for matters related to Data Subject rights, and the email address for this purpose is: e.edelmann@gmail.com.
  65. 1.Right of access:
  66. The Data Subject is entitled to request feedback from the Data Controller at any time regarding whether their personal data is being processed, and if such processing is ongoing, the Data Subject has the right to access their processed personal data to the extent specified below.
  67. The information provided by the Data Controller in connection with access may cover, in particular, the following:
  68. a)the source of the processed personal data,
  69. b)the purpose and legal basis of the data processing,
  70. c)the scope of the processed personal data,
  71. d)in case of data transfer, the recipients of the data transfer, including recipients in third countries and international organizations,
  72. e)the retention period of the processed personal data and the criteria for determining this period,
  73. f)the rights of the Data Subject under the Info Act and GDPR, and the methods for exercising those rights,
  74. g)in the case of automated decision-making or profiling, the fact of its use,
  75. h)the circumstances, effects, and measures taken to address data protection incidents related to the processing of the Data Subject’s personal data,
  76. i)the right to lodge a complaint with the supervisory authority.
  77. Upon the Data Subject’s request, the Data Controller provides a copy of the personal data free of charge, but may charge a fee for subsequent requests.
  78. 2.Rectification:
  79. The Data Subject is obliged to notify the Data Controller in writing of any changes in their personal data. The Data Controller fulfills the request for data changes within 8 days of receiving the request. If the Data Subject does not report changes in their personal data without delay, they shall bear the consequences. If the provided personal data does not correspond to reality and the correct personal data is available to the Data Controller, the Data Controller automatically rectifies the personal data.
  80. 3.Data erasure:
  81. The Data Subject is entitled to request that the Data Controller erase their personal data without undue delay, and the Data Controller is obliged to erase the personal data relating to the Data Subject without undue delay, particularly if one of the following grounds applies:
  82. a)the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
  83. b)the Data Subject withdraws their consent to the data processing, and there is no other legal basis for the processing (the withdrawal does not retroactively affect the lawfulness of the processing);
  84. c)the Data Subject objects to the processing based on legitimate interests;
  85. d)the personal data has been processed unlawfully by the Data Controller;
  86. e)the personal data must be erased to comply with a legal obligation under EU or Member State law applicable to the Data Controller;
  87. f)the personal data was collected in connection with the offering of information society services referred to in Article 8(1) of the GDPR.
  89. The Data Controller is not obliged to erase the processed personal data in the above cases if the processing is necessary:
  90. a)for exercising the right to freedom of expression and information;
  91. b)for compliance with a legal obligation under EU or Member State law applicable to the Data Controller, or for the performance of a task carried out in the public interest;
  92. c)for statistical, archiving, or scientific and historical research purposes, if erasure would likely render such processing impossible or seriously impair it;
  93. d)for reasons of public interest in the area of public health, in accordance with Article 9(2)(h) and (i) and Article 9(3) of the GDPR;
  94. e)for the establishment, exercise, or defense of legal claims.
  95. 4.Right to restriction of processing:
  96. The Data Subject is entitled to request that the Data Controller restrict processing if one of the following conditions is met.
  97. a)the Data Subject contests the accuracy of their personal data, in which case the restriction applies for the period necessary for the Data Controller to verify the accuracy of the personal data;
  98. b)the processing is unlawful, and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;
  99. c)the Data Controller no longer needs the personal data for the purposes of processing, but the Data Subject requires them for the establishment, exercise, or defense of legal claims;
  100. d)the Data Subject has objected to the processing, in which case the restriction applies for the period until it is determined whether the Data Controller’s legitimate grounds override those of the Data Subject.
  101. If processing is restricted as described above, such personal data may only be processed, except for storage, with the Data Subject’s consent, or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest. If the restriction of processing is lifted, the Data Controller notifies the Data Subject who requested the restriction in advance.
  102. 5.Right to object to processing:
  103. The Data Subject is entitled to object, on grounds relating to their particular situation, at any time to the processing of their personal data based on legitimate interests as specified in this policy. In such cases, the Data Controller may no longer process the personal data unless they demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the Data Subject, or that are related to the establishment, exercise, or defense of legal claims.
  104. 6.Right to data portability:
  105. With regard to personal data processed based on the Data Subject’s consent or for the performance of a contract, the Data Subject is entitled to receive the personal data concerning them, which they provided to the Data Controller, in a structured, commonly used, and machine-readable format, and is entitled to transmit those data to another Data Controller without hindrance from the Data Controller to whom the personal data was provided. This right can only be exercised for personal data processed based on consent or contract and processed digitally.
  106. 7.Initiation of proceedings with the Authority:
  107. The Data Subject may initiate an investigation by submitting a complaint to the Authority, claiming that a violation of their rights has occurred or there is an imminent risk of such a violation in connection with the processing of their personal data. The Authority’s investigation is free of charge, and the costs of the investigation are borne by the Authority. No one may suffer any disadvantage due to a complaint filed with the Authority.
  108. Authority contact details: address: 1055 Budapest, Falk Miska u. 9-11.; email: ugyfelszolgalat@naih.hu; website: http://naih.hu; phone: +36 (1) 391-1400.
  109. 8.Judicial remedy:
  110. In case of a violation of their rights, the Data Subject may take legal action against the Data Controller, and the case falls under the jurisdiction of the regional court. As a general rule, the court with jurisdiction is the one at the Data Controller’s registered office, but at the Data Subject’s choice, the case may also be initiated before the court at the Data Subject’s place of residence or stay. The jurisdiction of the courts can be checked using the “Court Finder” application on the website www.birosag.hu. The court handles the case with priority.
  111. 9.Compensation:
  112. Any person who has suffered damage as a result of a violation of data protection regulations is entitled to compensation from the Data Controller for the damage suffered.
  113. The Data Controller is liable for any damage caused by data processing that violates data protection regulations.
  114. The Data Controller is exempt from liability if they prove that they are not in any way responsible for the event that caused the damage.
  115. VIII.Data Security
  116. The Data Controllers ensure the security of data processing and, to this end, take the necessary and appropriate technical and organizational measures. They ensure the confidentiality of personal data (e.g., protection against disclosure or unauthorized access), integrity (e.g., protection against alteration, modification, or deletion), and availability (e.g., accessibility and recoverability).
  117. During their data processing and related organizational activities, the Data Controllers take into account the current state and development of science and technology. They strive to apply the most secure technologies, or those appropriate to the level of risk, to maintain data security, in order to protect the rights and freedoms of natural persons.
  118. IX.Other Provisions
  119. The Data Controllers reserve the right to unilaterally modify the Notice at any time, and the latest version of the Notice is always available on the teamcompass.hu website.
  120. Budapest, May 7, 2024

Contact

 

© 2022, 2026 · Team Compass. All rights reserved.