Effective as of 15 December 2021
Sectran application (hereinafter referred to as: Application) is a mobile application through which the services provided by SECTRAN Kft. (CRN: 16-09-016061, EU tax number: HU 14313965, registered office: H-5008 Szolnok, Fazekas Mihály utca 42., hereinafter referred to as: Service Provider) are allowed to use by those individuals (hereinafter referred to as: User) who have access to use certain services available in the Application.
1. Conditions of downloading and using of application
2. Details of data processing
- Data Controller
The data controller of the Application and the DiDb system is SECTRAN Kft.
2.2 Data Protection Officer
In order to ensure the lawfulness of data processing, to protect the rights of the data subjects and to ensure the exercise of the rights of data subjects, the Service Provider has appointed a Data Protection Officer. Contact data of the Data Protection Officer is: firstname.lastname@example.org
2.3 Purpose of personal data processing
By using the Application, two different but essentially identical data management purposes are achieved:
Service 1 (Use of Driver Functions): for Users with DiDb membership and active e-card to use DiDb system by Application
Service 2 (Use of Guard Functions): for Users registered by the Service Provider or the Service Provider’s contractual customer to use the Application’s guard functions
The purpose of data management is therefore to enable the User with access to the service provided by Service Provider to use the Application.
2.4 Legal basis for personal data processing
Given that the Service Provider provides the Application in order to access its certain services also with the help of smart devices, the legal basis for data management is the legitimate interest of Service Provider according to Article 6 (1) f) of the GDPR. However, the Service Provider draws the User’s attention to the fact that this only applies to data management related to the use of Application: If the User uses the DiDb system with the help of the Application, the data management performed with the help of the Application are included in the manual that can be downloaded from the official website of DiDb (www.didb.eu ) under the menu item “Download”.
2.5 Categories of personal data processed
During the use of Application, the Service Provider manages and logs the following data:
- User identification data
- type of service used by the User
- activities performed by the User
Service Provider draws the User’s attention to the fact that the description of the data management performed during the use of the Application is not included in the Application, but can be downloaded from the official website of DiDb under the menu item “Download”.
2.6 Recipients of personal data
The Service Provider will not transfer the data processed during the use of the Application to any third parties, third countries or international organizations. However, the Service Provider draws the attention of the Users to the fact that disclosure of personal data to courts and authorities may be required by law. If the Service Provider is required by a court or authority to provide personal data in the course of a procedure specified in a legal act, it shall provide the requested data to the acting court or authority in compliance with its legal obligation.
Description of the data transfers that take place during the use of the Application can be downloaded from the official website of DiDb under the “Download” menu item.
2.7 Retention of personal data
All User-related data which are logged during the use of Application shall be stored by the Service Provider until the end of the fifth year following the termination of the User Account.
The storage period of the data generated during the use of the Application is ruled in the description, which can be downloaded from the official website of DiDb under the menu item “Download”.
2.8 Source of personal data
The data required for the use of the Application are generated by the person performing the pre-registration, or the Service Provider or the Service Provider’s contractual customer. When using the Application, the logging data is generated by the User.
2.9 Rules applicable to the exercise of data subjects’ rights
Based on Chapter III of the GDPR, the Service Provider provides the following options to the Users in connection with the use of the Application, namely a User may
- request information on the processing of his/her personal data (‘right of access’)
- request the rectification of his/her personal data (‘right to rectification’)
- request the erasure of his/her personal data if he/she considers that the processing of his/her personal data is unlawful, no longer necessary in relation to the purposes for which they were collected, or one of the conditions listed in Article 17 (1) of the GDPR is met (‘right to erasure’)
- withdraw his/her consent on which the processing is based (a special case of ‘right to erasure’)
- object to the processing of personal data concerning him or her (‘right to object’)
- request the restriction of the processing of his/her personal data (‘right to restriction of processing’)
- exercise his/her right to data portability (‘right to data portability’)
2.10 Rules applicable to the remedies available to data subjects
Should the Service Provider fail to act on the User’s request, or should the action be rejected by the User, the user may seek judicial remedy against the Service Provider. The User may lodge a complaint about a data processing procedure at the competent local data protection authority or the regional court of his/her place of residence or place of stay.
2.11 Automated decision making and profiling
Service Provider does not perform automated decision making on the data obtained.
3. Miscellaneous provisions