Privacy policy on data processing carried out during the use of the Sectran application

 

Effective as of 15 December 2021

 

 

Preamble

 

Sectran application (hereinafter referred to as: Application) is a mobile application through which the services provided by SECTRAN Kft. (CRN: 16-09-016061, EU tax number: HU 14313965, registered office: H-5008 Szolnok, Fazekas Mihály utca 42., hereinafter referred to as: Service Provider) are allowed to use by those individuals (hereinafter referred to as: User) who have access to use certain services available in the Application.

 

Service Provider intends to comply with its statutory obligation to provide information pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, hereinafter referred to as GDPR), by issuing this Privacy Policy in respect of data processing related to downloading and using the Application and rules applicable to the use of the Application.

 

1.       Conditions of downloading and using of application

 

The Service Provider, as the operator of the Application, draws the attention of all Users to the fact that the Application may only be used by a User who is entitled to at least one of the services available with the Application. The terms and conditions for downloading and using the Application and the available services are described in Sections 2 and 4 of the Terms of Use for the Sectran Mobile Application.

 

2.       Details of data processing

 

  • Data Controller

 

The data controller of the Application and the DiDb system is SECTRAN Kft.

 

2.2   Data Protection Officer

 

In order to ensure the lawfulness of data processing, to protect the rights of the data subjects and to ensure the exercise of the rights of data subjects, the Service Provider has appointed a Data Protection Officer. Contact data of the Data Protection Officer is: dataprotection@sectran.eu

 

2.3   Purpose of personal data processing

 

By using the Application, two different but essentially identical data management purposes are achieved:

Service 1 (Use of Driver Functions): for Users with DiDb membership and active e-card to use DiDb system by Application

Service 2 (Use of Guard Functions): for Users registered by the Service Provider or the Service Provider’s contractual customer to use the Application’s guard functions

 

The purpose of data management is therefore to enable the User with access to the service provided by Service Provider to use the Application.

 

2.4   Legal basis for personal data processing

 

Given that the Service Provider provides the Application in order to access its certain services also with the help of smart devices, the legal basis for data management is the legitimate interest of Service Provider according to Article 6 (1) f) of the GDPR. However, the Service Provider draws the User’s attention to the fact that this only applies to data management related to the use of Application: If the User uses the DiDb system with the help of the Application, the data management performed with the help of the Application are included in the manual that can be downloaded from the official website of DiDb (www.didb.eu ) under the menu item “Download”.

 

2.5   Categories of personal data processed

 

During the use of Application, the Service Provider manages and logs the following data:

  • User identification data
  • type of service used by the User
  • activities performed by the User

 

Service Provider draws the User’s attention to the fact that the description of the data management performed during the use of the Application is not included in the Application, but can be downloaded from the official website of DiDb under the menu item “Download”.

 

2.6   Recipients of personal data

 

The Service Provider will not transfer the data processed during the use of the Application to any third parties, third countries or international organizations. However, the Service Provider draws the attention of the Users to the fact that disclosure of personal data to courts and authorities may be required by law. If the Service Provider is required by a court or authority to provide personal data in the course of a procedure specified in a legal act, it shall provide the requested data to the acting court or authority in compliance with its legal obligation.

 

Description of the data transfers that take place during the use of the Application can be downloaded from the official website of DiDb under the “Download” menu item.

 

2.7   Retention of personal data

 

All User-related data which are logged during the use of Application shall be stored by the Service Provider until the end of the fifth year following the termination of the User Account.

 

The storage period of the data generated during the use of the Application is ruled in the description, which can be downloaded from the official website of DiDb under the menu item “Download”.

 

2.8   Source of personal data

 

The data required for the use of the Application are generated by the person performing the pre-registration, or the Service Provider or the Service Provider’s contractual customer. When using the Application, the logging data is generated by the User.

 

2.9   Rules applicable to the exercise of data subjects’ rights

 

Based on Chapter III of the GDPR, the Service Provider provides the following options to the Users in connection with the use of the Application, namely a User may

  1. request information on the processing of his/her personal data (‘right of access’)
  2. request the rectification of his/her personal data (‘right to rectification’)
  3. request the erasure of his/her personal data if he/she considers that the processing of his/her personal data is unlawful, no longer necessary in relation to the purposes for which they were collected, or one of the conditions listed in Article 17 (1) of the GDPR is met (‘right to erasure’)
  4. withdraw his/her consent on which the processing is based (a special case of ‘right to erasure’)
  5. object to the processing of personal data concerning him or her (‘right to object’)
  6. request the restriction of the processing of his/her personal data (‘right to restriction of processing’)
  7. exercise his/her right to data portability (‘right to data portability’)

 

The User may submit his/her request to exercise data subjects’ rights primarily in writing, addressed to the Data Protection Officer of the Service Provider, using the contact details indicated in this Privacy Policy. The Data Protection Officer of the Service Provider will inform the User of action taken on his/her request within one month upon receipt. The Service Provider may extend this deadline by a maximum of two further months if the complexity of the request or the number of requests currently being processed justifies this, however, the User will be informed thereof within one month of receipt of the request by electronic means.

 

2.10           Rules applicable to the remedies available to data subjects

 

Should the Service Provider fail to act on the User’s request, or should the action be rejected by the User, the user may seek judicial remedy against the Service Provider. The User may lodge a complaint about a data processing procedure at the competent local data protection authority or the regional court of his/her place of residence or place of stay.

 

2.11           Automated decision making and profiling

 

Service Provider does not perform automated decision making on the data obtained.

 

3.       Miscellaneous provisions

 

Information not mentioned in this Privacy Policy shall be governed by the provisions of GDPR.