Privacy Policy

Please read this Privacy Policy carefully in order to understand your rights regarding data processing and how your personal data are processed. 

Firstly, please note that Szommer Könyvelőiroda Kft and sole trader Tímea Szommer, in mutual support of one another’s work, work in collaboration under a cooperation agreement to provide accounting services of the highest standards and, to that end, maintain a joint database, jointly determining the purposes and tools of data processing and are regarded as a joint data controller.

Note that in the course of its business, our company pays particular attention to protecting personal data, complying with mandatory legal provisions and processing data securely and fairly. We acknowledge the principles and rules related to protecting and processing your personal data, which are the basis of our data processing. We hereby wish to inform you of the principles and the process of as well as the guarantees provided in data processing. We acknowledge the right of natural persons to have control of their own personal data. However, note that the right to the protection of personal data is not an absolute right; it must be considered in accordance with the principle of proportionality and be balanced against other fundamental rights. Pursuant to Article 13 of the European Union’s General Data Protection Regulation (Regulation 2016/679, hereinafter: GDPR), please note the following:

1. Data controller

Company: Szommer Könyvelőiroda Kft.
Address: 8800 Nagykanizsa, Damjanich u.3.A.ép.1.
Website: www.szommerkonyvelo.hu
Contact person: Szommer Tímea
Phone: +36 30 267 7700
E-mail: szommer.timea@szommerkonyvelo.hu
Data Protection Officer: pursuant to Article 37 of the Regulation, Data Controller shall appoint a Data Protection Officer
Privacy Request: if you have any requests or questions regarding data processing, you may send them by post or electronically to the addresses below: 8800 Nagykanizsa, Damjanich u.3. A.ép.1.
Replies will sent without delay but no later than within 30 days to the address you provided.
Data Processing: data processing for the controller is carried out by the persons specified in the policy.

Company: Szommer Tímea sole trader
Address: 8800 Nagykanizsa, Damjanich u.3.A.ép.1.
Website: www.szommerkonyvelo.hu
Contact person: Szommer Tímea
Phone: +36 30 267 7700
E-mail: szommer.timea@szommerkonyvelo.hu
Data Protection Officer: pursuant to Article 37 of the Regulation, Data Controller shall appoint a Data Protection Officer
Privacy Request: if you have any requests or questions regarding data processing, you may send them by post or electronically to the addresses below: 8800 Nagykanizsa, Damjanich u.3.A.ép.1.
Replies will sent without delay but no later than within 30 days to the address you provided.
Data Processing: data processing for the controller is carried out by the persons specified in the policy.

2. Applied statutory provisions

Personal data controlled by our company are, at all times, processed in accordance with applicable Hungarian and EU regulations and data processing principles and our company provides all warranty terms required for secure data processing.

This Privacy Policy is based on – especially but not limited to – the following legislative acts:

  • The Fundamental Law of Hungary
  • Act CXII of 2011 on Information Self-determination and Freedom of Information (Infotv.)
  • Act V of 2013 on the Civil Code (Ptk.)
  • Act CXXX of 2016 on the Code of Civil Procedure (Pp.)
  • Act CLV of 1997 on Consumer Protection (Fgytv.)
  • Act C of 2012 on the Criminal Code (Btk.)
  • Act XIX of 1998 on Criminal Proceedings (Be.)
  • Act C of 2000 on Accounting (Számv. tv.)

3. Data processing principles

In our data processing practices, our company always adheres to the following principles:

lawfulness: compliance with all applicable regulations of the European Union and Hungary

fairness: fair trial in accordance with applicable regulations and principles

transparency: data processing shall be transparent and accessible to data subjects

purpose limitation: personal data shall be collected only for specified, explicit and legitimate purposes This policy specifies the purposes of personal data processing by Controller from collection to destruction [Paragraph (b) of Article 5(1) of the Regulation]

data minimisation: based on the principle of purpose limitation, data shall be processed only if relevant and limited to what is necessary in relation to the purposes for which they are processed. [Paragraph (c) of Article 5(1) of the Regulation]

proportionality: controller may limit any natural person’s right to information self-determination only in order to safeguard another right and only to the extent necessary. Implementation of the principle of proportionality shall be accurately documented in specific cases in order to support lawfulness of data processing. [Paragraph (f) of Article 6(1) of the Regulation]

accuracy: having regarding to the principles of data processing, every reasonable step must be taken at the time of the processing to ensure that personal data that are inaccurate are erased or rectified. [Paragraph (d) of Article 5(1) of the Regulation]

accountability: Controller shall be responsible for complying and ensuring compliance with applicable regulations and this policy. Controller shall develop its data processing mechanisms in a manner to be able to demonstrate compliance with data processing principles and regulations. [Paragraph 2 of Article 5 of the Regulation]

privacy-by-design: when developing its data processing mechanisms, Controller shall take into account data security and data processing principles, whose implementation it shall ensure by integrating the necessary safeguards into the processing. [Article 26 of the Regulation]

4. Data processing purposes

In accordance with the principle of purpose limitation, our company processes data for the following purposes:

  • our company processes personal data of persons using the services in order to comply with legal obligations and to maintain customer relations;
  • processing of personal data of employees and applicants;
  • assist internal administration;
  • regulatory obligation (e.g. accounting obligations)

5. Legal basis for data processing

Your personal data are processed on the following legal basis as specified in the
Regulation:

  • issue invoice in accordance with accounting regulations: legal basis: Point (c) of Article 6(1) of GDPR
  • communication: legal basis: Point (b) of Article 6(1) of GDPR
  • processing employee data: legal basis: Points (b) and (c) of Article 6(1) of GDPR
  • processing contractual partner data: legal basis: Point (b) of Article 6(1) of GDPR
  • Marketing: legal basis: Point (a) of Article 6(1) of GDPR. A Facebook page is maintained for marketing purposes but no single database is being created or profiling carried out.

The balancing tests in legitimate interest specified under point (b) and (f) may be viewed after sending a request to the email address szommer.timea@szommerkonyvelo.hu

6. Your rights

Regarding your personal data, you have the following rights as specified by law:

  • right to access (know the data and the fact whether data are being processed);
  • if data are obsolete or incorrect, right to correct thereof;
  • right to deletion (only in the event of data processing with consent)
  • right to limit personal data processing;
  • right to prohibit use of personal data for direct marketing purposes;
  • right to transfer of personal data to third party provider, or to prohibit thereof;
  • right to request a copy of any personal data processed by controller; or
  • right to object use of personal data

7. Data processors

In order to ensure our website’s continuous and proper operation, our company may use a data processor when processing your data. Data Processor shall mean a natural or legal person or organisation authorised or instructed by our company to process data. In order to prevent any violation of your rights, our company only transfers data to processors who are subject to the Regulation and thereby applicable regulations.
As part of its business operations, our company transfers data to the following processors:

Name Address Tax ID Company reg.number
GTSA Tech Zrt. 2800 Tatabánya, Fő tér 20. 25467587-2-11 11-10-001715
transfered data We store all data ont he server provided by GTSA Teck Zrt. purpose of data transfer provision of hosting service

8. Website visitor data

Our website does not record user IP addresses or any other personal data during a user’s visit of our website.
However, the website’s html code may contain links from and to independent external servers for the purposes of web analytics measurements. These measurements include conversion tracking. The web analytics provider only processes browsing related data suitable to identify individuals without processing personal data.

9. Information legal recourse

If you have any questions and feedback, please contact our staff at the following address:
Name: Szommer Tímea
Address: 8800 Nagykanizsa, Damjanich u.3.A.ép.1.
Phone: +36 30 267 7700
E-mail: szommer.timea@szommerkonyvelo.hu

Please note that, notwithstanding our joint data processing, you may exercise your rights specified under Section 6 based on the Regulation in regard to both controllers and against any controller.

You may also pursue remedies before a court of law under the Civil Code of Hungary. You may also choose to start legal proceedings at the court of law with jurisdiction at your permanent address or residence. You also have an option to pursue remedies or file a complaint at the National Authority for Data Protection and Freedom of Information.

Name: National Data Protection and Information Freedom Authority (NAIH)
Postal address: 1530 Budapest, Pf.5.
Address: 1125 Budapest, Szilágyi E. fasor 22/c
Phone: +36 1 391 1400
Fax: +36 1 391 1410
E-mail: ugyfelszolgalat@naih.hu
Web: http://naih.hu

10. Record of processing (Article 30 of GDPR)

Activity Data handled Purpose of data handling Legal Basis Data transfer Mode and length of data handling
Processing of Personal Data of Interested Parties Name
Phone number
Email
identification, communication Point (b) of Article 6(1) of GDPR None maximum of 10 days
Execution of Orders — Bookkeeping, Payroll Records, Tax Consultancy, Invoicing Name
Phone number
Email
Invoicing name
Invoicing address
Tax ID
Fulfilling agency contract Point (b) of Article 6(1) of GDPR GTSA Tech Zrt. server Until agency contract is fulfilled or terminated; for invoicing details, 8 years
Issue of Accounting Documents Invoicing name
Invoicing address
Tax ID
issuing an invoice in relation to providing services

Point (c) of Article 6(1) of GDPR

NAV

at least 8 years
Accounting and Bookkeeping Invoicing name
Invoicing address
Tax ID
issuing an invoice in relation to providing services, preparing the balance sheet Point (b) of Article 6(1) of GDPR NAV at least 8 years

Complaint Management

Name
Phone
Address or delivery address
consumer complaint management

Point (c) of Article 6(1) of GDPR

Section 17/A. of Act CLX of 1997

None

5 years

Job Applications Name
Email
Phone
Data provided in CV
filling job, identification, communication Point (c) of Article 6(1) of GDPR None until consent is withdrawn, maximum 6 months

 

Data handled – employment data Purpose Storage Length of time
Name legal obligation storing on hard copy, management system 50 years

Maiden name

legal obligation storing on hard copy, management system 50 years
Place of birth legal obligation storing on hard copy, management system 50 years
Date of birth legal obligation storing on hard copy, management system 50 years
Mother’s maiden name legal obligation storing on hard copy, management system 50 years
Address legal obligation storing on hard copy, management system 50 years
Number of children, if applicable legal obligation storing on hard copy, management system 50 years
Personal ID number legal obligation storing on hard copy, management system 50 years
Title legal obligation storing on hard copy, management system 50 years
Gender legal obligation storing on hard copy, management system 50 years
Nationality legal obligation storing on hard copy, management system 50 years
TAX ID legal obligation storing on hard copy, management system 50 years
ID card number legal obligation storing on hard copy, management system 50 years
Address card number legal obligation storing on hard copy, management system 50 years
Social security number legal obligation storing on hard copy, management system 50 years
Bank account number legal obligation storing on hard copy, management system 50 years
Work email legal obligation storing on hard copy, management system 50 years
Work phone legal obligation storing on hard copy, management system 50 years
Other important employment related data legal obligation storing on hard copy, management system 50 years