Annex 2
DATA MANAGEMENT INFORMATION
Effective: from 1 January 2022
1. Data Controller's data
Name of Data Controller: Emobility Solutions Szolgáltató Korlátolt Felelősségű Társaság
Headquarters: 1025 Budapest, Felső Zöldmáli út 3/B.
Phone: +36 1 7733386
Email: helpdesk@esols.eu
Website: www.emobilitysolutions.eu
Company registration number: 01-09-188526
Representative/Data Protection Officer: János Ungár
Personal data for the purposes of this notice is any information relating to an identified or identifiable natural person (the "Data Subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier (such as a name, number, location data, online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person). The data processed by the Data Controller are personal data.
2. Purpose of the prospectus
The purpose of this privacy notice is to provide data subjects with information about the processing of their personal data in a clear and comprehensible manner.
Data management is not one of our core activities, but in carrying out this activity we pay particular attention to the relevant EU and national legislation, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.) "On the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Processing Regulation - GDPR)" and the provisions of the domestic Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Infotv.).
In terms of our professional activities, our company is engaged in the construction of the infrastructure necessary for the charging of electric vehicles, in particular the installation of charging equipment, as well as the development of software and applications for their management and control.
3. General purpose of data processing
Provision of services, development and use of software applications by customers and issuing of accounting vouchers.
4. Data processed
4.1 Downloading and using the application
Affected persons: any natural person who downloads and uses the app.
Purpose of processing: to provide a service.
| Activity | Data type | Legal basis | Target | Guarding time |
|---|---|---|---|---|
| Making an application available | Name | Performance of the contract | Provision of service | For 5 years from the date of termination of employment. |
| phone number | ||||
| e-mail address | ||||
| vehicle registration number |
The data management process:
The data provided by the customer when downloading the application will be used and processed for the duration of the contractual relationship, solely for the purpose of providing the service and maintaining contact.
The provision of data is an essential condition for the conclusion of a contract and the provision of services, in order to identify the customer and to maintain contact.
Transfer, transmission of data, use of a data processor
The Service Provider shall pay the service fee within the framework of the Simple Pay service provided by OTP Mobil Kft.
During the payment by bank card, as soon as the User enters the SimplePay application, OTP Mobil Kft. is considered as an independent data controller with regard to the personal data provided there, necessary for the payment by bank card. During the payment by bank card, Emobility Solutions Kft. does not perform any data processing, data collection or other data management activities, Emobility Solutions Kft. does not have access to these personal data. During payment by bank card, the User is not subject to any processing, processing or use of personal data by OTP Mobil Kft. SimplePay secure payment page. The payment is made directly on the site operated by OTP Mobil Service Provider Ltd., which operates according to the rules and security standards of international card companies.
In the OTP SimplePay system, the information you provide is necessary for a successful payment: (i) credit card number; (ii) name of the cardholder; (iii) expiry date of the card; (iv) CVC/CVV code of the card, which you provide as a security code in a closed system for successful payment.
4.2 Billing
Affected parties: all users who use the service.
Purpose of processing: to issue a document in accordance with the Accounting Act.
| Activity | Data type | Legal basis | Target | Guarding time |
|---|---|---|---|---|
| Billing | Name | Fulfilling a legal obligation | Issue of a certificate under the Accounting Act | Until the expiry of the obligation to keep them in accordance with the accounting rules in force. |
| Address |
Process of data processing
The names and addresses of the user's customers and, if requested by the user and provided by the user, billing information for non-natural persons are used to issue the accounting voucher. These documents or data will be kept until the expiry of the retention period under the accounting rules in force at the time.
The provision of the data is mandatory under the applicable legislation, and the service will not be provided in case of failure to provide the data.
Transfer, transmission of data, use of a data processor
For our invoice management activities, our company uses a data processor (KBOSS.hu Kft., 1031 Budapest, Záhony utca 7/C., Company Registration No.: 01-09-303201), as the invoice for the consideration for the provision of services is issued by an online invoicing program (https://www.szamlazz.hu) operated by a third party. The data processing agreement is part of our contract with him, which ensures that he will process the data with the same care, in compliance with the applicable legislation and only in accordance with our instructions.
The data may also be transferred in the event of requests from public authorities (e.g. NAV inspections).
5. Data security
We have put in place technical and organisational measures and procedures to ensure the security of the personal data we process.
Appropriate measures are taken to protect the data against unauthorised access, alteration, disclosure, disclosure, deletion or destruction, accidental destruction or damage and against inaccessibility resulting from changes in the technology used.
Personal data is only accessed by our employees who need to know it in order to perform their duties.
To keep your data secure:
- assess and take into account potential risks in the design and operation of the IT system, with a view to continuously reducing them
- monitor emerging threats and vulnerabilities (e.g. computer viruses, computer intrusions, denial of service attacks, etc.) to take timely action to avoid and prevent them
- protecting IT assets and paper-based information against unauthorised physical access and environmental impacts (e.g. water, fire, electrical surges)
- monitor our IT systems to detect potential problems and incidents
- we take great care to train staff in information security and raise awareness
- reliability is a key criterion in the selection of service providers
6. Data processors
A Data Processor is a natural or legal person who processes personal data on behalf of the Data Controller.
| Name, registered office of the data processor | Activity carried out by the data processor | Personal data processed by a data processor |
|---|---|---|
| Emobility Solutions Ltd. (1025 Budapest, Felső Zöldmáli út 3/b.) |
Development, maintenance and operation of the application and website. Maintenance of the filling database used in these. | Name, billing address, mailing address, email address, last 4 digits and expiry date of credit card, username, year of birth, gender, type of vehicle, number and name of customer keys. |
| OTP Mobil Kft. | Providing the OTP Simple payment module service used in the application. | Credit card details provided on the payment page of the service provider. |
| KBOSS.hu Trading and Service Ltd. ( 1031 Budapest, Záhony u. 7.) |
It provides the Invoice.hu billing module used in the application. | The data required for billing: name, address, customer key number and name, charging service data: period, quantity, location, charge. |
7. Rights in relation to data processing and possibilities for enforcement and redress in relation to data processing
7.1. Rights of data subjects
Everyone concerned has the right to:
- Be informed of the processing concerning him or her before it starts
- Have access to all information concerning the processing of personal data concerning them
- Request the correction of incorrect, inaccurate or incomplete data
- Request the erasure (inactivation) of your personal data
- Request restriction of processing
- Object to the use of your data in certain cases, for example for marketing purposes
- Right of redress against data processing
7.2. How to contact us to exercise your rights
We recommend that you send the Data Controller your request or complaint regarding the processing of your personal data before initiating legal or administrative proceedings, so that we can investigate and remedy it in a satisfactory manner, or, if justified, comply with any of your requests or claims under point 7.1.
The Data Controller shall, without undue delay, investigate the matter, take action on the request and provide information to the Data Subject in the event of the Data Subject's assertion of a right to data processing, request for information on data processing or objection and complaint about data processing pursuant to point 7.1, within the time prescribed by the applicable legislation. If necessary, taking into account the complexity of the request and the number of requests, this time limit may be extended as provided for by law.
If the data subject has made the request electronically, the information will be provided electronically where possible, unless the data subject requests otherwise. If the Data Controller does not act on the Data Subject's request without delay, but at the latest within the time limit set by law, the Data Controller shall inform the Data Subject of the reasons for the failure to act or the refusal to act and of the possibility for the Data Subject to take legal or administrative action in accordance with the following.
In order to exercise his/her rights in relation to the processing or if he/she has any questions or doubts about the data processed by the Data Controller, or if he/she wishes to obtain information about his/her data, make a complaint or exercise a right under point 7.1, he/she may do so at the contact details of the Data Controller listed in point 1.
Initiation of legal proceedings
The Data Subject may take legal action against the Controller or, in the context of processing operations within the scope of the processor's activities, against the processor, if the Data Subject considers that the Controller or a processor acting on his or her behalf or under his or her instructions is processing his or her personal data in breach of the provisions on the processing of personal data laid down by law or by a legally binding act of the European Union. The Tribunal has jurisdiction to rule on the action. The lawsuit may also be brought, at the Data Subject's option, before the competent court in the place where the Data Subject resides or is domiciled.
Initiation of an administrative procedure
In case of violation of their rights, the Data Subject may contact the National Authority for Data Protection and Freedom of Information (Address: 1055 Budapest, Falk Miksa u. 9-11.; Postal address: 1363 Budapest, Pf. 9; Phone: +36 (1) 391-1400; Fax: +36 (1) 391-1410; Website: http://www.naih.hu; e-mail: ugyfelszolgalat@naih.hu) or may initiate an official procedure on the grounds that a violation of their rights has occurred or is imminent, in particular,
- if in his/her opinion the Data Controller restricts the exercise of his/her rights as set out in point 7.1 or refuses to grant his/her request to exercise those rights (initiation of an investigation), and
- if you consider that, in the processing of your personal data, the Data Controller or a data processor acting on its behalf or at its instructions is in breach of the provisions on the processing of personal data laid down by law or by a legally binding act of the European Union (request for a judicial procedure).