General Data Protection Policy

Data Protection, Privacy Policy

 

1. Introduction

Mobile LBS Kft., hereinafter referred to as the service provider, as a data controller and/or data processor, acknowledges the content of this legal notice in full, and considers it as binding on it.
It undertakes that all data controlling and data processing related to its activities comply with the requirements set out in these regulations and the applicable legislations.

All data protection guidelines arising in connection with the data management and data processing activities of Mobile LBS Kft. are continuously accessible on the company’s websites, online service interfaces and on all other online interfaces managed by it (e.g. Facebook, etc.), under the heading Privacy Policy. However, we reserve the right to alter the content of this Privacy Policy as necessary, in accordance with applicable legislation.
We will notify our customers and visitors of online content of the alterations, as necessary.
Should you have any questions in connection with this Policy, please write to our e-mail address below, and we will send you a written reply.
Data Protection Officer of Mobile LBS Kft.: Olivér Fehér
E-mail: oliver.feher@whereis.eu
Mobile LBS Kft. is committed to protect the personal data of its customers, partners and employees, and considers it extremely important to respect the right to informational self-determination of the natural persons involved in data processing. Mobile LBS Kft. handles personal data confidentially, and ensures the security of these data by taking sufficient technical and organizational measures.
Please, read the description of our data protection and data management procedure detailed below.

 

2. Business details

Name: Mobile LBS Korlátolt Felelősségű Társaság
Head office: 7625 Pécs, 7 István street, 1. em. 6
Tax identification number: 23560897-2-02
Company registration number: 02-09-078039
E-mail: info@whereis.eu

 

3. Purpose and scope of thePrivacy Policy

The purpose of this Policy is to lay down the data protection, data management and data processing principles applied by Mobile LBS Kft., which the company – depending on its role in the case of the given system – as data controller or data processor, recognizes as mandatory for itself.
This Policy contains the principles for the handling of personal data provided either by users, or developed and provided by Mobile LBS Kft. about private individuals, or recorded manually or by data import in the information systems used by it.

 

4. Definitions

personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

pseudonymisation: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

filing system: any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;

controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

third party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

consent of the data subject: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

personal data breach: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

 

5. Use of cookies

An HTTP cookie is a piece of information that a server sends to a web browser, and then the browser sends back to the server each time a request is made on the server. Cookies are created by the web server itself using a browser on the user’s computer, where they are stored in a separate directory.

A cookie is a small file that makes its way to your computer when you visit a website.

A cookie can carry any information content specified by the server, for the purpose of introducing user status into the connection between the browser and the server. In the absence of cookies, retrieving each web page would be an isolated event, so for example, if a user logged in to a username- and password-protected page, viewed content and then navigated to another subpage, his or her username/password pair would have to be re-requested.

The purpose of cookies is therefore to facilitate the use of websites and to store information about the user’s session, but they are suitable also to collect other information related to the use of the website.

Mobile LBS Kft. uses cookies within its websites and online services for two purposes only, which are not suitable for the identification of users.

Usage-facilitating cookies:
These allow us to remember the functional language of the websites and online services, as well as other usage-related information.

Performance-facilitating cookies:
We use Google Analytics cookies to collect information about how our visitors use our website. These cookies cannot identify you personally, they collect information only about which page a visitor viewed, which part of the website they clicked on, how many pages they visited, and how long each page was viewed for.

Blocking cookies:
As previously written, cookies used on our websites and online service interfaces do not store information that would allow for the identification of a person.

However, you have the option to block the storage of cookies in your browser.

Cookies can usually be managed in the Tools/Settings menu of browsers under Privacy Settings, under the title ‘cookies’.

 

6. Purpose of data management and dataprocessing

Our company sells its own – typically online – software as a service (SaaS), and our customers, using this software, agree to a monthly (or in larger units) billed fee. In addition to complying with the legislations, this software has been designed in accordance with the service needs indicated by the customers, so the data stored in them is the data deemed necessary by the customers in the given usage segment. The purpose of data management and data processing is to meet the original purpose of the online software solutions used by customers.

In our own records, we store only the personal data necessary for the conduct of business, the purpose of which is to maintain contact with customers and partners, to fulfil the contractual relationship and to settle bills in accordance with legislations.

 

7. The legalbasisfordata management

When developing this Policy – and the underlying Data Protection Impact Assessment and Data Protection Regulations – we have taken into account the requirements of the following legal and mandatory regulations:

  •     Regulation     (EU) 2016/679 of the European Parliament and of the Council of 27     April 2016 on the protection of natural persons with regard to the     processing of personal data and on the free movement of such data,     and repealing Directive 95/46/EC (General Data Protection     Regulation), hereinafter referred to as ‘GDPR’
        
  •     Act     CXII of 2011 on Informational Self-determination and Freedom of     Information, hereinafter referred to as ‘Privacy Act’
        
  •     Act     V/2013 promulgating the Civil Code, hereinafter referred to as ‘CC’
        
  •     Act     CVIII of 2001 on certain issues of electronic commerce services and     information society services, hereinafter referred to as     (Electronic Commerce Act) ‘ECA’
        
  •     Act     C of 2000 on accounting, hereinafter referred to as (Act on     Accounting) ‘AoA’
        
  •     Act XLVIII of 2008 on     the essential conditions and certain limitations of business     advertising activity, hereinafter referred to as (Business     Advertising Activity) ‘BAA’
        
  •     Act LXVI of 1995 on     public records, public archives, and the protection of private     archives (in connection with data related to employment)
        
  •     Act     XLI of 2012 on Passenger Transport Services (related to the HolATaxi     system)
        
  •     Government     Decree No. 176/2015 of 7 July 2015 on the transport of passengers by     road in passenger cars in exchange for payment (related to the     HolATaxi system)
        
  •     Budapest     General Assembly Decree No. 31/2013 (IV.18.) on the services of     passenger transportation by taxis and on the conditions of running a     passenger transportation dispatcher, on the regulation of setting up     and using taxi ranks and the fixed administrative tariffs of     passenger taxi services
        
  •     the     agreement with customers – stipulated in a contract permission granted by the user for data processing, clearly stated in writing     or on the online interfaces

 

8. Duration of data management and dataprocessing

The duration of data management and processing depends on the way of participation in data management.

As data controller

As data controller, we store in our own records only the personal data necessary for maintaining communication, informing customers, maintaining the contractual relationship and settling accounts, only for the duration of the business relationship.
The duration of the business relationship is defined as the date of the request for either sale or other purposes until the existence of a contractual relationship with the customer, interpretable in any way.

As data processor

With regard to software provided as a service, we do not specify a data processing period in connection with data control. The data interfaces provided to our contracted customers in these systems are used to query, record, modify (in one word: manage) the data; the contracted customer has control over the data, thus regulating the data management activities (including requesting the data subject to issue an authorisation statement about the data management) in accordance with his or her needs, as well as the legislations applicable to his or her activity.
As data processor, we basically provide a minimum data retention period in accordance with legislations, but we can increase this period at the request of the customer, or on the basis of an agreement with him or her.

 

9. The scope of personaldatamanaged

Our company sells its own – typically online – software as a service (SaaS), and our customers, using this software, agree to a monthly (or in larger units) billed fee. In addition to complying with the legislations, this software has been designed in accordance with the service needs indicated by the customers, so the scope of data stored in them is the scope of data deemed necessary by the customers in the given usage segment. The purpose of data management and data processing is to meet the original purpose of the online software solutions used by customers.

In our own records, we store only the personal data necessary for the conduct of business.

As data controller

As data controller, we store in our own records only the personal data necessary for maintaining communication, informing customers, maintaining the contractual relationship and settling accounts; namely the following:

  • name    
  • if     necessary, address; in case of an enterprise: head office, as well     as postal address    
  • e-mail     address    
  • other     communication channels specified by the customer    
  • tax     identification number    
  • bank     account number

As data processor

With regard to the software provided as a service, we provide the possibility of data management through the software interfaces, as well as its technical and product support conditions. The data can be provided by our customers on these software interfaces.

In the following systems, we provide the possibility to store the data of natural persons that can be recorded by them:

 

HolAzAutó fleet management systems

  • surname and first name    
  • place and date of birth    
  • citizenship    
  • mother tongue    
  • user’s contact details (e-mail address)    
  • device-vehicle-person binding    
  • current situation based on the above    
  • traceable past position and route    
  • vehicle usage habits    
  • events     related to the person, use of the vehicle (e.g. penalties)    
  • SentinelProtect vehicle protection system    
  • vehicle data (from which the person using the vehicle can be deduced)    
  • position information    
  • condition of other peripherals.

HolATaxi systems

HolATaxi systems store data, specific to each taxi company, related to the organization of transport and the data of natural persons, on servers owned by the taxi company and located on its own internal network.

In relation to passengers

  • name    
  • phone number    
  • in the case of a registered order application user, the e-mail address    
  • addresses (which are the recorded previous pick-up addresses)    
  • details     of previous journeys    
  • indirect (from taxi GPS coordinate data) data in relation to the start and     end of the transport    
  • in some cases, the amount of the fare

In relation to taxi drivers

  • name    
  • phone     number    
  • place and time of birth    
  • mother’s name    
  • personal ID number    
  • tax number and/or tax ID    
  • taxi license number    
  • license number, category and validity    
  • sole trader’s licence number    
  • permanent address and/or address of temporary residence    
  • his or her previous transports
  • identification data of his or her vehicle (with which he or she provides a     passenger service).

 

10. Data transmission, additionaldatacontrollers and processors

We can only ensure some of our services and the security of the built-in functions and operation, by using content provided by external service providers, IT solutions or even their infrastructure.

In order to display our online content, to maintain communication with our customers and to provide online services, the following data controllers and data processors will appear in connection with the Service Provider’s activities, to whom the data necessary for maintaining the service will also be transmitted.

By accepting this Data Management Policy, the natural person also agrees to the transmission of his or her data necessary for the use of the given service, so if he or she does not agree to the transmission of his or her data, we cannot provide the service concerned:

MiniCRM Szolgáltató és Kereskedelmi Zrt.:

Developer and provider of the MiniCRM system we use to maintain communication with our customers.

The registered head office of the company: 1375 Budapest, 13-14 Madách Imre st.

Company registration number: 01-10-047449

Tax identification number: 23982273-2-42

E-mail: help@minicrm.hu

Server hosting provider: T-Systems Magyarország Zrt. – Data Park Budapest (1087 Budapest, 13 Asztalos Sándor st., Tel.: 1400, E-mail: TS_ugyfelkonnectat@t-systems.hu)

Data protection registration number: NAIH-64809/2013.

Google Inc.

We use Google’s e-mail system to communicate with customers in writing, and for office use, the document management system it provides.

Head office: 1600 Amphitheater Parkway, Mountain View, CA 94043, USA

Telenor Magyarország Zrt.

We send SMS messages from our online services via Telenor’s SMS Gateway (SMS Courier).

Head office: 2045 Törökbálint,1 Pannon st.

Company registration number: 13-10-040409

ATW Internet Kft.

The registered head office of the server park provider that carries out the placement of the servers we deliver our services with:

Head office: 1138 Budapest, 66 Esztergomi st. fsz. 1.

Company registration number: 01-09-736956

Tax identification number: 13471868-2-41

E-mail: support@atw.co.hu

RACKFOREST Informatikai Kereskedelmi Szolgáltató és Tanácsadó Kft

The registered head office of the server park provider that carries out the placement of the servers we deliver our services with: 1132 Budapest, 18-22 Victor Hugo st., 3. em. 3008 a

Tax identification number: 14671858-2-43

Data management registration number: NAIH-74088/2014

E-mail: info@rackforest.hu

InfoComplex Informatikai és Telekommunikációs Szolgáltató és Fejlesztő Betéti Társaság

The registered head office of the company that performs the contracted operation and incidental maintenance of servers:

Head office: 7632 Pécs, 21 Littke J. st.

Company registration number: 02-06-069801

Tax identification number: 23982273-2-42

E-mail: support@infocomplex.hu

OTP Mobil Kft.

Simple Pay provides an online payment service to its users. Data processing and data transfer are conducted to the extent required for these online banking orders.

By accepting this data management policy, our natural person user acknowledges that during the online payment via the Simple Pay system, his or her personal data, stored by Mobile LBS Kft. in the user database of their online tracking systems: https://service.alapnyomkovetes.hu, https://service.holazauto.hu and https://portal.holazauto.hu/fleet, will be transferred to OTP Mobil Kft. as data processor.

The nature and purpose of the data processing activity performed by the data processor can be viewed in the SimplePay Data Management Policy, on the following link: http://simplepay.hu/vasarlo-aff

  • The registered head office of OTP Mobil Kft: 1143 Budapest, 17-19 Hungária blvd.
  • Company registration number: 01-09-174466
  • Tax identification number: 24386106-2-42
  • data protection representative of Simple: Sári Zsombor, whose contact details are:
  • in person at the company’s registered head office

e-mail address: dpo@otpmobil.com

11. Data Security 

Mobile LBS Kft. takes all necessary steps to ensure the security of the personal data provided by its users both during network communication, and during the storage and safekeeping of data.

Access to personal data is strictly limited in order to prevent unauthorized access, alteration or use.

Our servers used for data storage are redundant servers located in protected server parks, and the data stored on them is directly accessible only to the employees and companies that maintain the servers.

12. Enforcement and legalremedy

Mobile LBS Kft. ensures getting acquainted with, enforcement and legal remedy of the rights related to personal data as follows:

Disclosure

Mobile LBS Kft. provides the relevant information to the data subject. At the written request of the data subject, we provide information about the data we manage or process, their source, purpose, legal basis, duration, the name and address (registered head office) of the data controller and/or data processor and its activities related to data processing, as well as – in case of transfer of personal data of the data subject – who receives or has received the data and for what purpose.

We will provide this information in writing within 30 days of receiving the request.

Correction and/or erasure of data

It is the right of the natural person concerned to request his or her personal data to be rectified, the fulfilment of this by us, respectively. Mobile LBS Kft. is obliged to correct personal data that does not correspond to reality.

Personal contact shall be erased if

  • its handling is illegal;    
  • at the request of the data subject;    
  • it is incomplete or incorrect, and this condition cannot be legally corrected    
  • the purpose of data management has ceased    
  • the statutory term for data storage has expired    
  • it has been ordered by either the Court, or    
  • by the National Authority for Data Protection and Freedom of Information.

In addition to the above, the erasure is subject to the condition that the erasure of the data is not precluded by any law or other legislation.

Please note that the data subject’s rights to information, rectification and erasure may be restricted by law

  • in the interests of the external and internal security of the Hungarian State (national defence, national security, crime prevention or law enforcement, security of penitentiary);    
  • in the economic or financial interest of the state or municipality;    
  • of significant economic or financial interest of the European Union;    
  • to prevent and detect breaches of Labour Law and occupational safety and health obligations.

If we are unable to comply with the data subject’s request for rectification or erasure for the above reasons, we will inform the data subject in writing within 30 days.

Objection

Mobile LBS Kft. ensures that the data subject may object to the processing of his or her personal data if the processing and/or transmission of personal data is carried out solely for the purpose of direct business acquisition or public opinion research, necessary to enforce the interest of our company or the recipient;

An objection submitted in writing will be looked into within 15 days of its submission, and the applicant will be informed of the outcome in writing.

If the objection is justified, the processing and transfer of data shall be terminated and all persons to whom the data concerned had previously been transferred shall be notified of the objection and the related measures.

Should you have any further queries regarding data management and data processing activities of Mobile LBS Kft., you can obtain information at the following contacts:

Name: Mobile LBS Limited Liability Company.

Headquarters: 7625 Pécs, 7 István st. 1. em. 6

Data Protection Officer: Olivér Fehér

Contact details of the Data Protection Officer: oliver.feher@whereis.eu / +36 72 998 605