Via this “Privacy Notice” the STS GROUP informs You, as a data subject, of processing the personal data that You provide when visiting the Website.
The members of the STS GROUP listed in Annex 1 are committed to protect the personal data of visitors to their websites accessible at stsgroup.hu (hereinafter referred to as "Website").
With this information, the STS GROUP fulfils its obligation to provide information pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 29 June 2016 on the General Data Protection Regulation (hereinafter referred to as "GDPR") and Article 16 of Act CXII of 2011 on the right to informational self-determination and freedom of information (hereinafter referred to as "Info Act.").
2.1. "processing" means any operation or set of operations that is performed on data, regardless of the applied procedure; in particular collecting, recording, registering, organizing, storing, modifying, using, retrieving, transferring, disclosing, synchronising or connecting, blocking, erasing and destroying the data, as well as preventing their further use; taking photos and making audio or visual recordings, as well as registering physical characteristics suitable for personal identification (such as fingerprints or palm prints, DNA samples and iris scans).
2.2 "controller" means the natural or legal person, or organisation having no legal personality, which, within the framework laid down in an Act or in a binding legal act of the European Union, alone or jointly with others, determines the purposes of data processing, makes decisions concerning data processing (including the means used) and implements such decisions or has them implemented by a processor.
2.3. “data disseminator” means the body performing public duties which, if the data source itself does not disseminate the data, uploads the data sent to it by the data source to a website.
2.4. “ technical processing” means the totality of data processing operations performed by the processor acting on behalf of, or instructed by, the controller.
2.5. “processor” means a natural or legal person, or an organisation not having legal personality which, within the framework and under the conditions laid down in an Act or in a binding legal act of the European Union, acting according to a mandate or instructions given by the controller, processes personal data.
2.6 "third country" means any state that is not an EEA State.
2.7 "personal data breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised transfer or disclosure of, or unauthorised access to, personal data transferred, stored or otherwise processed.
2.8 "data subject" means any natural person identified or identifiable based on any information.
2.9 "identifiable natural person" means a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2.10. “personal data” means any data relating to the data subject.
2.11. “sensitive data” means all data falling in the special categories of personal data that are personal data revealing racial or ethnic origin, political opinion, religious belief or worldview, or trade union membership, as well as genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
2.12. “criminal personal data” means personal data related to the data subject and to a criminal record, generated by organs authorised to conduct criminal proceedings or to detect criminal offences, or by the prison service during or prior to criminal proceedings, in connection with a criminal offence or criminal proceedings.
2.13. “consent” means any freely given, specific, informed and unambiguous indication of the data subject's wishes, by which he or she, by a statement or a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2.14. “recipient” means a natural or legal person, or an organisation having no legal personality, for which the controller or the processor provides access to the personal data.
Member companies of the STS GROUP listed in Annex 1.
The term "Data Controller" means the Company or Companies referred to this point in this "Privacy Notice".
The Data Controller shall guarantee the right to personal data and fundamental freedoms of every natural person in the performance of its tasks and in all areas of the services it provides. In particular, the right to privacy of the data subject shall be respected in the electronic, automated and manual processing of personal data. Accordingly, the Data Controller will act the same when processing Your personal data.
The Data Controller may also obtain personal data of our customers, partners and employees in the course of carrying out its activities, however, the Data Controller does not actively collect personally identifiable information from the Websites unless You provide explicitly and intentionally provide such information (e.g. by using our career portal). While browsing our Websites, certain information may be indirectly recorded.
The Data Controller shall not use personal data provided by the data subject for purposes other than those for which they were collected. The disclosure of personal data to third parties or to the courts or other authorities – unless otherwise provided by law – shall only made on the basis of a court or administrative decision or on the basis of the prior explicit consent of the data subject.
The Company shall process the personal data only for the shortest period necessary to achieve the purposes set out in point 4, but no later than the expiry of the period specified by law, or, in the absence of such provision, for a period of 1 (one) year from the date on which the personal data is made available to the Controller.
The Controller shall cease to process the personal data if the data subject has requested to erase his or her personal data pursuant to Article 14(e) of the GDPR or pursuant to Article 17 of the GDPR.
When You visit the stsgroup.hu Website, You also provide the Controller with personal data. Your data may be processed in two ways: on the one hand, in connection with the maintenance of the Internet connection, technical data (cookies, see point 8) relating to the used computer, browser program, Internet address and pages visited are automatically generated in our computer system, and on the other hand, You can provide Your name and contact details if You wish to personally contact any member of the STS GROUP when using the Website.
The Data Controller will process only the documents sent by the data subject and any other documents attached thereto, as well as the personal data that may be obtained from them.
Please note that the Controller may process personal data for the purposes of complying with a legal obligation to which it is subject, or for the purposes of its own legitimate interests or the legitimate interests of a third party, where such interests are proportionate to the restriction of the right to the protection of personal data, without further specific consent and even after the withdrawal of the data subject's consent, unless otherwise provided by law.
7.1. Personal data shall be recorded and processed only for the purposes set out in section 4, in accordance with the requirements of fairness and lawfulness.
7.2. Personal data shall only be processed to the extent and for the period of time necessary to achieve its purpose.
7.3. The processing shall be proportionate to the purposes set out in point 4.
7.4. The Company undertakes to process the personal data received and processed in maximum compliance with the Info Act., the GDPR and the data processing policy set out in this Privacy Notice, and to not disclose it to any not specified person in this Privacy, or to any unauthorised person.
7.5. The Company will only disclose the personal data of the data subject to third parties in exceptional cases, on the basis of a court order, a decision by an authority or a statutory provision
7.6. The Company undertakes to ensure the integrity and confidentiality of the data as set out in Article 5 (1) f) of the GDPR and to ensure the security of the processing as set out in Article 32 of the GDPR. To that effect, it shall take the technical and organisational measures necessary to ensure the protection of the data recorded, stored or processed and to prevent their destruction, unauthorised use or alteration.
On certain pages of the https://stsgroup.hu/ website, the STS GROUP uses "cookies".
You can configure Your web browser to accept all cookies, reject all cookies or notify You when a cookie is sent to Your computer. Each web browser is different, so please use Your browser's "Help" menu to change Your cookie settings.
The Data Controller reserves the right to unilaterally amend this Privacy Notice as necessary.
10.1. The data subject may assert his/her rights (to object) against the data processing in cases set out in Article 21 – 24 of the Info Act. The Data Controller shall examine the objection within the shortest possible period of time following the submission of the request, decide if the objection is justified and shall inform the data subject of its decision.
10.2. The data subject – beyond the above mentioned – may turn to court according to the provisions of the Info Act and Act CXXX of 2016 on the Code of Civil Procedure in order to assert his/her rights. The regional courts have jurisdiction to decide on such case. The lawsuit may also be brought before the court of the domicile or of the place of residence of the data subject, at his/her own discretion.
10.3. The data subject may contact the National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C; postal address: 1530 Budapest, Pf. 5.; e-mail: firstname.lastname@example.org) with any questions concerning the processing of his/her personal data or with any complaints against the Data Controller.
10.4. The staff of the Data Controller may be reached out via e-mail address email@example.com or phone number +36 70-678-2091 in the case of any questions concerning the data processing.
The annexes form an integral part of the present "Privacy Notice".
This "Privacy Notice" is effective from 1 April 2020.
Please also note that the Website also contains icons of other websites (e.g. Facebook, Twitter, Youtube, etc.), which are also covered by this Privacy Notice..
- Members of the STS GROUP -
|Company name||Registered seat||Company registration number|
|STS Engineering & Construction Korlátolt Felelősségű Társaság Employer (abbreviated name: STS Engineering & Construction Kft.)||H-9027 Győr, Koroknay Gyula street 7.||08-09-015894|
|STS Service Kutatási és Műszaki Szolgáltató Korlátolt Felelősségű Társaság (abbreviated name: STS Service Kft.)||H-9027 Győr, Koroknay Gyula street 7.||08-09-020033|
|STS Business Befektetési Korlátolt Felelősségű Társaság (abbreviated as: STS Business Kft.)||H-9027 Győr, Koroknay Gyula street 7.||08-09-023212|
|STS PowerPlant Korlátolt Felelősségű Társaság (abbreviated name: STS PowerPlant Kft.)||H- 9011 Győr, Gólyarét street 18.||08-09-018138|
- Information on data processing by STS GROUP in the use of the camera surveillance system and on the rights of the data subject
Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation) (hereinafter: GDPR), Act CXII of 2011 on the right to information self-determination and freedom of information (hereinafter: Info Act.) and Act CXXXIII of 2005 on the rules of personal and property protection and private investigation (hereinafter: Property Protection Act.), the member of the STS GROUP – see point 3 – (hereinafter referred to as the Company) as data controller operates an electronic surveillance system capable of recording images at the address serving as the registered office of the Company and also at the Company’s premises, and in the areas open to clients.
The camera surveillance system is operated by the members of the Company, which operates the cameras as data controller.
The STS GROUP considers that anyone who enters its facilities, construction sites or offices is bound by the rules set out in Annex 2 to this "Privacy Notice".
It is forbidden to bring firearms, ammunition, alcohol (except for representational purposes), narcotic and hallucinogenic substances, knives with a blade length exceeding 8 cm, daggers (piercing and cutting instruments), toxic, explosive, radiating and chemical substances as well as objects particularly dangerous for public safety, into the territory/territories of the STS GROUP.
4.1. The camera surveillance system records the image of the person entering the area monitored by the cameras and the action of the person as seen on the recording. The camera surveillance system does not record sound.
4.2. The data controller uses the camera surveillance system to protect human life, physical integrity, business secrets and property.
4.3. The legal basis for the processing of the recordings is the legitimate interest of the data controller pursuant to Article 6 (1) f) of the GDPR.
4.4. The purpose of the processing: the protection of human life, physical integrity, personal liberty, business secrets and property.
4.5. Legal basis for the processing: consent of the data subject – which consent is given with entering the data controller’s private area open to the public. This consent may also be given by conduct.
4.5.1. “By conduct” particularly means when a natural person enters the private area open to the public despite the notice posted in accordance with the law, unless the circumstances clearly indicate otherwise.
The recipients of the data in the case of camera surveillance and recording are the data subject, the representative of the data subject (both legal and authorised), the successor of the data subject, the court or other authority.
The source of the data in the case of camera surveillance and recording is the consent recorded directly from the data subject.
The data shall be retained, in the absence of use, for a maximum period of 30 (thirty) days from the date of recording in the case of camera surveillance and recording pursuant to Section 31/A (3) of the Szvtv.
The rights of the data subject and the procedure for their enforcement shall be governed by the provisions of the Privacy Notice.
The remedies of the data subject shall be governed by the provisions of the Privacy Notice.