Pravilnik o zasebnosti

TachoMI.hu Kft. (1196 Budapest, Fő utca 53., Hungary) develops, distributes, and provides a proprietary tachograph and driver card data analysis system. In the course of our business activities, we process some data on behalf of other companies as a data processor; in such cases we perform purely technical tasks related to data processing operations in accordance with the data controller's instructions. In these cases, we have no independent decision-making or disposal rights over the data. As a direct data controller, we undertake that all data processing related to our activities complies with the requirements set out in this policy and in the applicable Hungarian and EU legislation.

TachoMI.hu Kft. is committed to protecting the personal data of its customers and partners, and considers it of paramount importance to respect the right of its customers to informational self-determination. TachoMI.hu Kft. treats personal data confidentially and takes all security, technical, and organisational measures to guarantee the security of the data.

The data processing activities of TachoMI.hu Kft. are based on voluntary consent. In certain cases, however, the processing, storage, and transfer of certain data is required by law. We draw the attention of data providers to TachoMI.hu Kft. that if they provide personal data of others, it is the duty of the data provider to obtain the consent of the data subject.

Scope of processed data

Name, date of birth, driving licence number, email address (if applicable), password and username of the driver and the employing company (if applicable), the driver's preferred language and signature image, tachograph and driver card data, driver and vehicle events, GPS coordinates, company contacts (if applicable) and their contact details (name, position, landline and mobile phone number, email address).

Purpose of data processing

Fulfilment of legal obligations, optimisation of operations, monitoring of subscribed services, minimisation of potential errors and infringements, improvement of service quality.

Legal basis for data processing

Consent of the data subject pursuant to Article 6(1)(a) of Regulation (EU) 2016/679 of the European Parliament and of the Council ("GDPR"); performance of a contract pursuant to point (b); compliance with a legal obligation pursuant to point (c); and legitimate interest pursuant to point (f); as well as Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (Info Act), and Section 13/A(3) of the E-Commerce Act.

The deadline for deletion of data is one year from the termination of the contract.

The application may use session cookies necessary for its operation, which are automatically deleted when the browser is closed. It does not use third-party analytics or tracking cookies. Data is only disclosed to parties other than the client when required by law.

TachoMI.hu Kft. deletes all emails received, together with the sender's name, email address, date, time data and other personal data provided in the message, no later than five years from the date of the communication.

Recording of phone calls

TachoMI.hu Kft. records incoming phone calls from customers.

• Purpose of data processing: enforcement of the rights of the customer and the data controller, subsequent verifiability.
• Legal basis for data processing: consent of the data subject.
• Scope of processed data: identification number, audio recording of the conversation between the customer and the agent, other personal data provided during the conversation, the customer's name and phone number, date, the agent's name, and duration of the call.
• Duration of data processing: five years.

Information about data processing activities not listed in this notice will be provided when new data is collected.

We inform our customers that courts, prosecutors, investigative authorities, regulatory offence authorities, administrative authorities, the National Authority for Data Protection and Freedom of Information, or other bodies authorised by law may contact the data controller for the purpose of providing information, disclosing data, or making documents available. TachoMI.hu Kft. only discloses personal data to authorities – provided the authority has specified the exact purpose and scope of the data – to the extent strictly necessary for achieving the purpose of the request.

Data processors

TachoMI.hu Kft. processes personal data itself and does not engage external data processors. It provides the IT infrastructure necessary for the operation of the system with its own server farm, which is housed in a server hotel (colocation service). Accounting tasks are performed internally by in-house staff using its own accounting system. Should external data processors be engaged in the future, TachoMI.hu Kft. will update this notice accordingly.

Transfer of data to third countries

TachoMI.hu Kft. primarily stores and processes the personal data of data subjects within the territory of the European Union and the European Economic Area (EU/EEA). If a transfer of data to a third country (outside the EU/EEA) is necessary, TachoMI.hu Kft. ensures the safeguards set out in Chapter V of the GDPR (e.g. adequacy decision, standard contractual clauses). Information about the details of data transfers will be provided to data subjects upon request.

Security of data processing

The IT systems of TachoMI.hu Kft. are located in a protected server farm (server hotel). The systems run on three-machine Proxmox virtualisation clusters, which provide high availability (SLA) and warm standby. Currently two such three-machine clusters are in operation. Data backups are performed on a daily basis.

TachoMI.hu Kft. selects and operates the IT tools used for the processing of personal data in the course of providing the service so that the processed data:

• is accessible to those authorised to access it (availability);
• its authenticity and authentication are ensured (authenticity of data processing);
• its integrity can be verified (data integrity);
• is protected against unauthorised access (data confidentiality).

TachoMI.hu Kft. protects data with appropriate measures, in particular against unauthorised access, alteration, transfer, disclosure, deletion or destruction, as well as against accidental destruction, damage, and inaccessibility resulting from changes in applied technology.

To protect the electronically processed data in its various records, TachoMI.hu Kft. ensures through appropriate technical solutions that the stored data – except where permitted by law – cannot be directly linked and attributed to the data subject.

TachoMI.hu Kft. takes technical, organisational, and structural measures to protect the security of data processing, taking into account the current state of technology, providing a level of protection appropriate to the risks associated with data processing.

In the course of data processing, TachoMI.hu Kft. preserves:

• confidentiality: protects the information so that only those authorised may access it;
• integrity: protects the accuracy and completeness of the information and the processing method;
• availability: ensures that when an authorised user needs it, they can actually access the desired information, and the related tools are available.

The IT system and network of TachoMI.hu Kft. are protected against computer-assisted fraud, espionage, sabotage, vandalism, fire and flood, as well as computer viruses, computer intrusions, and denial-of-service attacks. The operator ensures security through server-level and application-level protection procedures.

We inform users that electronic messages transmitted over the internet, regardless of protocol (email, web, FTP, etc.), are vulnerable to network threats that may lead to fraudulent activity, contract disputes, or the disclosure or modification of information. To protect against such threats, the data controller takes all reasonable precautions. It monitors the systems in order to record any security deviations and to provide evidence in the event of any security incident. System monitoring also enables the verification of the effectiveness of the precautionary measures applied.

Data controller details and contact

Data subjects may contact the data controller at the above contact details with any questions or requests relating to data protection.

Legal remedies

The data subject may request information about the processing of their personal data, and may request the rectification or – except for mandatory data processing – the deletion or blocking of their personal data in the manner indicated at the time of data collection, or at the above contact details of the data controller.

Right to information

Upon the data subject's request, TachoMI.hu Kft. as data controller shall provide information about the data it processes, its source, the purpose, legal basis, and duration of data processing, the name and address of the data processor and its activities related to data processing, the circumstances, effects, and measures taken to remedy any data protection incident, and in the case of data transfer, its legal basis and the recipient. The data controller shall provide the information in writing, in an intelligible form, within the shortest possible time but no later than 30 days from the submission of the request. This information is free of charge if the requesting party has not yet submitted a request for information on the same data scope to the data controller in the current year. In other cases, TachoMI.hu Kft. may charge a cost reimbursement.

Right to rectification

TachoMI.hu Kft. shall rectify personal data if it does not correspond to reality and the correct personal data is available to it.

Blocking and marking

TachoMI.hu Kft. shall block personal data if the data subject so requests, or if, based on the information available, it can be assumed that deletion would harm the legitimate interests of the data subject. Blocked personal data may only be processed as long as the data processing purpose that precluded the deletion of the personal data persists. TachoMI.hu Kft. shall mark personal data it processes if the data subject disputes its accuracy or correctness, but the inaccuracy or incorrectness of the disputed personal data cannot be clearly established.

Right to erasure

TachoMI.hu Kft. shall delete personal data if its processing is unlawful, the data subject requests it, the processed data is incomplete or inaccurate – and this condition cannot be lawfully remedied – provided that deletion is not excluded by law, the purpose of data processing has ceased, or the legally prescribed time limit for data storage has expired, or it has been ordered by a court or the National Authority for Data Protection and Freedom of Information.

Right to restriction of processing (GDPR Article 18)

The data subject has the right to request that TachoMI.hu Kft. restrict the processing if one of the following conditions is met: the data subject contests the accuracy of the personal data; the processing is unlawful and the data subject opposes the deletion of the data; the data controller no longer needs the personal data for the purpose of processing, but the data subject requires them for the establishment, exercise, or defence of legal claims; or the data subject has objected to the processing.

Right to data portability (GDPR Article 20)

The data subject has the right to receive the personal data concerning them, which they have provided to the data controller, in a structured, commonly used, and machine-readable format, and has the right to transmit those data to another data controller, where the processing is based on consent or a contract, and the processing is carried out by automated means.

Right to object

The data subject may object to the processing of their personal data if the processing or transfer of personal data is necessary solely for the fulfilment of a legal obligation applicable to the data controller or for the enforcement of a legitimate interest, is carried out for the purpose of direct marketing, or in other cases prescribed by law. TachoMI.hu Kft. shall examine the objection within the shortest possible time from the submission of the request, but no later than 15 days.

Compensation and damages

TachoMI.hu Kft. shall compensate for any damage caused by the unlawful processing of the data subject's data or by the breach of data security requirements. In the event of a violation of the data subject's personality rights, the data subject may claim non-material damages (Section 2:52 of the Hungarian Civil Code).

Right to judicial remedy

In the event of a violation of their rights, the data subject may bring an action against the data controller before a court. The court shall act on the case with priority. The competent court by the data controller's registered office is the Budapest-Capital Regional Court (1055 Budapest, Markó u. 27., Hungary), or the data subject may choose the regional court competent by their place of residence.

Data protection authority proceedings

Complaints may be lodged with the National Authority for Data Protection and Freedom of Information: