The Data Controller declares that the data processed by it shall be processed in accordance with the currently applicable legislation pursuant to the Fundamental Law of Hungary, Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information and the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”).
Respects the personal data of its employees, customers, contractors, other data subjects and visitors to https://www.geolayer.eu/ and https://geolayer.hu/. It shall treat all data and facts of which it becomes aware as confidential and process them only on the basis of the performance of the contract, legal requirements, its own legitimate interests not prejudicing the interests of the data subjects and the prior informed consent of the data subject.
The Data Controller will process personal data in accordance with the following principles:
The processing is carried out lawfully and fairly and in a transparent manner for the data subject.
Data processing is subject to the principle of data minimisation, according to which data processing must be appropriate and relevant for the purpose for which it is carried out and limited to what is necessary.
Data processing must be accurate and, where necessary, kept up to date. In this context, it shall take all reasonable steps to ensure that inaccurate data are erased or rectified without undue delay.
Personal data will be stored for a limited period of time necessary to achieve its purpose.
Ensures protection against unauthorised or unlawful processing and accidental loss, destruction or damage of personal data.
Personal data will only be processed for the purposes and in the manner set out in this Statement, in order to exercise the rights and fulfil the obligations set out herein. The Data Controller declares that it will comply with these purposes at all stages of its processing.
The Data Controller processes only personal data which is necessary for the purpose of the processing, which is suitable for the purpose, to the extent and for the duration necessary for the purpose.
Ensure adequate security of personal data against unauthorised or unlawful processing, accidental loss, destruction or damage by applying appropriate technical or organisational measures.
By publishing this Statement, the Data Controller takes appropriate measures to ensure that data subjects receive all the information relating to the processing of personal data in a concise, transparent, intelligible and easily accessible form, in clear and plain language.
Partners and processors assisting the Data Controller are bound by confidentiality obligations in relation to the personal data of the data subjects.
The Data Controller under this Statement:
The Data Controller:
GeoLayer Korlátolt Felelősségű Társaság
1182 Budapest, Hímesháza utca 11.
Company registration number:
Mobile phone number:
+36 20 415 1370
With regard to the personal data processed by the Data Controller, the data necessary for accounting and payroll processing is processed by an accounting firm based in Budapest, which has a contract with the Data Controller.
The website of the data controller is operated by the hosting provider https://www.nethely.hu/ C-Host Kft (registered office: 1115 Budapest, Halmi utca 29.; Asz: 23358005-2-43)
The Data Controller processes the data of natural persons for the following purposes in the performance of a contract:
Employee personal data:
name; name at birth; place and date of birth; mother’s name; education; address; telephone number; e-mail address; name and account number of financial institution; specimen signature
Personal data of customers and contractual partners:
name/designation; address/delivery address; contact name; telephone number; e-mail address; photograph
The purpose of the processing of the data is the conclusion of relevant written contracts, the performance of contracts and the provision of contact details.
The Data Controller stores some of the personal data provided on paper at its headquarters and in digital form on a digital server in the cloud. The personal data will be stored from the conclusion of the contract until the contractual relationship has been established or until the expiry of the contractual relationship. Personal data processed within this scope will not be transferred.
The following personal data of employees are processed or, where necessary, may be processed on the basis of the Labour Code, the Act on Persons Entitled to Social Insurance Benefits and Private Pensions and the Coverage of These Services, the Act on Social Insurance Pensions, the Act on Personal Income Tax and the Act on the Tax Procedure and Judicial Enforcement:
name; name at birth; place and date of birth; mother’s name; social security number; tax identification number; address; personal data relating to tax relief; personal data relating to enforcement;
The purpose of employee data processing is to comply with the statutory obligation to pay contributions and pensions, to deduct the statutory tax advances and to prepare personal income tax returns in accordance with the employer’s requirements, as well as to comply with any mandatory enforcement.
The Data Controller stores some of the personal data provided on paper at its headquarters and in digital form on a digital server in the cloud. The retention period of the data contained in the employment records is determined by the applicable legislation. The Data Controller shall transmit these data to the accountant in charge of payroll accounting and to the public administration responsible for tax and contribution deductions and pension insurance.
The following personal data of customers and contractual partners are processed in accordance with the legal requirements on accounting, VAT and taxation:
name(s); address/place of residence; tax number
The data of customers and contractual partners are processed for the purpose of issuing invoices for purchases and deliveries.
The Data Controller stores part of the personal data provided on paper at its headquarters and in digital form on a cloud-based digital server and transfers it to the Data Processor in charge of accounting and payroll. Invoices are issued for orders using online invoicing software. The invoices issued, with the data content contained therein, are processed by the Data Controller until the invoice is kept for accounting purposes.
The personal data of employees who apply to the Data Controller for employment will be processed on the basis of their prior informed consent by means of this declaration:
name; name at birth; place and date of birth; mother’s name; education; address; telephone number; e-mail address;
The data is processed for the purposes of subsequent employment following selection. The Data Controller will store some of the personal data provided on paper at its headquarters and in digital form on a digital server in the cloud. The processing lasts from the moment the data is provided until the selection process. After the selection process is completed, the data of the candidate will be processed until the consent is withdrawn in order to fill future vacancies. The Controller will not transfer personal data processed in this context.
On the websites https://www.geolayer.eu/ and https://geolayer.hu/ of the Data Controller, the interested party can send a message to the Data Controller under the contact menu. In this context, the following personal data of the interested party will be processed:
name; telephone number; e-mail address
The Data Controller stores the personal data provided on the database interface and hard disk of the website, The personal data provided for the purpose of contacting you will be stored for the time necessary to achieve the purpose of the contact, but not longer than 1 year. The Controller will not transfer the personal data processed in this context.
The Data Controller is a company that operates and distributes UAS systems and takes high altitude images for road construction for its customers. The purpose of the recordings is not to photograph natural persons. However, in the course of taking the photographs, aerial photographs may be taken of natural persons in the technical area/route but not under contract. On average, the images are taken from an altitude of 70 to 120 metres and at a resolution of 20 to 45 megapixels, which are not sufficient to identify the person in the image. The contract performed for the Client does not, as a general rule, involve the processing of such data of natural persons. However, the Data Controller sets out in this statement the main provisions concerning the processing of the data of natural persons that may appear in the recordings.
The following personal data of the data subjects are processed by the Data Controller in the course of such recording:
The shots are taken in a technical area/route and aim at a complex survey of the technical area/route.
The Data Controller shall inform the persons entering the technical area/route that the area is being recorded and shall inform the data subjects that they have the possibility to object to the processing based on legitimate interest. The Data Controller shall carry out an interest assessment prior to the start of the processing, taking into account the risks presented by the processing.
The Data Controller shall take into account the risks to the rights and freedoms of the data subjects before starting the processing and shall establish that the technical area/route is unlikely to be accessed by natural persons not having a contractual relationship, that the purpose of the recordings is not to systematically monitor natural persons and that the recordings are made under technical conditions which are not suitable for the identification of the persons on the recordings, and therefore the risk and severity for the data subject of this type of conditional processing is minimal.
The Data Controller stores the personal data processed in this way in digital form on a cloud-based digital server and stores them for the duration of the contractual relationship with the customer, until the expiry of the contractual relationship or until the data subject’s express objection.
The Data Controller shall transmit the personal data processed in this context to the customer. The Customer becomes the data controller in this respect and shall establish and maintain its own data management policy for the data it processes. The Data Controller states that it does not carry out joint processing with the Customer, that it is not responsible for the Customer’s processing of the above data, but that they are mutually bound by their contractual relationship to notify each other of any data subject who has lodged a complaint with them in order to take the necessary measures.
Personal data stored about Data Subjects may be accessed only by the person who needs to know them in order to fulfil his or her obligations. The Controller shall record the name of the person who has access to the personal data or who is otherwise entitled to access the personal data, the reason for access and the time of access.
My processing activities may involve the use of personal data processed. Use is when personal data is used as evidence in legal or other official proceedings. A person whose right or legitimate interest is affected by the recording of his or her personal data may, within 3 (three) working days of the recording of the personal data, request that the data not be destroyed or erased by the Data Controller by providing evidence of his or her right or legitimate interest. If the Data Controller is required by a public authority or a court to provide and disclose the data, the Data Controller shall disclose the personal data if all the conditions for doing so are met. In the absence of such a request within thirty (30) days of the Data Subject’s request for non-destruction, the recorded image and/or sound recording and other personal data shall be destroyed or erased.
The Controller transfers certain personal data to its data processing partners. In each case, the Data Subjects’ specific consent is required where the transfer is to a country outside the European Economic Area.
The Data Subject is informed in detail about his/her enforceable rights and the scope of the data processed about him/her from this Notice and the Privacy Notice.
The Data Subject has the right to request information about the processing of his/her data.
He/she has the right to receive feedback on whether or not the processing of data relating to him/her is still ongoing and, if so, to be informed of the purposes, legal basis, storage and storage period of the data processed concerning him/her. The right to be informed includes the right to rectification, erasure, restriction of processing and the right to lodge a complaint with a supervisory authority.
If the Data Subject becomes aware that the data stored about him/her are incomplete or inaccurate, he/she has the right to request that his/her data be rectified.
The Data Controller shall delete the data stored about the Data Subject upon your request. This obligation shall also apply without a request if
The Data Controller shall, upon request, restrict the processing of personal data until it examines the possibility of taking the necessary measures, if the inaccuracy, unlawfulness, or unnecessary nature of the personal data processed is established or if the Data Subject objects to the processing.
In the case of processing based on consent or contract, the Data Subject has the right to receive the data provided by him or her in machine-readable form (pdf, doc, excel, txt) in order to transmit it to another controller.
The Data Subject may object to the processing of his or her personal data based on legitimate interests at any time on grounds relating to his or her particular situation. In such a case, the Controller may no longer process the Data Subject’s data on such grounds, unless the processing is justified by compelling legitimate grounds which override the interests, rights and freedoms of the Data Subject or are related to the establishment, exercise or defence of legal claims.
The Data Controller shall, within the shortest possible time from the date of the request, but not later than 15 days.
In particular, the Data Controller shall take appropriate measures to protect the data against unauthorised access, alteration, disclosure, transmission, disclosure, deletion or destruction, accidental destruction or damage and inaccessibility resulting from changes in the technology used.
In doing so, it will comply with the IT security policies in force and will require its Processors to do the same.
In the event of a personal data breach, it will develop a data breach policy, which sets out how to report a data breach, who is responsible for dealing with it and the relevant time limits.
It keeps records of the data protection incidents that occur.
In case of violation of their rights, data subjects may lodge a complaint with the National Authority for Data Protection and Freedom of Information (headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/C, telephone: +36 (1) 391-1400, fax: +36 (1) 394-1410, e-mail: firstname.lastname@example.org) or they may also have recourse to the court of the place of decision making.
The Data Controller shall compensate any damage caused to another party by unlawful processing of the Data Subjects’ data or by breach of data security requirements. If the Data Controller infringes the Data Subject’s right to privacy by unlawfully processing the Data Subject’s data or by breaching data security requirements, the Data Subject may claim damages.
The Data Controller may use personal data and information lawfully recorded in the course of negotiations and/or litigation in order to avoid disputes that may arise between the two parties.
The following so-called “cookies” are used on the website operated by the Data Controller:
Independent measurement and auditing of website traffic and other web analytics data is facilitated by external service providers (for details, please visit: google.com/analytics/).
Cookies record the unique network identifier (IP address) of the Data Subject using the website as personal data.
The Data Controller does not control third party websites and excludes any responsibility for the content of other external websites.
The purpose of processing the data stored in cookies is to enhance the user experience and improve the online services of the website. The cookies used on the website do not store personally identifiable information.
If you do not wish to receive certain types of cookies, you can set your browser to prevent the setting of a unique identifier or to warn you when the website wishes to send a cookie.
To learn more about these features and to fine-tune your cookie settings, please refer to the instructions or help screen of your web browser, or use the following link to turn on and off online behavioural advertising from each service provider: http://www.youronlinechoices.com/hu/ad-choices
Effective: 4 January 2021.