Privacy Policy of TILEA HR and Financial Services Ltd.
1. Introduction
TILEA HR and Financial Services Ltd. is committed to protecting and securing your data. Below, we outline the data management procedures on the peo-services.com website, the measures taken to protect personal data, and the rights and enforcement options related to data management. This notice details the regulations and practices applied by the company to ensure data protection, taking into account the following laws:
- General Data Protection Regulation (EU) 2016/679
- Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information
- Act CVIII of 2001 on Electronic Commerce and on Information Society Services
- Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities.
2. Data Controller Information
The data management is performed by TILEA HR and Financial Services Ltd. (hereinafter: Data Controller).
Data Controller details:
- Company name: TILEA HR and Financial Services Ltd.
- HQ: HU-2318 Szigetszentmárton, Templom Street 3., Hungary
- Tax number: 32147841-2-13
- Company registration number: 13 09 224141
- Managing Directors: Lea Kovács-Kneitner and Tibor Kovács
- Phone: +36 30 635 5022, +36 30 635 5144
- Email: info@tileagroup.com
3. Basic Definitions for Personal Data Management
- Data Processor: A person or organization that processes personal data on behalf of the Data Controller.
- Data Management: Any operation or set of operations performed on personal data, whether automated or manual, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, transmission, dissemination, making available, alignment, combination, restriction, deletion, or destruction.
- Data Controller: A person or entity, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
- Data Protection Incident: A security breach resulting in accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data.
- Consent of the Data Subject: A freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
- Recipient: A natural or legal person, public authority, agency, or another body to which the personal data are disclosed, whether or not it is a third party.
- GDPR (General Data Protection Regulation): The EU’s General Data Protection Regulation.
- Third Party: A natural or legal person, public authority, agency, or body other than the data subject, data controller, data processor, or persons who, under the direct authority of the data controller or data processor, are authorized to process personal data.
- Personal Data: Any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
4. Principles of Data Management
Personal data must be processed lawfully, fairly, and in a transparent manner in relation to the data subjects.
Data must be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes. Data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
Data must be accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
Personal data must be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
Appropriate technical and organizational measures must be implemented to ensure a level of security appropriate to the risk, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
5. Scope of Data Management
Data management applies to individuals visiting the website operated by the Data Controller, those ordering training or courses through the website, those requesting consultation, and those interested in the services of the Data Controller. Additionally, those who like the website on Facebook, subscribe, or establish contact through Facebook Messenger are also considered data subjects.
6. Data Managed by the Data Controller
- Course Order: When ordering a course on the website, the Data Controller collects the following data: name, email address, phone number, billing name, address, tax number, and details of the ordered course.
- Consultation Request: When requesting consultation, the following data are managed: name, email address, phone number, description of the question or case, billing name, address, tax number, and details of the requested consultation.
- Service Inquiries: Data provided by the data subject in case of inquiries: name, email address, phone number.
- Website Visitor Data: Different types of cookies may be placed on the data subject’s device while using the website. These cookies can store IP address or its details, browser type, data related to website usage (e.g., time of visit, pages visited, session duration, number of clicks).
- Facebook Interactions: If the visitor likes the page on the website using the Facebook plugin, subscribes to the website’s Facebook page, or contacts the Data Controller through Facebook Messenger, the Data Controller manages data related to the data subject’s Facebook profile (name, profile picture).
7. Purpose of Data Management
- Course Order: The purpose of data management when ordering courses is to record, confirm, and fulfill the order, whether online or on-site. If the phone number is provided, its purpose is to coordinate and communicate related to the course order and fulfillment. The purpose of managing the billing name, address, and tax number is to issue the invoice.
- Consultation Request: When requesting consultation through the website, the purpose of data management is to record, confirm, and provide the consultation. The purpose of managing the billing name, address, and tax number is to issue the invoice.
- Service Inquiries: The purpose of managing inquiries is to inform data subjects about the services they are interested in.
- Cookie Usage: Detailed information on the purposes of cookies used on the website can be found in section 11. The purpose of using the Facebook plugin on the website is to allow the page to be liked and subscribed to by the data subjects.
8. Legal Basis for Data Management
- Course Order: The legal basis for data management when ordering courses is Article 6(1)(b) of the GDPR and Section 13/A of the E-commerce Act regarding the data subject’s name, email address, billing name, address, and ordered course. Without these data, the contract cannot be concluded and fulfilled. The management of the phone number and tax number is based on the data subject’s voluntary consent (Article 6(1)(a) of the GDPR). The tax number is included on the invoice if provided.
- Consultation Request: The legal basis for data management when requesting consultation through the website is Article 6(1)(b) of the GDPR and Section 13/A of the E-commerce Act regarding the data subject’s name, email address, problem description, billing name, address, and ordered consultation. These data are necessary for the conclusion and fulfillment of the consultation contract. The management of the phone number and tax number is based on the data subject’s voluntary consent (Article 6(1)(a) of the GDPR), and the tax number is included on the invoice if provided.
- Service Inquiries: The legal basis for data management of inquiries sent through the website is the data subject’s voluntary consent (Article 6(1)(a) of the GDPR).
- Cookie Usage: The legal basis for data management regarding cookies used on the website:
- For cookies technically necessary for the operation of the website and the use of services and functions: Section 13/A of the E-commerce Act and Article 6(1)(b) of the GDPR.
- For convenience, marketing, or cookies used for analyzing the use of the website and improving its performance: the data subject’s voluntary consent (Article 6(1)(a) of the GDPR).
- Legitimate Interest: The Data Controller may process the data subject’s data to enforce its legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject (Article 6(1)(f) of the GDPR). An example of this could be if the Data Controller has a claim against the data subject.
9. Data Management Duration
- Course and Consultation Orders: For courses and consultations ordered through the website, the Data Controller manages the data as long as necessary for the fulfillment of the order, contract, or consultation. The data will be automatically deleted no later than one year after completion, except if there is another legal basis for data management.
- Billing Data: If personal data of the data subject are included in the invoices, the Data Controller is required to retain these records for 8 years based on the Accounting Act. Tax-related data must be retained until the statute of limitations for tax determination expires, or in the case of deferred tax, for 5 years from the end of the calendar year in which the deferred tax becomes due.
- Inquiry Handling: Inquiries received through the website are managed by the Data Controller until the requested information is provided. The data will be automatically deleted no later than one year after this, except if the data subject contacts the Data Controller again, in which case the data will be managed for up to one year after the information is provided.
- Cookies and Facebook Plugin: Detailed information about the lifespan of cookies can be found in section 11. Data management lasts as long as the data subject does not request the deletion of their data (e.g., unsubscribing or withdrawing the like) in the case of liking or subscribing to the website’s Facebook page.
10. Access to Data
Authorized employees of the Data Controller, as well as contracted agents of the Data Controller who need access to these data in their work, have access to personal data. Additionally, the Data Controller’s executive officers may also access these data.
Personal data are only disclosed to third parties for data processing purposes. The data processor can only process data according to the Data Controller’s instructions and cannot process data for their own purposes, and must store and retain the data according to the Data Controller’s requirements.
- Website Analysis: The Data Controller uses Google Analytics, operated by Google, Inc., to analyze website usage. This service collects information and generates statistical reports on website usage using cookies installed on the data subject’s computer. The data are stored on Google LLC’s servers (address: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, phone: 650-253-0000, email: data-protection-office@google.com). Google LLC is listed on the Privacy Shield list.
- Facebook Plugin: Data processing for the Facebook plugin is performed by Facebook Inc. (address: 1 Hacker Way, Menlo Park, California 94025, USA, phone: +1 650-543-4800, email: privacyshield@support.facebook.com). Facebook Inc. is listed on the Privacy Shield list.
11. Cookies Used on the Website
A cookie is a text file sent by the website to the data subject’s computer or mobile device, where it is stored as a small file. It generally contains the name of the domain it came from, the cookie’s validity period, and a randomly generated number (value).
Cookies used on the website serve various purposes. Some are essential for the website’s operation, while others facilitate its use, such as remembering the visitor’s settings for a specified period (e.g., language, font size, other display preferences), so they do not have to be re-entered each time. Some cookies aim to improve the website’s performance by collecting statistical data and reporting on its usage. Some cookies serve advertising purposes, helping to display ads relevant to the visitor’s interests. Cookies are categorized as follows:
- Session Cookies: These are temporary cookies that remain in the browser until the visitor leaves the website or closes the browser. They are necessary for browsing the website and using its functions.
- Functionality Cookies: These cookies remember the user’s settings and preferences when using the website, so they do not have to be re-entered during the next visit.
- Performance and Statistical Cookies: These cookies collect information about visitors’ usage habits, such as which pages were viewed and the duration of a session. The Data Controller uses Google Analytics, which collects data with cookies and generates statistical reports on website usage without identifying individual visitors. The purpose of these cookies is to improve the user experience on the website.
- Advertising and Marketing Cookies: These cookies help display ads relevant to the visitor’s interests and increase the effectiveness of marketing activities. For example, they may remember the visitor’s recent searches, previous interactions with ads, and visits to advertisers’ websites.
The characteristics of cookies used on the website:
Cookie | Domain | Description | Duration | Type |
---|---|---|---|---|
_ga_* | .peo-services.com | Google Analytics sets this cookie to store and count page views. | 1 year 1 month 4 days | Analytics |
_ga | .peo-services.com | Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site’s analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors. | 1 year 1 month 4 days | Analytics |
Visitors can modify or withdraw their consent to the use of cookies at any time. Browsers allow for the modification of cookie settings or their deletion. Further information on managing cookies can be found for the following browsers:
12. Protection of Personal Data
The Data Controller ensures the security of personal data during storage and processing with measures appropriate to the current level of technology, such as using firewalls. These measures prevent unauthorized access and unauthorized modification or alteration of data.
The Data Controller ensures that the expected level of security is maintained during data processing.
13. Rights and Remedies Related to Data Management
As a data subject, you have the right to request access to your personal data, rectification, deletion, or restriction of processing, and to object to the processing of your personal data.
You have the right to receive feedback from the Data Controller as to whether your personal data is being processed. If data processing is in progress, you have the right to be informed about the purposes of the data processing, the categories of personal data concerned, the recipients of the data, and the planned storage period (or the criteria for determining it).
The Data Controller is obliged to provide you with a copy of the personal data undergoing processing upon your request. The first copy is free, but the Data Controller may charge a reasonable fee for additional copies based on administrative costs. In the case of electronically submitted requests, the information must be provided in electronic form unless you request otherwise.
Personal data must be deleted if:
- The data is no longer necessary for the original purpose.
- You withdraw your consent, and there is no other legal basis for processing.
- You object to the processing, and there are no overriding legitimate grounds for processing.
- The data has been unlawfully processed.
- The data must be deleted to comply with a legal obligation.
- The data was collected in relation to the offer of information society services directly to a child.
You may request the restriction of processing if:
- The accuracy of the data is contested, and the restriction applies for the period necessary to verify the accuracy.
- The processing is unlawful, but you oppose the deletion and request the restriction of use instead.
- The Data Controller no longer needs the data, but you require it for legal claims.
- You have objected to processing pending verification whether the Data Controller’s legitimate grounds override yours.
You have the right to receive your personal data held by the Data Controller in a widely used, machine-readable format and to transfer it to another data controller.
You have the right to object to the processing if it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller or for the purposes of the legitimate interests pursued by the Data Controller or a third party. In this case, the Data Controller may only continue to process the data if it demonstrates compelling legitimate grounds for the processing.
For direct marketing purposes, you can object to the processing of your personal data at any time.
If a data protection incident occurs and poses a high risk to your rights and freedoms, the Data Controller will notify you without delay.
To exercise the above rights, you can submit a request to the Data Controller (TILEA HR and Financial Services Ltd., HU-2318 Szigetszentmárton, Templom Street 3., Hungary, phone: +36 70 371 6908, email: info@tileagroup.com). The Data Controller will inform you of the measures taken without undue delay, but no later than one month from receipt of the request.
Depending on the complexity of the request, this period may be extended by a further two months, in which case the Data Controller will inform you within one month, stating the reasons for the delay.
If the Data Controller does not take action on your request, it will inform you of the reasons for the refusal without delay, but no later than one month. You may file a complaint with the National Authority for Data Protection and Freedom of Information or seek judicial remedy.
Contact details of the Authority: postal address: 1530 Budapest, Pf.: 5., phone number: +36 (1) 391-1400, email: ugyfelszolgalat@naih.hu, website: http://naih.hu.
You may also bring an action against the Data Controller if your rights have been infringed. The court has jurisdiction over such matters, and the action may be brought before the court of your place of residence or stay. The Authority may intervene in the proceedings in favor of the data subject.
If you have a complaint regarding the processing of your personal data, please contact the Data Controller first before taking other legal steps.