for the protection of personal data of natural persons pursuant to the General Data Protection Regulation 2016/679 of the European Parliament and of the Council (“GDPR”)

Purpose of this Privacy Notice

Ensuring fair and transparent data processing in relation to data processing operations, processes and circumstances related to the provision of services by Espell Zrt.

The controller’s details and contact information
  • Name of the controller: Espell Fordítás és Lokalizáció Zártkörűen Működő Részvénytársaság (Espell Translation and Localization Ltd.)
  • Registered office: 1068 Budapest, Városligeti fasor 24. 1. em. 1. ajtó, Hungary
  • Court of registration: Company Registry Court of Budapest-Capital Regional Court
  • Company registration number: Cg. 01-10-047514
  • Contact details:
    • e-mail: espell@espell.com
    • phone: +36 (1) 239-8043, +36 (1) 201-8575
    • website: www.espell.com
  • Person responsible for data processing: Andrea Téry
  • E-mail address for issues of data processing: dataprotection@espell.com
Definitions
  • dataset means all data processed in a single register;
  • technical processing means the totality of processing operations performed by the processor acting on behalf of, or instructed by, the controller;
  • processor means a natural or legal person, or an organisation without legal personality which, within the framework and under the conditions laid down in an Act or in a binding legal act of the European Union, acting on behalf, or according to the instructions, of the controller, processes personal data;
  • processing means any operation or set of operations performed on personal data or data files, whether or not by automated means; in particular collection, entering, recording, organisation, structuring, storage, adaptation and alteration, consultation, use, retrieval, disclosure, data transfer, dissemination, publication, alignment or combination, restriction, blocking, erasure and destruction, as well as the prevention of the further use of data; taking photos and making audio or visual recordings, as well as the recording of physical characteristics suitable for identification (such as fingerprints or palm prints, DNA samples and iris scans);
  • restriction of processing means the blocking of stored data by marking them with the aim of limiting their processing in the future;
  • record of data processing activities means the record kept by the controller under its responsibility of its data processing activities relating to personal data under its control, personal data breaches and measures taken in relation to the data subject's rights of access;
  • controller means the natural or legal person or organisation without legal personality which, within the framework laid down in an Act or in a binding legal act of the European Union, alone or jointly with others, determines the purposes of the processing of data, makes decisions concerning processing (including the means used) and implements such decisions or has them implemented by a processor;
  • data destruction means the complete physical destruction of the data-storage medium that contains the data;
  • data transfer means making the data available to a specific third party;
  • data erasure means making the data unrecognisable in such a way that restoration is no longer possible;
  • personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised transfer or disclosure of, or unauthorised access to, personal data transferred, stored or otherwise processed;
  • identifiable natural person means a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  • pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
  • recipient means a natural or legal person, or an organisation without legal personality, to which the controller or the processor makes personal data available;
  • EEA State means any Member State of the European Union and any other State Party to the Agreement on the European Economic Area, as well as any other state not party to the Agreement on the European Economic Area whose nationals enjoy the same legal status as the nationals of State Parties to the Agreement on the European Economic Area on the basis of an international treaty between the European Union and its Member States and the state concerned;
  • data subject means a natural person identified or identifiable based on any information;
  • third country means any state other than an EEA State;
  • third party means a natural or legal person, or an organisation without legal personality other than the data subject, controller, processor and persons who, under the direct direction of the controller or processor, carry out operations aimed at processing personal data;
  • authority means the National Authority for Data Protection and Freedom of Information, whose task is to monitor and promote the enforcement of the right to the protection of personal data and the right of access to data of public interest and data accessible on public interest grounds, as well as to promote the free flow of personal data within the European Union;
  • consent means any freely given, specific, informed and unambiguous indication of the data subject's wishes, by which he or she, by a statement or a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
  • joint controller means the controller which, within the framework laid down in an Act or in a binding legal act of the European Union, jointly with one or more other controllers, determines the purposes and means of processing, and, jointly with one or more other controllers, makes decisions concerning processing (including the means used) and implements such decisions or has them implemented by a processor;
  • sensitive data means all data falling within the special categories of personal data, that is, personal data revealing racial or ethnic origin, political opinion, religious belief or worldview, or trade union membership, as well as genetic data, biometric data for the purpose of uniquely identifying a natural person, health data or data concerning a natural person’s sex life or sexual orientation;
  • international organisation means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more states;
  • disclosure means making the data accessible to anyone;
  • profiling means any form of automated processing of personal data which is aimed at evaluating, analysing or predicting certain personal aspects relating to a data subject, in particular aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
  • personal data means any information relating to the data subject;

Data security
  • For all its processing operations, the controller shall take all technical and organisational measures to ensure the security of personal data that safeguard the rights of data subjects beyond legal and IT aspects. To this end, it has established specific policies for both employees and persons performing IT tasks, which form part of the documentation for the information security management system of the controller.
  • The controller prevents accidental or unlawful damage, alteration, destruction, loss, unauthorised disclosure of or access to personal data by internal procedures and measures.
  • The controller protects its IT system with a regularly updated firewall and virus protection.
  • The controller ensures adequate physical and administrative protection of the data and the media and documents carrying them. Access to data, files and documents relevant to the work in progress is restricted to the authorised persons concerned. Paper files containing personnel, payroll, employment and other personal data are physically locked away in a secure place.
  • When processing personal data by automated means, the controller and the processor take additional measures to:
    • prevent the unauthorised input of data;
    • prevent the use of automated data processing systems by unauthorised persons using data transmission equipment;
    • ensure the verifiability and ascertainability of the entities to which personal data have been or may be transferred using data transmission equipment;
    • ensure the verifiability and ascertainability of which personal data have been entered into automated data processing systems, when and by whom;
    • ensure the recoverability of the installed systems in the event of a failure, and
    • report errors that occur during automated processing.
  • The controller also ensures the security of personal data by operating a certified international ISO/IEC 27001-based information security management system within the controller's organisation.

Rights of the individuals concerned

Right to prior information

  • The individual concerned has the right at any time to obtain intelligible information about the facts and information relating to the processing. This right shall also apply prior to the start of the processing.

Right of access

  • The individual concerned has the right to obtain from the controller a concise and intelligible answer as to whether his or her personal data are currently being processed. Where that is the case, the data subject has the right to access personal data concerning him or her and related information as defined in the EU Regulation (GDPR).

Right to rectification

  • The individual concerned shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. The data subject shall have the right to have inaccurate or incomplete personal data amended or completed.

Right to erasure / ‘right to be forgotten’

  • The individual concerned shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data concerning the data subject without undue delay in certain cases (as determined in the GDPR).
  • This right of the data subject applies in particular to personal data processed on the basis of his or her consent. In certain other cases, such as data processed to comply with a legal obligation, this right is explicitly limited.

Right to restriction of processing

  • The data subject shall have the right to obtain from the controller restriction of processing if certain conditions (as specified in the GDPR) are met. This category of cases is mostly used to record a specific processing situation, which may be a precursor to a dispute or the specific dispute itself.

Notification obligation regarding rectification or erasure of personal data or restriction of processing

  • The controller shall inform all recipients to whom the personal data have been disclosed of any rectification, erasure or restriction of processing. Exception: this obligation cannot be expected to be fulfilled if it proves impossible or requires disproportionate effort.

Right to data portability

  • The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.

Right to object

  • The individual concerned shall have the right to object to the processing of his or her personal data at any time if
    • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or
    • processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.

Automated individual decision-making, including profiling

  • The individual concerned shall have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning him or her or similarly significantly affects him or her. The individual concerned can then request manual, human intervention and decision-making.

Communication of a personal data breach to the data subject

  • When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.

Right to apply to a public authority

  • Every individual concerned shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the General Data Protection Regulation.

Right to an effective judicial remedy against a supervisory authority

  • All natural and legal persons shall have the right to an effective judicial remedy against a legally binding decision of a supervisory authority concerning them.
  • This right also applies where the supervisory authority does not handle a complaint or does not inform the data subject within three months on the progress or outcome of the complaint lodged.

Right to an effective judicial remedy against a controller or processor

  • Every data subject shall have the right to an effective judicial remedy if he or she considers that his or her rights have been infringed as a result of the processing of his or her personal data in non-compliance with the General Data Protection Regulation.
  • You have the right to lodge a complaint with the supervisory authority (the Hungarian National Authority for Data Protection and Freedom of Information, abbreviated as NAIH; www.naih.hu; H-1055 Budapest, Falk Miksa utca 9-11), if you consider that the processing of the personal data related to you infringes the General Data Protection Regulation of the European Union (GDPR) or the effective Hungarian laws on data processing.

pricing

Our pricing is always custom-tailored to your needs.

We apply industry best practices to provide transparent and adaptable metrics and pricing.
Request pricing

"As a localization partner for clients in the field of PR and advertising, it is very important to be flexible, creative, open and proactive, while serving the client's needs in all aspects and tailoring new strategies, workflows and pricing structures to the actual needs. When our client asked for a complex technical and localization solution different from previous tasks, based on regular and close consultations with the client, we worked out an effective technical workflow and at the same time an attractive pricing structure that would allow us to offer an efficient solution for handling new file formats and high volumes, as well as to introduce new language combinations, according to the criteria specified. Keeping in mind the aspects of our long-term cooperation, our goal was not only to offer an effective solution to the client's needs in the actual project, but also to be applicable in the long term when similar tasks arise."

Ágnes Kovács
client services manager

Get in touch!

Visit your dashboard

Get a quote, send a request

If you already have access to espell's Client Portal, you can enter here.
Log in
Contact us

Talk to an expert!

For expert localization advice or more information, please contact us.
Contact us
DE