Privacy Notices

Privacy Notice - Processing of data related to invoicing

 

General provisions

Name of data controller (hereinafter: Company):

Company name: DEBRECEN INTERNATIONAL AIRPORT Kft.
Seat: 4030 Debrecen, Repülőtéri út 12.
Mailing address: 4002 Debrecen, Pf.: 187.
Tax number: 11554235-2-09
Company register number: 09-09-005171
Commercial court of registration: Commercial Court of the Debrecen Court of Justice

E-mail: @
Availability concerning data protection: @
Telephone: +36 52/521-192

The Company pays great attention to the protection of personal data provided by the visitors to the internet website it operates (hereinafter: Website), and to ensure visitors the right of informational self-determination.

The purpose of the present Notice is to provide adequate information to visitors of the website (hereinafter: visitors) on the data the Company processes, the data type, availability, as well as the purpose and period of data processing. The Company
processes only such personal data that are necessary for the purposes of the given data processing and it does not collect special data under any circumstances. The Company processes personal data only with the prior consent of the data subject, or on the basis of legislation.

The Company based its data management processes on the following legislation:

  • Regulation (EU) of the European Parliament and of the Council of 27 April 2016
    on the protection of natural persons with regard to the processing of personal
    data and on the free movement of such data, and repealing Directive 95/46/EC
    (General Data Protection Regulation, hereinafter: GDPR);
  • Law CXII of 2011 on the right to self-determination as regards information and
    freedom of information (Infolw);
  • Law C of 2003 on electronic communications
  • Law CLXV of 2013 on complaints and notices of public interest (Complaintlw);

Glossary

Personal data – Any information relating to an identified or identifiable natural person („data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data processing – Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Legal basis for the processing of personal data – Personal data can be processed if

  • if the data subject has consented to the processing of personal data for one or
    more specific purposes
  • it is necessary for the performance of a contract where the data subject is one
    of the contracting parties or the data subject initiates the conclusion of a
    contract
  • the processing of personal data is necessary to fulfil the legal (statutory)
    obligation of the data controller
  • the processing of personal data is necessary in order to protect the vital interest
    of the data subject or another person
  • the processing of personal data is necessary due to public interest or the
    exercise of public authority, or
  • the processing of personal data is necessary for the purposes of the legitimate
    interests pursued by the data controller or by a third party.

Data subjects’ rights in relation to data processing

Right to prior information – The data subject shall have the right to be informed of the facts and information related to data processing prior to its start.

Right of access –
The data subject shall have the right to obtain confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, to have access to his or her personal data and information relating to the processing of his or her personal data.

Right to rectification –
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her, and – taking into account the purposes of the processing – to have incomplete personal data completed.

Right to erasure – The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her.

Right to restriction of personal data processing – The data subject shall also have the right to obtain from the controller the restriction of data processing, as he or she demands it.

Right to data portability – The data subject shall have the right to receive personal data concerning him or her, which he or she has provided to the Company, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller, if:
- the processing is based on consent or on a contract, and
- the processing is carried out by automated means.

Right to object – The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her.

Data processing at the Company

By using the Company’s website and other services (e.g. registration), you consent to the processing of your personal data. However, you shall have the right to decide not to provide any personal data concerning you to the Company; if that is the case, the website may not function properly, or access to the service may be restricted.

It may happen that the Company carries out certain of its services and campaigns with the involvement of another company, during which personal data is collected. In such cases, the data in question fall under the Company’s right of use and data processing in the same way as in cases when the Company collects such information itself. In cases like the above, the firm involved collects personal data on behalf of the Company, and the provisions of the present Notice also cover such instances.

Cookies

Cookies often store settings related to webpages, such as the default language or location. When you return to the webpage, the browser sends cookies related to that webpage. This allows the website to provide personalised information. Web-based cookies can store many kinds of information, including personally identifiable information.

The Company currently operates the www.debrecenairport.com website (hereinafter: Website). The Website can be used without providing data, to obtain information, and also to report complaints to the Company through the Website.

Certain data and IP addresses of the computer and other devices of the visitors to the Website are logged to record the visit. The data are used by the Company solely for the purpose of compiling statistics, for example to determine how often the Website is visited and how much time each visitor spends there on one occasion. The Company does not associate IP addresses with any other data that could be used to personally identify the visitor.

When certain parts of the Website are downloaded, the Company installs small data files (cookies), which may contain personal data, on the visitor’s computer or other devices in order to record data, identify the visitor and facilitate his or her further visits. The visitor can set the browser used to access the internet to be notified when the Company intends to install a cookie on his or her computer or other devices, and block cookies at any time (depending on the browser, usually in the Tools menu under Settings/Internet settings item). However, when cookies are not accepted, some pages will not work perfectly, or the visitor may not get authorisation to access certain data. The Company uses Google Inc.’s Google Analytics Google service.

The tracking cookie allows Google Inc. to identify you on other websites as well. Google Inc.’s privacy policy is available at the following website: http://www.google.hu/intl/hu/policies/privacy/. Google Inc.’s website has more useful information on Google Inc.’s data activity, the possibility of disabling cookies and personalising ads, which are available here: http://www.google.com/intl/hu/policies/privacy/ads/.

It is not possible to reject the web beacon. Google will use the information obtained to evaluate and analyse the use of the website by the visitor, to compile reports on website activity and to provide other services relating to website activity and internet use.

In the case of data subjects who use the Website only for the purpose of the visit, data processing takes place exclusively to provide them information, during which the Company records the start and end times of their visit and cookies, which it keeps electronically until the purpose of data processing is completed, but not longer than two years.

Online purchase/payment

In order to successfully implement certain services, it may be necessary to transfer the personal data of our visitors to a third party on a temporary basis, if consent is given. On the basis of the above, in the case of online payment, we send the number of the bank card required for payment to the financial institution, through the encrypted channel it provides. The bank card number shall not be retained.

Information on feedback/findings on the website

It is possible to send feedback and request information on the Company’s website, which process involves the provision of the following data: visitor’s name, nationality, gender, e-mail address, postal code, and year of birth. The purpose of data processing is to maintain contact, and its duration is six months at the most.

Applying for a job at the Company

The Company offers the possibility to submit a curriculum vitae on its Website, electronically ( @ ), or in person. With the submission of his or her CV, the data subject consents to the processing of personal data concerning him or her. Consent to data processing may be withdrawn at any time by the job seeker concerned. The purpose of data processing is to select prospective employees suitable to fill vacant posts. The Company stores CVs for the purpose of possible future use, for the sake of the data subject, so that he or she may be notified in the case a position becomes vacant. Data concerning the person concerned shall be stored by the Company for a maximum of six months, after which it is deleted or destroyed. Only the Managing Director of the Company and the person appointed by him or her are entitled to be apprised of the data included in the CVs received by the Company. The type of data are the data provided in the curriculum vitae.

Newsletter

By providing your name and e-mail address, that is, by subscribing, you give your express consent /according to point a) paragraph (1) article 6. of GDPR/ to the Company to send you its latest electronic newsletter to the e-mail address you provided, and to use your name and e-mail address for marketing communication activities in the future.

The Company treats the data provided during subscription confidentially, and hands them over to a third party (hereinafter the Service Provider) only for the time of its sending the newsletters. The professionally competent Service Provider may not store the data or forward them to unauthorised persons, it may only handle them with the right of posting. Your name and e-mail address will be stored and processed for a period of 5 years. Should you not wish to receive more newsletters, or you do not want the Company to use your name and e-mail address for marketing communication purposes in the future, please send an e-mail to the address dpo@debrecenairport.com from the e-mail address you subscribed with, and please write „unsubscribe” in the subject line.

WiFi HotSpot service

The Company provides wireless internet access to visitors/passengers in the area of DEBRECEN INTERNATIONAL AIRPORT upon prior registration, for an unlimited period within one day. To use the service, you need to provide your name, e-mail address and postal code. The purpose of data processing is the information security protection of the Company. The deadline for deleting certain types of data is: the termination of the use of the WiFi service, but not later than 3 years following the start of the service.

Feedback (Write to us!)/Complaints

The Company provides an opportunity for the data subject to share his or her opinion on the services of Debrecen International Airport, by way of one of the following options: e-mail address ( @ ), or by filling in the pop-up window „Write to us!/Share your opinion” and sending it to us. To be able to use the service, you will need to provide your first and last name, country, gender, and e-mail address. In the case of notification by e-mail, you are not obliged to provide the above data, they only serve the accurate investigation of possible complaints and the provision of a response. The opinion thus received and the related data possibly given that cannot be traced back to the given passenger and cannot be linked to his or her name, may also be used by the Data Controller for statistical purposes. There is no data processing when personal opinion is given. The purpose of data processing is to maintain contact with the opinion provider (passenger) and to elaborate development opportunities based on feedback.

Data security

The Company treats the personal data of the data subject as confidential and does not disclose it to a third party without the data subject’s consent, unless required to do so by legislation, for example in the case of an official request. The Company provides visitors the opportunity for safe internet use, it ensures the security of the data provided, and it strives to assure that the data processing is in full compliance with the relevant legislation in force. Furthermore, it shall take the technical and organisational measures and establish the procedural rules that are necessary to enforce the rules on data protection and confidentiality.
The Company shall not transfer data outside the EU.

The Company shall protect the data with appropriate measures against unauthorised access, transmission, disclosure, deletion or destruction, accidental destruction and damage, and inaccessibility due to changes in the technology applied. The Company shall not modify or add other information to the data provided. Personal data may only be accessed by persons holding competent positions.

Personal data breach - means a breach of or damage to security or security measures that leads to or may lead to the accidental or unlawful deletion, destruction, loss, alteration, unauthorised disclosure of Personal Data transmitted, stored or otherwise processed or to unauthorised access to Personal Data. The Company is obliged to notify the personal data breach to the competent supervisory authority within 72 hours after having become aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. The Company shall inform the data subject on the fact of a high-risk personal data breach without undue delay. The Company shall keep records of personal data breach incidents, indicating the facts related to the personal data breach, its effects and the measures taken to remedy it.

Other

If any of our visitors feel that they have further questions in addition to those included in the present Notice, or they encounter problems, or would like to make a comment that is not or not entirely clear to them on the basis of the present Notice, or require explanation, please contact our colleague responsible for personal data protection at the e-mail address below: @

Appeals may be brought before the court with territorial jurisdiction or the National Authority for Data Protection and Freedom of Information (NAIH) (1024 Budapest, Szilágyi Erzsébet fasor 22/C., +36-1-3911400, @  www.naih.hu).

Please note that, according to paragraph (3) article 7 of GDPR, you can withdraw the consent you gave to the processing of your personal data at any time, in the form of a written statement addressed to the Company. Withdrawal of consent shall not affect the lawfulness of consent-based data processing prior to withdrawal.

The Company, as data controller, reserves the right to occasionally review the present Privacy Notice, and to amend it at any time. By using the website, the visitor takes note of the above.

Done on 10 December 2020.