Linistry Zrt. as a data controller is accepting as mandatory the content of the present legal announcement. It guarantees that every data processing related to its activity complies with the content of the present policy and the Hungarian national law in force and the requirements specified in the legal acts of the European Union, with special regard to the 2016/679 general data protection decree of the European Parliament and the Council (EU) (further on: GDPR).
This policy covers rights of the data subjects, measures undertaken, data collected and legal grounds of collection.
The actual version of the policy is accessible on https://landing.linistry.com/en/page/privacy_policy.
Linistry Zrt. is committed to protect the personal data of its customers and partners, it is outstandingly important to respect the self-determination right of the clients. Linistry Zrt. is handling the personal data confidentially and takes all the security, technical and organisational measures that guarantee the safety of the data.
Should you have a question in connection with the present announcement, please write to us at firstname.lastname@example.org.
Linistry Zrt. is hereby presenting its data processing practice.
Who are we?
Our objective is to make waiting fun and useful, cut down waiting times and phyisical queuing. Our queue management service helps thousands of people save time and effort every day.
Name: Linistry Zrt.
Seat: 2234 Maglód, Gábor Áron u. 38.
Company registration number: 01-10-140177
Name of the registering court: Fővárosi Törvényszék Cégbírósága (Company court of the metropolitan court)
Tax number: 26651929-2-41
Legal representative: Kövesdán Gyula György, CEO
Phone number: :+ 36 70 249 9060
E -mail: GDPR@linistry.com
General data processing principles
If the data processing of Linistry Zrt. is based on freely given consent, then the data subjects can withdraw their consent in any phase of the data processing.
If the data processing of Linistry Zrt. is mandatory based on law, then we are notifying the data subjects accordingly.
In case of handling the data subject’s personal is necessary in order to protect vital interests we are performing interest consideration during which:
- we are identifying and recording the righteous interest;
- we are identifying and recording the interests and rights of the data subjects;
- consideration based on the principles of necessity and proportionality, relation to the objective, data economising, restricted storage possibility;
- we are informing the data subjects about the interest consideration.
We are drawing the attention of the parties that are providing data for Linistry that if the personal data supplied by them are not theirs then the data supplier is obliged to obtain the consent of the data subjects.
We continuously assure that our data processing principles are in compliance with the law related to the data processing.
We are drawing your attention that third party (generally our customer who offer our queue management service) as a data controller may collect personal data through our system in which case their own privacy police should apply based on your given consent.
Scope, purpose, legal base and duration of the handled personal data
Data related to the queue management service
The scope of the processed data (it may vary depending on the type of the service):
- phone number
- e-mail address
Legal base of the data processing:
We are collecting the above data for the performance of our contracts (article 6. (1) b) of the GDPR). Specifically, so that we could notify people waiting in Linistry’s virtual queues.
Duration of the data processing:
These data we delete within 48 hours after obtaining them. Linistry is not sending marketing materials after ticket holders receive the service they were queuing for.
Our telecom partners may keep SMS (text messages) for up to 1 year to comply with legal requirements and quality assurance purposes.
Who are we sharing your data with:
We need to share your personal data with telecommunication partners and/or e-mail providers who make sure that the messages we send to you would be routed to your devices. The condition of such data transfer is that our partner commits to the principles and guidelines of GDPR regulations.
What is a Cookie?
A cookie is a small file that is placed onto your device and that is managed by your browser. Cookies were designed for websites to remember information and enable our sites or services to function. For example, cookies enable us to identify your device and enable you to easily share content on our sites and services.
Legal base of collecting cookies
We are collecting cookies based on your given consent (article 6. (1) a) of the GDPR).
The Types of Cookies We Use
Some cookies expire after the end of your browser session (browser close); in order to serve their function, some remain on your computer for a fixed period after you leave the site. An example of a cookie that is stored until you next visit the site is the cookie that remembers which part of our site you last visited.
How You Can Manage Cookies
You can delete cookies from your system, set your browser to warn you about attempts to place cookies on your computer or limit the type of cookies you allow. However, if you limit the ability of our sites and services to set cookies, you may limit your overall user experience, since it will no longer be personalized to you. It may also stop you from saving customized settings. For more information please check your browser’s user manual.
Linistry Zrt. for the processing of the personal data – is selecting the IT tools used for providing the service in such a way that the handled data:
- are available for the authorised parties (availability);
- their authenticity and authentication are assured (authenticity of the data processing);
- the invariance can be proved (data integrity);
- it is protected against the unauthorised access (confidentiality of data).
Linistry is taking proper measures to protect the data against the unauthorised access, modification, forwarding, disclosure, deletion or destruction and the accidental destruction.
Linistry Zrt. is applying technical, organisational and organising measures in order to protect the security of the data processing which provides a proper protection level that corresponds to the risks incurring in connection with the data processing.
During the data processing Linistry Zrt. is preserving
- the confidentiality: is protection the information so that only the authorised parties can have access to it;
- the integrity: it is protecting the accuracy and completeness of the information and the processing method;
- the availability: makes sure that when the entitled user needs it then he/she can have access to the required information and the related instruments are available.
Data transfer, subprocessing
Subprocessors of Linistry:
Linistry Zrt. may involve subprocessors to facilitate its processing duties. Linistry Zrt. will use subprocessors for the following areas and reasons:
- messaging with people queueing (telecom and e-mail providers: Nexmo, Twilio, InfoBip, BIP Communications Kft, Microsoft)
- service infrastructure: Microsoft
For the security of the personal data we are enforcing the following requirements against the data processors.
- The data processor may perform instructions that are set in writing.
- It is mandatory to conclude a written contract between the data controller and the data processor which shall contain the data supplied by the data controller to the data processor as well as the activity the data processor is performing with them.
- The employees dealing with the personal data are obliged to keep confidentiality.
- In order to guarantee the data security the data processor is performing the organising and technical measures.
- The data processor is assisting the data controller in meeting his/her obligations.
- Based on the data controller’s decision the data processor is returning all the personal data to the data controller or is deleting them, deleting the existing copies, except when the member state’s law or the EU law stipulates the storage of the data.
- The data processor helps in and enables the audits, on-site investigations performed by the data controller or with the assistance of the assigned supervisor.
- If the data processor is using another data processor then he/she will be obliged to comply with the same obligations that were created originally through the contract between the data processor and the data controller.
Data transfer to abroad:
In order to be able to deliver messages to end-users’ phones in any country, Linistry needs to involve subprocessors beyond the EEC and needs to transfer them personal data necessary to perform such services.
In the event of data transfer outside the EEC we ensure that data privacy rights of the parties involved are not breached. The guarantee thereof is that we only transfer data outside the EEC in case:
- The European Commission has declared that the third country guarantees sufficient level of protection
- in case of transfer to the USA, the subprocessor or controller guarantees to comply with the Privacy Shield Frameworks or
- the subprocessing partner guarantees data protection via binding company policies
Should the above guarantees be missing, Linistry is authorized to share contents of the messages and data necessary for sending the messages with a third country only in case such transfer is necessary to perform the contract between data subject and data controller.
Rights and right-enforcing possibilities of the data subject
The data subjects has the right to request from the data controller access to and rectification or – except for the mandatory data processing– erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability, right to object in the way specified during the data recording respectively through the above contact possibilities of the data controller.
- Right to be informed
Linistry Zrt. takes proper measures so that the data subjects can clearly understand the information related to the handling of the personal data, the information contained in the GDPR’s articles 13 and 14 and all the information corresponding to the articles 15–22 and 34 in a concise, transparent, understandable and easily accessible way.
- Right of access by the data subject
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the related significant information
The data controller shall provide the information at the latest within one month from submitting the request.
- Right to rectification
The data subject shall have the right to obtain from the controller the rectification of inaccurate personal data concerning him or her and shall have the right to have incomplete personal data completed,
Right to erasure
In case of the occurrence of one of the following reasons the data subject is entitled to ask Linistry Zrt. – if there is no exclusive reason specified by law – to erase the related personal data without undue delay:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed ;
- he data subject withdraws consent on which the processing is based, and there is no other legal ground for the processing ;
- the data subject objects to the processing, and there are no overriding legitimate grounds for the processing ;
- the personal have been unlawfully processed ;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- the personal data have been collected in relation to the offer of information society services.
- Right to restriction of processing
If requested by the data subject Linistry Zrt. is restricting the data processing if one of the following conditions is being met:
- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims ; or
- the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject
- Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
- Right to object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on public interest or entitled through the data controller’s public authority or against the processing required for the enforcing of the interests of the data controller or a third party, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims
- Automated individual decision-making, including profiling
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
- Right to withdraw
The data subject shall have the right to withdraw his/her consent any time.
- Right to contact the court
In case the rights are infringed the data subject shall have the right to contact the court against the data controller. The court will proceed out of turn in this regard el.
- Official data protection proceedings
Regarding the complaints related to data processing you may contact the following organisation.
Name: National Data Protection and Freedom of Information Authority
Seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Postal address: 1530 Budapest, Pf.: 5.
Personal data breach
If the personal data processed by us are access by any unauthorised entity or there was another personal data breach (e.g. unlawful destruction, loss, change) or it is suspected to happen so, then according to the GDPR’s provisions and terms and conditions, without undue delay, where feasible, not later than 72 hours we notify the competent supervisory authority.
After learning about the personal data breach we are immediately take the necessary security measures in order to terminate or restore the damage that forms the base of the data protection incident.
When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, we communicate the personal data breach to the data subject without undue delay.
Regarding the data processing being not listed in the present information we are providing information when recording the data.
We are hereby informing our customers that based on the authorisation of the court, the prosecutor, the investigating authority, the contravention authority, the public administration authority, the National Data protection and liberty of information authority, the National Bank of Hungary respectively the law other organs may contact the data controller in order to provide information or data, transfer data respectively to provide documents.
Linistry Zrt. is supplying the authorities with personal data – if the authority has specified the exact purpose and the scope of data – in an extent that is indispensably required to realise the objective of the contacting.
Date of last update: 30th October, 2019