Privacy Policy

Loxon Solutions Zrt
Company registration number: 01-10-047809
Registration authority: Company Registry Court of the Metropolitan Court of Budapest
Tax number: 14356933-2-41
Registered office: 1134 Budapest, Lőportár utca 20/b.
Mailing address (place of data processing): 1134 Budapest, Lőportár utca 20/b.
Telephone: (+36)-1-789-0626
Email: office@loxon.eu

Registration numbers for the purpose of data processing issued by the National Authority for Data Protection and Freedom of Information: NAIH-107805/2016 and NAIH-108914/2016

Privacy Notice

1. General information
1.1. As of May 25, 2018, the General Data Protection Regulation of the European Union 2016/679, the GDPR, which extends the scope of personal data protection previously provided by the Info Act, on the right of information self-determination and freedom of information, is mandatory. on CXII of 2011 law is also provided. The essence of the law is that the processing of personal data is subject to strict conditions, and in case of non-compliance the criminal organization may be subject to severe sanctions, therefore the nature of the data processed in the organization, its processing and its compliance and security must be assessed. The scope of the GDPR extends also to our company, so we issue this policy on the rules governing the processing of personal data of third parties.
1.2. During the necessary processing performed by our company, we pay special attention to the protection of the personal and sensitive data our company receives.
1.3. Our company pays special attention to the observance of the provisions of the applicable laws when processing personal data. Our company processes personal data confidentially and takes all technical and security measures that guarantee the security of the data. Our company’s Privacy Policy is in compliance with the applicable data protection laws, in particular:
  • REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 Privacy Policy) (before and after: GDPR)
  • Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (before and after: Info tv.)
  • Act C of 2000 on Accounting (hereinafter: Accounting Act)
  • Act CVIII of 2001 on Certain Issues of Electronic Commercial Services and Information Society Services.
  • Act I of 2012 on the Labor Code
1.4. “Data management” means any operation or combination of operations on personal data, including the collection, recording, filing, sorting, storing, altering or altering, retrieving, accessing, using, communicating, distributing or otherwise making available, coordinating or linking, restriction, deletion or destruction.
1.5. “Personal data” means any data that can be linked to any specific (identified or identifiable) natural person, and the conclusion that can be drawn from the data is relevant to the data subject. The data transmitted by the electronic surveillance system at our headquarters (footage) is considered to be the personal data of the person recorded. Personal data will retain this quality during data management as long as the relationship with the data subject can be restored. In particular, a person shall be considered identifiable if, directly or indirectly, he or she is identifiable by name, identification mark or one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity.
1.6. Special data on racial origin, national and ethnic minorities, political opinions or parties, religious or other beliefs, membership of an organization representing interests and health, pathological passion, sex life, and criminal personal information.
2. Purpose of the prospectus
The purpose of this Privacy Notice is to make transparent, as a data controller, the procedures of data processing followed during contacting us, the enforcement of principles and rules relating to the protection of individuals with regard to the processing of personal data, regardless of their nationality or place of residence. It is a fundamental objective of our company to respect the fundamental rights and freedoms of these individuals, in particular with regard to their right to the protection of their personal data.

3. Rights of the data subject

3.1. Right to information
The data subject has the right to transparent information, the processing of his/her data and the exercise of his/her rights in relation to the processing of his/her data. Our company complies with this obligation by publishing this prospectus on its website.
3.2. Access right
The data subject shall have the right to receive feedback from the controller as to whether personal data are being processed and, if so, to have access to the personal data and information relating to the processing thereof.
3.3. Right to rectification
If the data of the data subject changes or is incorrectly recorded, the data subject shall have the right to rectify any inaccurate personal data concerning him or her upon request without undue delay.
3.4. Right to delete
In cases specified by law (Article 17 of the GDPR), the data subject may request the deletion of data processed by our company.
3.5. Right to restrict processing
In cases specified by law (Article 18 GDPR), the data subject may request a restriction on the processing of personal data by us.
3.6. Right to object
In the case of data processing based on a legitimate interest, the data subject may object to the processing of the data. In this case, our company shall not further process your personal data unless we demonstrate that the processing is justified by compelling legitimate grounds that override the interests, rights and freedoms of the data subject, or that are related to the filing, enforcement or defense of legal claims.
3.7. Right to portability
The data subject is entitled to provide our company with their personal data processed in an automated way in connection with data processing activities based on consent or the performance of the contract to the company or another data controller designated by him.
3.8. Right to complain
The data subject is entitled to lodge a complaint with the supervisory authority if he/she considers that the processing of his/her personal data is in breach of the GDPR. See section 7 of this prospectus for further details on the possibility of enforcement.
4. Types of processing
4.1. Personal details of job applicants
Our company processes the following information of persons applying for our job advertisements:
Processed dataPurpose of the processingLegal basis for processingDuration of processingThe scope of the persons eligible for processing
nameThe data will be processed solely for the purpose of examining the employability of the candidate on the basis of application, voluntary disclosure and, if the candidate is fit for purpose, our company will establish an employment relationship with the applicant.Article 6(1b) of GDPR: the fulfilment of contractThe data of candidates who are not contracted for employment will be retained and maintained in our database for a period of 3 years from the date of their last contact, in order to re-establish contact with them to fill any new positions that may be opened. The personal data of the data subject will then be deleted.

The data of candidates data with which the employment contract is concluded will be processed in accordance with our company’s internal data management policies.

Colleagues dealing with HR and selection
place and date of birth
place of residence
e-mail addressArticle 6 (1a) of GDPR: the consent of the data subject
phone number
education
job information
knowledge of foreign languages
photo
data on the results of online and personal tests completed by job applicantsArticle 6 (1a) of GDPR: the consent of the data subject
other information typically included in the CV, such as publications, professional recognitions, references, leisure activities
Not all of the information listed above is necessarily processed by our company, but there are data that you must provide in order to be able to work at our company.
Our company is not responsible for any specific information provided to it without your explicit request (those included in the CV), so please do not request the employee to provide such information unless explicitly requested. Please be advised that our company requires a moral certificate only if and when we provide our services to partners who require a clear moral certificate for all employees involved in the projects. Our company does not require a moral certificate when establishing an employment relationship. No other specific information is requested or processed.
When applying for a job, it is possible to make a recommendation or a reference issued by someone else (e.g. your former employer). However, in this case, it is the job and responsibility of the applicant to obtain the consent of the issuer to share this recommendation or reference with others.
Our company informs the candidates about the processing according to this section and the details thereof during the job advertisement.
With the declaration (the check of point regarding privacy policy) made at the same time as submitting any personal information or any document containing such information (such as the CV) to our company or to job portals, you accept the privacy policy of our company and declare that you understood and acknowledged the information contained herein and declare that you voluntarily provide your information and that you expressly consent to this data processing in accordance with this information. You can submit your personal information, job applications and CVs through the following channels:loxon.eu Career site;
  • www.loxon.eu Career site;
  • via jobs@loxon.eu;
  • personally at our own and external events, conferences, job fairs, university presentations, competitions, and other events where our company appears as an exhibitor, sponsor or participant;
  • by post or in person at our company premises and offices;
  • In electronic or paper mail sent to our employees;
  • through job portals (especially Profession, LinkedIn).
If this brochure mentions an application or curriculum vitae, it means your curriculum vitae and cover letter, the attached reference and other documents, together with their full content.
4.2. Pool databases
4.2.1. Talent pool
The HR area organizes and sponsors events to make our company known to potential employees and to build their talent pool database with their input. Our company will later inform those included in the talent pool database about vacant positions and professional events. The recording of your data in the talent pool database are made possible through your consent on the following channels:
• Self-organized events, competitions
• Third-party events, contests
• Website
In the talent pool database, our company processes data as follows:
Processed dataPurpose of the processingLegal basis for processingDuration of processingThe scope of the persons eligible for processing
namenotification of vacant positions and professional events, keeping contact to establish employment relationship;Article 6 (1a) of GDPR: the consent of the data subjectUntil the withdrawal of the data subject’s consent, but also in the absence thereof, for a maximum period of 3 years from the last contact.HR staff
date of birth
e-mail address
phone number
degree (university, major, year of graduation)
When supplying data on our Company’s website, the data subject may also upload his or her CV, which, with the consent of the data subject, will be processed by our company in conjunction with the above data.
4.2.2. Client / Partner pool

The Marketing and Sales Area organizes and sponsors events, as well as creates and makes contents available in order to raise awareness of potential clients and partners in our company and to build a client / partner pool database from the data of their representatives and contact persons that they share with us. Our company notifies those included in the client / partner pool database of sales of our products and services and professional events and contents. The recording of the data in the client / partner pool database are made possible through the following channels:

  • Self-organized events
  • Third-party events
  • Our company’s website
In the framework of the partner pool database, our company processes data as follows:
Processed dataPurpose of the processingLegal basis for processingDuration of processingThe scope of the persons eligible for processing
nameNotification of the sale of our company’s products and services and of professional eventsArticle 6(1f) of GDPR: the legitimate interest of our companyWithin 30 days of becoming aware of loss of contact quality.Marketing and sales staff
company name
position occupied
e-mail address
phone number
4.3. Partner contact information
In order to maintain contact with our non-individual business partners (customers, suppliers), and to conclude and facilitate the execution of contracts, our company processes the personal data of our partner contacts as follows:
Processed dataPurpose of the processingLegal basis for processingDuration of processingThe scope of the persons eligible for processing
nameFacilitating communication with a client, business partner, concluding and executing contracts, and enforcing claims and rights under the contractArticle 6(1f) of GDPR: the legitimate interest of our companyIf the information is in the contract, 5 years from the date of termination of the contract. In other cases, 30 days from the date of termination of the contact qualitymanagement, sales and marketing manager, staff involved in the project
e-mail address
phone number
position
Skype name
LinkedIn Profile
The personal information defined above is that of an employee of our non-individual contractual partner, so personal information will be transferred to our company by our contractual partner to the extent necessary to maintain contact. In this case, our contracting partner obtains and processes the personal data based on Article 6(1b) of GDPR andSection 10(1) of Mt., while our company receives and processes them according to Article 6(1f) of GDPR, for the legitimate interest of our contractual partner or our company to the extent necessary and for a period appropriate. With regard to the reference to Article 6(1f) of the GDPR, our company specifically documents that the enforcement of the legitimate interest of our contractual partner or our company has a distinct advantage over to the individual’s right to dispose of the employee’s personal data, as this is a necessary and proportionate restriction on the employee’s position.
4.4. Electronic surveillance system
Our company operates an electronic surveillance system (surveillance system) for the protection of our headquarters, branch and branch, the prevention of business information, documents, property protection and the prevention, elimination of consequences, assistance in the investigation, detection of violations and actions of the perpetrator. placed cameras.
Our company does not have a camera that monitors only one employee and the activity they perform, or that is intended to influence the employee’s behavior. Our company does not conduct surveillance in rooms where this could violate human dignity. This applies in particular to toilets, but also to rooms where workers are on breaks.
The detection of infringements, the perpetrator’s actions and the prevention, detection and detection of these offenses cannot be achieved by any other means, nor shall the use of these technical tools be strictly necessary and shall not entail a disproportionate restriction on the right to self-determination.
Our company places warning signs at the entrance of every room where it is monitored.
For the surveillance of space, the Szvmt. shall be carried out in accordance with its provisions.
The camera image is transmitted and recorded on the IT server through a closed system for the period of time specified in this policy and only the designated staff member has access to it. The cameras do not record sound.
In connection with the operation of surveillance cameras, our company processes data as follows:
Processed dataPurpose of the processingLegal basis for processingDuration of processingThe scope of the persons eligible for processing
imageprimarily the protection of human life, physical integrity, personal liberty and propertyArticle 6(1f) of GDPR: the legitimate interest of our company3 business days after recordingCOO

The angle of view of the cameras can only be focused on the target area. Thus, we only observe our own property or the area in use, which focuses on the following areas:

Location of camerasObserved area
HQ entrance doorHQ entrance door
HQ emergency exitHQ emergency exit
HQ server room 1HQ server room entrance door
HQ server room 2HQ server room emergency exit
DC entrance door 7DC entrance door 7
DC emergency exit 7DC emergency exit 7
DC server room 7DC server room 7 entrance door
DC 1 lobby 1DC 1 west entrance + security grille
DC 1 lobby 2DC 1 east entrance + security grille
DC emergency exit 1DC emergency exit 1
DEB entranceDEB entrance
DEB server roomDEB server room

HQ = 1134 Budapest, Lőportár utca 20/b 4th floor

DC 7. = 1134 Budapest, Dévai utca 26-28. 7th floor

DC 1. = 1134 Budapest, Dévai utca 26-28. 1st floor

DEB = 4025 Debrecen, Simonffy utca 2/A.

In addition to the cameras mentioned above, the office building that houses our company also operates a closed-circuit camera system. The operation of these cameras is performed by the office building operator, and our company does not have the right to monitor the image of the cameras and to check any pictures that may be recorded. It is the responsibility of our office building partner to comply with legal requirements regarding the protection of data processed during the operation of the cameras, for which our company does not take any responsibility. Based on the above, our company does not handle data management with respect to the surveillance cameras installed by the office building operator.
4.5. Access to partner databases while providing the service
While providing services to our partners, our company or employees do not, in principle, have access to personal information, given that our contracts state that the partner is required to provide a test environment and may only give us access to depersonalized data.
However, if a partner gives access to live data, or give a command, the performance of which requires access to or processing of personal data, the partner shall be responsible for such activities, especially as our company will only act as data processor in these partnerships.In the latter case, our company concludes a data processing contract with the given partner; its activities are determined by the provisions of this data processing contract, and in no case does it carry out independent data processing.
The data provided to us in the context of our data processing activities will be processed as follows:
Processed dataPurpose of the processingLegal basis for processingDuration of processingThe scope of the persons eligible for processing
It varies according to the service provided to the partner, and the scope of the actual data is specified in the data processing contract concluded with the partner.Processing of data to fulfill a service contract with our partner.Article 6(1b) of GDPR: the fulfilment of contractUntil the service is completed.management, sales and marketing manager, project staff, COO

4.6. Image and video recordings

At the headquarters and establishments, branches of our company as well as at events and other programs organized by our company, image and video recordings can be made.
The recordings are made for the purpose of promoting our company marketing and advertising activities and for promoting our work in the company, so the pictures and video recordings are published especially on our own websites, other web interfaces, online press and social media platforms (Facebook, LinkedIn, Instagram, Twitter, etc.), and may be published and communicated to the public in the printed press, in any advertising material or leaflets.
With respect to the processing of these recordings as personal data, our company proceeds as follows:
Processed dataPurpose of the processingLegal basis for processingDuration of processingThe scope of the persons eligible for processing
imagemarketing and advertising activityArticle 6 (1a) of GDPR: the consent of the data subjectUntil the consent of the data subject is withdrawn. Processing may continue only for as long as the data can be reasonably used for the purpose of processing, even without the withdrawal of consent.HR staff

The data subject explicitly consents to the processing by participating in the event. If they do not wish to be included in this recording, please indicate clearly. If they for the deletion of recordings, we will do so immediately from our own database, however, the deletion of recordings that may have been printed or placed on social media platforms must be requested from directly the given organization by the data subject.

4.7. Contact details in case of emergency

In the event of an emergency, we ask our employees to provide us with contact details through which they may inform the affected person about the circumstances affecting the employee in the event of an emergency. In this scope, our company processes data as follows:

Processed dataPurpose of the processingLegal basis for processingDuration of processingThe scope of the persons eligible for processing
namecontact and informationArticle 6(1f) of GDPR: the legitimate interest of our companyUntil the termination of employment of our employeeHR staff
contact

In the case of an emergency contact, it is the job and responsibility of the employee to obtain the consent of the person concerned to share their information with our company. According to Article 6(1f) of GDPR, our company receives and processes the data for the legitimate interest of our employee to the extent necessary and for a period appropriate.

4.8. Alumni Program

Our company is aiming to maintain the contact with our employees – depending on their interest in this regard – even after the termination of their employment. To this end our company has established the Alumni Program for our former employees, in the framework of which we regularly inform the members about the events and occasions organised by our company, and also offer the opportunity to participate in them. Our former employees are free to decide to participate in the Alumni Program, and we make inquiries only to those of our former employees who have given their express consent thereto.

We provide the opportunity to enter the Alumni Program through the registration surfaces available on our company’s website. In order to participate in the Alumni Program, during the registration our company requests the consent of the data subject to the processing of their personal data as follows:

Processed dataPurpose of the processingLegal basis for processingDuration of processingThe scope of the persons eligible for processing
namekeeping contact and provide informationArticle 6 (1) a) of GDPR: the consent of the data subjectUntil the withdrawal of the data subject’s consentHR staff
e-mail address
phone number
period of employment at our companystatistical purposes

The consent given to participate in the Alumni Program and to receive newsletters may be withdrawn at any time by sending an e-mail to marketing@loxon.eu or a mail to the registered office of our company, or by clicking on the “I am deleting myself from the Alumni Program” or “I unsubscribe from the newsletter” links at the bottom of the information e-mails sent under the Alumni Program.

4.9. Cookies

Similarly to many other websites, our company uses cookies, which require explicit prior consent for the first visit to the site, in order to improve the user experience and optimize marketing communications.
Cookies are data that are temporarily stored on your browsing device by your browser and may be transmitted to your device when you use our website. This includes the user’s IP address, browser type, the device’s operating system characteristics, visit duration, page visited by the user, sub-page, the function used, and time spent on the website. Cookies do not contain any personal information and they are not suitable for identifying individual users, they are not linked to the personal data. Cookies are small files that do not damage the user’s device and do not contain any virus or malware. Some cookies are automatically deleted after a site is closed, while others are stored on the user’s device for a longer period of time, depending on what setting the user applies in his or her browser.
Our company’s website uses only its own cookies (cookies) which are necessary for the operation of the website and are of a temporary nature. In addition, the website uses partner cookies (cookies) operated by our partners entrusted with various services for website analytics and personalized marketing communications. This site uses the following partner cookies and other similar programs:
  • Google AdWords remarketing, e-DM retargeting and display/banner retargeting and search remarketing
  • Google Analytics service
  • Facebook service
  • LinkedIn service
  • Google Tag Manager
  • Instagram service
  • Twitter service
Acceptance of cookies is not obligatory and may be restricted or prevented by the user, however, in this case you may not be able to use certain functions of the website. By changing your browser settings, you can enable or disable cookies on the websites you visit. If you would like to disable cookies, please refer to your browser user guide or help and take the necessary steps.

5. Data transfer

5.1. By accepting these terms and conditions, you consent to data transfer to the following partners and authorities.
5.2. In the case of transfer of data abroad, the level of data protection in the third country to which the personal data are transferred may be lower than in the European Union. You acknowledge and expressly consent, when making contact, that your personal information may be accessed or transmitted by employers in such third countries. You must contact the employer, sponsor or, where applicable, the third party to prohibit their data processing.
5.3. We will not transfer sensitive data to any third party in writing or verbally, nor do we create the possibility for any third party to access sensitive data in any way.
5.4. Data transfer for each type of data processing:

5.4.1. Personal details of job applicants:

  •  The IT background of the online test to be filled in during the job application is provided by our business partner, the Business Case Society Korlátolt Felelősségű Társaság (company registration number: 01-09-175725, registered seat: 1076 Budapest, Thököly út 42. V. em. 33.). During the registration process in the system and in connection with the completion of the test, our partner as data processor processes the following personal data of the data subject: name, e-mail address.

5.4.2. Pool databases

5.4.2.1. Talent pool:
  • Our company is a graphic and printing contractor for subcontracting prizes, awards, gifts.
5.4.2.2. Partner pool:
  • To send invitations for the events of our companies by event organizers and subcontractors.
  • To handle VIP client invitations for the given conference sponsored by our company organized by event organizers and subcontractors.
  • The graphical and printing subcontractors of our company to address client gifts.

5.4.3. Partner contact information:

  • To send invitations for the events of our companies by event organizers and subcontractors.
  • To handle VIP client invitations for the conferences organized by event organizers and subcontractors.
  • The graphical and printing subcontractors of our company to address client gifts.
  • Subcontractors employed in the implementation and maintenance of our products.
  • Subcontractors working closely with our company in day-to-day customer management.
  • Potential partners during the bidding process for reference – only with prior consent.
  • Case studies, research companies, content production companies for reference publication – only with prior consent.
  • Research institutes for conducting customer satisfaction surveys.

5.4.4. Electronic surveillance system

  • Our company transfers the recorded footage to third parties only in cases defined by law (e.g. to the police, labor safety authority).

5.4.5. Access to partner databases while providing the service

  • Subcontractors employed in implementing our own products.
  • Subcontractors working closely with our company in day-to-day customer management.

5.4.6. Image and video recordings

  • Specialized in the production of content in the case of the marketing use of recordings
  • subcontractors (marketing agency, graphic artist, printing house, etc.).

6. Data security

6.1. To protect the privacy of our personal information, our Company has in place technical and procedural rules that prevent unauthorized access, alteration or transmission, deliberate and accidental deletion or destruction of such information.
6.2. Incoming CVs are stored on our own network drives in an encrypted folder, which is accessible only to our company selection staff. In addition, our company records the applications in a data summary file, which is also stored on the aforementioned drive.
6.3. The data of our Partners, Clients and interested parties are recorded and managed in the HubSpot. You can find more information about HubSpot’s privacy
policy at: https://legal.hubspot.com/privacy-policy http://content.trust.salesforce.com/trust/en/learn/compliance
6.4. Please be advised that our company concludes an agreement with any partner to whom it transfers personal data or that provides our company with data processing activities. In order to increase the security available when processing your data, our company obliges this partner to carry out its activities in accordance with the Privacy Policy.
6.5. In addition to the above, our company conducts quarterly audits to verify if the requirements of these and the related internal policies have been met, any data protection incident has occurred, the requests for data processing (including deletion) has been performed, or whether there have been any circumstances that may affect the data processing. Through this periodic review, our company aims to promote the security of personal data and the most appropriate management of data.

7. Control

7.1. We expressly state that the monitoring and control regulated herein will be carried out solely for the specific purpose to be achieved, when the economic interests of our company, any employee of our company (especially property protection) or one of our partners are justifiable. Recorded material should only be reviewed in the event of a suspected violation of law or crime, or in the case of an occupational accident.
7.2. The monitor for viewing and reviewing the images is placed so that they cannot be seen by anyone outside the scope of authority during the transfer of the images. Surveillance and monitoring of stored images shall be conducted solely for the purpose of detecting offenses and taking any action needed to put an end to them. It is not allowed record images from cameras other than the central recording unit.
7.3. It is to be noted that there is currently no other method or procedure by which the above stated objectives can be achieved, which would involve either no data processing or more limited processing.

8. Enforcement

8.1. You can assert your right to the protection of your personal data before a civil court, or you can contact the Office of the Commissioner for Fundamental Rights or the National Data Protection and Information Authority.
8.2. National Data Protection and Freedom of Information Authority (address: 1125 Budapest, Szilágyi Erzsébet fasor 22 / C, postal address: 1530 Budapest, Pf.: 5.) anyone may initiate an investigation by filing a complaint alleging that there has been or there is an imminent threat of infringement of law relating to the processing of personal data or the exercise of their rights to becoming aware of information of public interest or which are public due to public interest.
8.3. You can refer to the court concerned:
– the denial of information
– the rejection of the request for rectification, deletion or blocking
– the violation of your rights; and
– if you disagree with the decision on the request for objection, or if our company fails to comply with the deadline for examining the request for objection, within 30 days of the date of notification of the decision or the last day of the deadline.
8.4. The court in the place where the company as the defendant is seated (Budapest Metropolitan Court) has jurisdiction to hear the case. At the choice of the data subject, the lawsuit may be initiated before the court in the place where they are domiciled.

9. Incident management

9.1. Pursuant to the Regulation, “privacy incident” means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or unauthorized access to the personal data transferred, stored or otherwise processed.
9.2. As soon as our company becomes aware of a privacy incident, it shall report it to the competent supervisory authority without undue delay and, if possible, no later than 72 hours after becoming aware of the privacy incident.
9.3. If you have any complaints, objection about our company’s processing, please contact our company for consultation before initiating any of the above procedures.

LOXON SOLUTIONS Zrt.