CFI Hungary Zrt. PRIVACY STATEMENT
As part of a service contract, CFI Hungary Zrt. (hereafter CFI Hungary) collects and processes personal data for and on behalf of its clients, including names and addresses, gender, dates of birth and copies of IDs.
CFI Hungary strictly complies with the General Data Protection Regulation (GDPR).
CFI Hungary also processes personal data on leads, prospects, suppliers, relations and job applicants, as well as on its own employees, subject to the provisions below.
How do we process personal data?
CFI Hungary processes personal data in the manner set out in this statement, unless we are legally obliged to do otherwise. If this is the case, we will always inform the client involved.
All sub-processors, such as software suppliers or other third parties that process personal data on our behalf, must comply with GDPR regulations. Clients who agree a service contract with CFI Hungary agree to the use of these sub-processors.
Save, disclose, unsubscribe
Personal client data is kept for no longer than is necessary following termination of the assignment, unless such data must be stored for a longer period for post-contractual or legal reasons.
Personal data regarding CFI Hungary employees, trainees, hired or temporary employees, or freelancers is stored for no longer than legally necessary following the employment, internship, hiring, temporary employment or management contract, usually eight years.
Personal details regarding job applicants will not be stored after the vacancy has been filled.
In view of the legal retention period and other professional regulations, we are generally unable to comply with client requests for the destruction or return of personal data upon completion of our services. However, we aim to fully cooperate with any request made. Any costs are for the client’s account.
Clients who do not wish to receive any direct mail can unsubscribe or indicate that they no longer wish to receive any mail.
CFI Hungary will observe requests for the disclosure of personal data only if made by an authorised authority, and will inform the client accordingly.
All CFI Hungary employees are contractually obliged to observe confidentiality. This also applies to sub-processors.
Appropriate technical and organisational security measures are in place to prevent the abuse of or unauthorised access to personal data. Access to your data is restricted to specific employees only. In addition to system security measures, we ensure that employees with access to personal data are properly instructed on handling personal data and that they are familiar with their responsibilities and legal obligations.
How do we deal with data leaks?
A data leak is a breach of security that inadvertently or unlawfully leads to – or where it can not reasonably be excluded that it may lead to – the destruction, loss, modification or unauthorised disclosure of or unauthorised access to transmitted, stored or otherwise processed personal data.
CFI Hungary has created an email address (firstname.lastname@example.org) where clients, employees, sub-processors and third parties can report incidents. CFI Hungary responds to notifications promptly, no later than 72 hours, and will take every action necessary to prevent further damage. As required by law, all data leaks with possibly major implications are reported to the Hungarian National Authority for Data Protection and Freedom of Information and to the party whose personal data is involved. Incidents detected by CFI Hungary are also reported to the Hungarian National Authority for Data Protection and Freedom of Information.
General terms and conditions
Our general terms and conditions apply to all of our services. By accepting our services, clients agree that they are in the possession of, are familiar with, and agree to our general terms and conditions as well as this privacy statement.
How do we deal with liability?
Clients who transfer any of their employees’ personal details to us must inform these employees in accordance with applicable legislation. We cannot be held liable for any damage resulting from any non-compliance by our clients with regard to the GDPR or any other legislation. Clients shall also indemnify us against any third-party claims for any material or immaterial damage suffered by such third parties, and any costs incurred by us due to clients’ non-compliance.
Additions or changes to the privacy statement
CFI Hungary shall keep this privacy statement up-to-date at all times by adjusting it as and when necessary. We will inform our clients if we make any significant changes or additions to this statement following new or amended legislation. If we are no longer confident that we meet a certain standard of protection, we may terminate the service contract.
Upon request, parties shall cooperate with regulatory services in the performance of their duties.
Hungarian law is applicable to these provisions. The Hungarian court has jurisdiction to hear any disputes arising from or related to these provisions.
This privacy statement forms an integral part of our service contracts and is binding upon all parties. This privacy statement takes precedence over the provisions of our general terms and conditions, unless explicitly stated otherwise.
 The client is the person (or entity) with whom CFI Hungary has entered into an oral or written agreement for services.