Privacy Policy

About datamanagement in THE ST22 Connect | Convoy Zero application

ST22connect Ltd (hereinafter referred to as the "Data Controller") pays particular attention to ensuring that its data processing activities comply with the provisions of Regulation (EU)2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the "General Data Protection Regulation"). Furthermore, the Data Controller ensures compliance with Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter: "Infotv."), other applicable laws, and the data protection practices established by the Hungarian National Authority for DataProtection and Freedom of Information (hereinafter: "NAIH").

1.     Nameof the controller

Name: ST22connect Ltd.
Registered office andmailing address: 7634 Pécs, Szentlőrinci út 15.
Company registration number: 02-09-088009
Tax number: 32431115-2-02
Representative: Gergely Tóth Managing Director
E-mail address: partners@convoyzero.com

2.      Scopeand source of personal data processed

The scope of the processed data includes all personal data provided by you or collected during your use of the application or the services of the Data Controller.

The source of the personal data is the information you provide or the activities conducted within the application.

If there are any changes or modifications to the personal data of the data subject duringthe data processing period, please notify us immediately using the contact details provided in Section 1.

3.     Purpose,legal basis and duration of processing

3.1. The Data Controller processes the personal data provided by the data subject for the purposes of contact — via e-mail, contact form, or telephone call — based on the explicit and voluntary consent of the data subject, as expressed by initiating the contact (Article6(1)(a) of the General Data Protection Regulation). Providing this data is voluntary; however, in the absence of such data or consent, we will be unable to respond to your contact request. The data will be processed until the contact is completed or consent is withdrawn.

3.2. The Data Controller processes the name, e-mail address, and telephone number of the data subject for the purposes of registration and communication based on the explicit and voluntary consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation)in the case of registration as a natural person. In the case of registration asa company, the data processed include the name, e-mail address, and telephone number of the contact person, based on the legitimate interest of the Data Controller(Article 6(1)(f) of the GDPR). Providing this data is voluntary; however, without the data or consent, we cannot provide access to certain features of the website. The data will be processed until consent is withdrawn or, in thecase of company contacts, until a new contact person is appointed or the registration is cancelled.

3.3. The Data Controller processes the name, e-mail address, driving licence, types of vehicles, typical routes, base country sought, and method of use of the application for the purpose of displaying marketing messages, based on the explicit and voluntary consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation).This processing will continue until consent is withdrawn.

3.4. The Data Controller, based on the explicit and voluntary consent of the data subject (Article 6(1)(a) of theGeneral Data Protection Regulation), may transfer the name, e-mail address, telephone number, CV, and video interview of the data subject for the purpose of providing job advertisements, depending on the advertiser's subscription.This processing will continue until the data is transferred or consent is withdrawn.

3.5. The Data Controller processes the data necessary for the conclusion and performance of the contract with the data subject (Article 6(1)(b) of the General Data Protection Regulation). Providing this data is a prerequisite for entering into the contract or is based on a contractual obligation; without this data, the contract cannot be concluded or performed. The data processed for these purposes includes your name, telephone number, e-mail address, driving licence, types of vehicles, work experience, languages spoken, working hours, type of transport, typical routes, country of origin, and video interview. The data will be retained for 5 years in accordance with the statute of limitations under civil law.

3.6. The Data Controller processes the name and address of the data subject to comply with a legal obligation to which the Data Controller is subject (pursuant to Article 6(1)(c) of the General DataProtection Regulation). This includes issuing legally compliant invoices and keeping accounting records. The legal obligation is fulfilled in accordance with Article 159(1) of Act CXXVII of 2007 on Value Added Tax and Article 169(2)of Act C of 2000 on Accounting, which require the issuance of invoices and the retention of these for 8 years. Additionally, under Article 169(1) and (2) of the Accounting Act, companies are required to retain accounting documents that directly or indirectly support the accounting records. Therefore, the retention period for these documents is 8 years from the date of issuance of the invoice.

3.7. The Data Controller processes the name, telephone number, email address, and the content of the complaint of theuser to comply with its legal obligations (pursuant to Article 6(1)(c) of theGeneral Data Protection Regulation). Although the submission of a complaint is voluntary, if you choose to submit it to the Data Controller, it will be subject to legal obligations under the Consumer Protection Act (Act CLV of1997). The provision of this data is required by law; without it, we are unable to fulfil your request. Warranty complaints are retained for 5 years in accordance with the Consumer Protection Act.

3.8. The Data Controller processes the date of consent, the IP address of the data subject, and the fact of consent to verify that consent has been obtained, in order to comply with a legal obligation (pursuant to Article 6(1)(c) of the General Data ProtectionRegulation). During registration, ordering, or subscribing to newsletters, theIT system stores the relevant IT data concerning consent to ensure subsequent verifiability. Due to legal requirements to demonstrate consent at a later date, the retention period is limited to the statutory period of limitation following the termination of the data processing.

3.9. In order to pursue its legitimate interests (pursuant to Article 6(1)(f) of the General Data Protection Regulation), the Data Controller processes data on the use of the application—such as the frequency of use, duration of use, and pages visited—to improve its services. The data processing will continue for a period of 5 years.

List of data processed:

Purpose of data processing: Contact
Legal basis for processing: General Data Protection Regulation Article  6(1)(a)
Scope of the data processed: Data provided when contacting us

Purpose of data processing: Registration  and contact
Legal basis for processing: General Data Protection Regulation Article  6(1)(a)
Scope of the data processed: name,  e-mail address, telephone number of the data subject

Purpose of data processing: Contacts,  communication
Legal basis for processing: Article  6(1)(a) of the General Data Protection Regulation, in the case of a company  contact point, point (f)
Scope of the data processed: name,  e-mail address, telephone number

Purpose of data processing: Marketing
Legal basis for processing: General  Data Protection Regulation Article 6(1)(a)
Scope of the data processed: Name,  email address, type of licence and vehicles, typical tracks, base country  searched, how to use the app

Purpose of data processing: Transmission  of data in order to ensure a job application
Legal basis for processing: General  Data Protection Regulation Article 6(1)(a)
Scope of the data processed: Name,  e-mail address phone number, CV, video interview

Purpose of data processing: Job  placement
Legal basis for processing: General Data Protection Regulation Article 6(1)(b)
Scope of the data processed: Name  telephone number, e-mail address, driving licence and type of vehicle, work  experience, languages spoken, working hours and type of transport, typical  routes, base country, video interview.

Purpose of data processing: Issuing  an invoice
Legal basis for processing: General  Data Protection Regulation Article 6(1)(b)
Scope of the data processed: Name, address

Purpose of data processing: Handling  other consumer complaints
Legal basis for processing: General  Data Protection Regulation Article 6(1)(c)
Scope of the data processed: Name, e-mail address, telephone number, content of complaint

Purpose of data processing: Developing  services
Legal basis for processing: General Data Protection Regulation Article 6(1)(f)
Scope of the data processed: Application usage data (frequency, duration, pages visited)

4. Data subjects, data processing, data transfers

Access to personal data is restricted to the employees of the Data Controller who require the data to perform their duties. These employees are bound by a duty of confidentiality regarding the personal data they access.

The Data Controller uses SHS Kft. as a data processor for accounting purposes. Details of the data processor:

  • Name: SHS Könyvelő és Adótanácsadó Korlátolt Felelősségű Társaság (SHS Accounting and Tax Advisory Limited Liability Company)
  • Registered Office: 7342 Mágocs, Szabadság utca     31, Hungary
  • Contact: +36-30-377-6755,     shs@shskft.hu

The Data Controller employs Zengo Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság as a data processor for the development and IT support of the application. Details of the data processor:

  • Name: Zengo Trade and Service     Limited Liability Company
  • Headquarters: 6721 Szeged, Szent István tér     10, Hungary
  • Contact: +36 (62) 202 039,     info@zengo.eu

The Data Controller uses Google LLC as a data processor for analytics and crash detection purposes. Details of the data processor:

  • Name: Google LLC
  • Headquarters: 1600 Amphitheatre Parkway,     Mountain View, CA 94043, USA
  • Contact: privacy@google.com, +1     650-253-0000 (USA Headquarters)

Please be aware that when using data processing services, your personal data may be transferred to data processors located in countries classified by the European Union as third countries under the GDPR. Please note that authorities in these countries may have extensive access rights to your data, which could pose risks. To ensure an adequate level of protection of personal data, Google LLC appliesStandard Contractual Clauses (SCCs) to data transfers to third countries, along with other technical and organizational measures to safeguard data protection.

The Data Controlleruses Amazon Web Services, Inc. as a data processor for the purposes of datastorage and providing web services (backend system server). Details of the data processor:

  • Name:     Amazon Web Services, Inc.
  • Address:     410 Terry Avenue North, Seattle, WA 98109-5210, USA
  • Contact:     privacy@amazon.com, +1 206-266-4064 (USA Headquarters)

Please be aware that when using data processing services, your personal data may be transferred to data processors located in countries that are classified by the European Union as third countries under the GDPR. Please note that authorities in these countries may have extensive rights to access your data, which could pose risks. To ensure an adequate level of protection of personal data, Amazon Web Services,Inc. applies Standard Contractual Clauses (SCCs) for data transfers to third countries, as well as other technical and organizational measures to safeguard data protection.

In the case of online payments, data is transferred to the payment service provider, Worldline Saferpay, as a separate data controller, based on the data subject's consent, which is given by selecting the payment method. Details of the data controller:

  • Name:     Worldline SA/NV
  • Head Office: River Ouest, 80 Quai Voltaire, 95870 Bezons, France
  • Contact:     dataprotection@worldline.com, +41 58 399 5757 (Switzerland Headquarters)

The Data Controller uses the Számlázz.hu service as a data processor for the purpose of issuing and storing electronic invoices. Details of the data processor:

  • Name:     KBOSS.hu Kft.
  • Registered Office: 1031 Budapest, Záhony utca 7, Hungary
  • Contact:     info@szamlazz.hu, +36 1 499 99 99

The Data Controller uses Vimeo.com, Inc. as a data processor for the purpose of storing video interviews and providing access to them in case of application. Details of the data processor:

  • Name:     Vimeo.com, Inc.
  • Address:     555 West 18th Street, New York, NY 10011, USA
  • Contact:     legal@vimeo.com or privacy@vimeo.com, +1 212-314-7457 (US Headquarters)

Please note that when using data processing services, your personal data may be transferred to data processors located in countries classified as third countries by the EuropeanUnion under the GDPR. Be aware that authorities in these countries may have extensive rights to access your data, which could pose risks. To ensure an adequate level of protection of personal data, Vimeo complies with the requirements of the EU-US Data Privacy Framework (DPF) and employs other technical and organizational measures to ensure adequate data protection.

5. Automated decision-making

The purpose of automated decision-making is to conclude and perform the contract between the Data Controller and the data subject, the result of which is reviewed by the Data Controller's staff for each order. The data subject has the right to obtain human intervention from the Data Controller concerning automated decision-making, even without a specific request. Additionally, the data subject has the right to express their point of view and to contest the decision.

The Data Controller uses automated decision-making in the following cases:

Coupon Codes
Applied Logic: At certain intervals, customers can redeem a coupon code.These discount codes may be distributed via newsletters, the mobile application, or email. The amount and validity period of the coupons may vary, but customers will be informed accordingly.

6. Datasecurity

The Data Controller shall ensure the adequate security of the personal data of the data subject, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage, by implementing appropriate technical and organizational measures.

The Data Controller will make every effort to ensure that itsdata processors also implement appropriate data security measures when processing your personal data, to the extent permitted by organizational and technical capabilities.

7. Rights of data subjects and their exercise

7.1. The data subject has the right to access the information provided in Article 15 of the GeneralData Protection Regulation (right of access) regarding the processing of their personal data, including, in particular, the right to be informed by the University about:

  • which personal data is being processed,
  • for what purpose and on what legal basis,
  • the source from which it is collected,
  • the intended duration of storage or the criteria for determining the duration,
  • to whom, when, and to which personal data the University has given access or transferred, and
  • what rights, complaints, and remedies the data subject has concerning the processing.

7.2. The data subject has the right to have inaccurate (incorrect or incomplete) personal data concerning them rectified or corrected, in accordance with Article 16 of theGeneral Data Protection Regulation (right to rectification).

7.3. The data subject has the right to have their personal data erased (right to erasure) underArticle 17 of the General Data Protection Regulation if:

  • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • the data subject withdraws their consent where the processing is based on consent, and there is no other legal basis for the processing;
  • the data subject has effectively objected to the processing under point 7.7;
  • the personal data have been unlawfully processed;
  • the personal data must be deleted to comply with a legal obligation.

Personal data will not be erased if processing is necessary:

  • for compliance with a legal obligation, or the performance of a public task or exercise of public authority;
  • for the establishment, exercise, or defence of legal claims;
  • to exercise the right to freedom of expression and information;
  • for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, where the right of erasure is likely to render such processing impossible or seriously jeopardize it.

7.4. The data subject has the right to obtain restriction of the processing of their personal data as provided for in Article 18 of the General Data Protection Regulation (right to restriction) if:

  • the data subject contests the accuracy of the personal data; in such a case, the restriction applies for a period that allows the University to verify the     accuracy of the personal data;
  • the data subject has objected to the processing under section 7.7; in this case,     the restriction applies until it is established whether the University     upholds the objection;
  • the processing is unlawful, and the data subject opposes the erasure of the     data and instead requests the restriction of their use; or
  • the University no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment,     exercise, or defence of legal claims.

Personal data subject to restriction may only be processed, except for storage, with the consent of the data subject, or for the establishment, exercise, or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.

7.5. Where processing is based on consent, the data subject has the right to withdraw their consent at any time without providing a reason, in accordance with Article 7(3) of theGeneral Data Protection Regulation (right to withdraw consent). Withdrawal must be made in writing or in the form in which consent was given. The withdrawal does not affect the lawfulness of the processing that occurred before the withdrawal.

7.6. In the case of automated (electronic) processing based on consent or for the performance of a contract, the data subject has the right to receive their personal data in a commonly used electronic format or to request the University to transfer the data to another controller, as provided in Article 20 of the General DataProtection Regulation (right to data portability).

7.7. Where processing is based on legitimate interests, the data subject has the right to object to the processing on grounds relating to their particular situation (right to object).Under Article 21 of the General Data Protection Regulation, the University may no longer process personal data unless it can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defence of legal claims.

7.8. The data subject may exercise their rights free of charge by contacting the Data ProtectionOfficer or the contact person indicated in section 1. In most cases, exercising the data subject's rights may require the identification of the data subject, and in some cases (e.g., exercising the right to rectification), the verification of additional data. The University will decide on the request to exercise the right of access within one month at the latest. If necessary, considering the complexity of the request and the number of requests, this time limit maybe extended by a further two months, with the extension being notified to thedata subject within one month.

8. Amendmentsto the Privacy Notice

The Data Controller reserves the right to amend this Privacy Notice, provided that such amendments do not affect the purpose or legal basis of the processing. By using the application or placing an order after the amendment has taken effect, you accept the amended Privacy Notice.

9. Complaintsand redress

You may lodge a complaint regarding the processing of yourpersonal data using the contact details provided in section 1. If you prefer tosubmit your complaint by post, please send it to the address indicated in section1.

If you believe that you have suffered, or are at imminent risk of suffering, harm in connection with the processing of your personal data, you may contact the National Authority for Data Protection and Freedom ofInformation (postal address: 1363 Budapest, Pf. 9, phone: +36 (1) 391-1400, email: ugyfelszolgalat@naih.hu, website: https://naih.hu).

You also have the right to seek judicial remedy for any violation of your data protection rights, which you may initiate at the court that has jurisdiction over your place of residence or habitual stay.

Privacy Policy
|
Terms and Conditions
|
Impressum
|
Convoy Zero Admin