DATA PRIVACY POLICY ON DATA PROCESSING RELATED TO THE USE OF THE ROBOT OPERATOR APPLICATION
Preamble
Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as “GDPR”), B+N Referencia Zrt (hereinafter referred to as “Data Processor”) provides to those involved the following information regarding the processing of personal data for the use of the robot operator application. The information also takes into account the guidance of Article 29 Data Protection Task Force on transparency under Regulation 2016/679.
The purpose of this Privacy Policy (hereinafter referred to as the “Privacy Policy”) is to provide those involved with information in an easily understandable form about the principles followed by Data Manager when processing their personal data, their rights and the main data processing rules in relation to the use of the application operated by Data Manager. These rules are set out in this Privacy Policy of the Data Manager, defining the main features of Data Manager’s data processing.
We handle the personal data of the natural Data Subjects in accordance with all applicable provisions on data processing, but in particular with the following legal provisions:
- Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter referred to as “Info Act”);
- regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter “Regulation” or “GDPR”).
Data subject or User: natural person employees who use the application, and are registered in it.
1. Introduction of Data Manager
Name of Data Manager: B+N Referencia Zrt.
Company seat: 3644 Tardona, Katus domb 1.
E-mail address: iroda@bnref.hu
Telephone: +36-30-670-8752
Contact details of the Data Protection Officer: adatvedelem@bnref.hu
2. Description of Data Management
By introducing the application, Data Manager wants to facilitate the use of the so-called cleaning and disinfection robots (hereinafter: robots); operators or technicians can easily and simply control the robots during their work: remote control, diagnostics, start or stop. By using the app, technician or operator workers, once registered, will have access to control the robots, enabling them to communicate with the robots remotely and intervene in their movements (for example, to move the robot out of position in the event of a collision, to detect and intervene if necessary if the robot runs out of water, or to react, detect and intervene if necessary if the robot’s battery is low); diagnose faults or remotely monitor the status of the robot. The application, accessible only to technicians and operators authorised by Data Manager, contributes to improving the situation of cleaning with robots, reducing the number and time of direct and on-site human intervention.
This Policy applies to data management based on the legitimate interests of Data Manager in connection with the use of the robot management application. Data subject may only register for the use of the application with his/her company e-mail address, and by providing it, he/she accepts responsibility for the fact that only he/she will use the service from the e-mail address provided. If the personal data is not accurate and the accurate personal data is available to Data Manager, Data Manager is entitled to correct the personal data. Data Manager reserves the right to unilaterally modify this Privacy Policy in the future. Data Manager will provide information about the changes on its website and in the application in a pop-up window upon login. By continuing to use the service, data subject acknowledges that he/she has taken note of the changed data processing rules and accepts them as binding on him/her.
2.1. Management of certain personal data generated by the use of the application, legal basis for data management
The purpose of Data Management: ensuring optimal operation of the application, robot control, fault diagnosis. Data Manager will use the personal data of data subject only for the following purposes.
Purpose of Data Management | Legal basis for data management | Scope of data managed | Duration of Data Management | Persons entitled to access the data |
Registration (creating a user account) | Article 6(1)(f) GDPR, Legitimate interest of Data Manager | the identity of the registrant: the company e-mail address of the registrant and the password sent to the company e-mail address and activated | during the use of the application, until the end of the registration/ Unless the data management (registration) is terminated, they are stored for 3 years, after which they are automatically deleted | Designated employees of the R&D Robotics department of Data Manager |
Use of the application | Article 6(1)(f) GDPR, Legitimate interest of Data Manager | log data related to functionality while using the application (e.g.: route data) | log data are kept for 3 years, after which they are automatically deleted | Company’s development staff |
Understanding the application’s functional information | Article 6(1)(f) GDPR, Legitimate interest of Data Manager | operator identification data | until the completion of the development process | Employees, operators involved in software development |
2.2 Data source
The source of the data managed in the context of the data managing purpose and data management activity set out in point 2.1 of this Policy is data subject.
2.3 Automated decision-making, profiling
No automated decision-making or profiling will take place during the processing.
3. Access to data, data processing and transfer of data
3.1. Access to data
Access to your personal data is only available to our employees who are authorised to do so by virtue of their job title. All of our employees who manage your data are only entitled to access the data to the extent that their processing is strictly necessary for the performance of their duties. All persons who have access to the data are obliged to treat the data confidentially, to this end, our employees and third parties who have access to the data (employees of data processors) are bound by a duty of confidentiality with regard to the personal data they have access to.
3.2. Data processing
No data processor is used.
3.3. Transfer of data
Your personal data will not be transferred to third parties.
4. Rights of Data subject
You retain the right to control your personal data even if Data Manager processes your personal data. As data subject, you have the right to access, rectify, erase or restrict the processing of your personal data, object to the processing of your data and, in certain cases, have the right to data portability.
4.1. Right to access
At the request of data subject, we will inform him or her whether or not his or her personal data are being processed. If so, we will inform him or her about the details of the processing (which personal data, for what purposes, on what legal basis, for how long); to whom we have given access to his or her data; his or her rights (access, rectification, erasure, restriction of processing, objection to processing); the right to lodge a complaint with the NAIH. Where the data have not been collected from data subject, any available information about their source. Finally, whether we use automated decision making, including profiling, and if so, the rationale behind it.
4.2. Right to rectification
You are the primary source of the data processed by Data Manager, so please notify us of any changes to this information. However, we will still endeavour to keep your personal data accurate and up to date, and if the data we hold is inaccurate or incomplete, we will correct it or add to it at the request of data subject or on the basis of a declaration.
As data manager, we will promptly inform those to whom we have disclosed the personal data of data subject following a request, provided that this is not impossible or involves a disproportionate effort on our part.
4.3. Right to erasure (the “right to be forgotten”)
At the request of data subject, we will delete personal data relating to data subject without undue delay if:
- the personal data are no longer necessary for the purposes for which they were processed;
- in case of consent-based processing, data subject withdraws his or her consent and there is no other legal basis for the processing;
- where the processing is based on a legitimate interest, public interest or for direct marketing purposes, data subject objects to the processing and there are no overriding legitimate grounds for the processing;
- the personal data were unlawfully processed;
they must be deleted in order to comply with a legal obligation applicable to Data Manager.
If Data Manager has disclosed the personal data and is required to delete them, we will take reasonable steps to inform data managers of the request for deletion of the links to or copies of the personal data.
As data manager, we will promptly inform those to whom we have disclosed the personal data of data subject following a request, provided that this is not impossible or involves a disproportionate effort on our part.
4.4. Withdrawal of consent
Where we process your personal data on the basis of your consent, you may withdraw your consent at any time without giving any reason. In case of withdrawal of consent, if there is no other legal basis for the state processing, we will delete the personal data of data subject. Withdrawal of consent shall not affect the lawfulness of data processing based on consent prior to its withdrawal.
4.5. Right to restriction (blocking) of data processing
At the request of data subject, Data Manager shall limit the data processing, and shall mark and process the data separately accordingly, if one of the following conditions is met:
- data subject contests the accuracy of the personal data. In this case, the restriction shall apply for the period during which Data Manager verifies the accuracy of the data.
- the processing is unlawful and data subject opposes the erasure of the data and requests instead the restriction of their use.
- Data Manager no longer needs the personal data for the purposes of the processing, but data subject requires them for the purposes of pursuing legal claims.
- data subject objects to the processing. The restriction shall then last until it is established whether the legitimate grounds of data manager prevail over the legitimate grounds of data subject.
Following a request for restriction, we will promptly inform those to whom we have disclosed data subject’s personal data, provided that this is not impossible or involves a disproportionate effort on our part.
Data subject will be informed in advance of the lifting of the restriction of processing at his or her request.
4.6. Right to object
As a data subject, you have the right to object at any time to the processing of your personal data based on the legitimate interests of Data Manager.
Unless we, as Data Manager, can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, we will no longer process your personal data, unless we are processing them for the establishment, exercise or defence of legal claims.
4.7. Enforcement of rights relating to personal data after the death of the data subject
Within five years of the death of data subject, the rights of the deceased during his or her lifetime may be exercised by a person authorised by data subject by means of a declaration duly made to Data Manager.
Even if the data subject has not made a declaration in accordance with the previous paragraph, his or her close relative within the meaning of the Civil Code shall still have the right to request the rectification of the personal data and to object to the processing of personal data based on his or her legitimate interest.
The person exercising the rights of the data subject shall provide appropriate documentary evidence of the fact and date of the death of the data subject and of his or her identity and, where applicable, of the identity of his or her next of kin.
The detailed rules of data processing, in particular the declaration to be made to data manager, the fact of death and the adequacy of the proof of the capacity of close relatives are detailed in Article 25 of the Info Act.
5.Remedies available to data subject
If you have any questions, comments or complaints about the processing of your personal data, please contact us using one of the contact details set out in section 1 of this Policy.
As a data subject, you can also complain directly to the Hungarian National Authority for Data Protection and Freedom of Information (contact details can be found at https://naih.hu/) if you believe that you have been harmed in relation to the processing of your personal data, and you can also take your rights to court.
6. Further provisions
6.1. Transfer of personal data to a third country or international organisation
As data manager, we do not transfer personal data of data subjects to third countries or international organisations.
6.1. Data security measures
Data Manager processes the data in a closed system in accordance with the requirements of the Information Security Policy.
Data Manager shall ensure default and built-in data protection. To this end, Data Manager shall take appropriate technical and organisational measures to:
- precisely regulate access to data
- allow access only to persons who need the data to perform the task for which it is collected, and then only to the minimum necessary for the performance of that task;
- carefully select the data processors it engages and ensure data security through an appropriate data management contract;
- ensure the integrity (data integrity), authenticity and protection of the data processed.
Data Manager applies reasonable physical, technical and organisational security measures to protect Data Subjects’ data, in particular against accidental, unauthorised or unlawful destruction, loss, alteration, disclosure, use, access or processing. Data Manager shall immediately notify Data Subject of any known unauthorised access to or use of personal data which is known to be of high risk to Data Subject.
Data Manager shall, where the transfer of Data Subject’s data is necessary, ensure that the data transferred are adequately protected, for example by encrypting the data file. Data Manager shall be fully responsible for the processing of Data Subject’s data carried out by third parties.
Data Manager shall also ensure that Data Subject’s data are protected against destruction or loss by adequate and regular backups.
6.2. Amendments to the Policy
As Data Manager, we reserve the right to change this Privacy Policy in the future. Any changes to this privacy policy will be posted on the https://bnref.hu/ Website and will be available in the robot management application.
This privacy policy will apply from 01 June 2022.