Privacy Policy - Supernova Intertrans

Skip to content

Road freight transport
European Presence
Warehouse logistics
Customs services
Quality assurance

Home
About us
Career
Fleet
Sustainability strategy
NovaNews
Price quote
Contact

DATA PROCESSING INFORMATION FOR PARTNERS

DATA PROCESSING INFORMATION FOR USERS

DATA PROCESSING INFORMATION FOR PARTNERS

DATA PROCESSING INFORMATION

– for natural persons who are partners of natural persons who are contact persons –

Effective December 14, 2023

SUPERNOVA INTERTRANS Limited Liability Company (Registered office: 3996 Füzér, Árpádút 2.; Postal address: 3996 Füzér, Árpád út 2.; E-mail:
info@supernova.bilk.hu; website: https://supernova.bilk.hu/), (hereinafter: Data Controller), as Data Controller, pursuant to Act CXII of 2011 on the right to self-determination and freedom of information (hereinafter: Infotv.) and Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter: GDPR ), informs the data subject (hereinafter: Data Subject) that the provision of the Data Subject's data sent to the Data Controller by the Data Subject or the Data Controller's non-natural person contractual partner (hereinafter: Partner) or provided by the Data Subject as the Partner's contact person at the request of the Data Controller is based on the legitimate interests of the Partner and the Data Controller as follows.

Data Protection Contact

Name: Balázs Veres

Email: adatvedelem@supernova.bilk.hu

Postal address: 3996 Füzér, Árpád út 2.

PROCESSED DATA

The Data Controller processes the personal data of the Data Subject specified below as the contact person of the contractual Partner who is not a natural person, in accordance with Article 6(1)(f) of the GDPR – Article 6(1)(f) of the GDPR, the Data Controller processes the personal data of the Data Subject providedas the contact person of a contractual Partner who is not a natural person in order to contact the Data Subject or Partner, conclude a contract with the Partner – if applicable, in accordance with a separate agreement – and maintain contact:

– name,

– position,

– name of workplace,
– workplace address,
– work email address,
– work phone number,
– in the case of business card exchange, other data provided on the business card, which the Data Controller does not generally know in advance.

PURPOSE AND LEGAL BASIS OF DATA PROCESSING

The Data Controller processes and uses the Data Subject's data for the purpose of maintaining contact with the Partner through the Data Subject for the following purposes:

Establishing a contract with a partner,
registration of the contract concluded,
performance of the contract,
enforcement of rights and obligations arising from the contract,
fulfillment of legal obligations arising from the creation of a contract.

The Data Controller shall send the necessary information addressed to the Partnerfor the abovepurposes to the Data Subject's email address and, where applicable, shall contact the Partner via the Data Subject using the telephone number provided.

The Data Controller draws the Partner's attention to the fact that in all cases it is the Partner's obligation and responsibility as an employer to inform the contact person designated by it, i.e. the Data Subject, about the processing of their personal data for the purposes and under the conditions specified in this information notice.

When first contacting the Data Subject, the Data Controller shall inform the Data Subject about the processing of the Data Subject's data in accordance with this notice, unless the Data Subject already has this information.

The legal basis for the processing of the Data Subject's data by the Data Controller is Article 6(1)(f) of the GDPR: the legitimate interest of the Data Controller in relation to the purposes set out in point 1 of this notice.

In order to comply with the referenced provision, we performed a balancing test, as a result of which we concluded the following:

The Data Controller has a legitimate interest, in its opinion, in processing the data of the Data Subjects for the purposes set out in point 1 of this notice;
The purpose of data processing may only be the purpose specified in point 1 of this notice;
In the opinion of the Data Controller, the processing of the Data Subject's data is absolutely necessary to achieve the purposes of data processing:

without data processing, it would be significantly more difficult and time-consuming to prepare and conclude a contract with the Partner, which would be detrimental to the interests of both the Partner and the Data Controller (the Data Controller and the Partner have a legitimate interest in concluding the contract);
Maintaining contact with the Partner for the purpose of performing the contract would be significantly more difficult and time-consuming, which would be detrimental to the interests of both the Partner and the Data Controller (the Data Controller and the Partner have a legitimate interest in performing the contract).
in the event of a breach or non-performance of the contract concluded with the Partner, communication with the Partner becomes significantly more difficult and slower, which in certain cases may result in financial losses for both theData Controller and the Partner (it is in the legitimate interest of the Data Controller and the Partner to find a solution to the problem through effective and rapid communication in the event of a breach of contract).

The Partner wishes to establish a contractual relationship or already has a contractual relationship with the Data Controller, and their relationship is relevant and appropriate, which is why, in the opinion of the Data Controller, the Data Subject can expect the data provided by the Partner to be processed for the purposes described in Section 1 of this notice;
The Data Controller shall only become aware of those Data Subject data in this context which are considered essential and relevant in connection with the purposes set out in Section 1 of this notice and which are indispensable for the fulfillment of the purposes set out in Section 1 of this notice.
The Data Controller shall process the Data Subject's data for the shortest period necessary to achieve the purposes, and then delete them: 5 years from the end of the year following the termination of the contract concluded with the Partner or the termination of the Data Subject's status as a contact person (unless a longer period is specified by law; for example, in the case of invoicing, if the name of the contact person is included in the contract behind the invoice, then 8 years pursuant to Section 169 of Act C of 2000 on Accounting (hereinafter : Accounting Act) Section 169 of Act V of 2013 on the Civil Code (hereinafter: Civil Code), the data processing period shall be extended by the limitation period from the date of its resumption;
In the opinion of the Data Controller, there are no reasons that would disadvantage the Data Subject in terms of data processing as described in this notice or violate their right to privacy.
The Data Controller's legitimate interest as defined in this section and data processing based on legitimate interest proportionally restrict the Data Subject's right to the protection of their personal data and private life. The Data Controller has examined all the means and possibilities available to it in terms of legitimate interest and data processing in order to achieve the desired objectives specified in this notice , and has concluded that the processing of the data listed in point 1 of this notice in the manner specified in this notice can be considered the solution that restricts privacy as little as possible and thus meets the requirements of necessity and proportionality.
Based on the above, the Data Controller considers that the data processing referred to in this section complies with the legal and regulatory requirements for data processing based on legitimate interests.

In addition to the legitimate interest of the data controller, we also performed an interest protection test from the perspective of the legitimate interest of the Partner as a third party:

The Partner has a legitimate interest, in the opinion of the Data Controller, in the processing of the Data Subjects' data by the Data Controller for the purposes set out in point 1 of this notice;
The purpose of data processing may only be the purposes specified in point 1 of this notice;
In the opinion of the Data Controller, the processing of the Data Subject's data is absolutely necessary for the Partner to achieve the purposes of data processing:

without data processing, it would be significantly more difficult and time-consuming to prepare and conclude a contract with the Partner, which would be detrimental to the interests of both the Partner and the Data Controller (the Data Controller and the Partner have a legitimate interest in concluding the contract);
Maintaining contact with the Partner for the purpose of performing the contract would be significantly more difficult and time-consuming, which would be detrimental to the interests of both the Partner and the Data Controller (the Data Controller and the Partner have a legitimate interest in performing the contract).
in the event of a breach or non-performance of the contract concluded with the Partner, communication with the Partner becomes significantly more difficult and slower, which in certain cases may result in financial losses for both theData Controller and the Partner (it is in the legitimate interest of the Data Controller and the Partner to find a solution to the problem through effective and rapid communication in the event of a breach of contract);

The Partner wishes to establish a contractual relationship or already has a contractual relationship with the Data Controller, and their relationship is relevant and appropriate, which is why, in the opinion of the Data Controller, the Data Subject can expect the data provided by the Partner to be processed for the purposes described in Section 1 of this notice;
The Partner shall only transfer to the Data Controller those Data Subject data which are considered essential and relevant in connection with the purposes set out in Section 1 of this Notice and which are indispensable for the fulfillment of the purposes set out in Section 1 of this Notice.
The Data Controller shall process the Data Subject's data for the shortest period necessary to achieve the purposes, and then delete them (upon termination of the contract concluded with the Partner or upon termination of the Data Subject's status as a contact person, 5 years from the end of the year concerned (unless a longer period is specified by law; for example, in the case of invoicing, if the name of the contact person is included in the contract behind the invoice, then 8 years pursuant to Section 169 of the Accounting Act Section 169 of the Accounting Act), provided that if the limitation period in relation to the contract is interrupted pursuant to Section 6:25 of the Civil Code, the data processing period shall be extended by the limitation period from the date of its resumption;
In the opinion of the Data Controller, there are no reasons that would disadvantage the Data Subject in terms of data processing as described in this notice or violate their right to privacy.
The Data Subject's right to the protection of their personal data and private life is proportionately restricted by the Partner's legitimate interest as defined in this section and by data processing based on legitimate interest. The Data Controller has examined all the means and possibilities available to it in terms of legitimate interest and data processing in order to achieve the desired objectives set out in this information notice , and has concluded that the processing of the data listed in point 1 of this notice in the manner specified in this notice can be considered the solution that restricts privacy as little as possible and thus meets the requirements of necessity and proportionality.
Based on the above, the Data Controller considers that the data processing referred to in this section complies with the legal and regulatory requirements for data processing based on legitimate interests.

In order to ensure the Data Subject's right to the protection of their personal data, the Data Controller shall use the Data Subject's personal data exclusively for the purposes set out in Section 1 of this notice, provide them with appropriate information about the circumstances of data processing in all cases, and ensure that they enjoy the rights set out in Article 6 of this notice, as defined by the GDPR.

The Data Controller shall not process the personal data of the Data Subject for purposes other than those specified.

PERSONS AUTHORIZED TO ACCESS DATA AT THE DATA CONTROLLER, DURATION OF DATA PROCESSING

The personal data of the Data Subject shall only be known to the Data Controller's managing director and the person responsible for maintaining contact.

The duration of data processing is 5 years from the end of the year following the termination of the contract between the Partner and the Data Controller or the termination of the Data Subject's status as a contact person (unless a longer period is specified by law; for example, in the case of invoicing, if the name of the contact person is included in the contract behind the invoice, then 8 years pursuant to Section 169 of the Accounting Act Section 169 of the Accounting Act), provided that if the limitation period in relation to the contract is interrupted pursuant to Section 6:25 of the Civil Code, the data processing period shall be extended by the limitation period from the date of its resumption. The Data Subject may initiate and arrange for the exercise of their right of access to their personal data, the erasure, modification, or rectification of their personal data, the restriction of data processing, or their objection to data processing by notifying the Data Controller or the data protection contact person by post or email. In the event of changes in the law, or if the conditions for doing so are met, the Data Controller shall delete the personal data of the Data Subject that are no longer necessary for the purposes of data processing.

It is the Partner's obligation and responsibility to inform the Data Controller of any changes in the identity of the Data Subject or in the personal data provided for contact purposes, and to send the Data Controller the statement specified in Annex 1, completed with current, valid personal data.

CONSEQUENCES OF FAILURE TO PROCESS DATA OR DELETION OF DATA

The Data Subject and the Partner acknowledge that if the Data Subject or the Partner fails to provide the Data Subject data requested by the Data Controller, or if the Data Subject lawfully requests their deletion, the Data Controller will no longer be able to fulfill the data processing purposes specified in this notice.

ACCESS, DATA TRANSFER, DATA PROCESSORS

Data will not be transferred to another data controller.

Data processors:

A data processor is a natural or legal person, public authority, agency, or any other body that processes personal data on behalf of the data controller.

The Data Controller shall only use data processors who provide adequate guarantees for compliance with the legal requirements for data processing and for the implementation of appropriate technical and organizational measures to ensure the protection of the rights of Data Subjects.

With regard to certain data processing operations specified in this notice, the Data Controller uses data processors for data processing purposes. The data processors used by the Data Controller to access personal data are authorized in accordance with applicable law.

The Data Controller reserves the right to involve additional data processors in data processing in the future, about which it will inform the Data Subjects by amending this notice.

Server provider and IT (system administration tasks):

Core Systems IT Ltd.

Address: 1117 Budapest, Nádorliget u. 7/A, ground floor, 8.

Email address: info@coresystems.hu

data: you can access all unencrypted data stored electronically on the servers;

purpose: maintenance and troubleshooting of servers and IT equipment;

access time: cannot be determined in advance during IT activities, corresponds to the time required to perform the IT work; in relation to server services, the total time of use of the server service, which is indefinite;

Email communication:

If the Data Controller maintains contact with the Data Subject via email, data related to electronic correspondence will be stored on the following data processor's server:

Microsoft Corporation – Microsoft 365

Privacy policy: https://privacy.microsoft.com/hu-hu/privacystatement

Contact details:

Microsoft Privacy, Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA. Phone: +1 (425) 882 8080.

Microsoft Ireland Operations Limited, Attn: Data Protection Officer, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Telephone number: +353 1 706 3117.

online form: http://go.microsoft.com/?linkid=9846224

data: all electronic correspondence (name, e-mail address, salutation, e-mail content, attachments)

purpose: providing storage services (cloud services), data storage, and a software environment for email

Access period: after cancellation of the subscription, data associated with the Office 365 account will only be available to system administrators for a limited period of 30 to 90 (thirty to ninety) days.

Paper-based communication

Hungarian Post

website: www.posta.hu

by mail: Customer Service Directorate, 3512 Miskolc,

by fax: at 06-46-320-136,

by email: atugyfelszolgalat@posta.hu,

by telephone: by calling 06-1-767-8282 and providing your name and address,

in person: at Magyar Posta Zrt., 114-116 Üllői út, District X

Data Protection Officer: adatvedelem@posta.hu

data: name of recipient and name and address of workplace;

purpose: for the purpose of maintaining contact when the Data Controller sends a contract to the Data Subject;

Access period: Personal data will be processed until the end of the calendar year following the date of receipt of the item, i.e. the date of posting, unless the Act CLIX of 2012 on Postal Services (hereinafter: Postatv.) stipulates a different deadline, or the person using the service or the addressee of the postal item requests otherwise. on postal services (hereinafter: Postatv.) stipulates a different deadline, or the person using the service or the addressee of the postal item stipulates otherwise. If, for example, the data subject posted a letter with return receipt on October 8, 2017, Magyar Posta Zrt. will generally process the data relating to the posting and delivery of the letter until December 31, 2018. However, both the sender and the addressee may request that the data relating to them be processed for longer than this. If the processing of data is necessary for the submission, enforcement, or defense of any legal claims related to the service (e.g., court proceedings), Magyar Posta Zrt. will process the data for as long as necessary for the submission, enforcement, or defense of such legal claims.

For further information on data processing by Magyar Posta, please visit https://www.posta.hu/adatkezelesi_tajekoztato-t.

Redda-Motor Ltd.

Postal address: 1097 Budapest, Gubacsi út 30.

Email address: redda@redda.hu

website: www.redda.hu

data: name of recipient and name and address of workplace;

purpose: for the purpose of maintaining contact when the Data Controller sends a letter or paper-based correspondence to the Data Subject;

access time: no data stored

The Data Controller shall not transfer the Data Subject's data to a third country or international organization.

The Data Controller shall not transfer the Data Subject's data to other data controllers or recipients.

YOUR RIGHTS

Requests regarding data subject rights should be sent to adatvedelem@supernova.bilk.hu or by post at SUPERNOVA INTERTRANS Kft. 3996 Füzér, Árpád út 2. We will respond to and fulfill requests received without undue delay, but no later than within one month.

If we need more time to examine the legitimacy of the request or to fulfill it, we may extend the deadline by an additional two months.

We will inform you about the extension of the deadline within one month of receiving your request.

When submitting a request related to data processing, the Data Subject must identify themselves.

Except for data processing where the purposes of data processing no longer require the identification of the Data Subject by the Data Controller, if the Data Controller has reasonable doubts about the identity of the Data Subject, it may request the Data Subject to provide information necessary to confirm the Data Subject's identity.

Access to personal data

Example: You would like to know whether we process data relating to you and, if so, what data we process.

In addition to information about our data processing, you may request a copy of the data we hold about you.

At the request of the Data Subject, the Data Controller shall provide information on whether the Data Controller processes personal data relating to the Data Subject and, if so, shall grant access to the personal data and provide the following information:

the purpose(s) of data processing;
the types of personal data involved in the data processing;
in the case of transfer of the Data Subject's personal data, the legal basis for the transfer and the recipient(s) of the data;
the planned duration of data processing;
the rights of the Data Subject in relation to the rectification, erasure, and restriction of processing of personal data, as well as the right to object to the processing of personal data;
the National Authority for Data Protection and Freedom of Information (hereinafter: NAIH; see point 10 of this notice), or the possibility of recourse to the courts in accordance with Section 23 of the Infotv.
source of data;
the names and addresses of data processors and their activities related to data processing.

The Data Controller shall provide the information in an easily understandable form, without undue delay, but no later than one month after the submission of the request, at the request of the Data Subject. The Data Subject may submit their request for access to the Data Controller via the above e-mail or postal address.

Correction of processed data

Example: In the event of data changes or incorrect/inaccurate data processing, request that the processed data be corrected.

The data subject may request the Data Controller to correct inaccurate personal data or to complete incomplete data, taking into account the purpose of the data processing. The Data Controller shall carry out the correction without undue delay.

Deletion of processed data (right to be forgotten)

Example: With regard to data processing as described in this notice, you may request that we delete your data if it is no longer necessary for the purpose for which it was collected, or if you object to the data processing and there is no overriding legitimate reason for the data processing, or if we process it unlawfully.

SUPERNOVA INTERTRANS Kft. always processes your data in a targeted manner, until the purpose exists and only for as long as it exists.

The right to be forgotten is the right to have publicly disclosed data deleted.

The Data Subject may request that the Data Controller erase personal data concerning him or her without undue delay, and the Data Controller shall erase personal data concerning the Data Subject without undue delay if one of the following grounds applies:

the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
The data subject objects to the processing of his or her personal data;
the personal data was processed unlawfully;
personal data must be deleted in order to comply with a legal obligation under EU or Member State law applicable to the Data Controller.

If the Data Controller has disclosed (made available to a third party) the personal data and is obliged to delete it on the basis of the above, it shall take reasonable steps, taking into account the available technology and the costs of implementation, to inform the data controllers processing the personal data of the Data Subject that the Data Subject has requested them to delete links to the personal data in question or copies or duplicates of such personal data.

Restriction of data processing

Example: You request us to correct your data. While we are reviewing the data, we will comply with the correction request, and you may also request that the processing of your data be restricted. This means that, without your consent, we cannot do anything with the restricted data other than store it.

The Data Subject shall have the right to request that the Data Controller restrict the processing of personal data instead of rectifying or erasing it, if any of the following conditions are met:

The data subject disputes the accuracy of the personal data, in which case the restriction applies for a period enabling the controller to verify the accuracy of the personal data;
the processing is unlawful and the Data Subject opposes the erasure of the data and requests the restriction of their use instead;
the Data Controller no longer needs the personal data for data processing purposes, but the Data Subject requires them for the submission, enforcement, or defense of legal claims; or
the Data Subject has objected to the processing; in this case, the restriction applies for the period until it is determined whether the legitimate grounds of the Data Controller take precedence over the legitimate grounds of the Data Subject.

If data processing is restricted, such personal data may only be processed, with the exception of storage, with the consent of the data subject or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or of a Member State.

The Data Controller shall inform the Data Subject, at whose request the data processing has been restricted, in advance of the lifting of the restriction on data processing.

Notification obligation regarding the rectification or erasure of personal data or the restriction of data processing

We will inform all recipients to whom we have disclosed personal data about the rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort. At the request of the Data Subject, we will inform the Data Subject about these recipients.

Right to protest

Example: You may object to data processing if we process it based on our legitimate interest. In the event of a legitimate objection, we will no longer process your data.

If our interest in processing your data is a so-called compelling legitimate interest, we will not be able to comply with your request, which we will inform you of in detail.

The Data Subject may object to the processing of his or her personal data if the data processing

necessary for the purposes of the legitimate interests pursued by the Data Controller or a third party.

In the event of an objection by the Data Subject, the Data Controller may no longer process the personal data, unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the Data Subject or for the establishment, exercise, or defense of legal claims.

Right to appeal to court

Example: You feel that your personal data is being processed in violation of the provisions of the law or a binding legal act of the European Union governing the processing of personal data.

Before going to court, please contact us with confidence so that we can resolve the issue effectively and quickly.

In accordance with Section 23 of the Information Act, the Data Subject may, in connection with data processing operations falling within the scope of the data processor's activities – may turn to the court if, in his or her opinion, the Data Controller or the data processor commissioned by him or her or acting on his or her instructions processes his or her personal data in violation of the provisions of the law or the binding legal acts of the European Union on the processing of personal data.

The Data Subject may also bring the action before the court having jurisdiction over his or her place of residence or place of stay, at his or her discretion.

A person who otherwise has no legal capacity to sue may also be a party to the lawsuit. The NAIH may intervene in the lawsuit in order to secure a favorable outcome for the Data Subject.

Exercising rights related to personal data after the death of the Data Subject

Example: You have the right to have someone else exercise your rights regarding data processing on your behalf for 5 years after your death. The relevant administrative provision must be signed before a notary public, lawyer, or at home with two witnesses, or a statement to this effect must be made to the Data Controller.

If you do not exercise this option, your close relative as defined in the Civil Code will be entitled to do so. Among your close relatives, the first person to exercise their rights will be the one who can proceed.

Within five years of the death of the Data Subject, the rights specified in Section 14(b)-(e) of the Infotv. and, in the case of data processing operations falling within the scope of the GDPR, in Articles 15-18 and 21 of the GDPR, may be exercised by a person authorized by the Data Subject by means of an administrative provision or a statement made to the Data Controller in a public document or a private document with full probative force; if the Data Subject has made more than one statement to a data controller, the statement made at the later date shall prevail.

If the Data Subject has not made an appropriate legal declaration, his or her close relative as defined in the Civil Code shall be entitled, even in the absence thereof, to the rights specified in Section 14(c) of the Information Act. c) of the Infotv., in the case of data processing operations falling within the scope of the GDPR, Articles 16 and 21 of the GDPR, and – if the data processing was already unlawful during the Data Subject's lifetime or the purpose of the data processing ceased to exist upon the Data Subject's death – Sections 14 d) and e) of the Infotv., and in the case of data processing operations falling within the scope of the GDPR, Articles 17 and 18 of the GDPR, to exercise the rights to which the deceased was entitled during his or her lifetime within five years of the death of the Data Subject. The close relative who exercises this right first is entitled to enforce the rights of the Data Subject under this paragraph.

The person enforcing the rights of the Data Subject shall be entitled to the rights and subject to the obligations established for the Data Subject by the Infotv. during the enforcement of these rights, in particular in proceedings against the Data Controller, the NAIH, or in court.

The person exercising the rights of the Data Subject shall prove the fact and time of the Data Subject's death by means of a death certificate or court decision, and shall prove his or her own identity – and, where applicable, his or her status as a close relative – by means of a public document.

Upon request, the Data Controller shall inform the Data Subject's close relative as defined in the Civil Code of the measures taken on the basis of the request, unless the Data Subject has prohibited this in his or her statement.

Measures taken by the Data Controller based on the Data Subject's request

The Data Controller shall inform the Data Subject of the measures taken in response to the request for the exercise of data subject rights without undue delay, but no later than one month after receipt of the request. If necessary, taking into account the complexity of the request and the number of requests, this deadline may be extended by a further two months. The Data Controller shall inform the Data Subject of the extension of the deadline within one month of receipt of the request, indicating the reasons for the delay. If the Data Subject submitted the request electronically, the information shall be provided electronically, unless the Data Subject requests otherwise.

If the Data Controller does not take action on the Data Subject's request, it shall inform the Data Subject without delay, but no later than one month after receiving the request, of the reasons for not taking action and that the Data Subject may lodge a complaint with a supervisory authority and exercise their right to judicial remedy.

Upon request by the Data Subject, the information, notification and measures taken on the basis of the request shall be provided free of charge. If the Data Subject's request is clearly unfounded or excessive, in particular due to its repetitive nature, the Data Controller may, taking into account the administrative costs of providing the requested information or communication or taking the requested action, charge a reasonable fee or refuse to act on the request. The burden of proving that the request is manifestly unfounded or excessive shall lie with the Data Controller.

PROFILE CREATION AND AUTOMATED DECISION-MAKING

The Data Controller does not use automated decision-making or profiling in the processing of personal data.

DATA SECURITY

The Data Controller undertakes to ensure the security of the data, to take the technical and organizational measures and to establish the procedural rules necessary to ensure that the data recorded, stored, or processed are protected and to prevent their destruction, unauthorized use, and unauthorized alteration.

The Data Controller shall ensure that unauthorized persons cannot access, disclose, transfer, modify, or delete the processed data. The processed data may only be accessed by the Data Controller, its employees specified in this notice, and data processors engaged by the Data Controller. The Data Controller shall not disclose the data to third parties who are not authorized to access it.

The Data Controller shall do everything in its power to ensure that the data is not accidentally damaged or destroyed. The Data Controller shall impose the above obligation on its employees involved in data processing activities.

DATA PROTECTION INCIDENT

A data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

The data controller shall, without undue delay, but no later than 72 hours after becoming aware of the data breach, unless the Data Controller can demonstrate that the data breach is unlikely to result in a risk to the rights and freedoms of natural persons. If the notification cannot be made within 72 hours, the reason for the delay must be indicated, and the required information may be provided in installments without further undue delay. The notification to the NAIH shall contain at least the following information:

the nature of the data breach, the approximate number and category of data subjects and personal data involved;
Name and contact details of the data controller, name and contact details of the contact person;
the likely consequences of the data breach;
the measures taken or planned to manage, prevent, and remedy the data breach, including, where appropriate, measures to mitigate any adverse consequences resulting from the data breach.

If the data breach is likely to result in a high risk, the Data Controller shall, without undue delay but within 72 hours of becoming aware of the data breach, inform the Data Subjects of the data breach via the Data Controller's website. The information shall include at least the data specified in this section and shall describe the nature of the incident in a clear and understandable manner.

The Data Controller keeps a record of data protection incidents for the purpose of monitoring measures related to data protection incidents and informing Data Subjects. The record contains the following data:

the scope of personal data concerned;
the scope and number of data subjects;
the date of the data breach;
the circumstances and effects of the data breach;
measures taken to remedy the data protection incident.

The Data Controller shall retain the data contained in the register for a period of time calculated from the date of detection of the data protection incident, depending on the retention period applicable to the data affected by the incident.

LEGAL ENFORCEMENT

The Data Controller shall make every effort to ensure that personal data is processed in accordance with the law, but if the Data Subject feels that this has not been complied with, they may write to the above e-mail address or postal address.

If the Data Subject feels that their right to the protection of personal data has been violated, they may seek legal remedy from the competent authorities in accordance with the applicable legislation.

NAIH (address: 1055 Budapest, Falk Miksa utca 9-11.; postal address: 1363 Budapest, Pf.: 9.; e-mail: ugyfelszolgalat@naih.hu; URL: http://naih.hu; telephone: +36 (30) 683-5969,+36 (30) 549-6838,+36 (1) 391 1400; fax: +36 (1) 391 1410)
In the event of legal action against the data controller/data processor, the Data Subject may, in accordance with the rules of jurisdiction and competence set out in Act CXXX of 2016 on Civil Procedure, depending on the subject matter and value of the claim, bring the case before the court or district court/county court with jurisdiction over the defendant's registered office.district court,

and pursuant to Section 23(3) of the Infotv., the Data Subject shall also be entitled to bring an action before the court having jurisdiction over his or her place of residence or place of stay, at his or her discretion.

OTHER PROVISIONS

This information notice is governed by the provisions of the GDPR and Hungarian law, in particular the provisions of the Infotv.

Füzér, December 14, 2023.

SUPERNOVA INTERTRANS Ltd.

Data controller

DATA PROCESSING INFORMATION FOR USERS

Data Processing Information

Data Processing Information

The supernova.bilk.hu users

Effective: April 21, 2019.

Introduction

This data processing notice ("Notice") is to provide you with detailed information about Supernova Intertrans Kft. (registered office: 3996 Füzér, Árpád út 2.; tax number: 25836680-2-05; company registration number: 05-09-029451), hereinafter referred to as "Supernova Intertranshttp:// supernova.bilk.hu .

At Supernova Intertrans, we are committed to protecting your personal data and consider it extremely important to respect your right to informational self-determination. Supernova Intertrans treats personal data confidentially and takes all necessary security, technical, and organizational measures to guarantee the security of your data. Supernova Intertrans processes your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation or GDPR) and other applicable legal provisions.

We recommend that you read this Notice carefully so that you are aware of all the facts and information relating to the processing of your personal data. The provision of personal data is voluntary.

Who are we?

Name of data controller: Supernova Intertrans Kft.

Headquarters: 3996 Füzér, Árpád út 2.

Company registration number: 05-09-029451

e-mail: info@supernova.bilk.hu

phone number: +36 70 704 4926

Which services and persons does this Notice apply to?

The scope of the Information Notice extends to http:// supernova.bilk.hu and use any of the services offered on that site (hereinafter: "You").

Which services and data processing operations are not covered by this Privacy Policy?

4.1 Social media

If you tag, follow, etc. the website or us on a social media site in any way, you authorize us to access certain personal data from your profile on that social media site (e.g., name, email address, photo, gender, birthday, location, list of friends, people you follow and/or who follow you, comments or likes, i.e. "likes"). However, social media sites operate independently of us and have their own privacy policies, so the activities carried out on them and the personal data and information provided there are governed not by this Policy, but by the data processing policy of the provider of the social media site in question. For more information on how to customize your privacy settings on social media sites and how social media sites handle your personal data, please review their privacy guidelines, privacy policies, and terms of use.

4.2 Links

The website contains links to pages that are not managed by us (e.g., websites of other companies belonging to the same group), to which this Notice does not apply and which may have different levels of data protection. These pages are completely independent of us, so we recommend that you review the relevant privacy policies before providing any personal data on such sites or using the services of such sites, as we are not responsible for them and do not control the procedures by which personal data is collected, used, made available, or otherwise handled on these sites.

Measurements

We would like to inform you that we use Google Analytics, Google Remarketing, AdWords Conversion Tracking, and Facebook Remarketing programs to measure traffic to our website and its subpages, monitor visitor behavior, compile statistics, and measure the effectiveness of our advertisements. The aforementioned programs place cookies on the user's computer, which collect user data. Visitors to the website (you) authorize Supernova Intertrans to use Google Analytics, Google Remarketing, AdWords Conversion Tracking, and Facebook Remarketing programs. They also consent to Supernova Intertrans monitoring and tracking their user behavior and using all services provided by the programs. In addition, users have the option to disable cookie data recording and data storage for the future at any time, as described below.

We would like to inform our users that the settings and use of Google Analytics, Google Remarketing, AdWords Conversion Tracking, and Facebook Remarketing programs fully comply with the requirements of the data protection authority. According to Google, Google Analytics mainly uses first-party cookies to report visitor interactions on your website. These cookies only record information that cannot be used to identify individuals. Browsers do not share their own cookies between domains. Further information about cookies can be found in Google's Advertising and Privacy FAQ. Google Analytics: The Data Controller primarily uses the Google Analytics program to generate statistics, including measuring the effectiveness of its campaigns. By using this program, the Data Controller mainly obtains information about how many visitors visited its Website and how much time the visitors spent on the Website. The program recognizes the visitor's IP address, so it can track whether the visitor is a returning or new visitor, and it can also track the visitor's path on the Website and where they entered. Google Remarketing: In addition to the usual Google Analytics data, the Data Controller also collects DoubleClick cookie data using the Google Remarketing program. The DoubleClick cookie enables the use of the remarketing service, which primarily ensures that visitors to the Website will later encounter the Data Controller's advertisements on free Google advertising spaces. The Data Controller uses the Google Remarketing program for its online advertisements. The Data Controller's advertisements are also displayed on websites by external service providers, such as Google. The Data Controller and external service providers, such as Google, use their own cookies (e.g., Google Analytics cookies) and third-party cookies (e.g., DoubleClick cookies) together to provide information based on users' previous visits to the Website and to optimize and display advertisements. Google AdWords conversion tracking: The purpose of Google AdWords conversion tracking is to enable the Data Controller to measure the effectiveness of AdWords ads. This is done using cookies placed on the User's computer, which remain for 30 days and do not collect personal data. Facebook Remarketing: The Data Controller uses Facebook's remarketing pixel to increase the effectiveness of Facebook ads for the purpose of building a so-called remarketing list. This allows external providers, such as Facebook, to display ads on websites after a visit to the Website. Remarketing lists are not suitable for personal identification. They do not contain any personal data about the visitor, but only identify the browser software.

What do the individual terms mean, and what are the most important principles?

6.1 Key terms

"data processing": any operation or set of operations performed on personal data or data files, whether automated or not, including collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

"data processor" means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller (in this case, Supernova Intertrans);

"data controller" means the natural or legal person, public authority, agency, or any other body that, alone or jointly with others, determines the purposes and means of the processing of personal data (in this case, Supernova Intertrans);

"data breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed (e.g., unauthorized access to an account created on the website);

"Personal data" means any information relating to an identified or identifiable natural person ("data subject"

"Data subject" means any natural person who can be identified or identified. A natural person is identified or identifiable if they can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

6.2 Supernova Intertrans's data protection principles regarding data processing

Supernova Intertrans, as data controller, is responsible for complying with the following:

process personal data lawfully, fairly, and in a transparent manner in relation to the data subject ("lawfulness, fairness, and transparency");
collects personal data only for specified, explicit, and legitimate purposes and does not process it in a manner incompatible with those purposes ("purpose limitation");
the personal data processed are adequate and relevant for the purposes of data processing and are limited to what is necessary ("data minimization");
personal data is accurate and, where necessary, kept up to date, and Supernova Intertrans takes all reasonable steps to ensure that personal data that is inaccurate, having regard to the purposes for which it was collected, is erased or rectified without delay ("accuracy");
stores personal data in a form that allows identification of data subjects only for as long as necessary to achieve the purposes of processing personal data ("limited storage");
processes personal data in such a manner that appropriate technical or organizational measures are applied to ensure the appropriate security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage ("integrity and confidentiality").

For what purpose and how do we process your personal data?

We process certain personal data about you for the purposes and on the legal bases set out in section 7.1.

However, in certain cases, your personal data may be processed for other purposes or on other legal grounds, such as compliance with a legal obligation to which Supernova Intertrans is subject (GDPR Article 6(1)(c)) or the legitimate interests of Supernova Intertrans or a third party (GDPR Article 6(1)(f)), even after you have withdrawn your consent. This may be the case, for example, if Supernova Intertrans needs your personal data to enforce a legal claim or to defend itself against a legal claim.

7.1 Contact form

Purpose of data processing: If you are a member of the http:// supernova.bilk.hu website with a quote, request for information, or for other contact purposes, we will process the personal data you provide there solely for the purpose of responding to your inquiries.

Legal basis for data processing: Your informed consent.

Scope of personal data processed: Personal data provided by you. (Such data includes: name, company name, email address, telephone number. Of these, the following are mandatory: name, email address)

Duration of data processing: 5 years after responding to the inquiry,

Data transfer: When submitting the contact form, the technical operation of the websites is carried out by Supernova Intertrans and the hosting company ……….(Registered office: Company registration number: Tax number:) also process personal data as data processors.

7.2. Contacting us

Purpose of data processing: If you contact Supernova Intranet via one of the contact details provided on the website or in person to request information or for any other reason, we will process the personal data you provide solely for the purpose of responding to your enquiry or sending you feedback.

Legal basis for data processing: Your informed consent.

Scope of personal data processed: The personal data you provide.

Duration of data processing: If you withdraw your consent or request the deletion of your data, we will delete your personal data from the system. In the absence of a withdrawal of consent or a request for deletion, we will process your personal data for 5 years after responding to your inquiry.

7.3. Complaint handling

Purpose of data processing: If you personally submit a consumer complaint to Supernova Intertans by filling out the online contact form or by calling our customer service number, we will process the personal data you provide for the purpose of responding to, handling, and fulfilling your complaint.

Legal basis for data processing: Compliance with legal obligations.

Scope of personal data processed: Supernova Intetrans stores the personal data you provide and, in addition, your IP address and the exact time of receipt of the form when you fill out the online contact form.

Duration of data processing: In accordance with Act CLV of 1997 on consumer protection, Supernova Intertrans is required to retain the complaint report and the response to it for 5 years.

7.4. Quotation

Purpose of data processing: We will send you a quote for Supernova Intertrans services by email or in person upon your request in order to conclude a contract. Subsequently, in order to create or fulfill the contract, we may contact you at the phone number or email address you provided for the purpose of contacting you regarding the quote sent to you.

Legal basis for data processing: Performance of a contract

Scope of personal data processed: The personal data you provide, primarily your name, email address, telephone number, and address.

Duration of data processing: We will process your personal data required for sending the quotation for 5 years after sending the quotation if no contract is concluded on the basis thereof.

Transfer of your personal data

We do not supplement or combine personal or other data provided by our visitors with data or information from other sources. We will not disclose or transfer personal data provided by our visitors to third parties under any circumstances without prior consent.

Do we use automated decision-making or profiling?

Supernova Intertrans does not use automated decision-making or profiling in relation to your personal data.

What cookies do we use?

http:// supernova.bilk.hu uses cookies. For information about the types of cookies we use, their functions, the data they collect, and their lifetime, please visit http:// supernova.bilk.hu cookie-informaciok/ link.

What rights do you have?

Pursuant to Articles 15-20 of the GDPR, you have the right to request from Supernova Intertrans regarding your personal data processed by Supernova Intertrans

access personal data;
request the correction of personal data;
request the deletion of personal data;
request the restriction of the processing of personal data;
object to the processing of your personal data;
receive personal data and transfer it to another data controller, provided that the legal conditions for this are met (right to data portability, see below ‎point 6 below);
if the processing of personal data is based on your consent, you may withdraw your consent at any time

You may submit your request to exercise the above rights to contact details indicated incontact details indicated in point 2. Supernova Intertrans will provide information on the measures taken in response to the request without undue delay, but generally within 1 month of receiving the request. If Supernova Intertrans does not take any action, it will provide information on the reasons for not taking action without undue delay, but no later than one month after receiving the request. If you disagree with Supernova Intertrans' response or action, you have the right to seek legal remedy. Supernova Intertrans will inform all recipients with whom personal data has been shared of any corrections, deletions, or restrictions on data processing, unless this proves impossible or requires a disproportionate effort.

11.1 Right of access

You have the right to receive feedback from Supernova Intertrans regarding whether your personal data is being processed, and if such processing is taking place, you have the right to access your personal data and receive information about the circumstances of its processing. The requested information may include, among other things: the purposes of data processing; the categories of personal data; the categories of recipients to whom Supernova Intertrans has disclosed or will disclose the personal data; the planned duration of storage of the personal data; and, if the data was not collected directly from you, any available information about its source.

11.2 Correction

You have the right to request that Supernova Intertrans correct inaccurate personal data without undue delay and to request that incomplete personal data be supplemented.

11.3 Right to erasure (“right to be forgotten”)

You have the right to request that Supernova Intertrans delete your personal data without undue delay if any of the following reasons apply:

the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
if the consent on which the data processing is based is withdrawn and there is no other legal basis for the data processing;
You object to the processing of your data in accordance with Article 21 of the GDPR and there are no overriding legitimate grounds for the processing;
if Supernova Intertrans has processed personal data unlawfully;
if personal data must be deleted in accordance with the law.

Supernova Intertrans will not delete personal data if applicable law allows it, for example if data processing is necessary for the establishment, exercise, or defense of legal claims.

11.4 Right to restriction of processing

You have the right to request that Supernova Intertrans restrict data processing if any of the following conditions are met:

You dispute the accuracy of the personal data, in which case the restriction applies for the period that allows Supernova Intertrans to verify the accuracy of the personal data;
the processing is unlawful and you oppose the erasure of the data and request the restriction of their use instead;
Supernova Intertrans no longer needs the personal data for data processing purposes, but you require it for the establishment, exercise, or defense of legal claims; or
You have objected to the processing of your data; in this case, the restriction applies for as long as it takes to determine whether the legitimate grounds of the controller override those of the data subject.

In the event of restriction of data processing, the personal data affected by the restriction may only be processed, except for storage, with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State. Supernova Intertrans will inform you in advance of the lifting of the restriction.

11.5 Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data by Supernova Intertrans based on its legitimate interests. In this case, Supernova Intertrans may no longer process your personal data unless the data controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.

11.6 Right to data portability

Provided that it does not infringe on the rights and freedoms of others, you have the right to receive your personal data in a structured, commonly used, machine-readable format, and to have Supernova Intertrans transfer this data directly to another data controller if

the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract; and
data processing is automated, i.e., personal data is processed in an IT system and not on paper.

What legal remedies are available to you?

If you disagree with Supernova Intertrans's response or action, you may lodge a complaint with the National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c; telephone: +36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu), or you may contact any other supervisory authority or court in accordance with the GDPR.

Possible changes to the Prospectus

Supernova Intertrans may amend this Notice and its annexes. In such cases, Supernova Intertrans will publish the updated version. Supernova Intertrans will always provide appropriate information about any substantive changes.

If data processing activities are carried out, the purpose of the data processing and its legal basis must be clearly indicated; the authority does not like conditional methods. If data processing is carried out on the basis of a legal obligation, the legal provision must be indicated.

Personal data must be clearly indicated, as well as which of these are mandatory.

This is too long a period and cannot be justified. If, for example, only information is requested, a much shorter deadline (30 days) is recommended.

Contact us regarding data processing:

In person: 1239 Budapest, Európa utca 6.
By phone: +36 70 704 4926
By email: info@supernova.bilk.hu

We Never Stop

Deliver the future

Our goal is to develop Supernova Intertrans' international transport segment into a more customer-focused, flexible business that puts our customers at the center of everything we do.

Services

Home
About us
Career
Fleet
Sustainability strategy
NovaNews
Price quote
Contact

Menu

Home
About us
Career
Fleet
Sustainability strategy
NovaNews
Price quote
Contact

Learn more

Road freight transport
European Presence
Warehouse logistics
Customs services
Quality assurance
Privacy

Menu

Road freight transport
European Presence
Warehouse logistics
Customs services
Quality assurance
Privacy

Central telephone number

+36 70 344 0609

Career

+36 70 505 5023

Email

info@supernova.bilk.hu

ALL RIGHTS RESERVED © 2024 Supernova Intertrans KFT. | www.supernova.bilk.hu

English

Magyar