Privacy Policy

This Privacy Policy sets out how we, Institute of Isotopes Co., Ltd, collect, store and use information about our partners when they use our website, www.izotop.hu or enter into personal relation in connection with business with us. Our company respects the privacy and protection of personal data, and takes its responsibilities regarding the security of customer information very seriously. This Privacy Policy is effective from 25 May 2018.

Preamble

This section is about how we obtain, store and use information about our business partners. It focuses on providing general information to introduce the elements of the Policy and how we use legal regulation. Data controller: Company: Institute of Isotopes Co. Ltd. Registration number: 01-09-261264 Address: Konkoly Thege Miklós u.29-33, Budapest, H-1121 Hungary VAT number: HU10807262 Contact email in data protection matters: gdpr@izotop.hu
  • How we collect or obtain information about our Partners:
    • when our Partners provide it by contacting us,
    • occasionally from third parties.
  • Information we collect: name, contact details, IP address, information about our Partners computer or device (e.g. device and browser type), the geographical location from which our Partners accessed our website (based on our Partners’ IP address), company name or business name (if applicable) and VAT number (if applicable).
  • How we use our Partners’ information: for administrative and business purposes (particularly to contact them), to improve our business, to fulfill our contractual obligations and in connection with our legal rights and obligations.
  • Disclosure of our Partners’ information to third parties: only to the extent necessary to run our business, to our service providers, to fulfill any contracts we enter into with them, where required by law or to enforce our legal rights.
  • Do we sell the information to third parties (other than in the course of a business sale or purchase or similar event): No
  • How long we retain the information: for no longer than necessary, taking into account all legal obligations we have (e.g. to maintain records for tax purposes), any other legal basis we have for using the information (e.g. Partner’s consent, performance of a contract or our legitimate interests as a business).
  • How we secure the information: by using appropriate technical and organizational measures such as storing the information on secure servers, encrypting transfers of data to or from our servers using Secure Sockets Layer (SSL) technology, only granting access to the information where necessary.
  • Transfers of the information outside the European Union: in certain circumstances we transfer the information outside of the European Union in order to fulfill our contractual obligations. We have business relationships in more than 80 countries and we do every reasonable step to ensure the security of the personal data of our Partners.
  • Use of automated decision-making and profiling: We do not use automated decision-making and profiling in our system.
  • The Partners’ rights in relation to their information
    • to have an access to the information and to receive information about its use
    • to have their information corrected and/or completed
    • to have the information deleted
    • to restrict the use of the information
    • to receive the information in a portable format
    • to object to the use of the information
    • to withdraw their consent to the use of the information
    • to complain to the relevant authority supervising this activity
  • Sensitive personal information: we do not collect sensitive personal information. Please do not submit this information to us.

Information we collect when visiting our website

We do not collect any information about the visitors of our website. Web server log information We do not use a third party server to host our website. Our website server automatically logs the IP address the use to access our website as well as other information about the visit such as the pages accessed, information requested, the date and time of the request, the source of the access to our website (e.g. the website or URL (link) which referred the to our website) and the browser version and operating system. Use of website server log information for IT security purposes We and our third party hosting provider collect and store server logs to ensure network and IT security and so that the server and website remain uncompromised. This includes analyzing log files to help identify and prevent unauthorized access to our network, the distribution of malicious code, denial of service attacks and other cyber-attacks, by detecting unusual or suspicious activity. Unless we are investigating suspicious or potential criminal activity, we do not make any attempt to identify you from the information collected via server logs. Legal basis for processing: compliance with a legal obligation to which we are subject (Article 6(1)(c) of the General Data Protection Regulation). Legal obligation: we have a legal obligation to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of our processing of information about individuals. Recording access to our website using server log files is such a measure. Legal basis for processing: our and a third party’s legitimate interests (Article 6(1)(f) of the General Data Protection Regulation). Legitimate interests: we have a legitimate interest in using the information for the purposes of ensuring network and information security. Cookies Institute of Isotopes Co., Ltd does not use cookies on its website.

Information we collect when a partner contacts us

Email When our Partners send an email to us or we initiate a connection with them, we collect the email address and any other information provided in that email (such as name, telephone number and any other information which can be found in the signature block of the email). Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation). Legitimate interest(s): responding to enquiries and messages we receive and keeping records of correspondence Legal basis for processing: necessary to perform a contract or to take steps at our Partners’ request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation). Phone When a Partner contacts us by phone, we collect the phone number and any information provided to us during the conversation. We do not record phone calls. Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation). Legitimate interest(s): responding to enquiries and messages we receive and keeping records of correspondence. Legal basis for processing: necessary to perform a contract or to take steps at request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation). Post If you contact us by post, we will collect any information you provide  us with any postal communications you send us. Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation). Legitimate interest(s): responding to enquiries and messages we receive and keeping records of correspondence. Personal meeting If you contact us personally we collect your business card and keep it to maintain business relationship. Your personal data will be used only for the purpose for which you have given it to us. We shall only keep your information for as long as we are either required to by law or as is relevant for the purposes for which it was collected. Upon your request we delete your data, you can inform us any time and we shall act accordingly. Legal basis for processing: your definite consent (Article 6(1)(a) of the General Data Protection Regulation) and our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation). Legitimate interest(s): responding to enquiries and messages we receive and keeping records of correspondence.

Information collected or obtained from third parties

It occurs that we receive information about Partners from third parties. The third parties from which we receive information about you will generally include other businesses in our industry around the world. We also receive personal details regarding their employees primarily to facilitate business. It is also possible that third parties with whom we have had no prior contact may provide us with information about you. Information we obtain from third parties will generally be the name and contact details of the Partners’ employees, but can include any additional information which they provide to us. It could be necessary to perform a contract in order to provide products or services. Legal basis for processing: necessary to perform a contract or to take steps at request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation). Legal basis for processing: consent (Article 6(1)(a) of the General Data Protection Regulation). Consent: If a partner asks a third party to share information about him with us and the purpose of sharing that information is not related to the performance of a contract or services by us to him, we will process the information on the basis of the partner’s consent. Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation). Legitimate interests: where a third party has shared information about you with us and you have not consented to the sharing of that information, we will have a legitimate interest in processing that information in certain circumstances. For example, we would have a legitimate interest in processing the information to perform our obligations under a sub-contract with the third party, where the third party has the main contract with the partner. Our legitimate interest is the performance of our obligations under our sub-contract. Similarly, third parties may pass on information about you to us if you have infringed or potentially infringed any of our legal rights. In this case, we will have a legitimate interest in processing that information to investigate and pursue any such potential infringement. If we receive information about you from a third party by mistake and we do not have a legal basis for processing that information, we will delete the information. Information obtained by us from third parties In special occasions, for example, to verify the information we get about the Partner or to complete missing information we require to provide a service, we will obtain information from publicly accessible sources, company register, online customer databases, business directories and websites. Legal basis for processing: necessary to perform a contract or to take steps at request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation). Reason why necessary to perform a contract: where you have entered into a contract or requested that we enter into a contract with you, in certain circumstances, we will obtain information about you from public sources in order to enable us to provide products and services to the Partner. For example, we would verify the email address from the Partner’s website or from a directory when we are asked to send information by email but we do not possess the information or we need to confirm that we have recorded the email address correctly. Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation). Legitimate interests: in certain circumstances, we will have a legitimate interest in obtaining information about Partners from public sources. For example, if there is a suspicion that someone has infringed any of our legal rights, we will have a legitimate interest in obtaining and processing information about the Partner from such sources in order to investigate and pursue any suspected or potential infringement.

Disclosure and additional use of the information

Disclosure of information to service providers We use third parties to provide us with services which are necessary to run our business. These include the following:
  • IT service provider in Hungary
  • Sub-contractors for the projects in Hungary
Partner information will be shared with these service providers where necessary to provide you with the service you have requested, whether that is accessing our website or ordering goods and services from us. If you would like further information about our service providers, please contact us directly via email (gdpr@izotop.hu) and we will provide you with such information where you have a legitimate reason for requesting it. Legal basis for processing: legitimate interests (Article 6(1)(f) of the General Data Protection Regulation). Legitimate interest relied on:  we share the information with these third parties where is necessary to perform a contract, we will share the information with such third parties in order to allow us to run and manage our business efficiently. Legal basis for processing: necessary to perform a contract and/or to take steps at request prior to entering into a contract (Article 6(1)(b) of the General Data Protection Regulation). Tax authority We share information with Hungarian Tax Authority for tax purposes. Lawyers It happens that we obtain advice from our lawyers. We will share the concerned Partner’s information with these third parties only where it is necessary to enable these third parties to be able to provide us with the relevant advice. Our lawyers are located in Hungary. Business partners We share information with our business partners if it is requested in order to provide the necessary products or services. Our business partners are located in more than 80 countries and limited to the business areas where we offer our products and services. Insurance companies and shipping companies We will share information with our insurance companies and shipping companies where it is necessary to do so, for example in relation to a claim or potential claim we receive or make or under our general disclosure obligations under our insurance contract with them or in order to ensure the dispatch/shipping of the products. The insurance companies are located in Hungary but the shipping companies can be located in any other countries. Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation). Legitimate interest: running and managing our business effectively. Legal basis for processing: necessary to perform a contract or to take steps at request prior to entering into a contract] (Article 6(1)(b) of the General Data Protection Regulation).

Disclosure and use of the information for legal reasons

Institute of Isotopes Co., Ltd will use the data of its Partners for legal reasons in the following cases:
  • Indicating possible criminal acts or threats to public security to a competent authority (e.g. fraud, cyber-crime, malicious communication if a Partner is involved in such an incident)
Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation). Legitimate interests: preventing suspected criminal activity.
  • In connection with the enforcement or potential enforcement of our legal rights (e.g. debt collection, arbitration action)
Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation). Legitimate interest: taking steps to enforce our legal rights.
  • For compliance with laws, regulations and other legal requirements (to fulfill the legal obligations in Hungary and in the EU)
Legal basis for processing: compliance with a legal obligation (Article 6(1)(c) of the General Data Protection Regulation).

How long do we keep the information?

Correspondence and enquiries: when a partner makes an enquiry or corresponds with us for any reason, whether by email or by phone or letter, we will retain the information for as long as we fulfill the service or solve the problem, and for 10 further years and after this we delete the information. Order information: we keep information in relation to the orders for 10 years in accordance with our obligation to keep tax records and to defend against legal claims. Product dispatch records and project files: we keep the records for the working lifetime of the product and for further years up to 10 years and then delete them. In any other cases, we will keep the data for not longer than necessary, but we consider the following:
  • the purpose(s) and use of the information both now and in the future (such as whether it is necessary to continue to store that information in order to continue to perform our obligations under a contract or to contact with the partner in the future);
  • whether we have any legal obligation to continue to process the information (such as any record-keeping obligations imposed by relevant law or regulation);
  • whether we have any legal basis to continue to process the information (such as the consent of the partner);
  • any relevant facts, e.g. what is the relationship between our partner and us.

How do we secure the information?

We take appropriate technical and organizational measures to secure the information and to protect it against unauthorized or unlawful use and accidental loss or destruction, including:
  • only sharing and providing access to the information to the minimum extent necessary, subject to confidentiality restrictions where appropriate;
  • using secure servers to store the information;
  • verifying the identity of any individual who requests access to information prior to granting them access to information.
Transmission of information to us by email Transmission of information over the internet is not entirely secure, and if partners submit any information to us over the internet, they do so entirely at their own risk. We cannot be responsible for any costs, expenses, loss of profits, harm to reputation, damages, liabilities or any other form of loss or damage suffered by the partner as a result of the decision to transmit information to us by such means.

Transfers of the information outside the European Union

It is possible that in the course of business we need to transfer our Partner’s information to other countries outside of the EU. Israel and Canada are considered ‘adequate’ countries for the purpose of EU data protection law and we therefore do not need to put any additional safeguards in place. In the case we transfer personal data to any non-EU country which is not subject to such an adequacy decision, we will take appropriate measures (e.g. standard contractual clauses, obtain consent, rely on contractual necessity).

Data owner’s rights in relation to retained information

  • to request access to the information;
  • to request the correction or deletion of the information;
  • to request that we restrict our use of the information;
  • to receive information which the Partner have provided to us in a structured, commonly used and machine-readable format and the right to have that information transferred to another data controller (including a third party data controller);
  • to object to the processing of the information for certain purposes
  • to withdraw the consent to our use of the information at any time where we rely on the partner’s consent to use or process that information. Please note that if the partner withdraws the consent, this will not affect the lawfulness of our use and processing of the information on the basis of the consent before that date when the partner withdraw the consent.
  • to lodge a complaint to our supervisory authority, the Hungarian National Authority for Data Protection and Freedom of Information, Budapest, Hungary (privacy@naih.hu)
Further information on the rights in relation to the personal data as an individual Our partners can also find out further information about the rights, as well as information on any limitations which apply to those rights, by reading the underlying legislation contained in Articles 12 to 22 and 34 of the General Data Protection Regulation, which is available here: eur-lex.europa.eu/legal-content/EN Verifying the partner’s identity when requesting access to the information When a partner request access to the information, we are required by law to use all reasonable measures to verify the identity of the person before doing so. These measures are designed to protect the information and to reduce the risk of identity fraud, identity theft or general unauthorized, access to the information. If we have insufficient information about the person, we may require original or certified copies of certain documentation in order to be able to verify the identity before we are able to provide the access to the information.

Cookies help us deliver our services. By using our services, you agree to our use of cookies. More Information

Happy Easter!