PreambleThis section is about how we obtain, store and use information about our business partners. It focuses on providing general information to introduce the elements of the Policy and how we use legal regulation. Data controller: Company: Institute of Isotopes Co. Ltd. Registration number: 01-09-261264 Address: Konkoly Thege Miklós u.29-33, Budapest, H-1121 Hungary VAT number: HU10807262 Contact email in data protection matters: firstname.lastname@example.org
- How we collect or obtain information about our Partners:
- when our Partners provide it by contacting us,
- occasionally from third parties.
- Information we collect: name, contact details, IP address, information about our Partners computer or device (e.g. device and browser type), the geographical location from which our Partners accessed our website (based on our Partners’ IP address), company name or business name (if applicable) and VAT number (if applicable).
- How we use our Partners’ information: for administrative and business purposes (particularly to contact them), to improve our business, to fulfill our contractual obligations and in connection with our legal rights and obligations.
- Disclosure of our Partners’ information to third parties: only to the extent necessary to run our business, to our service providers, to fulfill any contracts we enter into with them, where required by law or to enforce our legal rights.
- Do we sell the information to third parties (other than in the course of a business sale or purchase or similar event): No
- How long we retain the information: for no longer than necessary, taking into account all legal obligations we have (e.g. to maintain records for tax purposes), any other legal basis we have for using the information (e.g. Partner’s consent, performance of a contract or our legitimate interests as a business).
- How we secure the information: by using appropriate technical and organizational measures such as storing the information on secure servers, encrypting transfers of data to or from our servers using Secure Sockets Layer (SSL) technology, only granting access to the information where necessary.
- Transfers of the information outside the European Union: in certain circumstances we transfer the information outside of the European Union in order to fulfill our contractual obligations. We have business relationships in more than 80 countries and we do every reasonable step to ensure the security of the personal data of our Partners.
- Use of automated decision-making and profiling: We do not use automated decision-making and profiling in our system.
- The Partners’ rights in relation to their information
- to have an access to the information and to receive information about its use
- to have their information corrected and/or completed
- to have the information deleted
- to restrict the use of the information
- to receive the information in a portable format
- to object to the use of the information
- to withdraw their consent to the use of the information
- to complain to the relevant authority supervising this activity
- Sensitive personal information: we do not collect sensitive personal information. Please do not submit this information to us.
Information we collect when a partner contacts usEmail When our Partners send an email to us or we initiate a connection with them, we collect the email address and any other information provided in that email (such as name, telephone number and any other information which can be found in the signature block of the email). Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation). Legitimate interest(s): responding to enquiries and messages we receive and keeping records of correspondence Legal basis for processing: necessary to perform a contract or to take steps at our Partners’ request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation). Phone When a Partner contacts us by phone, we collect the phone number and any information provided to us during the conversation. We do not record phone calls. Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation). Legitimate interest(s): responding to enquiries and messages we receive and keeping records of correspondence. Legal basis for processing: necessary to perform a contract or to take steps at request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation). Post If you contact us by post, we will collect any information you provide us with any postal communications you send us. Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation). Legitimate interest(s): responding to enquiries and messages we receive and keeping records of correspondence. Personal meeting If you contact us personally we collect your business card and keep it to maintain business relationship. Your personal data will be used only for the purpose for which you have given it to us. We shall only keep your information for as long as we are either required to by law or as is relevant for the purposes for which it was collected. Upon your request we delete your data, you can inform us any time and we shall act accordingly. Legal basis for processing: your definite consent (Article 6(1)(a) of the General Data Protection Regulation) and our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation). Legitimate interest(s): responding to enquiries and messages we receive and keeping records of correspondence.
Information collected or obtained from third partiesIt occurs that we receive information about Partners from third parties. The third parties from which we receive information about you will generally include other businesses in our industry around the world. We also receive personal details regarding their employees primarily to facilitate business. It is also possible that third parties with whom we have had no prior contact may provide us with information about you. Information we obtain from third parties will generally be the name and contact details of the Partners’ employees, but can include any additional information which they provide to us. It could be necessary to perform a contract in order to provide products or services. Legal basis for processing: necessary to perform a contract or to take steps at request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation). Legal basis for processing: consent (Article 6(1)(a) of the General Data Protection Regulation). Consent: If a partner asks a third party to share information about him with us and the purpose of sharing that information is not related to the performance of a contract or services by us to him, we will process the information on the basis of the partner’s consent. Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation). Legitimate interests: where a third party has shared information about you with us and you have not consented to the sharing of that information, we will have a legitimate interest in processing that information in certain circumstances. For example, we would have a legitimate interest in processing the information to perform our obligations under a sub-contract with the third party, where the third party has the main contract with the partner. Our legitimate interest is the performance of our obligations under our sub-contract. Similarly, third parties may pass on information about you to us if you have infringed or potentially infringed any of our legal rights. In this case, we will have a legitimate interest in processing that information to investigate and pursue any such potential infringement. If we receive information about you from a third party by mistake and we do not have a legal basis for processing that information, we will delete the information. Information obtained by us from third parties In special occasions, for example, to verify the information we get about the Partner or to complete missing information we require to provide a service, we will obtain information from publicly accessible sources, company register, online customer databases, business directories and websites. Legal basis for processing: necessary to perform a contract or to take steps at request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation). Reason why necessary to perform a contract: where you have entered into a contract or requested that we enter into a contract with you, in certain circumstances, we will obtain information about you from public sources in order to enable us to provide products and services to the Partner. For example, we would verify the email address from the Partner’s website or from a directory when we are asked to send information by email but we do not possess the information or we need to confirm that we have recorded the email address correctly. Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation). Legitimate interests: in certain circumstances, we will have a legitimate interest in obtaining information about Partners from public sources. For example, if there is a suspicion that someone has infringed any of our legal rights, we will have a legitimate interest in obtaining and processing information about the Partner from such sources in order to investigate and pursue any suspected or potential infringement.
Disclosure and additional use of the informationDisclosure of information to service providers We use third parties to provide us with services which are necessary to run our business. These include the following:
- IT service provider in Hungary
- Sub-contractors for the projects in Hungary
Disclosure and use of the information for legal reasonsInstitute of Isotopes Co., Ltd will use the data of its Partners for legal reasons in the following cases:
- Indicating possible criminal acts or threats to public security to a competent authority (e.g. fraud, cyber-crime, malicious communication if a Partner is involved in such an incident)
- In connection with the enforcement or potential enforcement of our legal rights (e.g. debt collection, arbitration action)
- For compliance with laws, regulations and other legal requirements (to fulfill the legal obligations in Hungary and in the EU)
How long do we keep the information?Correspondence and enquiries: when a partner makes an enquiry or corresponds with us for any reason, whether by email or by phone or letter, we will retain the information for as long as we fulfill the service or solve the problem, and for 10 further years and after this we delete the information. Order information: we keep information in relation to the orders for 10 years in accordance with our obligation to keep tax records and to defend against legal claims. Product dispatch records and project files: we keep the records for the working lifetime of the product and for further years up to 10 years and then delete them. In any other cases, we will keep the data for not longer than necessary, but we consider the following:
- the purpose(s) and use of the information both now and in the future (such as whether it is necessary to continue to store that information in order to continue to perform our obligations under a contract or to contact with the partner in the future);
- whether we have any legal obligation to continue to process the information (such as any record-keeping obligations imposed by relevant law or regulation);
- whether we have any legal basis to continue to process the information (such as the consent of the partner);
- any relevant facts, e.g. what is the relationship between our partner and us.
How do we secure the information?We take appropriate technical and organizational measures to secure the information and to protect it against unauthorized or unlawful use and accidental loss or destruction, including:
- only sharing and providing access to the information to the minimum extent necessary, subject to confidentiality restrictions where appropriate;
- using secure servers to store the information;
- verifying the identity of any individual who requests access to information prior to granting them access to information.
Transfers of the information outside the European UnionIt is possible that in the course of business we need to transfer our Partner’s information to other countries outside of the EU. Israel and Canada are considered ‘adequate’ countries for the purpose of EU data protection law and we therefore do not need to put any additional safeguards in place. In the case we transfer personal data to any non-EU country which is not subject to such an adequacy decision, we will take appropriate measures (e.g. standard contractual clauses, obtain consent, rely on contractual necessity).
Data owner’s rights in relation to retained information
- to request access to the information;
- to request the correction or deletion of the information;
- to request that we restrict our use of the information;
- to receive information which the Partner have provided to us in a structured, commonly used and machine-readable format and the right to have that information transferred to another data controller (including a third party data controller);
- to object to the processing of the information for certain purposes
- to withdraw the consent to our use of the information at any time where we rely on the partner’s consent to use or process that information. Please note that if the partner withdraws the consent, this will not affect the lawfulness of our use and processing of the information on the basis of the consent before that date when the partner withdraw the consent.
- to lodge a complaint to our supervisory authority, the Hungarian National Authority for Data Protection and Freedom of Information, Budapest, Hungary (email@example.com)