Data protection guidance

Introduction

The protection of the personal data of visitors of the telekom.hu website and to ensure their right of informational self-determination is of utmost concern to Magyar Telekom Plc. Magyar Telekom Plc. is committed to process the visitors’ personal data in full compliance with the applicable legal rules and regulations to ensure the safe use of the internet. Magyar Telekom Plc. controls the personal data of visitors confidentially, in accordance with the legal regulations in force, ensures their security, takes technical and organizational measures and establishes procedural rules that are necessary to give effect to the relevant legal provisions and other recommendations.

In this Policy we set out the principles that govern our personal data protection rules and day-to-day practice, outline the services where we request personal data from our visitors, state for what purposes and how we use such data and how we ensure the retention and protection of personal data.

The data controlling and data protection rules applicable to subscribers of the internet service are contained in our General Terms and Conditions for the internet service.

When formulating this Policy we have taken into account the relevant legislation in force and the most important international recommendations, in particular the following:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 (GDPR.).
  • Act CXII of 2011 on the right to information self-determination and freedom of information (Info Act).
  • Act VI of 1998 on the protection of individuals with regard to the automated processing of personal data.
  • Act C. of 2003 on Electronic Communications (Eht.).
  • Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Services Related to the Information Society (Eker. Act).
  • Decree 4/2012. (I. 24.) of the National Media and Info-Communications Authority on the rules pertaining to data protection and confidentiality obligations related to electronic communications services, special requirements for data processing and confidentiality, for the security and integrity of services, for the management of traffic and billing data, for the display of the caller ID and call forwarding (Akr.);
  • Decree 2/2015. (X. 30.) of the National Media and Info-Communications Authority on the detailed rules of the conclusion of electronic communications subscription contracts (Eszr.)
  • Act CXIX of 1995 on the management of name and address data for the purpose of research and direct marketing (DM. Act).
  • The operational, ethical and procedural rules of the Association of Hungarian Content Providers regarding content provision, in particular Annex 2 on the management and protection of personal data and information.
  • Recommendations of the Online Privacy Alliance.

If any of our visitors has any further question or problem with the provisions of this Policy, or would make a comment on a given provision that is partly or is not completely clear or needs to be explained, please contact our colleague responsible for personal data protection matters:

Magyar Telekom Plc.

Postal address: 1097 Budapest, Könyves Kálmán krt. 36.
Data Protection Officer: dr. Attila Puskás
E-mail:dpo@telekom.hu

Upon request of our visitors we provide detailed information about the personal data processed, the purpose, legal basis, duration and activities related to the data processing, in accordance with specific request.

Magyar Telekom Plc. undertakes to notify the visitors of telekom.hu/lakossagi in advance of any changes of its principles and practices regarding the personal data controlling, so that they are always adequately and continuously informed on the principles and practices applied in the entire area of the telekom.hu/otthoni-portál website. Magyar Telekom Plc. hereby undertakes that this personal data controlling and processing Policy always reflects the principles and actual practice applied.

Go to the top of the page

Definition of terms on personal data

personal data:
personal data means any information relating to an identified or identifiable natural person (“Subscriber”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

data controlling:
this refers to an operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

data controller:
data processor means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by EU or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

data processor:
data processor means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the Service Provider;

Go to the top of the page

Principles and legal basis of data controlling

Principles of personal data processing:

(a) it must be realized lawfully, fairly and in a transparent manner (“lawfulness, fairness and transparency”);
(b) it must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (“purpose limitation”);
(c) it must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimization”).;
(d) it must be be accurate and, where necessary, kept up to date; all reasonable measures must be taken to ensure that personal data which are inaccurate for the purposes of processing are erased or rectified without delay ("accuracy");
(e) it must be stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed ("limited storage capacity");
(f) it must be processed in such a way that ensures by appropriate technical or organizational measures the adequate security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage ("integrity and confidentiality").

In all its data controlling activities the Company acts in accordance with the above principles and takes the necessary measures in order to be able to demonstrate compliance with the principles of data controlling (“accountability”).

Legal basis for the processing of personal data:

Data processing can only be performed if the appropriate legal basis is ensured. In the absence of an appropriate legal basis, data controlling cannot be lawfully performed.

Such legal basis could be:

  • that the data controlling was based on the provisions of law, i.e. necessary for the fulfillment of legal obligations concerning Magyar Telekom (e.g. fulfillment of tax and accounting obligations, certain mandatory provisions of the Eht.),
  • that the subscriber has given his or her consent to one or more specific purposes (e.g. direct marketing consent),
  • that it was based on the legitimate interest of Magyar Telekom (e.g. data controlling for fraud prevention, profiling),
  • that the data processing is necessary for the performance of a contract to which the data subject is a party or it is necessary to take steps upon request of the data subject prior to the conclusion of the contract; (for example to fulfill a subscription contract),
  • that the data processing is necessary to protect the vital interests of the data subject or another natural person (for example, data processing to search for a missing person)

Go to the top of the page

Rights of Data Subjects related to data controlling:

The Data Subject may request Magyar Telekom:
   a) to grant access to the Data Subject’s personal data,
   b) to rectify the personal data, and
   c) to erase or restrict the controlling of personal data - with the exception of mandatory data controlling.

Right to access:

The data subject is entitled to request information from Magyar Telekom whether the controlling of his or her personal data is in progress. If such data controlling is taking place the data subject is entitled to access the personal data. Magyar Telekom provides a copy of the personal data to the data subject, being the subject matter of the data controlling activity. For additional copies requested by the Data Subject, Magyar Telekom may charge a reasonable fee based on administrative costs. Where the Data Subject submits the request electronically, unless the Data Subject requests otherwise, the information shall be provided in a commonly used electronic format.

Right to rectification:

The Data Subject has the right to request Magyar Telekom to correct inaccurate personal data concerning him / her without undue delay.

Right to erasure:

The Data Subject is entitled to request Magyar Telekom to delete his or her personal data without undue delay and Magyar Telekom is obliged to do so in cases where:
   a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
   b) the data subject withdraws consent on which the processing is based according to Paragraph (a) of Article 6 (1), or Paragraph (a) of Article 9 (2) of the GDPR and there is no other legal ground for the processing;
   c) The data subject objects to processing of personal data concerning him or her based on Paragraph (1) of Article 21 of the General Data Protection Regulation and there is no compelling legitimate grounds for the processing which override the interests, or the Data Subject objects to processing of personal data concerning him or her based on Paragraph (2) of Article 21 of the GDPR;
   d) the personal data were processed in violation of the law;
   e) the personal data must be erased to fulfill the relevant legal requirements applicable to the Data Controller in the European Union or the member state;
   f) the personal data are collected in relation to offering information society services referred to in Paragraph (1) of Article 8 of the General Data Protection Regulation (conditions to obtain the consent of children).

Right to restriction of data processing:

The Data Subject has the right that upon his or her request Magyar Telekom restricts the data processing if one of the following applies:
   a) the accuracy of the personal data is contested by the data subject, for a period enabling the data controller to verify the accuracy of the personal data;
   b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
   c) the data controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims; or
   (d) the data subject has objected to the data controlling in accordance with Article 21 (1) of the General Data Protection Regulation; in this case, the restriction shall apply for as long as it is determined whether the legitimate interest of Magyar Telekom takes precedence over that of the person concerned.

Where data controlling has been restricted such personal data shall, with the exception of storage, only be controlled with the Data Subject's consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

Right to data portability:

The Data Subject shall have the right to receive the personal data concerning him or her, which he or she has provided to Magyar Telekom, in a structured, commonly used and machine-readable format and has the right to transmit those data to another data controller without hindrance from the controller to which the personal data have been provided, where: (i) the processing is based on consent pursuant to Paragraph (a) of Article 6 (1) of the General Data Protection Regulation or Paragraph (a) of Article 9 (2) or on a contract pursuant to Paragraph (b) of Article 6 (1); and (ii) the processing is carried out by automated means.

General rules of exercising rights by the Data Subject

Magyar Telekom shall inform the Data Subject on the relevant measures taken as a response to the Data Subject's request without undue delay, but no later than within one month upon receipt of the request. Where necessary and in consideration of the complexity and number of requests, this deadline can be extended with two more months. Magyar Telekom shall inform the Data Subject of the extension of the deadline, indicating the reasons for the delay, within one month from the receipt of the request. If the Data Subject files the request electronically the information - insofar as possible - shall be provided electronically, too, unless the Data Subject requests otherwise.

Magyar Telekom provides the Data Subject with the information and the measure free of charge. If the Data Subject’s request is manifestly unsubstantiated or - in particular due to its repeated occurrence - excessive, Magyar Telekom, in respect of the administrative costs arising from the provision of the requested information:
   a) may charge a reasonable fee, or
   b) may refuse to take the requested measure.

The burden of proof regarding the unsubstantiated or excessive nature of the request lies with Magyar Telekom.

If Magyar Telekom has reasonable doubts as to the identity of the natural person submitting the application, it may request the provision of additional information necessary to confirm the identity of the Data Subject.

Enforcement of rights:

If the Data Subject's rights are violated the Data Subject may turn to the competent court and file an official complaint against Magyar Telekom. The court shall adopt a decision in priority proceedings. Magyar Telekom shall be obliged to prove that the data controlling complies with the provisions of the law. The final decision on the case shall be made by the tribunal, in the capital by the Budapest-Capital Regional Court. The lawsuit can also be initiated before a court operating at the Data Subject's permanent address or place of residence.

Magyar Telekom shall compensate for damages caused by the unlawful processing of the Data Subject's data or the breach of data security requirements. Magyar Telekom shall be relieved from liability if it is able to provide evidence that the damage is the result of an unavoidable cause beyond the scope of data processing. No compensation shall be paid if the damage was caused by intentional or serious negligent conduct on the part of the aggrieved party.

In the event that the Data Subject have complaints on the processing of his or her personal data the complaint can also be filed with the Hungarian National Authority for Data Protection and Freedom of Information (dr. Attila Péterfalvi, Chairman of the National Data Privacy and Freedom of Information Authority, postal address: 1530 Budapest, PO Box: 5., address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c, Telephone: +36 (1) 391-1400; Fax: +36 (1) 391-1410; E-mail: ugyfelszolgalat@naih.hu; website: www.naih.hu).

Go to the top of the page

Interpretative notes on the processing of personal data

Visitors of the telekom.hu website can normally enter the website without revealing their identity or provide any personal data. However, there are sites and occasions when the full use of the service offered by telekom.hu/lakossagi may require the provision or knowledge of certain personal data of visitors (such as their name, postal address or e-mail address).

Personally identifiable data and information means personal data about natural persons, which can be used to identify someone in person, to communicate with someone, or to determine someone's contact information, including but not limited to: name, home address, postal address , phone number, fax number, e-mail address, bank qualification, social security number, tax authority ID, credit card information, customer profiles, biometric identifiers.

Anonymous information collected with the exclusion of personal identification without the possibility to be linked to a natural person is not considered personal data, nor demographic data that is collected without being linked to the personal data of identifiable persons and therefore no connection can be made with the natural person.

By personal data provided by a third party - based on the necessary consent - we mean data, information that are suitable to identify a given person who uses the service, i.e. the visitor, but which the service provider collects and provides with the contribution of third parties in compliance with legal regulations.

As a general principle, in all cases where we request personal data from our visitors, they are free to decide whether to provide the requested information after reading and interpreting the required information text. However, it should be noted that if someone does not provide personal data, they may sometimes not be able to use the service the provision of which is linked to the provision of such information.

Under no circumstances will Magyar Telekom Plc. collect any special data relating to racial origin, national or ethnic origin, political opinion or party affiliation, religious or other beliefs, state of health, pathological passion, sexual life or criminal history.

This Policy is related to the protection of the visitors’ personal data and not to those that visitors intend to disclose. If someone voluntarily discloses all or part of their personal data such information is not covered by this Policy.

During the registration required to use some of our services we also ask our visitors for basic demographic data (age, gender, education, occupation, marital status, place of residence). We use such data for analytical purposes on the one hand, and to improve the quality of our services on the other hand as well as to facilitate the provision of services to the satisfaction of our visitors.

If we ask our visitors to register on certain webpages of telekom.hu, we will always indicate which data, for what purpose and under what conditions are required as "mandatory". The mandatory term in this case does not refer to the mandatory nature of data collection, but to the fact that there are records without which the registration cannot be completed successfully, so omission or incorrect completion of certain fields may lead to rejection of the registration.

If certain services and webpages of telekom.hu/lakossagi are produced or operated by companies in a business relation with Magyar Telekom Plc. and within the frame of such services personal data are collected then such data are subject to Magyar Telekom Plc.’s use and data controlling operations, the same way as if the information was collected and stored by Magyar Telekom itself. In the course of such cooperation, the operating partner of Magyar Telekom Plc. - acting on behalf of and as the representative of Magyar Telekom Plc. - collects personal data, and the scope of this Policy extends to such cases as well. In this case, the partner acts as Magyar Telekom’s data processor, in which case the prior consent of the visitor is not required to make the data accessible. When telekom.hu maintains a co-branded service with a content partner, the right to use personal data is common, but the provisions of this Policy - in accordance with the rules for data controlling with the same content - remain valid. In the case of the data controlling mentioned above, the identity of the data controller shall be clearly indicated during the data provision.

Under no circumstances will we pass on the personal data provided by our visitors to third parties in the absence of a sufficient legal title.

However, in order to fully implement the services, it is sometimes necessary to transfer certain personal data of our visitors to third parties, on a temporary basis, with the necessary consent, for data processing purposes. If, for example, payment is made online on our service pages, the credit card number required for payment is not known to Telekom, it is provided directly by the customer to the financial service provider. If a purchase is made on the telekom.hu website and the purchased product is to be delivered to the customer, we will transfer it to our delivery partner - the name of the partner is indicated on the landing page of the service - including the product price, the name of the addressee, the serial number of the addressee's ID document (e.g. ID card number) and postal address, but our delivery partner may not use this information for purposes other than delivery. Such personal data must not be controlled without the data owner’s consent to the data transfer.

If the authorities request the service provider to transfer personal data in the manner prescribed by law (on suspicion of a criminal offense, in an official data seizure procedure), Magyar Telekom Plc. shall provide the requested and available information in compliance with its legal obligation. If our visitors provide us with personal data, we will take all necessary steps to ensure the security of this data - both during network communication (i.e. online data controlling) and during data retention and storage (i.e. offline data controlling).

In the case of services that require personal information to be sent to our customers online in order to use the service, we provide a channel (SSL-based connection) that provides adequate protection for such messages.

Once the personal data has been entered into Magyar Telekom Plc.'s IT infrastructure, the tasks, principles, procedures and security controls related to data retention and protection, as laid down in Magyar Telekom Plc.'s IT Security Policy and IT Security Regulations, must be observed by all employees.

Personal data can only be accessed by persons holding competent positions - subject to high levels of access controls.

Regarding the controlling of their personal data and the exercise of their rights under the EU General Data Protection Regulation, any subscriber and user of Magyar Telekom Plc. may contact the data protection officer. Reports to the data protection officer can be made in the Hungarian language.

Magyar Telekom Plc.

Postal address: 1097 Budapest, Könyves Kálmán krt. 36.
Data Protection Officer: dr. Attila Puskás
E-mail:dpo@telekom.hu

Go to the top of the page

Management of children's personal data

Although telekom.hu does not currently offer a service specifically for children under the age of 14, it hereby declares that it does not collect or process personal data about children under the age of 14. If there is a need to process the personal data of a child under the age of 14 on the visitor site, it is only possible to record such data if we receive a lawfully issued verifiable form of parental or other legal representative’s consent. In the absence of such authorization, we will not record children's personal information (even if the service cannot be used without it).

Go to the top of the page

Ensuring different options (sign up and unsubscribe)

In compliance with the relevant legal regulations, telekom.hu undertakes to send messages or newsletters to its customers only upon the prior request of the customers simultaneously ensuring the possibility of terminating such communication services. Customers who, upon subscribing to the newsletter service offered on our sites, may decide at any time that they no longer wish to receive the newsletters and may cancel the service.

Sending special offers

In the course of the use of our registration and subscription services we send a welcome message to our new customers, in which we sometimes provide important information about the service (such as confirmation of the username and password). Subject to our customers’ consent, from time to time we send out circulars with information about our new services, special offers, etc. If our customers do not wish to receive such promotional emails they may refuse their receipt at any time.

Notification of changes of the content of services

If we have to provide information to our customers about changes in the content, quality or the use of a given service we will notify our customers in compliance with our information obligation to observe and enforce the interests of visitors. Such service notifications will be sent to all of our customers, and such "notification list" cannot be unsubscribed because it fulfills basic communication needs to supply visitor-related information about the service. However, telekom.hu undertakes to use such communication facilities only to the extent necessary and not to use them for marketing purposes.

In connection with certain services of telekom.hu, from time to time we send out information materials to our customers to provide news about the novelties of our services. Customers who do not wish to receive such emails may opt out of this information service at any time by sending an email to that effect.

Go to the top of the page

Download of data

As a customer of Magyar Telekom you have the right to access personal data controlled about you by Magyar Telekom.

One way to do this is to request a Data Portability Report, which we provide to you under the General Data Protection Regulation of the European Union, in the appropriate form and content.

The report contains personal data about you - which is also available to you in your Telekom account - which we process in an automated manner on the basis of your consent or in connection with the conclusion of our contract. The report will be sent to you in a password-protected, electronic form by e-mail, which you can request upon identifying yourself in the Telekom account: https://www.telekom.hu/lakossagi/ugyintezes/adathordozhatosag

Details of the e-mail service operated by Magyar Telekom can be found on this link (mails can be exported using POP3 / IMAP / SMTP solutions).

Here's how to set up an account on your mobile device.

Account settings in Outlook.

You may export your contact list for your mailbox, which you can initiate in the "Import / Export" submenu within the "Address Book" menu item on the e-mail user interface. Upon exporting your data you can choose from several export methods to help you to copy your contacts.

Go to the top of the page

Copies

Magyar Telekom Plc. considers it extremely important to contribute to sustainable development as a modern, 21st century company. Telekom's explicit goal is to introduce paperless operations in as many areas as possible.

In view of this, from 17 May 2016 Telekom converts printed documents into authenticated electronic copies in accordance with the relevant legal regulations and the conditions specified in the copying policies, regulations.

Go to the top of the page

Privacy Notice for Applications

Upon use of Magyar Telekom’s mobile applications the Related documents shall apply.

Go to the top of the page

Related documents

Detailed documentation related to our services:
https://www.telekom.hu/rolunk/szolgaltatasok/aszf/lakossagi
Regarding Data Management and Data Security, our GTC No. 7. provided for in Annex.

Go to the top of the page