Our history

M&M Translation Services LTD was founded in May 2009 for the purpose of providing foreign language communication services.

More

GDPR data protection rules

DATA HANDLING AND DATA SECURITY REGULATION OF M&M TRANSLATION SERVICES KFT.

M&M Translation Services Kft.

www.mmts.hu

M&M Translation Services Kft. (Company registration number: Cg. 13-09-128970, registered seat: 2335 Taksony, Dózsa György utca 14/B., represented by: Mátyás Tamás Kreisz, Managing Director, hereinafter referred to as Service Provider or Controller), operator of the www.mmts.hu website (hereinafter referred to as the Website) hereby publishes the following Data Protection Notice, whose content the Service Provider agrees to be bound by in its capacity as Controller.

I. Scope of the regulation

a)      The scope of the present regulation covers the entire M&M TS KFT enterprise and the persons it employs (hereinafter referred to as the Enterprise).

II. Objective of the regulation

a)      The objective of the Regulation is to ensure the protection of personal data according to the Fundamental Law of Hungary, implement informational self-determination, and set the rules for data protection and data security to be applied during data handling of personal data handled by the enterprise.

III. Applicable legislative provisions

a)      During data handling the enterprise must follow the rules specified in the following legislative provisions, as stipulated in its current internal regulation:

  • Regulation (EU) 2016/679 (27 April 2016) of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter referred to as GDPR)
  • Act CXII of 2011 on Informational Self-Determination and the Freedom of Information (hereinafter referred to as Information Act)
  • Act V of 2013 on the Civil Code (hereinafter referred to as Civil Code)
  • Act I of 2012 on the Labour Code (hereinafter referred to as Labour Code)

IV. Personal data related to the activity of the enterprise

a)      The Service Provider provides opportunity for online quote requests and order placement for its services presented on the Website to persons obtaining information on the Website (hereinafter referred to as User/Users) via the Website and e-mail. The Service Provider handles the data of Users provided by them during quote requests and the data of potential suppliers applying to the Service Provider via e-mail (CVs, personal contact data) and collects data using cookies on visitors to the Website for statistical purposes. In connection with data handling the Service Provider hereby informs Users of the personal data handled by it on the Website, the principles and practices it follows in connection with the handling of personal data, and the method and options of data subjects for exercising their rights.

b)      The Service Provider respects the rights relating to personality of visitors to its Website and handles recorded personal data confidentially, in conformity with Act CXII of 2011 (Information Act) in force in Hungary, Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”), the recommendation of the Hungarian National Authority for Data Protection and Freedom of Information (“NAIH”), international recommendations, and the present Data Protection Notice.

1)      Categories of handled data and the purpose of data handling

a. The following data are recorded in connection with users:

  • for individuals: name, e-mail address, telephone number, address, billing address;
  • for legal persons: company name, activity, tax number, name of contact person, registered seat, billing address, e-mail address, telephone number.

b. Data handling is only performed to facilitate contact with Users, provide customised products/services, enable order placement related to products/services and invoicing, and perform the established contracts.

c. All stages of data handling are in line with the purpose of data handling, that is, the Service Provider shall only handle personal data of Users to the extent and for the duration necessary for achieving this purpose.

2)      Legal grounds for data handling

  1. Data handling by the Service Provider takes place on the basis of the voluntary consent of Users, in accordance with Section 5 (1) a) of the Information Act or under mandatory data handling pursuant to Section 5 (1) b) of the Information Act, in accordance with Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services, which is in force in Hungary, and legislation related to invoicing.
  2. By submitting their data and ticking the checkbox on the Website Users accept and agree to be bound by the present Data Handling and Data Protection Regulation; therefore by submitting their data Users give their voluntary, definite, and unambiguous consent to data handling conformant with this Regulation. Users are solely responsible for the veracity of data.
  3. By providing their data Users declare that they are persons with legal competence aged 18 years or over. If the data provider is representing legal persons or other organisations without a legal personality, they declare that they have been authorised to represent the person or organisation represented by them and to give the consent necessary for data handling and data processing according to this Notice.
  4. By ticking the checkbox during their visit to our Website Users give their express consent to the correct handling by the Controller of personal data mandatorily prescribed for registration (Section 6 (5) of the Information Act).
  5. Potential suppliers may only send their applications to the This email address is being protected from spambots. You need JavaScript enabled to view it. address. We send an automatic reply to the e-mail address provided, which contains a link to our data protection regulation and ask applicants who have also sent personal data to consent to the handling of their data and confirm acceptance of the regulation in a reply message. The messages from persons who do not reply or who sent an application or CV to a different e-mail address shall be deleted together with all attachments.
  6. We store the data of suppliers and clients in a closed database which no third party can access.

3)      Controller and persons with right to access data:

  1. Controller:  M&M TS Kft.
    Registered seat: 2335 Taksony, Dózsa György utca 14/B
    Company registration number: 13-09-128970
    Central administration site: 2335 Taksony, Fő út 24.
    E-mail address: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Telephone number: +36 24 898 257
    Registered by: Company Court of the Budapest-Capital Regional Court
    Tax number: 14774621-2-13
  2. The web server of the Website is operated by AV Infosystems KFT.
  3. Only the Service Provider and its staff are entitled to access User data, which shall not be published, nor disclosed to third parties (data transmission).

4)      Duration of data handling

  1. The Service Provider shall delete recorded data from its register if the conditions of data storage prescribed in legislation or performed under a different title no longer exist. Users may request deletion of their personal data from the register at any time.
  2. Users may request definitive deletion of their recorded data at any time in a message sent to the This email address is being protected from spambots. You need JavaScript enabled to view it. e-mail address or in a letter sent to the 2335 Taksony, Dózsa György utca 14/B. mailing address. In the case of mandatory data handling prescribed by legislation the Service Provider may refuse to fulfil the request of the User. If these grounds do not apply, the Service Provider shall delete the data of the petitioner within 30 days of receiving their request.

V. Data security measures

b)       Taking into account the state of science and technology, implementation costs, the nature, scope, circumstances and purposes of data handling, and the risk of varying probability and severity to the rights and freedoms of natural persons, the Service Provider shall take appropriate technical and organisational measures to guarantee data security of an appropriate level for the risk. Pursuant to the above the enterprise must guarantee the confidentiality, inviolability, and availability of data it handles. In order to determine the data security measures of appropriate level the enterprise shall assess each data file it handles in terms of protection requirements and classify them in terms of security.

c)      To determine the security class of individual data handling operations the following must be analysed:

a)      the risk associated with unauthorised access to or alteration or deletion of personal data handled and with damage to hardware devices and software, together with the expected damage;

b)      whether the damaged data file can be recovered, the expenses of potential recovery, the availability of data sources necessary for reproducing personal data, and the possibility of recovering lost data from the manual background register;

c)      whether special security rules should be applied in light of the nature of handled personal data;

d)     other risk elements that threaten data security;

d)     To ensure the security of data handling the Enterprise employs a combination of physical, logical, and administrative controls.

e)      The Enterprise employs at least the following physical controls:

a)      to prevent unauthorised access to data, whether handled electronically or in hard copy the Enterprise ensures that unauthorised persons cannot physically access handled data. This is ensured by locking premises with a key and protecting computers with a password.

f)       The Enterprise employs at least the following logical controls:

a)      the Enterprise ensures that only persons with appropriate privileges can access the data it handles. This is ensured by requiring a username and password for access to internal computers or computer networks.

g)      The Enterprise employs at least the following administrative controls:

a)      the Enterprise ensures that any access to personal data is retraceable in documents. This is ensured by the use of a unique alarm code and a register for personal keys to rooms.

b)      the Enterprise shall develop document management procedures which ensure that any documents containing personal data it receives by mistake are filtered out at the earliest opportunity and only become known to the most limited circle of persons possible. This is ensured by mail being opened personally by management.

VI. Handling of data protection incidents

h)      Without appropriate measures being taken in time, data protection incidents can cause physical, material, or non-material damage to natural persons, including the loss of control over their personal data, restriction of their rights, discrimination, identity theft or identity fraud, financial loss, damage to reputation, loss of the confidential nature of personal data protected by a professional confidentiality obligation, or other significant economic or social disadvantage affecting the natural person in question.

i)        The Enterprise shall report data protection incidents to the relevant authority without undue delay – if possible, within 72 hours of becoming aware of the data protection incident.

j)        Data protection incidents do not need to be reported to the authority if they are unlikely to pose a risk to the rights and freedoms of natural persons.

k)      If the report is made beyond 72 hours, the reasons for the delay must also be attached to it.

l)        If a data protection incident has to be reported to the authority, then the report must include:

a)      a description of the nature of the data protection incident, including – if possible – the categories and approximate number of data subjects concerned and of the data involved in the incident;

b)      the name and contact details of the data protection officer or other contact person who can provide further information;

c)      the probable consequences of the data protection incident;

d)     the measures taken or planned by the Enterprise in order to remedy the data protection incident, including, if appropriate, the measures aimed at mitigating any negative consequences of the data protection incident.

m)     If the data protection incident is likely to pose a high risk to the rights and freedoms of natural persons, the Enterprise shall inform the data subject of the data protection incident without undue delay. The information provided must describe the nature of the data protection incident using clear and accessible language and must include the following:

a)      the name and contact details of the data protection officer or other contact person who can provide further information;

b)      the probable consequences of the data protection incident;

c)      the measures taken or planned by the Enterprise in order to remedy the data protection incident, including, if appropriate, the measures aimed at mitigating any negative consequences of the data protection incident.

n)      The Enterprise shall without delay inform the Controller on whose behalf it is performing data processing activity of any data protection incident that occurs within the scope of its data processing activity.

The contract between the Enterprise and the data processor it employs shall stipulate that the data processor is obliged to report any data protection incident during its activity to the Enterprise without delay.

VII.           Use of cookies

  1. Upon their visit to the Website the Service Provider stores the cookies defined below on the computer of the User in order to develop the Website according to the needs of Users and to collect data relating to browsing the Website for statistical purposes. A cookie is a small file containing a short character string that serves to identify the browser of the User.
  2. Types of cookies used:
    - Session cookies:
    Temporary cookie only used for the duration of the current visit, which is automatically deleted from your computer at the end of the session or when you close your browser. These cookies are indispensable for navigation within the Website and its correct operation. Session cookies never collect any information about the User from which the User could be identified.
    - Google Analytics /cookies that analyse visitor activity/:  
    The Service Provider uses Google Analytics cookies to collect information about the behaviour and characteristics of visitors to the Website. According to the information provided by Google, Google Analytics uses primarily first-party cookies to report visitor interactions on the Website. These cookies only collect information that cannot be used to identify persons. Browsers do not share own cookies between domains. These cookies cannot identify the User in person – for example, we do not record the name and e-mail address of the User – and data is stored in cumulative and anonymous form. Also, these cookies only record part of the IP address.     
  3. The Service Provider uses the Google Analytics program primarily for producing its statistics. By using the program the Service Provider obtains information primarily about the number of visitors to its Website, the time spent by visitors on the Website, and whether the program recognises the IP address of the visitor, which it can use to determine whether the visitor is a repeat or new visitor, as well as the path taken by the visitor on the Website and the areas they accessed.

1.      Disabling cookies

  1. If Users wish to manage their cookie settings or disable cookies, they can do so in the browser of their own user computer: the location of cookie-/tracking functions depends on the toolbox of the browser, but can be generally found under Tools/Settings/Data Protection, where they can set which tracking functions they wish to enable/disable on the computer.
  2. Visitors to the Website who wish to prevent Google Analytics from compiling a report about their visit can download the browser extension that blocks Google Analytics. This extension orders the JavaScripts of Google Analytics (ga.js, analytics.js, and dc.js), not to send information about the visit to Google. In addition, visitors who have downloaded this browser extension will not be included in content experiments either.

If you wish to disable the web activity of Analytics, visit the page for disabling Google Analytics, and download the extension for your browser. For further information about installing and removing the extension see the Help function of the given browser.

Rights and legal remedy options of Users  

  1. By law data subjects are entitled to information concerning the handling and possible processing of their data. The Controller shall provide the necessary information within 30 days of receipt of the request in this regard, using the same method as that used to submit the request.
  2. If the request for information is refused, the Controller shall inform the data subject of this decision, of the legislative provision on the basis of which the request for information was refused, and of the right of the data subject to judicial review or of turning to the National Authority for Data Protection and Freedom of Information regarding the matter.
  3. Data subjects may request the correction, deletion, or blocking of their personal data at any time. In the event that the Controller refuses a request of the data subject for correction, deletion, or blocking it will notify the data subject of this and of the reasons and/or motives for refusing the request for correction, deletion, or blocking in writing, within 30 days of receipt of the request. If the request for correction, deletion, or blocking is refused, the Controller shall inform the data subject of the right of the data subject to judicial review or of turning to the National Authority for Data Protection and Freedom of Information regarding the matter. In the event of any violation of their rights the data subject may bring action against the Controller before the court – which the court shall handle with priority – and/or turn to the National Authority for Data Protection and Freedom of Information. 

Contact details: Nemzeti Adatvédelmi és Információszabadság Hatóság (Hungarian National Authority for Data Protection and Freedom of Information)

H-1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Mailing address: 1530 Budapest, Pf. 5.

Telephone: +36 -1-391-1400

Fax: +36-1-391-1410

E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.     

5)      Miscellaneous provisions

  1. The Service Provider reserves the right to amend the Data Handling and Data Security Regulation at any time. This could occur particularly if the range of services is extended or if mandatory by law. Amendment of the Notice may not result in the handling of personal data for other purposes. The Service Provider shall publish related information on the Website.
  2. In the event that a User has provided data of a third party for using the Service or has caused damage in any way during use of the Website, liability shall rest solely with the User, from whom the Service Provider shall be entitled to claim compensation. In such cases the Service Provider shall give all assistance it can to the acting authorities for determining the identity of the infringer.
  3. Effective date of the Data Handling and Data Security Regulation: 23 May 2018.