Privacy Policy

INFORMATION

on the Data Processing Related to the Website Operated by
SHINHEUNG SEC EU Korlátolt Felelősségű Társaság

 

SHINHEUNG SEC Kft. provides the following information about the data processing of the https://shsec.hu website (“Website”) it operates. SHINHEUNG SEC Kft. operates the Website for the purpose of informing the public.

Legislation applicable to data processing:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter: “GDPR” or “General Data Protection Regulation”)
  • Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: “Infotv.”)

Unless stated otherwise, the scope of the Privacy Policy does not extend to the services and data processing of websites and service providers that are linked to from the website covered by this Privacy Policy. Such services are subject to the privacy policy of the third-party service operator, and the Data Controller assumes no responsibility for such data processing.

At the end of this privacy policy, in a separate section, we describe the characteristics of additional websites operated by third parties and referenced (linked) on the Website and the data processing known to the Data Controller.

1.      Identity and Contact Details of the Data Controller

Identity and Contact Details of the Data Controller

The data controller (hereinafter: “Company” or “Data Controller”):
Company name: SHINHEUNG SEC EU Korlátolt Felelősségű Társaság
Registered office: 2200 Monor, Ipar utca 20.
Company registration number: 13-09-185979

Data subjects

All individuals who open or view the website.

The data controller

Name: Kim Jung Sik, Managing Director
In matters of data processing, the Managing Director and colleagues involved in IT operations and development hold the necessary authorisations and decision-making powers.

2.      Principles of Data Processing

The processing of personal data must be conducted in a lawful and transparent manner, ensuring the fairness of data handling concerning natural persons (“lawfulness, fair procedure and transparency”).

Personal data may only be processed for a specific legal purpose, for the exercise of rights and to fulfil obligations. Data processing must align with its intended purpose at all stages, and the collection and processing of data must be fair and lawful (“purpose limitation”).

Only essential personal data necessary and suitable for fulfilling the purpose of data processing should be processed. Personal data may only be processed to the extent and for the duration necessary to achieve the purpose (“data minimisation principle” and “limited storage”).

The Data Controller must ensure that personal data is accurate and up-to-date, keeping in mind that inaccurate personal data should be rectified (“accuracy”).

The Data Controller must process personal data in such a way as to ensure the adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage through appropriate technical or organisational measures (“availability, integrity and confidentiality”).

3.      Scope of Processed Data

When visiting the website, the website’s hosting provider records visitor data for the purpose of monitoring the operation of the service, preventing abuse, and ensuring operational operation. Date and time of visiting the website, IP address of the visitor’s computer/device, IP address of the visited page, data related to the visitor’s operating system.

4.      Data subjects

All individuals who access and open the Website.

5.      Purpose of Data Processing

The purpose of the recording is to collect information on website usage, preparing visitor and internet usage statistics and analyses.

6.      Legal Basis of Data Processing

The data controller processes the data on the basis of legitimate interest [GDPR Article 6 (1) point f)].

7.      Place and Duration of Data Processing

The video recordings are stored on the central server of the Company’s registered office for a period of 1 year from the viewing of the website. Retention of recordings beyond 1 year is an exceptional case that must be properly justified. Such a reason may be: enforcement of a legal claim, initiation of proceedings, official obligation, out-of-court settlement negotiations with the infringing person.

8.      The data controller

Name: Kim Jung Sik, Managing Director
In matters of data processing, the Managing Director and colleagues involved in IT operations and development hold the necessary authorisations and decision-making powers.

9.      Data Processing:

No data processor is used. Employees of the Company handling personal data are bound by confidentiality obligations.

10.  Data Transfer

The Data Controller only transfers personal data to third parties in exceptional cases:

  • If a court or official proceeding is initiated concerning the individual, personal data will be shared with the acting courts and legal representatives to the necessary extent;
  • if the Data Controller is officially approached by an Authority (tax authority, investigating authority, etc.), the data will be transferred to the extent required by the lawful request;
  • In case of an accident, data may be transferred to the insurance company handling the claim or, if necessary, to the authority or court.

Data that cannot be traced back to specific individuals (visitor statistics, type and version of operating system, etc.) may be shared with an external website developer to improve the Website and enhance the user experience.

11.  Use of Cookies on the Website

The Data Controller does not use its own cookies.

12.  Data Protection Officer:

Based on Article 37 of the GDPR, our Company is not required to appoint a data protection officer.

13.  Data Security Measures

The processed data is stored in a dedicated server environment with adequate availability and reliability, on a password-protected server. Physical security is ensured by 24-hour security, an access control system, regulated key collection, and a camera surveillance system.

The Data Controller only transfers the recorded data to a third party in cases specified by law (e.g. to the police, occupational safety authority).

14.  Rights of Data Subjects

Data subjects have the rights specified under the relevant legislation concerning their personal data. Rights of subjects:

  1. right of access (knowledge of data, the fact that data processing is taking place);
  2. correction and rectification of outdated or incorrect data;
  3. erasure (only in the case of consent-based data processing);
  4. restriction of data processing;
  5. prohibition to the use of personal data (for non-mandatory data processing);
  6. transfer of personal data to a third-party service provider or opposition to such transfer;
  7. request a copy of any personal data processed by the data controller; or
  8. object to the use of personal data;
  9. lodge a complaint with the supervisory authority (NAIH);

The Data Controller provides the opportunity to submit a request related to the exercise of data subject rights either by post or by e-mail. The Data Controller fulfils the request without undue delay, but no later than 30 days from the receipt of the request, and provides information in a concise, transparent, intelligible and easily accessible form. In case of refusal of the request, it also decides within this deadline and provides information about the refusal, its reasons, and the related remedies. As a general rule, the Data Controller fulfils the request via email. However, if the data subject expressly requests it by providing their postal address, the request will be fulfilled by post. The Data Controller does not charge a fee or cost reimbursement for fulfilling the request. However, if a new request for the same data set is received within 1 year following the previous, already fulfilled request, it reserves the right to determine a cost reimbursement proportional to the workload associated with fulfilling the request.

15.  Remedies for Data Subjects

The data protection supervisory authority: Hungarian National Authority for Data Protection and Freedom of Information (hereinafter: NAIH, address: 1055 Budapest, Falk Miksa utca 9-11., phone: +36 (1) 391-14-00, website: naih.hu, e-mail address: ugyfelszolgalat@naih.hu). Complaints can be made to the NAIH if a data subject believes their personal data is not being processed in accordance with legal obligations.

A judicial review can be initiated against an NAIH decision.

The Data Controller undertakes to fully cooperate with the court or the NAIH in such proceedings.

16.  Data Processing by Third Parties

The Company’s registered office is displayed on the Website via a hyperlink, using Google Maps. Google Maps is available directly at https://www.google.hu/maps,

independently of the Data Controller. The operator of Google Maps is Google, as a third-party data controller.

The cookies used by Google on the Website are as follows. We must draw attention to the fact that these cookies are exclusively the cookies observed today, and we have no influence on their changes or on certain properties of theirs.

1P_JAR

Cookie Provider: google.com. Collects website statistics and monitors playback rates. Expiration: 30 days

Secure-3PAPISID

Cookie Provider: google.com. Targeting cookie. Used to profile website visitors. Expiration: 2 years

Secure-3PSID

Cookie Provider: google.com. Targeting cookie. Used to profile website visitors based on their interests to create personalised Google marketing activities.   Expiration: 2 years

Secure-3PSIDCC

Cookie Provider: google.com. Targeting cookie. Used to profile website visitors based on their interests to create personalised Google marketing activities.   Expiration: 2 years

ANID

Cookie Provider: google.com. Serves advertising purposes across the entire internet and is stored by google.com. Persistent cookie. Expiration: 2 years

APISID

Cookie Provider: google.com. Targeting cookie. Used to profile website based on their interests for personalised Google marketing activities.    Expiration: 1 years

CGIC

Cookie Provider: google.com. Non-essential cookie. Serves performance and analytical purposes. Expiration: 6 months

CONSENT

Cookie Provider: google.com. Non-essential cookie. Serves performance and analytical purposes. Expiration: 20 years

DV –

Cookie Provider: google.com. Collects visitor preferences and other information. In particular, the selected language, the selected number of search results on a page, and the use of the Google SafeSearch filter. Expiration: 7 minutes

HSID

Cookie Provider: google.com. Used for security purposes and data encryption to identify a user’s Google Account and store usage data, prevent fraud, and protect data.   Expiration: 1 years

NID

Cookie Provider: google.com. Settings cookie. Stores the user’s settings. Expiration: 1 year OTZ

Cookie Provider: google.com. Targeting cookie. Aggregated analytics services. Expiration: 1 month SID

Cookie Provider: youtube.com. Used for security purposes, digital signature and data encryption. Expiration: 1 years

SIDCC

Cookie Provider: google.com. Security cookie, used to protect user data against unauthorised access. Expiration: Persistent.

SSID

Cookie Provider: google.com. Stores information about how the website is used and also records any ads viewed by the user before accessing the site, aiding in the development of Google’s personalised marketing activities.   Expiration: 1 years