Az Ön által használt böngésző elavult, javasoljuk, hogy oldalunkat a megfelelő vizuális megjelenés érdekében korszerűbb (pl.: chrome, firefox, edge, stb.) böngésző használatával keresse fel ismét!
Megértését és együttműködését köszönjük!
Fővárosi Vízművek Zrt.
The scope of application of this Information extends
The following types of natural persons may characteristically be Data Subjects of personal data processed in association with the Data Controller’s activities:
Scope of processed data | Legal basis | Purpose of the data processing | Retention time period | |
---|---|---|---|---|
5.1. |
Natural identification data of the Customer (name, address, mother’s name, place and date of birth) |
Legal basis based on contract (Article 6 (1) b) of the Regulation) |
The Data Controller processes the Customer’s data in order to be able to identify him/her properly. | For 8 years following the year in which the last accounting document was issued in relation to the contract (Article 169 of the Act C of 2000 on Accounting (hereinafter: Sztv.)) |
5.2. | Data of the owner of the delivery point | Legal basis based on contract (Article 6 (1) b) of the Regulation) |
Primarily the data of the owner of the delivery point may be processed pursuant to Article 2, point 6 of the Vksztv. If the conclusion of the contract or the provision of the service is not possible without the provision of the actual owner’s data, the owner’s personal data will be processed by the Data Controller. | For 8 years following the termination of the contractual legal relationship. |
5.3. | Data of the owner of the delivery point | Legitimate interest as legal basis (Article 6 (1) f) of the Regulation) |
The Data Controller processes the data of the owner of the delivery point on the basis of his/her underlying liability as provided for in Article 2 point 6 of Vksztv., for the purpose of recovering receivables. | With a view to the provisions of Section 5.2., for 8 years following the termination of the contractual legal relationship/until a decision is made by the Data Controller upon objection by the Data Subject. |
5.4. | Natural identification data of the Applicant (name, address, mother’s name, place and date of birth) |
Legal basis based on contract (Article 6 (1) b) of the Regulation) |
The Data Controller processes the Applicant’s data in order to be able to identify the Applicant properly. | For 3 year from receipt of the form. |
5.5. | Technical data related to the Data Subjects’ property | Legitimate interest as legal basis (Article 6 (1) f) of the Regulation) |
Such data are captured for recording the technical data related to water supply and sewage services in properties located in our service area. (E.g.: service pipe connection drawing, internal water network drawing, certificate of ownership and data concerning the planned water demand) | Until the expiry of the validity of the Data Controller’s Operator license/until a decision is made by the Data Controller upon objection by the Data Subject. |
5.6. | Phone number and e-mail address necessary for keeping contact with the Data Subject | Consent as legal basis (Article 6 (1) a) of the Regulation) |
If the Data Subject or the representative of the community – thus especially the house representative – grants his/her consent, the Data Controller will process his/her phone number and e-mail address for keeping contact. | Until withdrawal of the consent/for 6 months following the termination of the established contractual legal relationship. |
5.7. | Phone number and e-mail address necessary for keeping contact with the Data Subject | Legitimate interest as legal basis (Article 6 (1) f) of the Regulation) |
In the case of data necessary for contact keeping, the Data Controller may process phone number for purposes other than the original purpose of the data processing, in order to coordinate the date and time of work to be accomplished on the site, or even for the purpose of recovering eventual arrears from the Data Subject or preventing accumulation of debts. | For 6 months following the termination of the contractual legal relationship/until a decision is made by the Data Controller upon objection by the Data Subject. |
5.8. | Data concerning the Data Subject’s consumption and the provision and usage of the service | Legal basis based on contract (Article 6 (1) b) of the Regulation) |
The processing of such data are closely interrelated with the performance of the contract. The Data Controller manages and processes data generated in the course of the performance of the contract, with special regard to bill data, requests and claim reports received from the customer, documents, minutes and protocols drawn up in the course of service provision. | For 8 years following the termination of the contractual legal relationship. |
5.9. | Data Subject’s complaint in relation to service provision and usage | Statutory obligation as legal basis (Article 6 (1) c) of the Regulation)(Article 17/B. (5) of the Fogytv.) |
Processing of such data is closely interrelated with consumer protection legal regulations and with the performance of the contract, therefore, the Data Controller processes the complaints raised in order to comply with its statutory obligations. | For 5 years, pursuant to Section 6:22. (1) of the Act V of 2013 on the Civil Code (hereinafter: Civil Code). |
5.10. | Data concerning fees and costs payable and paid by the Data Subjects, data on receivables | Legal basis based on contract (Article 6 (1) b) of the Regulation) |
The Data Controller processes all the data that are related to the Data Subject’s payment liability and based on which it can be determined whether the Data Subject has met or failed to meet his/her payment liability. | For 5 years pursuant to Section 6:22 (1) of the Civil Code. |
5.11. | Data required for proving a change of consumer | Legal basis based on contract (Article 6 (1) b) of the Regulation) |
The Data Controller processes a copy of the deed/document required to prove the change (e.g. purchase and sale contract, contract of donation, lease contract). The Data Subject has the right to delete (cover) the data from/in the copy, which are not necessary for proving the change of consumer. | For 8 years following the termination of the contractual legal relationship. |
5.12. | Copy of and data contained in deeds serving for substantiating a legal relationship | Legal basis based on contract (Article 6 (1) b) of the Regulation) |
The Data Controller makes a copy of deeds serving for proving certain legal relationships/legal statuses (such as: certificate of civil status, certificate of ownership, protocol on transfer into possession, owner’s consent, resolution of a Municipality) in order to verify data accuracy and determine the existence of a legal relationship. Identity-card type personal documents are an exception to this rule, the Data Controller does not make copy of such documents. | For 8 years following the termination of the contractual legal relationship. |
5.13. | Identification data of delivery point(s) and metering instruments | Legal basis based on contract (Article 6 (1) b) of the Regulation) |
The Data Controller manages and processes technical and technological data related to the delivery point and the metering devices and assigns them to the Data Subject, such as the manufacturing number, the device point number, the VIPAK seal number and its expiry. | After 8 years have lapsed from the date of termination of the public service contract, the correlation between the Data Subject and the identification data will be terminated. The data concerning the delivery point and the technical data of the metering devices will not be erased themselves, they will be retained until the expiry of the validity of the Data Controller’s Operator license. |
5.14. | GPS coordinates of the delivery point and the metering devices | Legitimate interest as legal basis (Article 6 (1) f) of the Regulation) |
Based on its legitimate interest, the Data Controller makes photos of the metering devices and technical facilities in the course of reading the metering devices and technical investigations, at the occasion of which it also captures data on the GPS coordinates of the metering device. | After 8 years have lapsed from the date of termination of the public service contract, the correlation between the Data Subject and the data on the delivery point will be terminated. The data concerning the delivery point and the GPS coordinates of the metering devices will not be erased themselves, they will be retained until the expiry of the validity of the Data Controller’s Operator license. |
5.15. | Data of natural persons involved in acting on the basis of a power of attorney or as representatives | Legal basis based on contract (Article 6 (1) b) of the Regulation) |
In such a case the data of the person authorised to proceed in administrative matters related to the public service may be processed. The Data Subject will provide the following data as a minimum content requirement: name, place and date of birth, mother’s name, address and signature. | During the validity term of the power of attorney and the authorisation for acting as representative/ for 5 years, as provided for in Section 6:16 of the Civil Code. |
5.16. | Phone conversation with the Call Centre | Statutory obligation as legal basis (Article 6 (1) c) of the Regulation) (Article 17/B. of the Fogytv.) |
The Data Controller records and processes the voice recording made of the phone conversation between the Data Subject and the Call Centre in compliance with the requirements prescribed by the relevant statutes – primarily by the Act on consumer protection. | For 5 years from the date of the voice recording (Article 17/B. (3) of the Fogytv.). |
5.17. | Voice recording on a conversation and administration at a personal customer care point | Consent as legal basis (Article 6 (1) a) of the Regulation) |
Voice recording is necessary for our Company for the purpose of capturing the precise content of the arrangement/administration, quality assurance, improving the efficiency of quality control and preventing misuse of powers and rights. | Withdrawal of the consent/for 5 years from the date of the voice recording. |
5.18. | Data generated in the course of entry into contact with the Customer Service | Statutory obligation as legal basis (Article 6 (1) c) of the Regulation) (Article 89/C. (1) of the Vhr.) |
The Customer Service processes the data generated in the course of the relation between the Data Subjects and the Customer Service for the purposes of arranging/administering the matters that have arisen. | For 5 years pursuant to Section 6:22 (1) of the Civil Code. |
5.19. | Deeds proving a user status to be protected | Statutory obligation as legal basis (Article 6 (1) c) and Article 9 (2) b) of the Regulation) (Article 61/A. of the Vksztv.) |
In order to ensure the discounts/allowances for which the protected users are eligible, the Data Controller keeps records, from which it can be clearly determined to which of the discounts/allowances the data subject is entitled. The Data Subject must initiate his/her registration in the records and he/she has to attach to his/her application the documents proving that he/she belongs to the scope of protected users as defined in Government Decree 58/2013. (II.27.). | The data erased from the records, for 5 years from the date of erasure (Article 61/A. (7) of Act CCIX of 2011 on water public utility service) |
Scope of processed data | Legal basis | Purpose of the data processing | Retention time period | |
---|---|---|---|---|
6.1. | Applicant’s data (name, address, mother’s name, place and date of birth) |
Legal basis based on contract (Article 6 (1) b) of the Regulation) |
The Data Controller processes such data for the purpose of identifying the Customer properly and preparing an offer for him/her. | For six months from the date of placement of the order, if the contract fails to be established. |
6.2. | Customer’s data (name, address, mother’s name, place and date of birth) |
Legal basis based on contract (Article 6 (1) b) of the Regulation) |
The Data Controller processes such data for the purpose of identifying the Customer properly and making out bills for him/her. | For 8 years following the year when the last accounting document was issued under the relevant contract (Article 169 of the Sztv.) |
6.3. | Phone number and e-mail address necessary for keeping contact with the Data Subject | Consent as legal basis (Article 6 (1) a) of the Regulation) |
If the Data Subject or the representative of the community – thus especially the house representative – grants his/her consent, the Data Controller will process his/her phone number and e-mail address for keeping contact. | Until withdrawal of the consent/for 6 months following the termination of the established contractual legal relationship. |
6.4. | Data of natural persons involved in acting on the basis of a power of attorney or as representative | Legal basis based on contract (Article 6 (1) b) of the Regulation) |
The data of the person authorised by power of attorney will be primarily processed for the purpose of arranging/administering the service requested. | During the validity term of the power of attorney and the authorisation for acting as representative/ for 5 years, as provided for in Section 6:16 of the Civil Code. |
6.5. | Data concerning the provision and usage of the service concerned | Legal basis based on contract (Article 6 (1) b) of the Regulation) |
The processing of such data is closely interrelated with the performance of the contract. The Data Controller manages and processes the data generated during the performance of the contract, thus especially the form in which the the service request has been submitted, the order form, the job card and the performance certificate. | For 8 years following the termination of the contractual legal relationship. |
6.6. | Data Subject’s complaint in relation to service provision and usage | Statutory obligation as legal basis (Article 6 (1) c) of the Regulation) (Article 17/A. (6) of the Fogytv.) |
Processing of such data is closely interrelated with consumer protection legal regulations and with the performance of the contract, therefore, the Data Controller processes the complaints raised in order to comply with its statutory obligations. | For 5 years pursuant to Section 6:22 (1) of the Civil Code. |
6.7. | Data concerning fees and costs payable and paid by the Data Subjects, data on receivables | Legal basis based on contract (Article 6 (1) b) of the Regulation) |
The Data Controller manages and processes all the data that are related to the Data Subject’s payment liability and based on which it can be determined whether the Data Subject has met or failed to meet his/her payment liability. | For 5 years pursuant to Section 6:22 (1) of the Civil Code. |
6.8. | Data generated in the course of entry into contact with the Customer Service | Statutory obligation as legal basis (Article 6 (1) c) of the Regulation) (Article 89/C. (1) of the Vhr.) |
The Customer Service processes the data generated in the course of the relation between the Data Subjects and the Customer Service for the purposes of arranging/administering the matters that have arisen. | For 5 years pursuant to Section 6:22 (1) of the Civil Code. |
6.9. | Phone conversation with the Call Centre | Statutory obligation as legal basis (Article 6 (1) c) of the Regulation) (Article 17/B. of the Fogytv.) |
The Data Controller records and processes the voice recording made of the phone conversation between the Data Subject and the Call Centre in compliance with the requirements prescribed by the relevant statutes – primarily by the Act on consumer protection. | For 5 years from the date of the voice recording (Article 17/B. (3) of the Fogytv.). |
6.10. | Voice recording on a conversation and administration at a personal customer care point | Consent as legal basis (Article 6 (1) a) of the Regulation) |
Voice recording is necessary for our Company for the purpose of capturing the precise content of the arrangement/administration, quality assurance, improving the efficiency of quality control and preventing misuse of powers and rights. | Withdrawal of the consent or for 5 years from the date of the voice recording. |
7.2. Data processing in relation to surveys and questionnaires concerning the Data Controller
Scope of processed data | Legal basis | Purpose of the data processing | Retention time period | |||
---|---|---|---|---|---|---|
The Data Subject's e-mail address, phone number and postal address | Consent as legal basis (Article 6 (1) a) of the Regulation) |
Surveying Customer (the Data Subjects’) satisfaction and adapting the services offered by the Data Controller to the needs and expectations on the basis of the result of the survey. | Until withdrawal of the Data Subject’s consent. |
Scope of processed data | Legal basis | Purpose of the data processing | Retention time period | |||
---|---|---|---|---|---|---|
The Data Subject’s name of birth, e-mail address, phone number, postal address, CV, photo, motivation letter, and the document(s) certifying his/her qualification. | Consent as legal basis (Article 6 (1) a) of the Regulation) |
The Data Controller has set up a Recruitment portal for the purposes of searching for potential employees, keeping records about the job-seekers, providing tailored services for the applicants, storing CVs, sending notifications to the applicants. | Until withdrawal of the Data Subject’s consent/for 30 days/12 months. |
Scope of processed data | Legal basis | Purpose of the data processing | Retention time period | |||
---|---|---|---|---|---|---|
Name, e-mail address and phone number of the Data Subject | Consent as legal basis (Article 6 (1) a) of the Regulation) |
The Data Subject is to provide the data requested on the on-line form serving for entry into contact with the Data Controller. | Until withdrawal of the Data Subject’s consent/for 8 years/6 months. |
8.1. Data processing for marketing purposes
Purpose of the data processing: forwarding of information leaflets, offers and information about campaigns related to the Data Controller’s services to the Data Subject.Scope of processed data | Legal basis | Purpose of the data processing | Retention time period | |||
---|---|---|---|---|---|---|
The Data Subject's e-mail address, phone number and postal address | Consent as legal basis (Article 6 (1) a) of the Regulation) |
Forwarding of information leaflets, offers and information about campaigns related to the Data Controller’s services to the Data Subject. | Until withdrawal of the Data Subject’s consent. |
Scope of processed data | Legal basis | Purpose of the data processing | Retention time period |
|||
---|---|---|---|---|---|---|
The Data Subject's e-mail address, phone number and postal address | Consent as legal basis (Article 6 (1) a) of the Regulation) |
If the Data Subject has granted his/her consent to the processing of his/her data for opinion poll and market research purposes, the Data Controller will use the Data Subject's provided data (name, e-mail address, phone number and mailing address) for setting up an anonymous research sample that does not include personal data. | Until withdrawal of the Data Subject’s consent. |
Scope of processed data | Legal basis | Purpose of the data processing | Retention time period | |||
---|---|---|---|---|---|---|
Name, mother’s name, postal address, bank account number of the Data Subject, name of the insurance company, insurance policy number, name and address of the witness(es), name, badge number, phone number of the person proceeding on behalf of the authority, invoice, tortfeasor’s declaration, protocol drawn up on the damage, damage incident file, and, eventually expert(s’) opinion | Legitimate interest as legal basis (Article 6 (1) f) of the Regulation) |
It is inevitable that the Data Controller manages and processes, either as injured party or tortfeasor, personal data relating to third parties for the purpose of arranging/administering damage claims. | For 5 years pursuant to Section 6:22 (1) of the Civil Code. | |||
Invoices and transaction certificates issued | Legitimate interest as legal basis (Article 6 (1) f) of the Regulation) |
It is inevitable that the Data Controller manages and processes, either as injured party or tortfeasor, personal data relating to third parties for the purpose of arranging/administering damage claims. | For 8 years following the year when the last accounting document was issued (Article 169 of the Sztv.) |
Data Processed | Legal basis | Purpose of the data processing | Retention period | |||
---|---|---|---|---|---|---|
Name and email address of the Data Subject as recipient, the fact of successful/unsuccessful delivery of the email, the time of delivery, the time of opening the letter, whether the link embedded in the letter was clicked (heat map). | Legitimate interest as a legal basis (Article 6 (1) f) of the Regulation) |
Communication to the Data Subject, electronic information related to the use of public services, and the registration and maintenance of contact details (name, email address) for sending marketing messages and offers. To collect and monitor data on the delivery result and readership of emails, statistically analyze clicks on links in mailings using a heat map, identify the most cost-effective way to deliver mail, and identify and develop transparent, understandable, and user-friendly information. | Until the withdrawal of the Data Subject's consent to the processing of his/her email address / the general retention period for mail qualifying as non-personal data stored in the mail system is 5 years. |
Scope of processed data | Legal basis | Purpose of the data processing | Retention time period | |||
---|---|---|---|---|---|---|
Name, residential address and personal identity document number of the Data Subjects | Performance of a task carried out in the public interest as legal basis (Article 6 (1) e) of the Regulation) |
The Data Controller processes the Data Subjects’ data for the purpose of protecting property, assets and key infrastructure. | For 24 hours in case of visitors/while in case of partners, for 6 months following the termination of the contractual partnership relationship. | |||
Data Subject’s phone number, in case of partner cards | Consent as legal basis (Article 6 (1) a) of the Regulation) |
The Data Controller manages and processes the Data Subject’s phone number for the purpose of contact keeping. | Until withdrawal of the Data Subject’s consent/for 6 months. |
Scope of processed data | Legal basis | Purpose of the data processing | Retention time period | |||
---|---|---|---|---|---|---|
Data generated in the course of applying for a permission for entry to a protected area | Statutory obligation as legal basis (Article 6 (1) c) of the Regulation) (Article 9/B. of Fbőtv.) |
Ensuring the opportunity for staying in certain parts of protected areas for the Data Subject, compliance with a statutory obligation. | For 18 months from receipt of the form. |
Rights | Explanations | |||||
---|---|---|---|---|---|---|
1. | Information and access to personal data | The Data Subject has the right to get to know his/her personal data stored by the Data Controller, to get and control the information related to their processing, and is entitled to get access to the personal data (e.g. information about the purpose and legal basis of the processing, when will the data be erased, request a copy of the contract and get the voice recording). | ||||
2. | Right to rectification and to supplement the personal data | The Data Subject has the right to contact the Data Controller in order to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. (e.g. in case of a change in her/her name, for providing a new phone number). | ||||
3. | Right to restriction of processing | The Data Subject has the right to obtain from the Data Controller restriction of processing where one of the following applies: • the accuracy of the personal data is contested by the Data Subject, for a period enabling the Data Controller to verify the accuracy of the personal data, • the data processing is unlawful and the Data Subject opposes the erasure of the data, s/he’d rather request the restriction of their use, • the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims, • the Data Subject objects to the processing: in such a case the restriction will concern the period pending the verification whether the legitimate grounds of the Data Controller override those of the Data Subject. |
||||
4. | Right to erasure (“right to be forgotten”) | The Data Subject has the right to obtain from the Data Controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies: • the personal data are no longer necessary in relation to the purposes for which the Data Controller collected or otherwise processed them, • the Data Subject withdraws his/her consent on which the processing is based, and where there is no other legal ground for the processing, • the Data Subject objects to the processing on grounds relating to his or her particular situation, and there are no legitimate grounds for the processing, • the Data Subject objects to processing of personal data concerning him or her for direct marketing purposes, including profiling, if it is related to direct marketing, • the personal data are unlawfully processed by the Data Controller; • the personal data have been collected in relation to the offer of information society services intended directly for children. The Data Subject may not exercise his/her right to erasure/right to be forgotten to the extent that processing is necessary: • for exercising the right of freedom of expression and information; • for reasons of public interest in the area of public health; • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, in so far as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or • for the establishment, exercise or defence of legal claims. |
||||
5. | Right to data portability | The Data Subject has the right to receive the personal data concerning him or her, which he or she has provided to and stored in the Data Controller’s system and use them further on for his/her own purposes, where the processing is based on consent or a contract, and the processing is carried out by automated means. This entitlement is limited to the scope of data provided by the Data Subject in each case, there is no opportunity for data portability concerning other data (e.g. statistics). | ||||
6. | Right to object to the processing of personal data | The Data Subject has right to object at any time to processing of personal data concerning him or her which is based on the legal basis that processing is necessary for the purposes of the legitimate interests pursued by the Data Controller (e.g.: profiling, direct marketing), or the legal basis that processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. In such a case our Company may no longer process the personal data unless our Company demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims. |