Information provided pursuant to Articles of the GDPR (General Data Protection Regulation) 2016/679
We would like to inform You that the Regulation (EU) 2016/679 of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data"(hereinafter “GDPR”) provides the legal framework for personal data protection.
DATA CONTROLLER
Pursuant to Article 13 of GDPR, your data shall be processed as follows. Responsibility for data processing is defined according to the following group of identified or identifiable natural persons (data subjects):
|
Data subject category
|
Data Controller
|
Data Processor
|
|
Deutsche Telekom TSI Hungary Ltd. employees
|
Deutsche Telekom TSI Hungary Ltd. (head office: H-1097 Budapest, Könyves Kálmán krt. 36.)
|
DigitalPA S.r.l. (head office Via S. Tommaso d’Aquino, 18A 09134 Cagliari (Italy)
|
|
Deutsche Telekom ITTC Hungary Ltd. employees
|
Deutsche Telekom ITTC Hungary Ltd. (head office: H-1097 Budapest, Könyves Kálmán krt. 36.)
|
Deutsche Telekom TSI Hungary Kft.
(the sub-processor of TSI Hungary is: DigitalPA S.r.l. (head office Via S. Tommaso d’Aquino, 18A 09134 Cagliari (Italy)
|
|
External, non-employee whistleblowers
|
Deutsche Telekom TSI Hungary Ltd. (head office: H-1097 Budapest, Könyves Kálmán krt. 36.)
|
DigitalPA S.r.l. (head office Via S. Tommaso d’Aquino, 18A 09134 Cagliari (Italy)
|
In accordance with the GDPR and the Act XXV of 2023 on complaints, whistleblowing and rules relating to the reporting of abuse (“Whistleblowing Act”), the processing of your personal data which are provided during your registration and report submission, will be based on the principles of correctness, lawfulness and transparency and on the safeguarding of your privacy and your rights and of those of all the persons involved.
In some cases, it may be necessary to involve external organization, or the Compliance Management in Deutsche Telekom GmbH and share data to conduct the investigation. Furthermore, there is legal obligation to handover data to the state authority on requests, or to the responsible authority in case of legal procedure.
The controller has entrusted DigitalPA S.r.l. (head office Via S. Tommaso d’Aquino, 18A 09134 Cagliari (Italy) as Data Processor to operate the external online reporting channel. Your data will be processed in the European Union.
LEGAL GROUND OF DATA PROCESSING
The Data Controller shall operate an internal whistleblowing reporting system in accordance with the provisions of the Whistleblowing Act XXV of 2023, which serves as legal ground of data processing (Art. 6, 1. (c) GDPR)
PURPOSE OF DATA PROCESSING
Your personal data will be processed exclusively for purposes strictly connected to the Whistleblowing Act.
PROCESSED DATA
The platform operated by DigitalPA S.r.l. only collects your registration data and those provided in the reports. Your personal profile data are not directly viewable in the report. It is also possible to use the portal without account registration, and to create anonym report. In this case your identity will not be revealed and personal data will not be collected.
Within the framework of the platform, the personal data of
a) the whistleblower,
b) the person whose conduct or omission gave rise to the report; and
(c) the person who may have information relevant to the facts complained of
will be processed when it is essential for the investigation of the notification. This data may include: name, e-mail address, postal address, phone number, job title, organisation related information, other type of employee identification.
Personal data outside the scope of the actors referred to in the previous point shall be deleted without delay from the data processed under the internal abuse reporting system.
DATA PROCESSING METHODS
Data processing shall be performed by IT tools, with organizational measures strictly related to the abovementioned purposes and, in any case, in such a way that data inviolability, security and confidentiality are guaranteed in compliance with the organizational, physical and logical measures provided for by the current regulations.
Please note that your personal data provided in the registration form (name, e-mail address) is separate from any report and that the association of your identity with the report can only be made by the "Compliance Management" responsible for investigating the reports.
STORAGE PERIOD
If the content of the report indicates that its investigation falls outside the scope of Act XXV of 2023 on complaints, whistleblowing and rules relating to the reporting of misconduct, the personal data concerned in the notification will be deleted immediately after the determination of the non-investigation and the notification of the notifier.
If the investigation reveals that the notification is unfounded or that no further action is necessary, the personal data relating to the notification will be deleted within 60 days of the completion of the investigation.
If action is taken on the basis of the investigation, including legal proceedings or disciplinary action against the reporting person, the Controller will process the data relating to the report until the legal proceedings based on the report have been finally closed.
RIGHTS OF DATA SUBJECTS
At any time whatsoever, the whistleblower reserves the right to exercise their right:
- To request information on the categories of personal data concerned, the purposes of the processing, any recipients of the data, and the envisaged storage period (Art. 15 GDPR);
- To request that incorrect or incomplete data be rectified or supplemented (Article 16 GDPR);
- To withdraw consent at any time with effect for the future (Art. 7 (3) GDPR);
- To object to the processing of data on the grounds of legitimate interests, for reasons relating to your particular situation (Article 21 (1) GDPR);
- To request the erasure of data in certain cases under Art. 17 GDPR – especially if the data is no longer necessary in relation to the purposes for which it was collected or is unlawfully processed, or you withdraw your consent or object according to the above mentioned;
- To demand, under certain circumstances, the restriction of data where erasure is not possible or the erasure obligation is disputed (Art. 18 GDPR);
- To data portability, i.e., you can receive the data that you provided to us in a commonly used and machine-readable format such as CSV, and can, where necessary, transfer the data to others (Art. 20 GDPR);
To exercise your rights please turn to our Data Protection Officer via the following cahnnels: FMB.TS-ITSH-DataPrivacyITSH@t-systems.com or FMB-HU_DT_ITTC_DataPrivacy@t-systems.com.
To file a complaint about the data processing with the responsible supervisory authority (Hungarian National Authority for Data Protection and Freedom of Information; mailing address: H-1363 Budapest, Pf.: 9., www.naih.hu).
COOKIES
We do not use cookies to transmit information of a personal nature, nor are persistent cookies used to track users.
Only technical cookies are used to the extent strictly necessary for the correct and efficient use of the platform. The use of session cookies (which are not stored permanently on the user's computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe and efficient exploration of the platform.
Detailed rules for the use of cookies are contained in the "Cookie Policy".
CONTACTS
The "Data Controller" is Deutsche Telekom TSI Hungary Ltd. (head office: H-1097 Budapest, Könyves Kálmán krt. 36. cg.: 01-09-877517) or Deutsche Telekom ITTC Hungary Ltd. (head office: H-1097 Budapest, Könyves Kálmán krt. 36. cg.: 01-09-357127), email: ITSH-Compliance@t-systems.com
