DATA PROCESSING NOTICE

The purpose of this Data Processing Notice is to provide detailed information to you on the personal data processing, either by a data controller or a data processor, performed by KELER Központi Értéktár Zrt. (hereinafter: KELER) and KELER KSZF Központi Szerződő Fél Zrt. (hereinafter: KELER CCP, KELER and KELER CCP together: KELER Group). The KELER Group is committed to comply with the laws on personal data, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council (general data protection regulation, or GDPR) and Act CXII of 2011 on Informational Self-determination and Freedom of Information (Information Act). The terms and definitions relating to the processing of personal data and the applicable laws can be accessed here.

Members of the KELER Group act as independent data controllers in their data processing activities and as independent data processors in their activities as data processors; thus, their activities as controllers and processors are recorded separately in the data processing register and the register of data processors, according to Article 30 of the GDPR.

More information about the activities of the KELER Group can be found here and here.

Please read this data processing notice carefully.



Processing of personal data within the KELER Group

I. KELER and KELER CCP as data controllers

Members of the KELER Group prepare several data processing notices depending on the nature of the data processing; in those notices they provide comprehensive information on the specific data processing activities.

In the various data processing notices, the data subjects receive detailed information on:

i)   detailed information on the Data Controller;

ii) regarding the specific data processing activity: on the categories of data processed, purpose and legal basis of the data processing (in the case of legitimate interests used as the legal basis, the legitimate interest is specified); duration of the data processing, source of the personal data and whether the personal data are transmitted, and if so, who the recipients are, who the data processors are and whether the personal data are transmitted to any third country outside the European Union;

iii)   on your rights and legal remedies regulated by Chapter III of the GDPR (including the right to information and access to the personal data; your right to the rectification or supplementation of the personal data processed; your right to the restriction of processing, right to erasure, your right to data portability, your right to object to the processing of your personal data, and it also provides information on the enforcement of the rights of a deceased data subject by another person, any compensation you may be entitled to and compensation for violation of personality rights, and possibilities to enforce rights);

iv) the handling of personal data breaches;

v)  access to the data, data transmission and data security measures.

The public data processing notices prepared by the KELER Group members are:

Data processing notices of KELER Zrt.:

Data processing notices of KELER KSZF Zrt.:

Data processing relating to the use of the KELER and KELER CCP websites

Websites of the KELER Group (www.keler.hu; www.kelerkszf.hu) in the case of using certain services – use anonymous user identifiers (cookies) in order to improve the quality of their use and to make them simpler to use for the user. An anonymous user identifier (cookie) is a character string capable of uniquely identifying a computer and storing profile information that service providers store on the user’s computer. The character string alone cannot identify the user personally in any way, it can only recognise his computer.

If you do not want an anonymous user identifier to be stored on your computer, set your browser to not allow cookies to be set. In this case, however, you may not be able to access some of the services or not in the same form as if you you had allowed anonymous user identifiers to be set.

Data processing regarding KELER Group employees and senior executives

KELER and KELER CCP, as employers, process the personal data of employees (and other third parties performing work under a contract), senior executives in a contract with them, and, where applicable, their relatives. Data subjects will be separately informed about the processing of data related to these legal relationships.

II. The KELER Group as a data processor

The categories of services of the KELER Group members is not essentially based on the processing of personal data; KELER and KELER CCP do not provide retail services, our Clients are legal entities and other organisations. However, in certain cases, the members of the KELER Group may also obtain certain personal data of individuals who have a legal relationship with their Clients in the course or in the interest of performing a contract or their legal duties.

In the case of individuals with a legal relationship with the Clients, a member of the KELER Group acts as a data processor in the scope of its activities, and the data controller is the Client of the KELER Group member. The data are processed by the KELER Group member as a processor in accordance with data protection laws. In such cases, the Client of the KELER Group member is obliged to ensure that the processing of personal data is carried out in accordance with the law, including in particular the legal basis and purpose of the data processing and the appropriate information provided to the data subjects. Therefore, in the above cases, we recommend that you first contact the Client of the KELER Group member (the data controller), that is the legal entity (company) or other organisation with which you have a legal relationship, with questions related to personal data.

III. Further data processing in the KELER Group, outsourcing

Under Section 343(2) of Act CXX of 2001 on the Capital Markets (Capital Markets Act), the KELER Group members are entitled to transmit personal data to each other without separate authorisation. Some activities that concern personal data are outsourced by the KELER Group members to each other or to external service providers, in accordance with Regulation No 648/2012/EU of 4 July 2012 of the European Parliament and the Council on OTC derivatives, central counterparties and trade repositories (EMIR); Regulation (EU) 909/2014 of the European Parliament and of the Council of 23 July 2014 on improving securities settlement in the European Union and on central securities depositories and amending Directives 98/26/EC and 2014/65/EU and Regulation (EU) No 236/2012 (CSDR); Act CCXXXVII of 2013 on credit institutions and financial enterprises (Banking Act); and Act CXXXVIII of 2007 on investment firms and commodity dealers, and the regulations governing their activities (Investment Act). You can find more information about outsourced activities in our Business Regulations

IV. Complaint management, legal remedies

To protect your rights, the KELER Group has appointed a Data Protection Officer; in KELER this is dr. András Balázs Bordás, while in KELER CCP it is dr. Tamás Leskó; their electronic contact information: adatvedelmitisztviselo@keler.hu

You have the right, as detailed in the data processing notices, to request from your data controller that you have access to the personal data processed about you and to have them rectified or, with the exception of mandatory data processing, erased.

If you believe that you have been harmed by the KELER Group member in connection with your personal data, you may file a complaint according to the  KELER Group Complaint Management Procedure at one of the following contacts:

A verbal complaint can be made:

a)  In person, at the KELER Customer Service (KELER Zrt., H-1074 Budapest, Rákóczi út 70-72.) during the opening hours of the Customer Service (Monday to Friday from 9:00am to 3:00pm).

b)  By phone: Calling +36 1 483 6240 from 08:00am to 8:00pm on Tuesdays. 

c)  For complaints arising from an IT incident, call the KELER Service Desk at +36 1 483 6120 Monday to Friday from 07:00am to 8:00pm. 

A written complaint can be made:

a)  In person or via a signed document delivered by another party – to which no specific formal requirements apply, or was prepared using the form downloaded from the website of the National Bank – at the KELER Group’s address at H-1074, Kossuth út 70-72 or in writing, by entering it in the Complaint Book posted at the Customer Service desk.

b)  By sending the document mentioned in point a) to KELER at KELER’s postal address (KELER Zrt., H-1074 Budapest, Rákóczi út 70-72) or to KELER CCP at KELER CCP’s postal address (KELER KSZF Zrt., H-1074 Budapest, Rákóczi út 70-72).

c)  By fax to KELER at +36 1 483 6194, to KELER CCP at +36 1 342 3539, at any time.

d)  In the form of an e-mail to KELER at the e-mail address   keler@keler.hu or to KELER CCP at  kelerccp@kelerkszf.hu, at any time.

e)  For complaints arising from an IT incident, write an e-mail to the KELER Service Desk to the e-mail address servicedesk@keler.hu

In the event of violation of your rights in connection with the processing of personal data, as specified in the data processing notices, you have the right to turn to the Hungarian National Authority for Data Protection and Freedom of Information (address: H-1155 Budapest, Falk Miksa utca 9-11.; phone: +36 1 391 1400; website:   https://www.naih.hu) or go to court.  Anyone can file a report to the Authority, on the grounds that a violation of rights has occurred in connection with the processing of personal data or if there is a direct threat of such violation of rights. Detailed provisions on further legal remedies, in the event of going to court, are set out in Act V of 2013 on the Civil Code (Hungarian Civil Code) and the rules of civil procedure; or in the event of turning to the Data Protection Authority (Authority), in the Information Act.

It is recommended that you file a complaint with the KELER Group as a first step before initiating any other action. We assure you that we will respond to your complaint with the utmost care, with the involvement of the Data Protection Officer, within 30 days and will try to resolve your issue in a reassuring manner. We also recommend that, in the event that you have a question or complaint about the processing of data in a contractual relationship, you first contact the legal entity with which you have a direct legal relationship.