+36 24 540 660 info@kslogistic.hu

KS Spedition & Logistic Kft. (“Data Controller”) shall act in accordance with the provisions of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Info tv.) and Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation, GDPR) in the processing of data as set out in this notice.

  • Definitions

Personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data processing: any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data Controller: a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or specific criteria for the designation of the controller may also be determined by Union or Member State law, in this case the Controller is KS Spedition & Logistic Szállítmányozási és Logisztikai Korlátolt Felelősségű Társaság.

The Data Controller is KS Spedition & Logistic Kft.

KS Logistic Logistics & Logistics Logistic Services Ltd.

website: https://kslogistic.hu

e-mail address: info@kslogistic.hu

central telephone number: +36 24 540 660

Company registration number: 13-09-089977

Registering organisation: the Commercial Court of the Metropolitan Court of Budapest

Tax number: 10777426-2-13

Represented by András Károlyi, Managing Director

The Data Controller is not obliged to appoint a Data Protection Officer under Article 37 of the GDPR.

  • Personal and material scope

The personal scope of the information covers all departments and employees of KS Spedition & Logistic Kft. (hereinafter referred to as “the Company” or “the Data Controller”), including individuals acting under a contract of employment. The scope of this notice covers all personal data processing activities concerning the Company’s natural person contractors, customers, agents (hereinafter referred to as “Partner” or “Data Subject”).

  • Data Processing

The Data Controller primarily processes the data of its employees, partners, contacts and users of its website. The personal data provided by users and data automatically collected for technical operations may only be accessed by the Data Controller’s staff.

The Data Controller shall ensure the security of the data, in particular the prevention of unauthorised access, alteration and disclosure, deletion, damage or destruction. The Data Controller shall keep the personal data processed in a separate register, which shall not be accessible to any person, and the keeping, reviewing and updating of such register, and the handling of any questions, requests and demands relating to the processing of the data shall be the responsibility and competence of the persons authorised by the Data Controller to do so. The Controller also undertakes to take all necessary measures to safeguard and maintain the lawfulness of the processing of personal data. The Data Controller shall also take all necessary organisational and technical measures to ensure the security of the personal data and their safe keeping and processing.

The Company, as data controller, acknowledges that it is bound by the contents of this notice. It undertakes to ensure that any processing of data relating to its activities complies with the requirements set out in this Policy and in the applicable national legislation and European Union acts. The data protection policy relating to the Company’s data processing is available on an ongoing basis at https://kslogistic.hu. The Company reserves the right to modify this policy at any time. The Company is committed to protecting the personal data of its customers and partners and attaches the utmost importance to respecting the right of customers to information self-determination. The Company treats personal data confidentially and takes all security, technical and organisational measures to guarantee the security of the data.

  • Scope of data processed, purpose, legal basis and duration of processing


  • Data processing relating to employees

Purpose of data processing: to fulfil legal obligations (record keeping, payroll, etc.), obligations arising from employment contracts (payroll, payment of wages, registration of working hours and holidays, etc.)

Scope of the data processed:

– personal data (name, date and place of birth, mother’s name, name at birth, tax identification number, social security number, personal identification number, number of identity cards),

– data required for tax returns,

– data on education,

– payroll and wage data,

– data on the entitlement to family tax allowance,

– data on the results of occupational health examinations,

– training, certificates, qualifications and their results.

Duration of processing: different periods for certain data, in accordance with the relevant legal requirements (5 years in principle, 8 years for certain tax documents)

Legal basis for processing: consent of the data subject (Article 6(1)(a) GDPR), performance of an employment contract (Article 6(1)(b) GDPR), performance of a legal obligation of the Controller (Article 6(1)(c) GDPR), which is the obligation to keep records, file returns, pay wages in relation to employees

  • Processing of data relating to partners, customers and contacts

Purpose of processing: to maintain contact with partners, to fulfil contractual obligations

Data processed: name, address, telephone number, e-mail address

Duration of data processing: 5 years after the legal relationship (limitation period)

Legal basis of processing: performance of contracts with partners and customers (Article 6(1)(b) GDPR) and performance of the Data Controller’s legal obligations (Article 6(1)(c) GDPR), such as invoicing, order management, contact management, etc. In this context, the provision of personal data is a prerequisite for the conclusion of the contract.

  • Website-related processing, cookies

For statistical purposes, the Data Controller records the IP address of visitors to the website, the start and end times of visitors’ visits to the website, the pages viewed and the type of browser and operating system used by the visitor. The data is logged automatically by the website and stored for one year.

Google Analytics cookie. They are used by Google Analytics cookies to record the IP address of the visitor, the start and end time of the visit, the page viewed and the type of browser and operating system used. By visiting the website, using some of its functions and by accepting the Cookie Policy, the visitor gives his/her consent to the storage of these cookies on the visitor’s computer and their access by the data controller. In addition to Google analytics, we also use conversion tracking cookies.

The cookies are stored for 30 days, but the visitor can set and block the storage of cookies using a browser program. However, please note that in the latter case, without the use of cookies, you may not be able to use all the services of the website. You can delete the cookie from your computer or set your browser to refuse the use of cookies.

The recording and storage of the time of visit, IP address, browser and operating system data is a specific feature of the system’s operation, and their processing is technically indispensable and is carried out for statistical purposes only.

Session IDs are automatically deleted when the browser is closed. The user can delete his own cookie at any time. Cookies are automatically deleted depending on the browser setting.

The legal basis for processing is the data subject’s consent (Article 6(1)(a) GDPR) given by the data subject through the use of the website and the legitimate interest of the Controller (Article 6(1)(f) GDPR).

  • Rights of the partner in relation to the processing

The data subject has the right to request information in relation to the processing of his or her personal data, which the Data Controller shall provide in an unconditional, complete, concise and intelligible manner. The data subject shall have the right to obtain from the controller feedback as to whether or not his or her personal data are being processed and, if such processing is taking place, the right to access the personal data and the following information on the purposes of the processing, the expected duration of the processing, the right to judicial remedies, etc. (access).

The data subject shall have the right to obtain, at his or her request and without undue delay, the rectification by the controller of inaccurate personal data relating to him or her. Having regard to the purposes of the processing, the data subject shall have the right to obtain the rectification of incomplete personal data, including by means of a supplementary declaration. The data subject shall have the right to obtain from the controller the erasure of personal data relating to him or her without undue delay and the controller shall be obliged to erase personal data relating to him or her without undue delay where the conditions laid down in Article 17 of the GDPR are met. The data subject may object to the processing of his or her personal data and may also request the correction or deletion of his or her data by the Controller in this context (rectification, erasure, objection).

The data subject shall have the right to receive personal data concerning him or her which he or she has provided to a controller in a structured, commonly used, machine-readable format and the right to transmit such data to another controller without hindrance from the controller to which he or she has provided the personal data (portability). The Controller shall comply with this obligation within 30 days of the request.

You have the right to send your request or complaint regarding the processing to the contact details provided by the Company.

Please be informed that if you consider that the Company has violated the applicable data protection requirements in the processing of your personal data, you may lodge a complaint with the National Authority for Data Protection and Freedom of Information regarding the Company’s data processing:

Name: National Authority for Data Protection and Freedom of Information

National Authority for Data Protection.

website: www.naih.hu

Address for correspondence: 1363 Budapest, PO Box 9.

Phone: 0613911400

Fax: 0613911410

E-mail: ugyfelszolgalat@naih.hu

You also have the right to take your data to court, which will rule on the matter out of turn. In such a case, you are free to decide whether to bring your action before the competent court in the place where you reside (permanent address) or where you are staying (temporary address) or before the competent court in the place where the Company is established. You can find the court of the place of residence or domicile at http://birosag.hu/ugyfelkapcsolati-portal/birosag-kereso. The Metropolitan Court of Budapest has jurisdiction over the lawsuit according to the place where the Company is domiciled.

The Company shall also compensate for the damage caused to others by the unlawful handling of the Partners’ data or by the breach of data security requirements, as well as for the damages in the event of a personal injury caused by the Company or its data processor. The Company shall be exempted from liability for the damage caused and from the obligation to pay the damage fee if it proves that the damage or the infringement of the data subject’s personality rights was caused by an unforeseeable cause outside the scope of the processing. Likewise, it shall not compensate the damage if it was caused by the intentional or grossly negligent conduct of the injured party.

  • Data processing activities

Where the Company is acting in its capacity as a data processor in the context of this notice or in the provision of its services, the following rules apply.

– The Data Processor shall perform the tasks undertaken in accordance with the instructions of the Data Controller and in the interests of the Data Controller. The Controller shall be responsible for the lawfulness of the instructions given by the Controller to the Processor.

– The Processor shall bring to the attention of the Controller without delay, before carrying out the instructions, if it becomes aware that the Controller is giving instructions which are inappropriate, unprofessional or unlawful.

– Any data or information obtained by the Processor in the course of the performance of the task shall be used exclusively for the Controller.

– The Data Processor may not make any decision on the merits of the data processing, may process the data that have come to his/her knowledge only in accordance with the provisions of the Data Controller, may not process the data for his/her own purposes, and shall store and retain the data in accordance with the provisions of the Data Controller.

– The processor shall comply at all times with the conditions laid down by the Controller in the mandate and shall ensure data security.

– The Processor shall be entitled to carry out only the technical processing operations which are the subject of the Mandate. If, at any time during the performance of the contract, the Processor encounters circumstances that prevent timely performance, the Processor shall notify the Controller in writing of the delay, its expected duration and the reasons for the delay without undue delay, but no later than 3 (three) working days.

– The Processor shall use persons with appropriate knowledge and experience to perform the tasks specified in the contract. He shall also ensure that the persons he employs are trained in the provisions of data protection law to be complied with, the obligations under the contract between the parties and the purposes and means of the processing.

– A data processor may, subject to the prior written consent of the Data Controller, use additional data processors for the performance of the tasks undertaken by him/her only under the conditions laid down in the Regulation and the Infotv. The Processor shall inform the Controller of the identity of the additional processor and of the envisaged tasks to be performed by the additional processor prior to the use of the additional processor. If the Data Controller objects to the use of the additional processor on the basis of that information, the additional processor shall be entitled to use the additional processor only if the conditions specified in the objection are met. If the Processor also uses the services of an additional processor for certain specific processing activities carried out on behalf of the Controller, it shall enter into a written contract to that effect and shall impose on the additional processor the same data protection obligations as those set out in the contract between the Controller and the Processor, in particular by requiring the additional processor to provide guarantees to implement appropriate technical and organisational measures and thereby ensure that the processing complies with the requirements of the Regulation. In such a case, however, the Data Processor warrants that the sub-processor it has engaged will carry out its activities in compliance with the provisions of the Infotv and the Regulation and in accordance with the contract between the parties. If the sub-processor fails to comply with its data protection obligations, the Data Processor that engaged the sub-processor shall be fully liable to the Data Controller for the performance of the sub-processor’s obligations.

– The Processor shall ensure that the data it processes, whether on paper or stored electronically, are adequately protected. The Processor shall prevent access to the data by unauthorised persons and shall be fully liable for any direct and demonstrable damage resulting from any intentional or negligent breach of this obligation. The processor shall not transfer the right to use the data it processes to a third party.

– The Processor shall, unless otherwise required by law, irretrievably delete the data processed by it on behalf of the Controller, including any copy thereof, upon or after the performance/termination of the contract between the parties, as instructed by the Controller, by notifying the Controller’s contact person in writing or, at the discretion of the Controller, by returning all personal data to the Controller with a record of the transfer (with simultaneous irretrievable deletion of the electronically processed data). The Controller shall provide a written (including e-mail) explanation of the deletion or return of the data.

– In the event of an exceptional occurrence requiring action (a personal data breach), the Processor shall take immediate action to remedy the breach and prevent the damage, or if the damage cannot be prevented, to remedy the damage, or if the damage cannot be remedied, to mitigate the damage. The Processor shall inform the Controller without undue delay after becoming aware of the personal data breach and shall keep a record of the personal data breach, indicating the facts relating to the breach, its effects and the measures taken to remedy it. The Data Controller declares that, as the Data Controller, it shall also keep records of data protection incidents.

– If the data subject requests information on the processing of his or her personal data from the Controller or Processor pursuant to Article 14(a) of the Data Protection Act, the Controller shall in any case provide the information.

– The Processor shall forward the request received to the Controller within 10 days of receipt. The Data Controller shall provide the information to the data subject within 25 days of receipt, and shall inform the Data Processor’s contact person thereof. If the data subject requests the correction, restriction or deletion of his/her data pursuant to Article 14 c), d), e) of the Data Protection Act, the Data Processor shall forward the request received to the Data Controller within 5 days of receipt.

– The Data Controller shall consider the request within 25 days of receipt of the request and shall instruct the Processor to correct, delete or block the data within 5 days in accordance with its decision.

– In the event of refusal of a request for rectification, erasure or blocking of data, the Data Controller shall notify the data subject of its decision in writing within 25 days of receipt of the request and shall inform the Data Processor’s contact person of its decision. The decision rejecting the request for rectification, erasure or blocking of data shall include the factual and legal grounds for the rejection, the possibility of judicial remedy and recourse to the National Authority for Data Protection and Freedom of Information.

  • Mixed provisions

Information on data processing not listed in this notice is provided at the time of collection.

We inform our customers that the court, the prosecutor, the investigating authority, the criminal investigation authority, the administrative authority, the National Authority for Data Protection and Freedom of Information, or other bodies authorised by law may contact the data controller to provide information, to disclose or transfer data, or to provide documents. The Company shall disclose personal data to the authorities only to the extent and to the extent that the authorities have indicated the exact purpose and scope of the data, and only to the extent that the Company is obliged to do so under the applicable legislation.

The processing of data in the course of the Company’s activities is based on voluntary consent or on a legal authorisation. In the case of processing based on voluntary consent, data subjects may withdraw their consent at any stage of the processing. In certain cases, the processing, storage and transmission of some of the data provided is required by law and we will inform our customers separately. Please note that if you provide personal data to the Company other than your own, it is the responsibility of the data provider to obtain the consent of the data subject.

Our data management principles are in accordance with the applicable data protection legislation, in particular the following:

  • Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Infotv.);
  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation, GDPR);
  • Act V of 2013 – on the Civil Code (Civil Code);
  • Act C of 2000 – on Accounting (Accounting Act);
  • Act LIII of 2017 – on the Prevention and Combating of Money Laundering and Terrorist Financing (PMT).