IBIDEN HUNGARY Kft.
2336 Dunavarsány, Ipari park
Neumann János u. 1
Access by public transport:
Szigethalom, Car Factory junction bus stop on foot
ISO TS Audit
The next verification audit in line was performed by the experts of SGS group in August 2015. The efficiency and functional application of our quality management system, was investigated with careful consideration to the requirements of ISO TS 16949:2009 standards.
Companies in the car industry supply chain shall operate an ISO/TS-based system, which is accepted and required from suppliers by all car manufacturers world-wide. The certification is a necessary tool to prove that a company fulfills the requirements, and can be acquired through a successful audit, which is performed by an independent party. A certification process consists of more steps: the first step is the certification audit, which was performed in the summer of 2006 after the establishment of our quality management system. This certificate is issued with 3 years validity period. During this time auditing company checks the operation of the system yearly, and renews the certificate if no non-conformities were found.
ISO 14001 and OHSAS 18001
IBIDEN Hungary Ltd. is expected by our customers to clearly demonstrate not only high quality products, reliability, but also an environment-friendly mode of production. There is an institutionalized means for that, similarly to quality system standards, the ISO 14000 and OHSAS 18001 series of standards created on common basis of principles. Environmental management systems certified by an independent party serve as accepted evidence of environmentally responsible corporate behavior, both nationally and internationally.
IBIDEN Hungary Ltd. has made a commitment to improve environmental performance continuously, to prevent environmental load, as well as to operate the ISO 14001 standard based Environmental Management System. In order to achieve these targets, our Environmental Management System was started to be built in August, 2006, the system certification of which was taken place in April, 2007 after the system establishment.
IBIDEN Hungary Ltd. makes much priority of maintaining of Environmental Management System, and ensures the required resources for the continuous operation. The proof of the system’s functioning was the annual surveillance audits, as well as the renewal audit in 2014 August and September, which were successfully conducted.
Authorized Economic Operator (AEO)
Authorized Economic Operators are those participants of economic world who have a special status. Based on this special status, the Customs and Finance Guard considers the authorized economic operator as a reliable partner, and therefore provides several advantages during its custom clearance procedures. An AEO certificate issued by any of the EU member state’s customs authorities is automatically acknowledged in any of the EU member states.
IBIDEN Hungary Manufacturing Limited Liability Company (hereinafter Controller) creates the Data protection and data security regulation in order to file its internal processing of data processes and ensure the rights of data subjects.
1. Aim and scope of the regulation
IBIDEN Hungary Manufacturing Ltd. ensures the data subjects’ realization of right to information determined in Section 15 of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: Infotv.). With this regulation, Controller aims to ensure the legal order of operating filing systems, enforce the constitutional principles of data protection and requirements of data security, prevent unauthorized access to, and unauthorized modification, or disclosure of the data. Objects covered by the regulation include each process ongoing at every organizational unit of Controller, during which personal data is controlled as determined in 2nd point of Section 3 of Infotv. Time covered by the regulation starts 20th April 2015 and continues until withdrawal.
‘Personal data’ shall mean any information relating to the data subject, in particular by reference to his name, an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity, and any reference drawn from such information pertaining to the data subject. During processing of data, personal data remains that as long as the relation to the data subject can be restored. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to name, an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;
‘Special data’ shall mean a) personal data revealing racial origin or nationality, political opinions and any affiliation with political parties, religious or philosophical beliefs or trade-union membership and personal data concerning sex life,
b) personal data concerning health, pathological addictions or criminal record;
‘Personal data processed in criminal matters’ shall mean personal data that might be related to the data subject and that is obtained by organizations authorized to conduct criminal proceedings or investigations or by penal institutions during or prior to criminal proceedings in connection with a crime or criminal proceedings;
‘Public information’ shall mean any known fact, data and information, other than personal data, that are processed and/or used by any person or body attending statutory State or municipal government functions or performing other public duties provided for by the relevant legislation (including those data pertaining to the activities of the given person or body), irrespective of the method or format in which it is recorded, and whether autonomous or part of a compilation;
‘Information of public interest’ shall mean any data, other than public information, that are prescribed by law to be published, made available or otherwise disclosed for the benefit of the general public;
‘The data subject’s consent’ means any freely and expressively given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed without limitation or with regard to specific operations;
‘The data subject’s objection’ shall mean an indication of his wishes by which the data subject objects to the processing of his personal data and requests that the processing of data relating to him be terminated and/or the processed data be deleted;
‘Controller’ shall mean the natural or legal person, or unincorporated body which alone or jointly with others determines the purposes of processing of data, makes decisions regarding data processing (including the means) and implements such decisions itself or engages a data processor to execute them.;
‘Processing of data’ shall mean any operation or set of operations that is performed upon data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction, and blocking them from further use. Furthermore, photographing, sound and video recording, and the recording of physical attributes for identification purposes (such as fingerprints and palm prints, DNA samples and retinal images) counts as processing of data as well;
‘Disclosure by transmission’ shall mean making data available to a specific third party;
‘Public disclosure’ shall mean making data available to the general public; ‘Erasure of data’ shall mean the destruction or elimination of data sufficient to make them irretrievable;
‘Blocking of data’ shall mean the access, dissemination, adaptation, alteration, destruction, erasure, combination or alignment of data being made impossible permanently in the future or for a predetermined period;
‘Destruction of data’ shall mean the complete physical destruction of the medium containing data;
‘Data processing’ shall mean the technical operations involved in data control, irrespective of the method and instruments employed for such operations and the venue where it takes place;
‘Data processor’ shall mean a natural or legal person or unincorporated organization that is engaged under contract in the processing of personal data, including when the contract is concluded by virtue of law;
‘Personal data filing system (filing system)’ shall mean any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis;
‘Data set’ shall mean all data contained in a filing system;
‘Third party’ shall mean any natural or legal person or unincorporated organization other than the data subject, the controller or the processor;
‘EEA Member State’ shall mean any Member State European Union and any state that is a party to the Agreement on the European Economic Area, furthermore, any other country whose citizens are enjoying the same treatment as nationals of States who are parties to the Agreement on the European Economic Area by virtue of an agreement between the European Community and its Member States and a State that is not a party to the Agreement on the European Economic Area;
‘Third country’ shall mean every State other than EEA Member States.
3. Rules of processing of data
Controller may process data only and exclusively in compliance with the regulations of law in force during its procedures, especially:
Personal data may be processed only for specified and explicit purposes, where it is necessary for the implementation of certain rights or obligations. Personal data processed by the controller must not be used for private purposes. Processing of data must always comply with the principle of purpose-specific processing.
Controller shall process personal data only for specified and explicit purposes, where it is necessary for the implementation of certain rights or obligations, in minimal amount and time necessary for fulfilling the purpose. Processing of data must in all phases comply with the purpose – and in case the purpose of processing of data was terminated or processing of data is otherwise unlawful, data shall be deleted.
Controller shall process personal data only with the prior consent of data subject – in written form in case of special personal data – or based on law, or legal authorization.
Controller shall inform the data subject about the purpose of processing of data, and the legal basis of it in all cases before commencing data recording.
Employees processing data at organizational entities of Controller as well as employees of organizations entrusted by Controller participating in processing of data, executing certain operations in it are obliged to keep personal data they had access to confidential as business secret.
If a person under the scope of the regulation gains information that personal data processed by Controller is incorrect, incomplete or out of date, he is obliged to rectify it, or initiate the rectification of such data by informing the employee responsible for recording the data.
Data protection obligations regarding any natural or legal person or unincorporated organizations processing data entrusted by Controller, shall be enforced in the contract concluded with data processor.
4. Data protection system of Controller
Employees of Controller shall take care in their work that unauthorized persons cannot access personal data, and that storing, placing of personal data is arranged so that it cannot be accessed, altered, adapted or destroyed by unauthorized persons.
Data protection system of Controller is supervised by managers through a data protection responsible person assigned or entrusted by them.
5. Data security rules
Controller shall apply the following measures and elements of guarantee for the security of personal data:
- data stored on computer may only be accessed with valid, personalized, identifiable authorization – at least username and password, – Controller shall arrange alteration of passwords on a regular basis;
- any alteration of data shall be logged in a traceable way;
- data stored on network server (hereinafter: server) may only be accessed with the appropriate authorization and only by persons assigned for this;
- in case purpose of processing of data has been fulfilled, period of processing of data has expired, Controller ensures that the file containing the data is irretrievably erased so that the data cannot be restored;
- provides for virus protection on the network where personal data are processed;
- prevents unauthorized network access with the available information technology devices and their application;
- places the documents in a properly lockable, dry room equipped with fire safety and security equipment;
- documents under continuous active processing may only be accessed by authorized personnel;
- employee of Controller who processes data can only leave the room where processing of data is ongoing if he locks up the storage media entrusted to him, or locks the office;
- in case personal data processed on paper are digitalized, Controller shall apply safety regulations regarding digitally stored documents.
6. Rights of data subjects, enforcement
Through the indicated contact info of the Controller, data subject may request information when his personal data is being processed, the rectification of his personal data, or the erasure or blocking of his personal data, except where processing is rendered mandatory.
Controller must forward the received request or objection within three days of receipt to the head of the department which is assigned to the processing of data and has competence in it, who must in an intelligent form, in writing, within no more than fifteen days – in case of enforcing right of objection within 5 days.
The information shall be provided free of charge by the Controller, except in the case prescribed in Infotv. Section 15 (5).
Controller may reject the request only for specific reasons, as described in Infotv. Section 9 (1) or Section 19, and the rejection must be justified with specified information described in Infotv. Section 16 (2), in writing.
Where personal data is deemed inaccurate, and the correct personal data and the public documents as evidence are at the controller’s disposal, the head of data controlling organization shall rectify, or erase the personal data in question, in case of the reasons described in Infotv. Section 17 (2).
In the event of objection, the controller shall suspend data processing for – no longer than five days – the duration of the investigation of the data subjects right to object to the processing of his personal data, adopt a decision as to the merits and shall notify the data subject of its decision as described in Infotv. Section 21 (2).
If the objection is justified, the head of data controlling organization shall act in accordance with Infotv. Section 21 (3).
Controller shall be liable for any damage caused to a data subject as a result of unlawful processing or by any breach of data security requirements. Controller shall also be liable for any damage caused by a data processor acting on his behalf. Controller may be exempted from liability, if he proves that the damage was caused by reasons beyond his control. Furthermore, no compensation shall be paid and no restitution may be demanded where damage was caused by or the violation of rights of the data subject relating to personality is attributable to intentional or negligent conduct on the part of the data subject.
Name of Controller: IBIDEN Hungary Gyártó Kft.
Company registration number of Controller: 13-09-106413
Company seat of Controller: 2336 Dunavarsány, Neumann János utca 1.
Electronic address of Controller: firstname.lastname@example.org
Representatives of Controller: Dr. KANICSÁR Henriett
With complaints related to data processing by Controller, data subjects may turn to NAIH:
name of Nemzeti Adatvédelmi és Információszabadság Hatóság (Hungarian National Authority for Data Protection and Freedom of Information)
seat: 1024 Budapest, Szilágyi Erzsébet fasor 22/C.
Processing of data related to data of work candidates and homepage operation
7.1. Location of processing of data: 2336 Dunavarsány, Neumann János utca 1. CVs arrive by mail and electronically for possible positions. The company categorizes CVs by work areas for later use.
In case of all CVs made available for the company, Infotv. Section 6 (6) provides a legal basis for processing of data (“in other cases opened at the data subject’s request, as regards the personal data he has supplied, the data subject’s consent shall be deemed to have been granted”).
registration number of processing of data: NAIH-80298/2014.
purpose of processing of data: selecting the right employees to fill vacant positions, processing of the candidates’ personal data
range of processed data: name, birth name, place and time of birth, mother’s name, address, training data, photo, e-mail address, phone number, other information submitted by the data subject
legal basis for processing of dataadatkezelés jogalapja: consent of data subject as in Infotv. Section 5 (1) a) and Section 6 (6)
period of data storage: 1 year from data recording
method of data storage: on paper and electronically
7.2. Controller is operating the http://ibiden.hu/ homepage
Non-personal information of the visitors is collected automatically and without limit by the website. However, from these data personal information cannot be obtained, therefore it does not execute processing of data.
Through the website, visitors have the opportunity to directly apply for positions advertised by IBIDEN Hungary Manufacturing Ltd.
registration number of processing of data:NAIH-80295/2014
purpose of processing of data: ensuring opportunity for online contact, application for the position.
range of processed data: name, birth name, phone number, address, e-mail address, qualifications, education, foreign languages, photo, other information submitted by the data subject.
legal basis for processing of data: consent of data subject as in Infotv. Section 5 (1) a)
period of data storage: 1 year from making contact
method of data storage: electronically