IBIDEN HUNGARY KFT.
Contact

Address:

IBIDEN HUNGARY Kft.

2336 Dunavarsány, Ipari park
Neumann János u. 1

06-24/501-300

06-24/501-305

Access by public transport:

Szigethalom, Car Factory junction bus stop on foot

Qualifications

ISO TS Audit

The next verification audit in line was performed by the experts of SGS group in August 2015. The efficiency and functional application of our quality management system, was investigated with careful consideration to the requirements of ISO TS 16949:2009 standards.

Companies in the car industry supply chain shall operate an ISO/TS-based system, which is accepted and required from suppliers by all car manufacturers world-wide. The certification is a necessary tool to prove that a company fulfills the requirements, and can be acquired through a successful audit, which is performed by an independent party. A certification process consists of more steps: the first step is the certification audit, which was performed in the summer of 2006 after the establishment of our quality management system. This certificate is issued with 3 years validity period. During this time auditing company checks the operation of the system yearly, and renews the certificate if no non-conformities were found.

ISO 14001 and OHSAS 18001

IBIDEN Hungary Ltd. is expected by our customers to clearly demonstrate not only high quality products, reliability, but also an environment-friendly mode of production. There is an institutionalized means for that, similarly to quality system standards, the ISO 14000 and OHSAS 18001 series of standards created on common basis of principles. Environmental management systems certified by an independent party serve as accepted evidence of environmentally responsible corporate behavior, both nationally and internationally.

IBIDEN Hungary Ltd. has made a commitment to improve environmental performance continuously, to prevent environmental load, as well as to operate the ISO 14001 standard based Environmental Management System. In order to achieve these targets, our Environmental Management System was started to be built in August, 2006, the system certification of which was taken place in April, 2007 after the system establishment.

IBIDEN Hungary Ltd. makes much priority of maintaining of Environmental Management System, and ensures the required resources for the continuous operation. The proof of the system’s functioning was the annual surveillance audits, as well as the renewal audit in 2014 August and September, which were successfully conducted.

Authorized Economic Operator (AEO)

Authorized Economic Operators are those participants of economic world who have a special status. Based on this special status, the Customs and Finance Guard considers the authorized economic operator as a reliable partner, and therefore provides several advantages during its custom clearance procedures. An AEO certificate issued by any of the EU member state’s customs authorities is automatically acknowledged in any of the EU member states.

Corporate data
President
SUZUKI Ayumi
Address
2336, Dunavarsány Ipari Park, Neumann János u. 1.
No. of employees
2750 people
Paid up capital
36.611.914 EUR
Shareholders
IBIDEN European Holdings B.V. (Netherlands) 99% IBIDEN Co. Ltd (Headquarter in Japan) 1%
1st building
Building:
25.000 m2
Area
60.000 m2
2nd building
Building:
30.000 m2
Area
92.000 m2
3rd building
Building:
30.800 m2
Area
82.060 m2
4-1 building
Building:
9,444 m2
Area
29,795 m2
4-2 building
Building:
23.027 m2
Area
67.095 m2
Technical Center
Building:
3.000 m2
Area
110.000 m2
Data Privacy

Data privacy notice IBIDEN Hungary Kft.

 

Extract from IBIDEN Hungary Kft's Privacy and Data Security Regulation for Customers, Visitors and Interested Parties

The full privacy and data security regulation of IBIDEN Hungary Kft. (Hereinafter referred to as the Regulations) is available at its headquarters (2336 Dunavarsány, Neumann János utca 1).

The purpose of the Regulation is to provide the data subject with information about the data managed IBIDEN Hungary Kft. (hereinafter: the Company) or processed by a data processors employed by it, as well as about the purpose, legal basis and duration of data processing, the name, address and data processing activities of the data processor (if any) involved in the data processing and, in case the data subject’s personal data are transmitted, who are getting such data and for what purpose.

 

Under the Regulation, the Company wishes to ensure the lawful order of record-keeping, compliance with the constitutional principles of data protection and the circumstances of data security, and wishes to prevent unauthorized access to or modification or disclosure of data.

 

The scope of the Regulation extends to all processes at every organizational unit of the Company during which personal data within the meaning of paragraph 1 of Article 4 of the GDPR is being processed.

 

The Regulation shall be valid from 31 of January 2019 until its withdrawal.

Definitions:

'Data Subject' means an identified or identifiable natural person (para. 1 Art 4 of the GDPR);

 

Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (para. 1 Art 4 of the GDPR);

 

'Special categories of personal data' include personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation (para. 1 Art 9 of the GDPR);

 

'Special data' means any data belonging to the special category of personal data including data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation (Sub-section 3 Section 3 of the Infotv.);

 

Consent of the data subject’ means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her (para. 11 Art 4 of the GDPR);

 

'Controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law (para. 7 Art 4 of the GDPR);

'Processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (para. 2 Art 4 of the GDPR);


The rules of data processing

Since information self-determination is a basic right of all natural persons provided in the Fundamental Law, the Company only conducts data processing only and strictly in accordance with the provisions of the currently effective laws and regulations during its operations.

Personal data may be processed only for the purpose of exercising a right or performing an obligation. It is prohibited to use the personal data processed by the Company for private purposes. The purpose shall be complied with in all phases of data processing.

Personal data may be processed by the Company only for a specific purpose, in order to exercise a specific right or to meet a specific obligation, to the extent and time absolutely necessary for achieving such purpose. Each stage of the processing shall be in line with the purpose and the data shall be erased if the purpose of the processing has ceased to exist or if the processing of data is otherwise unlawful. The data shall be erased by the Company's employee in charge of the actual data processing. The erasure of data can be verified by the person exercising the employer’s rights over the employee as well as by the Data Protection Officer (hereinafter:DPO).

The Company may process personal data only with the data subject's consent – to be made in writing in case of special personal data – or if prescribed or permitted by the law.

Prior to collecting data, the Company shall always inform the data subject about the purpose and the legal basis of processing.

The employees involved in data processing at the Company's organizational units and the employees of entities involved in data processing or any data processing transaction on behalf of the Company shall keep all personal data as confidential information. Those who process and have access to personal data shall sign a confidentiality declaration.

If a person subject to the Regulation detects that the personal data processed by the Company is incorrect, incomplete or outdated, they shall rectify the data or request the person in charge of recording the data to rectify the same.

The data protection obligations applicable to natural persons, legal entities and unincorporated organizations conducting data processing on behalf of the Company shall be enforced through the contract for services concluded with the data processor. The Company shall conclude a Data Processing Agreement with the data processor in accordance with the GDPR.

 

Enforcement of the data subjects' rights

Right to get information

The principles of fair and transparent processing require that the data subject be informed of the existence of the processing operation and its purposes and other factors.

Upon the request of the person concerned, the Controller shall provide information concerning the data relating to him/her, including those processed by a data processor on its behalf or according to his/her notice, the sources from where they were obtained, the purpose, grounds and duration of processing, the name and address of the data processor and on its activities relating to data processing, and – in case of the transfer of the personal data of the person concerned – the legal basis and the recipients of the data processing.

As a general rule, such information shall be provided for free unless the requester has already submitted a data request to the Controller for the same scope of data within the same year. In such case, cost reimbursement may apply. The amount of cost reimbursement may also be determined by a contract between the parties. The cost reimbursement paid must be refunded if the data were unlawfully managed or the data had to be modified as a result of the request.

Right to access:

  1. The data subject has the right to access to the personal data and to the following information:

  2. the purpose of data processing;

  3. the categories of personal data concerned;

  4. the recipients or categories of recipients to whom or which their personal data were disclosed or will be disclosed, including third country recipients and international organizations;

  5. the planned duration for which the personal data is stored or, if this is not possible, the criteria for determining this duration;

  6. the existence of the right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

  7. the right to lodge a complaint with a supervisory authority;

  8. where the personal data are not collected from the data subject, any available information as to their source;

  9. the existence of automated decision-making including profiling and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

  10. The data subject is also entitled to request the Controller to provide a copy of the personal data being processed. For any further copies requested by the data subject, the Controller may charge a reasonable fee. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.

 

Right to rectification

The data subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her or the addition of missing data.

 

Any untrue data shall be rectified by the head of the organizational unit processing the data; if the necessary data and the public documents supporting it is available, and if the conditions described in Article 17 of the GDPR apply, he or she shall arrange for the deletion of the personal data being processed.

Right to erasure and to be forgotten

The data subject has the right to obtain from the Controller the erasure of their personal data without undue delay if any of the following conditions apply:

  1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

  2. the data subject withdraws their voluntary consent to the processing and there is no other legal ground for processing;

  3. the data subject objects to the data processing, and there is no overriding legal ground for the data processing;

  4. the personal data have been unlawfully processed;

  5. the personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

  6. the personal data have been collected in connection with an offer of information society services to persons below the age of 16.

Where the Controller has made the personal data public and the personal data is no longer needed for the purpose it was collected or has been processed for a different purpose then it shall erase the personal data and, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform controllers that are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

The personal data may not be erased even if the data subject requests so in case of data processing pursuant to Article 17(3) of the GDPR.

 

Right to restriction of processing

The data subject is entitled to request of the Company the restriction of processing if any of the following conditions applies:

  1. the accuracy of the personal data is contested by the data subject, in which case the restriction shall last for a period enabling the controller to verify the accuracy of the personal data;

  2. the processing is unlawful and the data subject opposes the erasure of the personal data, and requests the restriction of their use instead;

  3. the Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the assertion, exercise or defence of legal claims; or

  4. the data subject has objected to processing; in this case such restriction shall be valid for the period until it is determined whether the legitimate grounds of the Controller override those of the data subject.

Notification obligation regarding rectification or erasure of personal data or restriction of processing

The Controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves a disproportionate effort. The Controller shall inform the data subject about those recipients if the data subject requests it.

Right to data portability

Where the conditions set forth in paragraph (1) of Article 27 of the GDPR apply, the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.

Right of objection

The data subject shall have the right, on grounds relating to his or her particular situation, to object at any time to the processing of personal data concerning him or her for public interest or for exercising public authority vested in the controller, or if processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on the aforementioned regulations.

The data subject may object to the processing of his or her data

  1. if the processing or transfer of the personal data is required exclusively for fulfilling the legal obligation of the Controller, or the enforcement of the legitimate interest of the Controller, the recipient of the data or a third party, except in the case of compulsory data processing;

  2. if the purpose of the use or the transfer of personal data is direct marketing, public opinion polling, or scientific research; and

  3. in other cases specified by the law.

The Controller shall forward the request or objection to the head of the organizational unit that is competent with respect to the data processing within three days after receipt.

The Controller shall provide information on action taken on a request to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.

If the Controller has found the data subject's objection to be founded, it shall stop data processing, including any further recording and transmission of data, restrict the data concerned, and notify the objection as well as the action taken to all parties to whom the personal data concerned was previously transmitted and who shall take the action necessary for enforcing the customer’s right of objection.

If during the exercise of the data subject's rights, the case cannot be clearly decided, then the head of the organizational unit processing the data may request a position from the Data Protection Officer sending them the documents of the case and his or her position and the DPO shall reply to it in three days.

Right to turn to or file a complaint with the court

The Controller shall be liable for any damage caused to a data subject as a result of unlawful processing or by any breach of data security requirements as well as for the grievance fee payable for any violation of personality rights caused by it or by the data processor acting on its behalf. The Controller shall be relieved from its liability if it can prove that the damage or the violation of the data subject's personality rights was caused by a circumstance beyond its reasonable control falling outside the scope of data processing. Similarly, no compensation shall be paid where the damage was caused by the data subject's wilful misconduct or gross negligence.

If the Controller does not take action on the request of the data subject, the controller shall not inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging an application or complaint with the NAIH (1125 Budapest, Szilágyi Erzsébet fasor 22/C.) - also with the court that has jurisdiction according to his/her permanent or temporary residence – and seeking a judicial remedy.

 

The Company's recruitment process

During the selection of employees, the Company processes personal data.

Applications may be also submitted besides the announced positions to unannounced positions either personally or via the Company's address (postal or electronic expl.the Company’s website, through the Company’s Facebook, Linkedin profile by submitting the candidate's curriculum vitae (hereinafter: CV) in the HR admin surface.

The applicant's CVs are stored by the Company electronically and/or on paper. The content of the CV may be accessed by the Managing Director, the Head of the Human Resources Department, the HR business partners, the Heads of Department professionally competent according to the candidate's qualifications and their deputies, and the employees delegated to the personal interview to be done with the candidate.

The employer rights in connection with the selection of those white collar employees who are appropriate to the Company’s expectations are practiced by the Managing Director holding this right from time to time, while employer rights in connection with the selection are practiced by the HR Manager for eligible grey and blue collar employees, thus they shall guarantee the data subject's rights while performing the tasks relating to this data processing in cooperation with the Data Protection Officer.

In case of a CV containing personal data submitted as part of a job application, the Company will not distinguish CVs by the manner they are received: CVs received on paper and electronically will be treated equally.

By default, CVs will be stored by the Company for potential future use with a view to any positions that may become vacant or may be newly established sometime in the future. The stored CVs will be destroyed after twelve months counted from arrival.

All CVs disclosed to the Company are processed on the legal ground for the data subject's consent pursuant to paragraph a) of Article 6(1) of the GDPR.

In case of an application submitted for an announced or unannounced position, the Company will send an automatic response letter to the application in which they are notified of the processing of their data, its legal basis and the opportunities to object to data processing.

Special rules relating to CV’s arriving through work force recruitment companies

By default, CVs arriving through work force recruitment companies will be stored by the Company for potential future use. The Company shall process the CV and the personal data contained in it in accordance with the provisions of this Regulation. The Company will notify the owner (concerened person) of the CV about it

Special rules relating to CVs received through a recommendation by employees

The Company is familiar with and recognizes the system of employee recommendations. Any employee of the Company may recommend his or her acquaintance for a specific job position, in this case, however, the Company will always request a declaration from the employee who makes the recommendation that he/she has an authorization from the data affected (recommended employee) to disclose the relevant data to the Company. This declaration will be stored during the retention period of the given CV and then it will be destroyed together with the personal data contained in the CV.

 

However, regarding the fact that the Company can only assume that the data subject has given their consent, even despite the employee's declaration, it will always send a notice to the person being referred in which they are notified of the processing of their data, its legal basis and their opportunities to object to data processing.

 

Further processing of data of data subjects selected on the basis of their CV (decision on suitability) is done for the purpose of establishing employment, therefore the related data processing is subject to the rules of processing employees' data.

 

The Company organizing factory visit for the applicants in relation of which confidentiality declaration shall be given by the applicant.

purpose of processing: to select eligible candidates for vacant or newly established positions for the purpose of concluding an employment contract at a later stage

data being processed: name (including name at birth), date of birth, place of birth, mother's name, home address, place of residence (if applicable), qualifications, photo, other data provided by the data subject, ID data of the person giving the referral, positive findings of background check

legal ground for data processing: the data subject's consent pursuant to Article 6(1) of the GDPR

duration of data storage: until the data subject requests erasure or for up to twelve months

data storage method: on paper as well as electronically

 

Operation of the electronic surveillance system

The Company operates an electronic surveillance system at its head office.

The purpose of the electronic surveillance system is to ensure labour safety and protection of property, maintain the safety of the building and to preserve the physical security of the private property of persons staying in the area under surveillance.

The images recorded by the electronic surveillance system can be used and retained subject to the relevant provisions of the Act CXXXIII. of 2005 Security Services and the Activities of Private Investigators (hereinafter: Szvtv.) and the GDPR as follows:

The method of and deadline for deleting recordings made by the electronic surveillance system

If the recording is not used, it shall be deleted 3 that is three business days after it has been made [Subsection (2) of Section 31 Szvtv.] while in case of storing hazardous materials or handling, storing or transporting cash of substantial value, the retention period is up to 30 that is thirty days [paragraph (c) and (d) of Subsection (3) of Section 31 Szvtv.]. Use of data means that the recorded images are used as evidence in court or other authority proceedings.

However, the Company shall always guarantee the data subject's right specified in the Szvtv. i.e. the data subject whose legitimate interest is to retain the recording may, within the retention period of the recording (i.e. three days), request the controller not to destroy or delete the data of the recording by proving the data subject's right or legitimate interest. The request shall be decided on as soon as possible by the person in charge of supervising the data processing relating to the Company's camera surveillance system. The recording so marked shall be saved and delivered to the person in charge of supervising the data processing relating to the Company's camera surveillance system who shall arrange for its proper storage in accordance with this Regulation. At the request of a court or other authority, the recording shall be sent to the court or the authority immediately. If no enquiry is made within 30 days of filing the request for not destroying the recording, the recording shall be deleted.

 

Safeguards in electronic surveillance

The Company's use of the electronic surveillance system may interfere with the data subjects' privacy only to the necessary extent.

The Company shall not conduct electronic surveillance for any reason and in any manner:

  • for the purpose of monitoring the work intensity of its employee,

  • for the purpose of influencing the employee's conduct at the workplace,

  • in sensitive areas, particularly in changing rooms, showers, toilets,

  • in areas where the employees spend their rest times or breaks, particularly in the rest room or smoking area,

  • in a public area.

The Company may conduct electronic surveillance to make sure that the employees observe the provisions pertaining to them in order to ensure occupational safety and health.

 

Information of data subjects

A notice has been prepared in connection with the data processing to provide preliminary notification to the data subject about the data processing. The notice shall be displayed at every entry point of the surveillance area.

 

Viewing camera recordings

In order for the Company to interfere with the data subjects' privacy to the minimum possible extent, the data recorded by the electronic surveillance system shall be accessible to authorized personnel only.

The person authorized for this purpose within the Company's organization is entitled to view the recordings. The data shall be retained by the Company for 5 years after the withdrawal.

 

Restriction of camera recordings

The restriction of camera recordings may be ordered only by the person in charge of supervising the data processing relating to the Company's camera surveillance system.

Restriction of camera recordings may be requested by

  • the Company's employee having an access right if during viewing recordings they have found a circumstance which may threaten the objective to be achieved by the electronic surveillance system,

  • any person whose rights or legitimate interests are affected by the recording.

 

The restriction of camera recordings may be requested by a written request addressed to the person in charge of supervising the data processing relating to the Company's camera surveillance system.

The restriction request shall be decided on as soon as possible by the person in charge of supervising the data processing relating to the Company's camera surveillance system.

The Company shall keep a log of all restrictions of camera recordings in which the date and purpose of viewing and restricting, the event giving rise to the restriction and any further use shall be recorded.

 

purpose of processing: to ensure labour safety and protection of property, maintain the safety of the building and to preserve the physical security of the private property of persons staying in the area under surveillance

data being processed: the data subject's image, data collected by means of camera surveillance (place, date and time of stay)

legal ground for data processing:

  • the data subject's implied consent [Subsection (2) of Section 30 of the Szvtv.]

  • for employees, legitimate interest pursuant to point f) of Article 6(1) of the GDPR

retention period:

  • if the recording is not used, it shall be deleted 3 that is three business days after it has been made [Subsection (2) of Section 31 Szvtv.] while in case of storing hazardous materials or handling, storing or transporting cash of substantial value, the retention period is up to 30 that is thirty days [paragraph (c) and (d) of Subsection (3) of Section 31 Szvtv.], and

  • if the Company is requested not to destroy the recording by proving a relevant right or legitimate interest but the recording is not requested, then the Company shall delete the same on the expiry of 30 that is thirty days after the first request [Subsection (6) of Section 31 Szvtv.]

data processing method: electronic

Access Control for Guests

The visitor can be received at the personal entrance gate. The security guard on duty at the gate shall notify the person receiving the visitor that the latter has arrived. The visitor's data shall be recorded both on paper and electronically.

The data recorded for visitors:

  • Name

  • Coming from (company name)

  • Visiting (name)

  • Time of entry and exit

  • name, type and serial number of IT equipment

purpose of processing: to identify visitors and prevent unauthorized entry

data being processed: visitor's name, coming from, coming to, time of entry and exit.

legal ground for data processing: legitimate interest pursuant to Section 32 of Act CXXXIII of 2005 and paragraph f) Article 6(1) of the GDPR

duration of data storage: in case of occasional entry, the data processed shall be destroyed within twenty-four hours after exit.

data storage method: electronic

 

Entry and exit check, bag search

The Company’s head office has manned guarding in place.

Manned guarding includes the following tasks:

  • property surveillance,

  • checking the entry of persons and motor vehicles,

  • drawing up a report in case of security incidents,

  • patrolling.

 

Exit checks are carried out by the third-party security service that operates the reception service.

In case of an incident – e.g.: theft - the shift manager, the contact persons of the EHS Department and the CSD Department, and the heads of the departments concerned shall be notified.

The incident must be recorded in a report.

In case of the Company's own employee, the head of the relevant department while in case of a contractor's worker, the contractor employing such worker will be notified.

 

Personal checks, bag search

In order to enhance protection of property and labour safety, the security guard may check the Company's employees and third-party employees working in the areas protected by manned guarding in accordance with Section 28 of the Szvtv. if

  • it is reasonably assumed that the person concerned is in possession of a thing originating from a criminal act or offence which should be protected by the security guard according to his or her contractual obligation;

  • the person concerned fails to present that thing on request; and

  • the measure is necessary for preventing or stopping an unlawful act.

The security guards are entitled to perform checks within the Company's entire area. The check may include establishing personal identity, verifying access authorization and checking whether the employee is fit for work (e.g.: influence of alcohol).

In order to prevent prohibited objects and equipment from being taken to or corporate materials being taken from the premises, the security guard may request the person checked to show the contents of his or her pockets or to permit an inspection of the cargo space or the passenger cabin of the corporate or privately owned vehicle.

purpose of processing: to investigate security incidents

data being processed: report completion date, security service staff's name, signature, the checked person's name, signature, reg. no., and for external workers, place and date of birth, mother's name, home address, place of residence and the description of the act, name, reg.no. and signature of the direct superior and the contact person, registration number of the motor vehicle.

legal ground for data processing: legitimate interest pursuant to Section 28 and 31(7) of Act CXXXIII of 2005 and paragraph f) of Article 6(1) of the GDPR

duration of data storage: the deadline for investigating the event and asserting claims in connection with the rights and obligations arising therefrom

data storage method: on paper as well as electronically

 

Data management information for contact details of suppliers and subcontractors

IBIDEN Hungary Kft. processes the following personal data with respect to suppliers and subcontractors for the following purposes:

purpose of processing: to keep contact with suppliers and subcontractors in relation to their contract with IBIDEN Hungary Kft.

data being processed: contact person's name, phone number, e-mail address

purpose of processing: the Company's legitimate interest in performing contractual obligations under the contract between the supplier or subcontractor and IBIDEN Hungary Kft. [para f) Article 6(1) of the GDPR]

duration of data storage: 8 years after the termination of the contract

data storage method: on paper as well as electronically

 

Information management information for visitors of the Company's website

The Company's website: www.ibiden.hu. Small data packages, commonly known as cookies, help the customers and other visitors when accessing or exiting our website. These are placed onto the visitor’s IT device and read by the website to help proper functioning, more efficient service, and to collect anonymous statistical data.

The visitor can manually delete the cookies from the IT device, or the browser can be set to automatically delete them when the browser closes. The visitor also can set the browser to disable the use of cookies. The visitor can still use the website even if the use of cookies is manually disabled in the browser’s settings.

The following types of cookies from Google Analytics are also used by the website: "utma", "utmb", "utmc", "utmt", "utmv", "utmz" (for cookies used by Google Analytics for the webpage, detailed information is available at the following link: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage).

The listed cookies are used to identify the following data, collected for statistical purposes, regarding visiting the website and its traffic:

  • the visitor has reached the website via a search engine, keyword or link ("utmz" cookie)

  • how many times did the visitor visit the website ("utmb" cookie)

  • how long the visitor stayed on the website ("utma" and "utmv" cookies),

  • when the visitor first visited the website ("utma" and "utmv" cookies),

  • and when the visitor last visited the website ("utmc" and "utmv" cookies).

In addition to the above, some cookies protect the website from overloading ("utmt" cookie), and some cookies used by Google Analytics register the IP address of the IT device used by the visitor for analytical, statistical, and security purposes. The data is stored on the visitor's device.

Therefore, independent measurement and auditing of website traffic and other web analytics data is supported by Google Analytics servers as external providers using the cookies listed above. For more information on how the data is handled, the data handler provides detailed information at https://www.google.com/analytics/ also there is more information about Google's privacy policies at http://www.google.com/intl/en/ policies / privacy /. Data transmitted from the website to Google Analytics servers is not directly suitable to identify the identity of the visitor, as it can only be used to identify the IP address of the device.

Contact initiated by visitors or customers

The Company provides the opportunity for those interested to apply for jobs through the website, and to submit their CV to the Company via the website. The Company handles the CVs received through the website in the same way as CVs arriving in other ways, which you can read here (CV containing personal data)

 

purpose of processing: Facilitating contact with the company

data being processed: name, e-mail address, phone number, curriculum vitae

legal ground for data processing: the data subject's consent pursuant to Article 6(1) of the GDPR

duration of data storage: until consent withdrawal, but up to 1 year

data storage method: electronically

You may request information on the management of your personal data and may request the rectification or restriction, erasion of your personal data, except for data processing required by law, at the contact details provided by the Company.

Controller

Controller’s name: IBIDEN Hungary Gyártó Korlátolt Felelősségű Társaság

Controller’s short name: IBIDEN Hungary Kft.

Controller’s registration number: 13-09-106413

Controller’s head office: 2336 Dunavarsány, Neumann János utca 1.

Controller’s e-mail address: privacy.ihu@ibiden.com

Controller’s representative: Suzuki Ayumi

Data Protection Officer’s name: Dr. Bernadett Bézsenyi

e-mail address: dr.bezsenyi.bernadett@ltender.hu

telephone number: +3670/3282272

 

The Privacy and Data Security Regulation contains the Company's complete data management system.

 

The data subject may seek legal remedy from or file a complaint with the National Authority for Data Protection and Freedom of Information (1125 Budapest, Szilágyi Erzsébet fasor 22/C.) or at the court that has jurisdiction according to their home address or place of residence.

Dunavarsány, 31th January, 2019