Data Protection Notice - ELECTROMOBILITY SERVICE processing of certain personal data when using the mobility service - in force: from 09.07.2024

Name of the data processing

and purpose

Legal basis for data processing

Scope and source of the processed data

Duration of data processing

Recipient of the data transfer

Data processing and related activities

Electronic contracting, use of services, provision of infrastructure for charging electric vehicles via an app, billing, contact

MOL Plugee User has the opportunity to link his/her MOL Plugee and MOL MOVE User accounts. Accordingly, the MOL Plugee User will earn Loyalty Points for each of his/her travels in accordance with the terms and conditions of the MOL MOVE GTC. This processing is governed by the relevant MOL MOVE documents: GTC (molmove.hu) Privacy Policy (molmove.hu)

Performance of the contract pursuant to Article 6(1)(b) of the GDPR

In addition, this processing is pursuant to Article 13/A (1)-(9) of Act CVIII of 2001 on certain aspects of electronic commerce services and information society services.

In the case of registered users, the Company processes profile pictures and optional data only with the express, voluntary consent of the user, pursuant to Article 6 (1) (a) of the GDPR.

Mandatory data for non-registered (occasional) users:

e-mail address, billing name, billing address, tax number, credit card details: name on credit card, credit card number, expiry date, CVC/CVV code.

Optional data:

Surname, first name, telephone number

Mandatory information for registered users:

surname, first name, e-mail address, password, billing name, address, tax number, bank card details: name on bank card, bank card number, expiry date, CVC/CVV code.

Optional data:

gender , phone number, profile picture.

In addition to the above, certain personal data generated in the course of the use of the service by Business Users in the context of cooperation with Corporate Clients:

If the Corporate Customer is a fuel card partner of MOL Plc, the number of the fuel card used to use the Plugee service.

In the case of data processed on the basis of electronic contracting, the use of a service, the provision of a service and the maintenance of contact, for 30 days from the termination of the service contract.

Invoicing data: the Data Controller is obliged to keep the electronic invoices issued in connection with the service in accordance with and for the duration of the provisions of Articles 165-169 of Act C of 2000 on Accounting and in accordance with Articles 77-78 and 202 of Act CL of 2017 on the Rules of Taxation.

In the case of e-roaming, billing data will be stored in accordance with the tax and accounting rules of the invoice issued in the country of the MOL Group.

In the context of the use of the service by Business Users in cooperation with an Enterprise Customer:

The scope of the contract between the Corporate Customer and MOL Plc. shall prevail, subject to the Parties' regular agreement on the list of Business Users. If the Business User's legal relationship with the Corporate Client is terminated, his personal data will be deleted within 15 days of the Corporate Client's notification to this effect at the latest.

When using the internal roaming service within the MOL Group, personal data required for internal payment and billing will be transferred between the MOL Group companies (the CPO) and the e-mobility service provider (EMSP).

In this case, the billing will be carried out by the subsidiary of the MOL Group in the country of the respective billing point.

For the purposes of the above data processing, the members of the MOL Group are considered as joint controllers. The following subsidiaries participate in the e-roaming service:

CZ:

MOL Česká republika, s.r.o.

společnost s ručením omezeným

Purkyňova 2121/3

11000 Praha 1

SLO:

MOL Slovenija, trgovsko podjetje d.o.o.

Druzba z omejeno odgovornostjo

Lendavska ulica 24

9000 Murska Sobota

RO:

MOL Romania Petroleum Products SRL

Societa cu raspundere limitata

Bd. 21 Decembrie 1989 77, et. 1 cam.C.1.1

400604 Cluj-Napoca

SK:

SLOVNAFT a.s.

akciová spoločnosť

Vlčie hrdlo 1

82412 Bratislava

HR:

TIFON d.o.o.

drustvo sa ogranicenom odgovornoscu

Savska cesta 41/XIII

10000 Zagreb

In the context of the use of the service by Business Users in cooperation with an Enterprise Customer: Corporate Client

Driivz Ltd. – provision of ancillary services related to data management in the course of the electromobility service, operation of a telephone application, server services

(based in Hod Hasharon, 4 HaHarash Street, Israel)

MOL GBS Magyarország Ltd. – invoicing (headquarters: 1117 Budapest, Dombóvári út 28.)

Improve the quality of the service, based on the specific technical characteristics of the vehicle, resulting in the provision by the Data Controller of an appropriate electric charging infrastructure, in line with the technical needs of the users' vehicles.

Pursuant to Article 6(1)(f) of the GDPR, data processing is in the legitimate interest of the Company.

It is in the legitimate interest of the Company to know the characteristics of the vehicles of the users of its service in order to continuously improve the charging infrastructure to meet the needs of the users.

The interest assessment test is available on request.

Data on the user's vehicle: manufacturer, year, type of vehicle, maximum charging capacity, battery capacity, consumption data.

In accordance with the previous data processing purpose.

Driivz Ltd. – provision of ancillary services related to data management in the course of the electromobility service, operation of a telephone application, server services

(based in Hod Hasharon, 4 HaHarash Street, Israel)

Send marketing messages, offers, coupons via email or app.

Sending invitations to participate in challenges, market research, satisfaction surveys, questionnaires via email, app

Invitations to participate in campaigns, games.

The sending of the above messages will only take place if the data subject has given his/her express consent. The customer can give his consent in the application.

Consent of the data subject pursuant to Article 6(1)(a) of the GDPR

The data subject can withdraw his/her consent in the application or via the customer service.

First name, surname, e-mail address if the user has given it: gender, telephone number

The data will be stored for 30 days from the date of termination of the contract, but will be deleted immediately after withdrawal of consent.

Pandant Távfelügyeleti és Mérő-ellenőrző Szolgáltató Ltd. – customer service administration, complaints handling

(headquaters: 1044 Budapest, Óradna street 5.)

In the case of e-roaming, if the customer subscribes to a newsletter from a foreign subsidiary:

MULTICOM Contact Ltd.

1121 Budapest, Zsigmondy Vilmos street 8/b customer service provider in the following countries: SLO, RO, SK, CZ, HR

(customer service tasks, direct communication with customers.)

Complaints handling

Handling and responding to consumer complaints made in writing, electronically, by telephone or in person, and dealing with service-related notifications and service-related complaints

To address consumer complaints: pursuant to Article 17/A (2)-(6) of Act CLV of 1997 on Consumer Protection ("the Consumer Protection Act"), the Company is obliged to investigate complaints from the persons concerned who are consumers and, if the consumer does not agree with the handling of the complaint or if it is not possible to investigate the complaint immediately, the Company shall immediately take a record of the complaint and its position on it and provide or send a copy of the record to the consumer, depending on the nature of the complaint.

If the Customer uses an e-mobility service abroad from a company belonging to the MOL Group, the Customer may choose to.

if he/she is a registered customer, he/she can also contact the customer service of his/her electromobility provider or the operator of the electric charging equipment in his/her country with a complaint.
in the case of a case-by-case customer, you can contact the customer service of the charging equipment operator in the Application or, if you start charging from the website.

The user name, surname, first name, address, telephone number, e-mail address of the person concerned, the data contained in the notification, the data necessary for the payment of any compensation (bank account number), in the case of damage to a motor vehicle, data relating to the vehicle, in particular the type of vehicle, the year of manufacture, the place and time of the e-charging, the identification number and type of the charging equipment used,

type of charging socket used.

In addition, the record of the (consumer's) complaint shall include the place, time and manner of lodging the complaint, a detailed description of the consumer's complaint, a list of documents and other evidence presented by the consumer, the Company's statement of its position on the consumer's complaint, if an immediate investigation of the complaint is possible, the signature of the person who took the record and, except for oral complaints made by telephone or other electronic communication services, the consumer, the place and time of taking the record.

The Company is obliged to keep the minutes of the complaint and a copy of the Company's response to the complaint for 3 years pursuant to Act CLV of 1997 on Consumer Protection and to present them to the supervisory authority upon request (Article 17/A (7) of the Consumer Protection Act).

In the case of e-roaming, if the customer contacts a local customer service or if the processing or handling of a complaint requires the transfer of the complaint, the civil law or consumer protection laws and regulations of the country concerned shall apply. The occasional user can obtain information from the customer service department of the CPO (the MOL Group subsidiary where the charger is located).

In the event of a request from the Consumer Protection Authority and other competent authorities, to forward the data requested by the authority to the authority.

MOL Magyarország Társasági Szolgáltatások Ltd. – mail management (headquarters: 1117 Budapest, Dombóvári street 28.)

MOL GBS Magyarország Ltd. – payment of damages (headquarters: 1117 Budapest, Dombóvári street 28.)

Pandant Távfelügyeleti és Mérő-ellenőrző Szolgáltató Ltd . – customer service administration, complaints handling

(headquarters: 1044 Budapest, Óradna street 5.)

for e-roaming:

MULTICOM Contact Ltd.

1121 Budapest, Zsigmondy Vilmos street 8/ba

customer support service for complaints in the following countries: SLO, RO, SK, CZ, HR

Pandant Távfelügyeleti és Mérő-ellenőrző Szolgáltató Ltd. and MULTICOM Contact Ltd. perform customer service tasks, this organisation is responsible for direct communication with customers.

MOL Plc. has access to user data in the event that Pandant Telemonitoring and Metering Service Ltd. and MULTICOM Contact Ltd. are unable to resolve the complaint within their own competence and need technical assistance from MOL Plc.

Recording telephone conversations with the Company's Customer Service

Article 6(1)(f) GDPR (processing is in the legitimate interest of the Company. The legitimate interest of the Company exists because it is important for the Company to be able to reconstruct events in the case of certain notifications and enquiries from consumers.

The Company will make the interest assesment available on request.

The audio of calls received and made through the Customer Service call centre (call centre). The recordings include the voice of Customers, non-customer data subjects and customer service agents. In the case of notifications, the name, telephone number, e-mail address of the data subject, the data contained in the notification, the name of the customer user, if applicable, and the data required for the payment of any compensation (bank account number) are also recorded.

The audio recording and the related personal data will be kept by the Company (for 5 years) (in accordance with Act V of 2013 on the Civil Code (Civil Code), § 6:22 (1), for the enforcement of possible civil claims of the Company and the defence against possible civil claims of the data subjects, and in accordance with § 17/B (3) of the Act on Consumer Protection.

Pandant Távfelügyeleti és Mérő-ellenőrző Szolgáltató Ltd . – customer service administration, complaints handling

(headquarters: 1044 Budapest, Óradna street 5.)

for e-roaming:

MULTICOM Contact Ltd.

1121 Budapest, Zsigmondy Vilmos street 8/ba

customer support service for complaints in the following countries: SLO, RO, SK, CZ, HR

Pandant Távfelügyeleti és Mérő-ellenőrző Szolgáltató Ltd. and MULTICOM Contact Ltd perform customer service tasks, this organisation is responsible for direct communication with customers.

MOL Plc. has access to user data in case Pandant Távfelügyeleti és Mérő-ellenőrző Szolgáltató Ltd. and MULTICOM Contact Ltd. are unable to resolve the complaint within their own competence and need technical assistance from MOL Plc.

Communicating with Customers and non-Customer data subjects in writing or by email, answering questions, reconciling data

Article 6(1)(a) of the GDPR - the data subject's voluntary consent, given by the data subject by sending the Company the request and the data contained therein, to the extent necessary to reply to the request and to carry out the activities contained therein (e.g. providing information).

The data subject has

the right to withdraw

his or her consent at

any time. The

withdrawal of consent

shall not affect the

lawfulness of

processing based on

consent prior to its

withdrawal.

In the absence of the

data subject's consent,

the Company will not

be able to respond to

such requests.

Personal data contained in the Customer's request and in written correspondence or e-mail

For data subjects other

than the Customer: the

name, address, e-mail

address of the data subject, the data

contained in the

notification, the data

necessary for the

payment of any

compensation (bank

account number),

in the

case of motor vehicle

damage data relating

to the motor vehicle, in

particular the type of

vehicle, the year of

manufacture, the place

and time of e-charging,

the identification

number and type of the

charging equipment

used,

the type of charging

socket used, other data

contained in the data

subject's request.

It will be kept until the

withdrawal of the data

subject's consent or,

failing this, for 5 years

(in accordance with the

Civil Code. 6:22 (1)), for

the purpose of

enforcing any civil law

claims of the Company

and defending against

any civil law claims of the data subjects.

In the event of

withdrawal of consent,

the Company shall

consider that the data

subject does not wish

to assert any claims in

connection with the

request and the

Company's response to

it, and the

communication and

reconciliation of data

with the Company.

MOL Magyarország Társasági Szolgáltatások Ltd.. – mail management

(headquarters: 1117

Budapest, Dombóvári út

28.)

MOL GBS Magyarország Ltd. – compensation for

damages (head office:

1039 Budapest, Szent István street 14.)

Pandant Távfelügyeleti és Mérő-ellenőrző Szolgáltató Ltd . – - written or

e-mail communication

with non-customer data

subjects, answering

questions, data

reconciliation

(registered office: 1044

Budapest, Óradna street 5.)

For e-roaming

MULTICOM Contact Ltd

1121 Budapest, Zsigmondy Vilmos street8/ba

communication with non-customer data subjects in

writing or by e-mail,

answering questions,

data reconciliation in: SLO, RO, SK, CZ, HR

Use of discounts and

promotions based on

cooperation

agreements with other

legal entities

The Company provides

ad hoc discounts and

promotions to a limited

number of Users based

on partnership

agreements with legal

entities related to e-mobility.

The performance of a

contract with a legal

person or a partner for

a discount pursuant to

Article 6(1)(b) of the

GDPR. The Company processes data only to

the extent necessary to

verify the Customer's

entitlement to the

discount.

The Company does not

transmit personal data

about the customer to

its contractual partners.

In the case of Nissan partnership

agreement:

- enter chassis

number

In the case of BMW partnership

agreement:

- MOL partner

card number

In the case of a

company belonging to

the MOL Group:

Business User ID,

Corporate Customer

Name

The data will be stored

for 30 days from the

expiry of the promotion

or discount, or until the

termination of your

contract.

Corporate Client

Driivz Ltd. – provision of

ancillary services related

to data management in

the course of

electromobility services,

operation of a telephone application, server

services

(based in Hod Hasharon,

HaHarash u. 4, Israel) -

identification of the data

required for the

customer to receive the

discount, verification of

eligibility.

Pandant Távfelügyeleti és Mérő-ellenőrző Szolgáltató Ltd . – customer service and

information related to

actions and services

(registered office: 1044

Budapest, Óradna street 5.)

For e-roaming:

MULTICOM Contact Ltd

1121 Budapest, Zsigmondy Vilmos street 8/ba

customer support and

information on

promotions and services

in: SLO, RO, SK, CZ, HR

–

Enforcement of legal

claims

Data retention by the Customer Service in

relation to

communications with

Customers and other

data subjects for the

purpose of pursuing

legal claims and

successfully defending

a dispute or a legal

proceeding

Article 6(1)(f) GDPR

(processing is necessary

for the purposes of the

Company's legitimate interests). Legitimate

interest: the assertion

of a claim by the

Company and the

successful defence of a

dispute or legal action

brought by the

Customer.

All personal data

covered by this privacy

notice, in particular:

User name, surname, first name, e-mail

address, details in the

notification, bank

account number,

details of the vehicle in

the event of damage to

the vehicle, place and

time of the e-recharge,

identification and type

of the charging

equipment used,

the type of charging

socket used,

the type and year of the

vehicle, other data

necessary for the

exercise of legal claims

and the defence in legal

or administrative

proceedings (for

example: data

voluntarily provided by

the data subject in the

request).

Data source: the

Customer Service.

The Company shall

keep documents (e.g. emails, letters, paper

requests) and other requests related to the

communication made

by the Customer

Service for 5 years after

their receipt by the

Customer Service (in

case of e-mails, their

accessibility, in case of

telephone calls, their

recording) (in

accordance with the

Civil Code. 6:22 (1)),

with regard to the

enforcement of any

civil law claims of the

Company and the

defence against any

civil law claims of the

data subject, as well as

in accordance with

paragraph 17/B § (3) of

the Act on the

Protection of the Data

Subject.

If the processing of

personal data is

necessary for the

defence of a judicial or

administrative

procedure initiated by

the data subject or for

the enforcement of the legitimate interest of

the Company, the

Company is entitled, on

the basis of its own

legitimate interest

(Article 6(1)(f) GDPR),

to process the personal

data concerned until

the final conclusion of

the procedure or until

the enforcement of the

legitimate interest by

other means (e.g. the

conclusion of an out-of -court settlement) and,

if it is not necessary to

keep a complete

written or electronic

document containing

the data, to extract the

necessary data from

the document.

Employees of the

Company's Regional

Security, Group

Security, Internal Audit and Legal organisations

have access to the

personal data necessary

for the investigation.

MOL Magyarország Társasági Szolgáltatások Ltd. – mail

management (head office: 1117 Budapest,

Dombóvári street 28.)

MOL GBS Magyarország Ltd. – compensation for

damages (head office:

1039 Budapest, Szent

István street 14.)

Pandant Távfelügyeleti és Mérő-ellenőrző Szolgáltató Ltd . – First round legal action

(registered office: 1044

Budapest, Óradna street 5.)

For e-roaming:

MULTICOM Contact Ltd

1121 Budapest, Zsigmondy Vilmos street 8/ba

Legal claims in the first

instance

in the following

countries: SLO, RO, SK, CZ, HR

Céginformáció.hu Korlátolt Felelősségű Társaság - Claims

management

(1087 Budapest, Könyves Kálmán körút 76.)

User data will be

transferred to the

Service Provider in the

event that the Service

Provider has a financial

claim against the user.

Prevent, detect and

investigate fraud and

abuse of the Service

The prevention and

investigation of

fraud and abuse is

governed by the MOL

Group Code of Ethics

and Business Conduct,

Business Partner Code of Ethics, Ethics Council

Code of Conduct ("Code

of Ethics"), which are

available at:

https://mol.hu/hu/molr

ol/etika-esmegfeleles/etika/

Article 6(1)(f) GDPR

(processing is necessary

for the purposes of the

legitimate interests of

the controllers).

Legitimate interest: to

prevent, detect and

prosecute irregularities

that threaten the

assets, trade secrets,

intellectual property and business reputation

of controllers, as well as

an appropriate,

respectful and fearless

and non-retaliatory

working environment.

Name, data generated

during the

investigation. Data

controllers process the

data necessary to carry

out the investigation,

such as the card

number with the "block

data" they otherwise

process (e.g. name,

item number, quantity, price, place and time of

purchase of the Service

purchased, etc.), in

order to detect and

investigate possible

misuse of the card, for

the duration of the

investigation necessary

for this purpose.

If the investigation

reveals that the

notification is

unfounded or that no

further action is

necessary, the data

relating to the

notification shall be

deleted within 60 days

of the end of the

investigation.

If action is taken on the

basis of the

investigation, including

legal proceedings or

disciplinary action

against the reporting

person, the data

relating to the report

may be processed in

the employer reporting

system until the final

conclusion of the

proceedings initiated

on the basis of the

report at the latest.

- If the Company

launches an ethics

investigation, the

members of the Ethics

Board will have access

to the data necessary

for the investigation.

- Where the Company

initiates other

procedures to prevent,

detect and investigate fraud and abuse,

employees of the

Region Security, Group

Security and Internal

Audit organisations will

have access to the data

necessary for the

investigation.

- If the investigation

involves other MOL

Group members and

the company in

question asserts a legal

claim on the basis of the

investigation, the HR

organisation of the

company in question,

the HR organisation of

the Company, the legal

organisation of the

company in question

and the legal

organisation of the

Company will have

access to the data.

MOL IT & Digital GBS Ltd.

(1117 Budapest, Dombóvári street 28. 1117 Budapest, Dombóvári street 28.) - the provision of IT

and server services

closely related to data

management.

Data controllers and data processors:the privacy notice and the balancing of interests test are available at www.molplugee.hu/legal.

Names, headquarters, telephone numbers, websites (where privacy notices are available) and email addresses of data controllers:

MOL Plc. (head office: 1117 Budapest, Dombóvári út 28., telephone: +36-1-881-8111, website: www.molplugee.hu, e-mail: info@molplugee.hu)
In the case of the data processing identified in rows I and IV-VI of the E-roaming: MOL Plc and its subsidiaries identified in row I. in the data processing are considered as joint controllers, thereby jointly determining the purposes and scope of the processing and being jointly responsible for the processing.

In case of cooperation with a Business Customer, in case of use of the service by a Business User: Business Customer

In addition to the above, the Company uses the services of its legal partners for the management and successful enforcement of its outstanding claims pursuant to Article 6(1)(f) of the GDPR (based on the legitimate interest of the Company) - and transfers to them the personal data necessary for this purpose

(including in particular: data of its contractual partners, their contact persons, data indicated in the contract of representation, data of claims) - which act as independent data controllers as set out in their respective privacy notices. At the request of the data subject, the Company shall provide information on the legal partner acting in relation to a specific processing operation, the contact details of the legal partner, the activity carried out by the legal partner and the scope of the data processed in the context of that activity.

Data controllers are considered independent data controllers and therefore have their own privacy notice.

Contact person(s) of the data controllers:

MOL Plc. - e-mail address: info@molplugee.hu

The name and contact details of the Data Protection Officer(s) at the controller(s):

MOL Plc - Dr. Pál Kara - e-mail: dpo@mol.hu

They have the right to access the data at the data controller:

Recording of telephone conversations with the Company's Customer Service: e-mobility organisation staff.
Handling and responding to written, electronic (e-mail), telephone or face-to-face consumer complaints and service-related objections: e-mobility organisation staff, competent employees of the Legal Department, employees of law firms involved in legal claims.
Communicating, answering questions, reconciling data with Customers and data subjects other than Customers in writing or by electronic mail (e-mail): employees of the e-mobility organisation, relevant employees of the Legal Department, employees of law firms involved in legal claims, employees of the claims management company.
Retention of data relating to Customer Service communications with Customers and other data subjects for the purpose of legal claims: Employees of the e-mobility organisation, and the competent employees of the Legal Department, employees of law firms involved in legal claims for the purpose of legal support for possible claims, defence in court and administrative proceedings.
(MOL Plc. and MOL Limitless Mobility Ltd. . in case of joint data processing:

MOL Plc/Digital Factory/Data Lake team - Identification of the MOL MOVE loyalty programme participants and users of MOL mobility services (MOL Limo and MOL Plugee), in relation to the integration of services into MOL MOVE.

Name, location, telephone number, website (where privacy notices are available) and email address of data processors:

Driivz Ltd.- provision of ancillary services related to data management in the electromobility service, operation of a telephone application, server

services (headquarters: Israel, Hod Hasharon, HaHarash u. 4.) shachar.inbar@driivz.com

Pandant Távfelügyeleti és Mérő-ellenőrző Szolgáltató Ltd. - customer service, complaint handling (headquarters: 1044 Budapest, Óradna utca 5.,

phone: +36-1-370-2333, website: www.pandant.hu, e-mail: info@pandant.hu)

MULTICOM Contact Ltd- customer service, complaint handling (registered office: 1121 Budapest, Zsigmondy Vilmos utca 8/b, phone: +36 (1) 310-

7145; e-mail: info@multicom.hu)

MOL IT & Digital GBS Ltd.- call center audio management (headquarters: 1117 Budapest, Dombóvári út 28, e-mail: miklkiss@msc.mol.hu)
MOL GBS Hungary Ltd..compensation (registered office: 1117 Budapest, Dombóvári út 28., telephone number: 061-209-0000, website: www.mol.hu,

e-mail address: ugyfelszolgalat@mol.hu

MOL Hungary Társasági Szolgáltatások Ltd. – postal mail management, compensation (head office: 1117 Budapest, Dombóvári út 28., phone: 061-209-0000,

website: www.mol.hu, e-mail: ugyfelszolgalat@mol.hu

Céginformáció.hu Korlátolt Felelősségű Társaság - claims management (1087 Budapest, Könyves Kálmán körút 76.), Phone: 06 (1) 333 3000,

Website: www.ceginformacio.hu, e-mail: info@ceginformacio.hu

Contact person(s) of the data processor(s):

Driivz Ltd.- provision of ancillary services related to data management in the course of electromobility services, operation of a telephone

application, server services (headquarters: 4 HaHarash Street, Hod Hasharon, Israel)

MOL IT & Digital GBS Ltd. -call center audio management (headquarters: 1117 Budapest, Dombóvári út 28, e-mail: miklkiss@msc.mol.hu)
MOL GBS Hungary Ltd..:compensation (registered office: 1117 Budapest, Dombóvári út 28., telephone number: 061-209-0000, website: www.mol.hu, e-mail address: ugyfelszolgalat@mol.hu
MOL Magyarország Társasági Szolgáltatások Ltd.. – postal mail management, compensation (head office: 1117 Budapest, Dombóvári út 28., phone: 061-209-0000, website: www.mol.hu, e-mail: ugyfelszolgalat@mol.hu
Pandant Távfelügyeleti és Mérő-ellenőrző Szolgáltató Ltd.. - customer service, complaint handling (headquarters: 1044 Budapest, Óradna utca 5.; phone: 061-370-233 , website: www.pandant.hu, e-mail: info@pandant.hu
MULTICOM Contact Ltd- customer service, complaint handling (registered office: 1121 Budapest, Zsigmondy Vilmos utca 8/b, phone: +36 (1) 310-7145; e-mail: info@multicom.hu)
Céginformáció.hu Korlátolt Felelősségű Társaság - claims management (1087 Budapest, Könyves Kálmán körút 76.), Phone: 06 (1) 333 3000, Website: www.ceginformacio.hu, e-mail: info@ceginformacio.hu

Name and contact details of the Data Protection Officer(s) at the data processor:

Driivz Ltd. – shachar.inbar@driivz.com
Pandant Távfelügyeleti és Mérő-ellenőrző Szolgáltató Ltd.- info@pandant.hu
MULTICOM ContactLtd-info@multicom.hu
MOL IT & Digital GBS Ltd.– dpo@mol.hu
MOL GBS MagyarországLtd: dpo@mol.hu
MOL Magyarország Társasági SzolgáltatásokLtd. – dpo@mol.hu
Céginformáció.hu Korlátolt Felelősségű Társaság- Nagy Dávid, info@prodebt.hu

Data processors have the right to access the data:

Driivz Ltd. –staff
MOL IT & Digital GBS Ltd.– IT staff member
Pandant Távfelügyeleti és Mérő-ellenőrző Szolgáltató Ltd - - customer service representative
MULTICOM ContactLtd-customer service representative
MOL GBS MagyarországLtd.-financial assistant
MOL Magyarország Társasági SzolgáltatásokLtd. –mail order collector
Céginformáció.hu Szolgáltató és Tanácsadó Korlátolt Felelősségű Társaság- claims management associate

Processing of special categories of personal data for the purposes set out in this Notice: No sensitive data is processed.

Transfer of data to a third country:the Parties stipulate that the Processor will access certain personal data in Israel, in which case the Processor will ensure

an adequate level of data protection in accordance with Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals

with regard to the processing of personal data and on the free movement of such data, available at the following link: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32011D0061&from=HU .

The fact of automated decision-making, including profiling, and, at least in these cases, clear information on the logic used and the significance of such processing and the likely consequences for the data subject: no automated decision-making and profiling.

Data security measures:

Information security management system	Ensuring the confidentiality, integrity and availability of organisational information by implementing policies, processes, process descriptions, organisational structures, software and hardware functions.
Physical access	Ensuring the protection of physical assets that contain data relating to the MOL Group.
Logical access	Ensuring that only approved and authorised users have access to data used by MOL Group companies.
Data access	Ensuring that only persons authorised to use the systems have access to MOL Group corporate data.
Data transmission / storage / destruction	To ensure that MOL Group company data cannot be transmitted, read, modified or deleted by unauthorised persons during transmission or storage. In addition, ensure the immediate deletion of MOL Group Corporate Data when the purpose of the processing ceases.
Confidentiality and integrity	To ensure that when processing MOL Group corporate data, the data is kept confidential and up to date and to preserve its integrity.
Contact	To ensure that MOL Group corporate data is protected against accidental destruction or loss and, in the event of an incident that causes such consequences, to provide timely access to and recovery of the affected MOL Group corporate data.
Data separation	Ensuring that data of MOL Group companies is treated separately from data of other customers.
Incident management	In the event of any breach of MOL Group corporate data, the impact of the breach should be minimised and the owners of MOL Group corporate data should be notified immediately.
Audit	Ensuring that the processor regularly tests, reviews and evaluates the effectiveness of the technical and organisational measures outlined above.

Your rights regarding data processing:

Your data protection rights and remedies and their limitations are set out in detail in the GDPR (in particular Articles 15, 16, 17, 18, 19, 20, 21, 22, 77, 78, 79

and 82 of the GDPR). You may request information about your data at any time, request the rectification, erasure or restriction of processing of your data at

any time, or object to processing based on legitimate interests. The most important provisions are summarised below.

In particular, the Company draws your attention to the following when providing the information: you have the right to object at any time, on grounds

relating to your particular situation, to the processing of your personal data on the basis of the Company's legitimate interest. In such a case, the Company

may no longer process the personal data unless the Company can demonstrate compelling legitimate grounds for the processing which override your

interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Right to information:

Where the Company processes personal data relating to you, the Company is obliged to provide you with information, even without your request, on the

main features of the processing, such as the purpose, legal basis, duration, the identity and contact details of the Company and its representative, the contact

details of the Data Protection Officer, the recipients of the personal data, in the case of processing based on legitimate interests, the legitimate interests of

the Company and/or third parties and your rights and remedies with regard to the processing (including the right to lodge a complaint with a supervisory

authority) and, where you are not the source of the data, the source of the personal data and the categories of personal data concerned, if you do not already

have this information. The Company will provide this information by making this notice available to you.

Right of access:

You have the right to receive feedback from the Company as to whether your personal data are being processed and, if such processing is ongoing, you have

the right to access your personal data and certain information about the processing, including the purposes of the processing, the categories of personal data

concerned, the recipients of the personal data, the (envisaged) duration of the processing, the rights and remedies of the data subject (including the right to

lodge a complaint with a supervisory authority) and, in case of data not collected from you, information about the source of the data.

Upon your request, the Company will provide you with a copy of the personal data processed. The Company may charge a reasonable fee based on

administrative costs for any additional copies you request. If you have submitted your request electronically, the information will be provided in a commonly

used electronic format unless you request otherwise. The right to request a copy must not adversely affect the rights and freedoms of others.

The information is free of charge if the person requesting the information has not yet submitted an information request to the controller for the same set of

data in the current year. For offline users, the cost of the second request is HUF 500 (including postage and CD)

If you request the provision of an audio recording of a call centre, the data controller will provide the requested recording in the following manner.

For online users: the encrypted file is sent via Secure Data Room. The key for the interview is provided by the data controller via SMS.

For offline wall users: the encrypted file is copied to a CD and the requested audio is sent to the customer. The key for the audition is provided by the data controller via SMS.

Right to rectification:

You have the right to have inaccurate personal data concerning you corrected by the Company without undue delay upon your request. Taking into account

the purpose of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.

Right to erasure:

You have the right to request the Company to delete personal data concerning you without undue delay, and the Company is obliged to delete personal data

concerning you without undue delay if certain conditions are met. Among other things, the Company is obliged to delete your personal data at your request

if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; if you withdraw your consent on the basis of which the data are processed and there is no other legal basis for the processing; or if the personal data have been processed unlawfully; or if you object

to the processing and there is no overriding legitimate ground for the processing; or if the personal data must be deleted in order to comply with a legal

obligation under Union or Member State law applicable to the Company.

The above shall not apply where the processing is necessary:

to exercise the right to freedom of expression and information;
for the purposes of complying with an obligation under EU or Member State law that requires the processing of personal data applicable to the Company;
for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes, where the right of erasure would be likely to render such processing impossible or seriously jeopardise it;
to bring, enforce or defend legal claims.

Right to restriction of processing:

You have the right to request the Company to restrict the processing of your personal data if one of the following conditions is met:

You contest the accuracy of the personal data, in which case the limitation applies for the period of time that allows the Company to verify the accuracy of the personal data;
the processing is unlawful and you object to the deletion of the data and instead request the restriction of their use;
the Company no longer needs the personal data for the purposes of processing, but you require them for the establishment, exercise or defence of legal claims; or
You have objected to the processing; in this case, the restriction applies for the period until it is established whether the Company's legitimate grounds prevail over your legitimate grounds.

If processing is restricted on the basis of the above, such personal data, except for storage, may only be processed with your consent or for the establishment,

exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the Union or of a

Member State.

The Company will inform you in advance if the restriction on processing is lifted at your request.

Right to object:

You have the right to object at any time to the processing of your personal data based on the Company's legitimate interest. In such a case, the Company

may no longer process the personal data unless the Company can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

The framework for the exercise of rights:

The controller shall inform you of the action taken on your request concerning your rights listed above without undue delay and in any event within one

month of receipt of the request. If necessary, taking into account the complexity of the request and the number of requests, this time limit may be extended

by a further two months. The Data Controller shall inform you of the extension, stating the reasons for the delay, within one month of receipt of the request.

If the Data Controller does not take action on your request, it shall inform you without delay, but at the latest within one month of receipt of the request, of

the reasons for the failure to take action and of your right to lodge a complaint with the competent data protection supervisory authority (in Hungary, the

National Authority for Data Protection and Freedom of Information; "NAIH") and to exercise your right to judicial remedy. The contact details of the NAIH

(address: 1055 Budapest, Falk Miksa utca 9-11., postal address: 1373 Budapest, P.O. Box 9., Tel: +36 1 391 1400, +36 (30) 683-5969 or +36 (30) 549-6838 Fax:

+36-1-391-1410, e-mail: ugyfelszolgalat@naih.hu, website: http://naih.hu/ ).

You can take legal action if your rights are infringed. The court has jurisdiction. You can also choose to bring the case before the court of the place where you

live or where you are domiciled. The court may order the controller to provide information, to rectify, restrict or erase the data, to annul a decision taken by

automated processing, or to take into account your right to object. The court may order the publication of its judgment in such a way that the Controller or any other controller and the infringement committed by it can be identified.

You can seek compensation from the controller responsible for the damage caused by unlawful processing (including failure to take security measures). If the

controller infringes your privacy rights by unlawfully processing your data or by breaching data security requirements, you may claim damages from the

controller. The controller shall be exempted from liability if it proves that the damage or the infringement of the data subject's personality right was caused

by an unforeseeable event outside the scope of the processing.

No compensation shall be payable and no damages shall be recoverable to the extent that they result from the intentional or grossly negligent conduct of the injured party.