'%3e%3cpath%20d='M20.3175%2021.1202H26.6667V14.7204H20.3175V21.1202ZM0%200V10.8798H1.90452V10.5595C1.90452%205.43992%204.76243%202.24003%2010.1582%202.24003H10.476V25.2799C10.476%2028.4798%209.20593%2029.76%206.03135%2029.76H5.07909V32H21.5864V29.76H20.6342C17.4596%2029.76%2016.1895%2028.4798%2016.1895%2025.2799V2.24003H16.5073C21.9042%202.24003%2024.761%205.43992%2024.761%2010.5595V10.8798H26.6655V0H0ZM6.34915%2021.1202H0V14.7204H6.34915V21.1202Z'%20fill='%23E20074'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_721_728'%3e%3crect%20width='26.6667'%20height='32'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
DATA PROCESSING INFORMATION
TELEKOM BUSINESS INTELLIGENT DIGITAL ASSISTANT
Telekom Rendszerintegráció Zrt. as data controller ("Data Controller") in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("GDPR"), hereby informs Data Subjects about the processing of their personal data.
The Digital Assistant solution of Telekom is recommended for large enterprises and SMEs. Its basic functions can be explored in the online demo made available by the Data Controller at www.comind.telekom.hu ("Demo Site"). The Digital Assistant is based on artificial intelligence (AI) technology, which uses algorithms, integrated large language models (LLMs) and pre-provided information, data, documents and data sets to automatically analyse user information, questions, instructions, and relevant information, answers and references are generated for the purpose of familiarising users with the basic functions of the Digital Assistant and marketing the Digital Assistant.
The customer or user may not share personal data when using the Digital Assistant! If personal data is shared, section 3.1 below and the relevant parts of the information notice shall apply.
On the Demo Site, it is possible to subscribe to offers related to the Digital Assistant. Section 3.2 below shall apply in this case.
1. NAME AND CONTACT DETAILS OF THE DATA CONTROLLER:
Telekom Rendszerintegráció Zrt. (registered office: 1097 Budapest, Könyves Kálmán körút 36.; company registration number: 01-10-044852)
Contact details:
email address:rendszerintegracio@telekom.hu , telephone number: +361470 6400
2. CONTACT DETAILS OF THE DATA PROTECTION OFFICER:
address: 1097 Budapest, Könyves Kálmán krt. 36.; email: DPO@telekom.hu
PURPOSE OF PERSONAL DATA PROCESSING, LEGAL BASIS FOR DATA PROCESSING, CATEGORIES OF PERSONAL DATA CONCERNED AND CRITERIA FOR DETERMINING THE DURATION OF DATA PROCESSING:
Purpose of data processing | Legal basis for data processing | Scope of personal data processed | Duration of data processing or criteria for determining the duration |
|---|---|---|---|
3.1. Intelligent digital assistant, demonstration and presentation of its basic functions to large enterprise and SME business, (prospective) customers | The legitimate interest of the Data Controller and the large enterprise or SME business (prospective) customer pursuant to Article 6(1)(f) of the GDPR | If the user provides personal data in a manner contrary to the terms of use while using the Digital Assistant , the data provided during the chat conversation with the Digital Assistant. | 2 years |
3.2. Preparation and sending of business offers to large corporate and SME (prospective) customers | Consent of the data subject pursuant to Article 6(1)(a) of the GDPR The data subject may withdraw their consent at any time by sending a message to comind@telekom.hu. Withdrawal of consent does not affect the lawfulness of data processing prior to withdrawal. | Name, email address, company name, telephone number | Until consent is withdrawn, but no later than 2 months from the date of provision of the data |
4. AUTOMATED DECISION-MAKING (INCLUDING PROFILING):
No automated decision-making, including profiling, takes place during data processing.
5. TRANSFER OF PERSONAL DATA, RECIPIENTS OF PERSONAL DATA AND CATEGORIES OF RECIPIENTS:
The Data Controller uses the following data processors in connection with data processing:
(Sub-)data processor (name, address) | Nature and scope of data processing | Data protection officer or contact person | Is data transferred outside the EU/EEA? |
|---|---|---|---|
Mito Creative Ltd. | Development and operation of the Demo Page | No |
The Digital Assistant LLM component is provided by Microsoft as part of the Azure OpenAI Service. Microsoft's relevant terms and conditions, description: https://learn.microsoft.com/en-us/legal/cognitive-services/openai/data-privacy?tabs=azure-portal, including the relevant Microsoft Products and Services Data Protection Addendum (DPA) data processing agreement ( Licensing Documents ).
Personal data will not be transferred to recipients other than the above data processors.
6. DATA SUBJECT RIGHTS:
Data subjects have the following rights in relation to data processing:
the right to access personal data concerning him or her,
the right to rectification of their personal data,
the right to erasure or restriction of processing of their personal data, except for mandatory data processing,
the right to data portability, provided that the conditions specified in the legislation are met, and
the right to object in the case of data processing based on legitimate interests.
6.1. Right of access:
The data subject has the right to obtain confirmation from the Data Controller as to whether personal data concerning him or her are being processed and, where such processing is taking place, to obtain access to the personal data. The Data Controller shall provide the data subject with a copy of the personal data undergoing processing. The Data Controller may charge a reasonable fee based on administrative costs for any additional copies requested by the Data Subject. If the Data Subject has submitted the request electronically, the information shall be provided in a widely used electronic format, unless the Data Subject requests otherwise.
6.2. Right to rectification:
The Data Subject shall have the right to obtain from the Data Controller, without undue delay, the rectification of inaccurate personal data concerning him or her.
6.3. Right to erasure:
The Data Subject shall have the right to obtain from the Data Controller the erasure of personal data concerning him or her without undue delay and the Data Controller shall have the obligation to erase personal data concerning the Data Subject without undue delay where one of the following grounds applies:
the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
the data subject withdraws consent on which the processing is based in accordance with point (a) of Article 6(1) or point (a) of Article 9(2) of the General Data Protection Regulation and there is no other legal ground for the processing;
the data subject objects to the processing pursuant to Article 21(1) of the General Data Protection Regulation and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the General Data Protection Regulation;
the personal data has been unlawfully processed;
the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the Controller is subject;
the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the General Data Protection Regulation (conditions for the consent of children).
6.4. Right to restriction of processing:
The Data Subject shall have the right to obtain from the Controller restriction of processing where one of the following applies:
the Data Subject contests the accuracy of the personal data, in which case the restriction shall apply for a period enabling the Data Controller to verify the accuracy of the personal data;
the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;
the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or
the data subject has objected to the processing pursuant to Article 21(1) of the General Data Protection Regulation; in this case, the restriction applies for as long as it takes to establish whether the legitimate grounds of the controller override those of the data subject.
Where processing of personal data is restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
6.5. Right to data portability:
The Data Subject shall also have the right to receive the personal data concerning him or her, which he or she has provided to the Data Controller, in a structured, commonly used and machine-readable format, and to have those data transmitted to another controller without hindrance from the controller to which the personal data have been provided, where: (i) the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the General Data Protection Regulation, or on a contract pursuant to Article 6(1)(b) of the General Data Protection Regulation; and (ii) the processing is carried out by automated means.
6.6. Right to object:
The Data Subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on Article 6(1)(e) or (f), including profiling based on those provisions. In this case, the Data Controller may no longer process the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. If the data subject objects to the processing of personal data for direct marketing purposes, the personal data shall no longer be processed for that purpose.
6.7. General rules for exercising the rights of data subjects:
The Data Controller shall inform the Data Subject of the measures taken in response to the request without undue delay, but no later than one month after receipt of the request. If necessary, taking into account the complexity of the request and the number of requests, this period may be extended by a further two months. The Data Controller shall inform the Data Subject of the extension of the deadline within one month of receipt of the request, indicating the reasons for the delay. If the Data Subject has submitted the request electronically, the information shall be provided electronically, unless the Data Subject requests otherwise.
The Data Controller shall provide the information and take the measures free of charge. If the Data Subject's request is manifestly unfounded or excessive, in particular because of its repetitive nature, the Data Controller may, taking into account the administrative costs of providing the requested information or communication or taking the requested action:
charge a reasonable fee, or
refuse to take action on the request.
The burden of proving that the request is manifestly unfounded or excessive shall lie with the Data Controller.
If the Data Controller has reasonable doubts about the identity of the natural person submitting the request, it may request further information necessary to confirm the identity of the Data Subject.
7. LEGAL REMEDIES:
The Data Subject may contact the Data Controller's data protection officer at any time in relation to the processing of their personal data (address: 1097 Budapest, Könyves Kálmán krt. 36.; email:DPO@telekom.hu ).
In the event of a complaint regarding the processing of their personal data, the Data Subject may also contact the National Authority for Data Protection and Freedom of Information (postal address: 1363 Budapest, Pf. 9., address: 1055 Budapest, Falk Miksa utca 9-11., Telephone: +36 (1) 391-1400; Fax: +36 (1) 391-1410; E-mail:ugyfelszolgalat@naih.hu ; website: www.naih.hu).
In the event of a violation of their rights, Data Subjects may take legal action against the Data Controller. The court shall hear the case as a matter of priority. The Data Controller shall be obliged to prove that the data processing complies with the provisions of the law. The case shall be heard by the court of law, which in the capital city shall be the Metropolitan Court of Law. The case may also be brought before the court of law of the Data Subject's place of residence or domicile.
The Data Controller shall be liable for any damage caused to others by the unlawful processing of the Data Subject's data or by a breach of data security requirements. The Data Controller shall be exempt from liability if it proves that the damage was caused by an unavoidable reason outside the scope of data processing. No compensation shall be paid for damage caused by the intentional or grossly negligent conduct of the injured party.
Dated: Budapest, 2025. 09. 09.