DATA PROCESSING INFORMATION
Subject: data processing associated with the operation of the M5 motorway
Based on the concession contract between the AKA Alföld Concession Motorway Ltd.(Contractor) and the Hungarian State (State), the high-end operation and maintenance of the section of M5 motorway between Budapest and Röszke is provided by Contractor with the contribution of A-WAY Motorway Operation and Maintenance Ltd. to ensure undisturbed transportation on the motorway every day of the year.
With the operation of the motorway activities may take place, which may require processing of your personal data.
In the following data protection information, in accordance with the General Data Protection Regulation of the EU[1] (hereinafter ”GDPR”) – we want to inform you on all relevant conditions of our data processing in connection with you using the M5 motorway, on its operation and on rights and remedies you are entitled to exercise and use in this context.
Content
1. Who processes your personal data?
2. Which of your personal data are processed in connection with the operation of M 5 motorway and for what purpose?
2.1 Data processing associated with the operation of the traffic camera system.
2.2 Data processing related to the operation of the axle weight measurement station.
2.3 Camera systems for property protection operated at the premises of the Controllers.
2.4. Data processing from recordings of SOS phone calls.
2.5. Data processing for complaint management
2.6. Data management associated with incidents on particular road sections.
2.7. Data processing related to recording of URH radio calls.
2.8. Data management associated with voice recording of phone calls received by the dispatcher center
2.9. Road manager permits.
2.10. Data processing related to traffic surveying
3. What rights do you have in connection with data processing?
4. What security measures are taken to protect your personal data
5. Amendment of this regulation
6. Additional processing of data (not related to the operation of the motorway)
7. Date of the regulation.
1. Who processes your personal data?
In the course of data processing related to the operation of motorways as described below, AKA Alföld Concession Motorway Ltd. will process your data jointly with A-WAY Motorway Operation and Maintenance Ltd., the company established to carry out the duties of the operation of the motorway.
Both companies belong to the STRABAG Group and they were established specifically for the construction and operation of the M5 motorway. The concession rights of operating the motorway are owned by AKA Ltd. while the operative management of the motorway is performed by A-WAY Ltd. Unless otherwise instructed in this document, in respect of the data processing described below controllers qualify as joint controllers, i.e. they jointly determine the purpose and devices of data processing.
Contact details of the joint controllers:
AKA Alföld Concession Motorway Ltd. Registered seat: 1023 Budapest, Lajos u. 26. Phone number: +36 (1) 326 0555 email: akazrt@aka.hu |
A-WAY Motorway Operation and Maintenance Ltd. Registered seat: 2367 Újhartyán, Újlengyeli út 3. Phone number: (06 29) 372 951 email: info@m5autopalya.hu |
The joint controllers commissioned CML Construction Services Ltd., a member of the STRAGAB Group specialized in data protection issues, to provide the widest possible range of data protection information and to ensure that you can exercise the rights you are entitled to; therefore, in addition to the above-mentioned joint controllers you can contact our member company below with questions concerning data protection issues, inquiries, and exercising your rights as data subject:
CML Construction Services Ltd.
Official seat: 1117 Budapest, Gábor Dénes utca 2. (Infopark Building D).
Phone number: +36 1 358- 5306
email: data-protection-hu@strabag.com
2. Which of your personal data are processed in connection with the operation of M5 motorway and for what purpose?
Please find below the description of the processing of your data in connection with your using the motorway or with your personal data handled in relation with your requests or inquiries related to the motorway.
Based on the GDPR “‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” (Based on definition according to Art. 4 Par. 1 of GDPR).
2.1 Data processing associated with the operation of the traffic camera system
Controllers installed cameras at the sites listed below, between the 17+400 and 173+895 kilometre sections of the M5 motorway: M0-Gyál intersection, Ócsa intersection, Inárcs intersection and rest area, Újhatyán intersection, Örkény intersection and rest area, Lajosmizse intersection and rest area, Kecskemét North intersection, Hetényegyháza rest area, Kecskemét North Bypass, Kecskemét West intersection, Kecskemét South intersetion and rest area, Kiskunfélegyháza North intersection, Kiskunfélegyháza South interstion, Petőfiszállás rest area, Csengele rest area, Kistelek intersection, Balástya intersection, Szatymaz rest area, Szeged North intersection, Szeged West intersection, Szeged South intersection and rest area, Röszke intersection and rest area.
- Potential scope of the persons concerned with camera surveillance
Persons crossing the above points of the M5 motorway who get into the angle of view of the cameras installed in the area of the motorway.
- Purpose of data processing:
To improve on M5 motorway the safety of traffic and public safety, to detect situations endangering the life, physical integrity and the property of travellers, to ensure property protection of the parts and accessories of the motorway, surveillance of road traffic (in particular to filter out traffic jams, vehicle moving in the opposite direction, stoppage on the emergency lane), statistical collection of data (primarily for traffic count and analysis), completion of official data requests and enquiries.
- Legal basis of data processing:
Art 6 Par. 1 Point e) of GDPR, which says “processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”.
- Scope of processed data:
Images of vehicles/persons passing in the angle of view of the cameras or inferences that can be drawn from them (e.g. color and type of the vehicle, the action recorded in the snapshot, etc.).
- Other special characteristics of data processing:
Due to their low resolution (snapshots are recorded at a distance of 80 metre from the focal point in a VGA resolution of 1.3 megapixels) snapshots of the cameras are inappropriate for a direct identification of those involved. Though the color and the make of the vehicle might be established based on the snapshots (possibly its type, too), they do not show personal data (such as registration number, portrait) by which the data subject could be directly identified.
Accordingly, controllers do not process -either special -or criminal personal data; they do not obtain such data, and do not initiate access to such data. Furthermore, controllers do not have access to databases that could enable identification of the persons and vehicles in the snapshots. According to Art. 11 of GDPR, processing of the snapshots is data processing that does not require identification.
Furthermore, cameras are not considered
- to be an electronic verification tool used for controlling toll entitlement (UD system) within the meaning of Art. 45 Par. (5) of Act I of 1988 on Road Traffic, accordingly, Controllers do not perform data processing related to the toll road use;
- to be an electronic monitoring system, snapshots of which, pursuant to Art. 33/D of Act No. I of 1988 on Road Traffic, are not recorded on data storage provided by a central hosting service provider assigned by the government;
- to be an electronic control system within the meaning of Government decree No 410/2007 (XII. 29.) and GKM decree No. 18/2008 (IV. 30.) of the Ministry of Economy and Transport; accordingly, the snapshots are not used in connection with traffic violations subject to administrative fines.
- Recipients of data transfer:
As a general rule, snapshots are accessible only for dispatchers involved in the monitoring of traffic within the scope of their jobs, and snapshots will not be forwarded to other third parties, with the following exceptions:
- for data processors specifically authorized to do these tasks as part of the technical maintenance of the camera system, in case the processing of the snapshots is necessary to perform the technical repair or maintenance tasks,
- for the purpose of statistical collection of data, if such collection for statistical purposes was authorized based on the procedural rules relevant to Controllers, or
- in order to ensure the right or legitimate interest of the subject, upon his/her request, or ex officio through the request for data of the authority entitled to conduct a procedure.
- Duration of data processing:
With regard to the principle of data minimization, snapshots are processed only as long as required according to the purpose of data processing, which, as a general rule, is 72 hours of taking the snapshot. After that period, in the absence of a request related to their use, the snapshots will be automatically deleted.
- If the snapshot violates any of your rights or legitimate interests, within 72 hours of recording it you may request to block the snapshot and not to use it in official proceedings by submitting a request to the competent authority. In case the above deadlines are missed, the snapshot will be automatically deleted.
- If you want to exercise your rights under GDPR, please be informed that – due to the low resolution of the snapshots – unambiguous identification of persons on the snapshots is not possible. Data processing qualifies as data processing not requiring identification within the meaning of Art. 11 of GDPR. As a consequence, the subjects may only exercise their rights according to Art. 15 – 20 of GDPR, when they provide the Controllers with additional information enabling their identification.
- In the case of data collection for statistical purposes, the recording, collection, and analysis of the snapshots is allowed in the time range required (specified) for data collection, provided that such analysis should be performed continuously, if possible simultaneously with the creation of the snapshots, and once the analysis is closed, but not later than 6 months after the recording of the snapshots, the recordings should be deleted or destroyed.
2.2 Data processing related to the operation of the axle weight measurement station
An axle a weigh station, installed in the direction of Budapest, in kilometre section 71+500 of the left lane of the M5 motorway at the boundary of Lajosmizse, has been operating since the 1st February 2007.
- Potential range of data subjects concerned with data processing:
Drivers of heavy vehicles driving on the M5 motorway or owner/keeper of the heavy vehicle (if a natural person), of which an axle overweight is established as a result of the scaling.
- Purpose of data processing:
Controllers operate weigh stations in relation to their duties as road managers for the purposes shown below:
- Improvement of traffic safety
Overloaded vehicles increase the risk of accidents due to the increased braking distance and the worse maneuverability, among others. These vehicles are more likely to cause accidents and the proportion of the accidents with serious personal injuries or death is also much higher. A substantial part of these accidents could be avoided through the reduction of the number of overweight heavy vehicles on the road, or the outcomes would be less serious.
- Protecting the condition of the road network
Overloaded vehicles significantly accelerate the amortization of the roads. Road damage caused by a 40-ton vehicle travelling regularly equals to the degradation of the pavement caused by several thousands of passenger cars; an overloaded vehicle causes damage multiple of that.
- Legal basis of data processing:
Art 6 Par. 1 Point e) of GDPR, according to which processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Authorization for Controllers, as road managers, for operating the axle weight measuring station is provided for by NFM Decree No. 36/2017 (IX. 18.) of the Ministry of National Development on the operation of vehicles in excess of a specific gross combined weight, axle load, axle group load and size.
- Scope of processed data:
Snapshots taken of vehicles selected for axle weight measuring, which records the profile image of the heavy vehicle and its license plate.
Data of the records taken of the weighing of an overweight vehicle: data of the scaled vehicle (license plate of the vehicle/tractor and the tow, their nationality, make, type, own weight); data of the owner/keeper (name, address, phone number, fax number, nationality); data of the vehicle driver (name, address, ID card/passport number, citizenship); data of the cargo (designation, weight, number of waybill); result of the scaling.
- Recipients of data transfer:
As a general rule, processed data are available only for inspectors of the Controllers involved by their job task, and snapshots will not be forwarded to other third parties, with the following exceptions:
- in case it is established in the inspection that the vehicle is overweight or oversized, runs without permission, or with a deviation from the conditions included in the permission; in this case the record taken in the inspection and the snapshots are sent by the Controllers via direct system connection after the inspection for the traffic authority to impose a fine.
- for data processors specifically authorized to do these tasks as part of the technical maintenance of the camera system, in case the processing of the snapshots is necessary to perform the technical repair or maintenance tasks,
- for the purpose of statistical collection of data, if such collection for statistical purposes was authorized based on the procedural rules relevant to Controllers, or
- in order to ensure the right or legitimate interest of the subject, upon his/her request, or ex officio through the request for data of the authority entitled to conduct a procedure
- Duration of data processing:
For overweight vehicles snapshots of scaling and the record will be kept for the general 5-year-long limitation period.
2.3 Camera systems for property protection operated at the premises of the Controllers
Among Controllers, AKA Ltd. operates a property protection system at its registered seat at 1023 Budapest, Lajos u. 26, and A-WAY Ltd. at the operation and maintenance centres operated by it (2367 Újhartyán, Újlengyeli út 3., 6100 Kiskunfélegyháza at 108 km section of M5 Motorway, 6764 Balástya, outskirts, plot no. 0313/76). In respect of the various camera systems, AKA Ltd. and A-WAY Ltd. are considered as independent controllers. For further information on the data processing via camera systems, see the detailed camera rules available at the above sites and the warning signs about shortened camera surveillance located at the sites.
- Potential scope of the persons involved in the camera surveillance
Persons entering the area monitored by the camera surveillance.
- Purpose of data processing:
Data processing is performed in order to protect human life, physical integrity, personal freedom, as well as property, to ensure the detection of infringements, to catch the perpetrator committing the offence, to prevent the acts of infringement and ensure that infringements can be proven subsequently.
- Legal basis of data processing:
Act. 6 Par. (1) Point f) of GDPR based on which data processing is necessary to the vindication of the legitimate rights of the Controller or a third person. Within the frame of a data processing impact assessment, Controllers considered the interests to the necessary extent and established that they do have legitimate interests in relation to the purposes to be detailed below, and simultaneously there will not be a disproportionate harm to data subjects’ interests or rights and freedom.
- Scope of processed data:
Image and movements of persons entering the area monitored by the camera surveillance.
- Recipients of data transfer:
Only a limited number of persons is entitled to view the snapshots:
– employees and other workers having decision-making rights, exclusively within the controller’s organization, and
– the data processing company performing the maintenance of the system and contracted with the controller (Hesse Ltd., registered seat: 6000 Kecskemét Tél u 13.),
in both cases to the extent and in the manner as it is absolutely necessary for the completion of their job duties and exercising their rights.
Controllers are entitled to forward data recorded by the surveillance system to the above-mentioned authorities or persons in compliance with the requirements specified in legislation, upon the enquiry of the court, authority or other entitled person. Controllers do not forward data to a third person in other cases.
- Duration of data processing:
If the recorded snapshots are not to be used, they will be automatically deleted after 30 business days. Snapshots are considered to be used if the recordings used as evidence in the proceedings of a court or other authority, or in the course of preparations thereof.
2.4. Data processing from recordings of SOS phone calls
SOS telephones have been installed along the track of the motorway in order to provide an opportunity for persons in trouble to ask for help, in accidents, or struggling with technical problems. Calls from such telephones are transmitted into the dispatch center of Controllers, where further measures will be arranged depending on the nature of the hazard.
- Potential range of data subjects:
Persons using SOS telephones installed alongside the motorway.
- Purpose of data processing:
Incoming calls will be recorded to allow listening to the information provided in the call subsequently in order to reconstruct the events if required and to facilitate this way the taking of efficient measures in reaction to an emergency.
- Legal basis of data processing:
Art. 6 Par. 1 Point e) of GDPR, based on which processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or in some cases (e.g. reports on accidents and personal injuries) Art 6 Par. 1 Point d) of GDPR, according to which processing is necessary in order to protect the vital interests of the data subject or of another natural person.
- Scope of processed data:
Audio recording of phone calls in which the name of the persons making the report, their phone number, current location, and further information on the circumstances of the accident are recorded. The content of calls important for motorway operation will also be recorded in writing, as a brief summary, in the dispatcher log.
- Recipients of data transfer:
Recordings will be accessed by dispatchers of the center by their job duties, and information provided in the recordings may be forwarded to the following third persons, subject to the emergency reported:
– police, fire service, ambulance, emergency call center, emergency services of the Hungarian Automobile Club (MAK), General Directorate of the National Disaster Management, civil defense, gas, water and electricity suppliers, motorway maintenance centers of Controllers (Újhartyán, Kiskunfélegyháza, Balástya), National Ambulance Service (OMSZ), road information (ÚTINFORM), road inspectors.
- Duration of data processing:
Audio recordings will be stored up to 6 months of the recording, after that they will be automatically deleted. The brief description of the emergency case and the measures taken, recorded in writing in the dispatcher’s log, will be stored up to the general limitation period of 5 years.
2.5. Data processing for complaint management
- Purpose of data processing:
Investigation, management, documentation of the complaints made in relation to the operation of the motorway and processing of the data for maintaining contact with the submitter. Complaints can be made in writing in a message sent to the postal or email address of Controllers or by calling the central phone number of Controllers.
- Potential scope of persons involved:
Person reporting the complaint.
- Legal basis of data processing:
Art 6 Par. (1) Point c) of GDPR, according to which processing is necessary for compliance with a legal obligation to which the controller is subject (Art. 17/A Par. (7) of Act CLV of 1997 on consumer protection).
- Scope of processed data:
Data related to the circumstances of the complaint and those necessary to maintain contact with the complainant, typically the name, postal / email address, phone number of the notifying person and further personal data included in the description and circumstances of the complaint.
- Recipients of data transfer:
Data will be forwarded to third persons other than the Controllers only when it is absolutely necessary for resolving the complaint. In this case, Controllers will forward the data absolutely necessary for settling the complaint.
Third persons potentially participating in resolving the complaint:
- third party contractors acting commissioned by the Controllers, if they are affected by the complaint,
- CML Construction Services Ltd.., a company in the Company Group of Controllers providing legal services for them, if legal support is required to resolve the complaint.
- Duration of data processing:
The notification will be kept for up to the general limitation period of 5 years from notifying the Controllers about the complaint.
2.6. Data management associated with incidents on particular road sections
- Potential range of data subjects:
Persons involved in the incidents outlined below.
- Purpose of data processing:
Data processing in relation to any incident deviating from normal operation, averting damage, recording and registering circumstances, enforcement of insurance claims related to the damage, as well as performing duties of Controllers under the road management operation contract, between the 17+400 and 173+895 km section of the M5 motorway.
- Legal basis of data processing:
Article 6 Par. 1 Point e) of GDPR, according to which processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, and in certain cases (e.g. when reporting technical errors, accidents, personal injuries) Article 6 Par. 1 point d) of the GDPR, according to which data processing is necessary to protect the vital interests of the data subject or another natural person.
- Scope of processed data:
- Personal data potentially included in the incident reporting, form in the description of the incident. An incident is defined as any event deviating from usual or permitted use, for or after which the corrective action of or repair by the road inspector, the maintenance personnel, or third person, or use of repair or replacement material, is not required.
- Personal data potentially included in the fault reporting form in the description of the incident. An incident is defined as any event deviating from usual or permitted use, for or after which the corrective action of or repair by the road inspector, the maintenance personnel, or third person, or use of repair or replacement material, is not required.
- Personal data on the accident reporting form: date and time of the accident, its location; name, address, phone number of the witnesses; name, address, phone number of the insurance holder; make, type, registration number of the vehicle; number of the liability insurance policy; number of the Green Card; name, address of the driver; number, category, expiry date of the driving license; description of injuries; circumstances of the accident.
In case pieces of property of the Controllers get damaged, it is the road inspector’s duty to ensure the full and correct completion of the standard European insurance damage report.
- Personal data recorded during the ‘Declaration of a technical rescue‘: name of the applicant, method of application (ECS/telephone/URH), date and time of application, name, address, nationality, mobile number, vehicle registration number, type, geographical location, nature of technical fault, requested measure (request for technical rescue, date, name of the external service provider performing the notified technical rescue or the person receiving the message on their behalf, number plate of the rescue vehicle sent to the scene, expected time of arrival at the scene, other comments, delivery address of the vehicle, data relating to the report (fact of repair, date, storage fact, place), name of acting dispatcher, registration number.
- Personal data recorded on the ‘Technical rescue‘ form: name, address and nationality of the notifying person; name, address, mobile phone number of the person requesting the rescue, registration number of the vehicle, its geographical location, reason for making the call, action requested.
- Personal data recorded on the ‘Accident record‘ form: name, address and nationality of the notifying person; exact location of the accident, its character; number of the involved vehicles and persons injured; location of the vehicles concerned on the motorway.
- Personal data recorded in the ‘Dispatcher log‘: all incidents are recorded in the log which are related to the safety of the motorway and notified by radio, emergency call or in other way, or detected from the control room system of the dispatcher center, with the following data: date and time of the entry, registration number of the tow truck, reference number of the accident record, brief summary of the character of the incident and the actions taken.
- Photos taken at the location, if they contain personal data in relation to the accident/damage.
- Recipients of data transfer:
Depending on the nature of the event on the motorway section, typically police, fire service, ambulance, emergency call center, emergency services of the Hungarian Automobile Club (MAK), General Directorate of the National Disaster Management, civil defense, gas, water and electricity suppliers; motorway maintenance centers of Controllers (Újhartyán, Kiskunfélegyháza, Balástya), National Ambulance Service (OMSZ), road information (ÚTINFORM), road inspectors, insurance companies involved, third party service providers participating in the technical damage control. The independent organizations other than the above-mentioned Data Controllers act as independent data controllers when handling shared data for the purpose of performing their duties, for which detailed data management information can be requested on the website of the relevant organizations or by contacting them.
- Duration of data processing:
Duration of data retention is up to the general limitation period of 5 years.
2.7. Data processing related to recording of URH radio calls
- Potential range of data subjects:
Data processing in connection with the use of the radio frequency network (URH)
o primarily concerns employees working in the following units of the Controllers, involved by their job tasks: road inspectors, operation workers, operation and maintenance, as well as dispatchers performing coordination of the radio conversations.
o secondarily concerns employees of public utilities and other service providers completing installation, repair, maintenance works in the area of the motorway, if Controllers call the dispatcher center in connection to their work.
o Thirdly, concerns the individual assistance service providers in case of accidents or other incidents on the motorway are the (e.g. police), if their direct radio frequency connection is required to the individual units of the Controllers in order to eliminate the dangerous situation.
The URH radiofrequency must not be used for purposes other than related to work; private conversations are not allowed.
- Purpose of data processing:
Among the Controllers, A-Way Ltd. as an independent Controller, operates an internal radio frequency communications network
- to coordinate activities of the motorway road inspector service,
- to coordinate maintenance of the motorway, including that of the rest areas,
- to coordinate activities of the assistance services with the police in accordance with the agreement.
- Legal basis of data processing:
Art 6 Par. 1 Point e) of GDPR, according to which processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- Scope of processed data:
Incident in relation to operation of the motorway, which is reported by the employee of Controller to the dispatcher center.
- Recipients of data transfer:
In relation to the reported incident, data are shared with third persons including only authorities and other bodies which are involved by their scope of duties.
- Duration of data processing:
6 months from the recording.
2.8. Data management associated with voice recording of phone calls received by the dispatcher center
Between the 17+400 km and 173+895 km sections of the M5 motorway Controllers operate a central dispatcher service in Újhartyán, and an auxiliary dispatcher service in Balástya. Dispatcher services control the incidents that happened in their area of competence, related to the operation of the motorway, and if the auxiliary service is out of operation, control of the whole section would be taken over by the central service.
- Potential range of data subjects:
Persons calling the central phone number of the dispatcher service.
- Purpose of data processing:
The function of the dispatcher service is to accurately interpret the calls received from various sources and react to these in an appropriate way. As to their nature, the calls are usually accident reports, reports on a vehicle or technical breakdown of parts of the motorway or its accessories, and other report concerning the operation of the motorway and ensuring the safety of traffic. All actions to be taken in relation to traffic control and operation of the motorway are coordinated by the designated dispatchers on duty, from the control room, 24 hours a day. They transmit the information to the appropriate organizational unit of the Controllers affected by their job tasks, or to the competent third party organization.
- Legal basis of data processing:
The legal basis of data processing, depending on the subject of the call is
- Art. 6 Par. (1) Point e) of GDPR (processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller), or Point d) (processing is necessary on order to protect the vital interests of the data subject or of another natural person), especially in cases wherein the report is related to an accident, personal injury, or an incident directly endangering human life.
- The legal basis of recording calls made to the central phone number in any other subject is Act. 6 Par. (1) Point f) of GDPR based on which the data processing is necessary to the enforcement of the legitimate rights of the Controller or a third person. Such legitimate interests include, in particular, the recording of calls in order to reconstruct the call to be able to efficiently investigate the complaints reported in relation with exercising consumer protection rights and other reports made in relation with incidents (not affecting vital interest) occurring in the motorway section. Calls received by the central phone number for purposes other than those described above may also be recorded while legitimate interests in relation to the above-mentioned purposes have a higher priority. Controllers have completed a data processing impact assessment and they considered the interests to the necessary extent and established that they do have legitimate interests in relation to the purposes to be detailed below, and simultaneously there will not be a disproportionate harm to data subjects’ interests or rights and freedom.
- Scope of processed data:
Incident in relation to the operation of the motorway, which is reported by the notifying person to the dispatcher center.
- Recipients of data transfer:
In relation to the reported incident, data are shared with third parties, including only authorities involved by their scope of duties and to other bodies. Typically police, fire service, ambulance, emergency call center, emergency services of the Hungarian Automobile Club (MAK), General Directorate of the National Disaster Management, civil defense, gas, water and electricity suppliers; National Ambulance Service (OMSZ), road information (ÚTINFORM), road inspectors, third party service providers participating in the technical damage control.
- Duration of data processing:
6 months from the recording.
2.9. Road manager permits
- Potential range of data subjects:
Natural persons submitting a request to Controllers a for a road manager permit.
- Purpose of data processing:
Based on Art. 36, Art. 42. Par. (3) and Art 42/A Act No. I of 1988 on road traffic , a road manager permit is required for the activities involving roads in the following cases:
- to place structures, sings, equipment, etc.,
- to establish connection to the road,
- to use the road for a purpose other than transport,
- to use a property near the road.
Purpose of data processing: data processing associated with the administration of the permits mentioned above.
- Legal basis of data processing:
Art 6 Par. 1 Point e) of GDPR, according to which processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- Scope of processed data:
Depending on the nature of the request, typically the following data: location and purpose of the use; name and address of the person whose interest is the use (the eligible person); length, width, size of the road area to be occupied; planned start and end date of the use; name, address, and phone number of the person responsible for fulfilling the conditions set out in the manager’s permission; name and address of the owner of the structure (facility) installed in the road area as a result of the use; name and address of its operator.
- Recipients of data transfer:
Controllers are entitled to forward data recorded by the surveillance system to the above-mentioned bodies or persons by fulfilling the requirements specified in legislation, upon the enquiry of the court, authority or other entitled person. Controllers do not forward data to a third person in other cases.
- Duration of data processing:
Duration of data retention is up to the general limitation period of 5 years.
2.10. Data processing related to traffic surveying
In the operation, maintenance and development of the national road network and other related technical facilities, road traffic management needs to have a good knowledge of the volume, composition and characteristics of road traffic. One of the main sources of traffic data is the national road cross-sectional traffic survey and its results stored in the national road database (OKA). Decree 6/1998 (III. 11.) of the Ministry of Transport and Communications on the regulation of the management of national roads, which also applies to concession companies under Act I of 1988 on Road Transport, therefore including the Data Controllers, stipulates the performance of traffic survey activities as the operational task of the road manager. In performing this operational task of road management, the Data Controllers carry out the following data processing in the context of traffic surveying:
- Potential data subjects concerned by the processing:
The driver or passenger of a vehicle travelling on the M 5 motorway whose vehicle passes on the section of the M5 motorway subject to traffic surveying in such a way that the driver or passenger’s image is in the field of view of the traffic count camera. The vehicle registration number can also potentially identify the vehicle’s operator.
- Purpose of data processing:
The purpose of the data processing is to perform the operational tasks of the road manager, to statistically examine the traffic load of the motorway section concerned in the context of the purposes stated in the introduction.
- Legal basis for data processing:
Article 6(1)(f) of the GDPR, according to which it is in the legitimate interest of the Data Controllers to be able to carry out the traffic survey envisaged in the context of their tasks as road managers in an appropriate and efficient manner, thereby providing the data necessary for the statistical analyses related to the use and traffic load of the motorway concerned.
- Scope of data processed:
A camera image of a vehicle passing on the road section subject to the traffic survey, which records the vehicle’s profile image (driver and passenger images, if applicable) and registration number. In order to ensure a high level of data protection, the camera images are recorded using a technical solution that masks out the image of any natural persons (driver, passenger) and the vehicle registration number. As a result, the potential data subjects of this processing will not be identified.
- Recipients of data transfers:
The traffic survey is carried out with the assistance of a data processing company contracted by the Data Controllers. According to the processing instructions given by the Data Controllers, the recordings must be made by masking data that allow direct identification of natural persons. Accordingly, the records used as a basis for the traffic survey will not include personal data of natural persons. Nor can the statistical statements drawn up on the basis of the records be used to identify the persons concerned ex post.
- Duration of data processing:
Camera recordings made during traffic surveying will be masked directly during the recording process, so they will no longer be linked to the data subjects on the recording. The masked records are used until the preparation of the traffic survey statements and statistical analyses based on them, until the provision of data to the authorities, until the provision of additional data requested by the authorities and then deleted, at the latest within 15 months after the completion of the records.
3. What rights do you have in connection with data processing?
Right to access: |
You are entitled to be informed whether your personal data are being processed, and if so, you are entitled to obtain access to your personal data and certain information related to the data processing. The right to access includes the following information, among others: the purpose of the processing, categories of the processed data, designation of addressees for whom data were forwarded. Furthermore, you are entitled to request a copy of your personal data processed by us.
|
Right to change: |
In some cases you are entitled to request that we correct your incorrect personal data or supplement the incomplete personal information.
|
Right to delete (to be forgotten): |
In some cases you are entitled to have your personal data deleted upon your request.
|
Right to the limitation of data processing: |
In some cases you are entitled to have the processing of your personal data limited upon your request.
|
Right to data portability: |
In some cases you are entitled to obtain personal data on you in an articulated, widely used, machine-readable format, furthermore, you may be entitled to have these data forwarded by us to another controller.
|
Right to protest: |
In some cases you are entitled to protest against processing your personal data, and we might not continue the processing of your data in such a case.
|
Right to revoke approval: |
In some cases you are entitled to revoke your approval to the processing of data. However, this does not affect the lawfulness of data processing performed based on your approval made before the revocation.
|
With regard to the above rights, please consider that accomplishing the particular request is not possible or possible only with limitations in some cases due to the nature of the personal data (e.g. we have to retain the particular personal data by legal requirement), or the above rights are not unlimited and the applicable data protection rules may make their use conditional on certain criteria.
CML Construction Services Ltd. ensures the exercising of the above data protection rights for all companies of the Group. Therefore, should you have questions concerning the above or our data processing practice in general, or if you want to exercise the above rights, please contact us at one of the contact details below:
CML Construction Services Ltd.
Headquarters: 1117 Budapest, Gábor Dénes utca 2. (Infopark Building D)
Phone number: +36 1 358- 5306
Email: data-protection-hu@strabag.com
We make every effort to respond to your enquiry without undue delay, but you will be informed of the actions taken not later than within one month from receiving your enquiry. Based on the GDPR provisions, this deadline may be extended with additional two months, considering the complexity of your request and the number of requests. In this case, we inform you on the extension of the deadline, stating the reasons for the delay within one month from receiving your enquiry.
Furthermore, please be informed that in case you are dissatisfied with our data processing procedure, you are entitled to make a complaint to the National Data Protection and Freedom of Information Authority (Nemzeti Adatvédelmi és Információszabadság Hatóság) at the following address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c., Phone number: +36 (1) 391-1400, email: ugyfelszolgalat@naih.hu, website: www.naih.hu); or in the case of unlawful data processing you can file a claim at the court competent according to your domicile or residence.
4. What security measures are taken to protect your personal data?
During processing data in electronic, as well as in printed form, we take due security measures to avoid data protection incidents, to prevent unauthorized access to or unauthorized disclosure of your personal data and actions are taken to avoid the loss or corruption of personal data.
Data security covers the period from data collection to data destruction. Personal data are disclosed to third parties only in case they meet the legal conditions, and every necessary measure is taken in order to protect personal data.
5. Amendment of this regulation
We provide information on future amendments on this site. Please visit this site frequently to be able to view updates or amendments of our data protection rules.
6. Additional processing of data (not related to the operation of the motorway):
These rules, in respect of data processing directly related to the operation of the M5 motorway, contain the data protection information according to Art 13 of GDPR. See our general data protection information on our website regarding other, more general data processing of Controllers.
7. Date of the regulation
Last update of this regulation: 19 June 2024
[1] Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of their personal data and on the free movement of such data, and repealing Directive 95/46/EC.