Data processing, quality and information security policy

Data processing

BISZ Zrt. offers a downloadable Data Processing Guide to provide information to its partners on its practices concerning consumer protection, legal remedies, complaints management, customer relations and website registration, as well as its organisational and technical measures for data protection, and the legal remedies available to partners.

Quality and information security policy

The systems operated by BISZ Központi Hitelinformációs Zártkörűen Működő Részvénytársaság are self-contained databases that hold personal data and confidential business and banking information for the main purposes of helping to reduce credit risk to promote a higher level of security in the operations of the financial organisations subscribing to the systems (data providers), and of maintaining a central register of consumer statements that enable free cash withdrawals. Any data provider that has submitted data to the databases of the systems has both the right and the obligation to maintain its own submitted data, and to access information from the databases.

We have implemented an integrated quality and information security management system in compliance with the requirements of the ISO 9001 and ISO/IEC 27001 standards, which guarantees the continuous high quality of the services offered to data providers, and that the services are arranged to ensure compliance with legal regulations and the greatest possible level of alignment with data providers’ expectations.

We have up-to-date information on the needs of data providers and accordingly, we continuously look for quality solutions and ways to work more efficiently, as well as appropriate and proportional measures to adequately protect the data and information stored in the databases which we operate, and our data and IT equipment, against both external and internal threats, whether intentional or accidental. To that end, we assess the threats affecting information security (confidentiality, integrity, availability), analyse and continuously review risks following a well-defined methodology, and implement measures to avoid their occurrence.

Our Management Board plays a major role in the effective maintenance and continual improvement of the integrated management system. Committed to the achievement of stated objectives, the Board expects all of the Company’s employees to perform work in compliance with the regulations on quality management and information security.

The efficiency of our integrated management system is largely dependent on our internal and external staff. To minimise risks and to ensure the stable operations of our organisation, we have been making efforts to achieve, maintain and improve the loyalty of our staff to the organisation, as well as their awareness of data protection. Mindful of enabling employee fulfilment, we both enable and require every employee to participate in the relevant training programmes. We seek to establish close and positive working relations within our organisation. Following their entry, new staff are trained on quality management and information security in order to understand the importance of quality management and the protection of information, the provisions contained in the documents of the integrated management system, as well as their personal responsibilities.

Seeking to ensure that data providers are satisfied while using the service, we have continuously been evaluating the effectiveness of our relations, and exploring opportunities for improvement.

We expect all of our suppliers to accept and ensure full compliance with our requirements for quality management and information security.