PRIVACY POLICY

1. Identification of the data controller

Data Controller: COM-FORTH Ipari Informatikai Kft. (hereinafter: Company)

Registered office: H-1138 Budapest, Dunavirág utca 2–6., I. torony 4. em.

E-mail: mail@comforth.hu

Telephone: +36 1 413 7198

Fax: +36 1 321 3899

2. Legislation underlying the data processing

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter: GDPR).

3. Processing of the data provided during registration – newsletter

3.1       Scope of the processed data and purpose of data processing

Please note that the data specified above are mandatory. However, the e-mail address does not necessarily have to contain the name of the data subject; it can be substituted by info@companyname.hu, for example. The data subject may freely decide whether to provide an existing e-mail address that contains information on their identity.

3.2       Legal basis of data processing

The legal basis of processing the above data, provided when sending the message, is the consent of the data subject.

3.3       Duration of data processing

The Company processes the contact data provided when sending the message until such time as the user withdraws their consent. The cancellation of the registration may be initiated in the system by clicking on the “Delete registration” icon.

4. Other personal data logged by the system

4.1       Scope of the processed data and purpose of data processing

4.2       Legal basis of data processing

The legal basis of data processing is the Company’s legitimate interest related to protecting the security of the data processed in the system and of the IT infrastructure supporting the functioning of the system. The logging of the aforementioned data is essential in the system in order to identify any potential malicious or abusive use, to take the appropriate data and information security measures (e.g., vulnerability and stress test) and for internal audit purposes. The legitimate interest related to ensuring the secure functioning of the system is proportional to the processing of the aforementioned personal data logged in connection with the logins.

4.3       Duration of data processing

The system stores the data specified herein for five years from their origination and then automatically deletes them.

5. Access to the data and data security measures

5.1       Access to and transfer of the data

Personal data may be accessed by the Company’s designated employees and contracted processor partners for the purposes of fulfilling their duties and the contract, subject to the data protection guarantees undertaken in the contract. The Company does not transfer the personal data controlled by it.

5.2       Data security measures

The Company stores the personal data provided in the declaration on the servers located in the Company’s registered office (H-1138 Budapest, Dunavirág utca 2–6., I. torony 4. em.) and on the CloudFlare, Webonic, HubSpot and Google web servers. The Company does not use the service of other entities for the storage of personal data and it does not commission any processor either. The Company prevents unauthorised access to or unauthorised changing of the personal data controlled by it by appropriate IT, technical and personnel measures.

6. Rights related to processing

6.1       The right to request information

The data subject may request information from the Company in writing, through the contact points specified in Section 1, as to which of their personal data are processed by the Company, on what legal basis, for what data processing objective, from what source and how long, and which of their personal data the Company has provided access to, to whom, when and on what legal basis or to whom it has transferred their data. The Company shall respond to the data subject’s inquiry within one month, at the latest, by e-mail sent to the address provided.

6.2       Right to rectification

The data subject may request in writing, through the contact points specified in Section 1, that the Company modify any of their personal data (for example, they may change their e-mail address or postal address at any time). The Company shall grant the request within one month, at the latest, and notify them by e-mail sent to the address provided.

6.3       Right to erasure

The data subject may request in writing, through the contact points specified in Section 1, that the Company erase their personal data. The Company rejects the request to erase such data if the Company is obliged to continue storing the personal data. Such cases include, among other things, when the retention period prescribed by the accounting laws has not yet expired. However, if no such obligation exists, the Company shall grant the request within one month, at the latest, and notify the data subject by e-mail sent to the address provided.

6.4       Right to blocking (restriction of processing)

The data subject may request in writing, through the contact points specified in Section 1, that the Company block their personal data (by clearly indicating the restricted nature of the data processing and ensuring their processing separately from other data). The blocking shall last until such time as the reason specified by the data subject necessitates the storage of the data. The data subject may request the blocking of the data when, for example, they believe that the Company has processed their application unlawfully, but for the purposes of the administrative or court procedure initiated by them it is necessary for the Company not to erase the application. In such case, the Company shall continue to store the personal data (e.g., the given application) until it receives a request from the authorities or the court, and upon such receipt erase the data.

6.5       Right to object

The data subject may object in writing, through the contact points specified in Section 1, to the data processing, should the Company transfer or use the personal data for; e.g., a public opinion poll or scientific research.

7. Possibility to enforce rights related to the processing

7.1       Initiating a court procedure

The data subject may bring a civil action against the Company should they find that their personal data have been processed unlawfully. The judgement of the action shall be the competence of a court of law. The action – subject to the data subject’s choice – may also be instituted at the court with competence based on the data subject’s residence (for the list and contact details of the courts see: http://birosag.hu/torvenyszekek).

7.2       Procedure conducted by the Hungarian National Authority for Data Protection and Freedom of Information

Should the data subject find that their personal data have been processed unlawfully, they may file an online complaint with the Hungarian National Authority for Data Protection and Freedom of Information. See: https://www.naih.hu/online-uegyinditas.html.

To make a personal appointment, call the following telephone number on Tuesdays or Thursdays between 9 a.m. and 12 p.m. or between 1 p.m. and 4 p.m.: +36 1 391 1400.

Please note that the Authority will investigate the complaint only if prior to submitting the complaint to the Authority the data subject has contacted the controller (the Company) with their complaint, and that yielded no result.

Budapest, 2019