Data Protection Declaration
Based on the relevant provisions of the Hungarian legislation, by registering to the websites or the software applications of Dorsum Zrt. (possibly, its demo applications), or even without registration and/or by subscribing to its newsletter, you consent to Dorsum Zrt. using your data to editing works, market research, direct marketing, supplying of services or sending advertisements subject to keeping the provisions of the relevant legislation as necessary.
Please note that the data service is voluntary and that you are entitled to request information about the data processing or the rectification or cancellation of your data at any time by sending a letter to Dorsum Zrt. at 1012 Budapest, Logodi utca 5-7. 3. em. 18, or an e-mail to firstname.lastname@example.org. We assume no responsibility for the authenticity of the data you have made available.
- DATA PROCESSOR
This Data Protection Policy and information (hereinafter, the “Data Protection Policy”) sets out the data control regulations of Dorsum Zrt. (registered address: 1012 Budapest, Logodi utca 5-7. 3. emelet 18., company registration number: Cg. 01-10-044594, represented by Róbert Kő, chief executive officer, e-mail address: email@example.com), acting as a data controller (hereinafter, the “Data Controller”) regarding the users of the http://www.dorsum.eu and other websites that can be reached at the other addresses specified therein (hereinafter, the “Website”) and the users (hereinafter, the “Users”) of the software applications of Dorsum Zrt. (hereinafter, the “Application”) in respect of the control of their personal rights defined in the present Data Protection Policy in accordance with Act CXII of 2011 on the right informational self-determination and the freedom of information (hereinafter, the “Info Act”) and Act VI of 1998 promulgating the Convention for the protection of individuals with regard to automatic processing of personal data, done in Strasbourg on 28 January 1981.
- GENERAL PROVISIONS
The Data Controller controls the personal data of the Users based on the present Data Protection Policy and in accordance with the Info Act, taking into account the guidelines of the authority responsible for data protection (currently: National Office for Data Protection and Freedom of Information Authority, having its seat at 1024 Budapest, Szilágyi Erzsébet fasor 22/C.; website: www.naih.hu) and the court practice made public. By accepting this Data Protection Policy, the User consents to the Data Controller controlling his/her data in accordance with this Data Protection Policy.
The Data Controller reserves the right to unilaterally amend this Data Protection Policy, of which it informs the Users. The Data Controller posts the amended Data Protection Policy on the Website on the fifth (5th) day before the entry into force of the amended Data Protection Policy. The User declares that he/she has the Internet access necessary to use the Website and that he/she checks his the Website and/or his/her User Account on a regular basis. By accepting this Data Protection Policy, the User declares that he/she consents to contacting him/her at the contacts he/she provided in the User Account or during the Registration or when using the Website.
- SCOPE OF USERS
One user can register on the Website or the Application in one way and on one occasion (hereinafter, the “Registration”). Based on his/her data provided during the Registration, the registered User (hereinafter, a “Subscriber”) may use the services provided on the Website or through the Application subject to the terms and conditions (hereinafter, the “Contract”) governing their use (hereinafter, the “Services”). A User who is not a Subscriber, but is using the Services or a User who is using Services that do not require Registration also accept the provisions of the present Data Protection Policy as binding by the User visiting the Website to obtain information and/or entering the site and using the Website through his/her activities and using the applications.
Pursuant to the Data Protection Policy, a person can become a Subscriber who provides the data in the course of the Registration or use without Registration and made the declarations in section 6 of this Data Protection Policy (hereinafter collectively, the “Declarations”) before using the Website or the Application, and accepted to be bound by the provisions of the Contract applicable to him/her and of this Data Protection Policy.
- PURPOSE OF THIS DATA PROTECTION POLICY
This Data Protection Policy aims to determine the scope of personal data of the User under section 8 and controlled by the Data Controller, the method of data control and to ensure the respect of the privacy of the natural person Users in accordance with the Info Act and other relevant legislation and the enforcement of the requirements of data protection and data security, as well as to prevent unauthorized access to the User’s personal data and the alteration or unauthorized disclosure or use of the data.
- USER DECLARATION
By making the Registration or using without Registration, the User confirms to have fully familiarized with and read this Data Protection Policy and accepted to be bound by the provisions contained therein, and gives his/her voluntary, informed and express consent to the Data Controller controlling his/her personal data defined in the Data Protection Policy for the data control purposes defined therein subject to compliance with the provisions of the Info Act and this Data Protection Policy.
The User declares that he/she came to know and read the provisions of the Contract simultaneously with the acceptance of this Data Protection Policy, which is a condition to the validity of the Registration and the use of the Web and the software application(s).
By making the Registration and/or using the Application, the User consents to the Data Controller controlling his voluntarily given personal and other data for any required editorial work, market research, direct marketing, the provision of services or sending advertisements. Obviously, he/she can revoke such consent at any time at any of the contacts defined in section 1 of this Data Protection Policy.
The User declares that the data provided is true and do not infringe the personal rights of other persons.
Subscribers declare to accept responsibility for the conduct of any other Users who user their User Accounts with their knowledge and be fully responsible vis-à-vis the Data Controller.
The User declares to have understood the information provided by the Data Controller and, based on the same, consents to the Data Controller placing cookies on his/her terminal equipment (device) used for accessing the Services for a period of one (1) year, and consents to the associated data control.
Obviously, Users may revoke their consent at any time by disabling cookies. Please note that disabling cookies can have a technical impact on how the Data Controller will be able to supply the individual Services to the given User.
- DATA CONTROL PURPOSES
The personal data of the Users are controlled in order to enable the use, supply, maintenance and protection of the Services provided by the Data Controller through the Website or the Application and the fulfilment of the conditions of the Contract, to improve the Services and develop new services, protect the Data Controller and the Users, display of the Data Controller’s activity related to the Services, including, in particular the display of the contents on the Website or the application, the preparation and arrangement of the activities launched or initiated on the Website or the application, as well as to support the Data Controller’s activity and associated promotional purposes (sending newsletters and recommending products/services).
The Data Controller may use the anonymized personal data of the User for statistical purposes.
- SCOPE OF CONTROLLED PERSONAL DATA
The provisions concerning the protection of the Users’ personal rights apply only to natural persons as personal data may only be understood in relation to natural persons. Therefore, this Data Protection Policy covers only the control of the personal data of natural persons.
The Data Controller captures only personal data provided by the User on a voluntary basis. By providing his/her personal data, the User consents to entering his/her personal data in the Data Controller’s database in accordance with the terms of this Data Protection Policy.
8.1. Personal data controlled in order to identify the Users
The Data Controller controls the following personal data for the purposes of identification:
(1) Natural personal identification data of the user: first name and last name.
(2) E-mail address of the user provided during Registration.
(3) Home address or mailing address of the User.
(4) User name and password.
(5) Direct telephone and fax number of the User.
(6) Personal information provided by the User (for example, address for notices, occupation, position, area of interest) and other data.
(7) The Data Controller may request additional personal data of the Users for certain activities on the Website/Application. Such data control is also governed by this Policy.
8.2. Data controlled for using the services
(1) IP address of the User’s computer,
(2) Start and end times of logging in the Website/Application, and
(3) Depending on the settings of the User’s computer, type of the browser and the operating system,
(4) Data concerning the User’s activity concerning the Website/Application.
This information is automatically logged in the system. Such information is not suitable for identifying persons, and the Data Controller does not link the data in the log file with other personal data, but only uses the data for analysing trends, preparing site usage statistics, the administration of services, analysing and satisfying user requirements, which contribute to improving the quality of the Services.
For every all advertising or promotional e-mail sent by the Data Controller, if any, the Data Controller offers the User the possibility to unsubscribe from the, so the User will not subsequently receive them.
Newsletter: the Data Controller operates a newsletter service on the Web site as well. If the User wants to receive newsletters concerning the use of the Services or news related to the Services, the Data Controller asks for only the e-mail address of the User at which he/she expects the newsletters. A newsletter can include advertising offers or promotional offers as well. By accepting this Data Protection Policy, Users specifically consent to that the Data Controller accessed them with own promotional offers by means of its newsletter to the Users’ contacts provided for receiving newsletters. Users, who do not wish to subsequently receive newsletters after they ordered the newsletter service offered on the Website, can cancel the service in the way defined in the newsletter and on the Website or by e-mail or letter to the Data Controller’s contacts provided in section 1 of this Policy.
- LEGAL BASIS AND METHOD OF DATA CONTROL
The Data Controller controls the Users’ personal data solely for the purposes set out in section 7 of this Data Protection Policy and for the duration defined in section 10 of this Data Protection Policy, and ensures that data control takes place in accordance with the purpose of the data control in all phases of the data control. By accepting this Data Protection Policy, the User declares that he/she granted consent to the data control and subsequently provides data in all cases based on his/her voluntary, informed and express consent pursuant to Section 5(1) of the Info Act. Such voluntary, informed and express consent provides the legal basis of data control by the Data Controller under this Data Protection Policy.
- DURATION OF DATA CONTROL
The duration of the data control is five (5) years from the termination of the possibility to use the service (including, in particular, the cancellation of Registration), given that this is the time limit within which the Data Controller or third party may bring a civil law claim against the User or against the Data Controller due to the User’s activity, so it ensures that the identity of the User can be tracked back and enables the Data Controller to enforce, if necessary, a claim for damages incurred by the Data Controller or a third party or any other civil law claim.
- DATA SECURITY
In accordance with its obligation set out in Section 7 of the Info Act, the Data Controller is using its best efforts to ensure the security of your data and to implement appropriate technical and organizational measures and establish rules of procedure that are necessary in order to enforce the Info Act and other data protection and confidentiality rules.
The Data Controller’s activity complies with the requirements of the ISO 27001 standard, setting out the information security management systems.
The Services include so-called cloud-based applications. Cloud-based applications are typically international or cross-border in nature and serve, for example, the purposes of data storage in scenarios where a server hotel located in any place in the world, rather than the User’s computer corporate computing centre, is the data storage. The main advantage of cloud applications is that they provide high security and flexibly expendable IT storage and processing capacity that is practically independent of geographical locations.
The Data Controller selects its cloud service provider partners applying the greatest care, and use best efforts to make contracts with them, which observe the Users’ data security interests to ensure that their data control principles are transparent to it, and to regularly audit data security.
Links: it is possible that the Data Controller’s Website includes links to pages maintained by other providers (including buttons and logos directing to login and share possibilities), where the Data Controller has no influence on the practices concerning the control of personal data. Users should note that clicking on such links can move them to sites of other service providers. In such cases, we recommend that you make sure to read the data protection rules governing the use of such sites. This Data Protection Policy only applies to the Website operated by the Data Controller. If the User changes or cancels any of his/her personal data only any external website, data control by the Data Controller will not be affected, and the User should make such changes on the Website as well.
- DATA TRANSMISSION AND INTERCONNECTING DATA
The personal data of the User may be transmitted to third parties and data control may be interconnected only based on the prior and informed consent of the User in accordance with this Data Protections Policy or in order to fulfil the Data Controller’s statutory obligation and based on the request of the competent authorities, provided, that the conditions of data control are fulfilled with respect to each personal data. Before fulfilling official data requests, the Data Controller examines with respect to each data, whether the legal basis and the obligation to transmit data prevail.
By accepting this Data Protection Policy, the User declares that he/she is aware that the data controlled by the Data Controller are transmitted to persons engaged in data processing and customer service under the Data Controller’s assignment and body entitled for dispute settlement under the law. The entities receiving personal data as above provide services to the Data Controller and are primarily operating in Hungary or the European Economic Area. These entities act in respect of the data as instructed by the Data Controller, and may not use the data for any other purpose and are subject to and data protection and confidentiality obligation.
PLACING ANONYMOUS USER IDENTIFIER (COOKIE)
Anonymous user identifiers (cookies) are a string for unique identification or the storage of profile information that the providers place on the User’s computer. It is important to know that such a string itself can in no way identify the User, but can identify the User’s computer only. In the network world of the Internet, information associated with persons and customized services can only be provided if the service providers can uniquely identify their customers’ habits and needs. Service providers apply anonymous identification in order to obtain more information account the clients’ habits in terms of information use on the one hand, to enable them to improve their service level, and to offer customization possibilities to their clients on the other hand.
For example, cookies help to store the Users’ preferences and settings; they help with login; can display personalized advertisements and analyse the operation of the website. To this end, we user services to collect and track the data of User activities such as relevance, offers, searches, opening and the most important and most frequently used functions.
We use Flash cookies, for example, to tell us if the User has ever visited our Website and to help us identify the functions/services that may be of interest to the User the most. Search and the Flash cookies enhance the online experience by information about the User’s preference while staying on a particular site. Neither the search engine nor Flash cookies can identify the User personally, and the User can refuse browser cookies in the browser settings, however, he/she will not be able to exploit all the services of our website without such cookies.
If the User does not want to have such an identification string placed on his/her computer, he/she can set the browser in a way not to allow placing an identification string. In this case, however, it is possible that the User will not reach the Services at all or in the form as if he/she allowed the placing of identifiers.
A large number of Users use the Services in a variety of software and hardware environments, and with different purposes and in different areas. The improvement of the Services can be best adapted to the needs and possibilities of our Users if we receive a comprehensive picture of their user habits and needs. However, due to the large number of our Users, it is an effective supplementary tool in addition to personal contacts and feedback to collect and analyse their habits and the data concerning the running environment of the Services by using an automated method as well.
- RIGHTS OF USERS AND ENFORCING RIGHTS
Users may request information about the data control and request rectification and blocking of their personal data or erasure in case the data is inaccurate. The data subjects can exercise their rights in the context of data control by means of notices sent to the e-mail addresses provided during Registration. Users can send requests for information or erasure by e-mail to the e-mail address in section 1 of this Data Protection Policy.
14.1. Information: Users may request information about the control of their personal data under paragraph a) of Section 14 of the Info Act. Upon request, the Data Controller provides information to the User about the his/her data controlled by it, the purpose, legal basis and duration of the data control, the name and address (registered office) of the data controller and its activity related to data control, about whether it controls the User’s data in accordance with the last paragraph of section 7 of this Data Protection Policy and its activities concerning data control, as well as the persons(s) who receive the data and the purpose thereof. The information must also include the rights and remedies of the user in relation to the data control. The request for information should be sent by e-mail to the e-mail address in section 1 of this Data Protection Policy, and the data subject will receive the response within thirty (30) working days. Such information will be provided free of charge if the person requesting it has not submitted any request for information to the Data Controller during the given year in relation to the same dataset. In other cases, the data Controller may fulfil the request for information subject to the payment of a fee. Information can be provided within the data control time limit defined in section 10.
14.2. Erasure: The Data Controller will erase the personal data if requested by the User with regard to the provisions below.
If, due to a previously incurred dispute or based on the law or a supervisory procedure under the law, or due to the Contract made with the User that is still in effect, the personal data must be retained or the data includes the personal data of others in an inseparable and non-erasable way (for example, photo), a request for immediate erasure does not necessarily mean the full unavailability of the recording, however, the recording may subsequently be used only for a purposes that excludes the erasure. The Data Controller must carry out the erasure free of charge. Users can notify the Data Controller about their claim to erase their personal data by using the menu item to that effect on the Website or by e-mail to the e-mail address shown in section 1 of this Data Protection Policy. At the User’s voluntary decision and request, the Data Controller will erase the data within thirty (30) days from the receipt of the claim for erasure. By revoking his/her consent to the control of personal data or making a request for the erasure of data, the User waives all his/her rights related to any activity linked to Registration. Erasure is free of charge in all cases.
The Data Controller will notify the data subject about the rectification and the erasure, unless the omission of notice does not harm the data subject’s legitimate interests.
14.3. Blocking: Instead of erasure, the Data Controller will block the personal data if requested by the User or it can be assumed on the basis of the available information that erasure would harm the legitimate interests of the data subject. Personal data blocked in this manner will only be controlled by the Data Controller only for as long as the purpose of data control that excluded the erasure of the personal data prevails.
14.4. Identification: The Data Controller identifies the personal data it processes if the User disputes the correctness or the accuracy thereof, but the incorrectness or inaccuracy of the disputed personal data cannot be defined clearly.
If the Data Controller does not fulfil the User’s request for rectification, blocking or erasure, it will declare the reasons for refusing the request for rectification, blocking or erasure within thirty (30) days of the receipt of the request and inform the User about the possibility to turn to the court or the data protection authority for remedy.
- RIGHT TO OBJECT AND LEGAL REMEDIES
(15.1.) Right to object
The User or any person whose data is obtained by the Data Controller, has the right to object to the control of his/her personal data if:
– the control (transmission) of personal data is necessary solely for enforcing a right or legitimate interest of the Data Controller, unless the data control is ordered or permitted by the law;
– the exercise of the right to object is otherwise made possible by the law.
Simultaneously with the suspension of data control, the Data Controller examines the objection not later than within fifteen (15) days of the receipt of the request, and informs the applicant of the results thereof in writing. Where the objection is justified, the Data Controller stops the data control and blocks the data. The Data Controller must give notice about the objection and the measures it has taken on the basis thereof to all to whom it has previously transmitted the personal data affected by the objection and the latter must take action to enforce the right to object.
If the User disagrees with the decision taken by the Data Controller based on the objection or if the Data Controller missed the time limit for decision-making, the User has the right to bring an action in the court of law within thirty (30) days of the last day of the time limit.
(15.2.) Enforcing of rights
Users may enforce rights based on the Info Act and the Civil Code (hereinafter, the “Civil Code”). In the case of an infringement of rights, Users may turn to the court or the data protection authority referred to in section 2 of this Data Protection Policy. Any person has the right to notify the data protection authority and request an investigation alleging an infringement relating to the processing of his or her personal data, or if there is imminent danger of such infringement. The court competent for the Data Controller’s registered address has jurisdiction for hearing the case. If so requested by the data subject, the action may be brought before the court in whose jurisdiction the data subject’s home address (temporary residence) is located. The detailed legal regulations regarding the method of enforcing rights and the obligations of the Data Controller are set out in the Info Act and the Civil Code.
- FURTHER GUARANTEES PROTECTING DATA SUBJECTS
Every User has the right to:
– be notified of the automated file containing personal data, its main purposes and of the person controlling the data file (including the usual place of residence or registered office of this person);
– be notified regularly and without excessive costs or delay as to whether his/her data is stored in an automated data file and to be informed of the content of these data in a comprehensible form.
- PERSON IN CHARGE OF DATA PROTECTION APPOINTED BY THE DATA CONTROLLER
The data protection officer appointed by the Data Controller helps the Users in making decisions concerning data protection and securing the rights of data subjects via the e-mail address in section 1 of this Data Protection Policy.
- OTHER PROVISIONS
Users acknowledge and consent to that all members of the group in which the data Controller is a member through a direct or indirect ownership participation of not less than 50% or an entity acquiring all or the substantial part of the Data Controller’s assets are considered as the beneficiary/assignee of the Data Controller in terms of the rights and obligations provided in this Data Protection Policy. Such undertakings are entitled to directly enforce or refer to any provisions of this Data Protection Policy that include any advantage or right in their favour. Users may not transfer or assign their rights or obligations set out in this Data Protection Policy to third parties.
2 June 2015
Dorsum Co. Ltd.