A magyar verzióért kérjük kattintson ide.

Preamble

While processing personal data, Dorsum Ltd. (hereinafter: „Processor”) as Processor proceeds in compliance with the provisions of the Regulation of the European Parliament and of the Council (EU) 2016/679 (27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data as well as of the applicable laws and regulations.

Dorsum Ltd. respects Your (hereinafter „Data Subject”) rights related to the protection of personal data. This notice is a brief and simple summary of the data we collect and how we use them and also describes the tools used by us and the data protection and right enforcement options of the Data Subject related to data protection.

The detailed provisions are included in the Regulation referred to above. If you need further information, we recommend You reading the Regulation.

While processing data, the Controller applies the following principles:

1. Personal data may be acquired and processed only honestly and lawfully.
2. Personal Data may only be stored for specific and legitimate purposes and may not be used for any other purpose.
3. The personal data must be proportionate to the purpose of their storage and must comply with that purpose, without extending beyond it.
4. Personal data shall be kept in a form which permits identification of data subjects for no longer than necessary for the purpose for which the personal data are processed.
5. The required security measures must be taken in order to protect personal data stored in automated data files and to prevent any accidental or unlawful destruction or accidental loss of data, or any unlawful access or alteration or distribution of data.

The scope of this privacy notice covers all processing activities of the Controller and therefore also extends to the processing of the Personal Data of Data Subjects who build a relationship with the Controller in relation to its economic (business) activity and the Personal Data of future or existing employees of the Controller.

Definitions

• Personal data – any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
• Processing – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transfer, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• Controller – the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
• Processor – a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
• Recipient – a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients;
• Third Party – a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
• Consent of the data subject – any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
• Profiling – any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
• Personal data breach – means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transferred, stored or otherwise processed;
• Authority – Hungarian National Authority for Data Protection and Freedom of Information, naih.hu

Controller (service provider) and contact details

Controller:                                                       Dorsum Ltd.

Registered office                                             1012 Budapest, Logodi u. 5-7. 3^rd floor 18.

Postal address:                                                1012 Budapest, Logodi u. 5-7. 3^rd floor 18.

Company registration number:                    01-10-044594

Phone and fax number:                                  Phone: +36 1 487 3030, Fax: +36 1 487 3031

E-mail address:                                                dataprivacy@dorsum.eu

Purpose of processing, scope of the processed data, duration of processing, parties eligible to access the data with regard to contact persons as Data Subjects of business associations that have a relationship with the Controller during its economic (business) activity.

 

The provisions of this chapter apply to the processing of Personal Data of all Data Subjects who are not employed by the Controller and whose Personal Data are not processed as data of job seekers but as natural persons, contact persons of business associations building a relationship with the Controller during the pursuit of the Controller’s business activity / the Controller’s operation.

 

1. Purpose of processing

Personal data may be processed only for specified and explicit purposes, to the extent necessary, for the exercising of certain rights and fulfilment of obligations. The purpose of processing must be satisfied in all stages of the data control operations; personal data shall be registered and processed lawfully and fairly. Personal data may be processed to the extent and for the duration necessary to achieve its purpose. The controller adopted internal orders in order to regulate that data are processed only by recipients involved in and necessary for the attainment of the goal of processing.

The Controller processes the Personal Data for legitimate interests in the following cases:

• White paper downloading, datasheet downloading, demo request
• Security function: registered office/business site entry authorisation system, camera surveillance

 

The Controller processes the Personal Data for performance of contract in the following cases:

• conclusion of a contract
• contract performance
• supply of support service
• handling fault reports

The Controller processes the Personal Data on the basis of the express and voluntary consent of the Data Subject in the following cases:

• Newsletter

2. Scope of the processed data, duration of processing, parties eligible to access the data

Consequently, with reference to the indicated legal ground, we collect and process the following data for the specified retention period.

 

DATA PROCESSSED BASED ON A LEGITIMATE INTEREST

Data	Retention period
Name	Retention period: until the legitimate interest stops or 5 years pursuant to the related statutory requirement (Section 6:22 of the Civil Code)
Position held at the partner company
e-mail address
phone number
recording of the security camera	in the legitimate interest 7 days from the date of  recording

 

DATA PROCESSSED BASED ON PERFORMANCE OF CONTRACT

Data	Retention period
Name	Retention period: until the legitimate interest stops or 5 years pursuant to the related statutory requirement (Section 6:22 of the Civil Code)
Position held at the partner company
e-mail address
phone number
Ticketing system user name

 

DATA PROCESSED WITH VOLUNTARY CONSENT

Data	Retention period
Name	Retention period until de-registration
Position held at the partner company	Retention period until de-registration
e-mail address	Retention period until de-registration
phone number	Retention period until de-registration

 

The Data subject may find more information about the method of de-registration in the subsequent chapters of the Notice.

3. Collection, use and transfer of personal data

Controller:

• The controller informs the Data subject of the processing practice in the required manner prior to the start of processing.
• The controller collects, stores and uses Personal Data only for specifically defined purposes. The collected information always matches the particular purpose and is relevant and adequate for it.
• The controller takes steps that are reasonable in terms of the particular purpose to make sure that the Personal Data of the Data Subjects are complete, accurate, up-to-date and reliable to the extent required for the purpose.
• The controller uses your Personal Data for promotional purposes only with your consent and gives you an opportunity to prohibit communication of this nature.
• The controller takes proportionate and prudent steps to protect the Personal Data of the Data Subject, also including cases when they are transferred to third parties. No data are transferred to third parties without the prior, express consent of the Data Subject.

 

4. The Controller employs the following Processor(s) for the activities listed below to process Personal Data:

Processor	Company registration number/tax number:	Activity pursued
T-system Zrt.	Tax number: 12928099-2-44, Company registration number: +01 10 044852	email hosting
Hetzner Online GmbH	Industriestr. 25|91710 Gunzenhausen VAT Reg. No.: DE812871812	website hosting
Béla Fridrik private contractor	Tax number: 67942493-1-33 Registration number: 50981719	webmaster service provider
Microsoft		MS Azure cloud computing service
The Rocket Science Group, LLC, (Mailchimp)		Newsletter distribution system
Mailing, courier service		mail and parcel management
Security service provider

 

5. The processor transfers the data to the following recipients:

• Employees of the company pursuing customer service and trading tasks,
• members of staff performing bookkeeping and taxation related tasks.

Purpose of processing, scope of the processed data, duration of processing, parties eligible to access the data with regard to Data Subjects applying for jobs at the Controller

1. Purpose of processing

Personal data may be processed only for specified and explicit purposes, to the extent necessary, for the exercising of certain rights and fulfilment of obligations. The purpose of processing must be satisfied in all stages of the data control operations; personal data shall be registered and processed lawfully and fairly. Personal data may be processed to the extent and for the duration necessary to achieve its purpose. The controller adopted internal orders in order to regulate that data are processed only by recipients involved in and necessary for the attainment of the goal of processing.

The Controller processes Personal Data based on the base of legitimate interest of the Data Subject in the following cases:

• Recruiting for a advertised / identified position

The Controller processes Personal Data based on the express and voluntary consent of the Data Subject in the following cases:

• Recruiting for an undisclosed position

The Controller considers applications for vacant jobs via email expressed and voluntary consent because there is no other technical way to prove voluntarism in any other manner.

2. Scope of the processed data, duration of processing, parties eligible to access the data

Consequently, with reference to the indicated legal ground, the Controller collects and processes the following data for the specified retention period.

on the basis of a legitimate interest

Data	Retention period
name	The retention period is the end of the 3rd month from the date of the end of the recruitment procedure
e-mail address
phone number
curriculum vitae
photo

 

express and voluntary consent

Data	Retention period
name	Retention period until withdrawal of consent, but up to the end of the year following the consent.
e-mail address
phone number
curriculum vitae
photo

The Data Subject may find more information about the method of withdrawing consent in the subsequent chapters of the Notice.

3. Collection, use and transfer of personal data

Controller:

• The controller informs the Data subject of the processing practice in the required manner prior to the start of processing.
• The controller collects, stores and uses Personal Data only for specifically defined purposes. The collected information always matches the particular purpose and is relevant and adequate for it.
• The controller takes steps that are reasonable in terms of the particular purpose to make sure that the Personal Data of the Data Subjects are complete, accurate, up-to-date and reliable to the extent required for the purpose.
• The controller uses your Personal Data for promotional purposes only with your consent and gives you an opportunity to prohibit communication of this nature.
• The controller takes proportionate and prudent steps to protect the Personal Data of the Data Subject, also including cases when they are transferred to third parties. No data are transferred to third parties without the prior, express consent of the Data Subject.

 

4. The Controller employs the following Processor(s) for the activities listed below to process Personal Data:

Processor	Company registration number/tax number:	Activity pursued
T-system Zrt.	Tax number: 12928099-2-44 Company registration number: 01-10 044852	email hosting
Hetzner Online GmbH	Industriestr. 25|91710 Gunzenhausen VAT Reg. No.: DE812871812	website hosting
Béla Fridrik private contractor	Tax number: 67942493-1-33 Registration number: 50981719	webmaster service provider
Microsoft		MS Azure cloud computing service

 

5. The processor transfers the data to the following recipients:

• Employees of the company pursuing customer service and trading tasks,
• Employees managing the competent unit of the Company.

 

Use of the Website (www.dorsum.eu)

6. Purpose of processing

Personal data may be processed only for specified and explicit purposes, to the extent necessary, for the exercising of certain rights and fulfilment of obligations. The purpose of processing must be satisfied in all stages of the data control operations; personal data shall be registered and processed lawfully and fairly. Personal data may be processed to the extent and for the duration necessary to achieve its purpose. The controller adopted internal orders in order to regulate that data are processed only by recipients involved in and necessary for the attainment of the goal of processing.

The Controller processes Personal Data of Data Subjects using the Website based on the express and voluntary consent of the Data Subject in the following cases:

• Communication – responding to inquiries of the Data Subject made through the web interface
• Marketing purpose, observation and collection of visitor habits

7. Scope of the processed data, duration of processing, parties eligible to access the data

Consequently, with reference to the indicated legal ground, the Controller collects and processes the following data for the specified retention period.

 

Data	Retention period
Name – when contact is established	As long as the applied (technical or optional) cookie is active or until the Data Subject deletes the cookie
Email address – in relation to contact
Phone number – in relation to contact
Content of the email message – in relation to contact
IP address of the computer of the Data Subject – during the use of a website
Start and end time spent on the website – during the use of the website
Type of the browser and the operating system depending on the settings of the computer of the Data Subject (during the use of the website)
Data related to the activity of the Data Subject – relating to websites – during the use of the website

The Data Subject may find more information about the method of withdrawing consent in the subsequent chapters of the Notice.

8. Collection, use and transfer of personal data

Controller:

• The controller informs the Data subject of the processing practice in the required manner prior to the start of processing.
• The controller collects, stores and uses Personal Data only for specifically defined purposes. The collected information always matches the particular purpose and is relevant and adequate for it.
• The controller takes steps that are reasonable in terms of the particular purpose to make sure that the Personal Data of the Data Subjects are complete, accurate, up-to-date and reliable to the extent required for the purpose.
• The controller uses your Personal Data for promotional purposes only with your consent and gives you an opportunity to prohibit communication of this nature.
• The controller takes proportionate and prudent steps to protect the Personal Data of the Data Subject, also including cases when they are transferred to third parties. No data are transferred to third parties without the prior, express consent of the Data Subject.

9. The Controller employs the following Processor(s) to process Personal Data:
10. The processor transfers the data to the following recipients:

• Employees of the company pursuing customer service and trading tasks,
• Employees managing the competent unit of the Company.

The Controller informs the visitors of the website that when they use the website (and no contact is established with the Data Subject on the web) data will be collected and processed with the use of anonymous user IDs (cookies) and the acceptance thereof by the Data Subject. The Controller summarises the main features of the cookies below:

The Controller may use alphanumeric information packages with various content, sent by the web server, registered on the user’s computer and stored for a pre-defined effective period, known as cookies, for its services and for the website.

A cookie is a sequence of signals suitable for individual identification and storage of profile information which the service providers place on the Data Subject’s computer. It is important to know that such a signal sequence itself cannot identify the Data Subject in any way, it is only suitable for recognising the Data Subject’s computer. In the world of the world wide web personalised information and customised service can only be provided if the service providers can identify the habits and needs of each customer. Service providers opt for anonymous identification to learn more about the habits of their customers while using information in order to improve the quality of their services and to offer customisation options to their customers.

With the help of cookies e.g., the preferences and settings of the Data Subjects are stored; they help in log in, personalised advertisements may be displayed and the operation of the website can also be analysed. Consequently, we use such services to collect and monitor the data of the Data Subject’s actions such as relevance, recommendations, searches, opened pages, most important and most frequently used functions.

Website operators use Flash cookies to know whether the Data Subject has ever visited the website and they also help identify the functions and services that are most interesting to a Data Subject. The search and flash cookies enhance the online experience by preserving the information preferred by the Data Subject while staying on one page. Neither the search nor the flash cookies can identify the Data Subjects as a person and the Data Subject can refuse search cookies through the browser settings, but without such cookies they will not be able to use all the services of the website.

If a Data Subject does not wish to have such identification signs on their computers, they can set up their browsers not to permit the installation of the individual ID sign, but in that case the Data Subject may not have access to the services at all or in the same form as they would be if they permitted the installation of the IDs.

A large number of users use the services in various software and hardware environment, for different purposes and in different areas. The development of services may match best the needs and opportunities of the users if the website operator can have an overall understanding of the habits and needs of the users. However, given the large number of users, in addition to personal enquiries and responses it is a very effective additional method if a website operator also collects and analyses the data relating to their habits and the running environment of services with an automated method.

Processing rules related to the use of the Botboarding service

11. Purpose of processing

Personal data may be processed only for specified and explicit purposes, to the extent necessary, for the exercising of certain rights and fulfilment of obligations. The purpose of processing must be satisfied in all stages of the data control operations; personal data shall be registered and processed lawfully and fairly. Personal data may be processed to the extent and for the duration necessary to achieve its purpose. The controller adopted internal orders in order to regulate that data are processed only by recipients involved in and necessary for the attainment of the goal of processing.

The purpose of a Botboarding presentation is to simulate client interaction with a financial virtual advisor. In the process the Data Subject must provide data only to present the actual processes realistically. The presentation works perfectly with invented data as well and therefore there is no need to enter real personal data.

The data provided by the Data Subject model how the Botboarding solution can obtain a sales connection (lead) but the data are not used for real sales purposes. The purpose of processing is to analyse the data by the Controller’s developers and continuously develop the service according to those data.

12. When the service described in this section is used, the Controller processes the Personal Data based on the express and voluntary consent of the Data Subject in the following cases:

• Voluntary use of the service

13. Scope of the processed data, duration of processing, parties eligible to access the data

While using the service, the Data Subject can also provide invented data, as they are also encouraged to do so by the Botboarding application.

Consequently, with reference to the indicated legal ground, the Controller collects and processes the following data for the specified retention period (when the Data Subject provides their personal data).

 

Data	Retention period
name	90 days or until the consent is withdrawn
e-mail address
phone number
date of birth
address
number of children (actual and planned)
income
savings

 

The Data Subject may find more information about the method of withdrawing consent in the subsequent chapters of the Notice.

14. Collection, use and transfer of personal data

Controller:

• The controller informs the Data subject of the processing practice in the required manner prior to the start of processing.
• The controller collects, stores and uses Personal Data only for specifically defined purposes. The collected information always matches the particular purpose and is relevant and adequate for it.
• The controller takes steps that are reasonable in terms of the particular purpose to make sure that the Personal Data of the Data Subjects are complete, accurate, up-to-date and reliable to the extent required for the purpose.
• The controller uses your Personal Data for promotional purposes only with the consent of the Data Subject and gives you an opportunity to prohibit communication of this nature.
• The controller takes proportionate and prudent steps to protect the Personal Data of the Data Subject, also including cases when they are transferred to third parties. No data are transferred to third parties without the prior, express consent of the Data Subject.

15. The Controller employs the following Processor(s) for the activities listed below to process Personal Data:

Processor	Company registration number/tax number:	Activity pursued
Hetzner Online GmbH	Industriestr. 25 | 91710 Gunzenhausen VAT Reg. No.: DE812871812	Data storage

 

16. The processor transfers the data to the following recipients:

• Employees of the company pursuing customer service and trading tasks,
• Employees managing the competent unit of the Company.

Data security

In line with its obligation under the Privacy Act, the Controller takes all reasonable efforts to secure the data of the Data Subject and take all necessary technical and organisational measure and introduce procedural rules that are required for enforcing the provisions of the Privacy Act and other data and secret protection rules. Only the Controller and expressly authorised employees of the Controller may have access to the data of the Data Subjects stored in the Controller’s data bases.

Cloud based applications are also part of the service. Cloud applications are usually international, cross-border applications and are used e.g., for storing data. In such cases the data are not stored on the computer / company computer centre of the Controller but a server which can be anywhere in the world. The main advantage of the cloud applications is their ability to offer highly secure and flexibly expandable IT store and processing capacity, independent from any geographic location.

The Controller pays the greatest possible attention when selecting the partners providing the cloud services and takes all reasonable efforts to enter into contract with them, also focusing on the data security interests of the Data Subjects, to make the processing principles of their partners transparent for the Data Subjects and to control the security of data regularly.

The website of the Controller may contain a reference or link to pages operated by other service providers (including buttons and logos pointing to log in and sharing options) where the Controller has no influence at all on the practice applied of the processing of personal data. The Controller informs all Data Subjects that when they click on such links, they may be taken to pages of other service providers. In such cases we recommend that you always use the privacy notice applicable to the use of such pages. This Privacy Notice applies only to processing by the Controller. If a Data Subject modifies any data on an external website, it will not affect the processing by the Controller and the same modifications must also be performed on this website.

Access to, modification, rectification and portability of personal data

1. Access

The data subject has the right to receive notification from the controller regarding whether or not their personal data are being processed, and if they are, the data subject has the right to access their personal data and the following information:

1. the purposes of data processing;
2. the categories of the respective personal data;
3. the recipients or the categories of thereof who/which have received or will receive the data subject’s personal data.

 

2. Modification, rectification

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the Data Subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

3. Portability

The data subject has the right to receive the personal data they provided to a data manager party, in an articulated, widely used and device-readable format; the data subject also has the right to share these data with other data managers without any hindrance from the original data manager, if:

1. processing is based on voluntary consent or a contract where the Data Subject is a party, and
2. the processing activity is an automated process.

Erasure and blocking of personal data, right to object

1. Erasure

(1) The data subject has the right to request the controller to erase their personal data immediately; upon receiving such requests the Controller shall immediately perform the requested erasure if any of the following criteria is fulfilled:

1. the personal data requested to be erased are no longer needed for the purpose they were obtained for and processed in any way;
2. The data subject withdraws voluntary consent on which the processing is based through the Customer Service and there is no other legal ground for the processing;
3. The Data Subject objects to processing for reasons relating to their own situation or because it is for direct marketing purposes and there is no other legitimate purpose of processing that would have priority.
4. the processing of the personal data is unlawful;
5. the Controller has a legal obligation to erase the personal data imposed on them by legislation of the European Union or a member state thereof;
6. the personal data were obtained in connection to the provision of services provided directly to children in relation to the information society.

(2)  Where the controller has made the personal data public and is obliged pursuant to paragraph (1) to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

(3)  Paragraphs (1) and (2) shall not apply to the extent that processing is necessary:

1. to exercise rights to freedom of expression and information;
2. for compliance with a legal obligation which requires processing of personal data by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
3. There is a public interest that relates to employment or public health;
4. For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
5. for the establishment, exercise or defence of legal claims.
6. Restriction

(1) The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

1. The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
3. The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
4. The data subject has objected to processing for a reason that related to their own situation; in this case the restriction relates to the period while it is established whether the legitimate grounds of the controller override those of the data subject.

(2) Where processing has been restricted under paragraph (1) such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

(3) A data subject who has obtained restriction of processing pursuant to paragraph (1) shall be informed by the controller before the restriction of processing is lifted.

3. Right to object

For reasons pertaining to their situation the data subject may object at any time to the processing of their personal data where processing takes place as a task in exercising official authority vested in the Controller or when processing s necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, which also includes profiling based on the provisions referred to above. In such a case the controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

Right enforcement options of the user

When the personal rights of the user are violated and in other cases defined in the Regulation, users may turn to the Hungarian National Authority for Data Protection and Freedom of Information for assistance or may, within their own discretion, take their case to a court, which is competent according to their permanent or temporary place of residence:

 

Name:                         National Authority for Data Protection and Freedom of Information
Postal address:          1363Budapest, PO Box 9.
Address:                      1055 Budapest, Falk Miksa street 9-11.
Phone:                         (+36 1) 391-1400
Fax:                              (+36 1) 391-1410
Web:                            www.naih.hu
E-mail:                        ugyfelszolgalat@naih.hu

Modification of the Notice

The Controller reserves the right to modify or update this Notice at any time, without any prior notification and to publish the updated version on its website. Any modification applies only to the personal data obtained after the publication of the modified version. The currently effective Notice is available on the following link: https://www.dorsum.eu/privacy-policy/

Please check this Notice regularly to follow the changes and to find out the impact of the changes on You.

Last update: 26. 07. 2023.