Barion Pixel

Data management information

Updated: 2024. 09. 06.

1. Data Manager

The websites available at https://wiredsign.com (https://eszerzodes.hu, https://ssl.eszerzodes.hu, https://eszerződés.hu, https://e-szerződés.hu)
whistleblowingapp.com https://epanaszbejelento.hu and https://epanaszbejelentes.hu Internet addresses (hereinafter referred to as "websites") - are operated by

Wiredsign Zártkörűen Működő Részvénytársaság (Private Limited Company)

Abbreviated name: Wiredsign Zrt.
Company registration number: 12-10-001683
Tax Number: 29277261-2-12
Headquarters: 2643 Diósjenő, Dózsa György út 28/b
Postal address: 2643 Diósjenő, Dózsa György út 28/b
Phone: +36 20 886 1309
E-mail address: [email protected]
Website: https://www.WiredSign.com/

(hereinafter: Data Manager).

Contact details of the Data Protection Officer: Dr. Cserepka Balázs
Postal address: 2643 Diósjenő, Dózsa György út 28/b.
E-mail address: [email protected]

2. Legislation on data management, scope of the prospectus

2.1. The Data Manager manages the data of the Users primarily in accordance with

  • REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Data Protection Regulation);(The EU General Data Protection Regulation
  • General Data Protection Regulation of the European Union) (hereinafter: GDPR)
  • Act CVIII of 2001 on certain aspects of electronic commerce services and information society services (Ekertv.),
  • Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising (Grt.)
  • Act CXII of 2011 - on the right to information self-determination and freedom of information (hereinafter: the Information Act),
  • Act CVIII of 2001 on certain aspects of electronic commerce services and information society services,
  • Act XLVII of 2008 on the Prohibition of Unfair Commercial Practices against Consumers;
  • Act C of 2003 on Electronic Communications,
  • Act CLV of 1997 on Consumer Protection.

2.2. The scope of this prospectus applies to the processing of data during the use of https://wiredsign.com (https://eszerzodes.hu, https://ssl.eszerzodes.hu, https://eszerződés.hu, https://e-szerződés.hu), whistleblowingapp.com (https://epanaszbejelento.hu, https://epanaszbejelentes.hu) websites, the use of the services available therein and the fulfillment of orders placed on the website.

2.3. According to this prospectus, User: natural persons browsing the website, using the services of the website and ordering services from the Data Manager.

3.1. The Data Manager uses cookies to operate the website and to collect technical data on the visitors of the website.

3.2. The Data Manager provides a separate prospectus on the data management implemented by cookies: Data management information on the use of cookies.


Consent to the use of cookies.

For our website to function properly we use cookies. To obtain your valid consent for the use and storage of cookies in the browser you use to access our website and to properly document this we use a consent management platform: CookieFirst. This technology is provided by Digital Data Solutions BV, Plantage Middenlaan 42a, 1018 DH, Amsterdam, The Netherlands. Website: https://cookiefirst.com referred to as CookieFirst.

When you access our website, a connection is established with CookieFirst’s server to give us the possibility to obtain valid consent from you to the use of certain cookies. CookieFirst then stores a cookie in your browser in order to be able to activate only those cookies to which you have consented and to properly document this. The data processed is stored until the predefined storage period expires or you request to delete the data. Certain mandatory legal storage periods may apply notwithstanding the aforementioned.

CookieFirst is used to obtain the legally required consent for the use of cookies. The legal basis for this is article 6(1)(c) of the General Data Protection Regulation (GDPR).

Data processing agreement

We have concluded a data processing agreement with CookieFirst. This is a contract required by data protection law, which ensures that data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.

Server log files

Our website and CookieFirst automatically collect and store information in so-called server log files, which your browser automatically transmits to us. The following data is collected:

  • Your consent status or the withdrawal of consent
  • Your anonymised IP address
  • Information about your Browser
  • Information about your Device
  • The date and time you have visited our website
  • The webpage url where you saved or updated your consent preferences
  • The approximate location of the user that saved their consent preference
  • A universally unique identifier (UUID) of the website visitor that clicked the cookie banner

4.1. Persons affected by data management: Users who send a message to the Data Manager by e-mail using the User's own e-mail client or by using the e-mail address(es) provided on the Web site by clicking on "Write us an e-mail" under the "Who we are" menu item.

4.2. Legal basis of data management: the User's consent pursuant to Article 6 (1) (a) of the GDPR. The User gives his/her consent by sending an e-mail.

The user has the right to withdraw his/her consent at any time. The withdrawal of consent shall not affect the legality of the data management carried out before the withdrawal.

4.3. To determine the scope of managed data:

The User who sent the message:

  • name,
  • e-mail address,
  • the subject of the message,
  • the content of the message.

4.4. Purpose of data management: To enable the user to exchange messages with the Data Manager.

Related features:

  • receiving a message sent by e-mail,
  • reply to messages sent to the Data Manager in the above ways.

4.5. Duration of data processing: If no contract is concluded as a result of the message exchange, the data will be processed until the message is answered or the User's request is fulfilled. The Data Controller deletes the data processed for this purpose after 1 month has passed since the answering of the message/request fulfillment. If the exchange of information takes place with several related message exchanges, the Data Controller will delete the data after 1 month has elapsed since the completion of the information exchange or the fulfillment of the request.

If a contract is concluded as a result of the message exchange and the content of the messages is relevant to the contract, the legal basis and duration of data processing will be determined according to the provisions in Chapters 10, 11, and 12 (data processing related to the use of services).

4.6. How data is stored: In separate data files in the IT system of the Data Manager.

5.1. Persons affected by data management: Users who send a message using the chat window on the website.

5.2. Legal basis of data management: the User's consent pursuant to Article 6 (1) (a) of the GDPR. The User gives his/her consent by sending a message via the chat window.

The user has the right to withdraw his/her consent at any time. The withdrawal of consent shall not affect the legality of the data management carried out before the withdrawal.

5.3. Scope of managed data: the content of the message sent by the User.

5.4. Purpose of data management: To enable the User to exchange messages with the Data Manager.

5.5. Duration of data processing: The Data Controller processes the data until the purpose is realized. Accordingly, for Users who send messages, the duration of data processing lasts until the message is answered or the User's request is fulfilled. The Data Controller deletes the data processed for this purpose after 1 month has passed since the answering of the message/request fulfillment. If the exchange of information takes place with several related message exchanges, the Data Controller will delete the data after 1 month has elapsed since the completion of the information exchange or the fulfillment of the request.

If a contract is concluded as a result of the message exchange and the content of the messages is relevant to the contract, in that case, the legal basis and duration of data processing will be determined according to the provisions in Chapters 10, 11, and 12 (data processing related to the use of services).

5.6. How the data is stored: In separate data files in the IT system of the Data Manager, until the end of the information exchange period.

5.7. Use of a data processor: The Data Manager uses Smartsupp.com, s.r.o. and Intercom R&D Unlimited Company as data processors in connection with the use of the chat window. See Chapter 21. for more information. You can read about the data management performed by Smartsupp.com, s.r.o. or Intercom R&D Unlimited Company on their own behalf during the use of the chat service in the data management information of the service providers:

https://help.smartsupp.com/en_US/privacy and https://www.intercom.com/legal/privacy.

6.1. Persons affected by data management: Users who send a message using the Facebook messenger app after clicking on the button "Facebook messenger" under the "Facebook messenger" menu item on the website.

6.2. Legal basis of data management: the User's consent pursuant to Article 6 (1) (a) of the GDPR. The User gives his/her consent by sending a message via the Facebook messenger application.

The user has the right to withdraw his/her consent at any time. The withdrawal of consent shall not affect the legality of the data management carried out before the withdrawal.

6.3. Scope of managed data: the name of the User and the content of the message sent by him/her.

6.4. Purpose of data management: To enable the User to exchange messages with the Data Manager.

6.5. Duration of data processing: The Data Controller processes the data until the purpose is realized. Accordingly, for Users who send messages, the duration of data processing lasts until the message is answered or the User's request is fulfilled. The Data Controller deletes the data processed for this purpose after 1 month has passed since the answering of the message/request fulfillment. If the exchange of information takes place with several related message exchanges, the Data Controller will delete the data after 1 month has elapsed since the completion of the information exchange or the fulfillment of the request.

If a contract is concluded as a result of the message exchange and the content of the messages is relevant to the contract, in that case, the legal basis and duration of data processing will be determined according to the provisions in Chapters 10, 11, and 12 (data processing related to the use of services).

6.6. How the data is stored: The Data Controller stores the data in a separate database within its IT system until the end of the information exchange period.

6.7. Use of a data processor: the Data Manager uses Meta Platforms Ireland Ltd. as a data processor in connection with the use of the Facebook messenger application. See Chapter 21. for more information. For information about the data management performed by Meta Platforms Ireland Ltd. on its own behalf when using Facebook Messenger, please refer to the relevant data management information of the service provider Meta Platforms Ireland Ltd.: https://www.facebook.com/privacy/explanation.

7.1. Scope of data subjects: Users specified in this information document who book a consultation appointment using the appointment booking menu on the Data Controller's website or by using the link sent to them via email.

7.2. Legal basis for data processing: Data processing necessary for the performance of the service according to Article 6(1)(b) of the GDPR.

7.3. Scope of processed data:

The User:
  • name,
  • email address,
  • phone number,
  • selected topic of the consultation,
  • appointment time for the consultation,
  • additional text message (optional),
  • selected mode of consultation (phone or online meeting platform).

7.4. Purpose of data processing: Fulfillment of the consultation booked at the Data Controller at the appropriate time, reservation of the time slot booked by the User. The phone number will only be used if an extraordinary consultation is necessary regarding the appointment booking. The email address will be used for electronic confirmation of the booked appointment and, if necessary, further consultation via email.

7.5. Duration of data processing: The Data Controller will delete the data after the booked consultation has taken place.

7.6. Method of data storage: The Data Controller stores the data in a separate database within its IT system.

7.7. Use of data processors: The Data Controller uses Calendly LLC. as a data processor in connection with the use of the appointment booking system. You can read more about this in Chapter 21.

8.1. Scope of data subjects: Users specified in this information document who participate in consultations held with the Data Controller using an online meeting platform.

8.2. Legal basis for data processing: Data processing necessary for the performance of the service according to Article 6(1)(b) of the GDPR.

8.3. Scope of processed data:

The User:
  • name,
  • email address,
  • phone number,
  • the date and duration of the consultation,
  • the content of the consultation,
  • during the consultation, the User's voice and statements, as well as any conclusions drawn from them,
  • in the case of video consultation, the User's image and recognizable behavior during the live video broadcast, as well as any conclusions drawn from them.

8.4. The purpose of data processing: Fulfillment of the consultation booked with the Data Controller. The email address is used for sending the link required for participation in the online consultation via email.

8.5. Duration of data processing: After the completion of the booked consultation, the Data Controller deletes the data. The audio and visual content of the consultation will not be recorded.

8.6. Method of data storage: The data is stored in a separate database within the Data Controller's IT system.

8.7. Involvement of data processors: The Data Controller engages Google Ireland Ltd. as a data processor to fulfill the online consultation. More information on this can be found in Chapter 21.

9.1. Affected by data processing: the User who subscribes to the website by ticking the consent form for the newsletter subscription.

9.2. Legal basis of data management: pursuant to Article 6 (1) (a) of the GDPR, subject to Section 6 (1) and (2) of the Grt, the User's consent. The voluntary consent is given by the User by checking the checkbox before the subscription statement.

The user has the right to withdraw his consent at any time. The withdrawal of consent shall not affect the legality of the processing carried out before the withdrawal.

In addition to sending useful information, the newsletter service is also aimed at direct business acquisition by the Data Manager. The User can subscribe to this service regardless of the use of other services. The use of this service is based on a voluntary decision made after the User has been duly informed. If the User does not use the newsletter service, he/she will not be disadvantaged in terms of using the website and other services. The Data Manager does not make the use of its direct acquisition service a condition for the use of any other service.

9.3. Scope of managed data: the name and email address of the User.

9.4. The purpose of the data management: sending newsletters by the Data Manager to the User by e-mail. The sending of newsletters means the sending of information about the of the Data Manager’s services, news and current events, awareness-raising offers, advertising and sales promotional content.

9.5. Duration of data management: The Data Manager manages the data processed for the purpose of sending the newsletter until the User's consent to this is revoked (unsubscribed) or the data is deleted at the User's request.

9.6. How data is stored: In separate data files in the IT system of the Data Manager.

10.1. Persons affected by data management: a natural person (consumer) who subscribes to the website or registers for the use of the free service package Users.

When a service is completed or a user account is created to provide access to the free service.

10.2. Legal basis of data management: Article 6 (1) (b) of the GDPR, according to which data processing is necessary for the performance of a contract or service to which the User is a party.

10.3. Definition of the scope of data processed: data processing affects the following personal data and contact details.

To identify the User and ensure his/her availability:

  • name,
  • e-mail address,
  • password,
  • telephone number,
  • address,
  • mother's name,
  • place of birth,
  • date of birth,
  • the number of the identity card /optional/,

To authenticate the identity of a user as a person producing / signing authenticated electronic documents:

  • name,
  • mother's name,
  • address,
  • place of birth,
  • date of birth,
  • the number of the identity card /optional/,

to create a user account:

  • last name,
  • first name,
  • username,
  • e-mail address,
  • password,

and to provide a free service package:

in addition, in the case of a subscription:

  • billing address,
  • indication of service package,
  • service package fee,
  • subscription duration,
  • payment method,
  • Any other information provided by the user that is necessary to perform the service,
  • date of subscription,
  • date of payment of fees, schedule of payment of fees,
  • in case of redemption of a coupon, the coupon code and the discount rate,

to sign documents generated by the service:

- digital image of the User's signature, individually generated line of code (as described in Chapter 12).

10.4. The purpose of data management: to conclude and fulfill the contract resulting from the subscription and to ensure access to the service package by creating a user account. Providing access to and performance of the service when registering for a free service package.

The purpose of the data used to verify the identity of the User is also to fulfill the contract, as it is part of the Data Manager’s service that the Users can produce authentic documents using it. Thus, the authentication of the User's identity and the management of data in order to prevent fraud are also part of the service (see Chapter 11 for more information).

10.5. Duration of data management: The Data Manager shall retain the data processed in connection with the performance of the contract, including relevant messages related to the contract, until the expiry of the general limitation period applicable to civil law claims for a period of 5 years from the termination of the contract. Chapter 14 provides information on the data management performed to fulfill the related accounting obligations.

In the case of users registered for the free service package, the duration of data processing lasts until the deletion of the registered user upon their request, if they do not order the service. Data processing may also cease with the deletion of the registration by the user or the deletion of the user's registration by the Data Controller. The user can delete their registration at any time or request its deletion from the Data Controller, who will carry out the request without delay, but no later than 10 working days after the receipt of the request.

10.6. How data is stored: In separate data files in the IT system of the Data Manager.

11.1. Persons affected by data management: a sole proprietor or an individual with a tax number who subscribes to the website or registers for the use of the free service package.

During completion of the service or ensuring access to the free service, an account will be created to ensure access to the service.

11.2. Legal basis of data management: Article 6 (1) (b) of the GDPR, according to which data processing is necessary for the performance of a contract or service to which the User is a party.

11.3. Definition of the scope of data processed:

To identify the User and ensure his/her availability:

  • name,
  • e-mail address,
  • password,
  • telephone number,
  • mother's name,
  • place of birth,
  • date of birth,
  • the number of the identity card /optional/,
  • the form of the business,
  • the head office of the business,
  • the postal address of the business,
  • the tax number of the business, its Community tax number,

To authenticate the identity of a user as a person producing / signing authenticated electronic documents:

  • name,
  • mother's name,
  • address,
  • place of birth,
  • date of birth,
  • the number of the identity card /optional/,

to create a user account:

  • last name,
  • first name,
  • username,
  • e-mail address,
  • password,

and to provide a free service package:

  • indication of the service package,

in addition, in the case of a subscription:

  • billing address,
  • indication of service package,
  • service package fee,
  • subscription duration,
  • payment method,
  • Any other information provided by the user that is necessary to perform the service,
  • date of subscription,
  • date of payment of fees, schedule of payment of fees,
  • in case of redemption of a coupon, the coupon code and the discount rate,

to sign documents generated by the service:

  • digital image of the User's signature, individually generated line of code (as described in Chapter 12).

11.4. The purpose of data management: to conclude and fulfill the contract resulting from the subscription and to ensure access to the service package by creating a user account. Providing access to and performance of the service when registering for a free service package.

The purpose of the data used to verify the identity of the User is also to fulfill the contract, as it is part of the Data Manager’s service that the Users can produce authentic documents using it. Thus, the authentication of the User's identity and the management of data in order to prevent fraud are also part of the service (see Chapter 11 for more information).

11.5. Duration of data management: The Data Manager shall retain the data processed in connection with the performance of the contract, including relevant messages related to the contract, until the expiry of the general limitation period applicable to civil law claims for a period of 5 years from the termination of the contract. Chapter 16. provides information on the data management performed to fulfill the related accounting obligations.

In the case of users registered for the free service package, the duration of data processing - if they do not order the service - lasts until the registered user requests deletion. Data processing may also be terminated by the user deleting their registration or by the Data Controller deleting the user's registration. Users can delete their registration at any time or request its deletion from the Data Controller, who will execute the request without delay but no later than 10 working days after the receipt of the request.

11.6. How data is stored: In separate data files in the IT system of the Data Manager.

12.1. Persons affected by data management: a natural person subscribing to the Website or registering to use the Free Service Package, acting on behalf of a customer organization, and Users registered by a customer business or individual customer in any form as an associate account user (or “Representative”).

When you complete the service or ensure access to the free service, an account is created to ensure access to the service.

The associate account can be created by the client User.

12.2. Legal basis of data management: in accordance with Article 6 (1) (f) of the GDPR, the legitimate interest of the organization represented by the User (hereinafter referred to as the Client Organisation).

It is in the legitimate interest of the Client organization to use the ordered service, which it can do through the representation of a natural person .

The Data Manager shall process the data of the Representative only within the framework of the administration related to the organization he / she represents and the performance of the service, to the extent and for the time required for this purpose, and shall limit the data to the necessary data.

The performance of the service and the necessary exchange of information cannot take place without the processing of the data of the Representative, so data management is essential for the order.

A separate documentation was prepared on the balance of interests, the availability of which the User may inquire at the Data Manager.

A separate documentation has been prepared on the balancing of interests, which the User can inquire about the availability of from the Data Controller.

12.3. Definition of the scope of data processed:

To identify the User and ensure his/her availability:

  • name,
  • e-mail address,
  • password,
  • telephone number,
  • address,
  • mother's name,
  • place of birth,
  • date of birth,
  • the number of the identity card /optional/,

To authenticate the identity of a user as a person producing / signing authenticated electronic documents:

  • name,
  • mother's name,
  • address,
  • place of birth,
  • date of birth,
  • the number of the identity card /optional/,

to create a user account:

  • last name,
  • first name,
  • username,
  • e-mail address,
  • password,

and to provide a free service package:

  • indication of the service package,

in addition, in the case of a subscription:

  • billing address,
  • indication of service package,
  • service package fee,
  • subscription duration,
  • payment method,
  • Any other information provided by the user that is necessary to perform the service,
  • date of subscription,
  • date of payment of fees, schedule of payment of fees,
  • in case of redemption of a coupon, the coupon code and the discount rate,

to identify and access the business represented:

  • name,
  • form,
  • headquarter,
  • postal address,
  • billing address,
  • tax number, Community tax number,

to sign documents generated by the service:

  • digital image of the User's signature, individually generated line of code (as described in Chapter 12).

12.4. The source of the data: by default the User. If the Representative indicated during the order does not provide his data on his/her own, but from the Client organization , then the source of the data is the Client organization. In this case, the Data Manager also receives the data of the Representative in the legitimate interest of the Client organization. It is the obligation of the Client Organization to inform the Representative of the data processing carried out by him/her; on the provision of the data of the Representative to the Data Manager.

12.5. The purpose of data management: to conclude and fulfill the contract resulting from the subscription and to ensure access to the service package by creating a user account. Providing access to and performance of the service when registering for a free service package.

The purpose of the data used to verify the identity of the User is also to fulfill the contract, as it is part of the Data Manager’s service that the Users can produce authentic documents using it. Thus, the authentication of the User's identity and the management of data in order to prevent fraud are also part of the service (see Chapter 13. for more information).

12.6. Duration of data management: The Data Manager shall retain the data processed in connection with the performance of the contract, including relevant messages related to the contract, until the expiry of the general limitation period applicable to civil law claims for a period of 5 years from the termination of the contract. Chapter 16. provides information on the data management performed to fulfill the related accounting obligations.

In the case of Users registered for the free service package, the duration of data processing - if they do not order the service - lasts until the registered User requests deletion. Data processing may also cease with the deletion of the registration by the User or the deletion of the User's registration by the Data Controller. The User may delete their registration at any time or request its deletion from the Data Controller, which request the Data Controller will execute without delay, but no later than within 10 working days of receiving the request.

12.7. How data is stored: In separate data files in the IT system of the Data Manager.

13. User identity verification

13.1. During the data management referred to in the above chapters, in order to verify and authenticate the User's identity, the Data Manager manages the following data of the User from the data provided by the User during registration:

  • name,
  • mother's name,
  • address,
  • identity card number.

13.2. The authentication is also performed on the basis of the identification request submitted directly to the e-personal system of the Ministry of the Interior, and it is confirmed back to the Data Manager by the electronic system of the Ministry of the Interior. The confirmation contains the above data, so the Data Manager will not know any new data during the process. The identity is verified by comparing the data provided during registration with the data provided in the confirmation of the Ministry of the Interior.

13.3. The Data Manager does not transmit data to the Ministry of the Interior.

13.4. Contact details of the Ministry of the Interior:

Ministry of the Interior
Address: 1051 Budapest, József Attila utca 2-4. E-mail: [email protected] Phone: +36 1 441 1000 Fax: +36 1 441 1437

14. Unique signature

14.1. During the data management related to the signing of the documents generated by the service referred to in the above chapters, the Data Manager shall proceed as follows.

14.2. In order to store the signature images securely, we have developed a specially developed watermark protection, which protects the files from external interference and forgery. The system combines digital signatures with PKI solutions. A digital watermark is added to the digital signature, which, in addition to fraud prevention, contains the so-called fingerprint of the content of the contract, as well as the fingerprint of the customer's identification data, formed with the SHA-256 cryptographic algorithm.

14.3. A unique imprint is made from the data listed above, making the signature unique and uniquely linked to the document and the signatory. Their chain and logical relationship cannot be reproduced even with partial data. If the document changes in the slightest, the signature becomes invalid.

15.1. Persons affected by data management: Users using the service available on the website.

15.2. Legal basis of data management: Article 6 (1) (b) of the GDPR, according to which data processing is necessary for the performance of a contract or service to which the User is a party.

15.3. Scope of data processed: the telephone number of the User, the information contained in the sent message and the information related to the message (time of sending, time of receiving)

15.4. Part of the data management service is that users can use it to generate authentic documents, so the purpose of data management is to fulfill the contract; including the confirmation and authentication of the User's identity and authorization, and the operation of a fraud prevention system.

15.5. Duration of data management: information related to a given SMS message will be stored for 12 months from the date of sending, otherwise the User's phone number will be stored until the end of the service.

15.6. How data is stored: In separate data files in the IT system of the Data Manager.

16.1. The scope of data processing: the subscriber Users.

16.2. Legal basis of data management: Article 6 (1) (c) of the GDPR, according to which data processing is necessary to fulfill a legal obligation to the Data Manager.

16.3. Scope of managed data: data recorded on accounting documents:

the User’s

  • name,
  • address,

in the case of a business, its:

  • tax number/Community tax number,
  • headquarters,
  • billing address,

ordered service:

  • duration,
  • indication of the package of services,
  • fee, due date, schedule, information on payment,

in addition, if the data provided during the subscription (as an order) and the contract concluded with the Data Manager are treated as accounting documents, the data contained therein.

16.4. The purpose of data management: accounting obligations related to the contract resulting from the subscription; fulfillment of the data recording and document retention obligations specified in Section 169 of the VAT Act and Section 169 (2) of the Accounting Act.

16.5. Duration of data management: The Data Manager shall store the accounting documents for the time necessary to fulfill the document retention obligation arising from the Accounting Act. According to the Accounting Act, this period is at least 8 years from the issuance of the document, after which the data is deleted by the Data Manager within one year. This includes the details on the invoices (name, address, details of the service package ordered and the price paid) and, in some cases, additional information in the orders and confirmations as part of the contractual documentation.

16.6. How data is stored: on paper and electronic accounting documents, the latter in separate data files in the IT system of the Data Manager.

17.1. Persons affected by data management: a User who enters into a contract using the Data Management Service on the Website, about whom another user writes evaluative feedback. The evaluation is displayed on the data sheet of the evaluated User in a way that is visible to other Users who enter into a contract with the User or prepare it.

17.2. Legal basis of data management: the legitimate interest of the Data Manager pursuant to Article 6 (1) (f) GDPR. It is in the legitimate economic interest of the Data Manager to maintain confidence in the reliability and authenticity of its services by operating an evaluation system.

A separate documentation was prepared on the balance of interests, the availability of which the User may inquire at the Data Manager.

A separate documentation has been prepared on the balancing of interests, about which the User can inquire the availability from the Data Controller.

17.3. Scope of the relevant data:

  • the name of the user evaluated,
  • the text of the submitted evaluation from the options to be selected:

1. Contract was problematic
2. There was a delay in payment or service,
3. The user was neutral,
4. The user was correct,
- the number of each evaluated.

17.4. The purpose of data management: increasing and maintaining trust in the service, preventing abuse, maintaining the quality and credibility of the service.

17.5. Duration of data management: the data are stored linked to the given contract document, so the data management lasts until the given electronic contract document is deleted.

17.6. How data is stored: In separate data files in the IT system of the Data Manager.

18. Data management in relation to complaints

18.1. Persons affected by data management: cconsumers who file a complaint about the Data Manager’s service.

18.2. Legal basis of data management: Article 6 (1) (c) GDPR, which states that data processing is necessary to fulfill a legal obligation.

18.3. Scope of managed data:

The User’s:

  • name,
  • phone number/e-mail address/postal address depending on how the complaint is lodged,
  • the information presented in the complaint,

if minutes of the complaint are recorded, the minutes shall include:

  • the name of the User,
  • the user's address, registered office or, if necessary, mailing address,
  • the place, time and manner in which the complaint was lodged,
  • a detailed description of the complaint by recording each complaint element separately,
  • the identification of the contract concerned by the complaint,
  • the list of papers, documents and other evidence presented by the User,
  • the place and time of recording of the minutes.

18.4. The purpose of data management: investigating and responding to complaints compliance in accordance with the legal obligations imposed by Act CLV of 1997 on Consumer Protection.

18.5. Duration of data management: if the Data Manager keeps a report on the complaint, he / she is obliged to keep it for 3 years in accordance with the provisions of the Consumer Protection Act. If the complaint is rectified immediately by the Data Manager, no report will be recorded.

If the content of the messages related to the complaint is relevant for the performance of the service, then the legal basis and duration of the data processing will be as described in Chapters 10, 11 and 12 (data management related to the use of the service).

18.6. How the data is stored: In the IT system of the Data Manager, in a separate data file, in the case of recording a report on the report, in case of a complaint submitted on paper on a paper medium.

19. The WiredSign.comU as data processor

19.1. The Data Manager indicated above acts as a data processor with regard to the personal data contained in the contracts concluded by the Users with each other.

19.2. In this context, it ensures the security of the data and that it does not go beyond the operations necessary to perform its service by managing this data.

19.3. Otherwise, the legality of the processing of data processed as a data processor is the responsibility of the Users.

20. Data transmission

20.1. Online payment

20.1.1. The scope of those affected by the transfer of data: Users who pay online on the website.

20.1.2. The transmission shall be addressed to:

Barion Payment Zrt.
Company registration number: 01-10-048552
Tax number: 25353192-2-43
Headquarters: 1117 Budapest, Irinyi József Street 4-20.
Address: 1117 Budapest, Irinyi József Street 4-20.
Phone: +36 1 464 70 99
E-mail: [email protected]
Web site: https://www.barion.com/hu/

business company as the provider of the online credit card payment service available on the Data Manager’s website.

20.1.3. Legal basis for the transmission of data: the legitimate interest of the Payee under Article 6 (1) (f) GDPR.

The payee is obliged to operate a fraud prevention and detection system in connection with the provision of the payment service in accordance with the applicable legislation and is entitled to process the personal data necessary for this purpose. The Payee has established a system in accordance with its legal obligation, the operation of which requires the transfer of data by the Data Manager. Accordingly, it is in the legitimate interest of the Payee to be able to operate the fraud prevention and detection system in order to fulfill its legal obligations. Legal provisions referred to for the Payee:

  • Section 165 (5) of Act CCXXXVII of 2013 on Credit Institutions and Financial Businesses,
  • Section 92 / A (3) (f) of Act CCXXXV of 2013 on individual payment service providers,
  • Section 14 (1) (v) of Act LXXXV of 2009 on the Provision of Payment Services.

It is in the legitimate interest of the Data Manager and the Payee to prevent fraud and to ensure the proper functioning of online payments. The main source of revenue for both organizations is the proper functioning of the payment service. However, it is also in the interest of the User, especially to avoid the misuse of bank card data.

The transfer of data makes it possible to filter out and detect fraud and to remove any obstacles that may arise during the payment process.

The data will be transmitted from the data processed by the User during the order via the electronic channel providing encrypted data traffic, only to the Payee and only in case of online credit card payment, which the Payee does not use for other purposes. It follows that the transfer of data does not pose a significant risk to the User and does not have any further perceptible effect on him.

The transmission of data is necessary to achieve the purposes described here and is also suitable for making the payment service more secure.

Taking into account the above and the built-in guarantee measures, the transfer of data does not constitute an unreasonable interference with the privacy of the Users, therefore the transfer of data is a necessary and proportionate data management operation.

20.1.4. The scope of data transmitted:

  • purchase data for the ordered service packages (prices, costs, duration of subscription, renewal periods for renewable payment),
  • last name,
  • first name,
  • telephone number,
  • e-mail address,
  • address.

The User provides the bank card data provided during the payment directly to the payment service provider, so they will not be in the possession of the Data Manager.

20.1.5. The purpose of the data transmission: the proper operation of the payment service and the processing of payments in the technical sense, the confirmation of transactions, the operation of fraud monitoring to protect the interests of users - a fraud detection system supporting the control of electronically initiated banking transactions, and the provision of customer service assistance to the User.

20.1.6. Secure data transmission and data management: security is based on data separation. ESZERZŐDÉS.HU receives the information related to the order from the customer, and Barion Payment Zrt. only receives the card data required for the payment transaction on the payment page with 128-bit SSL encryption. During the payment with the bank card, the User provides the data of the bank card used for the payment directly and exclusively to Barion Payment Zrt., as it will be redirected to the website of Barion Payment Zrt. during the payment process. Barion Payment Zrt. does not share bank card data with the Service Provider. The page of the ESZERZŐDÉS.HU informs about the result of the transaction after the payment. To pay by credit card, your Internet browser must support SSL encryption.

SSL stands for Secure Sockets Layer. Barion Payment Zrt. has a 128-bit encryption key that protects the communication channel. A company called VeriSign allows B-Payment Zrt. to use the 128-bit key, which is used to provide SSL-based encryption. Currently, 90% of the world's e-commerce uses this encryption method. The browser program used by the customer uses SSL to encrypt the cardholder's data before sending it, so it is sent to Barion Payment Zrt. in encrypted form, so it cannot be interpreted by unauthorized persons.

20.1.7. The User can find out more about the data management implemented - among others about its legal basis, purpose, exact scope of processed data, duration of data processing - by Barion Payment Zrt. at https://www.barion.com/hu/adatvedelmi-tajekoztato/ .

20.2. Transmission of data relating to coupons

20.2.1. The scope of those affected by the data transfer: Users who redeem a coupon code on the website.

20.2.2. Recipient of the data transfer: The partner of the Data Manager who has given the User a coupon.

20.2.3. Legal basis for the transmission of data: the legitimate interest of the Recipient under Article 6 (1) (f) GDPR.

The Recipient has a legitimate interest in being able to measure the effectiveness of its promotional activities. A separate documentation was prepared on the balance of interests, the availability of which can be inquired at the Data Manager.

20.2.4. The scope of the data transmitted: the name and e-mail address of the user who redeemed the coupon.

20.2.5. The purpose of the data transfer: authentic, verifiable feedback of the redemption of the coupon to the Partner providing the coupon.

20.3. The Data Manager does not transfer data to third parties for business or marketing purposes.

20.4. Except in the above case, the Data Manager shall only transmit data to authorities in the event of a legal obligation.

21. Use of a data processor

The Data Manager uses the following business organizations as data processors.

21.1. Hosting service provider

21.1.1. Scope of persons affected by the data processing: Users visiting the website regardless of their use of the Services provided by the Site.

21.1.2. The Data Manager as a data processor uses

GEDEON Nyomdaipari és Szolgáltató Betéti Társaság
GEDEON Printing and Service Limited Liability Company
Abbreviated name: GEDEON Printing Company Bt.
Company registration number: 13-06-038121
Tax number: 29071522-2-13
Headquarters: 2600 Vác, Zrínyi Street 9.
Postal address: 2600 Vác, Zrínyi utca 9.
Phone: +36 27 501 655
E-mail: [email protected]
Website: https://gedeon.hu/

and

Google Ireland Ltd.
Company Registration Number: 11603307
Tax Number: IE 6388047V
Registered Office: Gordon House, Barrow Street, Dublin 4, Ireland
Mailing Address: Gordon House, Barrow Street, Dublin 4, Ireland
Phone: +353 1 436 1000
Website: https://www.google.ie

as a web hosting provider (hereinafter: Data Processor).

21.1.3. Scope of data affected by data processing: data processing potentially affects all data indicated in this prospectus, the functions and services used by the User determine the specific data scope, according to the above chapters on individual data management.

21.1.4. The purpose of using a data processor is to ensure the operation of the website in the information technology sense, by using the necessary electronic storage space.

21.1.5. Duration of data processing: equal to the data management periods indicated in this prospectus for data management purposes regulated according to the data management purposes affecting certain data subjects.

21.1.6. The nature of the data processing: it is done electronically, the processing of the data means only the provision of the storage space necessary for the operation of the website in the IT sense.

21.2. Data management relating to the provision of electronic mail software and hosting

21.2.1. Scope of persons affected by the data processing: the Users indicated in this prospectus, with whom the Data Manager communicates by electronic mail.

21.2.2. The Data Manager as a data processor uses

SendGrid, Inc.
Headquarters: 1801 California Street, Suite 500, Denver, Colorado 80202 USA
Postal address: 1801 California Street, Suite 500, Denver, Colorado 80202 USA
E-mail address: [email protected]
Website: https://sendgrid.com

as a developer of software for electronic mail and as a hosting provider (hereinafter: Data Processor).

21.2.3. The scope of the data involved in the data processing: firstly the name and e-mail address of the data subject, and secondly the additional data sent by the User by e-mail.

21.2.4. The purpose of using the data processor: ensuring the functioning of electronic mail.

21.2.5. Duration of data processing: until the deletion of e-mails. The Data Management deletes the messages when the exchange of messages during electronic mail is completed.

If a contract is concluded following the exchange of messages and the content of the messages is relevant to the contract, the Data Manager shall process the data processed for the fulfillment of the order for the time necessary to fulfill the document retention obligation arising from the Accounting Act. According to the Accounting Act, this period is at least 8 years from the issuance of the invoice, after which the data will be deleted by the Data Manager within one year.

The Data Manager shall process any additional data processed in connection with the contract, which do not fall within the definition of the accounting document (eg messages from the User and the Data Manager with relevant content related to the order), until the expiry of the limitation period of the claims arising from the contractual relationship, which is normally 5 years from the due date. Interruption of the limitation period extends the period of data processing until the new date on which the limitation period occurs.

During the retention periods, the messages are stored in the software environment provided by the Data Processor, so the data processing takes place during this time.

21.2.6. The nature of data processing: it takes place electronically, in an electronic system provided by the Data Processor.

21.3. Data processing related to the use of a request management system

21.3.1. The scope of persons affected by data processing: Users specified in this information who contact the Data Controller via electronic correspondence.

21.3.2. The Data Controller uses the

Freshworks GmbH
Headquarters: Neue Grünstraße 17, 10179 Berlin, Germany
Postal address: Neue Grünstraße 17, 10179 Berlin, Germany
Email address: [email protected]
Website: https://www.freshworks.com

economic company as the developer of the request management system (hereinafter: Data Processor).

21.3.3. The scope of data affected by data processing: primarily the name and email address of the data subject, and secondarily any additional data sent by the User in an electronic mail.

21.3.4. The purpose of engaging the Data Processor: ensuring the operation of the electronic request management system. With the request management system, the Data Controller can more effectively organize and categorize incoming requests and direct them to the appropriate place within the organization.

21.3.5. The duration of data processing: By default, the Data Controller deletes messages after the conclusion of the electronic correspondence.

If a contract is concluded as a result of the message exchange, and the content of the messages is essential for the contract, in that case, the Data Controller manages the data related to the order fulfillment for the time necessary to fulfill the document retention obligation arising from the accounting law. According to the accounting law, this time is at least 8 years from the date of invoice issuance, after which the data will be deleted by the Data Controller within one year.

Any additional data managed in connection with the contract that does not fall under the concept of accounting documents (e.g., essential content messages between the User and Data Controller related to the order) will be processed by the Data Controller for the limitation period of claims arising from the contractual relationship, which is in the basic case 5 years from the date the claim becomes due. The interruption of the limitation period extends the duration of data processing until the new date of the limitation occurrence.

During the retention periods, messages are stored in the software environment provided by the Data Processor, so data processing is in effect during this time.

21.3.6. The nature of data processing: it takes place electronically, in an electronic system provided by the Data Processor.

21.4. Appointment booking system-related data processing

21.4.1. The scope of data subjects affected by data processing: Users specified in this notice who book consultation appointments using the appointment booking menu on the Data Controller's website or by using the link sent to them via email.

21.4.2. The Data Controller engages the following as a Data Processor:

Calendly LLC
Headquarters: 115 E Main St., Ste A1B, Buford, GA 30518, USA
Mailing address: 115 E Main St., Ste A1B, Buford, GA 30518, USA
Email address: [email protected]
Website: https://calendly.com

as the developer of the appointment booking system (hereinafter: Data Processor).

21.4.3. Scope of data affected by data processing:

The User:
  • name,
  • email address,
  • phone number,
  • selected topic of the consultation,
  • appointment time for the consultation,
  • additional text message (optional),
  • selected mode of consultation (phone or online meeting platform).

21.4.4. Purpose of using the data processor: to ensure the operation of the electronic appointment scheduling system.

21.4.5. Duration of data processing: the Data Controller deletes the data from the system after the scheduled consultation has taken place.

21.4.6. Nature of data processing: it is carried out electronically in the system provided by the Data Processor.

21.5. Data processing related to the platform used for online consultation.

21.5.1. Scope of individuals affected by data processing: those Users specified in this notice who participate in the Data Controller's online consultation.

21.5.2. The Data Controller uses the Google Meet online video conferencing software provider as a data processor:

Google Ireland Ltd.
Company Registration Number: 11603307
Tax Number: IE 6388047V
Registered Office: Gordon House, Barrow Street, Dublin 4, Ireland
Mailing Address: Gordon House, Barrow Street, Dublin 4, Ireland
Phone: +353 1 436 1000
Website: https://www.google.ie

business company (hereinafter: Data Processor).

21.5.3. The purpose of using the data processor: to provide the software and storage space used by the Data Controller to establish an online audio and video connection.

21.5.4. Scope of data affected by data processing:

The User:
  • name,
  • e-mail address,
  • phone number,
  • date and duration of the consultation,
  • content of the consultation,
  • during the consultation, the User's voice and the information they provide, as well as any conclusions that can be drawn from them,
  • in the case of video consultations, the User's image and their recognizable behavior during the live video transmission, as well as any conclusions that can be drawn from them.

21.5.5. The nature of data processing: it takes place electronically, and data processing involves only providing the necessary software and storage space for conducting online consultations.

21.6. Data processing related to the use of organizational communication system

21.6.1. The scope of those affected by data processing: Users specified in this information document who book consultation appointments and/or order the Data Controller's services.

21.6.2. The Data Controller uses the following company as a data processor:

Slack Technologies Limited
Headquarters: Salesforce Tower, 60 R801, North Dock, Dublin, Ireland
Mailing address: Salesforce Tower, 60 R801, North Dock, Dublin, Ireland
E-mail address: [email protected]
Website: https://app.slack.com

as the developer of the internal communication system (hereinafter: Data Processor).

21.6.3. The scope of data affected by data processing:

For Users related to consultation appointment booking:
  • name,
  • e-mail address,
  • phone number,
  • selected topic of the consultation,
  • appointment time for the consultation,
  • other text messages (not mandatory to fill in),
  • selected mode of consultation (phone or online meeting platform).
For Users related to service ordering:
  • name,
  • e-mail address,
  • phone number,
  • indication of the service package,

in case of subscription additionally:

  • billing address,
  • indication of the service package,
  • fee for the service package,
  • duration of the subscription,
  • payment method,
  • subscription date,
  • payment date, payment schedule,
  • in case of redeeming a coupon, the coupon code and the discount rate,

for the represented company:

  • name,
  • form,
  • headquarters,
  • postal address,
  • billing address,
  • tax number, VAT number.

21.6.4. The purpose of using the data processor: ensuring the operation of the electronic request management system. With the request management system, the Data Controller can more efficiently organize and structure the incoming requests and direct them to the appropriate place within the organization.

21.6.5. The duration of data processing: In the basic case, the Data Controller deletes the messages after the completion of the message exchange during electronic correspondence.

If a contract is concluded as a result of the message exchange, and the content of the messages is essential from the point of view of the contract, in that case, the Data Controller processes the data managed for the fulfillment of the order for the time necessary to fulfill the obligation to retain the documents arising from the accounting law. According to the accounting law, this time is at least 8 years from the date of invoicing, after which the Data Controller will delete the data within one year.

The possible additional data managed in connection with the contract - which do not fall under the concept of accounting documents (e.g., essential content messages related to the order between the User and the Data Controller) - are processed by the Data Controller until the expiration of the claims arising from the contractual legal relationship, which is 5 years from the due date of the claim in the basic case. The interruption of the limitation period extends the duration of data processing until the new date of the limitation period's occurrence.

During the retention periods, the messages are stored in the software environment provided by the Data Processor, so data processing is in effect during this time.

21.6.6. The nature of data processing: it takes place electronically, in the electronic system provided by the Data Processor.

21.7. Providing chat window service

21.7.1. Scope of persons affected by the data processing: Users identified in this prospectus who contact the Data Manager using the chat window embedded in the website.

21.7.2. The Data Manager as a data processor uses

Smartsupp.com, s.r.o.
Company registration number: C 86206
Tax number: CZ03668681
Headquarters: Šumavská 31, 602 00 Brno, Czechia
Postal address: Šumavská 31, building B, 602 00 Brno, Czechi
E-mail: [email protected]
Website: https://www.smartsupp.com/

a company,

and the

Intercom R&D Unlimited Company
Headquarters: 2nd Floor, Stephen Court, 18-21 St. Stephen's Green, Dublin 2, Republic of Ireland
Postal address: 2nd Floor, Stephen Court, 18-21 St. Stephen's Green, Dublin 2, Republic of Ireland
Email: [email protected]
Website: https://www.intercom.com/

as the provider of the chat window messaging application (hereinafter referred to as the Data Processor).

21.7.3. The scope of the data involved in the data processing: the content of the message sent by the User.

21.7.4. The purpose of using the data processor: providing the storage and software required to run the messaging application.

21.7.5. Duration of data management: it lasts until the message is answered or the User's request is met. The Data Manager deletes the data processed for this purpose 1 month after the reply to the message / fulfillment of the request. If the exchange of information takes place through several exchanges of messages on related topics, the Data Manager shall delete the data 1 month after the completion of the exchange of information or the fulfillment of the request.

If a contract is concluded as a result of the exchange of messages and the content of the messages is relevant to the contract, the Data Manager shall process the data processed for the fulfillment of the order for the time necessary to fulfill the document retention obligation arising from the Accounting Act. According to the Accounting Act, this period is at least 8 years from the issuance of the invoice, after which the data will be deleted by the Data Manager within one year.

Any additional data processed in connection with the contract - eg messages of the User and the Data Manager with relevant content related to the order - will be handled by the Data Manager until the expiry of the general limitation period applicable to civil law claims 5 years from the conclusion of the contract.

During the retention periods, the messages are stored in the software environment provided by the Data Processor, so the data processing takes place during this time.

21.7.6. Nature of data processing: data processing takes place electronically, providing electronic storage and messaging software.

21.8. Providing Facebook messenger service

21.8.1. Scope of persons affected by the data processing: Users who send a message using the Facebook messenger application after clicking on the "Facebook messenger" button under the "Who we are" menu item on the website.

21.8.2. The Data Manager uses

Meta Platforms Ireland Ltd.
Company registration number: 462932
Tax number: IE 9692928F
Headquarters: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Establishment: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Postal address: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Phone: +001 650 543 4800
Message: https://facebook.com/help/contact/540977946302970
Website: https://www.facebook.com/privacy/explanation

as a data processor as a provider of the Facebook messenger messaging application (hereinafter: Data Processor).

21.8.3. The scope of the data involved in the data processing: the User's name and any additional data sent by him/her in the chat message.

21.8.4. The purpose of using the data processor: to provide the storage space and software necessary for the operation of the messaging application.

21.8.5. Duration of data management: it lasts until the message is answered or the User's request is met. The Data Manager deletes the data processed for this purpose 1 month after the reply to the message / fulfillment of the request. If the exchange of information takes place through several exchanges of messages on related topics, the Data Manager shall delete the data 1 month after the completion of the exchange of information or the fulfillment of the request..

If a contract is concluded as a result of the exchange of messages and the content of the messages is relevant to the contract, the Data Manager shall process the data processed for the fulfillment of the order for the time necessary to fulfill the document retention obligation arising from the Accounting Act. According to the Accounting Act, this period is at least 8 years from the issuance of the invoice, after which the data will be deleted by the Data Manager within one year.

Any additional data processed in connection with the contract - eg messages of the User and the Data Manager with relevant content related to the order - will be handled by the Data Manager until the expiry of the general limitation period applicable to civil law claims 5 years from the conclusion of the contract.

During the retention periods, the messages are stored in the software environment provided by the Data Processor, so the data processing takes place during this time.

21.8.6. Nature of data processing: data processing takes place electronically, providing electronic storage and messaging software.

21.9. Data processing related to the sending of newsletters

21.9.1. Scope of persons affected by the data processing: Users who subscribe to the newsletter on the website, regardless of the use of other services provided by the website.

21.9.2. The Data Manager uses

Mailgun Technologies, Inc
Headquarters: 112 E Pecan St., 1135, San Antonio, TX 78205, USA
Postal address: 112 E Pecan St., 1135, San Antonio, TX 78205, USA
Phone: +1 210 796 9998
Website: https://www.mailgun.com/

as a developer and maintainer of the newsletter sending software used by the Data Manager (hereinafter: Data Processor)

21.9.3. The scope of the data involved in the data processing: the data processing affects the first name and e-mail address of the User subscribing to the newsletter.

21.9.4. The purpose of using the data processor: is to ensure the operation of the software used by the Data Manager for the sending of newsletters in the sense of information technology, by means of data management in the technical operations necessary for the secure operation of the software.

21.9.5. Duration of data processing: Until the User's consent to send a newsletter is revoked (unsubscribed) or the data is deleted at the User's request.

21.9.6. Nature of data processing: the processing of the data means only the technical operations necessary for the operation of the software sending the newsletter in the IT sense.

21.10. Data management related to sending an SMS message related to an authentication service

21.10.1. Scope of persons affected by the data processing: Users using the service available on the website.

21.10.2. The Data Manager uses

LINK Mobility Hungary Korlátolt Felelősségű Társaság (SeeMe)
LINK Mobility Hungary Limited Liability Company (SeeMe)
Abbreviated name: LINK Mobility Hungary Ltd.
Company registration number: 01-09-694287
Tax number: 12598582-2-42
Headquarters: 1062 Budapest, 68 Andrássy Street. C. intact. 1. em. 1.
Postal address: 1062 Budapest, Andrássy út 68. C. intact. 1. em. 1.
Phone: +36 70 245 3625
E-mail: [email protected]
Website: https://seeme.hu/

and

Celerity Europe AG (BulkSMS)
Abbreviated name: Celerity Europe AG
Company registration number: CH-170.3.028.311-6br> Headquarters: Bahnhofstrasse 21, 6300, Zug, Switzerland
Postal address: P.O. Box 1263, Milnerton, 7435, South Africa.
Phone: +27 (0) 21 528 3420
E-mail: [email protected]
Website: https://www.bulksms.com/

as the Service Provider sending an SMS message related to the authentication service used by the Data Manager (hereinafter data processor).

21.10.3. The scope of the data involved in the data processing: the data processing affects the User's telephone number and the information contained in and relating to the sent message.

21.10.4. The purpose of using the data processor: the performance of the contract is conditional on the contractor's self-certification.

21.10.5. Duration of data processing: 12 months from the date of sending the SMS.

21.10.6. Nature of data processing: In the IT system of the Data Manager, in a separate data file.

21.11. Data processing related to the production of invoices

21.11.1. Scope of persons affected by the data processing: Users who place an order on the Website, regardless of the use of other services provided by the Website.

21.11.2. The Data Manager uses

KBOSS.hu Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság
KBOSS.hu Commercial and Service Limited Liability Company
Abbreviated name: KBOSS.hu Ltd.
Company registration number: 01-09-303201
Tax number: 13421739-2-41
Headquarters: 1031 Budapest, Záhony Street 7.
Postal address: 1031 Budapest, Záhony street 7.
Phone: +36 30 3544 789
E-mail: [email protected]
Website: https://www.szamlazz.hu/

and

SBA Group Zrt. (Cashbook)
Abbreviated name: KBOSS.hu Ltd.
Company registration number: 01-10-141041
Tax number: 25566552-2-42
Headquarters: 1108 Budapest, Bányató utca 13.
Postal address: 1108 Budapest, Bányató utca 13.
Phone: +36 1 998 85 06
E-mail: [email protected], valamint: [email protected]
Website: https://cashbook.hu

as a developer and maintainer of the billing software used by the Data Manager (hereinafter: Data Processor).

21.11.3. The scope of the data involved in the data processing: the data processing concerns the name and address of the User placing the order, as well as the indication of the ordered service(s), the date of purchase and the purchase price, as well as the receipts containing any other fees.

21.11.4. The purpose of using the data processor: ensuring the operation of the software used by the Data Manager for issuing invoices in the information technology sense, by means of data management in the technical operations necessary for the secure operation of the software.

21.11.5. Duration of data processing: lasts for the period necessary for the fulfillment of the document retention obligation arising from the Accounting Act - 8 years from the issuance of the invoice.

21.11.6. Nature of data processing: the processing of data means only the provision of the software used for issuing the invoice, the technical operations necessary for its operation in the IT sense.

21.12. Data processing related to accounting services

21.12.1. Scope of persons affected by the data processing: Users who place an order.

21.12.2. The Data Manager uses

Fin-S Könyvelőiroda Korlátolt Felelősségű Társaság Fin-S Accounting Office Limited Liability Company Company registration number: 13-09-134900 Tax number: 13999395-2-13 Headquarters: 2142 Nagytarcsa, Vadrózsa utca 11. Postal address: 2142 Nagytarcsa, Vadrózsa utca 11. Phone: +36 30 481 6871 E-mail: [email protected] Website: http://fins.hu/index.html

as the accountant of the Data Manager’s economic activity (hereinafter: Data Processor).

21.12.3. The scope of the data involved in the data processing: the data processing affects the scope of the data processed on the accounting documents, primarily the name and address of the Subscriber User, as well as the indication of the ordered service(s), the date of purchase, the purchase price and any other fees.

21.12.4. The purpose of using the data processor: fulfillment of the accounting obligations prescribed by law for the economic activity performed by the Data Manager by using the above Data Processing Service.

21.12.5. Duration of data processing: it lasts for at most the time necessary to fulfill the obligation to keep the documents arising from the Accounting Act, until the cancellation in the year following the 8th year after the issuance of the document..

21.12.6. Nature of data processing: the processing of data means only the operations necessary for the fulfillment and control of the accounting obligations, which are performed by the data processor by handling paper data carriers and digital data processed in software.

21.13. Data processing is not carried out for any other purpose.

21.14. The Data Manager does not use any data processor other than the Data Processors indicated above and in the "Information on the Application of Cookies" document.

21.15. Data processing related to processes supporting Sales and Customer Success tasks

21.15.1. Scope of those affected by data processing: Users identified in this guide who interact with the application during marketing or sales processes.

21.15.2. Data Controller employs the

ActiveCampaign - ActiveCampaign, LLC
Headquarters: 1 North Dearborn Street, 5th floor, Chicago, IL 60602
Mailing address: 1 North Dearborn Street, 5th floor, Chicago, IL 60602
Email: Open
Website: https://activecampaign.com

economic company, as the marketing and sales process automation system used by the Data Controller (hereinafter: Data Processor).

21.15.3. Scope of data affected by processing:

In connection with the service order or inquiry, the User:
  • name,
  • email address,
  • telephone number,
  • designation of the service package,

in case of subscription also:

  • billing address,
  • designation of the service package,
  • price of the service package,
  • duration of subscription,
  • payment method,
  • subscription date,
  • payment date, payment scheduling,
  • in case of coupon redemption, the coupon code and the amount of discount,

the represented company:

  • name,
  • form,
  • headquarters,
  • mailing address,
  • billing address,
  • tax number, community tax number.

21.15.4. Purpose of employing the Data Processor: ensuring the operation of the electronic request management system. With the request management system, the Data Controller can more efficiently organize and categorize incoming requests, directing them to the appropriate place within the organization.

21.15.5. Duration of data processing: In basic cases, it ceases with the end of user activity or deletion of the profile.

If a contract is concluded as a result of the message exchange, and the content of the messages is significant from the point of view of the contract, in that case, the Data Controller processes the data related to the order execution for the period necessary to fulfill the obligation to retain documents arising from the accounting law. This time is at least 8 years from the issuance of the invoice, after which the Data Controller deletes the data within one year.

Any additional data handled in connection with the contract – which do not fall under the concept of accounting documents (e.g., significant messages related to the order between the User and Data Controller) – are handled by the Data Controller until the expiration of claims arising from the contractual relationship, which is 5 years from the date of claim maturity in basic cases. Interruption of the statute of limitations extends the duration of data processing until the new date of the expiration.

During the retention periods, the messages are stored in the software environment provided by the Data Processor, so data processing is maintained during this time.

21.15.6. Nature of data processing: it is carried out electronically, in the electronic system provided by the Data Processor.

21.16. Data processing related to processes supporting Sales and Customer Success tasks

21.16.1. Scope of data affected by processing: Users identified in this guide who interact with the application during marketing or sales processes.

21.16.2. Data Controller employs the

Training Hungary Ltd.
Headquarters: 1092 Budapest, Ferenc körút 32. 2. em. 2.
Mailing address: 1092 Budapest, Ferenc körút 32. 2. em. 2.
Email: [email protected]
Telephone number: +36 20 266 3546
Website: https://traininghungary.com

economic company, as the marketing and sales process automation system used by the Data Controller (hereinafter: Data Processor).

21.16.3. Scope of data affected by processing:

In connection with the service order or inquiry, the User:
  • name,
  • email address,
  • telephone number,
  • designation of the service package,

in case of subscription also:

  • billing address,
  • designation of the service package,
  • price of the service package,
  • duration of subscription,
  • payment method,
  • subscription date,
  • payment date, payment scheduling,
  • in case of coupon redemption, the coupon code and the amount of discount,

the represented company:

  • name,
  • form,
  • headquarters,
  • mailing address,
  • billing address,
  • tax number, community tax number.

21.16.4. Purpose of using the data processor: to inform interested parties about the Service Provider's service and the package offers included in it.

21.16.5. Duration of data processing: by default, it will be terminated at the end of the user activity or profile deletion.

21.16.6. Processing of data related to processes supporting Sales and Customer success tasks.

21.16.7. Processing of data for no other purposes.

21.17. Data Management Related to Google API Applications

21.17.1. Scope of data processed: Users who consent to the system accessing and managing their data via Google APIs.

21.17.2. The data controller uses the following as a data processor:

Google Ireland Ltd.
Registration Number: 11603307
Tax Number: IE 6388047V
Headquarters: Gordon House, Barrow Street, Dublin 4, Ireland
Mailing Address: Gordon House, Barrow Street, Dublin 4, Ireland
Phone: +353 1 436 1000
Website: https://www.google.ie

The legal basis for data processing: Voluntary consent under Article 6(1)(a) of the GDPR, collected at the time of logging into the application, via the OAuth consent screen.

21.17.3. Scope of data processed:

The data shared by users during the use of Google APIs, including, but not limited to, the following:

Data of contracting parties:

  • name,
  • email address,
  • phone number,
  • documents (their contracts),
  • events and calendar entries

their represented companies:

  • name,
  • form,
  • headquarters

21.17.4. Purpose of using the data processor: Integration and usage of Google services chosen by users to support the services provided by the Contracting System, including synchronization, processing, and display of data within the application.

21.17.5. Duration of data processing: Data is managed and stored only as long as necessary for the services used by the user, or until the user withdraws their consent.

21.17.6. Nature of data processing: Conducted electronically in the electronic systems provided by the Data Processor.

21.17.7. Integrated applications: People API (Google Contacts), Google Drive button

22. Automatic decision-making and profiling

In the provision of the service, the manager does not process the personal data it processes for the purpose of automatic decision-making and profiling. During the operation of the website, automations help to provide the service, but they are not intended to analyze the data and make the decisions arising from it.

23. The range of other persons who have access to the data

23.1. In order to provide the service, the Data Manager handles the personal data that are technically necessary for the provision of the service.

23.2. You can review the process of concluding a contract using the service here step by step: https://www.eszerzodes.hu/szerzodesi-folyamat-lepesei

23.3. Acceptance of all contractual intentions ("Acceptance") involves the sharing of personal information required for the contract, which may be read by the Parties in the contract. There is no public profiling in your Data Management System. The user's profile cannot be searched on the Internet, it will not be visible to other registered users of Eszerződés.hu until the start of the contract negotiation. Thereafter, the Contracting Parties shall know and process each other's personal data at their discretion.

23.4. The data managed in the databases of the Data Manager may be seen and managed by its employees during the assistance to the User, these data and business secrets shall not be misused and shall be handled only and exclusively within the limits necessary for the performance of the service. They will not provide information to third parties unless required to do so by law. All employees are bound by a written confidentiality obligation.

24. Data protection, data security, technical and organizational measures

24.1. Within the scope of its data management and data processing activities, the Data Manager shall ensure the security of the data, ensure the enforcement of the legislation and other data and confidentiality rules by means of technical and organizational measures and internal procedural rules. It shall protect, in particular, the data processed against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction and damage, and against inaccessibility resulting from changes in the technology used.

24.2. From the very beginning, the data management IT system records the data on which the traffic is measured and the habits of the use of the website are mapped in such a way that it cannot be directly linked to any person.

24.3. The data will only be processed to the extent necessary and proportionate to achieve the legitimate purpose set out in this prospectus, in accordance with the relevant legislation and recommendations, with appropriate security measures.

24.4. To this end, the Data Manager uses the http protocol with an “https” schema to access the website, which can be used to encrypt and uniquely identify web communications. In addition, as described above, the Data Manager stores the processed data in data management lists recorded in the form of encrypted data files, separated by data processing purpose, to which the Data Manager has specific - performing tasks related to the activities indicated in this prospectus - employees whose job responsibilities are data protection and responsible management in accordance with this prospectus and applicable legislation.

24.5. The Data Manager shall plan and carry out data processing operations in such a way as to ensure the protection of the privacy of data subjects, to ensure the rights set out in this Regulation and to develop an appropriate level of technical protection in line with the requirements of the age. It ensures the security of the data, takes the technical and organizational measures and establishes the procedural rules necessary to enforce the legislation and the relevant directives. Specific measures:

24.6. Protection

The Data Manager shall protect the data with appropriate measures, in particular:
  • unauthorized access,
  • change,
  • transmission,
  • disclosure,
  • deletion or destruction,
  • accidental destruction and damage,
  • against becoming inaccessible due to a change in the technology used.

The Data Manager shall ensure, by means of an appropriate technical solution, that the data stored in the records cannot be directly linked and assigned to the data subject.

24.7. Authorization management

In order to prevent unauthorized access to, alteration and unauthorized disclosure or use of personal data, the Data Manager shall ensure:

  • the establishment and operation of the appropriate IT and technical environment;
  • the controlled selection and supervision of the employees involved in the provision of services;
  • the issue of detailed operational, risk management and service procedures.

Based on the above, the Data Manager ensures that the data it manages

  • be available to the holder,
  • its authenticity and authentication are ensured,
  • its invariability must be verifiable.

24.8. Protection of IT systems

It is protected by the IT system of the Data Manager and its hosting provider, including:

  • computer fraud,
  • espionage,
  • computer viruses,
  • spam,
  • against hackers and
  • against other attacks.

24.9. Security measures

The Data Manager shall take the following specific data security measures:

  • SSL encryption;
  • encrypting the database by a cryptographic process;
  • a unique database and system structure;
  • entry audit;
  • transparency of user activities;
  • logging
  • testing (ethical hack, vulnerability testing).

25.1. Right to information

25.1.1. The User can read about the data management at any time by reading this data management information. Oral information may be provided at the request of the User, provided that the User's identity has been otherwise verified. The User may request information during or after the data management. The information also covers all relevant details of data management as well as the way in which the User's rights are exercised. At the request of the User, the Data Manager shall also inform the User of the measures taken on the basis of the User's requests - or of the reasons for their failure - by indicating the forums available for submitting the complaint.

25.1.2. The provision of information is free of charge. If the User's request is clearly unfounded or, in particular due to its repetitive nature, excessive, the Data Manager, taking into account the administrative costs involved in providing the requested data or information or taking the requested action:

a) charge a reasonable fee, or b) may refuse to act on the application.

25.1.3. The Data Manager shall provide the information as soon as possible after the submission of the request (without undue delay), but no later than within one month.

25.2. Right of access

25.2.1. The User has the right to access the data processed about him. In the event of such a request, the Data Manager shall inform him/her whether data processing is in progress with regard to the User's personal data and of all relevant circumstances related to the specific data processing.

25.2.2. Pursuant to the right of access, the User may request a copy of the personal data managed by the Data Manager, which the Data Manager shall provide to him / her free of charge for the first time. For additional copies, the Data Manager may charge a reasonable fee based on administrative costs.

25.2.3. The copy shall be provided by the Data Manager in a widely used electronic format, unless otherwise requested by the User.

25.2.4. The Data Manager shall provide access as soon as possible (without undue delay) from the submission of the request, but no later than within one month.

25.3. Right of correction

25.3.1. The User has the right to have inaccurate personal data concerning him / her corrected by the Data Manager at his / her request without undue delay.

25.3.2. Taking into account the purpose of data management, the User is entitled to request the completion of incomplete personal data, inter alia by means of an additional statement.

25.3.3. At the request of the User, the Data Manager shall, without undue delay, correct or, in justified cases, supplement inaccurate personal data concerning him / her.

25.4. Right of cancellation/deletion

25.4.1. The User has the right to delete the personal data concerning him / her without undue delay upon his / her request, and the Data Manager is obliged to delete the personal data concerning the User without undue delay if one of the following reasons exists:

a) personal data are no longer required for the purpose for which they were collected or otherwise processed;
b) the User withdraws his / her consent, which is the basis of the data management, and the data management has no other legal basis (of the data processing, which is the subject of this information, only applies to the data processing presented in the following chapters:
3. Data management related to ensuring the operation of an information technology service;
4. Data management related to receiving and replying to e-mail;
5. Data management related to the use of a chat window;
6. Data management related to contacting via Facebook messenger;
7. Data management related to sending newsletters;
c) the User objects to the data processing and there is no priority legal reason for the data processing (out of the data processing that is the subject of this prospectus, it only applies to the data processing presented on the basis of a legitimate interest, presented in the following chapters:
3. Data management related to ensuring the operation of an information technology service;
10. Data management related to the use of the service in the case of a natural person acting on behalf of a client organization;
15. Data management related to user evaluation;
18. Data transmission;
d) personal data have been processed unlawfully;
e) personal data must be deleted in order to fulfill a legal obligation under European Union or Member State law applicable to the manager.

25.4.2. The Data Manager is not obliged to delete the data necessary for the submission, enforcement or protection of legal claims, even if the User so requests, nor those necessary for the protection of the vital interests of the User or other natural persons or for the fulfillment of the obligation under EU or Member State law applicable to the Data Manager. By default, however, after the retention period, the Data Manager deletes the data without a request.

25.5. Right to restrict data management

25.5.1. At the request of the User, the Data Manager restricts data processing if one of the following is met:

a) the User disputes the accuracy of the personal data, in which case the restriction applies to the period of time that allows the Data Manager to verify the accuracy of the personal data;
b) the data processing is illegal and the User objects to the deletion of the data and instead requests a restriction on their use;
c) the Data Manager no longer needs the personal data for the purpose of data processing, but the User requests them in order to submit, enforce or protect legal claims;
d) the User has objected to the data processing; in this case, the restriction applies for the period until it is determined whether the legitimate interests of the Data Manager take precedence over the legitimate interests of the User (of the data processing operations covered by this prospectus, only applies to data processing operations carried out on the basis of a legitimate interest, as described in the following sections:

3. Data management related to ensuring the operation of an information technology service;

10. Data management related to the use of the service in the case of a natural person acting on behalf of a client organization;

15. Data management related to user evaluation;

18. Data transmission.

25.5.2. If the processing is subject to restrictions, such personal data shall only be processed by the Data Manager with the consent of the User or for the purpose of submitting, enforcing or protecting legal claims or protecting the rights of another natural or legal person or in the important public interest of the European Union or a Member State.

25.5.3. The Data Manager shall inform the User, who has disputed the accuracy of the personal data and the data processing has been restricted on this basis, in advance of the lifting of the data processing restriction.

25.6. Obligation to notify in connection with the rectification or erasure of personal data or restrictions on data processing

The Data Manager shall notify the User of the rectification, restriction and deletion, as well as all recipients to whom the data has previously been transmitted. Notification may be omitted if it proves impossible or requires a disproportionate effort. Upon request, the Data Manager will inform the User about these recipients.

25.7. Right to data portability

25.7.1. The User is entitled to receive the personal data concerning him/her made available to the Data Manager in a structured, widely used, machine-readable format, in addition, he/she shall have the right to transfer such data to another Data Manager, without prejudice to the Data Manager to whom the personal data have been made available, if:

a) the data management is based on the User's consent or the contract concluded with him/her; and b) data management is automated.

25.7.2. Of the data processing subjects covered by this prospectus, the data processing operations described in the following sections meet the above conditions, so the right to data portability can be exercised in respect of them:

a) performed on the basis of consent:

3. Data management related to ensuring the operation of an information technology service;

4. Data management related to receiving and replying to e-mail;

5. Data management related to the use of a chat window;

6. Data management related to contacting via Facebook messenger;

7. Data management related to sending newsletters;

b) performed on the basis of the contract concluded with the User or the need to take the preceding steps at the request of the User:

Chapters 8-9 on data management related to the use of the service;

13. Data management related to sending an SMS message related to an authentication service

25.7.3. In exercising the right to data portability as described above, the User is entitled to request - if this is technically feasible - the direct transfer of personal data between Data Managers.

25.8. The right to protest

25.8.1. The user may at any time object to the processing of his personal data on the basis of a legitimate interest for reasons related to his/her own situation.

25.8.2. In this case, the Data Manager may only further process the personal data if it proves that the data processing is justified by compelling legitimate reasons which take precedence over the interests, rights and freedoms of the User or which are related to the submission, enforcement or protection of legal claims.

25.8.3. From the data management subject of this information, the User may exercise the right to protest against the data management presented in the following chapters on data processing with a legal basis of legitimate interest:

3. Data management related to ensuring the operation of an information technology service;

10. Data management related to the use of the service in the case of a natural person acting on behalf of a client organization;

15. Data management related to user evaluation;

18. Data transmission.

26. Fulfillment of user requests

26.1. The information and measures provided for in Chapter 23 shall be provided free of charge by the Data Manager. If the request of the User concerned is clearly unfounded or, in particular due to its repetitive nature, excessive, the Data Manager, taking into account the administrative costs of providing the requested information or information or taking the requested action:

(a) charge a reasonable fee, or (b) refuse to take action on the basis of the application.

26.2. The Data Manager shall, without undue delay, but no later than within one month of receipt of the request, inform the User of the action taken on the request, including the issuance of copies of the data. If necessary, taking into account the complexity of the application and the number of applications, this period may be extended by a further two months. The Data Manager shall inform the User about the extension of the deadline within one month from the receipt of the request, indicating the reasons for the delay. If the relevant User has submitted his / her request electronically, the information shall be provided electronically by the Data Manager, unless the User concerned requests otherwise.

26.3. If the Data Manager fails to take action at the request of the User concerned, it shall inform the data subject without delay, but no later than within one month from the receipt of the request, of the reasons for the failure to take action and that the User concerned may lodge a complaint with the supervisory authority indicated in point 25.2 and exercise his/her right of judicial appeal in accordance with the provisions of the same point.

26.4. The user may submit his/her requests to the Data Manager in any way that allows the identification of his/her person. The identification of the User submitting the request is necessary because the Data Manager can only fulfill the requests to those authorized to do so. If the Data Manager has reasonable doubts about the identity of the natural person submitting the request, he / she may request the provision of additional information necessary to confirm the identity of the User concerned.

26.5. The user's requests can be sent by post to the address of the Data Manager: 2600 Vác, Deákvári fasor 35. fsz. 4., or by e-mail to [email protected]. A request sent by e-mail is considered authentic by the Data Manager only if it is sent from the e-mail address provided and registered by the User to the Data Manager, however, the use of another e-mail address does not constitute disregard of the request. In the case of e-mail, the date of receipt shall be the first working day following dispatch.

The Whistleblowingapp.com Data Processing Information /Supplement/

The legal basis for data processing is the fulfillment of legal obligations.

27.1 Scope of data subjects: According to Section 26, Subsection (1) of Act XXV of 2023, based on the internal whistleblower system

a) the whistleblower,

b) the person whose conduct or omission has given cause for the report, and

c) the person who may have substantial information regarding the contents of the report,

the personal data strictly necessary for investigating the report may only be handled for the purpose of examining the report and remedying or terminating the conduct that is the subject of the report, and may be transferred to the whistleblower protection attorney or an external organization involved in the investigation.

27.2 Determination of the scope of managed data. The basic personal data of the whistleblower, those affected by the whistleblower, and those who have information about the whistleblower:

  • name,
  • e-mail address,
  • telephone number,
  • residential address,
  • relationship with the organization,
  • IP address,
  • device data,

27.3 The purpose of data processing is identification, communication, and determining whether the whistleblower is authorized to make a lawful report. Furthermore, the handling and investigation of the report and initiating measures to remedy or terminate the conduct subject to the report.

27.4. Scope of data subjects: natural persons (consumers) Users who subscribe on the website or register for a free service package.

27.5 Additional persons who may become aware of the data: [According to Section 27, Subsection (1) of Act XXV of 2023] the impartial employee designated by the Data Controller to operate the complaint reporting system, the impartial organizational unit designated to operate the complaint reporting system. The persons investigating the report may share information on the content of the report and the person involved in the report with other organizational units or colleagues of the employer to the extent strictly necessary for conducting the investigation, until the conclusion of the investigation or until formal accountability measures are initiated as a result of the investigation.

27.6. Duration of data processing: The Data Controller stores accounting documents for the duration necessary to fulfill the document retention obligation under the accounting law. According to the accounting law, this period is at least 8 years from the issuance of the document, after which the Data Controller will delete the data within one year. This includes data appearing on invoices and in the report, and in some cases, additional data appearing in orders and confirmations as part of the contractual and report-related documentation. The Data Controller handles complaints and other resulting contracts until the general limitation period defined in the Civil Code after the fulfillment of the contract.

27.7 The personal data of the whistleblower may only be transferred to the authority competent to conduct the procedure initiated based on the report, if such authority is legally entitled to handle it, or if the whistleblower has consented to the transfer of their data. The personal data of the whistleblower cannot be made public without their consent. The latter provisions do not apply to malicious reporting. In case of a malicious report, Section 26, Subsection (3) of Act XXV of 2023, applicable under Section 6, Subsection (4).

28.1. Any complaints about the processing of the data of the data subjects may be addressed to the Data Manager in particular at the following contact details:

Wiredsign Zrt. E-mail address: [email protected]
Postal address: 2600 Vác, Deákvári tree line 35. 4.
Data Protection Officer: Dr. Balázs CSEREPKA
Postal address: 2643 Diósjenő, Dózsa György út 28/b.
E-mail address: [email protected]

28.2. Data subjects can exercise their rights in court and apply to the National Authority for Data Protection and Freedom of Information:

National Authority for Data Protection and Freedom of Information
Address: 1055 Budapest, Falk Miksa street 9-11.
Postal address: 1363 Budapest, Pf. 9.
Phone: +36 1 391 1400
Fax: +36 1 391 1410
E-mail: [email protected]
Web: http://www.naih.hu/

In the event of a choice of court, the lawsuit may also be instituted before the court of the place of residence or stay of the person concerned - according to the choice of the User concerned - , as the lawsuit falls within the jurisdiction of the court.

28.3. Compensation and damages

If the Data Manager causes damage to another by unlawfully processing the data of the data subject or violating the requirements of data security, he / she is obliged to compensate it.

If the Data Manager violates the data subject's right to privacy by unlawfully processing the data subject's data or violating the data security requirements, the data subject affected may claim damages from the Data Manager.

Contrary to the data subject, the Data Manager is liable for the damage caused by the data processor and the Data Manager is also obliged to pay the data subject in the event of a personal injury violation caused by the data processor. The Data Manager shall be released from liability for the damage caused and the obligation to pay damages if it proves that the damage or the violation of the data subject's personal rights was caused by an unavoidable cause outside the scope of data processing.

There is no need to compensate for the damage and no damages can be claimed if the damage was caused by the intentional or grossly negligent conduct of the injured party or the infringement of the right of personality.

29. Closing remarks

Please note that this document contains a summary information, the main provisions relating to data processing, and and is intended to provide you with clear, transparent information about the processing of your personal data, its circumstances and your rights.

If you have any questions or comments regarding this privacy statement or the handling of personal data or the interpretation of the legislation or documentation provided, please feel free to contact our data protection officer.

2024. 09. 06.
Wiredsign Zrt.

Annex: Interpretation Guide (below)

What is data management?
An operation or set of operations performed on personal data or data files (eg collection, recording, storage, inspection, use, deletion, but even insight).

What qualifies as personal data?
Any information relating to an identified or identifiable natural person is considered to be personal data. This can be virtually any information that can be linked to and identifies the person, directly or indirectly (eg home address, mother's name, email address, security camera recording, etc.).

Who is the Data Manager and who is the data processor?
A Data Manager is a person (natural or legal) who defines the purposes and means of the processing of personal data (eg an employer). A data processor is one who processes personal data on behalf of the Data Manager (eg a payroll company).

What is the Legal basis of data management?
Personal data can be processed if (not limited to):

  • the data subject has consented to the processing of his or her personal data for one or more specific purposes [Article 6 (1) (a) of the GDPR]
  • data processing is necessary for the performance of a contract in which the data subject is one of the parties or it is necessary to take steps at the request of the data subject before concluding the contract [Article 6 (1) (b) of the GDPR]
  • data processing is necessary to fulfil the legal obligation of the manager [Article 6 (1) (c) of the GDPR]
  • the processing is necessary for the protection of the legitimate interests of the manager or of a third party, unless those interests take precedence over the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the subject concerned is a child [Article 6 (1) (f) of the GDPR]

Terms, abbreviations

  • data processing: performing technical tasks related to data management operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data
  • data processor: the natural or legal person or any other body which processes personal data on behalf of the manager
  • data management: any operation or set of operations on personal data or files, whether automated or not, such as collecting, recording, organizing, segmenting, storing, transforming or altering, retrieving, using, transmitting, distributing or otherwise making available, coordinating or linking, restricting, deleting or destroying
  • Data Manager: a natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data
  • Data transmission: making any data available to a specific third party
  • data erasure: making the data unrecognizable in such a way that it is not possible to recover it
  • data protection incident: breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise handled
  • pseudonymization: the processing of personal data in such a way that, without the use of additional information stored separately from the personal data, the data subject cannot be identified and that technical and organizational measures are taken to ensure that it cannot be linked to an identified or identifiable natural person
  • biometric data: personal data obtained by specific technical procedures relating to the physical, physiological or behavioral characteristics of a natural person, which allow or confirm the unique identification of the natural person, such as facial image or dactyloscopic data
  • addressee: the natural or legal person or organization without legal personality to whom personal data are made available by the manager or processor
  • EEA Country: a Member State of the European Union and another State party to the Agreement on the European Economic Area, and a State of which the State is a national of a State party to the Agreement on the European Economic Area by virtue of an international agreement concluded between the European Union and its Member States and a State not party to the Agreement on the European Economic Area;
  • GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46 (General Data Protection Regulation)
  • third party: a natural or legal person, public authority, agency or any other body other than the data subject, the manager, the processor or persons who have been authorized to process personal data under the direct control of the manager or processor
  • third country: any State which is not an EEA State
  • contribution: a voluntary, specific and well-informed statement of the will of the data subject indicating, by means of a statement or an act unequivocally expressing his or her consent, that he or she consents to the processing of personal data concerning him or her
  • joint Data Manager: a Data Manager who - within the framework set by law or a binding act of the European Union - defines the purposes and means of data processing jointly with one or more other Data Managers shall make and implement or execute decisions on data processing (including the means used) jointly with one or more other data managers
  • special data: personal data concerning racial origin, nationality, political opinion or party affiliation, religious or other beliefs, membership of an advocacy organization, sex life and personal data relating to health, pathological passion, as well as criminal personal data
  • disclosure: making data available to anyone
  • profiling: any form of processing of personal data in which personal data are assessed for the purpose of assessing or to predict certain personal characteristics relating to a natural person, in particular those relating to performance, economic status, state of health, personal preferences, interests, reliability, behavior, location or movement
  • personal data: any information relating to an identified or identifiable natural person ("Data Subject"); a natural person is idetifiable, who can be identified directly or indirectly, in particular by an identifier such as a name, number, location, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person
  • trade secret: facts, information, other data and compilations derived therefrom which are not readily available to any person unfamiliar with the economic activity or carrying out the economic activity in question, of which the acquisition, exploitation, disclosure to someone or disclosure to the public by unauthorized persons would harm or jeopardize the legitimate financial, economic or market interest of the rightholder, provided that the rightholder who lawfully possesses the secrecy is not liable