Wehereby inform you that Consortix Ltd. (official name: Consortix Informatikai Tanácsadó Korlátolt Felelősségű Társaság) uses the personal data of the natural person visitors (hereinafter referred as Data Subjects) as a Data Controller (hereinafter: Data Controller) in the course of operating its informative home page i.e. https://www.consortix.com/ (hereinafter: Webpage). Pursuant to the Articles 13 and 14 of the Regulation (EU) 2016/679 of European Parliament and of the Council of 27 April 2016 (hereinafter referred as GDPR), regarding the processing of personal data of the Data Subjects, Data Controller provides the following information.
Name: Consortix Informatikai Tanácsadó Korlátolt Felelősségű Társaság (hereinafter: Data Controller)
Registered seat: 1036 Budapest, Lajos street 74-76.
Name: Consortix Informatikai Tanácsadó Korlátolt Felelősségű Társaság (henceforth as “Data Controller”)
Registered Office: 1036 Budapest, Lajos utca 74-76.
Name:
Tamás Sváb
E-mail: info.hungary@consortix.com
Phone number: +36 1 231 2288
The appointment of a Data Protection Officer is not mandatory for the Data Controller under the GDPR. The Data Protection Officer has not been appointed by the Data Controller, but can be contacted on the following contact details for data protection issues:
Name: Tamara Kiss
Contact: dataprivacy@consortix.com
By sending an e-mail to info.hungary@consortix.com or using the messaging function under the Book a Consultation / Get in touch menu of the Webpage, Data Subjects can directly contact the Data Controller.
Those natural persons who contact the Data Controller by email or by the messaging function of the Webpage.:
| The scope of data processed | The purpose of data processing | The legal basis of processing |
|---|---|---|
| name, e-mail address, phone number, subject and any other data provided by the Data Subject in the message field | Contacting between the Data Controller and the Data Subjects, responding to any requests and questions | The Data Controller processes these data of the Data Subject pursuant to Article 6(1)(a) of GDPR (your given consent). The consent is provided by sending the e-mail or ticking the checkbox before sending the message on the Webpage |
Relevant colleagues of the organization of Data Controller, in particular sales and marketing colleagues (or in case the message is related to an event organized by the Data Controller, the coordinator of the event) may have access to the above mentioned personal data voluntarily provided through the incoming message.
Data Controller doesn’t transfer the provided personal data of the Data Subjects.
| Name and contact details of the data processor used | Name and contact details of the data processor used |
|---|---|
| Microsoft CorporationDept. 551, Volume Licensing 6100 Neil Road, Suite 210 Reno, Nevada 89511-1137 USA | Provision and operation of the Office 365 (mailing system) cloud and hosting service |
| monday.com Ltd. 6 Yitzhak Sadeh St., Tel-Aviv 6777506 Israel | Operation of the CRM module of the monday.com corporate management system, storage of the sales leads |
| Webflow, Inc. 398 11th Street, Floor 2, San Francisco, CA 94103 USA | Operation of websites, webhosting services |
The voluntarily provided personal data of the Data Subject is stored by the webhosting data processors entrusted by the Data Controller, on the servers of data processors, in the territory of the European Union.
Data Controller processes the personal data of the Data Subject until thewithdrawal of his/her consent, but maximum for one year from data supply.
On the Website you can request and receive information about relevant news, promotions and products by e-mail. These messages are considered as direct marketing processing under the applicable legislation. In relation to this processing, the Data Controller provides the following information.
The natural persons who have requested the newsletter and subscribed to receive marketing mails.
| The scope of data processed | The purpose of data processing | The legal basis of processing |
|---|---|---|
| name, e-mail address, organization, job title, country, phone number | Sending country-specific, job-specific advertising, offers, news and information e-mails | The Data Controller processes these data of the Data Subject pursuant to Article 6(1)(a) of GDPR (your given consent ). The consent is provided by sending the e-mail or ticking the checkbox before sending the message on the Webpage |
| e-mail address, the fact of subscribing to the newsletter (yes/no) | Subsequent proof of consent to subscribe. | The Controller processes these data on the basis of Article 6(1)(f) of the GDPR (legitimate interest of the Controller). The Data Controller defines its legitimate interest as the recording and subsequent proof of the fact that consent has been given, which interests cannot be achieved without the processing of data in accordance with this point. The Data Controller has established an interest balancing test related to the legitimate interest as a legal basis and shall make it available to data subjects upon request. |
the personal data provided above may be accessed by the staff responsible for marketing activities and by the competent staff in the IT area.
Data Controller doesn’t transfer the provided personal data of the Data Subjects
The Data Controller uses the following data processors to achieve the purpose of the processing:
| Name and contact details of the data processor used | Data processing operations performed by the processor |
|---|---|
| TheRocket Science Group, LLC (MailChimp) 675 Ponce de Leon Ave NE Suite5000 Atlanta, GA 30308 USA | Sending newsletters, mass mailings, doing analyses, statistics |
The personal data provided by the data subject are stored on the servers of the Data Processor used by the Data Controller.
Data Controller processes the personal data of the Data Subject until the withdrawal of his/her consent.
Data Controller hereby informs Data Subjects about the use of cookies of the Webpage. Cookies are small data files which help the websites to provide better user experience. These files are saved on the user’s device on his/her first visit on the Webpage, and during the next visit, the browser reads the files and identifies the user. According to the GDPR, these data files are considered personal data in certain circumstances, since in case the earlier set of cookies is sent backby the browser, then the service provider handling the cookies is able to link the current visit of the user with his/her earlier visits, but only for its own content. According to the relevant legislation, cookies can be placed on the user’s device without his/her consent only if it’s a prerequisite for the proper functioning of the website. Every other (not necessary) cookie can be saved only based on the consent of the user.
To check or to modify your earlier consent regarding the usage of cookies, click here.
Data subjects:
natural persons who visit the https://www.consortix.com/website
Scope of processed data:
sessionid, date and time of the visit on the website
Purpose of data processing:
The necessary cookies facilitate the usability of the website, enabling basic functions such as navigating the website and accessing secure sites, authenticating login, load balancing, saving language settings. The Website will not function properly without the use of these cookies.
Legal basis for the data processing:
For the usage of the necessary cookies, the consent of the Data Subject is not necessary. Data Controller can process these data in accordance with Article 6(1)(f) of the GDPR (the legitimate interest of the Data Controller). Data Controller has prepared an interest balancing test in connection with the „legitimate interest” as lawful basis. Upon request, Data Controller provides the test to the Data Subjects.
| Name | Purpose | Expiry |
|---|---|---|
| PHSESSID | Saves the user’s session data during each request | End of the session |
Data subjects:
natural persons who visit the https://www.consortix.com/website, and give consent to the data processing
Scope of processed data:
IPaddress of the user, path of the Webpage (the website visited beforeor through the Webpage), date, time and duration of the visit,browser ID, location of the user during the visit, user behavior onthe Webpage
Purpose of data processing:
Statistical cookies help website owners to understand how visitors interact with the websites. These informations are collected anonymously.
Legal basis for the data processing:
Data Controller processes statistical cookies in accordance with Article6 (1) (a) of the GDPR (consent of the Data Subject). Data Subject provides his/her consent upon the first visit on the Webpage by ticking the checkboxes in the pop-up window.
| Name | Purpose | Expiry |
|---|---|---|
| _ga | Registers a unique ID that is used to generate statistical data on how the visitor uses the website. | 2 years |
| _gat | This cookie is used by Google Analytics in order to limitate the usage ratio of the Webpage. | 1 day |
| _gid | This cookie registers a unique ID, which is suitable for producing statistical data on the user’s visit on the Webpage. | 1 day |
| collect | This cookie sends data to Google Analytics about the device and behavior of the user, furthermore, it follows him/her through the tools and marketing channels. | End of session |
Data subjects:
natural persons who visit the https://www.consortix.com/website, and give consent to the data processing
Scope of processed data:
IP address of the user, path of the Webpage (the website visited before or through the Webpage), date, time and duration of the visit, browser ID, location of the user during the visit, user behavior on the Webpage
Purpose of data processing:
Marketing cookies are used for tracking the visitors of the websites. The purpose of placing marketing cookies to the device of the users is to serve them with personalized ads. The information collected by these cookies are more valuable for the advertisers.
Legal basis for the data processing:
Data Controller processes statistical cookies in accordance with Article6 (1) (a) of the GDPR (consent of the Data Subject). Data Subject provides his/her consent upon the first visit on the Webpage by ticking the checkboxes in the pop-up window.
| Name | Purpose | Expiry |
|---|---|---|
| ads/ga-audiences | This cookie is used by the Google Tag Manager to detect whether the user intends to leave the page via cursor movements. This allows the website to trigger certain pop-ups to keep the user on the website or convert them to customer. | End of session |
Persons entitled to access the data:
personal data collected through the use of cookies may be disclosed to the staff responsible for the operation of IT systems and marketing activities, as well as to the management of the Data Controller.
Data transfer:
the personal data collected by these cookies is transferred to the service provider that collected the data. The personal data collected for statistical purposes, for the operation of Google Analytics and for marketing purposes for the operation of Google Tag Manager will be transferred to Google Inc. By consenting to the cookie, the data subject gives his/her explicit consent to the transfer of the data.
Data processors:
the Data Controller uses the following data processors to achieve the purpose of the processing
| Name and contact details of the data processor used | Data processing operations performed by the processor |
|---|---|
| Huuzi.com Korlátolt Felelősségű Társaság address: 9022 Győr, LisztFerenc street 40. 2nd floor email.: info@upsolution.hu | Operation of websites, webhosting services |
Place and method of processing:
The personal data of the Data Subject is stored by the webhosting data processors entrusted by the Data Controller, on the servers of data processors, in the territory of the European Union
Please note that on the Webpage there are links to other websites. The usage of these external websites is ruled by their privacy policy or privacy notice. After clicking on the external link or button, the Data Controller cannot control the collecting, storing or processing of the personal data anymore.
Please be informed that the Data Controller will take all technical and organizational measures and establish the procedural rules necessary to enforce the GDPR rules on confidentiality and security of processing.
The Data Controller shall take appropriate measures to protect the data it processes against unauthorized access, alteration, disclosure, transmission, disclosure, erasure or destruction and against accidental destruction or accidental damage.
The Data Controller shall, in the course of its processing, retain:
confidentiality: it shall protect the information so that only authorized persons have access to it;
integrity: to protect the accuracy and completeness of the information and the processing method;
availability: ensures that the authorized user has effective access to the information required when he needs it and that the means to access it are available.
The Data Controller shall adequately protect its information technology systems and networks against computer fraud, espionage, fire and flooding, viruses and computer intrusions. The Operator shall ensure security through server-level and application-level protection procedures.
Please be informed that you may request, at any time and without restriction, in relation to your personal data:
information, access to data,
rectification,
erasure,
restriction of processing,
data portability,
withdraw consent,
object to the processing of personal data.
The Data Controller shall take appropriate measures to provide data subjects with all the information referred to in Articles 13 and 14 of the GDPR and each of the notifications referred to in Articles 15 to 22 and 34 of the GDPR concerning the processing of personal datain a concise, transparent, intelligible and easily accessible form, in clear and plain language.
right to information can be exercised in writing by using the contact details indicated in point 3 of this notice. The data subject may also be provided with information or ally at his or her request, after verification of his or her identity.
The data subject shall have the right to obtain from the controller information as to whether or not his or her personal data are being processed and, if such processing is taking place, the right to obtain access to the personal data and to the details of the processing as provided for in the GDPR.
TheData Controller shall provide the data subject with a copy of the personal data which are the subject of the processing. For additional copies requested by the data subject, the controller may charge a reasonable fee in line with the administrative costs. At the request of the data subject, the controller shall provide the information in electronic form.
The controller shall provide the information within a maximum of one month of the request.
The data subject may request the correction of inaccurate personal data relating to him or her processed by the Controller and the completion of incomplete data.
The Data Controller shall take appropriate measures to provide data subjects with all the information referred to in Articles 13 and 14 of the GDPR and each of the notifications referred to in Articles 15 to 22 and 34 of the GDPR concerning the processing of personal datain a concise, transparent, intelligible and easily accessible form, in clear and plain language. The right to information can be exercised in writing by using the contact details indicated in point 3 of this notice. The data subject may also be provided with information or ally at his or her request, after verification of his or her identity.
The data subject shall have the right to obtain, upon his or her request, the erasure of personal data relating to him or her by the Controlle rwithout undue delay where:
the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
the data subject withdraws the consent on the basis of which the processing was carried out and there is no other legal basis for the processing;
the data subject objects to the processing and there is no overriding legitimate ground for the processing;
the personal data have been unlawfully processed;
data portability,
the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
the personal data have been collected in connection with the provision of information society services.
The erasure of the data may not be initiated if the processing is necessary: for the exercise of the right to freedom of expression and information; for compliance with an obligation under Union or Member State law to process personal data or for the performance of a task carried out in the public interest or in the exercise of officia lauthority vested in the controller; for public health purposes or for archiving, scientific or historical research purposes or statistical purposes in the public interest; or for the establishment, exercise or defense of legal claims.
At the request of the data subject, the Controller shall restrict processing if one of the following conditions is met:
the data subject contests the accuracy of the personal data, in which case the restriction shall apply for a period of time which allows the accuracy of the personal data to be verified;
the processing is unlawful and the data subject opposes the erasure of the data and requests instead the restriction of their use;
the controller no longer needs the personal data for the purposes of the processing but the data subject requires them for the establishment, exercise or defense of legal claims; or
the data subject has objected to the processing; in this case, the restriction shall apply for a period of time until it is established whether the legitimate grounds of the controller override the legitimate grounds of the data subject.
Where processing is subject to restriction, personal data, other than storage, may be processed only with the consent of the data subjector for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or of an important public interest of the Union or of a Member State. The Controller shall inform the data subject in advance of the lifting of the restriction on processing.
The data subject shall have the right to obtain the personal data relating to him or her which he or she has provided to the controller in a structured, commonly used, machine-readable format and to transmit those data to another controller, where
the processing is based on the data subject's consent or on a contract to which the data subject is a party, and
the processing is carried out by automated means.
The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to processing of his or her personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions. In the event of an objection, the controller may no longer process the personal data, unless there are compelling legitimate grounds for doing so which override the interests, rights and freedoms of the data subject o rfor the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such purposes, including profiling, where it is related to direct marketing.
In the event of an objection to the processing of personal data for direct marketing purposes, the data shall not be processed for those purposes.
The data subject shall have the right to object to decisions based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects himor her. The above right shall not apply where the processing
necessary for the conclusion or performance of a contract between the data subject and the controller;
permitted by Union or Member State law applicable to the controller which also lays down appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; or
is based on the explicit consent of the data subject.
Please be informed that the Controller does not use automated decision-making or process personal data for profiling purposes in relation to the processing purposes set out in this notice.
The data subject has the right to withdraw his or her consent at anytime. Withdrawal of consent does not affect the lawfulness of the processing based on consent prior to its withdrawal.
The controller shall, without undue delay and in any event within one month of receipt of the request, inform the data subject of the action taken on the request made by the data subject in relation to the above. If necessary, taking into account the complexity of the request and the number of requests, this time limit may be extended by a further two months. If the controller fails to act on the data subject's request, it shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for the failure to act and of the possibility for the data subject to lodge a complaint with a supervisory authority and to exercise his or her right of judicial remedy.
The Controller shall provide the requested information and notification free of charge. Where the data subject's request is manifestly unfounded or excessive, in particular because of its repetitive nature, the controller may, taking into account the administrative costs of providing the information or information requested or of taking the action requested, charge a reasonable fee or refuse to acton the request.
Any person who has suffered damage, whether pecuniary or non-pecuniary, as a result of a breach of the Regulation shall be entitled to compensation from the controller or processor for the damage suffered. A processor shall be liable for damage caused by processing only if it has failed to comply with the obligations expressly imposed on processors by law or if it has disregarded or acted contrary to lawful instructions from the controller.
Where more than one controller or more than one processor, or both controller and processor, are involved in the same processing and are liable for the damage caused by the processing, each controller or processor shall be jointly and severally liable for the total damage.
The controller or processor shall be exempt from liability if it proves that it is not in any way responsible for the event giving rise to the damage.
Ifyou have a complaint or problem regarding the processing of your personal data, please contact us at the contact details set out in the section of this notice entitled "Names and contact details of the Data Protection Officer" in order to resolve the complaint amicably. If this is not successful, you may also contact the competent data protection authority or the competent court in your place of residence or domicile if you believe that there has been a breach of your personal data. You can submit your complaint to the Supervisory Authority using the contact details below:
Authority name: National Authority for Data Protection and Freedom of Information
(website: http://www.naih.hu)
Headquarters: 1055 Budapest, Falk Miksa utca 9-11.,
Postal address: 1363 Budapest, PO Box 9.
Please be informed that the data provided to the Data Controller on the basis of this information notice will not be used for purposes other than those indicated in this information notice.
