We hereby inform you that Consortix Ltd. (official name: Consortix Informatikai Tanácsadó Korlátolt Felelősségű Társaság) uses the personal data of the natural person visitors (hereinafter referred as Data Subjects) as a Data Controller (hereinafter: Data Controller) in the course of operating its informative home page i.e. https://www.consortix.com/hu (hereinafter: Webpage). Pursuant to the Articles 13 and 14 of the Regulation (EU) 2016/679 of European Parliament and of the Council of 27 April 2016 (hereinafter referred as GDPR), regarding the processing of personal data of the Data Subjects, Data Controller provides the following information.
Name: Consortix Informatikai Tanácsadó Korlátolt Felelősségű Társaság (hereinafter: Data Controller)
Registered seat: 1036 Budapest, Lajos street 74-76.
Name: Péter Sváb
E-mail: info@consortix.com
Telephone: +3612312288
Under the relevant provisions of GDPR, Data Controller is not obliged to appoint a data protection officer. Therefore, the Data Controller can be contacted via the following e-mail address with any questions concerning data protection.
Name: Diána Czipperer
Contact: dataprivacy@consortix.com
By sending an e-mail to info.hungary@consortix.com or using the messaging function under the Contact menu of the Webpage, Data Subjects can directly contact the Data Controller.
Data Subjects:
Those natural persons who contact the Data Controller by email or by the messaging function of the Webpage.
Scope of processed data:
name, e-mail address, phone number, subject and any other data provided by the Data Subject in the message field
Purpose of data processing:
contacting between the Data Controller and the Data Subjects, responding to any requests and questions
Legal basis of the data processing: the Data Controller processes these data of the Data Subject pursuant to Article 6(1)(a) of GDPR (subject to your approval). The approval is provided by sending the e-mail or ticking the checkbox before sending the message on the Webpage
Scope of persons entitled to access personal data: Relevant colleagues of the organization of Data Controller, in particular sales and marketing colleagues (or in case the message is related to an event organized by the Data Controller, the coordinator of the event) may have access to the above mentioned personal data voluntarily provided through the incoming message.
Data transfer: Data Controller doesn’t transfer the provided personal data of the Data Subjects neither to third party in the EU, nor to third country, nor to any international organization.
Data processors: For processing purposes, Data Controller uses the services of the following data processors:
Name and contact details of the data processor:
Huuzi.com Korlátolt Felelősségű Társaság
address: 9022 Győr, Liszt Ferenc street 40. 2nd floor
email.: info@upsolution.hu
Processing operations provided by the data processor:
Operation of websites, webhosting services
Name and contact details of the data processor:
Microsoft Corporation
Dept. 551, Volume Licensing
6100 Neil Road, Suite 210
Reno, Nevada 89511-1137
USA
Processing operations provided by the data processor:
Using cloud storage space of Office 365
Place and method of data processing: The voluntarily provided personal data of the Data Subject is stored by the webhosting data processors entrusted by the Data Controller, on the servers of data processors, in the territory of the European Union.
Data retention period: Data Controller processes the personal data of the Data Subject until the withdrawal of his/her consent, but maximum for one year from data supply.
Data Controller hereby informs Data Subjects about the use of cookies of the Webpage. Cookies are small data files which help the websites to provide better user experience. These files are saved on the user’s device on his/her first visit on the Webpage, and during the next visit, the browser reads the files and identifies the user. According to the GDPR, these data files are considered personal data in certain circumstances, since in case the earlier set of cookies is sent back by the browser, then the service provider handling the cookies is able to link the current visit of the user with his/her earlier visits, but only for its own content. According to the relevant legislation, cookies can be placed on the user’s device without his/her consent only if it’s a prerequisite for the proper functioning of the website. Every other (not necessary) cookie can be saved only based on the consent of the user. To check or to modify your earlier consent regarding the usage of cookies, click here.
Data Subjects: natural persons who visit the https://www.consortix.com/hu informative website
Scope of processed data: session id, date and time of the visit on the website
Purpose of data processing: The necessary cookies improve the usability of the website, allow users to navigate on it or to access secure connection. Without these cookies, the Webpage doesn’t function properly.
Legal basis for the data processing: For the usage of the necessary cookies, the consent of the Data Subject is not necessary. Data Controller can process these data in accordance with Article 6(1)(f) of the GDPR (the legitimate interest of the Data Controller).
Data Controller has prepared an interest balancing test in connection with the „legitimate interest” as lawful basis. Upon request, Data Controller provides the test to the Data Subjects.
NAME:
PHSESSID
PURPOSE:
saves the user’s session data during each request
TYPE:
http
EXPIRy:
end of the session
REcipient of the data transfer:
no recipient
service provider:
consortix.com
Data Subjects: natural persons who visit the https://www.consortix.com/hu informative website, and give consent to the data processing.
Scope of processed data: IP address of the user, path of the Webpage (the website visited before or through the Webpage), date, time and duration of the visit, browser ID, location of the user during the visit, user behavior on the Webpage
Purpose of data processing: Statistical cookies help website owners to understand how visitors interact with the websites. These informations are collected anonymously.
Legal basis of the data processing: Data Controller processes statistical cookies in accordance with Article 6(1)(a) of the GDPR (consent of the Data Subject). Data Subject provides his/her consent upon the first visit on the Webpage by ticking the checkboxes in the pop-up window.
Name:
a, _ga
b, _gat
c, _gid
d, _hjid
e, _hjid
f, collect
g, _hjTLDTest
purpose:
a, This cookie registers a unique ID, which is suitable for producing statistical data on the user’s visit on the Webpage.
b, This cookie is used by Google Analytics in order to limitate the usage ratio of the Webpage.
c, This cookie registers a unique ID, which is suitable for producing statistical data on the user’s visit on the Webpage.
d, This cookie provides unique ID for the user’s session, therefore it lets the Data Controller to collect statistical data about the user’s behavior on the Webpage.
e, This cookie provides unique ID for the user’s session, therefore it lets the Data Controller to collect statistical data about the user’s behavior on the Webpage.
f, This cookie sends data to Google Analytics about the device and behavior of the user, furthermore, it follows him/her through the tools and marketing channels.
g, With this cookie, by using a kind of thermal image, Data Controller collects statistical data about which parts of the Webpage are the most frequently visited by the users.
type:
a, http
b, http
b, http
c, http
d, http
e, html
f, pixel
g, http
expiry:
a, 2 years calculated from the recording/updating
b, 1 day calculated from the recording/updating
c, 1 day calculated from the recording/updating
d, 1 year calculated from the recording/updating
e, permanent
f, end of the session
g, end of the session
REcipient of the data transfer:
a, Google LLC. (USA)
b, Goolge LLC. (USA)
c, Goolge LLC. (USA)
d, Netherlands
e, Netherlands
f, Goolge LLC. (USA)
g, Netherlands
service provider:
a, consortix.com
b, consortix.com
c, consortix.com
d, consortix.com
e, consortix.com
f, google-analytics.com
g, consortix.com
Data Subjects: natural persons who visit the https://www.consortix.com/hu informative website
Scope of processed data: IP address of the user, path of the Webpage (the website visited before or through the Webpage), date, time and duration of the visit, browser ID, location of the user during the visit, user behavior on the Webpage
Purpose of the data processing: Marketing cookies are used for tracking the visitors of the websites. The purpose of placing marketing cookies to the device of the users is to serve them with personalized ads. The information collected by these cookies are more valuable for the advertisers.
Legal basis of the data processing: Data Controller processes marketing cookies in accordance with Article 6(1)(a) of the GDPR (consent of the Data Subject). Data Subject provides his/her consent upon the first visit on the Webpage, by ticking the checkboxes in the pop-up window.
name:
_hjIncludedInSample
purpose:
This cookie determines whether the navigation of the user has to be registered into a certain statistical repository.
type:
http
expiry:
end of the session
recipient of the data transfer:
Netherlands
service provider:
consortix.com
name:
ads/ga-audiences
purpose:
This cookie is used by Google AdWords in order to reattract visitors who have appeared to be potential customers according to their navigation between the websites.
type:
pixel
expiry:
end of the session
recipient of the data transfer:
Google LLC. (USA)
service provider:
google.com
Scope of persons entitled to access personal data: The personal data collected by cookies can be accessed by the management of the Data Controller and the colleagues who operate the IT systems and who are responsible for marketing tasks.
Data processors: For processing purposes, Data Controller uses the services of the following data processors:
Name and contact details of the data processor:
Huuzi.com Korlátolt Felelősségű Társaság
address: 9022 Győr, Liszt Ferenc street 40. 2nd floor
email.: info@upsolution.hu
Processing operations provided by the data processor:
Operation of websites, webhosting services
Place and method of data processing: The voluntarily provided personal data of the Data Subject is stored by the webhosting data processors entrusted by the Data Controller, on the servers of data processors, in the territory of the European Union.
Please note that on the Webpage there are links to other websites. The usage of these external websites is ruled by their privacy policy or privacy notice. After clicking on the external link or button, the Data Controller cannot control the collecting, storing or processing of the personal data anymore.
We kindly inform you that Data Controller takes all the technical and organizational measures, and draws up the rules of procedure which are necessary for compliance with the GDPR-requirements of confidentiality and secure data management.
Data Controller protects his/her processed data by all the appropriate measures against unauthorized access, alteration, forwarding, disclosure, erasure, destruction, accidental destruction or damage.
During the data processing procedure, Data Controller maintains:
a) confidentiality: protects the information, therefore only the entitled people can access the data;
b) integrity: protects the accuracy and completeness of the information and the data processing method;
c) availability: ensures that the information can be accessed by the entitled user and the necessary accessing tools are also available whenever the user needs it.
Data Controller provides sufficient protection for his IT systems and networks against computer fraud, espionage, fire, flood, viruses and computer intrusion. The operator ensures security both on software level and on application level. In order to be able to record every single security incident and also to able to provide evidence in case a security incident occurs, Data Controller is constantly monitoring his/her systems. With system monitoring it’s also possible to verify the effectiveness of the security measures applied. Furthermore, Data Controller requires and controls his contracted data processors to comply with the information security measures applied, under the provisions of their agreements.
We kindly inform you that regarding your personal data, anytime and without limitation you may ask for
- further information, access to the data
- rectification of the data
- delete your personal data
- limit the data processing
- data portability
- withdraw your consent
- moreover, you may object against the processing of your personal data.
Data Controller takes appropriate measures to provide Data Subjects with all the information covered by the Articles 13,14, 15-22 and 34 of GDPR in a concise, transparent, intelligible and easily accessible form, using clear and plain language.
The right to receive information shall be exercised in written form, via the contact details mentioned in the 3rd section of this Notice. On the request of the Data Subject – after proving his/her identity – information can be provided in oral form as well.
The Data Subject has the right to receive feedback from the Data Controller on whether the processing of its personal data is in progress, and if such data processing is in progress, the Data Subject is entitled to receive access to his/her personal data and the details of the data processing, in accordance with the GDPR.
Data Controller provides the Data Subject with the copy of the processed personal data of the Data Subject. For each additional copies, Data Controller may charge a fee that is reasonably related to the administrative cost of the service. On the request of the Data Subject, Data Controller can provide the requested information in electronic form as well.
Data Controller shall provide the requested information no later than one month from the presentation of the request.
The Data Subject is entitled to request the rectification and the supplementation of the inaccurate personal data concerning him/her.
The Data Subject is entitled to request the erasure of personal data concerning him/her by the Data Controller, without undue delay, if any of the following reasons exists:
- the personal data indicated by the Data Subject is not necessary for the purpose which the Data Controller collected or otherwise processed it;
- the Data Subject withdrew his/her consent and there is no other legal basis for the data processing;
- the Data Subject objects to the data processing and there is no legitimate reason enjoying precedence for data processing;
- the personal data were processed illegally;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject;
-the personal data have been collected in relation to the offer of information society services;
Erasure of the data cannot be applied in case the data processing is necessary; for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires data processing by Union or Member State law to which Data Controller is subject; for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller; for reasons of public interest in the area of public health; for archiving purposes, scientific, historical research or statistical purposes of the public interest; or for the establishment, exercise or defense of legal claims.
The Data Subject has the right to obtain restriction of data processing from the Data Controller if one of the following condition applies:
- the Data Subject disputes the accuracy of personal data. In this case, the restriction lasts until the Data Controller checks the accuracy of the data;
- the data processing is unlawful, but the Data Subject opposes the erasure of the personal data and requests the restriction of its use instead;
- the Data Controller no longer needs the personal data for the purposes of data processing, but they are required by the Data Subject for the establishment, exercise or defense of legal claims;
- the Data Subject objected to the data processing. In this case, pending the verification whether the legitimate grounds of the Data Controller override the legitimate grounds of the Data Subject, data processing is to be restricted.
In the case of restrictions, the personal data may only be processed (with the exception of storage) with the consent of the Data Subject or for establishing, exercising or defending legal claims or to protect the rights of other natural persons or legal entities or out of important public interest of the Union or a Member State. The Data Controller informs the Data Subject before lifting the restriction on the data processing.
The Data Subject is entitled to receive personal data concerning and provided by the Data Subject from the Data Controller in a sequenced, widely used format that is machine-readable. Furthermore, Data Subject is entitled to transfer such data to another data controller if:
- the data processing is based on the consent of the Data Subject or on contractual legal basis in which the Data Subject is a counterparty and
- data processing is done in an automated way.
The Data Subject is entitled to object, on grounds relating to his/her particular situation, at any time to the processing of personal data concerning him/her is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller, or the data processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, including profiling based on the mentioned provisions.
In case of object, Data Controller shall no longer process the personal data of the Data Subject unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or which are connected to the establishment, exercise or defence of legal claims.
If the personal data is processed for direct marketing purposes, the Data Subject shall have the right to object at any time to processing of personal data concerning him/her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
In case the Data Subject objects to processing for direct marketing purposes, his/her personal data shall no longer be processed for such purposes.
Data Subject shall have the right not to be the subject to a decision based exclusively on automated data processing, including profiling, which produces legal effects concerning him/her or similarly significantly affects him/her.
This right shall not apply in case of the data processing:
- is necessary for entering into, or performance of, a contract between the Data Subject and the Data Controller;
-is authorized by a Union or Member State law to which the Data Controller is subject and which also lays down suitable measures to safeguard the rights, freedoms and legitimate interests of the Data Subject;
- is based ont he explicit consent of the Data Subject.
We hereby inform you that Data Controller does not apply automated decision-making concerning any of the data processing purposes declared in this notice. Furthermore, Data Controller does not process personal data for the purpose of profiling.
The Data Subject is entitled to withdraw his/her consent at any time. The withdrawal of the consent does not affect the lawfulness of data processing based on consent before its withdrawal.
The Data Controller shall provide information on actions taken on a request to the Data Subject without undue delay but no later than one month from receiving the request. That period may be extended by two further months if necessary, taking into account the complexity and the number of requests.
If the Data Controller does not act on the request of the Data Subject without undue delay but no later than one month from receiving the request, the Data Controller shall inform the Data Subject on the reasons of not taking any action and on the possibility of lodging a complaint with a supervisory authority and seeking judicial remedy.
The Data Controller shall provide the requested information free of charge. If the requests of the Data Subject are manifestly unfounded or excessive, in particular because of the repetitive character of the requests, the Data Controller may either charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested; or refuse to act on the request.
Any person who has suffered material or non-material damage as a result of an infringement of the data protection regulation shall have the right to receive compensation from the Data Controller or Data Processor for the damage he/she suffered. Data Processor shall be liable for the damage caused by data processing only where he/she has not complied with obligations provided by the law specifically directed to data processors or where he/she has acted outside or contrary to the lawful instructions of the Data Controller.
If more than one data controller or data processor, or both a controller and a processor, are involved in the same data processing and if they are responsible for any damage caused by the data processing, each controller or processor shall be held liable for the entire damage.
The Data Controller or Data Processor shall be exempt from liability if he/she proves that he/she is not in any way responsible for the event giving rise to the damage.
We hereby inform you that if you have any complaints regarding the processing of your personal data, please feel free to contact us in order to find a peaceful resolution. In case of failure, you can report the infringement of your rights concerning your personal data to the competent data protection authority or you can contact the court of your domicile or place of residence.
You can lodge your complaint with the supervisory authority via the following contact details:
Name of the supervisory authority:
Hungarian National Authority for Data Protection and Freedom of Information (NAIH)
(website: http://www.naih.hu)
Seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.,
Mailing address: 1530 Budapest, Pf.: 5.
We hereby inform you that Data Controller doesn’t use automated decision-making measures related to the data processing purposes declared in the present notice, furthermore, doesn’t process personal data for profiling.
We hereby inform you that according to this notice, your data provided to the Data Controller is not used for purposes other than those declared in this notice.