Under the relevant provisions of the Hungarian legislation and regulations in force, by registering on the websites of MultiSoft Ltd. (seat: 1112 Budapest, Kőérberki út 36.; Company Registration Number: 01-09-161858; Data Protection Register Number: NAIH-83380/2015.; email address: email@example.com) – hereinafter: “MultiSoft Ltd.” or “Data Controller” – or by subscribing to the newsletter, you consent to MultiSoft Ltd. managing your personal data for data processing purposes specified under section 6, in compliance with the referred legal provisions.
Please note that data provision is voluntary and you have the right to request information regarding the data processing at any time, as well as to request correction to or deletion of your data, or the cessation of their use, or a part of them, for the purposes outlined below in writing to “1112 Budapest, Kőérberki út 36” or to the email address firstname.lastname@example.org. The Data Controller will not be liable for the authenticity of the data you provided.
Data Protection Register Number: NAIH-83380/2015.
2. GENERAL PROVISIONS
5. USER’S DECLARATION
The User declares that the data provided during registration are true and that they do not constitute a breach of personal or other rights, nor the legally protected rights of third parties.
6. DATA PROCESSING PURPOSES;
The purposes of handling of the User’s personal data
7. SCOPE OF PERSONAL DATA HANDLED
- The use, rendering, maintenance and protection of services offered through the Website by the Data Controller (hereinafter: “Services”);
- The further development of the Services, as well as the development of new services;
- The protection of the Data Controller and the User;
- The preparation and completion of activities by the Data Controller regarding the Services, specifically including the display of contents posted on the Website, the preparation and completion of activities launched on the Website, as well as providing support for such activities by the Data Controller;
- From time to time, market research or public opinion polling; and
- Promotional purposes related to above activities (sending newsletters, or promotional newsletters, participation in giveaways, the offering of products/services, direct marketing and telemarketing/telesales activity).
The provisions related to handling and protection of Users’ personal data are applicable exclusively to natural persons given that personal data may only be interpreted in the context of natural persons.
7.1. Personal data processed for the purposes of user identification, or any other activities
The Data Controller processes the following personal data of the User for the purposes of identification:
(1) Natural personal identification data of User: first and surname,
(2) User’s email address provided upon registration;
(3) User’s residential and postal address;
(4) User’s direct telephone and fax number;
(5) Personal information voluntarily provided by the User (such as address for notification, profession, position, interests) and other data.
7.2. Data processed for the purposes of Services used:
(1) IP address of the User’s computer;
(2) Data with regard to the User’s activity on the Website (such as tracking the number of banner clicks).
Such data will automatically be logged by the Data Controller’s system. These data are not suitable for personal identification, the Data Controller shall not link the data in the log file to other personal data in order to use such data for trend analysis, for preparing statistics of site use or for administering the Services. The data will be used for analysing and satisfying User demands, to contribute to the development of the quality of the Services.
Registration forms: Data Controller may request personal data needed for establishing contact (depending on the type of registration, name, telephone number and email address) in these forms and these data are also provided on a voluntary basis.
8. LEGAL GROUNDS AND METHODS OF DATA PROCESSING
9. DATA SECURITY
In compliance with Article 7 of the Info Act, the Data Controller shall make every effort to ensure the security of your personal data. In addition, the Data Controller will take all necessary technical and organisational measures and establish the operational rules required to enforce the Info Act and other data and privacy regulations.
The activities of the Data Controller comply with the requirements of the ISO27001 standard for information security management systems (ISMS).
In the event there is a change to any detail provided by User, the corresponding updates should also be carried out by User on the Website.
Cloud computing also forms a part of the Services. Cloud computing is typically international or cross border in nature and serves the purposes of data storage, for example, where the host is not the computer/corporate IT centre of Data Controller, but a server centre located anywhere in the world. The primary advantage of cloud computing is that it is essentially moves beyond geographical location and it provides a high security and flexible, extendable IT storage and processing capacity.
10. USER RIGHTS AND LEGAL REMEDIES
The Data Controller may correct personal data if requested by a User, in case some personal data is inaccurate and the accurate data is made available to the Data Controller. The Data Controller will notify the User about the correction, except, if failing to send notice given the purpose of data processing does not violate any legitimate interest of the User.
(c) Deletion of data
The Data Controller will notify User about the correction, except, if failing to send notice given the purpose of data processing does not violate any legitimate interest of the User.
The Data Controller will block personal data instead of deletion at the User’s request, or, if based on available information, it can be assumed that deletion would harm the legitimate interests of the User. Personal data blocked in such fashion will be handled by the Data Controller only until such time as the purpose of data handling that excluded the deletion of the personal data continues to exist. The Data Controller will notify the User about the blocking except if failing to send notice given the purpose of data processing does not violate any legitimate interest of the User.
(e) Data tagging
Personal data processed by the Data Controller will be tagged if the User disputes its correctness or accuracy, but the incorrectness or inaccuracy of the disputed personal data cannot be definitively confirmed.
In the event the Data Controller fails to fulfil any User request for correction, blocking or deletion, the factual and legal reasons for refusing the correction, blocking or deletion request will be communicated in writing within twenty-five (25) days of the receipt of the request, including advice to the User on legal remedies and contacting the National Data Protection and Freedom of Information Office.
(f) Other communications
In the case of data processing for public polling, market research and direct marketing, the User may refuse to cooperate any further at any time without justification.
(11) RIGHT TO OBJECT AND RIGTH TO LEGAL REMEDIES
(a) Right to object
- The User may object to the processing of his/her personal data if personal data processing is required exclusively for ensuring compliance with the Data Controller’s legal responsibilities or to validate the legitimate interest of the Data Controller or any third person;
- if personal data is processed for the purposes of direct marketing or public polling;
- exercising the right to object is otherwise permitted by law.
Within fifteen (15) days following the submission of such request, the Data Controller shall assess the objection, render a decision on whether it is well-founded and communicate the decision to the User in writing.
In the event the objection is well-founded, the Data Controller will cease data processing and the data will be blocked.
In the event the User does not agree with the Data Controller’s decision based on the objection, or the Data Controller fails to adhere to the above-specified deadline, the User may file a claim with the court within thirty (30) days following the announcement of the decision or from the last day of the deadline.
(b) Legal Remedies
In case of judicial enforcement, litigation may be launched either before the court according to the residence or to the place of stay of User at the User’s discretion.
The means of enforcement, as well as the detailed legal provisions on the responsibilities of the Data Controller are set out in the Info Act.
The rights of incapacitated Users, or Users with limited legal capacity regarding data processing – including giving consent to personal data processing – will be exercised by their legal representative, or guardian and the User’s responsibilities will be fulfilled by such representative or guardian. No consent or post factum approval by the legal representative or guardian is required for the validity of a consent provided by a minor under the age of 16.
Budapest, 16 January 2017