Privacy Policy

Under the relevant provisions of the Hungarian legislation and regulations in force, by registering on the websites of MultiSoft Ltd. (seat: 1112 Budapest, Kőérberki út 36.; Company Registration Number: 01-09-161858; Data Protection Register Number: NAIH-83380/2015.; email address: marketing@multisoft.hu) – hereinafter: “MultiSoft Ltd.” or “Data Controller” – or by subscribing to the newsletter, you consent to MultiSoft Ltd. managing your personal data for data processing purposes specified under section 6, in compliance with the referred legal provisions.

Please note that data provision is voluntary and you have the right to request information regarding the data processing at any time, as well as to request correction to or deletion of your data, or the cessation of their use, or a part of them, for the purposes outlined below in writing to “1112 Budapest, Kőérberki út 36” or to the email address marketing@multisoft.hu. The Data Controller will not be liable for the authenticity of the data you provided.

Data Protection Register Number: NAIH-83380/2015.

1. This privacy protection policy and information (hereinafter: “Privacy Policy”) contains the rules for data processing in compliance with the provisions of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: “Info Act”) regarding the processing of personal data of natural person users of websites operated by the data controller, at http://www.multisoft.hu, and at the addresses specified therein (hereinafter: “User”), specified in this Privacy Policy, as well as the data privacy information for Users.

2. GENERAL PROVISIONS
The Data Controller shall process the personal data of Users based on this Privacy Policy, taking into account all information by the authority in charge of data privacy (currently: National Data Protection and Freedom of Information Authority, seated at 1125, Budapest, Szilágyi Erzsébet fasor 22/C, and its website: www.naih.hu,) as well as the published judicial practice. By accepting this Privacy Policy, the User consents to the data processing by Data Controller in accordance with the Privacy Policy. Please also see section 5 (User’s Declaration) to familiarize yourself with the declarations made upon accepting this Privacy Policy.

3. AMENDMENTS
The Data Controller reserves the right to make unilateral amendments to this Privacy Policy by providing notice thereof to Users on the Website. The changes to the Privacy Policy will be posted on the Website by the Data Controller no later than five (5) days prior such updated Privacy Policy comes into force. The Data Controller may send notice about the changes to this Privacy Policy to registered Users of the Website through the user account available on the Website, or to both registered or unregistered Users via any of the options provided upon registration or by using the Website no later than five (5) days before the updated Privacy Policy comes into force. By accepting this Privacy Policy, the User consents to receiving notice using the contact options provided by him/her upon registration or upon using the Website.

4. PURPOSE OF PRIVACY POLICY
The purpose of this Privacy Policy is to determine the scope of the User’s personal data under section 7 and handled by Data Controller, the method of data processing, to honour the privacy of natural person Users pursuant to other relevant legislation, to satisfy the requirements of data protection and data security as well as to to prevent unauthorized access to the User’s personal data, changes to, or unauthorized disclosure or use of such data.

5. USER’S DECLARATION
By registering, the User confirms having read this Privacy Policy in full acknowledges the provisions thereof to be binding on him or herself, and voluntarily, in full awareness and definitively consents to the Data Controller handling the personal data specified in the Privacy Policy for data processing purposes specified therein – i.e. for all purposes outlined in the Privacy Policy – in compliance with the provisions of this Privacy Policy.

By registering, the User consents to the Data Controller handling the personal and other data provided voluntarily for the purposes outlined in section 6 and at the same time, consents to the use of his/her name and address data (contact details) for continuous contact, as well as for repeated contact. The User may of course revoke his/her consent any time using any of the contact details of Data Controller specified under section 1 of the Privacy Policy. The User declares that the data provided during registration are true and that they do not constitute a breach of personal or other rights, nor the legally protected rights of third parties.

6. DATA PROCESSING PURPOSES;
The purposes of handling of the User’s personal data
  • The use, rendering, maintenance and protection of services offered through the Website by the Data Controller (hereinafter: “Services”);
  • The further development of the Services, as well as the development of new services;
  • The protection of the Data Controller and the User;
  • The preparation and completion of activities by the Data Controller regarding the Services, specifically including the display of contents posted on the Website, the preparation and completion of activities launched on the Website, as well as providing support for such activities by the Data Controller;
  • From time to time, market research or public opinion polling; and
  • Promotional purposes related to above activities (sending newsletters, or promotional newsletters, participation in giveaways, the offering of products/services, direct marketing and telemarketing/telesales activity).


7. SCOPE OF PERSONAL DATA HANDLED
The provisions related to handling and protection of Users’ personal data are applicable exclusively to natural persons given that personal data may only be interpreted in the context of natural persons. The Data Controller will only register personal data voluntarily provided by the User. By providing personal data, the User consents to having such personal data entered in the database of the Data Controller in accordance with this Privacy Policy.

7.1. Personal data processed for the purposes of user identification, or any other activities
The Data Controller processes the following personal data of the User for the purposes of identification: (1) Natural personal identification data of User: first and surname, (2) User’s email address provided upon registration; (3) User’s residential and postal address; (4) User’s direct telephone and fax number; (5) Personal information voluntarily provided by the User (such as address for notification, profession, position, interests) and other data.

For certain activities, the Data Controller may request additional data from Users (for example for award games and promotions the address or other personal data), these data shall also be provided on a voluntary basis, and the Data Controller may process the personal data provided only for the purposes specified under section 6 and only in relation to the activity, as well as only for the time period required for such activity. Any such data processing will also be governed by this Privacy Policy.

7.2. Data processed for the purposes of Services used:
(1) IP address of the User’s computer; (2) Data with regard to the User’s activity on the Website (such as tracking the number of banner clicks).

Such data will automatically be logged by the Data Controller’s system. These data are not suitable for personal identification, the Data Controller shall not link the data in the log file to other personal data in order to use such data for trend analysis, for preparing statistics of site use or for administering the Services. The data will be used for analysing and satisfying User demands, to contribute to the development of the quality of the Services. Registration forms: Data Controller may request personal data needed for establishing contact (depending on the type of registration, name, telephone number and email address) in these forms and these data are also provided on a voluntary basis.

Newsletter: The Data Controller may also operate a newsletter service on the Website. If the User wishes to receive a newsletter regarding the use of the Services and novelties related to the Services, the Data Controller will ask only for the email address from the User for use for an indeterminate period of time, where the newsletter is expected to be received. Providing the email address is also voluntary. The newsletter may also include advertising deals or promotional offers. By accepting this Privacy Policy, the User expressly consents to being contacted by the Data Controller via newsletters with advertising deals on its own behalf using the contact details provided for the receipt of newsletters. Users, who at any time after signing up for a newsletter that may be offered on the Website decide to cancel their subscription, can do so without justification using the method indicated in the newsletter and on the Website or by sending an email or postal message to any of the contact details indicated under section 1 of this Privacy Policy.

Direct marketing: By accepting this Privacy Policy, the User voluntarily and expressly consents to processing the User’s personal data for direct marketing by the Data Controller. This consent is provided on a voluntary basis and may be withdrawn without providing a reason at any time during the User relationship using any of the contact details posted on the Website or specified in section 1 of this Privacy Policy. The Data Controller may send out informational materials to Users from time to time regarding certain Services as to informing about novelties related to such Services. Users not wishing to receive such newsletters may cancel this informational service in the future at any time by mail via postal service or by using the postal address or the email address specified in section 1 of this Privacy Policy.

Sending promotional offers, direct marketing: the Data Controller from time to time may send informational circulars to Users about new services and special offers to which User, by accepting this Privacy Policy, consents automatically. For these purposes, the Data Controller processes the email addresses, the names and the postal addresses of Users. In the event the User no longer wishes to receive such promotional newsletters, the promotional newsletters may be cancelled without justification using the contact details of the Data Controller specified under section 1 of this Privacy Policy.

8. LEGAL GROUNDS AND METHODS OF DATA PROCESSING
The Data Controller shall collect and process Users’ personal data exclusively for the purposes of this Privacy Policy and shall ensure compliance with the purpose of data processing throughout every phase. By accepting this Privacy Policy, the User declares that providing consent to data processing and in each case any subsequent data provision shall be rendered in compliance with section 5 (1) a) of the Info Act, based on a voluntary, appropriately informed and definitive consent by the User. This voluntary, appropriately informed and definitive consent provides the legal grounds of data processing by the Data Controller specified by this Privacy Policy.

9. DATA SECURITY
In compliance with Article 7 of the Info Act, the Data Controller shall make every effort to ensure the security of your personal data. In addition, the Data Controller will take all necessary technical and organisational measures and establish the operational rules required to enforce the Info Act and other data and privacy regulations. The activities of the Data Controller comply with the requirements of the ISO27001 standard for information security management systems (ISMS).

In the event there is a change to any detail provided by User, the corresponding updates should also be carried out by User on the Website.

Cloud computing also forms a part of the Services. Cloud computing is typically international or cross border in nature and serves the purposes of data storage, for example, where the host is not the computer/corporate IT centre of Data Controller, but a server centre located anywhere in the world. The primary advantage of cloud computing is that it is essentially moves beyond geographical location and it provides a high security and flexible, extendable IT storage and processing capacity. The Data controller will choose partners offering cloud computing with the highest level of consideration, and shall take all reasonably expected measures to enter into agreements that prioritize the data security of Users, to make their data processing principles transparent to Users and to support data security by conducting regular audits. By accepting this Privacy Policy, the User expressly consents to the data transfers required for employing cloud computing solutions.

Links: The Website of Data Controller may also include some references or link to certain webpages maintained by other service providers (such as buttons, logos to login or sharing options), over which the Data Controller has no control with respect to personal data processing practices, or where the Data Controller is not involved in data sharing/data transfer. Users are hereby informed that by clicking on such links, they will be forwarded to the websites of other service providers. In such cases consulting the applicable data processing rules for using such websites is recommended. This Privacy Policy applies only to the Website operated by the Data Controller. In the event any data is modified or deleted by the User on an external website, it will not impact the data processing by the Data Controller and such modifications must be implemented on the Website as well.

10. USER RIGHTS AND LEGAL REMEDIES
The User may request to be informed about data processing and may also request the correction or blocking of personal data, or in case of an inaccurate data, the deletion of data. The User is entitled to exercise his or her rights with regard to personal data processing by sending notice to the email addresses provided upon registration. User may send a request for information or for cancellation by mail or by email to the postal or email address specified under section 1 of this Privacy Policy.

(a) Information
Information may be requested about personal data processing based on Article (14) a) of the Info Act. Upon request, the Data Controller will provide information for User on User data processed by Data Controller, on the purpose, the legal grounds, the duration of data processing, about the name, address (seat) of Data Controller and their activities related to data processing, as well as to the circumstances, effects of any data privacy incident and the data privacy incident management. Please send your request for information on data processing by mail or email to the address specified in section 1 of this Privacy Policy, which will be answered within twenty-five (25) days in writing. This information is free of charge if the User has not submitted a request for information to the Data Controller in the given year for the same area. In any other cases, the Data Controller may charge a fee for replying to the request for information.

(b) Correction
The Data Controller may correct personal data if requested by a User, in case some personal data is inaccurate and the accurate data is made available to the Data Controller. The Data Controller will notify the User about the correction, except, if failing to send notice given the purpose of data processing does not violate any legitimate interest of the User.

(c) Deletion of data
The Data Controller shall delete personal data, if requested by a User. The Data Controller will apply blocking as stipulated in section 10 d) as opposed to deletion, if so requested by the person affected, or if based on the available information it can be assumed that deletion would harm the legitimate interests of the affected person. The User may request the deletion any of his/her own personal data on the Website by using the appropriate menu item, or by mail or email sent to the postal or email address provided under section 1 of this Privacy Policy to Data Controller. At the User’s voluntary decision and request, the Data Controller shall delete the data requested to be deleted within twenty-five (25) days following the receipt of such a deletion request. By withdrawing consent to the processing of personal data, as well as by requesting the deletion of data, the User will relinquish the right to participate in the activities related to the registration. Deletion is cost-free in all cases. The Data Controller will notify User about the correction, except, if failing to send notice given the purpose of data processing does not violate any legitimate interest of the User.

d) Blocking
The Data Controller will block personal data instead of deletion at the User’s request, or, if based on available information, it can be assumed that deletion would harm the legitimate interests of the User. Personal data blocked in such fashion will be handled by the Data Controller only until such time as the purpose of data handling that excluded the deletion of the personal data continues to exist. The Data Controller will notify the User about the blocking except if failing to send notice given the purpose of data processing does not violate any legitimate interest of the User.

(e) Data tagging
Personal data processed by the Data Controller will be tagged if the User disputes its correctness or accuracy, but the incorrectness or inaccuracy of the disputed personal data cannot be definitively confirmed.

In the event the Data Controller fails to fulfil any User request for correction, blocking or deletion, the factual and legal reasons for refusing the correction, blocking or deletion request will be communicated in writing within twenty-five (25) days of the receipt of the request, including advice to the User on legal remedies and contacting the National Data Protection and Freedom of Information Office.

(f) Other communications
In the case of data processing for public polling, market research and direct marketing, the User may refuse to cooperate any further at any time without justification.

(11) RIGHT TO OBJECT AND RIGTH TO LEGAL REMEDIES
(a) Right to object
  • The User may object to the processing of his/her personal data if personal data processing is required exclusively for ensuring compliance with the Data Controller’s legal responsibilities or to validate the legitimate interest of the Data Controller or any third person;
  • if personal data is processed for the purposes of direct marketing or public polling;
  • exercising the right to object is otherwise permitted by law.

Within fifteen (15) days following the submission of such request, the Data Controller shall assess the objection, render a decision on whether it is well-founded and communicate the decision to the User in writing.

In the event the objection is well-founded, the Data Controller will cease data processing and the data will be blocked.

In the event the User does not agree with the Data Controller’s decision based on the objection, or the Data Controller fails to adhere to the above-specified deadline, the User may file a claim with the court within thirty (30) days following the announcement of the decision or from the last day of the deadline.

(b) Legal Remedies
The enforcement of a User’s legal rights is permitted pursuant to the Info Act. A User may file a claim with the court in case of infringement of his/her legal rights, or contact the data protection authority identified under section 2 of this Privacy Policy. Anyone can launch an inquiry by filing a report with the data protection authority by citing a violation or an immediate danger of violation of rights with regard to personal data processing.

In case of judicial enforcement, litigation may be launched either before the court according to the residence or to the place of stay of User at the User’s discretion. The means of enforcement, as well as the detailed legal provisions on the responsibilities of the Data Controller are set out in the Info Act.

The rights of incapacitated Users, or Users with limited legal capacity regarding data processing – including giving consent to personal data processing – will be exercised by their legal representative, or guardian and the User’s responsibilities will be fulfilled by such representative or guardian. No consent or post factum approval by the legal representative or guardian is required for the validity of a consent provided by a minor under the age of 16.

Budapest, 16 January 2017