Last modified: 25th March 2021

In order to make the changes of present Privacy Policy more transparent we summarize each modification in the chart below with indicating the most important changes and the date from which the changes are effective:

Version

Validity period

Changes

Downloaded

v4 25.03.2021 - Change of the representative of the Company TRAININGS PRIVACY POLICY PDF v4
v3 04.02.2021. - 24.03.2021 Changes (decrease) in the scope of processed data TRAININGS PRIVACY POLICY PDF v3

v2

23.11.2020.– 03.02.2021.

Section of joint data processing

TRAININGS PRIVACY POLICY PDF v2

v1

01.09.2020.– 22.11.2020.

Initial version

Thank you for choosing the services provided by or the software developed META-INF Kft. We would like to kindly inform you that it is our first priority to properly protect your personal data and to respect your rights related thereto.

To achieve the above goals present privacy policy (hereinafter as: “Policy”) in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter as: “GDPR”) contains all information regarding the processing of personal data provided to us by the users (hereinafter as: “User”) of the training services (hereinafter as: “Services”) provided by

Company name: META-INF Szolgáltató Korlátolt Felelősségű Társaság

Registered seat: 1192 Budapest, Taksony utca 6. fszt. 1., Hungary

Company registration number: 01-09-170431

Tax number: 13024583-2-43

Registered by: Company Registry Court of the Metropolitan Court of Budapest

Represented by: Attila Gáspár, Tibor Hegyi managing directors individually

E-mail: info@meta-inf.hu

Telefonszám: +36 30 515 4464

(hereinafter as: “Service Provider”)

within the framework of the so called „Atlassian Solution Partner” activity. The aim of the Policy is to give a clear picture about why, how and how long we process personal data related to our Users who use our Service.

In matters not regulated by present Policy the privacy policy of the Service Provider for its other services (https://www.meta-inf.hu/en/privacy-policy/) shall prevail and present Policy shall be interpreted in accordance with the privacy policy for other services.

I. A few data privacy related definitions to better understand the Policy

Personal data

means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Processing

means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Controller

means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by EU or Member State law;

The controller of your personal data is the Service Provider

Processor

means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Third party

means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;

Data forwarding

Means the disclosure of personal data to specific third parties;

Data subject

Everybody who shares his/her personal data with the Service Provider through the Website or via other channels or whose personal data is processed by the Service Provider otherwise. For example, You who reads this Policy;

Consent of the data subject

means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Sensitive data

personal data referring to racial origin, nationality, political opinions or membership in any political party, religious or other beliefs, membership of an advocacy organization, sex life, personal data concerning health, pathological data;

Genetic data

means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question;

Biometric data

means personal data resulting from specific technical processing relating to the physical, physiological or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopy data;

Personal data breach

means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;

Most of the above definitions are used by the GDPR. The full text of the GDPR is available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=HU. The above list is not complete so should you need more information or explanation do not hesitate to contact us.

We would like to inform You that during our processing we do not process or request from You any sensitive, genetic or biometric data.

II. In which cases do we process personal data?

In accordance with the principles laid down by Article 5 Section (1) of the GDPR the personal data of the User is processed in the following cases:

  • Trainings, workshops
  • Invoicing
  • Customer service

III. What data, for what purpose and for how long do we process?

In the cases detailed above the legal ground for processing shall be the following:

  • In accordance with article 6 Section (1) Point a) of the GDPR the freely given, specific, informed and unambiguous consent of the User (hereinafter as: „Consent”);
  • In accordance with article 6 Section (1) Point b) of the GDPR processing is necessary for the performance of a contract to which the User is party (hereinafter as: „Performance of Contract”);
  • In accordance with article 6 Section (1) Point c) of the GDPR processing is necessary for compliance with a legal obligation to which the controller is subject (hereinafter as: „Compliance”);
  • In accordance with article 6 Section (1) Point f) of the GDPR processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (hereinafter as: „Legitimate Interest”);

With respect to that we are not able to limit the amount of personal data may be sent to us by the User via any communication channel, because we have no influence on the User who voluntarily provide personal data, therefore we kindly request You that please only provide the most necessary information and data that is prescribed by the Service Provider in present Policy when contacting us in any was so do not share any personal data that we do not request or wish to handle under this Policy. If, despite our explicit request under this section, You provide us with information that is not necessary for the purposes of processing personal data and that may subsequently be detrimental to our Company, then by accepting present Policy You undertake to exempt our Company from any harmful consequences, including fines.

IV.1. Training, workshop

The Service Provider provides the User with training related to the use of Atlassian systems, during which it is necessary to process the personal data of the persons participating in the trainings either in order to verify their participation in the training or to provide them with the training material. With respect to that the Service Provider falls under the scope of Act LXXVII of 2013 on adult education (“AE Act”) and Government Decree no. 11/2020 (II.7.) on the implementation of the adult education act (hereinafter as: “AE Implementation”) therefore the processing of the User’s personal data and the scope of data processed and the duration of processing is prescribed by law.

Scope of data processed

Purpose of processing

Ground for processing

Duration of processing

First and last name of the User

Identification of the User, data necessary for conclusion of a contract, fulfillment of statistical data forwarding obligation

Compliance (Article 21 Section (1) Point aa) of the AE Act) / Performance of Contract

In connection with performance of contract until objection of processing but for the purpose of enforcing a possible claim until the end of the 5th year following the termination of the contract (the limitation period for enforcing claims, Article 6:22 Section (1) of the Civil Code)

In connection with compliance until the last day of the 8th year from the date of concluding the contract (Article 21 Section (5) of the AE Act)

Birth name of the User

Identification of the User, data necessary for conclusion of a contract, fulfillment of statistical data forwarding obligation

Compliance (Article 21 Section (1) Point aa) of the AE Act) / Performance of Contract

In connection with performance of contract until objection of processing but for the purpose of enforcing a possible claim until the end of the 5th year following the termination of the contract (the limitation period for enforcing claims, Article 6:22 Section (1) of the Civil Code)

In connection with compliance until the last day of the 8th year from the date of concluding the contract (Article 21 Section (5) of the AE Act)

The User’s place of birth

Identification of the User, data necessary for conclusion of a contract, fulfillment of statistical data forwarding obligation

Compliance (Article 21 Section (1) Point aa) of the AE Act) / Performance of Contract

In connection with performance of contract until objection of processing but for the purpose of enforcing a possible claim until the end of the 5th year following the termination of the contract (the limitation period for enforcing claims, Article 6:22 Section (1) of the Civil Code)

In connection with compliance until the last day of the 8th year from the date of concluding the contract (Article 21 Section (5) of the AE Act)

The User’s date of birth

Identification of the User, data necessary for conclusion of a contract, fulfillment of statistical data forwarding obligation

Compliance (Article 21 Section (1) Point aa) of the AE Act) / Performance of Contract

In connection with performance of contract until objection of processing but for the purpose of enforcing a possible claim until the end of the 5th year following the termination of the contract (the limitation period for enforcing claims, Article 6:22 Section (1) of the Civil Code)

In connection with compliance until the last day of the 8th year from the date of concluding the contract (Article 21 Section (5) of the AE Act)

Maiden name of the User’s mother

Identification of the User, data necessary for conclusion of a contract, fulfillment of statistical data forwarding obligation

Compliance (Article 21 Section (1) Point aa) of the AE Act) / Performance of Contract

In connection with performance of contract until objection of processing but for the purpose of enforcing a possible claim until the end of the 5th year following the termination of the contract (the limitation period for enforcing claims, Article 6:22 Section (1) of the Civil Code)

In connection with compliance until the last day of the 8th year from the date of concluding the contract (Article 21 Section (5) of the AE Act)

Education ID of the User Identification of the User, fulfillment of data forwarding obligation Compliance (Article 21 Section (1) Point aa) of the AE Act) / Performance of Contract Until the last day of the 8th year from the date of concluding the contract (Article 21 Section (5) of the AE Act)

E-mail address of the User

Identification of the User, fulfillment of statistical data forwarding obligation

Compliance (Article 21 Section (1) Point av) of the AE Act)

Until the last day of the 8th year from the date of concluding the contract (Article 21 Section (5) of the AE Act)

The highest level of the User’s education, professional qualification or qualification Fulfillment of statistical data forwarding obligation Compliance (Article 21 Section (1) Point ac) and ba) of the AE Act) Until the last day of the 8th year from the date of concluding the contract (Article 21 Section (5) of the AE Act)
Foreign language skills of the User Fulfillment of statistical data forwarding obligation Compliance (Article 21 Section (1) Point ba) of the AE Act) Until the last day of the 8th year from the date of concluding the contract (Article 21 Section (5) of the AE Act)

Data related to entering, completing or, if not completed, quitting training

Identification of the User, fulfillment of statistical data forwarding obligation

Compliance (Article 21 Section (1) Point bb) of the AE Act)

Until the last day of the 8th year from the date of concluding the contract (Article 21 Section (5) of the AE Act)

Data related to evaluation and qualification during the training

Identification of the User, fulfillment of statistical data forwarding obligation

Compliance (Article 21 Section (1) Point bc) of the AE Act)

Until the last day of the 8th year from the date of concluding the contract (Article 21 Section (5) of the AE Act)

Data regarding payment obligation related to the training, data related to the use of a loan related to training

Identification of the User, fulfillment of statistical data forwarding obligation

Compliance (Article 21 Section (1) Point bd) of the AE Act)

Until the last day of the 8th year from the date of concluding the contract (Article 21 Section (5) of the AE Act)

III.2. Invoicing

III.2.1. If the invoice about the Service is issued for a legal entity then the Service Provider process the personal data found below.

Scope of processed data

Purpose of processing

Ground for processing

Naming of Legitimate interest

Duration of processing

E-mail address of the contact person designated by the User

Keeping contact with the User in connection with invoicing

Legitimate Interest of the Service Provider (Article 6 Section (1) Point f) of the GDPR)

Sending the invoice to the User to be issued mandatorily by the Service Provider in accordance with the law

Until the last day of the 5th year following the year in which the contract was terminated or until the deletion of the User

First and last name of the contact person designated by the User

Keeping contact with the User in connection with invoicing

Legitimate Interest of the Service Provider (Article 6 Section (1) Point f) of the GDPR)

Identifying the User in connection with the invoice to be issued mandatorily by the Service Provider in accordance with the law

Until the last day of the 5th year following the year in which the contract was terminated or until the deletion of the User

Phone number of the contact person designated by the User

Keeping contact with the User in connection with invoicing

Legitimate Interest of the Service Provider (Article 6 Section (1) Point f) of the GDPR)

Keeping contact the User in connection with the invoice to be issued mandatorily by the Service Provider in accordance with the law

Until the last day of the 5th year following the year in which the contract was terminated or until the deletion of the User

The Service Provider processes the above personal data only if the contact person’s e-mail address contains the name of a natural person. If the contact e-mail address is general (e.g. info@example.com or finance@example.com) then the Service Provider process the data but it shall not be considered as personal data. The Service Provider draws the User attention that if the e-mail address contains the name of a natural person the consent of the contact person to provide such data shall be obtained by the User.

III.2.2. If the invoice about the counter value of using the Service shall be issued for a natural person the Service Provider process the following data.

Scope of processed data

Purpose of processing

Ground for processing

Duration of processing

First and last name of the User

Data mandatorily to be recorded in the issued invoice

Compliance (Article 6 Section (1) Point c) of the GDPR)

8 years from issuing the invoice in accordance with Section 169 Subsection (2) of Act C of 2000 on Accounting

Address of the User

Data mandatorily to be recorded in the issued invoice

Compliance (Article 6 Section (1) Point c) of the GDPR)

8 years from issuing the invoice in accordance with Section 169 Subsection (2) of Act C of 2000 on Accounting

Tax number of the User

Data mandatorily to be recorded in the issued invoice

Compliance (Article 6 Section (1) Point c) of the GDPR)

8 years from issuing the invoice in accordance with Section 169 Subsection (2) of Act C of 2000 on Accounting

E-mail address of the User

Keeping contact with the User in connection with invoicing

Compliance (Article 6 Section (1) Point c) of the GDPR)

8 years from issuing the invoice in accordance with Section 169 Subsection (2) of Act C of 2000 on Accounting

The mandatory content of the invoice and the duration of storing is prescribed by law therefore the Service Provider process these in order to comply with its legal obligation.

III.3. Customer service

In order to provide technical support for the Users we maintain a customer service.

In case of requests sent by e-mail:

If the User contacts our Customer Service by e-mail at the address info@meta-inf.hu then by sending the e-mail the User acknowledges the processing of his/her personal data. In order to be able to fulfill Your customer service requests, certain personal data must be processed. Without these, we will not be able to complete Your customer service request as we would not be able to contact You.

Scope of processed data

Purpose of processing

Ground for processing

Duration of processing

E-mail address of the User

Identifying the User, fulfillment of customer service requests

Fulfillment of contractual obligation (Article 6 Section (1) Point b) of the GDPR)

Until 31st December of the second year following the year in which the customer support request was resolved.

First and last name of the User (only if it is provided in the User’s Atlassian account)

Identifying the User, fulfillment of customer service requests

Fulfillment of contractual obligation (Article 6 Section (1) Point b) of the GDPR)

Until 31st December of the second year following the year in which the customer support request was resolved.

The social media contact of the User possibly shared by the User in his/her e-mail „signature”

-

Fulfillment of contractual obligation (Article 6 Section (1) Point b) of the GDPR)

Until 31st December of the second year following the year in which the customer support request was resolved.

IV. Where and how my personal data is stored?

All personal data is stored electronically on trusted secure servers. The data we store is either on a server located within the European Union or on a server of a processor who is properly certified in relation to the processing of personal data.

The Service Provider ensures the protection of data on several levels (physically, technically and organizationally), which in each case comply with industry standards.

Notwithstanding the above, the Service Provider shall not be liable for any damage, destruction or unauthorized access to the data in the event of technical error, natural disaster, terrorist or criminal act.

VI. What rights do You have in connection with processing Your personal data?

Request for information (right to access): You may request information about the processing of Your personal data at any time, either in person, at our registered seat address, in writing by sending a registered letter or by email to privacy@meta-inf.hu.

Pursuant to Article 15 Section (1) of the GDPR, a request may include information on the data processed, their source, purpose, legal ground, duration, name and address of any processor, processing activities and Your rights in relation to processing. In the case of data transfer, to whom and for what purpose Your data have been or will be transferred.

A request for information is considered authentic by us if You are clearly identified by it. If the request is sent by e-mail or post, only the e-mail sent from Your registered e-mail address will be considered as authentic, and we will only be able to send information to the postal address registered by us. Unless You voluntarily verify Your identity otherwise, we will not be able to send information to an e-mail address or postal address that is not registered in our records in order to protect Your privacy.

Rectification: You may at any time request the rectification, modification or amendment of Your data in the same manner described above. We can also do this only on the basis of a request from a credible source presented when submitting the request.

Restriction: You may request that we restrict the processing of our personal information in particular if:

a) You argue the accuracy of the personal data we process. In this case, the limitation refers to the period during which the accuracy of the data is checked.

b) Although the legal ground for processing dos not stand for us, but You are requesting us in writing to keep them for the purpose of filing, asserting or defending any legal claim You may have

Objection: If we process Your personal data on the ground of legitimate interest, You may at any time object to the processing of Your personal data. In such cases, we will review the legality of the objection and, if it is well established, we terminate the processing of data and notify anyone to whom the personal data subject to the objection may have been previously transmitted.

Deletion (“Right to be forgotten”): You may request the deletion of Your personal data at any time for any of the reasons set out in Article 17 Section (1) of the GDPR.

We may refuse deletion if the processing of Your personal data is required by law or if it is necessary to enforce our legal claims. We will always inform You about the refusal of the request for deletion. Once it is deleted, the data cannot be recovered.

Transfer of Personal Data (Portability): You may at any time request us to transfer the data processed in connection with You in a structured, widely used, machine-readable format to You or to another controller.

We kindly ask You to not exercise the above rights improperly, but only if it has a real ground or if any of the conditions set out in the GDPR actually exist.

VI. Joint data processing

The Service Provider informs the User that for the purpose of promoting, sales and organizing trainings provided within the framework of the Service it cooperates with the following entities:

Name: Training 360 Kft.

Registered seat: 1117 Budapest, Budafoki út 56. A. ép. III. em., Hungary

Company registration number: 01-09-970992

E-mail: info@training360.hu

Represented by: József Nyisztor as managing director

(hereinafter as: “Training 360”)

Name: Trinspire Kft.

Registered seat: 1138 Budapest, Madarász Viktor utca 47-49., Hungary

Company registration number: 01-09-723584

E-mail: info@trinspire.hu

Represented by: Attila Gyúri as managing director

(hereinafter as: “Masterfield Training Center”)

With regard to the trainings organized by Training 360 and the Masterfield Training Center, the Service Provider qualifies as a joint data controller with the latter in accordance with Article 26 Section (1) of the GDPR in relation of personal data detailed in Section III.1. of this Policy. The Service Provider has entered into a joint data controller agreement with Training 360 and the Masterfield Training Center in accordance with the provisions of Article 26 Section (1) of the GDPR, which regulates the manner of exercising rights and obligations under the GDPR and the division of responsibilities between the parties.

Pursuant to Article 26 Section (2) of the GDPR, the Service Provider informs the User about the essential content of the joint data controller agreement in its informative available at https://www.meta-inf.hu/en/atlassian-training/information-on-joint-data-controllers/.

The Service Provider informs the User that pursuant to Article 26 Section (3) of the GDPR, regardless of the content of the above agreement, the User may choose to exercise his / her rights under GDPR that is detailed in Section V of present Policy against the Service Provider or Training 360 or Masterfield Training Center.

VII. To whom we transfer personal data and who has right to access them?

Your personal data is kept confidential and will not be disclosed to any third party except as provided below.

VII.1. Rackforest

The Service Provider use the server providing services of Rackforest which servers are located in Budapest, Hungary, i.e. within the European Union. Rackforest may be reached at:

Name: Rackforest Informatikai Kereskedelmi Szolgáltató és Tanácsadó Kft.

Registered seat: 1132 Budapest, Victor Hugo utca 18-22. 3. em. 3008., Hungary

Company registration number: 01-09-914549

E-mail: info@rackforest.com

Phone number +36-70-362-4785

Represented by: Atiyeh Nabil managing director

(hereinafter as: “Rackforest”)

Rackforest’s privacy policy shall be reached through this link: https://rackforest.com/wp-content/uploads/2019/07/adatkezelesi-szabalyzat.pdf

VII.2. Correspondence (e-mail)

The Service Provider use Gmail a product of Google Inc. to manage correspondence by e-mail.

Name: Google Ireland Ltd

Registered seat: Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Location of Servers: Dublin, Ireland

(hereinafter as: “Google”)

Google processes EU related data within the territory of the European Union through its servers located in Dublin, Ireland.

Google may not access, modify, delete, use or otherwise manipulate the User related data stored on the server provided by Google.

Google provides the protection of data on multiple levels, such as physically protecting data storage servers, which are secured and supervised by security guards and technicians, it restricts access to server rooms by its employees and by providing uninterruptible power supply and other state-of-the-art infrastructure, restricting access to data, continuously monitoring its system, encryption and firewall protection. The Google Privacy Policy is available at https://policies.google.com/privacy/frameworks.

VII.3. Office365

In connection with its „Solution Partner” related activities the Service Provider also use Office 365 by Microsoft Corportion to share documents and educational materials etc. with the User. In connection with Office 365 the processor is:

Name: Microsoft Ireland Operations Limited

Registered seat: One Microsoft Place, South County Business Park, Leopardstown, Dublin 18., Ireland

Online contacting form: https://privacy.microsoft.com/en-us/privacy-questions

Phone number: +353-1-706-3117

Represented by: Satya Nadella director

(hereinafter as: “Microsoft”)

Microsoft process the data of people living within the territory of the European Union within the EU in Ireland. It may occur that Microsoft transmits data to its parent company Microsoft Corporation however Microsoft Corporation is a Privacy Shield certified company (https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active)

Privacy related materials of Microsoft may be reached at:

https://privacy.microsoft.com/hu-hu

https://privacy.microsoft.com/en-us/privacystatement

https://support.office.com/hu-hu/article/az-adatvédelmi-beáll%C3%ADtások-megtekintése-a-microsoft-office-adatvédelmi-központjában-d672876e-20d3-4ad3-a178-343d044e05c8?omkt=hu-HU&ui=hu-HU&rs=hu-HU&ad=HU

VII.4. In connection with trainings:

VII.4.1. To organize trainings the Service Provider use the services of the following as processors:

Related to trainings regarding Atlassian products, our partner is:

Name: Oregional Szolgáltató és Kereskedelmi Kft.

Registered seat: 1158 Budapest, József Attila utca 49. A. ép., Hungary

Company registration number: 01-09-737092

E-mail address: info@oregional.hu

Represented by: Géza Nagy managing director

(hereinafter as: “Oregional”)

VII.4.2. In order to fulfill its obligation under Article 15 Section (1) Point b) the Service Provider forwards the User’s personal data to the state administration body for adult education operating the adult education reporting system (hereinafter as: “AERS”), which may be contacted at:

Name: Pest Megyei Kormányhivatal (Government Office of Pest County)

Registered seat: 1052 Budapest, Városház utca 7.

Identification number: 789356

Represented by: dr. Richárd Tarnai government commissioner

E-mail: pest@pest.gov.hu

DPO: dr. Éva Pércsi (address: 1052 Budapest, Városház utca 7., phone: +36 22 379493, e-mail: adatvedelem@pest.gov.hu)

(hereinafter as: „GOPC”)

The privacy policy of GOPC is available at: https://tudasbazis.ekreta.hu/pages/viewpage.action?pageId=46760379

VII.4.3. Data forwarding related to acquiring or issuing Education ID number

Name: Oktatási Hivatal (Education Authority)

Registered seat: 1055 Budapest, Szalay utca 10-14.

ID of the founding document: 48049-4/2019/PKF

Represented by: Sándor Brassói chairman

E-mail: info@oh.gov.hu

The Service Provider informs the User that in accordance with Article 25/A Section (1) of the AE Implementation the Service Provider as institution for adult education shall keep records of the User as participant in adult education based on his / her education ID number. If the User does not have and education ID number or it is not known to him / her and therefore the Service Provider could not provide it for the state administration body for adult education in the AERS, then AERS takes care of retrieving or obtaining the User's educational ID in a way that the Service Provider provides the personal identification data for the state administration body for adult education in AERS and then which forwards it to the Education Authority in order to obtain the education ID number.

VII.5. In connection with invoicing

The Service Provider issues its invoices with one of Hungary's largest online billing system, szamlazz.hu. If the User provides his/her own data as billing data, then as described above, since it is considered as personal data it is subject to processing by the Service Provider. Operator of szamlazz.hu website as our processing partner is:

Name: KBOSS.hu Kereskedelmi és Szolgáltató Kft.

Registered seat: 1031 Budapest, Záhony utca 7., Hungary

Company registration number: 01-09-303201

E-mail address: info@szamlazz.hu

Represented by: Balázs Ángyán managing director

(hereinafter as: „KBOSS”)

KBOSS has a privacy policy complying with the GDPR which is available at: https://www.szamlazz.hu/adatvedelem/

VIII. To whom and in what cases are we required to disclose personal data?

We may be requested to disclose personal data we process to authorities upon request. Our company cannot be held liable for any such transfer or any resulting consequences. We will always inform You about the transfer.

IX. What are the responsibilities with regard to the personal data You provide?

When You provide us Your personal data, You are responsible for ensuring that the information and contributions You make are true and correct.

We ask You to provide us third-party data only if specifically authorized to do so by the third party. Our company assumes no liability for any resulting claims.

If a third-party objects the processing of personal data by credibly verifying its identity, we will immediately delete third-party data without notifying You. Please only provide third-party personal data only if you have informed the third party of the availability of this Policy.

X. Management of Personal data breach

Any personal data breach that may occur will be reported to the supervisory authority within 72 hours from becoming known to us in accordance with the law, and we will also maintain records of any breach that may occur. In the cases specified by law, we also inform the Users concerned.

XI. Data Protection Officer (DPO)

Pursuant to Article 37 of the GDPR appointment of a DPO is mandatory if:

a) the processing is carried out by a public authority or body, except for courts acting in their judicial capacity;

b) the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or

c) the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 and personal data relating to criminal convictions and offences referred to in Article 10.

With respect to that the Service Provider is not subject to any of the clauses above and because there is no other compelling reason to appoint a DPO we are not appointing anyone for this position.

XII. Amendment of the Privacy Policy

If the scope of the processed data, the legal ground of the processing or other circumstances change, this Policy will be amended and published in accordance with the provisions of the GDPR and the User will be notified of such change given that the changes will become effective from the 5th business day following the date of publication. Please be sure to read the Policy changes carefully as they contain important information about the processing of Your personal data.

XIII. To whom You can turn to for information regarding Your personal data or to exercise Your rights?

If You have any questions, please contact us by email privacy@meta-inf.hu, phone +36 30 515 4464 or at 1192 Budapest Taksony utca 6. fszt 1., Hungary

The User is entitled to exercise his / her rights related to the processing of personal data against the Service Provider as controller. If You wish to exercise Your rights, You must first notify the Service Provider

If You feel that Your rights have been violated, You can complain to the National Authority for Privacy and Freedom of Information:

Name: National Authority for Privacy and Freedom of Information

Address: 1055 Budapest, Falk Miksa utca 9-11., Hungary

Mailing address: 1363 Budapest, PO box: 9., Hungary

Phone: 0613911400

E-mail: ugyfelszolgalat@naih.hu

Website: http://www.naih.hu