Page tree

Last modified: 23 December 2019


In order to make the changes of present Privacy Policy more transparent we summarize each modification in the chart below with indicating the most important changes and the date from which the changes are effective:


Version

Changes

Download

v2

23.12.2019 -

Updates according to the latest Privacy Policy requirements by Atlassian


v1

25.05.2018 - 22.12.2019

Initial version

Privacy Policy v1


Thank you for choosing the services provided by or the software developed META-INF Kft. We would like to kindly inform you that it is our first priority to properly protect your personal data and to respect your rights related thereto.


To achieve the above goals present privacy policy (hereinafter as: “Policy”) in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter as: “GDPR”) contains all information regarding the processing of personal data provided to us by our users (hereinafter as: “User”) related to the services provided and the software distributed by


Company name: META-INF Szolgáltató Korlátolt Felelősségű Társaság

Registered seat: 1192 Budapest, Taksony utca 6. fszt. 1., Hungary

Company registration number: 01-09-170431

Tax number: 13024583-2-43

Registered by: Company Registry Court of the Metropolitan Court of Budapest

Represented by: Attila Gáspár, Tibor Hegyi and Dániel Marczisovszky managing directors individually

E-mail: info@meta-inf.hu

Telefonszám: +36 30 515 4464

 (hereinafter as: “Service Provider”)


The aim of the Policy is to give a clear picture about why, how and how long we process personal data related to our Users who contacted us through our website or via other channels.


I. A few data privacy related definitions to better understand the Policy

 

Personal data

means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

 

Processing

means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;


Controller

means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by EU or Member State law;


The controller of your personal data is the Service Provider



Processor

means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;


Third party

means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;


Data forwarding

Means the disclosure of personal data to specific third parties;


Data subject

Everybody who shares his/her personal data with the Service Provider through the Website or via other channels or whose personal data is processed by the Service Provider otherwise. For example, You who reads this Policy;


Consent of the data subject

means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;


Sensitive data

personal data referring to racial origin, nationality, political opinions or membership in any political party, religious or other beliefs, membership of an advocacy organization, sex life, personal data concerning health, pathological data;


Genetic data

means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question;


Biometric data

means personal data resulting from specific technical processing relating to the physical, physiological or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopy data;


Personal data breach

means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;


Most of the above definitions are used by the GDPR. The full text of the GDPR is available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=HU. The above list is not complete so should you need more information or explanation do not hesitate to contact us.

 

We would like to inform You that during our processing we do not process or request from You any sensitive, genetic or biometric data.

 

II. Other definitions

 

Website

means the websites available at the domain addresses listed in appendix no.1. of present Policy that are operated by the Service Provider and through which the visitors may acquire information on the Service Provider, the Service and may use them


Service

means collectively the software developed by the Service Provider that are listed on and distributed through Atlassian Marketplace (hereinafter as: „Vendor Services”) and the services related to consultancy, support, training, licensing, event organizing activities of the Service Provider (hereinafter as: „Solution Partner Services”


User

means collectively during the interpretation of present Privacy the visitor of the Website, the person requesting offer or consultation, the person subscribing to newsletter and the user of the Service (regardless of the user level) and the person applying for a position


III. In which cases do we process personal data?

 

In accordance with the principles laid down by Article 5 Section (1) of the GDPR the personal data of the User is processed in the following cases:


In connection with the general activity of the Service Provider


  • Browsing the Website
  • Requesting offer by e-mail
  • Newsletter subscription
  • Applying for a position
  • Cookies
  • Invoicing
  • Customer service
  • Using the Service
  • Keeping contact during contractual relationship
  • Requesting consultation


In connection with „Atlassian Vendor” activities

 

In connection with „Atlassian Solution Partner” activities

 

IV. What data, for what purpose and for how long do we process?

 

In the cases detailed above the legal ground for processing shall be the following:


  • In accordance with article 6 Section (1) Point a) of the GDPR the freely given, specific, informed and unambiguous consent of the User (hereinafter as: „Consent”);
  • In accordance with article 6 Section (1) Point b) of the GDPR processing is necessary for the performance of a contract to which the User is party (hereinafter as: „Performance of Contract”);
  • In accordance with article 6 Section (1) Point c) of the GDPR processing is necessary for compliance with a legal obligation to which the controller is subject (hereinafter as: „Compliance”);
  • In accordance with article 6 Section (1) Point f) of the GDPR processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (hereinafter as: „Legitimate Interest”);


With respect to that we are not able to limit the amount of personal data may be sent to us by the User via any communication channel, because we have no influence on the User who voluntarily provide personal data, therefore we kindly request You that please only provide the most necessary information and data that is prescribed by the Service Provider in present Policy when contacting us in any was so do not share any personal data that we do not request or wish to handle under this Policy. If, despite our explicit request under this section, You provide us with information that is not necessary for the purposes of processing personal data and that may subsequently be detrimental to our Company, then by accepting present Policy You undertake to exempt our Company from any harmful consequences, including fines.


IV.1. Data processing in connection with the general activity of the Service Provider

 

IV.1.1. Browsing

The Website may be freely visited and browsed by the User without expressively providing any personal data to the Service Provider. However, when visiting the Website at any time, the User’s computer or mobile device sends a request to the Service Provider. It is like sending a letter to which You wish to get the content of the Website as an answer. The Service Provider can only answer this request if the User provides his/her address. This address is the User’s internet identifier address, IP address for short. The Service Provider sends the requested Website to this IP address. This is an automatic process, by typing the domain of the Website to the web browser or by clicking to a link published anywhere that is directing to the Website the User gives his/her consent to provide the IP address for this purpose and to be processed by the Service Provider. To make this „correspondence” smooth the servers of the Service Provider store the IP address of the User in log files.


The identification and storing of IP addresses is necessary to protect the IT systems of the Service Provider and the Website as well. Protection against possible malicious activities against the Website is partly ensured by that the Service Provider is logging the operation of the Website and in this log it lists he IP addresses from which requests to its servers were made. If the Service Provider detects an activity from an IP address that interferes with the secure operation of the Website, he address will be blacklisted. Any malicious activity is prevented and resolved through legal action. If nothing unordinary occurs, the Service Provider deletes the log files and the IP addresses. IP addresses stored in log files will not be used by the Service Provider for any other purpose and will be automatically deleted within 90 days and we keep it only if the User has performed any prohibited activity from that IP address. These activities are either listed above or other activities that violate local, state, national or international law.


Scope of data processed

Purpose of processing

Ground for processing

Naming of legitimate intrest

Duration of processing

IP address of the User

Protection of the IT systems of the Service Provider and securing the Website

Legitimate Interest of the Service Provider (Article 6 Section (1) Point f) of the GDPR)

Protection of the IT systems of the Service Provider and securing the Website

90 days from visiting the Website as latest


IV.1.2. Requesting offer

 

If You wish to contact us, You may do so by sending a message to the email address indicated on the Website. Given that we have not made a separate form available on the Website to contact us, we cannot limit the personal data that the User may send us. With respect to the latter when contacting us, please only share the most necessary data and information with us, so please do not share any personal data with our company in your email. However, by sending an email, You may inadvertently share Your personal data with us, because the email You send includes Your email address and the name You specify in your email client which You want to appear in Your emails. In addition, if You think it makes contacting easier, Your phone number is welcomed. Furthermore it may occur that You share Your social media contact information with is if Your e-mail „signature” contains such information so if this is the case, we will also process this data. By sending an email with such data, we assume that You voluntarily consent to the processing.


Scope of data processed

Purpose of processing

Ground for processing

Duration of processing

First and last name of the User

Keeping contact with the User regarding request for offer

Performance of Contract (Article 6 Section (1) Point b) of the GDPR)

3 years from the receipt of the e-mail in order to refer to our earlier offer as a reference in a later procedure.

E-mail address of the User

Keeping contact with the User regarding request for offer

Performance of Contract (Article 6 Section (1) Point b) of the GDPR)

3 years from the receipt of the e-mail in order to refer to our earlier offer as a reference in a later procedure.

Phone number of the User

Keeping contact with the User regarding request for offer

Performance of Contract (Article 6 Section (1) Point b) of the GDPR)

3 years from the receipt of the e-mail in order to refer to our earlier offer as a reference in a later procedure.

The social media contact of the User possibly shared by the User in his/her e-mail „signature”

Keeping contact with the User if none of the above methods is successful for contacting the User

Performance of Contract (Article 6 Section (1) Point b) of the GDPR)

3 years from the receipt of the e-mail in order to refer to our earlier offer as a reference in a later procedure.


IV.1.3. Newsletter subscription

 

The User may subscribe to our newsletters. There are several ways to do this. You may sign up for it at one our events by completing the form provided for this purpose or if You use the Service Provider's software in a trial version, at the time of downloading and accepting our privacy policy and general terms and conditions and clicking on the download button You subscribe to our newsletter, which lasts until You unsubscribe but until the end of the trial period as latest, unless You continue to use the product after the trial period expired, because in this case until You unsubscribe. In connection with this, the Service Provider processes the User's e-mail address under the explicit consent of the User until the User withdraws this consent. There are several ways to withdraw Your consent, for more details, see Section VI of present Policy. In addition, it is also possible to unsubscribe directly from the Service Provider's newsletters via the link at the bottom of the newsletter.


IV.1.3.1. If the subscription is made by completing the form at one of our events:

 

Scope of data processed

Purpose of processing

Ground for processing

Duration of processing

E-mail address of the User

Sending informative and educational messages to the User

Consent (Article 6 Section (1) Point a) of the GDPR)

Until the withdrawal of consent i.e. unsubscribing from the newsletter

First and last name of the User

Sending informative and educational messages to the User

Consent (Article 6 Section (1) Point a) of the GDPR)

Until the withdrawal of consent i.e. unsubscribing from the newsletter


IV.1.3.2. If the subscription is made by downloading our products:


Scope of data processed

Purpose of processing

Ground for processing

Naming of legitimate intrest

Duration of processing

E-mail address of the User

Sending informative and educational messages to the User in connection with use of the downloaded software

Legitimate Interest of the Service Provider (Article 6 Section (1) Point f) of the GDPR)

Direct marketing, informative messages

Until objection against processing but until the end of the trial period as latest if the product is used by the User in trial version. If the User continue to us the product after the trial period expired until unsubscribing from the newsletter

First and last name of the User

Sending informative and educational messages to the User in connection with use of the downloaded software

Legitimate Interest of the Service Provider (Article 6 Section (1) Point f) of the GDPR)

Direct marketing, informative messages

Until objection against processing but until the end of the trial period as latest if the product is used by the User in trial version. If the User continue to us the product after the trial period expired until unsubscribing from the newsletter


IV.1.4. Invoicing

 

IV.1.4.1. If the invoice about the Service is issued for a legal entity then the Service Provider process the personal data found below. The Service Provider informs the Users the if the products of the Service Provider is purchased through Atlassian Marketplace then invoicing is managed by Atlassian Pty Ltd. therefore the Service Provider does not process any personal data for this purpose.


Scope of processed data

Purpose of processing

Ground for processing

Naming of Legitimate interest

Duration of processing

E-mail address of the contact person designated by the User

Keeping contact with the User in connection with invoicing

Legitimate Interest of the Service Provider (Article 6 Section (1) Point f) of the GDPR)

Sending the invoice to the User to be issued mandatorily by the Service Provider in accordance with the law

Until the last day of the 5th year following the year in which the contract was terminated or until the deletion of the User

First and last name of the contact person designated by the User

Keeping contact with the User in connection with invoicing

Legitimate Interest of the Service Provider (Article 6 Section (1) Point f) of the GDPR)

Identifying the User in connection with the invoice to be issued mandatorily by the Service Provider in accordance with the law

Until the last day of the 5th year following the year in which the contract was terminated or until the deletion of the User

Phone number of the contact person designated by the User

Keeping contact with the User in connection with invoicing

Legitimate Interest of the Service Provider (Article 6 Section (1) Point f) of the GDPR)

Keeping contact the User in connection with the invoice to be issued mandatorily by the Service Provider in accordance with the law

Until the last day of the 5th year following the year in which the contract was terminated or until the deletion of the User


The Service Provider processes the above personal data only if the contact person’s e-mail address contains the name of a natural person. If the contact e-mail address is general (e.g. info@example.com or finance@example.com) then the Service Provider process the data but it shall not be considered as personal data. The Service Provider draws the User attention that if the e-mail address contains the name of a natural person the consent of the contact person to provide such data shall be obtained by the User.


IV.1.4.2. If the invoice about the counter value of using the Service shall be issued for a natural person the Service Provider process the following data.


Scope of processed data

Purpose of processing

Ground for processing

Duration of processing

First and last name of the User

Data mandatorily to be recorded in the issued invoice

Compliance (Article 6 Section (1) Point c) of the GDPR)

8 years from issuing the invoice in accordance with Section 169 Subsection (2) of Act C of 2000 on Accounting

Address of the User

Data mandatorily to be recorded in the issued invoice

Compliance (Article 6 Section (1) Point c) of the GDPR)

8 years from issuing the invoice in accordance with Section 169 Subsection (2) of Act C of 2000 on Accounting

Tax number of the User

Data mandatorily to be recorded in the issued invoice

Compliance (Article 6 Section (1) Point c) of the GDPR)

8 years from issuing the invoice in accordance with Section 169 Subsection (2) of Act C of 2000 on Accounting

E-mail address of the User

Keeping contact with the User in connection with invoicing

Compliance (Article 6 Section (1) Point c) of the GDPR)

8 years from issuing the invoice in accordance with Section 169 Subsection (2) of Act C of 2000 on Accounting


The mandatory content of the invoice and the duration of storing is prescribed by law therefore the Service Provider process these in order to comply with its legal obligation.


 IV.1.5. Applying for a position

 

From time to time the Service Provider is seeking staff for various positions to which the Users may apply by submitting their professional CV. The Users may send their applications by e-mail to job@meta-inf.hu. By sending the e-mail the Users give their consent for the Service Provider to process their personal data as part of the application process starting from the date the CV is sent to us. The Service Provider expressly draws the Users’ attention to the fact that if the Users provide personal data in addition to the ones indicated in the chart below, the Service Provider shall immediately make it unrecognizable and irrevocably deletes them and the Service Provider disclaims any liability for the personal data voluntarily provided for the Service Provider without any request.


Scope of processed data

Purpose of processing

Ground for processing

Naming of Legitimate interest

Duration of processing

E-mail address of the User

Identifying the User and making it possible to notify the User about the result of application

In connection with the application process the prior and expressed consent of the User (Article 6 Section (1) Point a) of the GDPR) In case of closing a successful application process the Legitimate interest of the Service Provider (Article 6 Section (1) Point f) of the GDPR)

Claims by the applicant or the controller based on provisions of labor law or requirements of equal treatment

3 years from the closing of an application process (Section 286 of Act I of 2012 on the Labor Code and Section 17 of Act CXXV of 2003 on equal treatment and the promotion of equal opportunities)

First and last name of the User

Identifying the User

In connection with the application process the prior and expressed consent of the User (Article 6 Section (1) Point a) of the GDPR) In case of closing a successful application process the Legitimate interest of the Service Provider (Article 6 Section (1) Point f) of the GDPR)

Claims by the applicant or the controller based on provisions of labor law or requirements of equal treatment.

3 years from the closing of an application process (Section 286 of Act I of 2012 on the Labor Code and Section 17 of Act CXXV of 2003 on equal treatment and the promotion of equal opportunities)

Phone number of the User

Identifying the User and making it possible to notify the User about the result of application.

In connection with the application process the prior and expressed consent of the User (Article 6 Section (1) Point a) of the GDPR) In case of closing a successful application process the Legitimate interest of the Service Provider (Article 6 Section (1) Point f) of the GDPR)

Claims by the applicant or the controller based on provisions of labor law or requirements of equal treatment.

3 years from the closing of an application process (Section 286 of Act I of 2012 on the Labor Code and Section 17 of Act CXXV of 2003 on equal treatment and the promotion of equal opportunities)

Data related to the education of the User

Assessing the User's eligibility for the position

In connection with the application process the prior and expressed consent of the User (Article 6 Section (1) Point a) of the GDPR) In case of closing a successful application process the Legitimate interest of the Service Provider (Article 6 Section (1) Point f) of the GDPR)

Claims by the applicant or the controller based on provisions of labor law or requirements of equal treatment.

3 years from the closing of an application process (Section 286 of Act I of 2012 on the Labor Code and Section 17 of Act CXXV of 2003 on equal treatment and the promotion of equal opportunities)

Data related to the professional experience of the User

Assessing the User's eligibility for the position

In connection with the application process the prior and expressed consent of the User (Article 6 Section (1) Point a) of the GDPR) In case of closing a successful application process the Legitimate interest of the Service Provider (Article 6 Section (1) Point f) of the GDPR)

Claims by the applicant or the controller based on provisions of labor law or requirements of equal treatment.

3 years from the closing of an application process (Section 286 of Act I of 2012 on the Labor Code and Section 17 of Act CXXV of 2003 on equal treatment and the promotion of equal opportunities)

Social media contacts of the User

Assessing the User's eligibility for the position

In connection with the application process the prior and expressed consent of the User (Article 6 Section (1) Point a) of the GDPR) In case of closing a successful application process the Legitimate interest of the Service Provider (Article 6 Section (1) Point f) of the GDPR)

Claims by the applicant or the controller based on provisions of labor law or requirements of equal treatment.

3 years from the closing of an application process (Section 286 of Act I of 2012 on the Labor Code and Section 17 of Act CXXV of 2003 on equal treatment and the promotion of equal opportunities)


IV.1.6. Keeping contact during contractual relationship

 

If a contractual relationship is established between the Service Provider and the User, then the personal data – detailed below – of the contact person designated by the User is indicated in the contract. In these cases the legal ground for processing is the legitimate interest of the Service Provider and its purpose is to provide information and other communications to the User regarding any issues arising during the contractual relationship. The User acknowledges that it is the User's responsibility and liability to obtain consent from the designated contact person to provide his/her data to the Service Provider.


Scope of processed data

Purpose of processing

Ground for processing

Naming of Legitimate interest

Duration of processing

E-mail address of the contact person designated by the User

Keeping contact in order to perform contractual obligations

Legitimate interest of the Service Provider (Article 6 Section (1) Point f) of the GDPR)

Informing the User in order to perform contractual obligations

Until objection against processing or until designating a new contact person but until 31st December of the third year following the year of termination of the contract as latest in order to use it as a reference proving former business relationship during a later process

First and last name of the contact person designated by the User

Keeping contact in order to perform contractual obligations

Legitimate interest of the Service Provider (Article 6 Section (1) Point f) of the GDPR)

Informing the User in order to perform contractual obligations

Until objection against processing or until designating a new contact person but until 31st December of the third year following the year of termination of the contract as latest in order to use it as a reference proving former business relationship during a later process

Phone number of the contact person designated by the User

Keeping contact in order to perform contractual obligations

Legitimate interest of the Service Provider (Article 6 Section (1) Point f) of the GDPR)

Informing the User in order to perform contractual obligations

Until objection against processing or until designating a new contact person but until 31st December of the third year following the year of termination of the contract as latest in order to use it as a reference proving former business relationship during a later process


IV.2. Customer service

 

In order to provide technical support for the Users we maintain customer service which may be reached by the Client in two ways. Either through a JIRA based system developed by Atlassian Pty Ltd. or by e-mail.


In case the request is sent through JIRA based system

 

To manage customer service inquires we use the system of a third party, an application named JIRA Service Desk (hereinafter as: “JIRA”). For consultation, license sales and training related requests, we use the on-premise version of the JIRA application, which means that the application operates only on servers that are operated by us with respect to which customer service information is not forwarded to third parties.


If the request is about the software developed by us we use the cloud version of the JIRA application. In case of using cloud-based JIRA application for further information on processing and possible data transfer see Section IX.2. of present Policy.


If the User accesses customer service through the JIRA system (on-premise, cloud), in order to fulfill the customer service request, the following data must be processed, which in any case is accessible by us from the JIRA System Central Database:



Scope of processed data

Purpose of processing

Ground for processing

Duration of processing

Username of the User

Identifying the User, fulfillment of customer service requests

Fulfillment of contractual obligation (Article 6 Section (1) Point b) of the GDPR)

In the event the User had a valid license for any Atlassian Product until 31st December, of the second year following the year of expiry of the license, if the User did not have a valid license, then by 31st December of the year following the year in which the customer support request was resolved.

E-mail address of the User

Identifying the User, fulfillment of customer service requests

Fulfillment of contractual obligation (Article 6 Section (1) Point b) of the GDPR)

In the event the User had a valid license for any Atlassian Product until 31st December, of the second year following the year of expiry of the license, if the User did not have a valid license, then by 31st December of the year following the year in which the customer support request was resolved.

First and last name of the User (only if it is provided in the User’s Atlassian account)

Identifying the User, fulfillment of customer service requests

Fulfillment of contractual obligation (Article 6 Section (1) Point b) of the GDPR)

In the event the User had a valid license for any Atlassian Product until 31st December, of the second year following the year of expiry of the license, if the User did not have a valid license, then by 31st December of the year following the year in which the customer support request was resolved.


In case of requests sent by e-mail:

 

If the User contacts our Customer Service by e-mail at the address support@meta-inf.hu then by sending the e-mail the User acknowledges the processing of his/her personal data. In order to be able to fulfill Your customer service requests, certain personal data must be processed. Without these, we will not be able to complete Your customer service request as we would not be able to contact You.


Scope of processed data

Purpose of processing

Ground for processing

Duration of processing

Username of the User

Identifying the User, fulfillment of customer service requests

Fulfillment of contractual obligation (Article 6 Section (1) Point b) of the GDPR)

In the event the User had a valid license for any Atlassian Product until 31st December, of the second year following the year of expiry of the license, if the User did not have a valid license, then by 31st December of the year following the year in which the customer support request was resolved.

E-mail address of the User

Identifying the User, fulfillment of customer service requests

Fulfillment of contractual obligation (Article 6 Section (1) Point b) of the GDPR)

In the event the User had a valid license for any Atlassian Product until 31st December, of the second year following the year of expiry of the license, if the User did not have a valid license, then by 31st December of the year following the year in which the customer support request was resolved.

First and last name of the User (only if it is provided in the User’s Atlassian account)

Identifying the User, fulfillment of customer service requests

Fulfillment of contractual obligation (Article 6 Section (1) Point b) of the GDPR)

In the event the User had a valid license for any Atlassian Product until 31st December, of the second year following the year of expiry of the license, if the User did not have a valid license, then by 31st December of the year following the year in which the customer support request was resolved.

The social media contact of the User possibly shared by the User in his/her e-mail „signature”

-

Fulfillment of contractual obligation (Article 6 Section (1) Point b) of the GDPR)

In the event the User had a valid license for any Atlassian Product until 31st December, of the second year following the year of expiry of the license, if the User did not have a valid license, then by 31st December of the year following the year in which the customer support request was resolved.


IV.3. Data processing related to the Service Provider’s “Vendor” activities

 

IV.3.1. Using the software developed by the Service Provider

 

The Service Provider sells its software listed on the Atlassian Marketplace. Within this scope, the Service Provider will not process any personal data in connection with any software that runs in the hardware environment provided by the User because it does not have access to these software. In case of software that are only available in a cloud based version the Service Provider shall be considered partly as controller and partly as processor with respect to the fact that it has no control over the data uploaded into the applications, however, the cloud-based software operates in a computing environment provided by the Service Provider, so that personal data contained therein is stored on the infrastructure provided by the Service Provider without any processing made by us. However, in addition, in some cases, the Service Provider performs processing in connection with the software, especially when the User logs in to his/her account through the domain provided for this purpose by the Service Provider. Within this scope, the Service Provider processes the following data:


Scope of processed data

Purpose of processing

Ground for processing

Naming of Legitimate interest

Duration of processing

IP address of the User

Protection of the Service Provider’s IT system and securing the Website

Legitimate interest of the Service Provider (Article 6 Section (1) Point f) of the GDPR)

Protection of the Service Provider’s IT system and securing the Website

for 90 days from the last use as latest

Atlassian account ID of the User

Protection of the Service Provider’s IT system and securing the Website

Legitimate interest of the Service Provider (Article 6 Section (1) Point f) of the GDPR)

Protection of the Service Provider’s IT system and securing the Website

for 90 days from the last use as latest


IV.3.2 License sales


The Service Provider sells product keys related to different software pursuant to the provisions of the individual contract with the User, during which processing is performed only in respect of the personal data specified in the individual contract. In addition, if the User purchases the software developed by the Service Provider through Atlassian Marketplace, Atlassian will disclose certain personal data to us. In this regard, the Service Provider notes that this information is not provided to the Service Provider directly by the User, but transmitted by Atlassian Pty Ltd., which operates the Atlassian Marketplace, as follows:


Scope of processed dataPurpose of processingGround for processingDuration of processing

E-mail address of the User

Identifying the User, contacting in connection with fulfillment of contractual obligation

Fulfillment of contractual obligation (Article 6 Section (1) Point b) of the GDPR)

In case of concluding the contract directly until the fifth year following the last day of the year during which the contract was terminated, if the source of the data is Atlassian then until 31st December of the year following the year when Atlassian makes it unavailable

First and last name of the User

Identifying the User, contacting in connection with fulfillment of contractual obligation

Fulfillment of contractual obligation (Article 6 Section (1) Point b) of the GDPR)

In case of concluding the contract directly until the fifth year following the last day of the year during which the contract was terminated, if the source of the data is Atlassian then until 31st December of the year following the year when Atlassian makes it unavailable

Phone number of the User

Identifying the User, contacting in connection with fulfillment of contractual obligation

Fulfillment of contractual obligation (Article 6 Section (1) Point b) of the GDPR)

In case of concluding the contract directly until the fifth year following the last day of the year during which the contract was terminated, if the source of the data is Atlassian then until 31st December of the year following the year when Atlassian makes it unavailable


IV.4.1. Processing related to the Service Provider’s „Atlassian Solution Partner” activities

 

IV.4.1.1 Consulting and Support


The Service Provider performs consulting and follow-up system monitoring activities for customers of various products sold by Atlassian Pty Ltd. under an individual order which aims to integrate Atlassian Pty Ltd's or third parties’ solutions into the User's IT system and that helps to find the appropriate software and includes their implementation and calibration. The Service Provider is able to perform this activity only if the User makes certain personal data available, as without this the Service Provider will not be able to carry out this activity undertaken in a separate agreement. The scope of data processed by the Service Provider in this regard are the following:



Scope of processed dataPurpose of processingGround for processingDuration of processing

E-mail address of the User

Identifying the User, contacting in connection with fulfillment of contractual obligation

Fulfillment of contractual obligation (Article 6 Section (1) Point b) of the GDPR)

5 years from the termination of the contract

First and last name of the User

Identifying the User, contacting in connection with fulfillment of contractual obligation

Fulfillment of contractual obligation (Article 6 Section (1) Point b) of the GDPR)

5 years from the termination of the contract

Phone number of the User

Identifying the User, contacting in connection with fulfillment of contractual obligation

Fulfillment of contractual obligation (Article 6 Section (1) Point b) of the GDPR)

5 years from the termination of the contract


IV.4.1.2 Training


Under the individual order of the User the Service Provider provides training in connection with Atlassian products, related to which the processing of the participants’ personal data is necessary in order to certify their attendance to the training and in order to provide the educational material to them.


Scope of processed dataPurpose of processingGround for processingDuration of processing

E-mail address of the User

Identifying the User, contacting in connection with fulfillment of contractual obligation

Fulfillment of contractual obligation (Article 6 Section (1) Point b) of the GDPR)

until 31st May of the year following the year of the training

First and last name of the User

Identifying the User, contacting in connection with fulfillment of contractual obligation

Fulfillment of contractual obligation (Article 6 Section (1) Point b) of the GDPR)

until 31st May of the year following the year of the training

Phone number of the User

Identifying the User, contacting in connection with fulfillment of contractual obligation

Fulfillment of contractual obligation (Article 6 Section (1) Point b) of the GDPR)

until 31st May of the year following the year of the training


IV.4.1.3 Event organizing


The Service Provider organizes events related to the promotion of Atlassian products at various times, during which it is necessary to process the personal data of the people applying for the event in order to verify the legitimacy of their application and participation at the event and to send them information about the event. In addition, each event may be photographed or recorded on video, which may include the portrait of the participants. In all cases, these recordings are made for the purpose of promoting the Service Provider by making a presentation of the event. It is important to note that by participating in our events, You expressly and voluntarily consent to the recording of the images or videos and the subsequent use of it for promotional purposes on our Website, any publications, YouTube and other social media channels. Within this scope, the Service Provider processes the following data related to events:


Scope of processed dataPurpose of processingGround for processingDuration of processing

E-mail address of the User

Identifying the User, contacting in connection with fulfillment of contractual obligation

Fulfillment of contractual obligation (Article 6 Section (1) Point b) of the GDPR)

until 31st May of the year following the year of the event

First and last name of the User

Identifying the User, contacting in connection with fulfillment of contractual obligation

Fulfillment of contractual obligation (Article 6 Section (1) Point b) of the GDPR)

until 31st May of the year following the year of the event

Portrait of the User

Promoting the event

Prior and expressed consent of the User (Article 6 Section (1) Point a) of the GDPR)

until 31st May of the year following the year of the event


V. What are cookies and why we use them?

 

Cookies are data packages that are sent by our webservers to Your computer automatically, where they are stored – depending on the type of the cookie – for a definite period of time.


Cookies do not hold any security risk to Your computer or not cause any malfunction.


In order to ensure the smooth operation of the Website, certain cookies (known as session cookies) are automatically installed on Your computer when You visit the Website. The purpose of such cookies is to ensure the security of the Website, to preserve the data recorded on our online forms, to display multimedia content and to balance the traffic on the Website. Personal data collected through the use of these cookies (in particular the IP address of Your computer) will be processed for our legitimate interest in the safe and smooth operation of the Website for the duration of Your stay on our Website. Closing Your browser will automatically delete them from Your computer.


With Your consent given on the Website, the following types of cookies may be installed on Your computer for the following purposes:


• Cookies for web analytical measurements and for statistical purposes (e.g. Google Analytics). These are important to us because we are provided with information about the specific characteristics of our visitors (IP address, city, type of device, browser, operating system You are using, and what sub-pages You have visited on our site). We use these data anonymized for statistics and reports to improve the Website our marketing strategy.


• Remarketing cookies (such as Google AdWords) allow us to analyze how You use our site and, consequently, to display personalized content to You, including advertising on online platforms outside our site (e.g. other websites or social media).


In addition, we distinguish between session-specific cookies and persistent cookies. A cookie valid for a single session only survives until the User closes the browser. Permanent cookies continue to live and are not automatically deleted when You close Your browser. Why do they stay there and what's good about it? Well, such persistent cookies, for example, help to make the site run faster and remembering things that the User has set for himself/herself on the Website.


You can manage cookies in Your browser’s settings. How these settings are set depends on the type of Your browser.


You may find information on cookie settings for the most popular browsers on the following link:


Google: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=hu

Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Internet Explorer: https://support.microsoft.com/hu-hu/help/17442/windows-internet-explorer-delete-manage-cookies

Safari: https://support.apple.com/en-euro/guide/safari/sfri11471/mac


If You feel that You did not find the right answer on the websites above that how You can delete, modify etc. specific cookies please contact us at privacy@meta-inf.hu where our colleagues are more than happy to help You.


If You are curious that what exact type of cookies the Service Provider actually use click on the following link: Cookie Policy


VI. How can You withdraw Your consent if the ground for processing is based on consent?

 

If under present Policy the legal ground of processing is the data subject's i.e. the User's consent, then the User has the right to withdraw this consent. Depending on the purpose of processing there are many ways to do it. You may withdraw Your consent given at browsing at any time, free of charge and without limitation by revisiting the Website and clicking on the pop-up window. In addition, if You do not have the possibility to withdraw Your consent this way, you may withdraw it by sending a message to privacy@meta-inf.hu or in case of newsletter subscription by clicking on the "Unsubscribe" button at the bottom of the email or by sending a letter to the Service Provider's headquarters address.


Please note that the withdrawal of consent does not affect the legality of the processing prior to the withdrawal.


VII. Where and how my personal data is stored?

 

All personal data is stored electronically on trusted secure servers. The data we store is either on a server located within the European Union or on a server of a processor who is properly certified in relation to the processing of personal data.


The Service Provider ensures the protection of data on several levels (physically, technically and organizationally), which in each case comply with industry standards.


Notwithstanding the above, the Service Provider shall not be liable for any damage, destruction or unauthorized access to the data in the event of technical error, natural disaster, terrorist or criminal act.


VIII. What rights do You have in connection with processing Your personal data?

 

Request for information (right to access): You may request information about the processing of Your personal data at any time, either in person, at our registered seat address, in writing by sending a registered letter or by email to privacy@meta-inf.hu.


Pursuant to Article 15 Section (1) of the GDPR, a request may include information on the data processed, their source, purpose, legal ground, duration, name and address of any processor, processing activities and Your rights in relation to processing. In the case of data transfer, to whom and for what purpose Your data have been or will be transferred.


A request for information is considered authentic by us if You are clearly identified by it. If the request is sent by e-mail or post, only the e-mail sent from Your registered e-mail address will be considered as authentic, and we will only be able to send information to the postal address registered by us. Unless You voluntarily verify Your identity otherwise, we will not be able to send information to an e-mail address or postal address that is not registered in our records in order to protect Your privacy.


Rectification: You may at any time request the rectification, modification or amendment of Your data in the same manner described above. We can also do this only on the basis of a request from a credible source presented when submitting the request.


Restriction: You may request that we restrict the processing of our personal information in particular if:


a) You argue the accuracy of the personal data we process. In this case, the limitation refers to the period during which the accuracy of the data is checked.

b) Although the legal ground for processing dos not stand for us, but You are requesting us in writing to keep them for the purpose of filing, asserting or defending any legal claim You may have

Objection: If we process Your personal data on the ground of legitimate interest, You may at any time object to the processing of Your personal data. In such cases, we will review the legality of the objection and, if it is well established, we terminate the processing of data and notify anyone to whom the personal data subject to the objection may have been previously transmitted.


Deletion (“Right to be forgotten”): You may request the deletion of Your personal data at any time for any of the reasons set out in Article 17 Section (1) of the GDPR.


We may refuse deletion if the processing of Your personal data is required by law or if it is necessary to enforce our legal claims. We will always inform You about the refusal of the request for deletion. Once it is deleted, the data cannot be recovered.


Transfer of Personal Data (Portability): You may at any time request us to transfer the data processed in connection with You in a structured, widely used, machine-readable format to You or to another controller.


We kindly ask You to not exercise the above rights improperly, but only if it has a real ground or if any of the conditions set out in the GDPR actually exist.


IX. To whom we transfer personal data and who has right to access them?

 

Your personal data is kept confidential and will not be disclosed to any third party except as provided below.

 

IX.1. Transmission of data related to the sending of newsletters and system messages


If You subscribed to our newsletter, either voluntarily or by using one of our paid or free apps, we will forward Your email address to our processing partner. This processor is the MailChimp e-mail service provider through which we send system messages, eDMs and newsletters related to the operation of the Service.


MailChimp may not use the e-mail address for any purpose other than the performance of its task or make any personal decision about it.


Contact details of the processor:


Name: MailChimp c / o The Rocket Science Group, LLC

Address: 675 Ponce De Leon Ave NE Suite 5000 Atlanta, GA 30308 USA

Email: privacy@mailchimp.com

Phone: +1 678 999 0141

Represented by: Director Ben Chestnut director

(hereinafter referred to as “Mailchimp”)


Mailchimp's privacy policy is available at: https://mailchimp.com/legal/privacy/


Although some of MailChimp's servers are located outside the territory of the European Union, the protection of Your e-mail address is the same as within the EU, since MailChimp which is residing in the United States has joined the so-called Privacy Shield agreement concluded between the European Union and the government of the United States. The Privacy Shield certifies that Mailchimp's processing is in compliance the GDPR (https://mailchimp.com/help/about-mailchimp-the-eu-swiss-privacy-shield-and-the-gdpr/).


IX.2. Fulfilling customer service requests through the JIRA cloud application or within the scope our “Vendor” activities in case of consulting


If the User is using the cloud-based version of the JIRA Service Desk application (in connection with customer support) in connection with the software developed by META-INF, then in the case of customer service requests or in case of providing consultancy services, our data processing partner is:


Name: Atlassian B.V. c / o Atlassian, Inc.

Address: 350 Bush Street San Francisco, CA 94104 USA

Email: eudatarep@atlassian.com

(hereinafter referred to as “Atlassian”)


Atlassian may not use the data detailed above for any purpose other than the performance of its task or make any personal decision regarding the personal data.


The Atlassian’s privacy policy is available at: https://www.atlassian.com/legal/privacy-policy


Atlassian is also a member of the Privacy Shield agreement (https://www.privacyshield.gov/participant?id=a2zt00000008RdQAAU&status=Active)


IX.3. In connection with software developed by the Service Provider:


The software developed by the Service Provider are stored at and operated from external servers, therefore if the User use them – depending of the used software – we use the services of the following server providers as processors:


IX.3.1. Amazon Web Services


The Service Provider stores and operates particular software through Amazon Web Services a cloud based webserver which may be reached at:


Name: Amazon Web Services, Inc.

Registered seat: 410 Terry Avenue North, Seattle, WA 98109-5210, USA

E-mail: EU-privacy-DSR@amazon.com

Phone number: +1-206-266-1000

Represented by: Eva Gehlin and Barbara Scarafia directors

European server locations: London, Frankfurt, Stockholm, Paris, Dublin

(hereinafter as: “Amazon”)


Although the Service Provider use the servers of Amazon located outside the territory of the European Union, namely in the United States Your data is safe because Amazon is a Privacy Shield certified organization (https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4&status=Active) and gained ISO 27018 certification, which certifies the eligibility of its data processing.


Amazon ensures the protection of data on multiple levels, physically protecting data storage servers, its infrastructure through uninterruptible power supplies and other advanced tools, limiting access to data, continuous monitoring of its system, encryption, and finally, environmentally selecting data center locations, because Amazon set up its data centers in places where it is not exposed to nature, such as seismic activity. More information about Amazon's security solutions is available at https://aws.amazon.com/compliance/data-center/data-centers/


Amazon’s privacy policy can be reached at: https://aws.amazon.com/privacy/


 IX.3.2. Datadog


The Service Provider monitors the software and data stored at and maintained from external servers by using a third-party service named Datadog, which may be contacted at:


Name: Datadog, Inc.

Registered seat: 620 8th Avenue 45th Floor New York, NY, USA

E-mail: gdpr@datadoghq.com

Phone number +1-866-329-4466

Represented by: Olivier Pomel director

(hereinafter as: “Datadog”)


The data protection measures of Datadog as a provider outside of the territory of the European Union complies with the provisions of the GDPR because it is also a Privacy Shield certified entity (https://www.privacyshield.gov/participant?id=a2zt0000000GnxPAAS&status=Active).


You can reach Datadog’s privacy policy at: https://www.datadoghq.com/legal/privacy/


IX.3.3. Rackforest


Furthermore the Service Provider use the server providing services of Rackforest which servers are located in Budapest, Hungary, i.e. within the European Union. Rackforest may be reached at:


Name: Rackforest Informatikai Kereskedelmi Szolgáltató és Tanácsadó Kft.

Registered seat: 1132 Budapest, Victor Hugo utca 18-22. 3. em. 3008., Hungary

Company registration number: 01-09-914549

E-mail: info@rackforest.com

Phone number +36-70-362-4785

Represented by: Atiyeh Nabil managing director

(hereinafter as: “Rackforest”)


Rackforest’s privacy policy shall be reached through this link: https://rackforest.com/wp-content/uploads/2019/07/adatkezelesi-szabalyzat.pdf


IX.4. Correspondence (e-mail)


The Service Provider use Gmail a product of Google Inc. to manage correspondence by e-mail.


Name: Google Ireland Ltd

Registered seat: Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Location of Servers: Dublin, Ireland

(hereinafter as: “Google”)


Google processes EU related data within the territory of the European Union through its servers located in Dublin, Ireland. 


Google may not access, modify, delete, use or otherwise manipulate the User related data stored on the server provided by Google.


Google provides the protection of data on multiple levels, such as physically protecting data storage servers, which are secured and supervised by security guards and technicians, it restricts access to server rooms by its employees and by providing uninterruptible power supply and other state-of-the-art infrastructure, restricting access to data, continuously monitoring its system, encryption and firewall protection. The Google Privacy Policy is available at https://policies.google.com/privacy/frameworks.


IX.5. In connection with „Solution Partner” related activities:


IX.5.1. Rackforest


In connection with its „Solution Partner” related activities the Service Provider use the services of Rackforest introduced in Section IX.3.3.


IX.5.2. Office365


In connection with its „Solution Partner” related activities the Service Provider also use Office 365 by Microsoft Corportion to share documents and educational materials etc. with the User. In connection with Office 365 the processor is:


Name: Microsoft Ireland Operations Limited

Registered seat: One Microsoft Place, South County Business Park, Leopardstown, Dublin 18., Ireland

Online contacting form: https://privacy.microsoft.com/en-us/privacy-questions

Phone number: +353-1-706-3117

Represented by: Satya Nadella director

(hereinafter as: “Microsoft”)


Microsoft process the data of people living within the territory of the European Union within the EU in Ireland. It may occur that Microsoft transmits data to its parent company Microsoft Corporation however Microsoft Corporation is a Privacy Shield certified company (https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active)


Privacy related materials of Microsoft may be reached at:


https://privacy.microsoft.com/hu-hu


https://privacy.microsoft.com/en-us/privacystatement


https://support.office.com/hu-hu/article/az-adatvédelmi-beáll%C3%ADtások-megtekintése-a-microsoft-office-adatvédelmi-központjában-d672876e-20d3-4ad3-a178-343d044e05c8?omkt=hu-HU&ui=hu-HU&rs=hu-HU&ad=HU


IX.6. In connection with trainings:


To organize trainings the Service Provider use the services of the following as processors:


IX.6.1. Oregional


Related to trainings regarding Atlassian products, our partner is:


Name: Oregional Szolgáltató és Kereskedelmi Kft.

Registered seat: 1158 Budapest, József Attila utca 49. A. ép., Hungary

Company registration number: 01-09-737092

E-mail address: info@oregional.hu

Represented by: Géza Nagy managing director

(hereinafter as: “Oregional”)


IX.6.2. CodeCanvas


The Service Provider uses the following subcontractor to trainings:


Name: CodeCanvas Kft.

Registered seat: 6300 Kalocsa, Ibolya utca 6., Hungary 

Company registration number: 03-09-129676

E-mail address contact@codecanvas.hu 

Phone number: +36-30-554-8758

Represented by: Balázs Szakál managing director

(hereinafter as: “Codecanvas”)


IX.7. In connection with the Website:


The Service Provider operates the Website through the servers of an external service provider related to which the processor is:


Name: Linode LLC 

Registered seat: 329 E. Jimmie Leeds Road, Suite A08205 Galloway. New Jersey, USA 

E-mail: support@linode.com

Phone number: +1-609-380-7100

Represented by: Christopher Aker director

Main server location: Linode Frankfurt DataCenter

(hereinafter as: “Linode”


Linode is a US limited liability company. Linode stores data on its servers located in Frankfurt within the European Union. The data is backed up daily by Linode, also on servers in Frankfurt.


Linode protects your data on multiple levels, including maintaining servers in a secluded location that is monitored 24 hours a day, 365 days a year by security guards and technicians, restricting access to server rooms by its employees, protecting servers against power outages with uninterruptible power supplies, servers are also protected by firewalls, and encryption is used in the event of data transfer from servers. Linode also has several international certificates of compliance. More information about Linode's security mechanisms is available at https://www.linode.com/security.


Linode is also certified by the Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000TRDiAAO&status=Active).


Linode's Privacy Policy is available at https://www.linode.com/privacy.


IX.8. In connection with organizing events:


The Service Provider uses the services of the following partners as processors in connection with the organization of events:


IX.8.1. TicketNinja


The Service Provider uses TicketNinja, a service available at www.ticketninja.io, for the sale of tickets in connection with its events that is subject to purchasing tickets. Data of TicketNinja is found below:


Name: SZINTÉZIS-NET Szoftverfejlesztő és Szolgáltató Kft.

Registered seat: 9024 Győr, Vasvári Pál út 1/C., Hungary

Company registration number: 08-09-011535

E-mail address: privacy@szintezis-net.hu

Telephone number: +36-96-550-521

Represented by: Paul Andor Farkas managing director

(hereinafter as: „Ticketninja”)


The privacy policy of Ticketninja is accessible at: https://ticketninja.io/privacy-policy/


IX.8.2. Meetup.com


The Service Provider uses the service celled Meetup available through the website of meetup.com to register the application and the intention of participation and to keep records thereof for the events which not requests ticket purchase but requests registration.


Name: Meetup Inc. (member of the WeWork company group)

Registered seat: 632 Broadway 10th Floor Conference Room New York, NY 10012, USA

E-mail address: privacy@meetup.com

Represented by: Scott Heiferman director

(hereinafter as: “Meetup”


Meetup processes the data within the US, but its processing complies with the provisions of the GDPR because it is based on them.


Meetup’s privacy policy is available at: https://www.meetup.com/privacy/


IX.9. In connection with invoicing


The Service Provider issues its invoices with one of Hungary's largest online billing system, szamlazz.hu. If the User provides his/her own data as billing data, then as described above, since it is considered as personal data it is subject to processing by the Service Provider. Operator of szamlazz.hu website as our processing partner is:


Name: KBOSS.hu Kereskedelmi és Szolgáltató Kft.

Registered seat: 1031 Budapest, Záhony utca 7., Hungary

Company registration number: 01-09-303201

E-mail address: info@szamlazz.hu

Represented by: János Stygár-Joó managing director

(hereinafter as: „KBOSS”)


KBOSS has a privacy policy complying with the GDPR which is available at: https://www.szamlazz.hu/adatvedelem/


X. To whom and in what cases are we required to disclose personal data?


We may be requested to disclose personal data we process to authorities upon request. Our company cannot be held liable for any such transfer or any resulting consequences. We will always inform You about the transfer.


XI. What are the responsibilities with regard to the personal data You provide?


When You provide us Your personal data, You are responsible for ensuring that the information and contributions You make are true and correct.


We ask You to provide us third-party data only if specifically authorized to do so by the third party. Our company assumes no liability for any resulting claims.


If a third-party objects the processing of personal data by credibly verifying its identity, we will immediately delete third-party data without notifying You. Please only provide third-party personal data only if you have informed the third party of the availability of this Policy.


XII. Management of Personal data breach


Any personal data breach that may occur will be reported to the supervisory authority within 72 hours from becoming known to us in accordance with the law, and we will also maintain records of any breach that may occur. In the cases specified by law, we also inform the Users concerned.


XIII. Data Protection Officer (DPO)

 

Pursuant to Article 37 of the GDPR appointment of a DPO is mandatory if:

a) the processing is carried out by a public authority or body, except for courts acting in their judicial capacity;

b) the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or

c) the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 and personal data relating to criminal convictions and offences referred to in Article 10.


With respect to that the Service Provider is not subject to any of the clauses above and because there is no other compelling reason to appoint a DPO we are not appointing anyone for this position.


XIV. Amendment of the Privacy Policy


If the scope of the processed data, the legal ground of the processing or other circumstances change, this Policy will be amended and published in accordance with the provisions of the GDPR and the User will be notified of such change given that the changes will become effective from the 5th business day following the date of publication. Please be sure to read the Policy changes carefully as they contain important information about the processing of Your personal data.


XV. To whom You can turn to for information regarding Your personal data or to exercise Your rights?


If You have any questions, please contact us by email privacy@meta-inf.hu, phone +36 30 515 4464 or at HUNGARY, 1061 Budapest, Kiraly utca 14


The User is entitled to exercise his / her rights related to the processing of personal data against the Service Provider as controller. If You wish to exercise Your rights, You must first notify the Service Provider


If You feel that Your rights have been violated, You can complain to the National Authority for Privacy and Freedom of Information:


Name: National Authority for Privacy and Freedom of Information

Address: 1125 Budapest, Szilágyi Erzsébet fasor 22 / C., Hungary

Mailing address: 1530 Budapest, PO box: 5., Hungary

Phone: 0613911400

E-mail: ugyfelszolgalat@naih.hu

Website: http://www.naih.hu