Privacy Policy

Last modified: 18^th October, 2022

In order to make the changes of present Privacy Policy more transparent we summarize each modification in the chart below with indicating the most important changes and the date from which the changes are effective:

Thank you for choosing the services provided by or the software developed META-INF Kft. We would like to kindly inform you that it is our first priority to properly protect your personal data and to respect your rights related thereto.

To achieve the above goals present privacy policy (hereinafter as: “Policy”) in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter as: “GDPR”) contains all information regarding the processing of personal data provided to us by our users (hereinafter as: “User”) related to the services provided and the software distributed by

Company name: META-INF Szolgáltató Korlátolt Felelősségű Társaság
Registered seat: 1192 Budapest, Taksony utca 6. fszt. 1., Hungary
Company registration number: 01-09-170431
Tax number: 13024583-2-43
Registered by: Company Registry Court of the Metropolitan Court of Budapest
Represented by: Attila Gáspár, Tibor Hegyi managing directors individually
E-mail: info@meta-inf.hu
Telephone: +36 30 515 4464
(hereinafter as: “Service Provider”)

The aim of the Policy is to give a clear picture about why, how and how long we process personal data related to our Users who contacted us through our website or via other channels.

I. A few data privacy related definitions to better understand the Policy

Personal data

means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing

means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Controller

means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by EU or Member State law.

The controller of your personal data is the Service Provider

Processor

means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Third party

means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Data forwarding

Means the disclosure of personal data to specific third parties.

Data subject

Everybody who shares his/her personal data with the Service Provider through the Website or via other channels or whose personal data is processed by the Service Provider otherwise. For example, you who reads this Policy.

Consent of the data subject

means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Sensitive data

personal data referring to racial origin, nationality, political opinions or membership in any political party, religious or other beliefs, membership of an advocacy organization, sex life, personal data concerning health, pathological data.

Genetic data

means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question.

Biometric data

means personal data resulting from specific technical processing relating to the physical, physiological or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopy data.

Personal data breach

means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Most of the above definitions are used by the GDPR. The full text of the GDPR is available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=HU. The above list is not complete so should you need more information or explanation do not hesitate to contact us.

We would like to inform You that during our processing we do not process or request from You any sensitive, genetic or biometric data.

II. Other definitions

Website

means the websites available at the domain addresses listed in appendix no.1. of present Policy that are operated by the Service Provider and through which the visitors may acquire information on the Service Provider, the Service and may use them

Service

means collectively the software developed by the Service Provider that are listed on and distributed through Atlassian Marketplace (hereinafter as: „Vendor Services”) and the services related to consultancy, support, training, licensing, event organizing activities of the Service Provider (hereinafter as: „Solution Partner Services”)

User

means collectively during the interpretation of present Privacy the visitor of the Website, the person requesting offer or consultation, the person subscribing to newsletter and the user of the Service (regardless of the user level), the person applying for support on behalf of a nonprofit organization, the person applying for a position, furthermore person who attend to an event either as visitor or as speaker or expert

III. In which cases do we process personal data?

In accordance with the principles laid down by Article 5 Section (1) of the GDPR the personal data of the User is processed in the following cases:

In connection with the general activity of the Service Provider

• Browsing the Website
• Requesting offer by e-mail
• Newsletter subscription
• Invoicing
• Applying for a position
• Keeping contact during contractual relationship
• Providing support for nonprofit organizations
• Customer service
• Sending educational and marketing materials
• Cookies
• Invoicing
• Customer service
• Using the Service
• Keeping contact during contractual relationship
• Requesting consultation

In connection with „Atlassian Vendor” activities

• Using the software developed by the Service Provider
• License sales
• Data migration

In connection with „Atlassian Solution Partner” activities

• Consulting and support
• Training
• Event orgainizing

IV. What data, for what purpose and for how long do we process?

In the cases detailed above the legal ground for processing shall be the following:

• In accordance with article 6 Section (1) Point a) of the GDPR the freely given, specific, informed and unambiguous consent of the User (hereinafter as: „Consent”).
• In accordance with article 6 Section (1) Point b) of the GDPR processing is necessary for the performance of a contract to which the User is party (hereinafter as: „Performance of Contract”).
• In accordance with article 6 Section (1) Point c) of the GDPR processing is necessary for compliance with a legal obligation to which the controller is subject (hereinafter as: „Compliance”).
• In accordance with article 6 Section (1) Point f) of the GDPR processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (hereinafter as: „Legitimate Interest”).

With respect to that we are not able to limit the amount of personal data may be sent to us by the User via any communication channel, because we have no influence on the User who voluntarily provide personal data, therefore we kindly request You that please only provide the most necessary information and data that is prescribed by the Service Provider in present Policy when contacting us in any was so do not share any personal data that we do not request or wish to handle under this Policy. If, despite our explicit request under this section, you provide us with information that is not necessary for the purposes of processing personal data and that may subsequently be detrimental to our Company, then by accepting present Policy You undertake to exempt our Company from any harmful consequences, including fines.

IV.1. Data processing in connection with the general activity of the Service Provider

IV.1.1. Browsing

The Website may be freely visited and browsed by the User without expressively providing any personal data to the Service Provider. However, when visiting the Website at any time, the User’s computer or mobile device sends a request to the Service Provider. It is like sending a letter to which You wish to get the content of the Website as an answer. The Service Provider can only answer this request if the User provides his/her address. This address is the User’s internet identifier address, IP address for short. The Service Provider sends the requested Website to this IP address. This is an automatic process, by typing the domain of the Website to the web browser or by clicking to a link published anywhere that is directing to the Website the User gives his/her consent to provide the IP address for this purpose and to be processed by the Service Provider. To make this „correspondence” smooth the servers of the Service Provider store the IP address of the User in log files.

The identification and storing of IP addresses is necessary to protect the IT systems of the Service Provider and the Website as well. Protection against possible malicious activities against the Website is partly ensured by that the Service Provider is logging the operation of the Website and in this log, it lists the IP addresses from which requests to its servers were made. If the Service Provider detects an activity from an IP address that interferes with the secure operation of the Website, he addresses will be blacklisted. Any malicious activity is prevented and resolved through legal action. If nothing unordinary occurs, the Service Provider deletes the log files and the IP addresses. IP addresses stored in log files will not be used by the Service Provider for any other purpose and will be automatically deleted within 90 days and we keep it only if the User has performed any prohibited activity from that IP address. These activities are either listed above or other activities that violate local, state, national or international law.

IV.1.2. Requesting offer

If You wish to contact us, you may do so by sending a message to the email address indicated on the Website. Given that we have not made a separate form available on the Website to contact us, we cannot limit the personal data that the User may send us. With respect to the latter when contacting us, please only share the most necessary data and information with us, so please do not share any personal data with our company in your email. However, by sending an email, you may inadvertently share Your personal data with us, because the email You send includes Your email address and the name You specify in your email client which You want to appear in Your emails. In addition, if You think it makes contacting easier, your phone number is welcomed. Furthermore, it may occur that You share Your social media contact information with is if Your e-mail „signature” contains such information so if this is the case, we will also process this data. By sending an email with such data, we assume that You voluntarily consent to the processing.

IV.1.3. Newsletter subscription

The User may subscribe to our newsletters. There are several ways to do this. You may sign up for it at one our events by completing the form provided for this purpose or if You use the Service Provider's software in a trial version, at the time of downloading and accepting our privacy policy and general terms and conditions and clicking on the download button You subscribe to our newsletter, which lasts until You unsubscribe but until the end of the trial period as latest, unless You continue to use the product after the trial period expired, because in this case until You unsubscribe. In connection with this, the Service Provider processes the User's e-mail address under the explicit consent of the User until the User withdraws this consent. There are several ways to withdraw Your consent, for more details, see Section VI of present Policy. In addition, it is also possible to unsubscribe directly from the Service Provider's newsletters via the link at the bottom of the newsletter.

IV.1.3.1. If the subscription is made by completing the form at one of our events:

IV.1.3.2. If the subscription is made by downloading our products:

IV.1.4. Invoicing

IV.1.4.1. If the invoice about the Service is issued for a legal entity, then the Service Provider process the personal data found below. The Service Provider informs the Users the if the products of the Service Provider are purchased through Atlassian Marketplace then invoicing is managed by Atlassian Pty Ltd. therefore the Service Provider does not process any personal data for this purpose.

The Service Provider processes the above personal data only if the contact person’s e-mail address contains the name of a natural person. If the contact e-mail address is general (e.g., info@example.com or finance@example.com) then the Service Provider process the data, but it shall not be considered as personal data. The Service Provider draws the User attention that if the e-mail address contains the name of a natural person the consent of the contact person to provide such data shall be obtained by the User.

IV.1.4.2. If the invoice about the counter value of using the Service shall be issued for a natural person, the Service Provider process the following data.

The mandatory content of the invoice and the duration of storing is prescribed by law therefore the Service Provider process these in order to comply with its legal obligation.

IV.1.5. Applying for a position

From time to time the Service Provider is seeking staff for various positions to which the Users may apply by submitting their professional CV. The Users may send their applications by e-mail to job@meta-inf.hu. By sending the e-mail the Users give their consent for the Service Provider to process their personal data as part of the application process starting from the date the CV is sent to us. The Service Provider expressly draws the Users’ attention to the fact that if the Users provide personal data in addition to the ones indicated in the chart below, the Service Provider shall immediately make it unrecognizable and irrevocably deletes them and the Service Provider disclaims any liability for the personal data voluntarily provided for the Service Provider without any request.

IV.1.6. Keeping contact during contractual relationship

If a contractual relationship is established between the Service Provider and the User, then the personal data – detailed below – of the contact person designated by the User is indicated in the contract. In these cases, the legal ground for processing is the legitimate interest of the Service Provider and its purpose is to provide information and other communications to the User regarding any issues arising during the contractual relationship. The User acknowledges that it is the User's responsibility and liability to obtain consent from the designated contact person to provide his/her data to the Service Provider.

IV.1.7. Providing support for nonprofit organizations

Once a year the Service Provider provides support for a chosen nonprofit organization for whom it provides help and introduces Atlassian’s efficiency boosting solutions completely free of charge. The User may apply for support through a tender. Further information on the support and the application is available on the Service Provider's Website, at the link https://www.meta-inf.hu/en/pledge-1-percent/. To apply for the support, the following personal data must be provided:

Application shall be made through the Service Provider’s Website by filling and submitting a form. In addition to the above the User shall provide the name of the organization on behalf of which the User submits the application and the year of founding the organization, however these are not considered to be personal data. The User shall furthermore upload a detailed application and may write a short message to accompany the application. We request the User to not provide any additional personal data other than the ones specified above. Shall the User provide any additional personal data the Service Provider will irreparably and permanently delete these data and the Service Provider shall have no liability for such personal data.

By submitting an application, the User acknowledges that in case of gaining support from the Service Provider the Service Provider is entitled to make video recording in connection with the application about receiving support and introducing of the Atlassian system.

IV.1.8. Customer service

In order to provide technical support for the Users we maintain customer service which may be reached by the Client in two ways. Either through a JIRA based system developed by Atlassian Pty Ltd. or by e-mail.

In case the request is sent through JIRA based system

To manage customer service inquires we use the system of a third party, an application named JIRA Service Management (hereinafter as: “JIRA”). For consultation, license sales and training related requests, we use the on-premise version of the JIRA application, which means that the application operates only on servers that are operated by us with respect to which customer service information is not forwarded to third parties.

If the request is about the software developed by us, we use the cloud version of the JIRA application. In case of using cloud-based JIRA application for further information on processing and possible data transfer see Section IX.2. of present Policy.

If the User accesses customer service through the JIRA system (on-premise, cloud), in order to fulfill the customer service request, the following data must be processed, which in any case is accessible by us from the JIRA System Central Database:

In case of requests sent by e-mail:

If the User contacts our Customer Service by e-mail at the address support@meta-inf.hu then by sending the e-mail the User acknowledges the processing of his/her personal data. In order to be able to fulfill Your customer service requests, certain personal data must be processed. Without these, we will not be able to complete Your customer service request as we would not be able to contact You.

IV,1.9. Sending educational and marketing materials

If required, the User may request educational materials from the Service Provider related to the Service by providing the above data to the Service Provider through the Website. If the User chose this, the educational materials will be sent by e-mail to the e-mail address provided by the User not more than a few times a month. If the User does not wish to receive educational materials anymore later, he / she may request the Service Provider in e-mail to delete his / her data, in which case the Service Provider will no longer send such messages to the User.

If the User when requesting the educational materials expressly consents to it by ticking a separate checkbox, the Service Provider will send the User marketing materials related to the Service and its self-developed products, as well as the products and services of its partners, in addition to the educational materials. If the User no longer wishes to receive marketing content, his / her consent may be withdrawn in one of the ways indicated in Section VI. below.

IV.2. Data processing related to the Service Provider’s “Vendor” activities

IV.2.1. Using the software developed by the Service Provider

The Service Provider sells its software listed on the Atlassian Marketplace. Within this scope, the Service Provider will not process any personal data in connection with any software that runs in the hardware environment provided by the User because it does not have access to this software. In case of software that are only available in a cloud based version, the Service Provider shall be considered partly as controller and partly as processor with respect to the fact that it has no control over the data uploaded into the applications, however, the cloud-based software operates in a computing environment provided by the Service Provider, so that personal data contained therein is stored on the infrastructure provided by the Service Provider without any processing made by us. However, in addition, in some cases, the Service Provider performs processing in connection with the software, especially when the User logs in to his/her account through the domain provided for this purpose by the Service Provider. Within this scope, the Service Provider processes the following data:

IV.2.2 License sales

The Service Provider sells product keys related to different software pursuant to the provisions of the individual contract with the User, during which processing is performed only in respect of the personal data specified in the individual contract. In addition, if the User purchases the software developed by the Service Provider through Atlassian Marketplace, Atlassian will disclose certain personal data to us. In this regard, the Service Provider notes that this information is not provided to the Service Provider directly by the User, but transmitted by Atlassian Pty Ltd., which operates the Atlassian Marketplace, as follows:

IV.2.3. Data migration

For Users who use a version of the software sold by the Service Provider that are running on the User's own servers (server / data center deployment), the Service Provider allows them to switch to the cloud deployment version of the software through a tool built in to the software (Email This Issue Cloud Migration Assistant, a.k.a Migration Tool) to perform data migration. In case the User initiates the migration of the data stored in the software running on its own servers to the cloud-based servers, the data affected by the migration is stored on the servers of Atlassian for a duration of 2 weeks to which the Service Provider has reading access rights in order to facilitate the migration and to avoid data duplication, data error, data loss etc. and in order to avoid the need for the User to clean the data after the migration is completed.

During the migration the configuration data and the content of the Email Audit Log of the application named Email this Issue are affected.

The configuration data may contain the following personal data:

• any data that the Migration Tool users with admin authorization may configure in the migration tool, including account connection details (e.g. passwords)

Of the configuration data affected by the migration, passwords and tokens are converted to an encrypted format during the migration, which means that they cannot be interpreted by third parties.

The audit log may contain the following personal data:

• complete e-mail messages that include names, e-mail addresses, and any personal information that may be included in the e-mail message

The legal ground for data processing is the fulfillment of the contract between the User and the Service Provider. After the expiration of the 2 weeks period, Atlassian automatically deletes the stored data permanently and irrevocably, which also means the Service Provider’s rights to access also cease to exist.

IV.3. Processing related to the Service Provider’s „Atlassian Solution Partner” activities

IV.3.1. Consulting and Support

The Service Provider performs consulting and follow-up system monitoring activities for customers of various products sold by Atlassian Pty Ltd. under an individual order which aims to integrate Atlassian Pty Ltd.'s or third parties’ solutions into the User's IT system and that helps to find the appropriate software and includes their implementation and calibration. The Service Provider is able to perform this activity only if the User makes certain personal data available, as without this the Service Provider will not be able to carry out this activity undertaken in a separate agreement. The scope of data processed by the Service Provider in this regard are the following:

IV.3.2 Training

The Service Provider uses a separate privacy policy for processing of data related to trainings which is available at: https://www.meta-inf.hu/hu/atlassian-kepzesek/kepzesek-adatvedelmi-tajekoztato/ Present Policy is only applicable regarding data processing in connection with the training if the privacy policy for training expressly provides so.

IV.3.3 Event organizing

The Service Provider organizes events related to the promotion of Atlassian products at various times, during which it is necessary to process the personal data of the people applying for the event in order to verify the legitimacy of their application and participation at the event and to send them information about the event. In addition, each event may be photographed or recorded on video, which may include the portrait of the participants. In all cases, these recordings are made for the purpose of promoting the Service Provider by making a presentation of the event. It is important to note that by participating in our events, you expressly and voluntarily consent to the recording of the images or videos and the subsequent use of it for promotional purposes on our Website, any publications, YouTube and other social media channels. Within this scope, the Service Provider processes the following data related to events:

IV.3.3.1. Attending an event (as visitor)

The Service Provider informs the User that it uses the services of third parties for the organization of events and the sale of tickets for participation. These third-party providers are the platforms called Ticketninja and Meetup, about which more information is provided in Section IX.8.1. and IX.8.2. of this Policy. Ticketninja and Meetup may request additional information in addition to that provided in this section, so please read their privacy policy carefully.

In the case of events organized through Meetup, with the exception of registration data on the platform, the Service Provider is considered as data controller, and the operator of Meetup is the data processing partner of the Service Provider, through whom the Service Provider obtains the data. The Service Provider can send a message to the e-mail address provided by the User via the Meetup system, and can access the User's name, the user ID of the User in the Meetup system via a database that can be downloaded from the system and also whether the User has responded to the Service Provider's event and if so when and the date when the User has joined the group created by the Service Provider, and the link to the User's Meetup profile, where he can access additional data shared by the User on his / her profile.

The Service Provider sells tickets to its events also through the Ticketninja in this case except for the data necessary for registering to the Ticketninja platform, the Service Provider is a controller of the User’s name, e-mail address, the name of the event to which the User bought tickets for and the number of tickets the User bought, which is obtained by the Service Provider through Ticketninja as processor.

IV.3.3.2. Attending an event (as speaker or expert)

If the User attends the Service Provider's event as a speaker or expert, then prior to the event the Service Provider will request the User's consent to publish the personal data indicated above on the event's website.

The Service Provider publishes the data for the purpose of promoting the event and providing information about the performers to Users who attend the event as visitors.

IV.3.3.3. Data processing related to providing a communication channel in case of a virtual event

The Service Provider provides a separate communication channel for the Users participating as visitors at its virtual events. The communication channel is provided by the Service Provider through an application called Slack. If the User gives his / her consent, after providing the following data, the Service Provider will provide the opportunity to participate in the communication, after a separate registration.

V. What are cookies and why we use them?

Cookies are data packages that are sent by our webservers to Your computer automatically, where they are stored – depending on the type of the cookie – for a definite period of time.

Cookies do not hold any security risk to Your computer or not cause any malfunction.

In order to ensure the smooth operation of the Website, certain cookies (known as session cookies) are automatically installed on Your computer when You visit the Website. The purpose of such cookies is to ensure the security of the Website, to preserve the data recorded on our online forms, to display multimedia content and to balance the traffic on the Website. Personal data collected through the use of these cookies (in particular the IP address of Your computer) will be processed for our legitimate interest in the safe and smooth operation of the Website for the duration of Your stay on our Website. Closing Your browser will automatically delete them from Your computer.

With Your consent given on the Website, the following types of cookies may be installed on Your computer for the following purposes:

• Cookies for web analytical measurements and for statistical purposes (e.g., Google Analytics). These are important to us because we are provided with information about the specific characteristics of our visitors (IP address, city, type of device, browser, operating system You are using, and what sub-pages You have visited on our site). We use these data anonymized for statistics and reports to improve the Website our marketing strategy.

• Remarketing cookies (such as Google AdWords) allow us to analyze how You use our site and, consequently, to display personalized content to You, including advertising on online platforms outside our site (e.g., other websites or social media).

In addition, we distinguish between session-specific cookies and persistent cookies. A cookie valid for a single session only survives until the User closes the browser. Permanent cookies continue to live and are not automatically deleted when You close Your browser. Why do they stay there and what's good about it? Well, such persistent cookies, for example, help to make the site run faster and remembering things that the User has set for himself/herself on the Website.

You can manage cookies in Your browser’s settings. How these settings are set depends on the type of Your browser.

You may find information on cookie settings for the most popular browsers on the following link:

Google: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=hu

Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Internet Explorer: https://support.microsoft.com/hu-hu/help/17442/windows-internet-explorer-delete-manage-cookies

Safari: https://support.apple.com/en-euro/guide/safari/sfri11471/mac

If You feel that You did not find the right answer on the websites above that how You can delete, modify etc. specific cookies please contact us at privacy@meta-inf.hu where our colleagues are more than happy to help You.

If You are curious that what exact type of cookies the Service Provider actually use, click on the following link: Cookie Policy

VI. How can You withdraw Your consent if the ground for processing is based on consent?

If under present Policy the legal ground of processing is the data subject's i.e., the User's consent, then the User has the right to withdraw this consent. Depending on the purpose of processing there are many ways to do it. You may withdraw Your consent given at browsing at any time, free of charge and without limitation by revisiting the Website and clicking on the pop-up window. In addition, if You do not have the possibility to withdraw Your consent this way, you may withdraw it by sending a message to privacy@meta-inf.hu or in case of newsletter subscription by clicking on the "Unsubscribe" button at the bottom of the email or by sending a letter to the Service Provider's headquarters address.

Please note that the withdrawal of consent does not affect the legality of the processing prior to the withdrawal.

VII. Where and how my personal data is stored?

All personal data is stored electronically on trusted secure servers. The data we store is either on a server located within the European Union or on a server of a processor who is properly certified in relation to the processing of personal data.

The Service Provider ensures the protection of data on several levels (physically, technically and organizationally), which in each case comply with industry standards.

Notwithstanding the above, the Service Provider shall not be liable for any damage, destruction or unauthorized access to the data in the event of technical error, natural disaster, terrorist or criminal act.

VIII. What rights do You have in connection with processing Your personal data?

Request for information (right to access): You may request information about the processing of Your personal data at any time, either in person, at our registered seat address, in writing by sending a registered letter or by email to privacy@meta-inf.hu.

Pursuant to Article 15 Section (1) of the GDPR, a request may include information on the data processed, their source, purpose, legal ground, duration, name and address of any processor, processing activities and Your rights in relation to processing. In the case of data transfer, to whom and for what purpose Your data have been or will be transferred.

A request for information is considered authentic by us if You are clearly identified by it. If the request is sent by e-mail or post, only the e-mail sent from Your registered e-mail address will be considered as authentic, and we will only be able to send information to the postal address registered by us. Unless You voluntarily verify Your identity otherwise, we will not be able to send information to an e-mail address or postal address that is not registered in our records in order to protect Your privacy.

Rectification: You may at any time request the rectification, modification or amendment of Your data in the same manner described above. We can also do this only on the basis of a request from a credible source presented when submitting the request.

Restriction: You may request that we restrict the processing of our personal information in particular if:

a) You argue the accuracy of the personal data we process. In this case, the limitation refers to the period during which the accuracy of the data is checked.

b) Although the legal ground for processing does not stand for us, but You are requesting us in writing to keep them for the purpose of filing, asserting or defending any legal claim You may have

Objection: If we process Your personal data on the ground of legitimate interest, You may at any time object to the processing of Your personal data. In such cases, we will review the legality of the objection and, if it is well established, we terminate the processing of data and notify anyone to whom the personal data subject to the objection may have been previously transmitted.

Deletion (“Right to be forgotten”): You may request the deletion of Your personal data at any time for any of the reasons set out in Article 17 Section (1) of the GDPR.

We may refuse deletion if the processing of Your personal data is required by law or if it is necessary to enforce our legal claims. We will always inform You about the refusal of the request for deletion. Once it is deleted, the data cannot be recovered.

Transfer of Personal Data (Portability): You may at any time request us to transfer the data processed in connection with You in a structured, widely used, machine-readable format to You or to another controller.

We kindly ask You to not exercise the above rights improperly, but only if it has a real ground or if any of the conditions set out in the GDPR actually exist.

IX. To whom we transfer personal data and who has right to access them?

Your personal data is kept confidential and will not be disclosed to any third party except as provided below.

IX.1. Transmission of data related to the sending of newsletters, system messages and educational or marketing materials.

If You subscribed to our newsletter, either voluntarily or by using one of our paid or free apps, furthermore if You chose to use the services detailed in Section IV.1.9. above we will forward Your email address to our processing partner. This processor is the MailChimp e-mail service provider through which we send system messages, eDMs and newsletters related to the operation of the Service.

MailChimp may not use the e-mail address for any purpose other than the performance of its task or make any personal decision about it.

Contact details of the processor:

Name: MailChimp c / o The Rocket Science Group, LLC
Address: 675 Ponce De Leon Ave NE Suite 5000 Atlanta, GA 30308 USA
Email: privacy@mailchimp.com
Phone: +1 678 999 0141
Represented by: Director Ben Chestnut director
(hereinafter referred to as “Mailchimp”)

Mailchimp's privacy policy is available at: https://mailchimp.com/legal/privacy/

Although some of MailChimp's servers are located outside the territory of the European Union, the protection of Your e-mail address is the same as within the EU, since MailChimp which is residing in the United States undertaken to comply with the code of conduct called Standard Contractual Clauses (SSC) approved by the Court of Justice of the European Union in accordance with the provisions of Article 40 of the GDPR, which ensures that transfers of data from the EU to third countries outside the European Union to a controller or processor outside the EU, acting in accordance with the provisions of the SSC, ensure the same level of protection of personal data as in Europe, in accordance with the provisions of the GDPR.

More information on SCC is available at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_hu

Information on MailChimp’s processing in compliance with SCC can be found here: https://mailchimp.com/legal/data-processing-addendum/

IX.2. Fulfilling customer service requests through the JIRA cloud application or within the scope our “Vendor” activities in case of consulting

If the User is using the cloud-based version of the JIRA Service Management application (in connection with customer support) in connection with the software developed by META-INF, then in the case of customer service requests or in case of providing consultancy services, our data processing partner is:

Name: Atlassian B.V. c / o Atlassian, Inc.
Address: 350 Bush Street San Francisco, CA 94104 USA
Email: eudatarep@atlassian.com
(hereinafter referred to as “Atlassian”)

Atlassian may not use the data detailed above for any purpose other than the performance of its task or make any personal decision regarding the personal data.

The Atlassian’s privacy policy is available at: https://www.atlassian.com/legal/privacy-policy

Atlassian also takes all reasonable efforts to ensure the protection of personal data as provided by the GDPR, so Atlassian has also complied with the provisions of the SCC. The data processing addendum regarding Atlassian’s compliance with SCC can be downloaded from the following link: https://www.atlassian.com/legal/data-processing-addendum

IX.3. In connection with software developed by the Service Provider:

The software developed by the Service Provider are stored at and operated from external servers, therefore if the User use them – depending on the used software – we use the services of the following server providers as processors:

IX.3.1. Amazon Web Services

The Service Provider stores and operates particular software through Amazon Web Services a cloud-based webserver which may be reached at:

Name: Amazon Web Services, Inc.
Registered seat: 410 Terry Avenue North, Seattle, WA 98109-5210, USA
E-mail: EU-privacy-DSR@amazon.com
Phone number: +1-206-266-1000
Represented by Eva Gehlin and Barbara Scarafia directors
European server locations: London, Frankfurt, Stockholm, Paris, Dublin
(hereinafter as: “Amazon”)

Although the Service Provider use the servers of Amazon located outside the territory of the European Union, namely in the United States Your data is still secure and protected by the provisions of the GDPR, as Amazon's data processing outside the European Union is in line with the rules of the SCC regarding which more information may be found at https://aws.amazon.com/blogs/security/aws-gdpr-data-processing-addendum/

Amazon ensures the protection of data on multiple levels, physically protecting data storage servers, its infrastructure through uninterruptible power supplies and other advanced tools, limiting access to data, continuous monitoring of its system, encryption, and finally, environmentally selecting data center locations, because Amazon set up its data centers in places where it is not exposed to nature, such as seismic activity. More information about Amazon's security solutions is available at https://aws.amazon.com/compliance/data-center/data-centers/

Amazon’s general privacy policy can be reached at: https://aws.amazon.com/privacy/

IX.3.2. Datadog

The Service Provider monitors the software and data stored at and maintained from external servers by using a third-party service named Datadog, which may be contacted at:

Name: Datadog, Inc.
Registered seat: 620 8th Avenue 45th Floor New York, NY, USA
E-mail: gdpr@datadoghq.com
Phone number +1-866-329-4466
Represented by Olivier Pomel director
(hereinafter as: “Datadog”)

You can reach Datadog’s privacy policy at: https://www.datadoghq.com/legal/privacy/

IX.3.3. Hetzner

Furthermore, the Service Provider use the server providing services of Hetzner which servers are located within the European Union. Rackforest may be reached at:

Name: Hetzner Online GmbH
Registered seat: Industriestr. 25, 91710 Gunzenhausen, Germany
Company Ansbach, HRB 6089
E-mail: info@hetzner.com
Phone number +49 9831 505-0
Represented by: Martin Hetzner, managing director

(hereinafter as: “Hetzner”)

Hetzner’s privacy policy shall be reached through this link: https://www.hetzner.com/legal/privacy-policy

IX.4. Correspondence (e-mail)

IX.4.1. Sending and receiving e-mails

The Service Provider use Gmail a product of Google Inc. to manage correspondence by e-mail.

Name: Google Ireland Ltd
Registered seat: Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Location of Servers: Dublin, Ireland
(hereinafter as: “Google”)

Google processes EU related data within the territory of the European Union through its servers located in Dublin, Ireland. Google may not access, modify, delete, use or otherwise manipulate the User related data stored on the server provided by Google. If, for any reason, Google processes personal data outside the European Union, it will provide adequate protection in accordance with the provisions of the GDPR as a result of being subject to the SCC code of conduct. Learn more at https://policies.google.com/privacy/frameworks

Google provides the protection of data on multiple levels, such as physically protecting data storage servers, which are secured and supervised by security guards and technicians, it restricts access to server rooms by its employees and by providing uninterruptible power supply and other state-of-the-art infrastructure, restricting access to data, continuously monitoring its system, encryption and firewall protection. The Google Privacy Policy is available at https://policies.google.com/privacy

IX.4.2. Tracking the receipt of e-mails

If under the provisions of present Policy, the Service Provider tracks the delivery of messages, it uses the services of an external service provider called Mailtrack as a data processor, the contact details of which are as follows:

Name: The Mail Track Company S.L.
Address: Calle Córcega, número 301, ático 2a, 08008 Barcelona, Spain
Registration number: B66095670
E-mail: rivacy@mailtrack.io
Phone number: +1 678 999 0141
Represented by: Eduardo Manchón director
Web: https://mailtrack.io/en/
(hereinafter as: “Mailtrack”)

Mailtrack is a data processor residing within the European Union, in Spain, therefore it shall comply with the provisions of the GDPR.
More information on Mailtrack’s data processing is available at: https://mailtrack.io/en/privacy

IX.5. In connection with „Solution Partner” related activities:

IX.5.1. Hetzner

In connection with its „Solution Partner” related activities the Service Provider use the services of Hetzner introduced in Section IX.3.3.

IX.5.2. Office365

In connection with its „Solution Partner” related activities the Service Provider also use Office 365 by Microsoft Corporation to share documents and educational materials etc. with the User. In connection with Office 365 the processor is:

Name: Microsoft Ireland Operations Limited
Registered seat: One Microsoft Place, South County Business Park, Leopardstown, Dublin 18., Ireland
Online contacting form: https://privacy.microsoft.com/en-us/privacy-questions
Phone number: +353-1-706-3117
Represented by Satya Nadella director
(hereinafter as: “Microsoft”)

Microsoft process the data of people living within the territory of the European Union within the EU in Ireland. It may occur that Microsoft transmits data to its parent company Microsoft Corporation however Microsoft Corporation also has its own code of conduct drawn up in accordance with the provisions of the SCC and approved by the European Union’s data protection board, the so-called Working Party 29 (WP29). You can read more about this here: https://docs.microsoft.com/en-us/microsoft-365/compliance/offering-eu-model-clauses?view=o365-worldwide

Privacy related materials of Microsoft may be reached at:

https://privacy.microsoft.com/hu-hu

https://privacy.microsoft.com/en-us/privacystatement

https://support.office.com/hu-hu/article/az-adatvédelmi-beáll%C3%ADtások-megtekintése-a-microsoft-office-adatvédelmi-központjában-d672876e-20d3-4ad3-a178-343d044e05c8?omkt=hu-HU&ui=hu-HU&rs=hu-HU&ad=HU

IX.6. In connection with trainings:

To organize trainings the Service Provider use the services of the following as processors:

Related to trainings regarding Atlassian products, our partner is:

Name: Oregional Szolgáltató és Kereskedelmi Kft.
Registered seat: 1158 Budapest, József Attila utca 49. A. ép., Hungary
Company registration number: 01-09-737092
E-mail address: info@oregional.hu
Represented by Géza Nagy managing director
(hereinafter as: “Oregional”)

IX.7. In connection with the Website:

The Service Provider operates the Website through the servers of an external service provider related to which the processor is:

Name: Linode LLC
Registered seat: 329 E. Jimmie Leeds Road, Suite A08205 Galloway. New Jersey, USA
E-mail: support@linode.com
Phone number: +1-609-380-7100
Represented by Christopher Aker director
Main server location: Linode Frankfurt DataCenter
(hereinafter as: “Linode”)

Linode is a US limited liability company. Linode stores data on its servers located in Frankfurt within the European Union. The data is backed up daily by Linode, also on servers in Frankfurt.

Linode protects your data on multiple levels, including maintaining servers in a secluded location that is monitored 24 hours a day, 365 days a year by security guards and technicians, restricting access to server rooms by its employees, protecting servers against power outages with uninterruptible power supplies, servers are also protected by firewalls, and encryption is used in the event of data transfer from servers. Linode also has several international certificates of compliance. More information about Linode's security mechanisms is available at https://www.linode.com/security.

For information about Linode’s GDPR compliance visit https://www.linode.com/legal-dpa/

Linode's Privacy Policy is available at https://www.linode.com/privacy.

IX.8. In connection with organizing events:

The Service Provider uses the services of the following partners as processors in connection with the organization of events:

IX.8.1. TicketNinja

The Service Provider uses TicketNinja, a service available at www.ticketninja.io, for the sale of tickets in connection with its events that is subject to purchasing tickets. Data of TicketNinja is found below:

Name: SZINTÉZIS-NET Szoftverfejlesztő és Szolgáltató Kft.
Registered seat: 9024 Győr, Vasvári Pál út 1/C., Hungary
Company registration number: 08-09-011535
E-mail address: privacy@szintezis-net.hu
Telephone number: +36-96-550-521
Represented by Paul Andor Farkas managing director
(hereinafter as: „Ticketninja”)

The privacy policy of Ticketninja is accessible at: https://ticketninja.io/privacy-policy/

IX.8.2. Meetup.com

The Service Provider uses the service celled Meetup available through the website of meetup.com to register the application and the intention of participation and to keep records thereof for the events which do not request ticket purchase but requests registration.

Name: Meetup Inc. (member of the WeWork company group)
Registered seat: 632 Broadway 10th Floor Conference Room New York, NY 10012, USA
E-mail address: privacy@meetup.com
Represented by Scott Heiferman director
(hereinafter as: “Meetup”)

Meetup processes the data within the US, but its processing complies with the provisions of the GDPR because it is based on them.

Meetup’s privacy policy is available at: https://help.meetup.com/hc/en-us/articles/360044422391-Privacy-Policy

IX.8.3. Slack

The Service Provider enables communication related to its virtual events through the application called Slack, the provider of which is:

Name: Slack Technologies Limited
Registered seat: 4th Floor, One Park Place Hatch Street Upper Dublin 2, Ireland
E-mail: privacy@slack.com, dpo@slack.com
Represented by Allan Shim director
(hereinafter as: “Slack”)

By giving his / her consent for the Service Provider to add his / her e-mail address to the Service Provider’s own Slack communication channel related to the event, the User acknowledges that by providing his / her e-mail address, Slack will use the User's other data displayed in his / her user account (such as email address, name, username, etc.) to third parties so that they may become known to these people.

Slack's parent company (name: Slack Technologies, Inc., registered seat: 500 Howard Street San Francisco, CA, 94105, United States of America) is a company registered and operating outside the European Union, but processing of data of Users located within the European Union takes place in in the European Union. in Ireland. If Slack processes data outside the European Union, your personal data enjoys the same protection as data processed within the EU, as Slack has established its data processing procedures in accordance with the provisions of the SCC. You can read about Slack’s GDPR compliance here: https://slack.com/intl/en-hu/trust/compliance/gdpr#preparing

IX.9. In connection with invoicing

The Service Provider issues its invoices with one of Hungary's largest online billing system, szamlazz.hu. If the User provides his/her own data as billing data, then as described above, since it is considered as personal data it is subject to processing by the Service Provider. Operator of szamlazz.hu website as our processing partner is:

Name: KBOSS.hu Kereskedelmi és Szolgáltató Kft.
Registered seat: 1031 Budapest, Záhony utca 7., Hungary
Company registration number: 01-09-303201
E-mail address: info@szamlazz.hu
Represented by: János Stygár-Joó managing director
(hereinafter as: „KBOSS”)

KBOSS has a privacy policy complying with the GDPR which is available at: https://www.szamlazz.hu/adatvedelem/

X. What third-party social media plug-ins may be found on our Website?

To receive feedback on the contents we share on the Website and to share them we use socal media sites meaning we use the services (plugins) of third-party providers. The plugins are only active when You specifically click on the button to allow them to contact social media sites. The plugins of the following two social media sites can be found on our website: Facebook, Twitter, LinkedIn, Meetup, YouTube

If You are logged in to any of these sites it may occur that Your visit on the site will be attached to Your personal profile. If you click on the specific button, your browser will forward the relevant information directly to that social media site and store them there.

Information about the scope and purpose of the data collected, further processing of Your data and use of Your data by the social media provider, and Your rights regarding personal data can be found in privacy statements of the social media providers, which are available at:

Facebook: https://www.facebook.com/policy.php
Twitter: https://twitter.com/en/privacy
LinkedIn: https://www.linkedin.com/legal/privacy-policy
Meetup: https://www.meetup.com/privacy/
YouTube: https://policies.google.com/privacy

XI. To whom and in what cases are we required to disclose personal data?

We may be requested to disclose personal data we process to authorities upon request. Our company cannot be held liable for any such transfer or any resulting consequences. We will always inform You about the transfer.

XII. What are the responsibilities with regard to the personal data You provide?

When You provide us Your personal data, you are responsible for ensuring that the information and contributions You make are true and correct.

We ask You to provide us third-party data only if specifically authorized to do so by the third party. Our company assumes no liability for any resulting claims.

If a third-party object the processing of personal data by credibly verifying its identity, we will immediately delete third-party data without notifying You. Please only provide third-party personal data only if you have informed the third party of the availability of this Policy.

XIII. Management of Personal data breach

Any personal data breach that may occur will be reported to the supervisory authority within 72 hours from becoming known to us in accordance with the law, and we will also maintain records of any breach that may occur. In the cases specified by law, we also inform the Users concerned.

XIV. Data Protection Officer (DPO)

Pursuant to Article 37 of the GDPR appointment of a DPO is mandatory if:

a) the processing is carried out by a public authority or body, except for courts acting in their judicial capacity.
b) the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or
c) the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 and personal data relating to criminal convictions and offences referred to in Article 10.

With respect to that the Service Provider is not subject to any of the clauses above and because there is no other compelling reason to appoint a DPO we are not appointing anyone for this position.

XV. Amendment of the Privacy Policy

If the scope of the processed data, the legal ground of the processing or other circumstances change, this Policy will be amended and published in accordance with the provisions of the GDPR and the User will be notified of such change given that the changes will become effective from the 5^th business day following the date of publication. Please be sure to read the Policy changes carefully as they contain important information about the processing of Your personal data.

XVI. To whom You can turn to for information regarding Your personal data or to exercise Your rights?

If You have any questions, please contact us by email privacy@meta-inf.hu, phone +36 30 515 4464 or at 1117 Budapest, Irinyi József utca 4-20. B. ép. 3. em., Hungary.

The User is entitled to exercise his / her rights related to the processing of personal data against the Service Provider as controller. If You wish to exercise Your rights, you must first notify the Service Provider

If You feel that Your rights have been violated, you can complain to the National Authority for Privacy and Freedom of Information:

Name: National Authority for Privacy and Freedom of Information
Address: 1055 Budapest, Falk Miksa utca 9-11., Hungary
Mailing address: 1363 Budapest, PO box: 9., Hungary
Phone: 0613911400
E-mail: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu

‍