Privacy Policy

Last modified: 18th December 2023

 

In order to make the changes of present Privacy Policy more transparent we summarize each modification in the chart below with indicating the most important changes and the date from which the changes are effective:

Version

Validity period

Changes

Download

v13

18.12.2023.

 

General stylistic and structural changes, clarification of data processing purposes, placement of event, and job application data processing information into separate policies

Privacy Policy v13
v12 27. 11. 2023. - 

17.12.2023.

 
 Expanding the scope of data processing (new purpose), change of data processor (website), deletion of data processor (training) Privacy Policy v12
v11

03.10.2023. - 27. 11. 2023.

Change of data processor, extending the scope of using the data processor Privacy Policy v11
v10 18.10.2022 - 01.10.2023. Change of data processor Privacy Policy v10
v9 19.07.2022. - 17.10.2022. Change of contact address (Section XVI) Privacy Policy v9
v8 12.04.2022. - 18.07.2022. Expanding the scope of data processing (new purpose) Privacy policy v8
v7 23.11.2021. - 11.04.2022. Expanding the scope of data processing (new purpose) Privacy Policy v7
v6 02.09.2021. - 22.11.2021. Expanding the scope of data processors Privacy Policy v6
v5

22.03.2021. - 01.09.2021.

Expanding the persons who shall be considered as User, expanding the range of tools used in connection with the events, supplementing the recipient of data transmission, expanding the scope of data processing,
Modification of information provided on data transfer outside of EU, modification of data processing provisions related to training, modification of the data protection authorities contacts details
Change of the representative of the Company

Privacy Policy v5
v4 10.12.2020. - 21.03.2021. Change of the Jira Service Desk name to Jira Service Management Privacy Policy v4
v3 23.04.2020. - 09.12.2020. Updates in accordance with the changes made ont he website and the changes in the scope of processing Privacy Policy v3

v2

23.12.2019. - 22.04.2020.

Updates according to the latest Privacy Policy requirements by Atlassian

 

v1

25.05.2018. - 22.12.2019.

Initial version

Privacy Policy v1

 

Thank you for choosing the services provided by or the software developed META-INF Kft. We would like to kindly inform you that it is our priority to properly protect your personal data and to respect your rights related thereto.

To achieve the above goals present privacy policy (hereinafter as: “Policy”) in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter as: “GDPR”) contains all information regarding the processing of personal data provided to us by our users (hereinafter as: “User”) related to the services provided and the software distributed by

Company name: META-INF Szolgáltató Korlátolt Felelősségű Társaság

Registered seat: 1192 Budapest, Taksony utca 6. fszt. 1., Hungary

Company registration number: 01-09-170431

Tax number: 13024583-2-43

Registered by: Company Registry Court of the Metropolitan Court of Budapest

Represented by: Attila Gáspár, Tibor Hegyi managing directors individually

E-mail: info@meta-inf.hu

Telephone: +36 30 515 4464

(hereinafter as: “Service Provider”)

The aim of the Policy is to give a clear picture about why, how, and how long we process personal data related to our Users who contacted us through our website or via other channels.

I.            A few data privacy related definitions to better understand the Policy

Personal data

means any information, controlled by the Service Provider, relating to an identified or identifiable natural person (‘data subject’ – User as a user of the services); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing

means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Controller

means the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data;

The controller of the User’s personal data is META-INF, as the Service Provider

Processor

means a natural or legal person which processes personal data on behalf of the controller.

Third party

means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Data forwarding

Means the disclosure of personal data to specific third parties.

Data subject

Everybody who shares personal data with the Service Provider through the Website or via other channels or whose personal data is processed by the Service Provider otherwise. For example, the User who reads this Policy.

Consent of the data subject

means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Personal data breach

means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

Most of the above definitions are used by the GDPR. The full text of the GDPR is available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=HU . The above list is not complete so should the User needs more information or explanation do not hesitate to contact the Service Provider. 

The Service Provider would like to inform the User that during the processing it does not process or request any sensitive, genetic, or biometric data. 

II.          Other definitions

Website

means the websites available at the domain addresses listed in appendix no.1. of present Policy that are operated by the Service Provider and through which the visitors may acquire information on the Service Provider, the Service and may use them  

Service

means collectively the software developed by the Service Provider that are listed on and distributed through Atlassian Marketplace (hereinafter as: „Vendor Services”) and the services related to consultancy, support, training, licensing, event organizing activities of the Service Provider (hereinafter as: „Solution Partner Services”

User

means collectively during the interpretation of present Privacy the visitor of the Website, the person requesting offer or consultation, the person subscribing to newsletter and the user of the Service (regardless of the user level), the person applying for support on behalf of a nonprofit organization.

III.        In which cases do the Service Provider process personal data?

In accordance with the principles laid down by Article 5 Section (1) of the GDPR the personal data of the User is processed regarding Vendor Services and Solution Partner Services in the following cases:

 

In connection with the general activity of the Service Provider:

 

·         Browsing the Website

·         Requesting offer by e-mail

·         Newsletter subscription

·         Invoicing

·         Applying for a position

·         Keeping contact during contractual relationship

·         Providing support for nonprofit organizations

·         Customer service

·         Sending educational and marketing materials

·         Placement of cookies on the Website

 

In connection with „Atlassian Vendor” activities

·         Using the software developed by the Service Provider

·         License sales

·         Data migration

 

In connection with „Atlassian Solution Partner” activities

·         Pre-contract registration

·         Consulting and support and registration

·         Training

·         Event organizing

IV.         What data, for what purpose and for how long do the Service Provider processes?

In the cases detailed above the legal ground for processing shall be the following:

  • In accordance with article 6 Section (1) Point a) of the GDPR the freely given, specific, informed, and unambiguous consent of the User (hereinafter as: „Consent”).
  • In accordance with article 6 Section (1) Point b) of the GDPR processing is necessary for the performance of a contract to which the User is party (hereinafter as: „Performance of Contract”).
  • In accordance with article 6 Section (1) Point c) of the GDPR processing is necessary for compliance with a legal obligation to which the controller is subject (hereinafter as: „Compliance”).
  • In accordance with article 6 Section (1) Point f) of the GDPR processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (hereinafter as: „Legitimate Interest”).

With respect to that the Service Provider is not able to limit the amount of personal data may be sent to the Service Provider by the User via any communication channel,  because the Service Provider has no influence on the User who voluntarily provide personal data, therefore the Service Provider kindly ask the User to provide only the minimum information and data required by the Service Provider in present Policy when contacting the Service Provider in any way, and the Service Provider expressly and emphatically ask the User to do the best to ensure that the Service Provider does not receive any data that it does not want to process.

IV.1. Data processing in connection with the general activity of the Service Provider

IV.1.1. Browsing

The Website may be freely visited and browsed by the User without expressively providing any personal data to the Service Provider. However, when visiting the Website at any time, the User’s computer or mobile device sends a request to the Service Provider. It is like sending a letter to which the User wishes to get the content of the Website as an answer. The Service Provider (and the Website) can only answer this request if the User provides his/her address. This address is the User’s internet identifier address, IP address for short. The Service Provider sends the requested Website to this IP address. This is an automatic process. With respect to the IP address, we would like to inform the Visitor that the Service Provider does not handle the IP address in any way and does not log visits or IP addresses.

IV.1.2.   Requesting offer

The Service Provider provides several channels for Users to request an offer from us for the Service Provider’s Services, including by sending a request for offer by email or by using the contact form at the bottom of the page on the Website, which can be accessed by scrolling down or clicking on the "Contact Us" button.

IV.1.2.1. Requesting offer by e-mail

If the User wishes to be contacted by the Service Provider via e-mail the User may do so by sending a message to the email address indicated on the Website. The Service Provider would like to draw the User’s attention that, by sending an email, the User may unwittingly share personal data with the Service Provider, because the email the User sends includes email address and the name of the User specify in the email client which the User wants to appear in the emails. In addition, if the User thinks it makes contacting easier, the User’s phone number is welcomed. Furthermore, it may occur that the User shares social media contact information with is if the e-mail „signature” contains such information so if this is the case, the Service Provider will also process this data. By sending an email with such data, the Service Provider assumes that the User voluntarily consent to the processing.

Scope of data processed

Purpose of processing

Ground for processing

Naming of legitimate interest

Duration of processing

First and last name

Contact

Performance of Contract (Article 6 Section (1) Point b) of the GDPR)

-

3 years from the receipt of the e-mail in order to refer to our earlier offer as a reference in a later procedure.

E-mail address

Contact

Performance of Contract (Article 6 Section (1) Point b) of the GDPR)

-

3 years from the receipt of the e-mail in order to refer to our earlier offer as a reference in a later procedure.

Phone number

Contact

Performance of Contract (Article 6 Section (1) Point b) of the GDPR)

-

3 years from the receipt of the e-mail in order to refer to our earlier offer as a reference in a later procedure.

The social media contact of the User possibly shared by the User in the e-mail „signature”

Contact if none of the above methods is successful for contacting the User

Consent (Article 6 Section (1) Point a) of the GDPR)

-

Until withdrawn but not later than 3 years from the receipt of the e-mail in order to refer to our earlier offer as a reference in a later procedure.

The fact of reading the e-mail sent to the User, the date of reading, the date of the last reading and the number of openings

Collection of data related to the delivery of messages

Legitimate Interest (Article 6 Section (1) Point f) of the GDPR)

Tracking the reading of the offer, certifying the beginning and end of the offer validity

30 days from the evaluation of the campaign but not later than 3 years from the end of the offer validity

IV.1.2.2. Requesting offer via the contact form on the Website

If the User contacts the Service Provider via the contact form on the Website and request an offer from the Service Provider, the following personal data will be processed.

Scope of data processed

Purpose of processing

Ground for processing

Naming of legitimate interest

Duration of processing

First and last name

Contact

Performance of Contract (Article 6 Section (1) Point b) of the GDPR)

-

3 years from the receipt of the e-mail in order to refer to our earlier offer as a reference in a later procedure.

E-mail address

Contact

Performance of Contract (Article 6 Section (1) Point b) of the GDPR)

-

3 years from the receipt of the e-mail in order to refer to our earlier offer as a reference in a later procedure.

Phone number

Contact

Performance of Contract (Article 6 Section (1) Point b) of the GDPR)

-

3 years from the receipt of the e-mail in order to refer to our earlier offer as a reference in a later procedure.

The ID of the message

Contact

Legitimate Interest (Article 6 Section (1) Point f) of the GDPR)

Linking and proper identification of the request to a specific User, quality assurance

3 years from the receipt of the e-mail in order to refer to our earlier offer as a reference in a later procedure.

When requesting an offer via the contact form, providing the phone number is optional and will only be processed if the User has provided it to the Service Provider. When the User request an offer through the contact form, for ease of identification and management, the Service Provider will add an identification number to the offer request the User sends to the Service Provider, which the User did not provide , but the Service Provider will process it in relation to the User and it will be considered personal data under the provisions of the GDPR. The Service Provider will only process the fact that the email message has been read if they have contacted the User by email in response to the User offer request.

Whichever way the Users choose to request an offer or to contact the Service Provider, the Service Provider hereby asks Users that, given that the Service Provider cannot limit the personal data that each Users may sends, the User is requested to share only the most necessary data and information when contacting, so in no case should the User share any personal information with the Service Provider beyond the above in the User’s e-mail or on the contact form, especially if the Service Provider do not specifically and explicitly asks the User to do so. Any unsolicited personal data will be immediately deleted and the Service Provider will not be held liable in any way.

IV.1.3.   Notices regarding the Services

The User may subscribe to our notices. There are several ways to do this. The User  may sign up for it at one of the Service Provider’s events by completing the form provided for this purpose or if the User uses the Service Provider's software in a trial version, at the time of downloading and accepting its privacy policy and general terms and conditions and clicking on the download button the User subscribes to the Service Provider’s newsletter, which lasts until the User unsubscribes but until the end of the trial period as latest, unless the User continue to use the product after the trial period expired, because in this case until the User unsubscribe. In connection with this, the Service Provider processes the User's e-mail address under the explicit consent of the User until the User withdraws this consent. There are several ways to withdraw the consent, for more details, see Section VI of present Policy. In addition, it is also possible to unsubscribe directly from the Service Provider's newsletters via the link at the bottom of the newsletter.

IV.1.3.1. If the subscription is made by completing the form at one of our events:

Scope of data processed

Purpose of processing

Ground for processing

Naming the legitimate interest

Duration of processing

E-mail address

Sending informative and educational messages

Consent (Article 6 Section (1) Point a) of the GDPR)

-

Until the withdrawal of consent i.e., unsubscribing from the newsletter

First and last name

Sending informative and educational messages

Consent (Article 6 Section (1) Point a) of the GDPR)

-

Until the withdrawal of consent i.e., unsubscribing from the newsletter

The fact of reading the e-mail sent, the date of reading, the date of the last reading and the number of openings

Collection of data related to the delivery of messages

Legitimate Interest (Article 6 Section (1) Point f) of the GDPR)

Data collection for statistical purposes related to the reading and success of the Service Provider's newsletters

30 days from the evaluation of the campaign

IV.1.3.2. If the subscription is made by downloading our products:

Scope of data processed

Purpose of processing

Ground for processing

Naming of legitimate interest

Duration of processing

E-mail address

Sending informative and educational messages in connection with use of the downloaded software (no direct marketing content)

Legitimate Interest (Article 6 Section (1) Point f) of the GDPR)

Educational informative messages to facilitate the use of the software

Until objection against processing but until the end of the trial period as latest if the product is in trial version. If the User continue to us the product after the trial period expired until unsubscribing from the newsletter

First and last name

Sending informative and educational messages in connection with use of the downloaded software (no direct marketing content)

Legitimate Interest (Article 6 Section (1) Point f) of the GDPR)

Educational, informative messages to facilitate the use of the software

Until objection against processing but until the end of the trial period as latest if the product is in trial version. If the User continue to us the product after the trial period expired until unsubscribing from the newsletter from the newsletter

The fact of reading the e-mail sent to the User, the date of reading, the date of the last reading and the number of openings

Collection of data related to the delivery of messages

Legitimate Interest (Article 6 Section (1) Point f) of the GDPR)

Data collection for statistical purposes related to the reading and success of the Service Provider's newsletters

30 days from the evaluation of the campaign

IV.1.4.   Handling of contact data in connection with invoicing

IV.1.4.1. If the invoice about the Service is issued for a legal entity, then the Service Provider process the personal data found below. The Service Provider informs the Users the if the products of the Service Provider are purchased through Atlassian Marketplace then invoicing is managed by Atlassian Pty Ltd. therefore the Service Provider does not process any personal data for this purpose.

Scope of processed data

Purpose of processing

Ground for processing

Naming of Legitimate interest

Duration of processing

E-mail address of the designated contact person

Contact

Legitimate (Article 6 Section (1) Point f) of the GDPR)

Sending the invoice to the User to be issued mandatorily by the Service Provider in accordance with the law

Until the last day of the 5th year following the year in which the contract was terminated or until the deletion of the User

First and last name of the designated contact person

Contact

Legitimate Interest (Article 6 Section (1) Point f) of the GDPR)

Identifying the User in connection with the invoice to be issued mandatorily by the Service Provider in accordance with the law

Until the last day of the 5th year following the year in which the contract was terminated or until the deletion of the User

Phone number of the designated contact person

Contact

Legitimate Interest (Article 6 Section (1) Point f) of the GDPR)

Keeping contact the User in connection with the invoice to be issued mandatorily by the Service Provider in accordance with the law

Until the last day of the 5th year following the year in which the contract was terminated or until the deletion of the User

The Service Provider processes the above personal data only if the contact person’s e-mail address contains the name of a natural person. If the contact e-mail address is general (e.g., info@example.com or finance@example.com) then the Service Provider process the data, but it shall not be considered as personal data. The Service Provider draws the User attention that if the e-mail address contains the name of a natural person the consent of the contact person to provide such data shall be obtained by the User.

IV.1.4.2. If the invoice about the counter value of using the Service shall be issued for a natural person, the Service Provider process the following data.

Scope of processed data

Purpose of processing

Ground for processing

Naming of the legitimate interest

Duration of processing

First and last name

Data mandatorily to be recorded in the issued invoice

Compliance (Article 6 Section (1) Point c) of the GDPR)

-

8 years from issuing the invoice in accordance with Section 169 Subsection (2) of Act C of 2000 on Accounting

Address

Data mandatorily to be recorded in the issued invoice

Compliance (Article 6 Section (1) Point c) of the GDPR)

-

8 years from issuing the invoice in accordance with Section 169 Subsection (2) of Act C of 2000 on Accounting

Tax number

Data mandatorily to be recorded in the issued invoice

Compliance (Article 6 Section (1) Point c) of the GDPR)

-

8 years from issuing the invoice in accordance with Section 169 Subsection (2) of Act C of 2000 on Accounting

E-mail address

Keeping contact in connection with invoicing

Compliance (Article 6 Section (1) Point c) of the GDPR)

-

8 years from issuing the invoice in accordance with Section 169 Subsection (2) of Act C of 2000 on Accounting

The mandatory content of the invoice and the duration of storing is prescribed by law therefore the Service Provider process these in order to comply with its legal obligation.

 IV.1.5.  Applying for a position

From time to time the Service Provider is seeking staff for various positions to which the Users may apply by submitting their professional CV. The Users may send their applications by e-mail to job@meta-inf.hu. By sending the e-mail the Users give their consent for the Service Provider to process their personal data as part of the application process starting from the date the CV is sent to us. The exact rules of the data handling regarding applying for a position is contained in a separate privacy policy which can be found here .

IV.1.6.   Keeping contact during contractual relationship

If a contractual relationship is established between the Service Provider and the User, then the personal data – detailed below – of the contact person designated by the User is indicated in the contract. In these cases, the legal ground for processing is the legitimate interest of the Service Provider and its purpose is to provide information and other communications to the User regarding any issues arising during the contractual relationship. The User acknowledges that it is the User's responsibility and liability to obtain consent from the designated contact person to provide his/her data to the Service Provider.

Scope of processed data

Purpose of processing

Ground for processing

Naming of Legitimate interest

Duration of processing

E-mail address of the designated contact person

Keeping contact in order to perform contractual obligations

Performance of the contract (Article 6 Section (1) Point b) of the GDPR)

Providing information regarding the performance of the contract

Until objection against processing or until designating a new contact person but until 31st December of the third year following the year of termination of the contract as latest in order to use it as a reference proving former business relationship during a later process

First and last name of the designated contact person

Keeping contact in order to perform contractual obligations

Performance of a contract (Article 6 Section (1) Point b) of the GDPR)

Providing information regarding the performance of the contract

Until objection against processing or until designating a new contact person but until 31st December of the third year following the year of termination of the contract as latest in order to use it as a reference proving former business relationship during a later process

Phone number of the designated contact person

Keeping contact in order to perform contractual obligations

Performance of a contract (Article 6 Section (1) Point b) of the GDPR)

Providing information regarding the performance of the contract

Until objection against processing or until designating a new contact person but until 31st December of the third year following the year of termination of the contract as latest in order to use it as a reference proving former business relationship during a later process

The fact of reading the e-mail sent to the User, the date of reading, the date of the last reading and the number of openings

Sending feedback about the receipt of the message

Legitimate interest (Article 6 Section (1) Point f) of the GDPR)

Proof of delivery of contractual legal declarations and other communications made by Us

Until objection against processing or until designating a new contact person but until 31st December of the third year following the year of termination of the contract as latest

IV.1.7.   Providing support for nonprofit organizations

Once a year the Service Provider provides support for a chosen nonprofit organization for whom it provides help and introduces Atlassian’s efficiency boosting solutions completely free of charge. The User may apply for support through a tender. Further information on the support and the application is available on the Service Provider's Website, at the link https://www.meta-inf.hu/en/pledge-1-percent/ . To apply for the support, the following personal data must be provided:

Scope of processed data

Purpose of processing

Ground for processing

Naming of Legitimate interest

Duration of processing

E-mail address of the contact person designated by the User

Keeping contact with the User in connection with invoicing

Legitimate Interest of the Service Provider (Article 6 Section (1) Point f) of the GDPR)

Sending the invoice to the User to be issued mandatorily by the Service Provider in accordance with the law

Until the last day of the 5th year following the year in which the contract was terminated or until the deletion of the User

First and last name of the contact person designated by the User

Keeping contact with the User in connection with invoicing

Legitimate Interest of the Service Provider (Article 6 Section (1) Point f) of the GDPR)

Identifying the User in connection with the invoice to be issued mandatorily by the Service Provider in accordance with the law

Until the last day of the 5th year following the year in which the contract was terminated or until the deletion of the User

Phone number of the contact person designated by the User

Keeping contact with the User in connection with invoicing

Legitimate Interest of the Service Provider (Article 6 Section (1) Point f) of the GDPR)

Keeping contact the User in connection with the invoice to be issued mandatorily by the Service Provider in accordance with the law

Until the last day of the 5th year following the year in which the contract was terminated or until the deletion of the User

The fact of reading the e-mail sent to the User, the date of reading, the date of the last reading and the number of openings

Data related to the receipt of the invoice

Legitimate Interest of the Service Provider (Article 6 Section (1) Point f) of the GDPR)

Tracking the receipt of the invoice

Until the last day of the 5th year following the year in which the contract was terminated or until the deletion of the User

 

Scope of data processed

Purpose of processing

Ground for processing

Duration of processing

E-mail address

Data necessary to submit application for support

Consent (Article 6 Section (1) Point a) of the GDPR)

Until the withdrawal of consent but until announcing the results of the support for the given year as latest

First and last name

Data necessary to submit application for support

Consent (Article 6 Section (1) Point a) of the GDPR)

Until the withdrawal of consent but until announcing the results of the support for the given year as latest

Portrait

Data necessary to provide support

Performance of Contract (Article 6 Section (1) Point b) of the GDPR)

Until 31st December of the year following the year when the support has been provided

Application shall be made through the Service Provider’s Website by filling and submitting a form. In addition to the above the User shall provide the name of the organization on behalf of which the User submits the application and the year of founding the organization, however these are not considered to be personal data. The User shall furthermore upload a detailed application and may write a short message to accompany the application. We request the User to not provide any additional personal data other than the ones specified above. Shall the User provide any additional personal data the Service Provider will irreparably and permanently delete these data and the Service Provider shall have no liability for such personal data.

By submitting an application, the User acknowledges and gives consent that in case of gaining support from the Service Provider the Service Provider is entitled to make video recording and use that recording for marketing purposes in connection with the application about receiving support and introducing of the Atlassian system.  

IV.1.8.   Customer service 

In order to provide technical support for the Service Provider maintains customer service which may be reached in two ways. Either through a JIRA based system developed by Atlassian Pty Ltd. or by e-mail

In case the request is sent through JIRA based system

To manage customer service inquires We use the system of a third party, an application named JIRA Service Management (hereinafter as: “JIRA”). We use the cloud version of JIRA. For further information on processing and possible data transfer see Section IX.2. of present Policy.

If the User access customer service through the JIRA in order to fulfill the customer service request, the following data must be processed, which in any case is accessible by us from the JIRA System Central Database:

Scope of processed data

Purpose of processing

Ground for processing

Duration of processing

Username

 

Identification, fulfillment of customer service requests

Performance of contact (Article 6 Section (1) Point b) of the GDPR)

In the event that the User has a valid license for any Atlassian Product until 31st December, of the second year following the year of expiry of the license, if the User did not have a valid license, then by 31st December of the year following the year in which the customer support request was resolved.

E-mail address

Identification, fulfillment of customer service requests

Performance of contract (Article 6 Section (1) Point b) of the GDPR)

In the event that the User has a valid license for any Atlassian Product until 31st December, of the second year following the year of expiry of the license, if the User did not have a valid license, then by 31st December of the year following the year in which the customer support request was resolved.

First and last name (only if it is provided in the User’s Atlassian account)

Identification, fulfillment of customer service requests

Performance of contract (Article 6 Section (1) Point b) of the GDPR)

In the event that the User has a valid license for any Atlassian Product until 31st December, of the second year following the year of expiry of the license, if the User did not have a valid license, then by 31st December of the year following the year in which the customer support request was resolved.

In case of requests sent by e-mail:

If the User contacts our Customer Service by e-mail at the address support@meta-inf.hu then by sending the e-mail the User acknowledges the processing of his/her personal data. In order to be able to fulfill the customer service requests, certain personal data must be processed. Without these, the Service Provider will not be able to complete the User’s customer service request as the Service Provider would not be able to contact the User.

Scope of processed data

Purpose of processing

Ground for processing

Naming of the legitimate interest

Duration of processing

E-mail address

Identification, fulfillment of customer service requests

Performance of contract (Article 6 Section (1) Point b) of the GDPR)

-

In the event that the User has a valid license for any Atlassian Product until 31st December, of the second year following the year of expiry of the license, if the User did not have a valid license, then by 31st December of the year following the year in which the customer support request was resolved.

First and last name (only if it is provided in the User’s Atlassian account)

Identification, fulfillment of customer service requests

Performance of contract (Article 6 Section (1) Point b) of the GDPR)

-

In the event that the User has a valid license for any Atlassian Product until 31st December, of the second year following the year of expiry of the license, if the User did not have a valid license, then by 31st December of the year following the year in which the customer support request was resolved.

Phone number

Identification, fulfillment of customer service requests

Performance of contract (Article 6 Section (1) Point b) of the GDPR)

-

In the event that the User has a valid license for any Atlassian Product until 31st December, of the second year following the year of expiry of the license, if the User did not have a valid license, then by 31st December of the year following the year in which the customer support request was resolved.

The social media contact possibly shared by the User in the e-mail „signature”

-

Consent (Article 6 Section (1) Point a) of the GDPR)

-

Until the withdrawn of the consent but not later than a) the event that the User has a valid license for any Atlassian Product until 31st December, of the second year following the year of expiry of the license, b) if the User did not have a valid license, then by 31st December of the year following the year in which the customer support request was resolved.

The fact of reading the e-mail sent to the User, the date of reading, the date of the last reading and the number of openings

Sending feedback about the receipt of the message

Legitimate interest (Article 6 Section (1) Point f) of the GDPR)

Verification of the delivery of the response to the customer service request provided by the Us, tracking the fulfillment of the customer service requests, measuring the performance of the customer service

30 day from the evaluation of the campaign, but not later than a) In the event that the User has a valid license for any Atlassian Product until 31st December, of the second year following the year of expiry of the license, b) if the User did not have a valid license, then by 31st December of the year following the year in which the customer support request was resolved.

IV.1.9. Sending educational and marketing materials

Scope of data processed

Purpose of processing

Ground for processing

Duration of processing

First and last name

Sending educational materials related to the Service and if requested sending informational and marketing materials originating from User third parties related to useful applications and add-ons regarding the Atlassian system,

In connection with educational materials Performance of contract (Article 6 Section (1) Point b) of the GDPR)

 

In connection with marketing materials consent (Article 6 Section (1) Point a) of the GDPR)

In connection with the educational materials, the Service Provider processes the data until the User request for deletion.

 

In connection with the marketing materials, the Service Provider processes the data until the User request for deletion.

E-mail address

Sending educational materials related to the Service and if it is requested sending informational and marketing materials originating from Us or third parties related to useful applications and add-ons regarding the Atlassian system

In connection with educational materials Performance of contract (Article 6 Section (1) Point b) of the GDPR)

 

In connection with marketing materials consent (Article 6 Section (1) Point a) of the GDPR)

In connection with the educational materials, the Service Provider processes the data until the User request for deletion.

 

In connection with the marketing materials, the Service Provider processes the data until the User request for deletion.

 

If it is required, the User may request educational materials from the Service Provider related to the Service by providing the above data to the Service Provider through the Website. If the User chose this, the educational materials will be sent by e-mail to the e-mail address provided by the User not more than a few times a month. If the User does not wish to receive educational materials anymore later, he / she may request the Service Provider in e-mail to delete his / her data, in which case the Service Provider will no longer send such messages to the User.

If the User when requesting the educational materials expressly consents to it by ticking a separate checkbox, the Service Provider will send the User marketing materials related to the Service and its self-developed products, as well as the products and services of its partners, in addition to the educational materials. If the User no longer wishes to receive marketing content, his / her consent may be withdrawn in one of the ways indicated in Section VI. below.

IV.2.      Data processing related to the Service Provider’s “Vendor” activities

IV.2.1.   Using the software developed by the Service Provider

The Service Provider sells its software listed on the Atlassian Marketplace. Within this scope, the Service Provider will not process any personal data in connection with any software that runs in the hardware environment provided by the User because it does not have access to this software. In case of software that are only available in a cloud based version, the Service Provider shall be considered partly as controller and partly as processor with respect to the fact that it has no control over the data uploaded into the applications, however, the cloud-based software operates in a computing environment provided by the Service Provider, so that personal data contained therein is stored on the infrastructure provided by the Service Provider without any processing made by us. However, in addition, in some cases, the Service Provider performs processing in connection with the software, especially when the User logs in to his/her account through the domain provided for this purpose by the Service Provider. Within this scope, the Service Provider processes the following data:

Scope of processed data

Purpose of processing

Ground for processing

Naming of Legitimate interest

Duration of processing

IP address

Protection of the IT system and securing the Website

Legitimate interest (Article 6 Section (1) Point f) of the GDPR)

Protection of the IT system and securing the Website

for 90 days from the last use as latest

Atlassian account ID

Protection of the IT system and securing the Website

Legitimate interest (Article 6 Section (1) Point f) of the GDPR)

Protection of the IT system and securing the Website

for 90 days from the last use as latest

IV.2.3    License sales

IV.2.3.1. Processing of data related to the conclusion of contract

The Service Provider sells product keys related to different software pursuant to the provisions of the individual contract with the User, during which processing is performed only in respect of the personal data specified in the individual contract. In addition, if the User purchases the software developed by the Service Provider through Atlassian Marketplace, Atlassian will disclose certain personal data to us. In this regard, the Service Provider notes that this information is not provided to the Service Provider directly by the User, but transmitted by Atlassian Pty Ltd., which operates the Atlassian Marketplace, as follows:

Scope of processed data

Purpose of processing

Ground for processing

Duration of processing

E-mail address

Identification, contacting in connection with fulfillment of contractual obligation

Performance of contract (Article 6 Section (1) Point b) of the GDPR)

In case of concluding the contract directly until the fifth year following the last day of the year during which the contract was terminated, if the source of the data is Atlassian then until 31st December of the year following the year when Atlassian makes it unavailable

First and last name

Identification, contacting in connection with fulfillment of contractual obligation

Performance of contract (Article 6 Section (1) Point b) of the GDPR)

In case of concluding the contract directly until the fifth year following the last day of the year during which the contract was terminated, if the source of the data is Atlassian then until 31st December of the year following the year when Atlassian makes it unavailable

Phone number

Identification, contacting in connection with fulfillment of contractual obligation

Performance of contract (Article 6 Section (1) Point b) of the GDPR)

In case of concluding the contract directly until the fifth year following the last day of the year during which the contract was terminated, if the source of the data is Atlassian then until 31st December of the year following the year when Atlassian makes it unavailable

         

IV.2.3. Data migration

For Users who use a version of the software sold by the Service Provider that are running on the User's own servers (server / data center deployment), the Service Provider allows them to switch to the cloud deployment version of the software through a tool built into the software (Email This Issue Cloud Migration Assistant, a.k.a Migration Tool) to perform data migration. In case the User initiates the migration of the data stored in the software running on its own servers to the cloud-based servers, the data affected by the migration is stored on the servers of Atlassian for a duration of 2 weeks to which the Service Provider has reading access rights in order to facilitate the migration and to avoid data duplication, data error, data loss etc. and in order to avoid the need for the User to clean the data after the migration is completed.

During the migration the configuration data and the content of the Email Audit Log of the application named Email this Issue are affected.

The configuration data may contain the following personal data:

·    any data that the Migration Tool users with admin authorization may configure in the migration tool, including account connection details (e.g., passwords)

Of the configuration data affected by the migration, passwords and tokens are converted to an encrypted format during the migration, which means that they cannot be interpreted by third parties.

The audit log may contain the following personal data:

·   complete e-mail messages that include names, e-mail addresses, and any personal information that may be included in the e-mail message

The legal ground for data processing is the fulfillment of the contract between the User and the Service Provider. After the expiration of the 2 weeks period, Atlassian automatically deletes the stored data permanently and irrevocably, which also means the Service Provider’s rights to access also cease to exist.

IV.3.      Processing related to the Service Provider’s „Atlassian Solution Partner” activities

IV.3.1. Pre-contractual registration

If the User intends to use an Atlassian Solution Partner service (consulting, support, etc.) of the Service Provider in connection with software available via the Atlassian Marketplace, the Service Provider shall register the User and the User's representative with whom it negotiates for the purpose of concluding a contract in order to perform the contract between the Service Provider as an Atlassian Solution Partner and Atlassian Pty Ltd. As required by Atlassian, the Service Provider shall record the following information of the representative acting on behalf of the User in Atlassian Pty Ltd.'s system upon contact. By contacting the Service Provider, the User gives his/her consent to the Service Provider's transfer of the following data to Atlassian.

Scope of processed data

Purpose of processing

Ground for processing

Naming of Legitimate interest

Duration of processing

First and last name of the User’s contact person

Registration of the commencement of negotiations for using Atlassian Solution Partner Services

Legitimate interest (Article 6 Section (1) Point f) of the GDPR)

Performance of the contract and obligations between the Service Provider and Atlassian Pty Ltd., registration of the data required for the sale of the license

Until objection against the processing, but in order to enforce any claims, for a maximum period of 5 years from the date of registration, or 5 years from the conclusion of the contract in the case of a conclusion of a contract

E-mail address of the User’s contact person

Registration of the commencement of negotiations for using Atlassian Solution Partner Services

Legitimate interest (Article 6 Section (1) Point f) of the GDPR)

Performance of the contract and obligations between the Service Provider and Atlassian Pty Ltd., registration of the data required for the sale of the license

Until objection against the processing, but in order to enforce any claims, for a maximum period of 5 years from the date of registration, or 5 years from the conclusion of the contract in the case of a conclusion of a contract

Phone number of the User’s contact person

Registration of the commencement of negotiations for using Atlassian Solution Partner Services

Legitimate interest (Article 6 Section (1) Point f) of the GDPR)

Performance of the contract and obligations between the Service Provider and Atlassian Pty Ltd., registration of the data required for the sale of the license

Until objection against the processing, but in order to enforce any claims, for a maximum period of 5 years from the date of registration, or 5 years from the conclusion of the contract in the case of a conclusion of a contract

Position of the User’s contact person

Registration of the commencement of negotiations for using Atlassian Solution Partner Services

Legitimate interest (Article 6 Section (1) Point f) of the GDPR)

Performance of the contract and obligations between the Service Provider and Atlassian Pty Ltd., registration of the data required for the sale of the license

Until objection against the processing, but in order to enforce any claims, for a maximum period of 5 years from the date of registration, or 5 years from the conclusion of the contract in the case of a conclusion of a contract

IV.3.2.   Consulting and Support

IV.3.2.1. Processing of data related to the conclusion of contract

The Service Provider performs consulting and follow-up system monitoring activities for customers of various products sold by Atlassian Pty Ltd. under an individual order which aims to integrate Atlassian Pty Ltd.’s or third parties’ solutions into the User's IT system and that helps to find the appropriate software and includes their implementation and calibration. The Service Provider is able to perform this activity only if the User makes certain personal data available, as without this the Service Provider will not be able to carry out this activity undertaken in a separate agreement. The scope of data processed by the Service Provider in this regard are the following:

Scope of processed data

Purpose of processing

Ground for processing

Duration of processing

E-mail address

Identifying, contacting in connection with fulfillment of contractual obligation

Performance of contract (Article 6 Section (1) Point b) of the GDPR)

Until the last day of the 5th year following the year in which the contract was terminated

First and last name

Identifying, contacting in connection with fulfillment of contractual obligation

Performance of contract (Article 6 Section (1) Point b) of the GDPR)

 Until the last day of the 5th year following the year in which the contract was terminated

Phone number

Identifying, contacting in connection with fulfillment of contractual obligation

Performance of contract (Article 6 Section (1) Point b) of the GDPR)

 Until the last day of the 5th year following the year in which the contract was terminated

IV.3.2.2. Contract registration

If the User uses an Atlassian Solution Partner service (consulting, support, etc.) the Service Provider in in connection with the software available via the Atlassian Marketplace and a contract has been concluded between the parties, the Service Provider shall register the User and the User's representative with whom the contract has been concluded for the purpose of using the service in order to perform the contract between the Service Provider as Atlassian Solution Partner and Atlassian Pty Ltd. As required by Atlassian, the Service Provider shall register the following data of the representative acting on behalf of the User in Atlassian Pty Ltd.'s system after the conclusion of the contract.

Scope of processed data

Purpose of processing

Ground for processing

Naming of Legitimate interest

Duration of processing

First and last name of the User’s contact person

Registering the conclusion of a contract for Atlassian Solution Partner Services

Legitimate interest (Article 6 Section (1) Point f) of the GDPR)

Performance of the contract and obligations between the Service Provider and Atlassian Pty Ltd., registration of the data required for the sale of the license

Until objection against the processing, but in order to enforce any claims, for a maximum period of 5 years from the date the conclusion of the contract

E-mail address of the User’s contact person

Registering the conclusion of a contract for Atlassian Solution Partner Services

Legitimate interest (Article 6 Section (1) Point f) of the GDPR)

Performance of the contract and obligations between the Service Provider and Atlassian Pty Ltd., registration of the data required for the sale of the license

Until objection against the processing, but in order to enforce any claims, for a maximum period of 5 years from the date the conclusion of the contract

Phone number of the User’s contact person

Registering the conclusion of a contract for Atlassian Solution Partner Services

Legitimate interest (Article 6 Section (1) Point f) of the GDPR)

Performance of the contract and obligations between the Service Provider and Atlassian Pty Ltd., registration of the data required for the sale of the license

Until objection against the processing, but in order to enforce any claims, for a maximum period of 5 years from the date the conclusion of the contract

Position of the User’s contact person

Registering the conclusion of a contract for Atlassian Solution Partner Services

Legitimate interest (Article 6 Section (1) Point f) of the GDPR)

Performance of the contract and obligations between the Service Provider and Atlassian Pty Ltd., registration of the data required for the sale of the license

Until objection against the processing, but in order to enforce any claims, for a maximum period of 5 years from the date the conclusion of the contract

IV.3.3    Training 

The Service Provider uses a separate privacy policy for processing of data related to trainings which is available at: https://www.meta-inf.hu/legal-documents/trainings-privacy-policy Present Policy is only applicable regarding data processing in connection with the training if the privacy policy for training expressly provides so.

IV.3.4 Event organizing

The Service Provider uses a separate privacy policy for processing of data related to event organization which is available at: https://www.meta-inf.hu/legal-documents/event-privacy-policy Present Policy is only applicable regarding data processing in connection with the event organization if the privacy policy for event organization expressly provides so.

V.          What are cookies and why we use them?

Cookies are data packages that are sent by webservers to the User’s computer automatically, where they are stored – depending on the type of the cookie – for a definite period.

Cookies do not hold any security risk to the User’s computer or not cause any malfunction.

In order to ensure the smooth operation of the Website, certain cookies (known as session cookies) are automatically installed on the computer when the User visits the Website. The purpose of such cookies is to ensure the security of the Website, to preserve the data recorded on our online forms, to display multimedia content and to balance the traffic on the Website. Personal data collected using these cookies (in particular the IP address of the User’s computer) will be processed for our legitimate interest in the safe and smooth operation of the Website for the duration of the User’s stay on the Website. Closing the browser will automatically delete them from the computer.

With the User’s consent given on the Website, the following types of cookies may be installed on the computer for the following purposes:

  • Cookies for web analytical measurements and for statistical purposes (e.g., Google Analytics). These are important to us because the Service Provider is provided with information about the specific characteristics of the visitors (IP address, city, type of device, browser, operating system are they using, and what sub-pages the User have visited on our site). the Service Provider uses these data anonymized for statistics and reports to improve the Website and the marketing strategy.
  • Remarketing cookies (such as Google AdWords) allow us to analyze how the User uses the Website and, consequently, to display personalized content to the User, including advertising on online platforms outside our site (e.g., other websites or social media).

In addition, the Service Provider distinguishes between session-specific cookies and persistent cookies. A cookie valid for a single session only survives until the User closes the browser. Permanent cookies continue to live and are not automatically deleted when browser is closed. Why do they stay there and what's good about it? Well, such persistent cookies, for example, help to make the site run faster and remembering things that the User has set on the Website.

The User can manage cookies in the browser’s settings. How these settings are set depends on the type of the browser.

Further information may be found on cookie settings for the most popular browsers on the following links:

Google Chrome: https://support.google.com/chrome/answer/95647?hl=hu-hu&p=cpn_cookies   
Firefox: https://support.mozilla.org/hu/kb/sutik-informacio-amelyet-weboldalak-tarolnak-szami  
Internet Explorer / Edge: https://support.microsoft.com/hu-hu/help/17442/windows-internet-explorer-delete-manage-cookies   
Safari: https://support.apple.com/hu-hu/HT201265   

If the User has any further question regarding cookies, please contact the Service Provider at privacy@meta-inf.hu where its colleagues are more than happy to help.

Further information regarding the cookies used by the Service Provider can be found at https://www.meta-inf.hu/en/cookie-policy/

VI.         How can the User withdraws the consent if the ground for processing is based on consent?

If under present Policy the legal ground of processing is the data subject's i.e., the User's consent, then the User has the right to withdraw this consent. Depending on the purpose of processing there are many ways to do it. The consent given at browsing can be withdrawn at any time, free of charge and without limitation by revisiting the Website and clicking on the pop-up window. In addition, if the User does not have the possibility to withdraw the consent given this way, it can be withdrawn by sending a message to privacy@meta-inf.hu or in case of newsletter subscription by clicking on the "Unsubscribe" button at the bottom of the email or by sending a letter to the Service Provider's headquarters address.

Please note that the withdrawal of consent does not affect the legality of the processing prior to the withdrawal.

VII.       Where and how my personal data is stored?

All personal data is stored electronically on trusted secure servers. The data which is stored by the Service Provider is either on a server located within the European Union or on a server of a processor who is properly certified in relation to the processing of personal data.

The Service Provider ensures the protection of data on several levels (physically, technically, and organizationally), which in each case comply with industry standards.

Notwithstanding the above, the Service Provider shall not be liable for any damage, destruction, or unauthorized access to the data in the event of technical error, natural disaster, terrorist or criminal act.

VIII.      What rights do the User has in connection with processing personal data?

Request for information (right to access): the User may request information about the processing of the collected personal data at any time, either in person, at the Service Provider’s registered seat address, in writing by sending a registered letter or by email to privacy@meta-inf.hu.

Pursuant to Article 15 Section (1) of the GDPR, a request may include information on the data processed, their source, purpose, legal ground, duration, name and address of any processor, processing activities and the User’s rights in relation to processing. In the case of data transfer, to whom and for what purpose thedata have been or will be transferred.

A request for information is considered authentic if the User is clearly identified by the Service Provider. If the request is sent by e-mail or post, only the e-mail sent from the User’s registered e-mail address will be considered as authentic, and the Service Provider will only be able to send information to the postal address registered by it. Unless the User voluntarily verify the identity otherwise thereof, the Service Provider will not be able to send information to an e-mail address or postal address that is not registered in its records in order to protect the User’s privacy.

Rectification: The User may at any time request the rectification, modification, or amendment of the collected data in the same manner described above. The Service Provider can also do this only on the basis of a request from a credible source presented when submitting the request.

Restriction: The User may request that the Service Provider restricts the processing of the personal information in particular if:

a) The User argues the accuracy of the personal data we process. In this case, the limitation refers to the period during which the accuracy of the data is checked.

b) Although the legal ground for processing does not stand for us, but the User is requesting the Service Provider in writing to keep them for the purpose of filing, asserting, or defending any legal claim the User may have

Objection: If the Service Provider process the User’s personal data on the ground of legitimate interest, the User may at any time object to the processing of the Users personal data. In such cases, the Service Provider will review the legality of the objection and, if it is well established, the Service Provider terminate the processing of data and notify anyone to whom the personal data subject to the objection may have been previously transmitted.

Deletion (“Right to be forgotten”): The User may request the deletion of the User’s personal data at any time for any of the reasons set out in Article 17 Section (1) of the GDPR.

The Service Provider may refuse deletion if the processing of the User’s personal data is required by law or if it is necessary to enforce the legal claims. The Service Provider will always inform the User about the refusal of the request for deletion. Once it is deleted, the data cannot be recovered.

Transfer of Personal Data (Portability): The User may at any time request to transfer the data processed in connection with the User in a structured, widely used, machine-readable format to the User or to another controller.

The Service Provider kindly ask the User not to exercise the above rights improperly, but only if it has a real ground or if any of the conditions set out in the GDPR actually exist.

IX.         To whom we transfer personal data and who has right to access them?

The -User’s personal data is kept confidential and will not be disclosed to any third party except as provided below.

IX.1. Transmission of data related to the sending of newsletters, system messages and educational or marketing materials, messages in connection with consultancy and licensing and data storage, processing of data provided on website forms

If the User subscribed to our newsletter, either voluntarily or by using one of the Service Provider paid or free apps, furthermore if the User chose to use the services detailed in Section IV.1.9. above and if the User uses the Service Provider's consultancy or license sales services or fill any of the forms on the Service Provider's website the Service Provider will forward the User’s email address and other date provided by the user (e.g. on the form) to its processing partner. This processor is HubSpot a provider of cloud-based case management, forms and customer relationship management services through which the Service Provider sends system messages, eDMs and newsletters related to the operation of the Service and forms and contact details are recorded and managed.

HubSpot may not use the e-mail address or other data provided for any purpose other than the performance of its task or make any personal decision about it.

Contact details of the processor:

Name: HubSpot Ireland Limited

Address: Hubspot House, 1 Sir John Rogerson's Quay, Dublin Docklands, Dublin, D02 CR67, Ireland

Registration number: IE515723

Email: privacy@hubspot.com

Phone: +353 1 5187500

Represented by: Christian Kinnear director

Contact details of the DPO: https://preferences.hubspot.com/privacy

(hereinafter referred to as “Hubspot”)

If Hubspot transfers any data outside of the European Union, for example to its parent company HubSpot Inc., (seat: 25 First Street, 2nd Floor, Cambridge, MA 02141, USA, registration number number: 000955519, represented by: Brian Halligan director), the User’s email address and other data is protected in the same level as in Europe, in light of the European Commission's adequacy decision for EU-US data flows.

Hubspot’s privacy related documents may be found at the following links:

https://legal.hubspot.com/privacy-policy      

https://www.hubspot.com/data-privacy/gdpr/product-readiness     

IX.2. Fulfilling customer service requests through the JIRA cloud application or within the scope our “Vendor” activities in case of consulting

If the User is using the cloud-based version of the JIRA Service Management application (in connection with customer support) in connection with the software developed by the Service Provider, then in the case of customer service requests or in case of providing consultancy services, the Service Provider’s data processing partner is:

Name: Atlassian B.V. c / o Atlassian, Inc.

Address: 350 Bush Street San Francisco, CA 94104 USA

Email: eudatarep@atlassian.com

(hereinafter referred to as “Atlassian”)

Atlassian may not use the data detailed above for any purpose other than the performance of its task or make any personal decision regarding the personal data.

The Atlassian’s privacy policy is available at: https://www.atlassian.com/legal/privacy-policy

Atlassian also takes all reasonable efforts to ensure the protection of personal data as provided by the GDPR, so Atlassian has also complied with the provisions of the SCC. The data processing addendum regarding Atlassian’s compliance with SCC can be downloaded from the following link: https://www.atlassian.com/legal/data-processing-addendum       

IX.3.      In connection with software developed by the Service Provider:

The software developed by the Service Provider are stored at and operated from external servers, therefore if the User use them – depending on the used software – we use the services of the following server providers as processors:

IX.3.1.   Amazon Web Services

The Service Provider stores and operates particular software through Amazon Web Services a cloud-based webserver which may be reached at:

Name: Amazon Web Services, Inc.

Registered seat: 410 Terry Avenue North, Seattle, WA 98109-5210, USA

E-mail: EU-privacy-DSR@amazon.com  

Phone number: +1-206-266-1000

Represented by Eva Gehlin and Barbara Scarafia directors

European server locations: London, Frankfurt, Stockholm, Paris, Dublin

(hereinafter as: “Amazon”)

Although the Service Provider use the servers of Amazon located outside the territory of the European Union, namely in the United States the User’s data is still secure and protected by the provisions of the GDPR, with respect to the European Commission’s adequacy decision for EU-US data flows.

Amazon ensures the protection of data on multiple levels, physically protecting data storage servers, its infrastructure through uninterruptible power supplies and other advanced tools, limiting access to data, continuous monitoring of its system, encryption, and finally, environmentally selecting data center locations, because Amazon set up its data centers in places where it is not exposed to nature, such as seismic activity. More information about Amazon's security solutions is available at https://aws.amazon.com/compliance/data-center/data-centers/

Amazon’s general privacy policy can be reached at: https://aws.amazon.com/privacy/

 IX.3.2.  Datadog

The Service Provider monitors the software and data stored at and maintained from external servers by using a third-party service named Datadog, which may be contacted at:

Name: Datadog, Inc.

Registered seat: 620 8th Avenue 45th Floor New York, NY, USA

E-mail: gdpr@datadoghq.com

Phone number +1-866-329-4466

Represented by Olivier Pomel director

(hereinafter as: “Datadog”)

Datadog’s privacy policy can be reached at: https://www.datadoghq.com/legal/privacy/

IX.3.3. Hetzner

Furthermore, the Service Provider use the server providing services of Hetzner which servers are located within the European Union. Hetzner may be reached at:

Name:  Hetzner Online GmbH

Registered seat: Industriestr. 25, 91710 Gunzenhausen, Germany

Company Ansbach, HRB 6089

E-mail: info@hetzner.com  

Phone number:  +49 9831 505-0

Represented by: Martin Hetzner, managing director

(hereinafter as: “Hetzner”)

Hetzner’s privacy policy shall be reached through this link: https://www.hetzner.com/legal/privacy-policy

IX.4.      Correspondence (e-mail)

IX.4.1. Sending and receiving e-mails

The Service Provider uses Gmail a product of Google Inc. to manage correspondence by e-mail.

Name: Google Ireland Ltd

Registered seat: Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Location of Servers: Dublin, Ireland

(hereinafter as: “Google”)

Google processes EU related data within the territory of the European Union through its servers located in Dublin, Ireland. Google may not access, modify, delete, use, or otherwise manipulate user related data stored on the server provided by Google. If, for any reason, Google processes personal data outside the European Union, it will provide adequate protection in accordance with the provisions of the GDPR as a result of being subject to the SCC code of conduct. Learn more at https://policies.google.com/privacy/frameworks

Google provides the protection of data on multiple levels, such as physically protecting data storage servers, which are secured and supervised by security guards and technicians, it restricts access to server rooms by its employees and by providing uninterruptible power supply and other state-of-the-art infrastructure, restricting access to data, continuously monitoring its system, encryption, and firewall protection. The Google Privacy Policy is available at https://policies.google.com/privacy

IX.4.2. Tracking the receipt of e-mails

If under the provisions of present Policy, the Service Provider tracks the delivery of messages, it uses the services of an external service provider called Mailtrack as a data processor, the contact details of which are as follows:

Name: The Mail Track Company S.L.
Address: Calle Córcega, número 301, ático 2a, 08008 Barcelona, Spain

Registration number: B66095670

E-mail: privacy@mailtrack.io 

Phone number: +1 678 999 0141

Represented by: Eduardo Manchón director

Web: https://mailtrack.io/en/

(hereinafter as: “Mailtrack”)

Mailtrack is a data processor residing within the European Union, in Spain, therefore it shall comply with the provisions of the GDPR.

More information on Mailtrack’s data processing is available at: https://mailtrack.io/en/privacy

IX.5.      In connection with „Solution Partner” related activities:

IX.5.1.   Hetzner

In connection with its „Solution Partner” related activities the Service Provider use the services of Hetzner introduced in Section IX.3.3.

IX.5.2.   Office365

In connection with its „Solution Partner” related activities the Service Provider also use Office 365 by Microsoft Corporation to share documents and educational materials etc. with the User. In connection with Office 365 the processor is:

Name: Microsoft Ireland Operations Limited

Registered seat: One Microsoft Place, South County Business Park, Leopardstown, Dublin 18., Ireland

Online contacting form: https://privacy.microsoft.com/en-us/privacy-questions

Phone number: +353-1-706-3117

Represented by Satya Nadella director

(hereinafter as: “Microsoft”)

Microsoft process the data of people living within the territory of the European Union within the EU in Ireland. It may occur that Microsoft transmits data to its parent company Microsoft Corporation however these are in compliance with the effective privacy regulations with respect to the above reasons.

Privacy related materials of Microsoft may be reached at:

https://privacy.microsoft.com/hu-hu   

https://privacy.microsoft.com/en-us/privacystatement    

https://support.office.com/hu-hu/article/az-adatvédelmi-beáll%C3%ADtások-megtekintése-a-microsoft-office-adatvédelmi-központjában-d672876e-20d3-4ad3-a178-343d044e05c8?omkt=hu-HU&ui=hu-HU&rs=hu-HU&ad=HU

IX.6.      In connection with the Website:

In connection with the maintenance of the Website the Service Provider use the services of Amazon Web Services introduced in Section IX.3.1.

IX.7.      In connection with invoicing

The Service Provider issues its invoices with one of Hungary's largest online billing system, http://szamlazz.hu . If the User provides his/her own data as billing data, then as described above, since it is considered as personal data it is subject to processing by the Service Provider. Operator of http://szamlazz.hu  website as our processing partner is:

Name: http://KBOSS.hu  Kereskedelmi és Szolgáltató Kft.

Registered seat: 1031 Budapest, Záhony utca 7., Hungary

Company registration number: 01-09-303201

E-mail address: info@szamlazz.hu

Represented by: Balázs Ángyán managing director

(hereinafter as: „KBOSS”)

KBOSS has a privacy policy complying with the GDPR which is available at: https://www.szamlazz.hu/adatvedelem/

X.          What third-party social media plug-ins may be found on the Website?

To receive feedback on the contents we share on the Website and to share them we use socal media sites meaning the Service Provider uses the services (plugins) of third-party providers. The plugins are only active when the User specifically click on the button to allow them to contact social media sites. The plugins of the following two social media sites can be found on the Service Provider’s website: Facebook, Twitter, LinkedIn, Meetup, YouTube

If the User is logged in to any of these sites, it may occur that the User’s visit on the site will be attached to the User’s personal profile. If the User clicks on the specific button, the User’s browser will forward the relevant information directly to that social media site and store them there.

Information about the scope and purpose of the data collected, further processing of the User’s data and use of the User’s data by the social media provider, and the User’s rights regarding personal data can be found in privacy statements of the social media providers, which are available at:

Facebook: https://www.facebook.com/policy.php

Twitter: https://twitter.com/en/privacy   

LinkedIn: https://www.linkedin.com/legal/privacy-policy

Meetup: https://www.meetup.com/privacy/

YouTube: https://policies.google.com/privacy

XI.         To whom and in what cases are the Service Provider is obliged to disclose personal data?

The Service Provider may be requested to disclose personal data it processes to authorities in response to legal requests, like search warrants, court orders, production orders or subpoenas. These requests come from third parties such as civil litigants, law enforcement and other government authorities. The Service Provider discloses data in accordance with applicable law, the Service Provider cannot be held liable for any such transfer or any resulting consequences. The Service Provider will always inform the User about the transfer if it is not prohibited by law or by the requester authority.

XII.       What are the responsibilities regarding the personal data the User provides?

When the User provides to the Service Provider personal data, the User is responsible for ensuring that the information and contributions are true and correct.

The Service Provider asks the User to provide third-party data only if specifically authorized to do so by the third party. The Service Provider assumes no liability for any resulting claims.

If a third-party object the processing of personal data by credibly verifying its identity, the Service Provider will immediately delete third-party data without notifying. The User is requested to only provide third-party personal data only if the User has informed the third party of the availability of this Policy.

XIII.     Management of Personal data breach

Personal data breach – except that is unlikely to result in a risk to the effected person – may occur will be reported to the supervisory authority within 72 hours from becoming known to us in accordance with the law, and we will also maintain records of any breach that may occur. In the cases specified by law, we also inform users concerned.

XIV.      Data Protection Officer (DPO)

Pursuant to Article 37 of the GDPR appointment of a DPO is mandatory if:

a) the processing is carried out by a public authority or body, except for courts acting in their judicial capacity.

b) the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or

c) the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 and personal data relating to criminal convictions and offences referred to in Article 10.

With respect to that the Service Provider is not subject to any of the clauses above and because there is no other compelling reason to appoint a DPO we are not appointing anyone for this position.

XV.       Amendment of the Privacy Policy

If the scope of the processed data, the legal ground of the processing or other circumstances change, this Policy will be amended and published in accordance with the provisions of the GDPR and the User will be notified of such change given that the changes will become effective from the following day of publication, through our Website. Please be sure to read the Policy changes carefully as they contain important information about the processing of the personal data.

XVI.      To whom the User can turn to for information regarding the User’s personal data or to exercise the rights?

If the User has any questions, please contact us by email privacy@meta-inf.hu, phone +36 30 515 4464 or at 1117 Budapest, Irinyi József utca 4-20. B. ép. 3. em., Hungary

The User is entitled to exercise the rights related to the processing of personal data against the Service Provider as controller. If the User wish to exercise such rights, the User must first notify the Service Provider.

If the User feels that the rights have been violated, the User can complain to the National Authority for Privacy and Freedom of Information:

Name: National Authority for Privacy and Freedom of Information

Address: 1055 Budapest, Falk Miksa utca 9-11., Hungary

Mailing address: 1363 Budapest, PO box: 9., Hungary

Phone: +36 1 391 1400

E-mail: ugyfelszolgalat@naih.hu

Website: http://www.naih.hu

In the event of a dispute arising out of or in connection with this the present Privacy Policy, its breach, validity or interpretation, the User may bring the dispute to the competent court under Act CXXX of 2016 on the Code of Civil Procedure (Code of Civil Procedure):

Name: Budapest District Court for the XVIII. and XIX. Districts

Name: Budapest District Court for the XVIII. and XIX. Districts
Address: 1191 Budapest, Kossuth tér 7/9., Hungary
Mailing address: 1703 Budapest, PO Box. 4., Hungary
Phone: +3613574333
E-mail: kispest.elnokseg@birosag.hu
Website: https://fovarositorvenyszek.birosag.hu/jarasbirosagok/budapesti-xviii-es-xix-keruleti-birosag

Privacy Policy

Last modified: 18th December 2023

 

In order to make the changes of present Privacy Policy more transparent we summarize each modification in the chart below with indicating the most important changes and the date from which the changes are effective:

Version

Validity period

Changes

Download

v13

18.12.2023.

 

General stylistic and structural changes, clarification of data processing purposes, placement of event, and job application data processing information into separate policies

Privacy Policy v13
v12 27. 11. 2023. - 

17.12.2023.

 
 Expanding the scope of data processing (new purpose), change of data processor (website), deletion of data processor (training) Privacy Policy v12
v11

03.10.2023. - 27. 11. 2023.

Change of data processor, extending the scope of using the data processor Privacy Policy v11
v10 18.10.2022 - 01.10.2023. Change of data processor Privacy Policy v10
v9 19.07.2022. - 17.10.2022. Change of contact address (Section XVI) Privacy Policy v9
v8 12.04.2022. - 18.07.2022. Expanding the scope of data processing (new purpose) Privacy policy v8
v7 23.11.2021. - 11.04.2022. Expanding the scope of data processing (new purpose) Privacy Policy v7
v6 02.09.2021. - 22.11.2021. Expanding the scope of data processors Privacy Policy v6
v5

22.03.2021. - 01.09.2021.

Expanding the persons who shall be considered as User, expanding the range of tools used in connection with the events, supplementing the recipient of data transmission, expanding the scope of data processing,
Modification of information provided on data transfer outside of EU, modification of data processing provisions related to training, modification of the data protection authorities contacts details
Change of the representative of the Company

Privacy Policy v5
v4 10.12.2020. - 21.03.2021. Change of the Jira Service Desk name to Jira Service Management Privacy Policy v4
v3 23.04.2020. - 09.12.2020. Updates in accordance with the changes made ont he website and the changes in the scope of processing Privacy Policy v3

v2

23.12.2019. - 22.04.2020.

Updates according to the latest Privacy Policy requirements by Atlassian

 

v1

25.05.2018. - 22.12.2019.

Initial version

Privacy Policy v1

 

Thank you for choosing the services provided by or the software developed META-INF Kft. We would like to kindly inform you that it is our priority to properly protect your personal data and to respect your rights related thereto.

To achieve the above goals present privacy policy (hereinafter as: “Policy”) in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter as: “GDPR”) contains all information regarding the processing of personal data provided to us by our users (hereinafter as: “User”) related to the services provided and the software distributed by

Company name: META-INF Szolgáltató Korlátolt Felelősségű Társaság

Registered seat: 1192 Budapest, Taksony utca 6. fszt. 1., Hungary

Company registration number: 01-09-170431

Tax number: 13024583-2-43

Registered by: Company Registry Court of the Metropolitan Court of Budapest

Represented by: Attila Gáspár, Tibor Hegyi managing directors individually

E-mail: info@meta-inf.hu

Telephone: +36 30 515 4464

(hereinafter as: “Service Provider”)

The aim of the Policy is to give a clear picture about why, how, and how long we process personal data related to our Users who contacted us through our website or via other channels.

I.            A few data privacy related definitions to better understand the Policy

Personal data

means any information, controlled by the Service Provider, relating to an identified or identifiable natural person (‘data subject’ – User as a user of the services); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing

means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Controller

means the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data;

The controller of the User’s personal data is META-INF, as the Service Provider

Processor

means a natural or legal person which processes personal data on behalf of the controller.

Third party

means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Data forwarding

Means the disclosure of personal data to specific third parties.

Data subject

Everybody who shares personal data with the Service Provider through the Website or via other channels or whose personal data is processed by the Service Provider otherwise. For example, the User who reads this Policy.

Consent of the data subject

means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Personal data breach

means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

Most of the above definitions are used by the GDPR. The full text of the GDPR is available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=HU . The above list is not complete so should the User needs more information or explanation do not hesitate to contact the Service Provider. 

The Service Provider would like to inform the User that during the processing it does not process or request any sensitive, genetic, or biometric data. 

II.          Other definitions

Website

means the websites available at the domain addresses listed in appendix no.1. of present Policy that are operated by the Service Provider and through which the visitors may acquire information on the Service Provider, the Service and may use them  

Service

means collectively the software developed by the Service Provider that are listed on and distributed through Atlassian Marketplace (hereinafter as: „Vendor Services”) and the services related to consultancy, support, training, licensing, event organizing activities of the Service Provider (hereinafter as: „Solution Partner Services”

User

means collectively during the interpretation of present Privacy the visitor of the Website, the person requesting offer or consultation, the person subscribing to newsletter and the user of the Service (regardless of the user level), the person applying for support on behalf of a nonprofit organization.

III.        In which cases do the Service Provider process personal data?

In accordance with the principles laid down by Article 5 Section (1) of the GDPR the personal data of the User is processed regarding Vendor Services and Solution Partner Services in the following cases:

 

In connection with the general activity of the Service Provider:

 

·         Browsing the Website

·         Requesting offer by e-mail

·         Newsletter subscription

·         Invoicing

·         Applying for a position

·         Keeping contact during contractual relationship

·         Providing support for nonprofit organizations

·         Customer service

·         Sending educational and marketing materials

·         Placement of cookies on the Website

 

In connection with „Atlassian Vendor” activities

·         Using the software developed by the Service Provider

·         License sales

·         Data migration

 

In connection with „Atlassian Solution Partner” activities

·         Pre-contract registration

·         Consulting and support and registration

·         Training

·         Event organizing

IV.         What data, for what purpose and for how long do the Service Provider processes?

In the cases detailed above the legal ground for processing shall be the following:

  • In accordance with article 6 Section (1) Point a) of the GDPR the freely given, specific, informed, and unambiguous consent of the User (hereinafter as: „Consent”).
  • In accordance with article 6 Section (1) Point b) of the GDPR processing is necessary for the performance of a contract to which the User is party (hereinafter as: „Performance of Contract”).
  • In accordance with article 6 Section (1) Point c) of the GDPR processing is necessary for compliance with a legal obligation to which the controller is subject (hereinafter as: „Compliance”).
  • In accordance with article 6 Section (1) Point f) of the GDPR processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (hereinafter as: „Legitimate Interest”).

With respect to that the Service Provider is not able to limit the amount of personal data may be sent to the Service Provider by the User via any communication channel,  because the Service Provider has no influence on the User who voluntarily provide personal data, therefore the Service Provider kindly ask the User to provide only the minimum information and data required by the Service Provider in present Policy when contacting the Service Provider in any way, and the Service Provider expressly and emphatically ask the User to do the best to ensure that the Service Provider does not receive any data that it does not want to process.

IV.1. Data processing in connection with the general activity of the Service Provider

IV.1.1. Browsing

The Website may be freely visited and browsed by the User without expressively providing any personal data to the Service Provider. However, when visiting the Website at any time, the User’s computer or mobile device sends a request to the Service Provider. It is like sending a letter to which the User wishes to get the content of the Website as an answer. The Service Provider (and the Website) can only answer this request if the User provides his/her address. This address is the User’s internet identifier address, IP address for short. The Service Provider sends the requested Website to this IP address. This is an automatic process. With respect to the IP address, we would like to inform the Visitor that the Service Provider does not handle the IP address in any way and does not log visits or IP addresses.

IV.1.2.   Requesting offer

The Service Provider provides several channels for Users to request an offer from us for the Service Provider’s Services, including by sending a request for offer by email or by using the contact form at the bottom of the page on the Website, which can be accessed by scrolling down or clicking on the "Contact Us" button.

IV.1.2.1. Requesting offer by e-mail

If the User wishes to be contacted by the Service Provider via e-mail the User may do so by sending a message to the email address indicated on the Website. The Service Provider would like to draw the User’s attention that, by sending an email, the User may unwittingly share personal data with the Service Provider, because the email the User sends includes email address and the name of the User specify in the email client which the User wants to appear in the emails. In addition, if the User thinks it makes contacting easier, the User’s phone number is welcomed. Furthermore, it may occur that the User shares social media contact information with is if the e-mail „signature” contains such information so if this is the case, the Service Provider will also process this data. By sending an email with such data, the Service Provider assumes that the User voluntarily consent to the processing.

Scope of data processed

Purpose of processing

Ground for processing

Naming of legitimate interest

Duration of processing

First and last name

Contact

Performance of Contract (Article 6 Section (1) Point b) of the GDPR)

-

3 years from the receipt of the e-mail in order to refer to our earlier offer as a reference in a later procedure.

E-mail address

Contact

Performance of Contract (Article 6 Section (1) Point b) of the GDPR)

-

3 years from the receipt of the e-mail in order to refer to our earlier offer as a reference in a later procedure.

Phone number

Contact

Performance of Contract (Article 6 Section (1) Point b) of the GDPR)

-

3 years from the receipt of the e-mail in order to refer to our earlier offer as a reference in a later procedure.

The social media contact of the User possibly shared by the User in the e-mail „signature”

Contact if none of the above methods is successful for contacting the User

Consent (Article 6 Section (1) Point a) of the GDPR)

-

Until withdrawn but not later than 3 years from the receipt of the e-mail in order to refer to our earlier offer as a reference in a later procedure.

The fact of reading the e-mail sent to the User, the date of reading, the date of the last reading and the number of openings

Collection of data related to the delivery of messages

Legitimate Interest (Article 6 Section (1) Point f) of the GDPR)

Tracking the reading of the offer, certifying the beginning and end of the offer validity

30 days from the evaluation of the campaign but not later than 3 years from the end of the offer validity

IV.1.2.2. Requesting offer via the contact form on the Website

If the User contacts the Service Provider via the contact form on the Website and request an offer from the Service Provider, the following personal data will be processed.

Scope of data processed

Purpose of processing

Ground for processing

Naming of legitimate interest

Duration of processing

First and last name

Contact

Performance of Contract (Article 6 Section (1) Point b) of the GDPR)

-

3 years from the receipt of the e-mail in order to refer to our earlier offer as a reference in a later procedure.

E-mail address

Contact

Performance of Contract (Article 6 Section (1) Point b) of the GDPR)

-

3 years from the receipt of the e-mail in order to refer to our earlier offer as a reference in a later procedure.

Phone number

Contact

Performance of Contract (Article 6 Section (1) Point b) of the GDPR)

-

3 years from the receipt of the e-mail in order to refer to our earlier offer as a reference in a later procedure.

The ID of the message

Contact

Legitimate Interest (Article 6 Section (1) Point f) of the GDPR)

Linking and proper identification of the request to a specific User, quality assurance

3 years from the receipt of the e-mail in order to refer to our earlier offer as a reference in a later procedure.

When requesting an offer via the contact form, providing the phone number is optional and will only be processed if the User has provided it to the Service Provider. When the User request an offer through the contact form, for ease of identification and management, the Service Provider will add an identification number to the offer request the User sends to the Service Provider, which the User did not provide , but the Service Provider will process it in relation to the User and it will be considered personal data under the provisions of the GDPR. The Service Provider will only process the fact that the email message has been read if they have contacted the User by email in response to the User offer request.

Whichever way the Users choose to request an offer or to contact the Service Provider, the Service Provider hereby asks Users that, given that the Service Provider cannot limit the personal data that each Users may sends, the User is requested to share only the most necessary data and information when contacting, so in no case should the User share any personal information with the Service Provider beyond the above in the User’s e-mail or on the contact form, especially if the Service Provider do not specifically and explicitly asks the User to do so. Any unsolicited personal data will be immediately deleted and the Service Provider will not be held liable in any way.

IV.1.3.   Notices regarding the Services

The User may subscribe to our notices. There are several ways to do this. The User  may sign up for it at one of the Service Provider’s events by completing the form provided for this purpose or if the User uses the Service Provider's software in a trial version, at the time of downloading and accepting its privacy policy and general terms and conditions and clicking on the download button the User subscribes to the Service Provider’s newsletter, which lasts until the User unsubscribes but until the end of the trial period as latest, unless the User continue to use the product after the trial period expired, because in this case until the User unsubscribe. In connection with this, the Service Provider processes the User's e-mail address under the explicit consent of the User until the User withdraws this consent. There are several ways to withdraw the consent, for more details, see Section VI of present Policy. In addition, it is also possible to unsubscribe directly from the Service Provider's newsletters via the link at the bottom of the newsletter.

IV.1.3.1. If the subscription is made by completing the form at one of our events:

Scope of data processed

Purpose of processing

Ground for processing

Naming the legitimate interest

Duration of processing

E-mail address

Sending informative and educational messages

Consent (Article 6 Section (1) Point a) of the GDPR)

-

Until the withdrawal of consent i.e., unsubscribing from the newsletter

First and last name

Sending informative and educational messages

Consent (Article 6 Section (1) Point a) of the GDPR)

-

Until the withdrawal of consent i.e., unsubscribing from the newsletter

The fact of reading the e-mail sent, the date of reading, the date of the last reading and the number of openings

Collection of data related to the delivery of messages

Legitimate Interest (Article 6 Section (1) Point f) of the GDPR)

Data collection for statistical purposes related to the reading and success of the Service Provider's newsletters

30 days from the evaluation of the campaign

IV.1.3.2. If the subscription is made by downloading our products:

Scope of data processed

Purpose of processing

Ground for processing

Naming of legitimate interest

Duration of processing

E-mail address

Sending informative and educational messages in connection with use of the downloaded software (no direct marketing content)

Legitimate Interest (Article 6 Section (1) Point f) of the GDPR)

Educational informative messages to facilitate the use of the software

Until objection against processing but until the end of the trial period as latest if the product is in trial version. If the User continue to us the product after the trial period expired until unsubscribing from the newsletter

First and last name

Sending informative and educational messages in connection with use of the downloaded software (no direct marketing content)

Legitimate Interest (Article 6 Section (1) Point f) of the GDPR)

Educational, informative messages to facilitate the use of the software

Until objection against processing but until the end of the trial period as latest if the product is in trial version. If the User continue to us the product after the trial period expired until unsubscribing from the newsletter from the newsletter

The fact of reading the e-mail sent to the User, the date of reading, the date of the last reading and the number of openings

Collection of data related to the delivery of messages

Legitimate Interest (Article 6 Section (1) Point f) of the GDPR)

Data collection for statistical purposes related to the reading and success of the Service Provider's newsletters

30 days from the evaluation of the campaign

IV.1.4.   Handling of contact data in connection with invoicing

IV.1.4.1. If the invoice about the Service is issued for a legal entity, then the Service Provider process the personal data found below. The Service Provider informs the Users the if the products of the Service Provider are purchased through Atlassian Marketplace then invoicing is managed by Atlassian Pty Ltd. therefore the Service Provider does not process any personal data for this purpose.

Scope of processed data

Purpose of processing

Ground for processing

Naming of Legitimate interest

Duration of processing

E-mail address of the designated contact person

Contact

Legitimate (Article 6 Section (1) Point f) of the GDPR)

Sending the invoice to the User to be issued mandatorily by the Service Provider in accordance with the law

Until the last day of the 5th year following the year in which the contract was terminated or until the deletion of the User

First and last name of the designated contact person

Contact

Legitimate Interest (Article 6 Section (1) Point f) of the GDPR)

Identifying the User in connection with the invoice to be issued mandatorily by the Service Provider in accordance with the law

Until the last day of the 5th year following the year in which the contract was terminated or until the deletion of the User

Phone number of the designated contact person

Contact

Legitimate Interest (Article 6 Section (1) Point f) of the GDPR)

Keeping contact the User in connection with the invoice to be issued mandatorily by the Service Provider in accordance with the law

Until the last day of the 5th year following the year in which the contract was terminated or until the deletion of the User

The Service Provider processes the above personal data only if the contact person’s e-mail address contains the name of a natural person. If the contact e-mail address is general (e.g., info@example.com or finance@example.com) then the Service Provider process the data, but it shall not be considered as personal data. The Service Provider draws the User attention that if the e-mail address contains the name of a natural person the consent of the contact person to provide such data shall be obtained by the User.

IV.1.4.2. If the invoice about the counter value of using the Service shall be issued for a natural person, the Service Provider process the following data.

Scope of processed data

Purpose of processing

Ground for processing

Naming of the legitimate interest

Duration of processing

First and last name

Data mandatorily to be recorded in the issued invoice

Compliance (Article 6 Section (1) Point c) of the GDPR)

-

8 years from issuing the invoice in accordance with Section 169 Subsection (2) of Act C of 2000 on Accounting

Address

Data mandatorily to be recorded in the issued invoice

Compliance (Article 6 Section (1) Point c) of the GDPR)

-

8 years from issuing the invoice in accordance with Section 169 Subsection (2) of Act C of 2000 on Accounting

Tax number

Data mandatorily to be recorded in the issued invoice

Compliance (Article 6 Section (1) Point c) of the GDPR)

-

8 years from issuing the invoice in accordance with Section 169 Subsection (2) of Act C of 2000 on Accounting

E-mail address

Keeping contact in connection with invoicing

Compliance (Article 6 Section (1) Point c) of the GDPR)

-

8 years from issuing the invoice in accordance with Section 169 Subsection (2) of Act C of 2000 on Accounting

The mandatory content of the invoice and the duration of storing is prescribed by law therefore the Service Provider process these in order to comply with its legal obligation.

 IV.1.5.  Applying for a position

From time to time the Service Provider is seeking staff for various positions to which the Users may apply by submitting their professional CV. The Users may send their applications by e-mail to job@meta-inf.hu. By sending the e-mail the Users give their consent for the Service Provider to process their personal data as part of the application process starting from the date the CV is sent to us. The exact rules of the data handling regarding applying for a position is contained in a separate privacy policy which can be found here .

IV.1.6.   Keeping contact during contractual relationship

If a contractual relationship is established between the Service Provider and the User, then the personal data – detailed below – of the contact person designated by the User is indicated in the contract. In these cases, the legal ground for processing is the legitimate interest of the Service Provider and its purpose is to provide information and other communications to the User regarding any issues arising during the contractual relationship. The User acknowledges that it is the User's responsibility and liability to obtain consent from the designated contact person to provide his/her data to the Service Provider.

Scope of processed data

Purpose of processing

Ground for processing

Naming of Legitimate interest

Duration of processing

E-mail address of the designated contact person

Keeping contact in order to perform contractual obligations

Performance of the contract (Article 6 Section (1) Point b) of the GDPR)

Providing information regarding the performance of the contract

Until objection against processing or until designating a new contact person but until 31st December of the third year following the year of termination of the contract as latest in order to use it as a reference proving former business relationship during a later process

First and last name of the designated contact person

Keeping contact in order to perform contractual obligations

Performance of a contract (Article 6 Section (1) Point b) of the GDPR)

Providing information regarding the performance of the contract

Until objection against processing or until designating a new contact person but until 31st December of the third year following the year of termination of the contract as latest in order to use it as a reference proving former business relationship during a later process

Phone number of the designated contact person

Keeping contact in order to perform contractual obligations

Performance of a contract (Article 6 Section (1) Point b) of the GDPR)

Providing information regarding the performance of the contract

Until objection against processing or until designating a new contact person but until 31st December of the third year following the year of termination of the contract as latest in order to use it as a reference proving former business relationship during a later process

The fact of reading the e-mail sent to the User, the date of reading, the date of the last reading and the number of openings

Sending feedback about the receipt of the message

Legitimate interest (Article 6 Section (1) Point f) of the GDPR)

Proof of delivery of contractual legal declarations and other communications made by Us

Until objection against processing or until designating a new contact person but until 31st December of the third year following the year of termination of the contract as latest

IV.1.7.   Providing support for nonprofit organizations

Once a year the Service Provider provides support for a chosen nonprofit organization for whom it provides help and introduces Atlassian’s efficiency boosting solutions completely free of charge. The User may apply for support through a tender. Further information on the support and the application is available on the Service Provider's Website, at the link https://www.meta-inf.hu/en/pledge-1-percent/ . To apply for the support, the following personal data must be provided:

Scope of processed data

Purpose of processing

Ground for processing

Naming of Legitimate interest

Duration of processing

E-mail address of the contact person designated by the User

Keeping contact with the User in connection with invoicing

Legitimate Interest of the Service Provider (Article 6 Section (1) Point f) of the GDPR)

Sending the invoice to the User to be issued mandatorily by the Service Provider in accordance with the law

Until the last day of the 5th year following the year in which the contract was terminated or until the deletion of the User

First and last name of the contact person designated by the User

Keeping contact with the User in connection with invoicing

Legitimate Interest of the Service Provider (Article 6 Section (1) Point f) of the GDPR)

Identifying the User in connection with the invoice to be issued mandatorily by the Service Provider in accordance with the law

Until the last day of the 5th year following the year in which the contract was terminated or until the deletion of the User

Phone number of the contact person designated by the User

Keeping contact with the User in connection with invoicing

Legitimate Interest of the Service Provider (Article 6 Section (1) Point f) of the GDPR)

Keeping contact the User in connection with the invoice to be issued mandatorily by the Service Provider in accordance with the law

Until the last day of the 5th year following the year in which the contract was terminated or until the deletion of the User

The fact of reading the e-mail sent to the User, the date of reading, the date of the last reading and the number of openings

Data related to the receipt of the invoice

Legitimate Interest of the Service Provider (Article 6 Section (1) Point f) of the GDPR)

Tracking the receipt of the invoice

Until the last day of the 5th year following the year in which the contract was terminated or until the deletion of the User

 

Scope of data processed

Purpose of processing

Ground for processing

Duration of processing

E-mail address

Data necessary to submit application for support

Consent (Article 6 Section (1) Point a) of the GDPR)

Until the withdrawal of consent but until announcing the results of the support for the given year as latest

First and last name

Data necessary to submit application for support

Consent (Article 6 Section (1) Point a) of the GDPR)

Until the withdrawal of consent but until announcing the results of the support for the given year as latest

Portrait

Data necessary to provide support

Performance of Contract (Article 6 Section (1) Point b) of the GDPR)

Until 31st December of the year following the year when the support has been provided

Application shall be made through the Service Provider’s Website by filling and submitting a form. In addition to the above the User shall provide the name of the organization on behalf of which the User submits the application and the year of founding the organization, however these are not considered to be personal data. The User shall furthermore upload a detailed application and may write a short message to accompany the application. We request the User to not provide any additional personal data other than the ones specified above. Shall the User provide any additional personal data the Service Provider will irreparably and permanently delete these data and the Service Provider shall have no liability for such personal data.

By submitting an application, the User acknowledges and gives consent that in case of gaining support from the Service Provider the Service Provider is entitled to make video recording and use that recording for marketing purposes in connection with the application about receiving support and introducing of the Atlassian system.  

IV.1.8.   Customer service 

In order to provide technical support for the Service Provider maintains customer service which may be reached in two ways. Either through a JIRA based system developed by Atlassian Pty Ltd. or by e-mail

In case the request is sent through JIRA based system

To manage customer service inquires We use the system of a third party, an application named JIRA Service Management (hereinafter as: “JIRA”). We use the cloud version of JIRA. For further information on processing and possible data transfer see Section IX.2. of present Policy.

If the User access customer service through the JIRA in order to fulfill the customer service request, the following data must be processed, which in any case is accessible by us from the JIRA System Central Database:

Scope of processed data

Purpose of processing

Ground for processing

Duration of processing

Username

 

Identification, fulfillment of customer service requests

Performance of contact (Article 6 Section (1) Point b) of the GDPR)

In the event that the User has a valid license for any Atlassian Product until 31st December, of the second year following the year of expiry of the license, if the User did not have a valid license, then by 31st December of the year following the year in which the customer support request was resolved.

E-mail address

Identification, fulfillment of customer service requests

Performance of contract (Article 6 Section (1) Point b) of the GDPR)

In the event that the User has a valid license for any Atlassian Product until 31st December, of the second year following the year of expiry of the license, if the User did not have a valid license, then by 31st December of the year following the year in which the customer support request was resolved.

First and last name (only if it is provided in the User’s Atlassian account)

Identification, fulfillment of customer service requests

Performance of contract (Article 6 Section (1) Point b) of the GDPR)

In the event that the User has a valid license for any Atlassian Product until 31st December, of the second year following the year of expiry of the license, if the User did not have a valid license, then by 31st December of the year following the year in which the customer support request was resolved.

In case of requests sent by e-mail:

If the User contacts our Customer Service by e-mail at the address support@meta-inf.hu then by sending the e-mail the User acknowledges the processing of his/her personal data. In order to be able to fulfill the customer service requests, certain personal data must be processed. Without these, the Service Provider will not be able to complete the User’s customer service request as the Service Provider would not be able to contact the User.

Scope of processed data

Purpose of processing

Ground for processing

Naming of the legitimate interest

Duration of processing

E-mail address

Identification, fulfillment of customer service requests

Performance of contract (Article 6 Section (1) Point b) of the GDPR)

-

In the event that the User has a valid license for any Atlassian Product until 31st December, of the second year following the year of expiry of the license, if the User did not have a valid license, then by 31st December of the year following the year in which the customer support request was resolved.

First and last name (only if it is provided in the User’s Atlassian account)

Identification, fulfillment of customer service requests

Performance of contract (Article 6 Section (1) Point b) of the GDPR)

-

In the event that the User has a valid license for any Atlassian Product until 31st December, of the second year following the year of expiry of the license, if the User did not have a valid license, then by 31st December of the year following the year in which the customer support request was resolved.

Phone number

Identification, fulfillment of customer service requests

Performance of contract (Article 6 Section (1) Point b) of the GDPR)

-

In the event that the User has a valid license for any Atlassian Product until 31st December, of the second year following the year of expiry of the license, if the User did not have a valid license, then by 31st December of the year following the year in which the customer support request was resolved.

The social media contact possibly shared by the User in the e-mail „signature”

-

Consent (Article 6 Section (1) Point a) of the GDPR)

-

Until the withdrawn of the consent but not later than a) the event that the User has a valid license for any Atlassian Product until 31st December, of the second year following the year of expiry of the license, b) if the User did not have a valid license, then by 31st December of the year following the year in which the customer support request was resolved.

The fact of reading the e-mail sent to the User, the date of reading, the date of the last reading and the number of openings

Sending feedback about the receipt of the message

Legitimate interest (Article 6 Section (1) Point f) of the GDPR)

Verification of the delivery of the response to the customer service request provided by the Us, tracking the fulfillment of the customer service requests, measuring the performance of the customer service

30 day from the evaluation of the campaign, but not later than a) In the event that the User has a valid license for any Atlassian Product until 31st December, of the second year following the year of expiry of the license, b) if the User did not have a valid license, then by 31st December of the year following the year in which the customer support request was resolved.

IV.1.9. Sending educational and marketing materials

Scope of data processed

Purpose of processing

Ground for processing

Duration of processing

First and last name

Sending educational materials related to the Service and if requested sending informational and marketing materials originating from User third parties related to useful applications and add-ons regarding the Atlassian system,

In connection with educational materials Performance of contract (Article 6 Section (1) Point b) of the GDPR)

 

In connection with marketing materials consent (Article 6 Section (1) Point a) of the GDPR)

In connection with the educational materials, the Service Provider processes the data until the User request for deletion.

 

In connection with the marketing materials, the Service Provider processes the data until the User request for deletion.

E-mail address

Sending educational materials related to the Service and if it is requested sending informational and marketing materials originating from Us or third parties related to useful applications and add-ons regarding the Atlassian system

In connection with educational materials Performance of contract (Article 6 Section (1) Point b) of the GDPR)

 

In connection with marketing materials consent (Article 6 Section (1) Point a) of the GDPR)

In connection with the educational materials, the Service Provider processes the data until the User request for deletion.

 

In connection with the marketing materials, the Service Provider processes the data until the User request for deletion.

 

If it is required, the User may request educational materials from the Service Provider related to the Service by providing the above data to the Service Provider through the Website. If the User chose this, the educational materials will be sent by e-mail to the e-mail address provided by the User not more than a few times a month. If the User does not wish to receive educational materials anymore later, he / she may request the Service Provider in e-mail to delete his / her data, in which case the Service Provider will no longer send such messages to the User.

If the User when requesting the educational materials expressly consents to it by ticking a separate checkbox, the Service Provider will send the User marketing materials related to the Service and its self-developed products, as well as the products and services of its partners, in addition to the educational materials. If the User no longer wishes to receive marketing content, his / her consent may be withdrawn in one of the ways indicated in Section VI. below.

IV.2.      Data processing related to the Service Provider’s “Vendor” activities

IV.2.1.   Using the software developed by the Service Provider

The Service Provider sells its software listed on the Atlassian Marketplace. Within this scope, the Service Provider will not process any personal data in connection with any software that runs in the hardware environment provided by the User because it does not have access to this software. In case of software that are only available in a cloud based version, the Service Provider shall be considered partly as controller and partly as processor with respect to the fact that it has no control over the data uploaded into the applications, however, the cloud-based software operates in a computing environment provided by the Service Provider, so that personal data contained therein is stored on the infrastructure provided by the Service Provider without any processing made by us. However, in addition, in some cases, the Service Provider performs processing in connection with the software, especially when the User logs in to his/her account through the domain provided for this purpose by the Service Provider. Within this scope, the Service Provider processes the following data:

Scope of processed data

Purpose of processing

Ground for processing

Naming of Legitimate interest

Duration of processing

IP address

Protection of the IT system and securing the Website

Legitimate interest (Article 6 Section (1) Point f) of the GDPR)

Protection of the IT system and securing the Website

for 90 days from the last use as latest

Atlassian account ID

Protection of the IT system and securing the Website

Legitimate interest (Article 6 Section (1) Point f) of the GDPR)

Protection of the IT system and securing the Website

for 90 days from the last use as latest

IV.2.3    License sales

IV.2.3.1. Processing of data related to the conclusion of contract

The Service Provider sells product keys related to different software pursuant to the provisions of the individual contract with the User, during which processing is performed only in respect of the personal data specified in the individual contract. In addition, if the User purchases the software developed by the Service Provider through Atlassian Marketplace, Atlassian will disclose certain personal data to us. In this regard, the Service Provider notes that this information is not provided to the Service Provider directly by the User, but transmitted by Atlassian Pty Ltd., which operates the Atlassian Marketplace, as follows:

Scope of processed data

Purpose of processing

Ground for processing

Duration of processing

E-mail address

Identification, contacting in connection with fulfillment of contractual obligation

Performance of contract (Article 6 Section (1) Point b) of the GDPR)

In case of concluding the contract directly until the fifth year following the last day of the year during which the contract was terminated, if the source of the data is Atlassian then until 31st December of the year following the year when Atlassian makes it unavailable

First and last name

Identification, contacting in connection with fulfillment of contractual obligation

Performance of contract (Article 6 Section (1) Point b) of the GDPR)

In case of concluding the contract directly until the fifth year following the last day of the year during which the contract was terminated, if the source of the data is Atlassian then until 31st December of the year following the year when Atlassian makes it unavailable

Phone number

Identification, contacting in connection with fulfillment of contractual obligation

Performance of contract (Article 6 Section (1) Point b) of the GDPR)

In case of concluding the contract directly until the fifth year following the last day of the year during which the contract was terminated, if the source of the data is Atlassian then until 31st December of the year following the year when Atlassian makes it unavailable

         

IV.2.3. Data migration

For Users who use a version of the software sold by the Service Provider that are running on the User's own servers (server / data center deployment), the Service Provider allows them to switch to the cloud deployment version of the software through a tool built into the software (Email This Issue Cloud Migration Assistant, a.k.a Migration Tool) to perform data migration. In case the User initiates the migration of the data stored in the software running on its own servers to the cloud-based servers, the data affected by the migration is stored on the servers of Atlassian for a duration of 2 weeks to which the Service Provider has reading access rights in order to facilitate the migration and to avoid data duplication, data error, data loss etc. and in order to avoid the need for the User to clean the data after the migration is completed.

During the migration the configuration data and the content of the Email Audit Log of the application named Email this Issue are affected.

The configuration data may contain the following personal data:

·    any data that the Migration Tool users with admin authorization may configure in the migration tool, including account connection details (e.g., passwords)

Of the configuration data affected by the migration, passwords and tokens are converted to an encrypted format during the migration, which means that they cannot be interpreted by third parties.

The audit log may contain the following personal data:

·   complete e-mail messages that include names, e-mail addresses, and any personal information that may be included in the e-mail message

The legal ground for data processing is the fulfillment of the contract between the User and the Service Provider. After the expiration of the 2 weeks period, Atlassian automatically deletes the stored data permanently and irrevocably, which also means the Service Provider’s rights to access also cease to exist.

IV.3.      Processing related to the Service Provider’s „Atlassian Solution Partner” activities

IV.3.1. Pre-contractual registration

If the User intends to use an Atlassian Solution Partner service (consulting, support, etc.) of the Service Provider in connection with software available via the Atlassian Marketplace, the Service Provider shall register the User and the User's representative with whom it negotiates for the purpose of concluding a contract in order to perform the contract between the Service Provider as an Atlassian Solution Partner and Atlassian Pty Ltd. As required by Atlassian, the Service Provider shall record the following information of the representative acting on behalf of the User in Atlassian Pty Ltd.'s system upon contact. By contacting the Service Provider, the User gives his/her consent to the Service Provider's transfer of the following data to Atlassian.

Scope of processed data

Purpose of processing

Ground for processing

Naming of Legitimate interest

Duration of processing

First and last name of the User’s contact person

Registration of the commencement of negotiations for using Atlassian Solution Partner Services

Legitimate interest (Article 6 Section (1) Point f) of the GDPR)

Performance of the contract and obligations between the Service Provider and Atlassian Pty Ltd., registration of the data required for the sale of the license

Until objection against the processing, but in order to enforce any claims, for a maximum period of 5 years from the date of registration, or 5 years from the conclusion of the contract in the case of a conclusion of a contract

E-mail address of the User’s contact person

Registration of the commencement of negotiations for using Atlassian Solution Partner Services

Legitimate interest (Article 6 Section (1) Point f) of the GDPR)

Performance of the contract and obligations between the Service Provider and Atlassian Pty Ltd., registration of the data required for the sale of the license

Until objection against the processing, but in order to enforce any claims, for a maximum period of 5 years from the date of registration, or 5 years from the conclusion of the contract in the case of a conclusion of a contract

Phone number of the User’s contact person

Registration of the commencement of negotiations for using Atlassian Solution Partner Services

Legitimate interest (Article 6 Section (1) Point f) of the GDPR)

Performance of the contract and obligations between the Service Provider and Atlassian Pty Ltd., registration of the data required for the sale of the license

Until objection against the processing, but in order to enforce any claims, for a maximum period of 5 years from the date of registration, or 5 years from the conclusion of the contract in the case of a conclusion of a contract

Position of the User’s contact person

Registration of the commencement of negotiations for using Atlassian Solution Partner Services

Legitimate interest (Article 6 Section (1) Point f) of the GDPR)

Performance of the contract and obligations between the Service Provider and Atlassian Pty Ltd., registration of the data required for the sale of the license

Until objection against the processing, but in order to enforce any claims, for a maximum period of 5 years from the date of registration, or 5 years from the conclusion of the contract in the case of a conclusion of a contract

IV.3.2.   Consulting and Support

IV.3.2.1. Processing of data related to the conclusion of contract

The Service Provider performs consulting and follow-up system monitoring activities for customers of various products sold by Atlassian Pty Ltd. under an individual order which aims to integrate Atlassian Pty Ltd.’s or third parties’ solutions into the User's IT system and that helps to find the appropriate software and includes their implementation and calibration. The Service Provider is able to perform this activity only if the User makes certain personal data available, as without this the Service Provider will not be able to carry out this activity undertaken in a separate agreement. The scope of data processed by the Service Provider in this regard are the following:

Scope of processed data

Purpose of processing

Ground for processing

Duration of processing

E-mail address

Identifying, contacting in connection with fulfillment of contractual obligation

Performance of contract (Article 6 Section (1) Point b) of the GDPR)

Until the last day of the 5th year following the year in which the contract was terminated

First and last name

Identifying, contacting in connection with fulfillment of contractual obligation

Performance of contract (Article 6 Section (1) Point b) of the GDPR)

 Until the last day of the 5th year following the year in which the contract was terminated

Phone number

Identifying, contacting in connection with fulfillment of contractual obligation

Performance of contract (Article 6 Section (1) Point b) of the GDPR)

 Until the last day of the 5th year following the year in which the contract was terminated

IV.3.2.2. Contract registration

If the User uses an Atlassian Solution Partner service (consulting, support, etc.) the Service Provider in in connection with the software available via the Atlassian Marketplace and a contract has been concluded between the parties, the Service Provider shall register the User and the User's representative with whom the contract has been concluded for the purpose of using the service in order to perform the contract between the Service Provider as Atlassian Solution Partner and Atlassian Pty Ltd. As required by Atlassian, the Service Provider shall register the following data of the representative acting on behalf of the User in Atlassian Pty Ltd.'s system after the conclusion of the contract.

Scope of processed data

Purpose of processing

Ground for processing

Naming of Legitimate interest

Duration of processing

First and last name of the User’s contact person

Registering the conclusion of a contract for Atlassian Solution Partner Services

Legitimate interest (Article 6 Section (1) Point f) of the GDPR)

Performance of the contract and obligations between the Service Provider and Atlassian Pty Ltd., registration of the data required for the sale of the license

Until objection against the processing, but in order to enforce any claims, for a maximum period of 5 years from the date the conclusion of the contract

E-mail address of the User’s contact person

Registering the conclusion of a contract for Atlassian Solution Partner Services

Legitimate interest (Article 6 Section (1) Point f) of the GDPR)

Performance of the contract and obligations between the Service Provider and Atlassian Pty Ltd., registration of the data required for the sale of the license

Until objection against the processing, but in order to enforce any claims, for a maximum period of 5 years from the date the conclusion of the contract

Phone number of the User’s contact person

Registering the conclusion of a contract for Atlassian Solution Partner Services

Legitimate interest (Article 6 Section (1) Point f) of the GDPR)

Performance of the contract and obligations between the Service Provider and Atlassian Pty Ltd., registration of the data required for the sale of the license

Until objection against the processing, but in order to enforce any claims, for a maximum period of 5 years from the date the conclusion of the contract

Position of the User’s contact person

Registering the conclusion of a contract for Atlassian Solution Partner Services

Legitimate interest (Article 6 Section (1) Point f) of the GDPR)

Performance of the contract and obligations between the Service Provider and Atlassian Pty Ltd., registration of the data required for the sale of the license

Until objection against the processing, but in order to enforce any claims, for a maximum period of 5 years from the date the conclusion of the contract

IV.3.3    Training 

The Service Provider uses a separate privacy policy for processing of data related to trainings which is available at: https://www.meta-inf.hu/legal-documents/trainings-privacy-policy Present Policy is only applicable regarding data processing in connection with the training if the privacy policy for training expressly provides so.

IV.3.4 Event organizing

The Service Provider uses a separate privacy policy for processing of data related to event organization which is available at: https://www.meta-inf.hu/legal-documents/event-privacy-policy Present Policy is only applicable regarding data processing in connection with the event organization if the privacy policy for event organization expressly provides so.

V.          What are cookies and why we use them?

Cookies are data packages that are sent by webservers to the User’s computer automatically, where they are stored – depending on the type of the cookie – for a definite period.

Cookies do not hold any security risk to the User’s computer or not cause any malfunction.

In order to ensure the smooth operation of the Website, certain cookies (known as session cookies) are automatically installed on the computer when the User visits the Website. The purpose of such cookies is to ensure the security of the Website, to preserve the data recorded on our online forms, to display multimedia content and to balance the traffic on the Website. Personal data collected using these cookies (in particular the IP address of the User’s computer) will be processed for our legitimate interest in the safe and smooth operation of the Website for the duration of the User’s stay on the Website. Closing the browser will automatically delete them from the computer.

With the User’s consent given on the Website, the following types of cookies may be installed on the computer for the following purposes:

  • Cookies for web analytical measurements and for statistical purposes (e.g., Google Analytics). These are important to us because the Service Provider is provided with information about the specific characteristics of the visitors (IP address, city, type of device, browser, operating system are they using, and what sub-pages the User have visited on our site). the Service Provider uses these data anonymized for statistics and reports to improve the Website and the marketing strategy.
  • Remarketing cookies (such as Google AdWords) allow us to analyze how the User uses the Website and, consequently, to display personalized content to the User, including advertising on online platforms outside our site (e.g., other websites or social media).

In addition, the Service Provider distinguishes between session-specific cookies and persistent cookies. A cookie valid for a single session only survives until the User closes the browser. Permanent cookies continue to live and are not automatically deleted when browser is closed. Why do they stay there and what's good about it? Well, such persistent cookies, for example, help to make the site run faster and remembering things that the User has set on the Website.

The User can manage cookies in the browser’s settings. How these settings are set depends on the type of the browser.

Further information may be found on cookie settings for the most popular browsers on the following links:

Google Chrome: https://support.google.com/chrome/answer/95647?hl=hu-hu&p=cpn_cookies   
Firefox: https://support.mozilla.org/hu/kb/sutik-informacio-amelyet-weboldalak-tarolnak-szami  
Internet Explorer / Edge: https://support.microsoft.com/hu-hu/help/17442/windows-internet-explorer-delete-manage-cookies   
Safari: https://support.apple.com/hu-hu/HT201265   

If the User has any further question regarding cookies, please contact the Service Provider at privacy@meta-inf.hu where its colleagues are more than happy to help.

Further information regarding the cookies used by the Service Provider can be found at https://www.meta-inf.hu/en/cookie-policy/

VI.         How can the User withdraws the consent if the ground for processing is based on consent?

If under present Policy the legal ground of processing is the data subject's i.e., the User's consent, then the User has the right to withdraw this consent. Depending on the purpose of processing there are many ways to do it. The consent given at browsing can be withdrawn at any time, free of charge and without limitation by revisiting the Website and clicking on the pop-up window. In addition, if the User does not have the possibility to withdraw the consent given this way, it can be withdrawn by sending a message to privacy@meta-inf.hu or in case of newsletter subscription by clicking on the "Unsubscribe" button at the bottom of the email or by sending a letter to the Service Provider's headquarters address.

Please note that the withdrawal of consent does not affect the legality of the processing prior to the withdrawal.

VII.       Where and how my personal data is stored?

All personal data is stored electronically on trusted secure servers. The data which is stored by the Service Provider is either on a server located within the European Union or on a server of a processor who is properly certified in relation to the processing of personal data.

The Service Provider ensures the protection of data on several levels (physically, technically, and organizationally), which in each case comply with industry standards.

Notwithstanding the above, the Service Provider shall not be liable for any damage, destruction, or unauthorized access to the data in the event of technical error, natural disaster, terrorist or criminal act.

VIII.      What rights do the User has in connection with processing personal data?

Request for information (right to access): the User may request information about the processing of the collected personal data at any time, either in person, at the Service Provider’s registered seat address, in writing by sending a registered letter or by email to privacy@meta-inf.hu.

Pursuant to Article 15 Section (1) of the GDPR, a request may include information on the data processed, their source, purpose, legal ground, duration, name and address of any processor, processing activities and the User’s rights in relation to processing. In the case of data transfer, to whom and for what purpose thedata have been or will be transferred.

A request for information is considered authentic if the User is clearly identified by the Service Provider. If the request is sent by e-mail or post, only the e-mail sent from the User’s registered e-mail address will be considered as authentic, and the Service Provider will only be able to send information to the postal address registered by it. Unless the User voluntarily verify the identity otherwise thereof, the Service Provider will not be able to send information to an e-mail address or postal address that is not registered in its records in order to protect the User’s privacy.

Rectification: The User may at any time request the rectification, modification, or amendment of the collected data in the same manner described above. The Service Provider can also do this only on the basis of a request from a credible source presented when submitting the request.

Restriction: The User may request that the Service Provider restricts the processing of the personal information in particular if:

a) The User argues the accuracy of the personal data we process. In this case, the limitation refers to the period during which the accuracy of the data is checked.

b) Although the legal ground for processing does not stand for us, but the User is requesting the Service Provider in writing to keep them for the purpose of filing, asserting, or defending any legal claim the User may have

Objection: If the Service Provider process the User’s personal data on the ground of legitimate interest, the User may at any time object to the processing of the Users personal data. In such cases, the Service Provider will review the legality of the objection and, if it is well established, the Service Provider terminate the processing of data and notify anyone to whom the personal data subject to the objection may have been previously transmitted.

Deletion (“Right to be forgotten”): The User may request the deletion of the User’s personal data at any time for any of the reasons set out in Article 17 Section (1) of the GDPR.

The Service Provider may refuse deletion if the processing of the User’s personal data is required by law or if it is necessary to enforce the legal claims. The Service Provider will always inform the User about the refusal of the request for deletion. Once it is deleted, the data cannot be recovered.

Transfer of Personal Data (Portability): The User may at any time request to transfer the data processed in connection with the User in a structured, widely used, machine-readable format to the User or to another controller.

The Service Provider kindly ask the User not to exercise the above rights improperly, but only if it has a real ground or if any of the conditions set out in the GDPR actually exist.

IX.         To whom we transfer personal data and who has right to access them?

The -User’s personal data is kept confidential and will not be disclosed to any third party except as provided below.

IX.1. Transmission of data related to the sending of newsletters, system messages and educational or marketing materials, messages in connection with consultancy and licensing and data storage, processing of data provided on website forms

If the User subscribed to our newsletter, either voluntarily or by using one of the Service Provider paid or free apps, furthermore if the User chose to use the services detailed in Section IV.1.9. above and if the User uses the Service Provider's consultancy or license sales services or fill any of the forms on the Service Provider's website the Service Provider will forward the User’s email address and other date provided by the user (e.g. on the form) to its processing partner. This processor is HubSpot a provider of cloud-based case management, forms and customer relationship management services through which the Service Provider sends system messages, eDMs and newsletters related to the operation of the Service and forms and contact details are recorded and managed.

HubSpot may not use the e-mail address or other data provided for any purpose other than the performance of its task or make any personal decision about it.

Contact details of the processor:

Name: HubSpot Ireland Limited

Address: Hubspot House, 1 Sir John Rogerson's Quay, Dublin Docklands, Dublin, D02 CR67, Ireland

Registration number: IE515723

Email: privacy@hubspot.com

Phone: +353 1 5187500

Represented by: Christian Kinnear director

Contact details of the DPO: https://preferences.hubspot.com/privacy

(hereinafter referred to as “Hubspot”)

If Hubspot transfers any data outside of the European Union, for example to its parent company HubSpot Inc., (seat: 25 First Street, 2nd Floor, Cambridge, MA 02141, USA, registration number number: 000955519, represented by: Brian Halligan director), the User’s email address and other data is protected in the same level as in Europe, in light of the European Commission's adequacy decision for EU-US data flows.

Hubspot’s privacy related documents may be found at the following links:

https://legal.hubspot.com/privacy-policy      

https://www.hubspot.com/data-privacy/gdpr/product-readiness     

IX.2. Fulfilling customer service requests through the JIRA cloud application or within the scope our “Vendor” activities in case of consulting

If the User is using the cloud-based version of the JIRA Service Management application (in connection with customer support) in connection with the software developed by the Service Provider, then in the case of customer service requests or in case of providing consultancy services, the Service Provider’s data processing partner is:

Name: Atlassian B.V. c / o Atlassian, Inc.

Address: 350 Bush Street San Francisco, CA 94104 USA

Email: eudatarep@atlassian.com

(hereinafter referred to as “Atlassian”)

Atlassian may not use the data detailed above for any purpose other than the performance of its task or make any personal decision regarding the personal data.

The Atlassian’s privacy policy is available at: https://www.atlassian.com/legal/privacy-policy

Atlassian also takes all reasonable efforts to ensure the protection of personal data as provided by the GDPR, so Atlassian has also complied with the provisions of the SCC. The data processing addendum regarding Atlassian’s compliance with SCC can be downloaded from the following link: https://www.atlassian.com/legal/data-processing-addendum       

IX.3.      In connection with software developed by the Service Provider:

The software developed by the Service Provider are stored at and operated from external servers, therefore if the User use them – depending on the used software – we use the services of the following server providers as processors:

IX.3.1.   Amazon Web Services

The Service Provider stores and operates particular software through Amazon Web Services a cloud-based webserver which may be reached at:

Name: Amazon Web Services, Inc.

Registered seat: 410 Terry Avenue North, Seattle, WA 98109-5210, USA

E-mail: EU-privacy-DSR@amazon.com  

Phone number: +1-206-266-1000

Represented by Eva Gehlin and Barbara Scarafia directors

European server locations: London, Frankfurt, Stockholm, Paris, Dublin

(hereinafter as: “Amazon”)

Although the Service Provider use the servers of Amazon located outside the territory of the European Union, namely in the United States the User’s data is still secure and protected by the provisions of the GDPR, with respect to the European Commission’s adequacy decision for EU-US data flows.

Amazon ensures the protection of data on multiple levels, physically protecting data storage servers, its infrastructure through uninterruptible power supplies and other advanced tools, limiting access to data, continuous monitoring of its system, encryption, and finally, environmentally selecting data center locations, because Amazon set up its data centers in places where it is not exposed to nature, such as seismic activity. More information about Amazon's security solutions is available at https://aws.amazon.com/compliance/data-center/data-centers/

Amazon’s general privacy policy can be reached at: https://aws.amazon.com/privacy/

 IX.3.2.  Datadog

The Service Provider monitors the software and data stored at and maintained from external servers by using a third-party service named Datadog, which may be contacted at:

Name: Datadog, Inc.

Registered seat: 620 8th Avenue 45th Floor New York, NY, USA

E-mail: gdpr@datadoghq.com

Phone number +1-866-329-4466

Represented by Olivier Pomel director

(hereinafter as: “Datadog”)

Datadog’s privacy policy can be reached at: https://www.datadoghq.com/legal/privacy/

IX.3.3. Hetzner

Furthermore, the Service Provider use the server providing services of Hetzner which servers are located within the European Union. Hetzner may be reached at:

Name:  Hetzner Online GmbH

Registered seat: Industriestr. 25, 91710 Gunzenhausen, Germany

Company Ansbach, HRB 6089

E-mail: info@hetzner.com  

Phone number:  +49 9831 505-0

Represented by: Martin Hetzner, managing director

(hereinafter as: “Hetzner”)

Hetzner’s privacy policy shall be reached through this link: https://www.hetzner.com/legal/privacy-policy

IX.4.      Correspondence (e-mail)

IX.4.1. Sending and receiving e-mails

The Service Provider uses Gmail a product of Google Inc. to manage correspondence by e-mail.

Name: Google Ireland Ltd

Registered seat: Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Location of Servers: Dublin, Ireland

(hereinafter as: “Google”)

Google processes EU related data within the territory of the European Union through its servers located in Dublin, Ireland. Google may not access, modify, delete, use, or otherwise manipulate user related data stored on the server provided by Google. If, for any reason, Google processes personal data outside the European Union, it will provide adequate protection in accordance with the provisions of the GDPR as a result of being subject to the SCC code of conduct. Learn more at https://policies.google.com/privacy/frameworks

Google provides the protection of data on multiple levels, such as physically protecting data storage servers, which are secured and supervised by security guards and technicians, it restricts access to server rooms by its employees and by providing uninterruptible power supply and other state-of-the-art infrastructure, restricting access to data, continuously monitoring its system, encryption, and firewall protection. The Google Privacy Policy is available at https://policies.google.com/privacy

IX.4.2. Tracking the receipt of e-mails

If under the provisions of present Policy, the Service Provider tracks the delivery of messages, it uses the services of an external service provider called Mailtrack as a data processor, the contact details of which are as follows:

Name: The Mail Track Company S.L.
Address: Calle Córcega, número 301, ático 2a, 08008 Barcelona, Spain

Registration number: B66095670

E-mail: privacy@mailtrack.io 

Phone number: +1 678 999 0141

Represented by: Eduardo Manchón director

Web: https://mailtrack.io/en/

(hereinafter as: “Mailtrack”)

Mailtrack is a data processor residing within the European Union, in Spain, therefore it shall comply with the provisions of the GDPR.

More information on Mailtrack’s data processing is available at: https://mailtrack.io/en/privacy

IX.5.      In connection with „Solution Partner” related activities:

IX.5.1.   Hetzner

In connection with its „Solution Partner” related activities the Service Provider use the services of Hetzner introduced in Section IX.3.3.

IX.5.2.   Office365

In connection with its „Solution Partner” related activities the Service Provider also use Office 365 by Microsoft Corporation to share documents and educational materials etc. with the User. In connection with Office 365 the processor is:

Name: Microsoft Ireland Operations Limited

Registered seat: One Microsoft Place, South County Business Park, Leopardstown, Dublin 18., Ireland

Online contacting form: https://privacy.microsoft.com/en-us/privacy-questions

Phone number: +353-1-706-3117

Represented by Satya Nadella director

(hereinafter as: “Microsoft”)

Microsoft process the data of people living within the territory of the European Union within the EU in Ireland. It may occur that Microsoft transmits data to its parent company Microsoft Corporation however these are in compliance with the effective privacy regulations with respect to the above reasons.

Privacy related materials of Microsoft may be reached at:

https://privacy.microsoft.com/hu-hu   

https://privacy.microsoft.com/en-us/privacystatement    

https://support.office.com/hu-hu/article/az-adatvédelmi-beáll%C3%ADtások-megtekintése-a-microsoft-office-adatvédelmi-központjában-d672876e-20d3-4ad3-a178-343d044e05c8?omkt=hu-HU&ui=hu-HU&rs=hu-HU&ad=HU

IX.6.      In connection with the Website:

In connection with the maintenance of the Website the Service Provider use the services of Amazon Web Services introduced in Section IX.3.1.

IX.7.      In connection with invoicing

The Service Provider issues its invoices with one of Hungary's largest online billing system, http://szamlazz.hu . If the User provides his/her own data as billing data, then as described above, since it is considered as personal data it is subject to processing by the Service Provider. Operator of http://szamlazz.hu  website as our processing partner is:

Name: http://KBOSS.hu  Kereskedelmi és Szolgáltató Kft.

Registered seat: 1031 Budapest, Záhony utca 7., Hungary

Company registration number: 01-09-303201

E-mail address: info@szamlazz.hu

Represented by: Balázs Ángyán managing director

(hereinafter as: „KBOSS”)

KBOSS has a privacy policy complying with the GDPR which is available at: https://www.szamlazz.hu/adatvedelem/

X.          What third-party social media plug-ins may be found on the Website?

To receive feedback on the contents we share on the Website and to share them we use socal media sites meaning the Service Provider uses the services (plugins) of third-party providers. The plugins are only active when the User specifically click on the button to allow them to contact social media sites. The plugins of the following two social media sites can be found on the Service Provider’s website: Facebook, Twitter, LinkedIn, Meetup, YouTube

If the User is logged in to any of these sites, it may occur that the User’s visit on the site will be attached to the User’s personal profile. If the User clicks on the specific button, the User’s browser will forward the relevant information directly to that social media site and store them there.

Information about the scope and purpose of the data collected, further processing of the User’s data and use of the User’s data by the social media provider, and the User’s rights regarding personal data can be found in privacy statements of the social media providers, which are available at:

Facebook: https://www.facebook.com/policy.php

Twitter: https://twitter.com/en/privacy   

LinkedIn: https://www.linkedin.com/legal/privacy-policy

Meetup: https://www.meetup.com/privacy/

YouTube: https://policies.google.com/privacy

XI.         To whom and in what cases are the Service Provider is obliged to disclose personal data?

The Service Provider may be requested to disclose personal data it processes to authorities in response to legal requests, like search warrants, court orders, production orders or subpoenas. These requests come from third parties such as civil litigants, law enforcement and other government authorities. The Service Provider discloses data in accordance with applicable law, the Service Provider cannot be held liable for any such transfer or any resulting consequences. The Service Provider will always inform the User about the transfer if it is not prohibited by law or by the requester authority.

XII.       What are the responsibilities regarding the personal data the User provides?

When the User provides to the Service Provider personal data, the User is responsible for ensuring that the information and contributions are true and correct.

The Service Provider asks the User to provide third-party data only if specifically authorized to do so by the third party. The Service Provider assumes no liability for any resulting claims.

If a third-party object the processing of personal data by credibly verifying its identity, the Service Provider will immediately delete third-party data without notifying. The User is requested to only provide third-party personal data only if the User has informed the third party of the availability of this Policy.

XIII.     Management of Personal data breach

Personal data breach – except that is unlikely to result in a risk to the effected person – may occur will be reported to the supervisory authority within 72 hours from becoming known to us in accordance with the law, and we will also maintain records of any breach that may occur. In the cases specified by law, we also inform users concerned.

XIV.      Data Protection Officer (DPO)

Pursuant to Article 37 of the GDPR appointment of a DPO is mandatory if:

a) the processing is carried out by a public authority or body, except for courts acting in their judicial capacity.

b) the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or

c) the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 and personal data relating to criminal convictions and offences referred to in Article 10.

With respect to that the Service Provider is not subject to any of the clauses above and because there is no other compelling reason to appoint a DPO we are not appointing anyone for this position.

XV.       Amendment of the Privacy Policy

If the scope of the processed data, the legal ground of the processing or other circumstances change, this Policy will be amended and published in accordance with the provisions of the GDPR and the User will be notified of such change given that the changes will become effective from the following day of publication, through our Website. Please be sure to read the Policy changes carefully as they contain important information about the processing of the personal data.

XVI.      To whom the User can turn to for information regarding the User’s personal data or to exercise the rights?

If the User has any questions, please contact us by email privacy@meta-inf.hu, phone +36 30 515 4464 or at 1117 Budapest, Irinyi József utca 4-20. B. ép. 3. em., Hungary

The User is entitled to exercise the rights related to the processing of personal data against the Service Provider as controller. If the User wish to exercise such rights, the User must first notify the Service Provider.

If the User feels that the rights have been violated, the User can complain to the National Authority for Privacy and Freedom of Information:

Name: National Authority for Privacy and Freedom of Information

Address: 1055 Budapest, Falk Miksa utca 9-11., Hungary

Mailing address: 1363 Budapest, PO box: 9., Hungary

Phone: +36 1 391 1400

E-mail: ugyfelszolgalat@naih.hu

Website: http://www.naih.hu

In the event of a dispute arising out of or in connection with this the present Privacy Policy, its breach, validity or interpretation, the User may bring the dispute to the competent court under Act CXXX of 2016 on the Code of Civil Procedure (Code of Civil Procedure):

Name: Budapest District Court for the XVIII. and XIX. Districts

Name: Budapest District Court for the XVIII. and XIX. Districts
Address: 1191 Budapest, Kossuth tér 7/9., Hungary
Mailing address: 1703 Budapest, PO Box. 4., Hungary
Phone: +3613574333
E-mail: kispest.elnokseg@birosag.hu
Website: https://fovarositorvenyszek.birosag.hu/jarasbirosagok/budapesti-xviii-es-xix-keruleti-birosag