data privacy policy

1. INTRODUCTION

 The primary users and intended audience of the corporate website, product portals (collectively: Web portals), as well as software solutions, software services, online applications, related support and documentation systems (collectively: Solutions) of SPOT Consulting & Services Ltd. are not individuals, natural persons. The software and solutions are designed for business users, and websites and product portals publish information about the services offered to businesses (B2B). When contacting and registering on the website and product portal, it is necessary to provide real company information. The use of software solutions, software services, online applications, support and documentation systems is possible within the framework of a service contract. 

SPOT Consulting & Services Ltd. (Registered office: 1115 Budapest, Keveháza utca 1-3.; email: contact@spot.solutions, telephone number: +36 1 279 09 89, hereinafter: Service Provider) respects the right of its customers to information self-determination, treats personal data confidentially and takes all security, technical and organizational measures that guarantee the security of the data. The Service Provider handles the personal data obtained during the use of the Web Portals and Solutions in accordance with the requirements specified in this Data Privacy Policy and the applicable legislation.

In developing this Data Privacy Policy and data management regulations, the Service Provider has taken into account the provisions of Regulation CXII of 2011 of the European Parliament and of the Council (EU) 2016/679 (“General Data Protection Regulation” or “GDPR”) on the right to information self-determination and freedom of information. (“Infotv.”), Act V of 2013 on the Civil Code (“Ptk.”).

This Data Privacy Policy applies only to the Web Portals, contains the definition of the registered and managed data, the method of use, details, and the related rights of the data subjects.

Our contracted partners are eligible to use the Solutions. Depending on the type of contract, the Data Privacy Policy related to the Solutions that can be used by our contracted partners is attached to it (Data Management Clause in the contracts concluded by the company) or part of the General Terms and Conditions (GTC).

2. DEFINITIONS

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); identifies a natural person who, directly or indirectly, in particular by reference to an identifier such as name, number, location, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable;

“Data processing” means any operation or set of operations on personal data or files, whether automated or non-automated, such as the collection, recording, systematisation, sorting, storage, transformation or alteration, retrieval, consultation, use, communication, transmission or otherwise harmonization or interconnection, restriction, deletion or destruction;

“Restriction of data processing” means the marking of stored personal data with the aim of limiting their future processing;

“Controller” means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or specific criteria for the designation of the controller may also be determined by Union or Member State law;

“Processor” means any natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;

“Third party” means any natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who are authorized to process personal data under the direct control of the controller or processor; they got;

“Consent of the data subject” means a voluntary, specific and well-informed and unambiguous statement of the will of the data subject, by which he or she indicates his or her consent to the processing of personal data concerning him or her by means of a statement or unambiguous statement;

“Data protection incident” means a security breach resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data which have been transmitted, stored or otherwise handled.

3. DATA MANAGED BY THE SERVICE PROVIDER

Common rules for data management:

The duration of data processing always depends on the specific purpose of use, but the data must be deleted immediately if the original purpose has already been achieved and there are no other legal obstacles. Your consent to the processing may be withdrawn at any time by the data subject. If there is no legal impediment to the deletion, then your data will be deleted.

 The user can give his / her data management consent (in case of voluntary consent) by intentionally ticking the empty checkbox on the Web Portal and specifically for this purpose.

The User may request the Service Provider to access, correct, delete or restrict the processing of personal data concerning him or her and to object to the processing of such personal data.

 The user may withdraw his consent to the processing of data at any time, but this does not affect the lawfulness of the data processing carried out on the basis of the consent before the withdrawal.

The User is entitled to correct or supplement inaccurate personal data concerning him / her at his / her request without undue delay.

 The User is entitled to delete inaccurate personal data concerning him / her without undue delay at his / her request, and the Service Provider is obliged to delete personal data concerning the user without undue delay, unless there is another legal basis for data management.

 Modification or deletion of personal data may be initiated by e-mail, telephone or using the contact details provided in this information.

 The user may exercise the right to lodge a complaint with the supervisory authority and to go to court.

Registration & contact form on the Web Portals

 On the Service Provider’s website and product portals, the natural person who contacts or registers with the help of the form may give his / her consent to the processing of his / her personal data based on consent by ticking the relevant box. Consent is not formally binding, but subsequent proof requires electronic written consent. It is considered to be a definite voluntary contribution if the data subject ticks the appropriate box on the website maintained by the controller. Acceptance of a pre-selected control window or passive tolerance does not constitute consent. Consent means consent to the processing of data for the purpose of a data processing, so that if the controller has several data processing purposes, the consent of the data subject must be obtained separately.

Purpose of data management: To perform the services provided on the website.

 Legal basis for data processing: consent of the data subject

 Data processed: data covered by the consent; natural person’s name (surname, first name), address, telephone number, e-mail address, online identifier (if established)

 Responsible and recipients of the data: customer service manager, employee

 Duration of data management: until the registration / service exists, the period specified in the consent or revocation

 Place and method of data storage: electronically in SPOT Kft.’s own HELM / SPOT CRM system

4. DATA PROCESSING

 As data controllers, we use the data processors indicated below to perform their activities. The data processors do not make an independent decision, they are only entitled to act in accordance with the contract concluded with the data controller and the instructions of the data controller. Data processors make a declaration to the Data Controllers about the data management and processing in accordance with the GDPR and the Data Controller monitors their activities. Data processors are only entitled to use an additional data processor with the prior consent of the data controller.

 Website operator:

 Bluehost Inc. 10 Corporate Dr Suite # 300, Burlington, MA 01803, United States

 (https://www.bluehost.com/)

 5. USER RIGHTS AND ENFORCEMENT

 The Service Provider declares that it handles personal data in accordance with the provisions of the Data Privacy Policy and complies with the provisions of the relevant legal regulations, paying special attention to the following:

  The processing of personal data must be carried out lawfully and fairly and in a way that is transparent to the data subject (principle of lawfulness, fairness and transparency).

 Personal data may only be collected for a specific, clear and legitimate purpose (purpose limitation).

 The purpose of the processing of personal data should be appropriate and relevant and only to the extent necessary (principle of data protection).

 Personal information must be accurate and up to date. Inaccurate personal data must be deleted immediately (principle of accuracy).

  Personal data must be stored in such a way as to enable identification of data subjects only for as long as is necessary. Personal data may be stored for a longer period only if the storage is for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes (principle of limited storage).

 The processing of personal data must be carried out in such a way as to ensure adequate security of the personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage (integrity and confidentiality), using appropriate technical or organizational measures.

 The principles of data protection shall apply to all information concerning an identified or identifiable natural person.

5.1. Right to information

 The data subject is entitled to request information about the personal data processed by the Service Provider at any time. At the request of the data subject, the Service Provider shall provide information on the data processed by him or her, the purpose, legal basis and duration of the data processing, as well as on who and for what purpose receives or has received his or her data.

 The Service Provider shall provide the requested information in writing within 30 days from the submission of the request.

 The data subject may contact the Service Provider’s employee with any questions or remarks related to data management via the contact details indicated below.

5.2. Correction and deletion

 The data subject has the right at any time to request the correction or deletion of incorrectly recorded data at one of the contact details indicated below.

 The Service Provider deletes the data within 3 working days from the receipt of the request, in which case they will not be recoverable. The cancellation does not apply to the data processing required by law (eg accounting regulations), the Service Provider will keep them for the required period of time.

 The data subject may also request that his data be blocked. The Service Provider shall block the personal data if the data subject so requests or if, on the basis of the information available to him or her, it can be presumed that the deletion would harm the data subject’s legitimate interests. Personal data blocked in this way may only be processed for as long as the purpose of the data processing, which precluded the deletion of personal data, exists.

 The rectification, blocking and erasure shall be notified to the data subject and to all persons to whom the data have previously been transmitted for the purpose of data processing, unless this proves impossible or requires a disproportionate effort. The notification may be omitted if it does not harm the legitimate interests of the data subject in view of the purpose of the processing.

 If the Service Provider does not comply with the relevant request for rectification, blocking or deletion, it shall notify the factual and legal reasons for rejecting the request for rectification, blocking or deletion in writing within 30 days of receipt of the request.

5.3. Protest against data processing

The data subject may object to the processing of his or her personal data. The Service Provider shall examine the protest within the shortest time from the submission of the application, but not later than within 15 days, make a decision on the merits of the application and inform the applicant of its decision in writing.

5.4. Enforcement

The data subject has the opportunity to notify our company in case of illegal data processing, in which case we will make all reasonable efforts to restore the legal status.

If the data subject considers that the legal situation cannot be restored, he may notify the authority at the following contact details:

National Data Protection and Freedom of Information Authority

Postal address: 1530 Budapest, Pf .: 5.

Address: 1125 Budapest, Szilágyi Erzsébet avenue 22 / c.

Phone: +36 (1) 391-1400

Fax: +36 (1) 391-1410

email: ugyfelszolgalat@naih.hu

Website: https://naih.hu

You can also go to the court concerned if your rights are violated. The court is acting out of turn in the case. You may also choose to bring an action before the court having jurisdiction over your place of residence or stay.

6. DATA STORAGE, DATA SECURITY

The Service Provider’s computer systems and other data storage locations are located at its headquarters, as well as on its servers, leased infrastructure and platforms located in the server center.

The Service Provider selects and operates the IT tools used for the management of personal data during the provision of the service in such a way that the managed data:

       accessible only to those authorized to do so;

       its authenticity and authentication are ensured;

       its invariability can be justified;

       be protected against unauthorized access.

The Service Provider shall protect the data by appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction, damage and inaccessibility due to changes in the technology used.

In view of the current state of the art, the Service Provider shall ensure the protection of the security of data management with technical, organizational and organizational measures that provide a level of protection appropriate to the risks related to data management.

At the same time, we inform those concerned that electronic messages transmitted over the Internet, regardless of protocol (email, web, ftp, etc.), are vulnerable to network threats that lead to unfair activity, contract disputes, or the disclosure or modification of information. In order to protect against such threats, the Service Provider shall take all precautionary measures expected of it.

If a possible data protection incident within the Service Provider’s system is likely to pose a high risk to the rights and freedoms of natural persons, the data controller shall inform the data subject of the data protection incident without undue delay.

7. COOKIE, WEB PORTAL ANALYSIS

During visits to the websites www.spot.solutions, www.praecisio.solutions, www.helmforce.com, the Service Provider sends one or more cookies (so-called cookies), which are data files containing a unique identifier, to the visitor’s computer, which ( ek) will make its browser uniquely identifiable. These cookies are sent to the visitor’s computer only when certain sub-pages are visited, so we only store the fact and time of the visit to the given sub-page, not any other information.

The use of cookies sent in this way is as follows: external service providers, including Google, store these cookies if the User has previously visited the Service Provider’s websites.

If the User does not want Google or other service providers to measure the above data in the manner and for the purpose described, install a blocking add-on in their browser.

The “Help” feature in the menu bar of most browsers provides information about the browser

       how to disable cookies

       how to accept new cookies, or

       how to instruct your browser to set a new cookie, or

       how to turn off other cookies.

We use Google Analytics in the operation and maintenance of our websites. Google Analytics uses internal cookies to generate reports for its customers about the habits of users of the website.

On behalf of the website operator, Google uses the information to evaluate how users use the website. As an additional service, it prepares reports related to the activity of the website for the website operator in order to perform the additional services. The data is stored in an encrypted format on Google’s servers to make it more difficult and prevent data misuse.

 Here’s how to disable Google Analytics (quote from this page):

 Website users who do not want Google Analytics to report JavaScript on their data can install the Google Analytics Disable Browser Add-on. The plugin prohibits Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sending information to Google Analytics. The browser extension can be used in most newer browsers. The Google Analytics Disable Browser Add-on does not prevent data from being sent to the site itself and other web analytics services. (https://support.google.com/analytics/answer/6004245?hl=en_US)

 Google’s Privacy Policy: https://policies.google.com/privacy?hl=en_US

 Information on the use and protection of the data can be found in detail at the links above. Privacy in detail: https://static.googleusercontent.com/media/www.google.com/en//intl/en/policies/privacy/google_privacy_policy_en.pdf

8. PRIVACY INCIDENT

 In the event of a data protection incident, it will be reported to the supervisory authority within 72 hours of becoming aware of it. If required by law, all affected users will also be notified of the incident.

9. CONTACT

If you have any comments, questions or problems with our company, data management or when using our services, you can contact us at the contact details on our website.

Company name: SPOT Consulting & Services Ltd.

Address: 1115 Budapest, Keveháza utca 1-3.

Email: contact@spot.solutions

Phone: +36 1 279 09 89

10. OTHER

We reserve the right to unilaterally amend this privacy statement with notice to those concerned.

We do not verify the personal information you provide on the Web Portals. The person who provided the data is solely responsible for the accuracy of the information provided. By providing the e-mail address of any of the persons concerned, it is also responsible for ensuring that only he / she uses the service from the e-mail address provided.

We inform our clients that, based on the authorization of the investigating authority, the National Data Protection and Freedom of Information Authority, or other bodies, they may contact the Service Provider in order to provide information, communicate, transfer or make available documents.

Budapest, May 15, 2018.

Copyright @ SPOT Consulting & Services Ltd. 2019

Copyright @ SPOT Consulting & Services Ltd. 2019