Data Privacy Policy

Pursuant to the effective Hungarian regulations as well as Regulation No 2016/679 of the European Parliament and the Council (hereinafter: Regulation) you are voluntarily consenting to MultiSoft Ltd. (seat: 1115 Budapest, Bartók Béla út 105-113.; Company Registration Number: 01-09-161858; Data Protection Register Number: NAIH-83380/2015., NAIH-129040/2017., NAIH-112080/2017; email address: adatkezeles@multisoft.hu) – hereinafter: “MultiSoft Ltd.” or “Data Controller”, upon registering on their website, submitting a Contact form, or subscribing to the newsletter of MultiSoft Kft. (hereinafter: newsletter), to handle your personal data for data processing purposes specified under section 5 in compliance with the referred legal provisions.

This privacy policy and information (hereinafter: “Privacy Policy”) contains the rules for data processing in compliance with the provisions of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: “Info Act”) regarding the personal data processing of natural person users of websites operated by the data controller, at http://www.multisoft.hu, and at the addresses specified therein (hereinafter: “User”), specified in this Privacy Policy, as well as the data privacy information for Users.

Please note that legal ground for data processing is your voluntary consent to such data processing. You have the right to revoke your consent to your data being processed at any time, to request information on your data being processed at any time, as well as to request rectification or deletion of your data, (cessation of data processing) for the purposes, or for some of the purposes outlined below in writing in a letter sent to “1115 Budapest, Bartók Béla út 105-113.“ or to the email address adatkezeles@multisoft.hu.

You should be especially aware that the User has the right to object to processing his or her data for direct marketing purposes in a letter sent to “1115 Budapest, Bartók Béla út 105-113.“ or to adatkezeles@multisoft.hu.

While registering on the webpage of Data Controller, submitting the Contact form, or signing up for the newsletter, the personal data entered by the User will be processed by the Data Controller until such consent is revoked by the User.

Detailed information on Users’ rights is provided under Section 9 of this Data Privacy Policy, whilst on the options of enforcing rights Section 10 of this Data Privacy Policy contains detailed explanation.

Withdrawing consent to data processing will not affect the legality of data processed until that time.

The Data Controller will not be liable for the authenticity of the data you provided.

Data Protection Register Numbers: NAIH-83380/2015., NAIH-129040/2017., NAIH-112080/2017;

1. GENERAL PROVISIONS

The Data Controller shall process the personal information of Users based on this Privacy Policy, taking into account all information by the authority in charge of data privacy (currently: National Data Protection and Freedom of Information Authority, seated at 1125, Budapest, Szilágyi Erzsébet fasor 22/C, and its website: www.naih.hu,) as well as the published judicial approach in this subject matter. By submitting the Contact form or signing up for the newsletter, User expressly and voluntarily consents to data processing by Data Controller in compliance with the Data Privacy Policy. Please also see Section 4; (User’s Declaration) to familiarise yourself with your declarations made upon accepting this Privacy Policy.

2. AMENDMENT

Data Controller maintains the right to make unilateral amendments to this Privacy Policy by providing notice thereof to Users through their Website. The updated Privacy Policy will be posted on the website by the Data Controller no later than five (5) days before such updated Privacy Policy comes into force. The Data Controller may send a notice about the changes to this Privacy Policy to registered users of the Website through the user account available on the Website (hereinafter: User Account) or for both registered or unregistered Users via any of the options provided upon registration or upon using the website no later than five (5) days before the updated Privacy Policy comes into force. User declares to consent to keeping contact using the User Account, or the options provided by him/her, upon registration or upon using the Website.

3. PURPOSE OF DATA PRIVACY POLICY

The purpose of this Data Privacy Policy is

– to facilitate the enforcement of regulations on data protection;

– to specify the User’s scope of personal data processed by the Data Controller under Section 6, the method of data handling, respecting the privacy of natural person Users in compliance with other regulations, fulfilling the requirements of data protection and data safety.

– before starting data processing to inform Users on the identity of the Data Controller, the purpose, the duration and legal ground for data collection, as well as the options and ways to enforce User rights relating to data management, and;

– to prevent any unauthorised access to, alteration or unlawful disclosure or use of User’s personal data.

4. DECLARATION BY USER

User, by giving consent upon registering and/or signing up for the newsletter and/or submitting the Contact form, confirms having fully read this Privacy Policy, as well as to acknowledge the provisions thereof to be binding on him or herself, and voluntarily, in full awareness and definitively consents to the Data Controller managing the personal data specified in the Privacy Policy for data processing purposes specified therein – i.e. for all purposes outlined in the Privacy Policy – in compliance with the provisions of this Privacy Policy.

By registering and/or signing up for the newsletter and/or submitting the Contact form, User consents to the Data Controller managing the personal and other data voluntarily provided for the purposes outlined in Section 5, at the same time, consents to the use of his or her name and access data (email address, telephone number, residential address) for continuous, as well as for repeated contact.

The User declares that the information provided during registration is true and that it does not constitute a breach of personal or other rights, nor legally protected rights of third parties.

5. DATA PROCESSING OBJECTIVES

Management of the Users’ personal information will be carried out for:

– the use, provision, maintenance, protection of services offered through the website by the Data Controller (hereinafter: “Services”);

– further development of Services, as well as the development of new services;

– protection of the Data Controller and the User;

– for the preparation and completion of activities by the Data Controller with regard to the Services, specifically including the display of contents posted on the Website, as well as providing support for such activities by the Data Controller;

– promotional purposes related to above activities (to sending newsletters, or promotional mails, to participate in giveaways, to send product/service offers, for direct marketing and telemarketing/telesales activity, promotion of functions)..

6. SCOPE OF PERSONAL DATA MANAGED

The provisions related to handling and the protection of User’s personal data are applicable exclusively to natural persons given that personal information may only be interpreted in the context of natural persons.

The Data Controller will only register personal data that had been voluntarily provided by the User. By providing personal data, the User consents to having such personal entered in the database of the Data Controller in accordance with this Privacy Policy.

6.1. Personal information processed for the purposes of user identification, or any other activities

The Data Controller processes the following personal data of Users for identification:

(1) Natural personal identification data of user: first and surname, date of birth;

(2) User’s email address;

(3) User’s residential and mailing address;

(4) User’s direct telephone and fax number;

(5) Any personal information provided voluntarily by the User (such as address, position, interests) and other information.

The Data Controller may ask for other personal information about the User on the webpage for different activities, upon submitting such data the Users also give their express and voluntary consent to processing the personal information provided and the Data Controller may only manage the personal information provided for purposes outlined in Section 5 and only until reaching the purpose related to the activity. Any such data processing shall also be governed by this Privacy Policy.

6.2. Information processed in order to use the Services

(1) The IP address of User’s computer;

(2) Information on User’s activity related to the use of the webpage (such as tracking metrics of banner ad clicks).

Such data will be automatically logged by the Data Controller’s system. These data are not suitable for personal identification, the Data Controller shall not link the data in the log file to other personal data in order to use such data for trend analysis, for preparing statistics of site use, for administering the services, analysing and satisfying user demands, to contribute to developing the level of service.

6.3. Services /

Registration forms: on these pages the Data Controller may ask for personal data required to use the services, these are submitted also voluntarily.

Contact forms: on these pages the Data Controller may ask for personal data required to keep contact, these are submitted also voluntarily.

Newsletter: The Data Controller may also operate a newsletter sending service on the Website. If the User wishes to receive newsletter regarding the use of Services and novelties related to the Services, the Data Controller will ask only for the email address from the User for use for an indeterminate period of time, where the newsletter is expected to be received. The email address is also provided voluntarily. The newsletter may also include advertising deals or promotional offers. Pursuant to this Data Privacy Policy, the User gives his or her express consent upon signing up for the newsletter to Data Controller to send offers in its newsletters at the contact details provided. Users, who at any time after signing up for a newsletter that may be offered on the Website, decide that they no longer wish to receive the newsletters, may withdraw their consent to receiving such newsletters without justification using the method indicated in the newsletter or on the Website, or by sending an email or postal message to any of the contact details of Data Controller indicated in Section 1 of this Policy. Withdrawal of the consent to receiving the newsletters will also result in terminating data processing for this purpose.

Direct marketing: Upon registering on the website and/or signing up for the newsletter and/or submitting the Contact form, User voluntarily and expressly consents to Data Controller using the User’s personal information for the purpose of direct marketing. The consent is provided voluntarily and may be withdrawn without providing a reason at any time during the User relationship using any of the contact details posted on the Website or specified in section 1 of this Data Privacy Policy. The Data Controller may send out informational materials to Users from time to time relating to certain Services to inform Users about novelties related to such Services. Users who do not wish to receive such letters may cancel this informational service in the future at any time by mail about their intent via postal service or by using the postal address or the email address specified in section 1 of this Privacy Policy.

Sending promotional offer, direct marketing: The Data Controller may periodically send informational circulars to Users about their new services and special offers to which User under this Data Privacy Policy gives his or her voluntary and express consent upon registering on the website and/or signing up for the newsletter and/or submitting the Contact form. For these purposes, the Data Controller processes the email address, the name and the postal address of Users. In the event the User no longer wishes to receive such promotional letters, he/she may object to receiving the promotional newsletters or his/her consent to such data management may be withdrawn using the contact details of the Data Controller specified under section 1 of this Privacy Policy.

7. LEGAL GROUNDS AND METHODS OF DATA PROCESSING

The Data Controller shall collect and process the Users’ personal information exclusively for the purposes outlined in this Privacy Policy and shall ensure compliance with the purpose of data processing throughout every phase. Being aware of the provisions of this Data Privacy Policy, the User declares that giving consent to data processing and any subsequent data in each case will be provided under Article 5. (1) a) of the Info Act, as well as Article 6(1) a) of the Regulation based on a voluntary, informed and express consent by User. This voluntary, adequately informed and definitive consent provides the legal grounds of data processing by the Data Controller specified in this Privacy Policy.

In the event the User places an order on the webpage, until delivering the order pursuant to Article 6(1) b) of the Regulation and Article 6(4) of the Info Act the lawful basis for data processing is the legal interest of Data Controller in the fulfilment of the contract – in case they are needed to fulfil the contract.

8. DATA SECURITY

In compliance with Article 7 of the Info Act and Articles 32-34 of the Regulation, the Data Controller shall make every effort to ensure the security of your personal data. In addition, the Data Controller will take all necessary technical and organisational measures and establish the operational rules required to enforce the Info Act and other data and privacy regulations.

In the event there is any change to details provided by the User the corresponding updates should also be indicated This may be carried out by mailing a letter to the “1115 Budapest, Bartók Béla út 105-113.” address, or to adatkezeles@multisoft.hu email address, in the event User has a user account on the webpage, updates may also be performed on the webpage.

Cloud computing also forms a part of the Services. Cloud computing is typically international, or cross border in nature and serves the purposes of data storage, for example, where the host is not the computer/corporate IT centre of Data Controller, but a server centre located anywhere in the world. The primary advantage of cloud computing is that it is essentially moves beyond geographical location, it provides a high security and a flexible, extendable IT storage and processing capacity. The Data controller will choose partners offering cloud computing with the highest level of consideration, and shall take all reasonably expected measures to enter into agreements that prioritize the data security of Users, to make their data processing principles transparent to Users and to support data security by conducting regular reviews. By accepting this Privacy Policy, the User expressly consents to data transfer required for employing cloud computing solutions.

Links: The Website of Data Controller may also include some reference or link to certain webpages maintained by other service providers (such as buttons, logos to login or sharing options), over which Data Controller has no control with respect to personal data processing practices, or where the Data Controller is not involved in data sharing/data transfer. Users are hereby informed that by clicking on such links, they will be forwarded to the websites of other service providers. In such cases consulting the applicable data processing rules for using such websites is recommended. This Privacy Policy applies only to the website operated by the Data Controller. In the event any data is modified, deleted by the User on an external website, it will not impact the data processing by the Data Controller and such modifications must be implemented on the Website as well.

9. USER RIGHTS

The User may request information on the data processing, and if processing his or her personal information is in progress, and if during data processing in progress he/she may receive a copy of his or her personal information processed and may request access to his or her personal information, their rectification, cancellation (cessation of data processing), or restricting data handling and may also object to the handling of such personal information. The User is entitled to exercise his or her right with regard to personal data processing by sending notifications to any of the contact options specified in Section 1 of this Data Privacy Policy.

In the case of a User request outlined in this Section 9 (b)-(f) and in Section 10 of this Data Privacy Policy, the Data Controller will advise the User within one month following receipt of the request about the measures taken following up on the request at the email address submitted by User upon registration, unless a different way of advisement has been indicated in the request by the User. Based on the complexity and the number of requests, the Data Controller may extend this deadline by up to two months. The Data Controller will advise the User about the deadline extension by specifying the causes of delay within one month following receipt of the request at the most.

In the event the Data Controller fails to take measures as a follow up on the User’s request, then within one month following receipt of the request they will advise the User as to the reason of failing to take measures, as well as of User’s option to lodge a complaint at the National Agency for Data Protection, or he or she may seek judicial redress.

Any such request will be addressed by the Data Controller free of charge, except, if the request is clearly unfounded, excessive or excessive due to repetitive occurrences, in which case the Data Controller may charge a reasonable fee or may deny taking measures based on the request.

(a) Information, access

Information may be requested about personal data processing based on Article 14. A), as well as Article 15(1) of the Regulation. Upon request the Data Controller may give information to the User if his or her personal information is processed by the Data Controller or a Data Processor, who is commissioned or assigned by the Data Controller. If the information is processed by the Data Controller or by a Data Processor commissioned for processing or assigned by the Data Controller, then the Data Controller will make the personal information processed by the Data Controller or the Data Processor commissioned for processing or assigned by the Data Controller available to User and within the framework of or depending on the request will inform User about

– the source of the personal data processed and;

– the purpose and the legal ground, the duration of data processing,

– the scope of personal data,

– in case of forwarding the personal information processed the scope of recipients of data forwarding including recipients in third countries and international organisations,

– the duration of storing the personal information managed, the viewpoints in determining this time frame,

– the rights User is entitled to under the Info Act, as well as advising about the ways of enforcing such rights,

– in case of profiling, this fact itself, furthermore

– the circumstances of any eventual data protection incidents in handling User’s personal information, their impact and the measures taken to manage and mitigate them,

in addition to advising the User about their activities in relation to data processing.

Please send your request for information on data processing by mail or email to the address specified in section 1 of this Privacy Policy, which will be answered in twenty-five (25) days in writing sent to the User.

(b) Rectification

The Data Controller may rectify a personal data if requested by a User, in case some of the personal information is inaccurate and the accurate data is made available to the Data Controller. Besides, the User is entitled to ask for any missing personal data.

In compliance with the provisions in this Section 8(b) if the information processed by the Data Controller or by the Data Processor commissioned or assigned by the Data Controller is incomplete, incorrect or missing, then they will immediately be rectified or corrected by Data Controller especially so if requested by the User, or if it is compatible with the purpose of data processing, it will be complemented with the additional personal data made available by the User or with User’s comment on the personal information handled. The Data Controller will be exempted from the liability described in the previous sentence, if no correct, true and complete personal information is available and they are not provided by the User, or the truthfulness of the personal information provided by the User cannot be assessed beyond any doubt.

(c) Deletion

The Data Controller shall delete the personal information, if this or the cessation of data processing is requested by a User.

The Data Controller may only refuse a request to erase personal information in the following cases:

1. a) Additional processing of information is required for the freedom of expression and to exercise the right for information; or

1. b) additional processing of information is required to comply with the EU or member state rights stipulating the procession of personal information applicable to the Data Controller; or

1. c) additional processing of information is required to submit, enforce or protect legal rights. The User may request the deletion of any of his or her personal data on the Website by mail or email sent to the postal or email address provided under Section 1 of this Privacy Policy to the Data Controller. Based on User’s voluntary decision and request, the Data Controller shall delete the data requested to be deleted within twenty-five (25) days following the receipt of such a deletion request By withdrawing consent to the processing of personal data, as well as by requesting the deletion of data, the User will relinquish the right to participate in the activities related to the registration Deletion is cost-free in all cases.

(d) Restriction of data processing

The Data Controller will restrict data processing, if

– the User disputes the accuracy, truthfulness or completeness of the personal data processed by the Data Controller or by the Data Processor commissioned or assigned by the Data Controller, and the accuracy, truthfulness and completeness of the personal data processed cannot be established beyond any doubt, or

– as a result of unlawful data processing the information should be deleted due to the unlawfulness of data processing, but based on the written statement by the User or based on the information available for the Data Processor there are grounds to believe that deleting the information would harm legitimate user interests, for the duration of legitimate interests giving grounds for not deleting data or

– due to unlawful data processing the information should be deleted, but for examinations or procedures carried out by the Data Controller or by or with the participation of other bodies with public service mission set forth in regulations – thus especially in criminal proceedings – the information should be retained as evidence until closing such examination or procedure.

Personal data restricted in this fashion will be handled by the Data Controller only until the time the purpose of data handling that excluded the deletion of the personal data continues to exist. Restricted personal information, except for storage, may only be processed for enforcing legitimate User interests, or with User’s consent, or for litigation, enforcement of to defend legal claims, or in the defence of other natural or legal entity or on the grounds of an important public interest of the European Union or a member state. The Data Controller will notify the User if restriction is imposed. The Data Controller will give advance notice to User on the withdrawal of restriction, in the case restriction was necessary for verifying data accuracy, truthfulness or completeness.

(e) Objection

The User may at any time object to processing his or her personal information. In the event the User objects to data processing, then his or her personal data should not be further processed, unless the Data Controller proves that there is a compelling justification for data processing which outweigh User interests, rights and freedoms, or which are linked to litigation, enforcement of defence of legal claims. In the event the User objects to processing personal information for direct marketing efforts, then the personal information may not be further used for such purpose.

To object to data processing for direct marketing, the User has options ranging from other communications to selecting the appropriate checkbox on the website of the Data Controller.

(f) Right to Data Portability

Within the scope of right to data portability the User is entitled to ask for a structured, widely used, machine-readable copy of his or her personal information processed by the Data Controller, as well as to ask the Data Controller to directly forward his or her personal information to another data controller.

10. RIGHTS TO LEGAL REDRESS

(a) Judicial Enforcement

The User may turn to court in relation to the Data Controller or – to the data processing operations falling within the Data Controller’s activities – against the Data Controller, if in his or her view the Data Controller or the Data Processor commissioned or assigned by the Data Controller handles his or her personal information contravening the provisions outlined in the regulations on personal data processing or in any mandatory EU legislative act.

Demonstrating compliance with the requirements outlined in regulations or in the mandatory EU legislative acts on processing personal information is the responsibility of Data Controller or Data Processor commissioned by the Data Controller.

The case may be brought before the court competent according to his or her residence or place of stay at his or her discretion. Persons with no legal capacity may also be party to the case.

If the Data Controller or the Data Processor commissioned or assigned by the Data Controller breaches the provisions set forth in the regulations or mandatory EU legislative acts on processing personal information, thus causing damage to others is liable to compensate for.

If the Data Controller or the Data Processor commissioned or assigned by the Data Controller breaches the provisions set forth in the regulations or mandatory EU legislative acts on processing personal information, infringing personality rights of somebody else, the person whose personality rights suffered harm by the Data Controller or the Data Processor commissioned or assigned by the Data Controller may claim compensation in tort.

The detailed means of enforcement, as well as the detailed legal provisions on the responsibilities of the Data Controller are set out in the Info Act.

The rights of incapacitated Users, or Users with limited legal capacity regarding data processing – including giving consent to personal data processing – will be exercised by their legal representative, or guardian and the User’s responsibilities will be fulfilled by such representative or guardian. No consent or post factum approval by the legal representative or guardian is required for the validity of a consent provided by a minor under the age of 16.

(b) Public Enforcement

The User

– may initiate an investigation by the National Agency for Privacy Protection to examine the legality of measures by the Data Controller, if before starting data processing the Data Controller failed to inform the User or failed to inform in accordance with the provisions of the Info Act, or hindered the User in enforcing his or her rights outlined in Section 9 of this Data Processing Policy or refused the application to enforce such rights, or

– may initiate a procedure by the National Agency for Privacy Protection if in his or her view during processing his or her personal information the Data Controller or the Data Processor commissioned or assigned by the Data Controller breaches the provisions specified in the Regulation or in the mandatory EU legislative acts on data processing.

11. CLOSING PROVISIONS

The Internal Data Protection and Data Security Policy of Data Controller forms a not severable Schedule I of this Policy that specifies all technical and organisational measures ensuring the protection of data processed for direct marketing.

Budapest, 29 November 2019