Privacy Policy

I. General

XAPT Szoftver Tanácsadó Korlátolt Felelősségű Társaság (seat: 1118 Budapest, Rétköz utca 5.; hereinafter: XAPT) respects the rights connected to the protection of the personal data of the user interested in the services and products of XAPT. XAPT processes all personal data that it became aware of by the usage of the websites (hereinafter: Website) in compliance with the Regulation No. 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: GDPR), the Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: Info Act) and the provisions of the present privacy policy. The present declaration provides information about what kind of personal data are processed by XAPT and about how personal data are used through its website. You can learn, how you can exercise the rights provided in chapter III of GDPR (Right of the data subject), for instance how you can verify the accuracy of such data and how you can request the erasure thereof from the registry of XAPT. We inform you that most of the sites of our website can be visited without providing any personal data. However, for customer relationship purpose the registration and identification of the contact person of yours as a given economic, budgetary or social entity might be necessary. The present policy shall only apply to the website of XAPT, it shall not apply to any other online websites accessible by clicking on links operated by third parties from the website of XAPT.

We inform you that the definitions used therein possess the same meaning as defined in Article 4 of GDPR, therefore we avoid the separate presentation thereof.

II. The data controller

The processing is carried out by those employees of XAPT who directly participate in providing services within their activities in compliance with the purpose limitation of processing. The contact of XAPT as Data Controller:

Name of the Data Conroller: XAPT Szoftver Tanácsadó Korlátolt Felelősségű Társaság

Representative of the Data Controller: Tamás Holczinger

Address of Data Controller: 1118 Budapest, Rétköz utca 5.

E-mail address of the Data Controller: [email protected]

We inform you, that no data protection officer is appointed at XAPT, but the person responsible for data protection matters can be reached any time via the above e-mail address or via post in connection with the present Privacy Policy or the processing of your personal data.

III. The principles of data processing

XAPT takes all appropriate measures to ensure that the personal data of the visitors (hereinafter: Visitors) of the Website are at all times

  1. (a)processed in a lawful and fair manner in compliance with the appropriate legal basis (lawfulness, fairness, transparency);
  2. collected for a specified, explicit and legitimate purpose and not further processed in a manner that is incompatible with those purposes;
  3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimisation);
  4. accurate and, where necessary, kept up to date; and if possible, the inaccurate personal data are erased or rectified without delay (accuracy);
  5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for statistical purposes which is subject to implementation of the appropriate technical and organisational measures (storage limitation);
  6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (integrity and confidentiality).

IV. The purpose and basis for processing, the data collected and processed by XAPT

The legal basis for XAPT for the processing of the personal data of the Visitor shall be at all times the consent of the Visitor, therefore only those data are exclusively registered, to which you expressly gave your consent in advance and in such extent, that is strictly necessary for the providing of the service that is requested. The processing shall be carried out until the consent is given by the Visitor or until the withdrawal of the consent. The rules of withdrawal are to be found in section X. below.

XAPT keeps records of business related, corporate data, however some data may be related to the contact person of a given economic, budgetary or social entity. The data related to such persons, in case they are provided by the person, are processed by XAPT. XAPT processes the following personal data:

  1. name (data strictly necessary for the identification of the Visitor);
  2. phone number (the data strictly necessary for reaching the Visitor later on);
  3. e-mail address (the data strictly necessary for reaching the Visitor later on);
  4. IP address.

The processing of these personal data are necessary for customer relationship, i.e. might be relevant regarding the adoption of business decisions. By providing the data necessary to contact, you give your consent that XAPT can contact you and to maintain such contact. The subscription to the Website is exclusively possible by providing accurate company e-mail address, therefore we ask you not to provide private e-mail address during the subscription.

By subscribing to our website, you expressly give consent and indicate your agreement to XAPT to send you informative and promotional purpose newsletters to the company e-mail address provided by the form for the given economic, budgetary or social entity or to contact you via phone on the provided company phone number.

XAPT reserves the right – not including the corporate contact data provided for the carry out of the performance of services – to terminate the processing of the possibly provided personal data and to delete them without notifying you!

V. Recipients of the personal data and categories of recipients

XAPT generally shares the personal data of the Visitors with the following third parties:

  1. within the company group of XAPT, including the mother companies and subsidiaries of XAPT;
  2. organisations to whom the Visitor carries out contact services regarding XAPT and other companies;
  3. supervising authorities and other regulatory authorities and bodies.

The Visitors as the data subjects of the processing can request personalized information of their personal data processed by XAPT (the purpose and the legal basis of the processing, the scope of data, the transfer of data, the term of processing, the logic of profiling) via the contacts defined in the above section II.

VI. The collection and usage of the data

Only such corporate data is recorded which has been voluntarily provided by the visitors of the website. In this case you simultaneously accept the below conditions. In case you provide corporate contact data through our website or by using any of the e-mail addresses to be found there, then you give your consent to XAPT to keep records and process them for the purpose of the necessary communication in compliance with the effective statutory requirements, especially the provisions of the GDPR. By providing your data, you give your consent to the storing, the transmission and the treatment of the data and to the treatment and analysis for statistical purposes by the inner administration of XAPT. We shall only transfer your personal data to third parties without your consent, if it is required by statutory requirements, authorities or courts. In such cases the data provided by you shall be processed confidentially and we ensure that only those persons can access thereto, who directly participate in the sales and the providing of services in close connection with the activity of sales and the providing of services and we ensure that unauthorised third parties shall not have access to your personal data without your prior, express approval consent.

VII. International Transfer

The personal data of the Visitors are transferred to data controllers and data processors outside of the countries of the European Economic Area as well, to which the Visitor gave its express and informed consent by accepting the present privacy policy (Article 49 of the GDPR).

By the present privacy policy XAPT informs the Visitor that the appropriate safeguarding of the transferred data is ensured regarding the recipient outside of the European Union affected with the transfer of the data of the Visitor:

  1. by the standard data protection clauses adopted by the Commission in accordance with the examination procedure referred to in Article 93(2) of the GDPR;
  2. by the standard data protection clauses adopted by a supervisory authority and approved by the Commission pursuant to the examination procedure referred to in Article 93(2);
  3. an approved code of conduct pursuant to Article 40 of the GDPR together with binding and enforceable commitments of the controller or processor in the third country to apply the appropriate safeguards, including as regards data subjects’ rights; or
  4. an approved certification mechanism pursuant to Article 42 of the GDPR together with binding and enforceable commitments of the controller or processor in the third country to apply the appropriate safeguards, including as regards data subjects’ rights. Within this framework, XAPT endeavours make its third country partners accept the contractual data protection sample clauses approved by the European Commission / National Authority for Data Protection and Freedom of Information (NAIH).

VIII. Security

XAPT keeps the personal data provided by you in safe custody and by appropriate technical and organizational measures it takes precautional measures to secure them by using technical, physical, administrative and computer based equipment. Safety measures with appropriate protection level were introduced in order to avoid accidental data losses, processing, unauthorized accessibility, modification or publishing.

An appropriate procedure is applied for handling any presumed data protection breaches and we notify you and the affected authority about the data protection breach, if such notification is mandatory based on statutory requirements.

IX. The term of processing

The term of the processing is five (5) years reckoned from the termination of the opportunity to use the service, with regards to the fact, that within this term a civil proceeding claim of XAPT can occur reckoned from the expiry of the service due to your activity and by this term it ensures that your personality remains retraceable, so XAPT can enforce its damages or other civil proceeding claims towards you.

X. Your rights in connection with processing

In connection with the processing of your personal data, with regards to the provisions of the GDPR, you have the hereby listed rights, based on which you are entitled:

  1. To request access to your personal data (generally known as: ‘right of access by the data subject’). Based on this you are entitled to obtain copies of your personal data processed by us and you are entitled to monitor whether our processing is lawful.
  2. To request rectification of your personal data processed by us. Based on this you are entitled for the rectification of your inaccurate or incomplete personal data processed by us, however in such case it may be necessary to inspect the credibility of the newly provided data.
  3. To request the erasure of your personal data. This entitles you for the erasure or the removal of your personal data by us, if there is no reasonable cause for further processing. You can also request the erasure or removal of your personal data if you successfully objected against the processing of your personal data (see below), in case the information were processed unlawfully or in case we are obliged to erase your personal data based on the local law. Please take into consideration that we cannot fulfil your request for erasure at all times based on other legitimate interest, of which, if applicable, we inform you at the time of addressing your request.
  4. To object against the processing of your personal data if the processing is based on the enforcement of our legitimate interest (or the legitimate interest of a third party) and you object against the processing based on reasons in connection with your personal situation, since you feel like that it has an effect on your fundamental rights and freedoms. You can also object, if your personal data is processed by us for direct marketing purposes. In certain cases, we are entitled to prove that our compelling legitimate interest prevails against your fundamental rights and freedoms.
  5. To request the restriction of processing of your personal data. This entitles you to have the processing of your personal data ceased by us in the following cases: (a) if you request us to ensure the accuracy of your data; (b) where our processing is unlawful, but you do not intend to have your data deleted by us; (c) if you request us to store your data even if we do not need them anymore, but you need them for presenting, enforcing and protecting legal claims; or (d) in case you object the processing of your data, but inspection of the existence of the overriding lawful legal basis is necessary.
  6. To request the transfer of your personal data to yourself or to a third party. We transfer your personal data to you or to a third party chosen by you in a structured, generally used machine readable format. Please take into consideration that this right only covers such personal data which is processed by the carry out of automated means, to the usage of which your consent was given previously and which was used for the performance of the contract.
  7. To withdraw your consent at any times, when the processing of your personal data is carried out based on your consent. However, this does not affect the lawfulness of processing prior to the withdrawal of your consent. In case you withdraw your consent, it is possible that we cannot provide certain products or services to you. Of the above, we notify you at the time of the withdrawal of your consent.

All data subject rights listed under the present section X. can be exercised through the request delivered to the above contacts of XAPT. In compliance with Article 12 of the GDPR XAPT shall provide information on action taken on the request of the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended where necessary in compliance with the GDPR. Any actions taken based on the request shall be provided free of charge, however where the request is manifestly unfounded or excessive (in particular because of their repetitive character), then XAPT may either charge a reasonable fee taking into account the administrative costs or refuse to act on the request.

XI. Modification and erasure of your data

XAPT erases the recorded data from its registries, if the conditions of storing based on statutory requirements or other legal titles are not existing. Naturally, you can also request the modification and / or rectification or erasure of your personal – or corporate – data any time in compliance with the provisions laid down in the above section X.

XII. Declaration of the user

By providing your data on our website you confirm, that you fully became aware of and read the present privacy policy, moreover that you accept the provisions thereof as binding and you voluntarily, in an informed manner and expressly give your consent to XAPT to process your voluntarily provided corporate contact data (the personal data determined in section V of the present privacy policy) for customer relationship purposes in compliance with the provisions of the GDPR, the Info Act and the present privacy policy. Naturally, your consent can be withdrawn any time in compliance with the above through any of the contacts recorded in section II. You declare that the data provided during the registration are real and do not infringe others’ rights relating to personality. You acknowledge that in case the data provided by you are not real, then XAPT is not obliged to contact you.

XIII. Right to submit complaints

In case the Visitor considers, that its rights were infringed, then XAPT suggests that the Visitors shall initiate consultations with the data controller in a way that it can directly contact the above appointed contact person. If such consultations do not lead to results, or the data subject does not intend to participate in such activity, then the Visitor can turn to the court or have the right to lodge a complaint with a supervisory authority, in particular in the Member State of the habitual residence, place of work or place of the alleged infringement. In Hungary, the supervisory authority is the National Authority for Data Protection and Freedom of Information (NAIH). In case of the initiation of court proceedings, the data subject can decide whether it initiates the proceedings before the competent court based on its address or based on its residence.

The contacts of NAIH are the followings: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.; phone number: +36 1 391 1400; fax number: +36 1 391 1410; e-mail address: [email protected]; website: www.naih.hu.

+1 (305) 744 5901