PRIVACY POLICY


1. Purpose and scope of the Policy

  • The purpose of present privacy policy (hereinafter referred to as: „Policy”) is to define the lawful order of the use of the records/databases maintained by the Software Company Kft. (hereinafter referred to as: „Controller”) on the operation of the https://soft-products.com/ website (hereinafter referred to as: „Website”) and to ensure that the constitutional principles of data protection, the informational self-determination and data security are met, and that everyone has the right to manage their personal data within the framework of the relevant laws and getting known the circumstances of the processing of the data; as well as to prevent the unauthorized access, alteration and disclosure. Furthermore present Policy shall inform the data subject about the data processing practice of the Controller.
  • The scope of present Policy does not extend to other processing by the Controller.

2. Relevant laws

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (general data protection regulation; hereinafter referred to as: „GDPR”)
  • Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter referred to as: „Privacy Act„)
  • Act V of 2013 on the Hungarian Civil Code (hereinafter referred to as: „Civil Code”)
  • Act CXXX of 2016 Code of Civil Procedure (hereinafter referred to as: „Civil Procedure”)
  • Act CVIII of 2001 on certain aspects of electronic commerce services and information society services

3. Data of the Controller

Applicable data of the Collector are the followings:

  • Name: Software Company Korlátolt Felelősségű Társaság
  • Seat: Hungary, 1054 Budapest, Honvéd utca 8. 1. em. 2. ajtó
  • Company Reg. No.: 01-09-401106
  • VAT-No.: 27863611-2-41
  • Europe VAT-No.: HU27863611
  • Registering court: Company Registry Court of Budapest
  • E-mail: support@soft-products.com
  • Representative: Kohut Richárd managing director

4. Scope, purpose, duration and title of the processed data

  • Data providers shall submit their data correctly.
  • If the informant does not provide his/her personal data, the information provider is obliged to obtain the consent of the data subject.
  • If the Controller transmits data to data processors or other third parties, the Controller keeps records of these. The data transfer note shall contain the addressee, the method, the date and the range of data transmitted.
  • Data processing of each activity of Controller are the followings:
    1. Registration on the Website

Legal basis for processing: performance of a contract
Data processed: password, contact name, country, telephone number, e-mail address; proof of economic activity
Purpose of processing: create a user profile on the Website to enable you to place orders
Deadline for deletion of data: until the registration is cancelled
Possible consequences of failure to communicate the data: impossibility of placing the order.

Contacting us on the Website

Legal basis for processing: con data subject’s consent by means of impulse
Data processed: name; e-mail address; telephone number; subject; message text
Purpose of processing: to contact the Data Controller
Deadline for deletion of the data: at the unilateral discretion of the Data Controller, if the message contains content which imposes a legal obligation on the Data Controller or if the Data Controller considers that it may be necessary in the future to enforce or protect his or her rights or the rights of third parties, he or she will erase the data after 5 years, otherwise within 30 days of receipt of the message
Possible consequences of non-disclosure: in the event of failure to provide the data, the establishment of the relationship may be frustrated or rendered more difficult.

 

Cookies on the Website

Legal basis for processing: legitimate interest of the Data Controller in the proper technical functioning of the Website

Name Cookie type Storage period Purpose
_ga_[*] HTTP 1 year The functionality is to store and count pageviews.
wordpress_sec_[*] HTML Until you log out or close the browser The functionality is to provide protection against hackers, store account details.
wp-settings-[*] HTML 1 year Used to check whether your web browser is set to allow, or reject cookies.
_ga HTTP 1 year This cookie is used for Google Analytics to distinguish unique users by assigning a randomly generated number as a client identifier.
alpha_cookies_1 HTML 2 months Did the user accept basic cookies?
wp-settings-time-[*] HTTP 1 year Used to customize the view of your admin interface and the front-end of the website.
wordpress_logged_in_[*] HTML Until you log out or close the browser Used to indicate when you are logged in, and who you are.
wordpress_test_cookie HTML Until you log out or close the browser Check if the cookies are enabled on the browser to provide appropriate user experience to the users

(Persistent cookies: these are cookies that remain on your online device after you have left the website and store a randomly generated number to help identify visitors to the website as unique users. The type of cookie depends on how long it is stored on your online device. The stored (tracking) cookies used on the website provide important traffic data about its use.)

Invoicing

Legal title of the data processing: complying with legal provisions
Scope of processed data: name, address
Purpose of data processing: complying with legal provisions
Data Processor: McMillan Woods Cyprus Ltd. (registered office: 200 Archiepiskopou Makariou III Avenue 1st & 2nd Floor, Office 102 & 202 2311, Lakatamia, Nicosia, Cyprus; company registration number: 10389492L; Community tax number: CY10389492L)
Legal basis for the transfer: fulfilment of a legal obligation
Deadline of deletion of data: 9 years after issuing the invoice
Possible consequence of failure to deliver data: the data providing may not be denied due to legal obligation of Controller, it would cause the failure of providing any services of the Controller

5. Rights of data subject, remedies

  • Data subjects may request information from the Controller on the data handling at any time in writing, may indicate the need for modification or deletion and may withdraw previously given consent given in paragraph 3 at any time.
  • The data subject may not exercise the right of cancellation of the data subject in case of mandatory data processing required by law.
  • Content of the right to information: On the request of the data subject, the Controller shall provide the data subject to the information listed in Articles 13 and 14 of the GDPR on the processing of personal data as well as the information under Articles 15-22. and Article 34 shall be provided in a concise, comprehensible form.
  • Content of the right to access: At the request of the data subject, the Data Controller shall provide information on whether the data controller is in the process of processing the data. If the Data Controller is in the process of processing data on the applicant, the data subject is entitled to access:
    1. The personal data relating to the data subject;
    2. Purpose(s) of data the data processing;
    3. Categories of personal data involved;
    4. The persons with whom the data of the data subject have been or will be communicated;
    5. Duration of data storage;
    6. The right to rectify, erase and limit data processing;
    7. The right to apply to a court or a supervisory authority;
    8. The source of the processed data;
    9. profiling and/or automated decision making, or details of its application, practical effects;
    10. transfer of processed data to a third country or international organization.
  • In the case of a data request as described above, the Controller shall provide the data subject with a copy of the data he/she manages for the request. Upon request, it is possible to request delivery by electronic means from the Controller
  • For each additional copy, the Controller requests an administration fee of HUF 1000 per page.
  • The deadline for submitting the requested data is 30 days from receipt of the request.
  • Right to rectification: The data subject may request rectification of inaccurate data managed by the Controller.
  • Right to cancellation: If any of the following reasons apply, the Controller shall delete the data relating to the data subject as soon as possible, but not later than 5 working days:
    1. Data has been unlawfully processed (without legal authorization or personal consent);
    2. data management is unnecessary for the original purpose;
    3. the data subject withdraws his/her consent for data process and the Controller has no other legal basis for data processing;
    4. the subject data were collected in respect to the provision of information society services;
    5. personal data must be deleted in order to fulfill the legal obligations of the Controller.
  • The Controller may not delete the data if the data processing is required for any of the following:
    1. Additional data processing is required to comply with the legal requirements for the Controller;
    2. necessary for the exercise of the right of expression and information;
    3. public interest;
    4. for archiving, scientific, research or statistical purposes;
    5. to enforce or protect legal claims.
  • Right to restrict data processing: If any of the following reasons apply, Controller shall restrict the data processing at the request of the data subject:
    1. The data subject contests the accuracy of the data relating to him, in this case the restriction refers to the period of time during which the accuracy and correctness of the relevant data is reviewed with credibility;
    2. data processing is unlawful, but the data subject requests that the deletion shall be ignored and only the data processing shall be restricted;
    3. data is no longer required for data processing, but the data subject requests the data to be retained for the purpose of enforcing or protecting legal claims;
  • If the Controller introduces a restriction on any processed data, it shall only process the data concerned for the duration of the limitation, if:
    1. the data subject agrees;
    2. it is necessary to enforce or defend legal claims;
    3. it is necessary to enforce or protect the rights of another person;
    4. public interest.
  • Right to withdrawal: The data subject has the right to withdraw the consent given to the Controller at any time in writing. In case of such request, the Controller shall immediately and permanently delete any data that has been processed in relation to the data subject and which is not required to be stored and processed any further based on legal obligations or to enforce or protect any rights. The withdrawal shall not affect the validity of the data processing before the date of the withdrawal.
  • Right to portability: The data subject is entitled to receive the personal data concerning him/her, which he/she provided to the Controller in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance. The request shall be executed by the Controller as soon as possible, but no later than 30 days.
  • Automated decision-making and profiling: The data subject has the right not to be subject to a decision based solely on automated data processing (e.g. profiling) that would have legal effect or otherwise could affect the data subject adversely. This is not applicable if:
    1. the data processing is essential for the conclusion or performance of a contract between the data subject and the Controller;
    2. the data subject expressly agrees to use such procedure;
    3. its use is authorized by law;
    4. it is necessary to enforce or protect legal claims.

6. Means and security of data storage

  • The Data Controller’s websites are physically stored on a server provider. The server provider is Profitárhely Kft. (address: Hungary, 6000 Kecskemét, Szolnoki út 23.; e-mail address: ugyfelszolgalat@profitarhely.hu)
  • The server provider only provides hosting and does not process the data of the data subjects.
  • Controller is using an IT system ensuring that the data:
    1. shall remain unchanged and this may be certified (data integrity);
    2. credibility shall be ensured (credibility of data processing);
    3. shall be accessible only for those who are entitled (availability);
    4. shall be protected against unauthorized access (confidentiality).
  • The protection of the data covers in particular the following unwanted acts:
    1. unauthorized access;
    2. alteration;
    3. transfer;
    4. deletion;
    5. disclosure;
    6. accidental damage;
    7. accidental destruction;
    8. or becoming inaccessible due to change in applied technique.
  • In order to protect the electronically processed data, Controller shall use an appropriate level of security in accordance with the state of the art. When assessing compliance, particular emphasis is placed on the extent of risk arising from data processing carried out by the Controller. IT protection ensures that stored data is not directly attributable to or linked to data subjects (unless permitted by law).
  • Controller shall ensure the followings during the data processing:
    1. only those may have access to the information who are authorized to do so;
    2. any authorized person may access the data when needed;
    3. the accuracy of the information and processing method shall be protected.
  • Controller and the possible data processors shall provide protection against fraud, espionage, viruses, burglary, vandalism and natural disasters regarding their IT systems at all time. Controller (or the possible data processor) is using both server-level and application-level security measures.
  • Messages forwarded to the Controller over the Internet, in any form, are subject to network threats that lead to information modification, unauthorized access, or other illegal activities. However, to prevent such threats, the Controller shall apply all measures that are reasonably practicable and which may be expected from the state of the art. To this end, the systems used are monitored to record security deviations in order to obtain evidence of a security incident and to investigate the effectiveness of precautionary measures.

7. Procedural rules

  • If Controller receives a request under Article 15-22 of GDPR, Controller shall inform the data subject in writing about the applied measures within 30 days.
  • If the complexity of the application or other objective circumstances necessitate it, the time limit may be extended once up to a maximum of 60 days.
  • Controller shall provide the information free of charge, unless:
    1. the data subject files repeatedly the request for information/taking action with essentially unchanged content;
    2. the application is clearly unfounded;
    3. the request is excessive.
  • In cases under Paragraph 3 Controller is entitled for the followings:
    1. refuse the application;
    2. to make the execution of the request subject to a reasonable fee.
  • If the applicant requests the transfer of data on paper or on an electronic medium (SD card, pen drive, CD, DVD, etc.), the Controller shall provide a copy of the relevant data free of charge as requested (except if the chosen platform would be technically disproportionate). Controller may charge HUF 1000,-/page/CD-DVD for each additional requested copy. Requests for data on a different medium are charged at a different price, but not more than HUF 5,000,-/media.
  • Controller shall notify any person with whom the subject data has been previously disclosed of any rectification, deletion or restriction that has been made, unless such information is impossible or requires a disproportionate effort.
  • On the request of data subject Controller shall provide information on whom the personal data of the data subject has been forwarded.
  • Controller shall make the response to the request in electronic form, unless:
    1. the data subject expressly requests a different way and this does not cause unreasonably high extra costs for the Data Controller;
    2. Controller is not in possession of the electronic contacts of the data subject.

8. Damages

  • If any data subject shall suffer material or non-pecuniary damage as a result of breach of data protection laws, the data subject is entitled to claim compensation from the Controller and/or the data processor. If the Controller and the data processor(s) are involved in committing the violation, they are jointly liable for the damage.
  • The data processor shall be liable for the damages if it has violated the provisions of the relevant data protection regulations on the data processors, or if the damage occurred due to non-compliance with the instructions of the Controller.
  • Controller or the possible data processors shall be liable only if they cannot prove that they are not responsible for the event giving rise to the damage or circumstance that caused the damage.

9. Remedies

  • If, in the opinion of the data subject, his/her rights have been violated by the Controller and/or the data processor(s), he/she shall be entitled to apply to the court with jurisdiction and competence in accordance with the Code of Civil Procedure. The court acts in such cases promptly.
  • If the data subject wishes to file a complaint in respect of the data processing, he/she may turn to the Hungarian National Authority for Data Protection and Freedom of Information as follows: seat: 1055 Budapest, Falk Miksa utca 9-11.;.; mailing address: Hungary, 1363 Budapest, Pf.: 9.; telephone: +36 1 391 1400; fax: +36 1 391 1410; e-mail: ugyfelszolgalat@naih.hu; website: www.naih.hu.

10. Administrative cooperation

  • The Controller, when receiving a formal request from the respective authorities, shall provide the specified personal data on a mandatory basis.
  • The Controller shall only transmit data in the cases referred to in paragraph (1) which are strictly necessary for the purpose specified by the requesting authority.

Dated: Budapest, 9 November 2023