Privacy Policy

This Privacy Notice was created in accordance with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR) and Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information. This Notice applies to the processing of personal data in connection with the portal of KÜRT Információbiztonsági és Adatmentő Zrt. (KÜRT Information Security and Data Recovery Co.) (hereinafter referred to as KÜRT Zrt.) available at kurt.hu and in connection with related sub-sites and websites of interest to KÜRT Zrt. (hereinafter collectively referred to as Portals), as well as the processing of personal data obtained by the Data Controller during personal meetings or communication via telephone or e-mail.

KÜRT Zrt. is the data controller with respect to all data processing in connection with the personal data processing described above. KÜRT Zrt. is committed to the protection of personal data; with that in mind, this Notice summarizes information on the methods of data collection and processing as well as the exercising of data subject rights in connection with data processing. This Notice is revised from time to time, and KÜRT Zrt. shall communicate the fact of revision indicating the amended provisions on the kurt.hu portal.

 

DATA CONTROLLER

Name of the data controller: KÜRT Információbiztonsági és Adatmentő Zrt.

Company registration number of the data controller: 01-10-048723

Registered office and postal address of the data controller: 1118 Budapest, Rétköz utca 5.

Person entitled to represent the data controller: József KMETTY, CEO

Electronic mail address of the data controller: kurt(at)kurt.hu

Phone number of the data controller: +36 1 424 6666

Telefax number of the data controller: +36 1 228 5414

 

PRINCIPLES OF DATA PROCESSING

KÜRT Zrt. shall process all personal data in accordance with the principles of lawfulness, fairness, transparency and data economy. The processing of data shall be limited to a specific purpose, and KÜRT Zrt. shall continue to process data only if one of the legal grounds set out in this Notice applies, for the duration of the validity of the legal ground.

KÜRT Zrt. shall not use the data for profiling, does not forward them to third parties neither in Hungary nor abroad – except for a request by an authority or court with the indication of the legal basis, and except for the case of a possible legal enforcement –, and shall only use the data processors indicated in this Notice.

KÜRT Zrt. shall protect the data with appropriate, risk-proportionate technical and organizational measures, shall handle any data protection incidents in accordance with the GDPR regulations, and shall inform the affected parties about them in the manner and with the data content required by law.

 

SCOPE OF DATA PROCESSING AND OF THE DATA PROCESSED

No personal data provision is needed for viewing the information shared on the portals, it is only necessary when contacting KÜRT Zrt. or using its services.

• Contact
• Use of KÜRT data backup service (https://adatmentes.kurt.hu/adatvesztes-bejelentese/)
• SeCube (https://www.secube.hu)
• SeCube webinars, newsletters

However, while downloading and browsing the portals, we monitor the activity of visitors as described in this Notice, whereby we also collect personal data.

The following data can or shall be provided in the context of services that require registration or when initiating contact, provided that the data subject has given prior consent to data processing:

• the surname and first name of the data subject(s);
• the postal address of the data subject(s);
• the electronic mail address (e-mail) of the data subject(s);
• optionally the phone number of the data subject(s); and
• the name of the organization represented by as well as the position of the data subject(s).

The data subject is free to decide whether to provide the above data, however, in case of non-provision of consent or non-provision of at least partial data, some of the services may not be available, or registration as well as establishment of contact may not be possible.

In addition to the above, KÜRT Zrt. collects information about the IP addresses (an IP address is a unique network identifier that ensures the communication of computers on the Internet), operating systems, browsers used to access the portals, as well as the time and duration of the visit. The information collected is deemed to be personal data if it allows the direct or indirect identification of the natural person data subject.

In order to improve user experience, the portals use cookies, which are information identifiers that are installed in the user’s browser and stored for a specified validity period. The use of cookies enables the tracking of the website usage patterns of users, the detection of returning users, the association of the browsing history of a given website. Cookies in themselves are not capable of identifying users, they only allow the recognition of the user’s browser. Cookies are only used by the portals and only when the user downloads and views the portals. KÜRT Zrt. does not use cookies to identify users who are merely visitors to the websites. Users may configure the rules governing the use of cookies in their browsers, or they may disable the use of cookies (for more information on how to configure cookies, please refer to the user documentation for your browsers).

KÜRT Zrt. does not process any sensitive personal data.

 

THE LEGAL BASIS AND PURPOSE OF DATA PROCESSING

The processing of data in connection with portals, meetings and telephone or e-mail communication is always based on the consent of the data subject and the legitimate interests of KÜRT Zrt. The legal basis for processing is therefore established on the basis of

• paragraph a) of Section (1) of Article 6 of the GDPR, i.e. the consent of the data subject;
• paragraph b) of Section (1) of Article 6 of the GDPR, whereby processing is necessary for the performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract;
• paragraph f) of Section (1) of Article 6 of the GDPR, whereby processing is necessary for the purposes of the legitimate interests pursued by KÜRT Zrt.

The purpose of data processing is

• to contact potential partners and customers of KÜRT Zrt., to maintain the relationship, to process comments and enquiries;
• to perform the contract or to facilitate its conclusion;
• to share information;
• to ensure the lawful and secure operation of portals, to protect the integrity of the portals;
• to ensure the enforcement of rights to intellectual products that are subject to copyright protection as well as trademarks;
• to enforce legal interests.

 

DURATION OF DATA PROCESSING

KÜRT Zrt. may process the data

• until the withdrawal of the consent of the data subject;
• for the duration of the contract;
• for the relevant purposes, until the existence of a legitimate interest therein; or
• until notification of a change in the data subject’s personal data or, in the case of a request for erasure, until its execution.

 

RIGHTS OF THE DATA SUBJECTS

In compliance with Chapter III of the GDPR, the data subject has the right

• to be informed of the circumstances and characteristics of the processing (the identity and contact details of the controller; the legal basis and purpose of data processing; the duration of the processing; his or her rights, in particular the right to withdraw consent; the possibility to lodge a complaint);
• to request information from the controller in relation to the data processing;
• to request access to personal data concerning him or her;
• to exercise the right to data portability;
• to request the rectification, erasure (right to be forgotten) or restriction of the processing of data relating to him or her; and
•  to object to the processing of his or her personal data.

In case of unjustified multiple or repeated exercise of the right of access and portability, the data controller may charge an administration fee. The exercise of the right of access and data portability may be subject to the provision by the data subject of a secure storage medium capable of storing the data. The data controller ensures access and data portability in the format and with the technological parameters used for data processing.

 

DATA SECURITY

The portals, as well as the IT system and the network of KÜRT Zrt. serving these are protected against computer fraud, spyware, sabotage, vandalism, fire and flood, computer viruses, computer hacking and attacks leading to denial of service. KÜRT Zrt. ensures security and the prevention of unauthorized access, alteration, transmission, disclosure, deletion or destruction, accidental destruction and damage to data through appropriate and risk-based technical and organizational measures, server- and application-level security procedures. All employees and contractual partners of KÜRT Zrt. who have access to the data of the data subject have undertaken to protect the confidentiality, integrity and availability of personal data.

 

OPTIONS FOR LEGAL REMEDY

The Data Controller will do its best to ensure that personal data is processed in accordance with the law, if you feel that we have not complied with this, please contact us by e-mail at kurt(at)kurt.hu or at the postal address KÜRT Információbiztonsági és Adatmentő Zrt. 1118 Budapest, Rétköz utca 5.

In the event of a breach of the law in connection with data processing, the data subject may apply to the competent court at the place where KÜRT Zrt. is established or at the place of residence or domicile of the data subject. The data subject may also contact the National Authority for Data Protection and Freedom of Information (registered office: 1125 Budapest, Szilágyi Erzsébet Fasor 22/c.; telephone number: +36 (1) 391-1400; fax number: +36 (1) 391-1410; e-mail address: ugyfelszolgalat@naih.hu). For information on how to take action through the Authority, please visit www.naih.hu.

The data subject may exercise his or her rights through the contact details of the data controller published in this notice.

 

DATA PROCESSORS

KÜRT Zrt. uses the following data processors and services for data processing in connection with the portals:

KÜRT Zrt. uses Google Analytics by Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043 USA; www.google.com/contact) to analyze the operation of the portals. Google Analytics is based on the use of cookies. The usage information generated by the cookies is transmitted to Google’s own servers, where it is stored and processed. The IP anonymization service is active on the portals, so within the member states of the European Union or contracting states of the European Economic Area, Google renders the IP address of users unidentifiable before transmission. By downloading and installing the plug-in at http://tools.google.com/dlpage/gaoptout, the user can prevent Google Analytics from collecting and processing the data generated by cookies in connection with the use of the portals.

KÜRT Zrt. uses Google AdWords by Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043 USA; www.google.com/contact) to support its advertising campaigns. Google AdWords provides the tracking of Google advertising campaigns and the measurement of their effectiveness. Google AdWords also uses cookies for its operation, which may be disabled in accordance with the general information on disabling cookies.

KÜRT Zrt. uses the services of Click On Hungary Kft. (1029 Budapest, Táltos utca 23/a.) for its data backup activities.

KÜRT Zrt. does not use any data processors in the course of data processing in connection with the establishment of contact, and upon the performance of the contract, the data processors are identified as specified in the contract.

The privacy policies of the data processors used are available through the contact details of the data processors indicated above.

Valid from: 30 September 2021