This Privacy Notice was made pursuant to Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of Personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR) and Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information. The Notice applies to the processing of personal data in relation to the website of KÜRT Információbiztonsági és Adatmentő Zrt. (hereinafter: KÜRT Ltd.) at kurt.hu and other webpages and websites controlled by KÜRT Ltd. (hereinafter together: websites).
KÜRT Ltd. is the data controller with respect to all data processing connected with the websites. KÜRT Ltd. is committed to protecting personal data; to this end this notice summarizes the information relating to the method of collecting and processing data and the data subject’s rights relating to the data processing. This notice will be reviewed from time to time, and KÜRT Ltd. will publish any modifications indicating the modified provisions on the website kurt.hu.
DATA CONTROLLER
| data controller’s name: | KÜRT Információbiztonsági és Adatmentő Zrt. |
| data controller’s registration (incorporation) number: | 01 10 048723 |
| data controller’s registered office and mailing address: | 1118 Budapest, Rétköz utca 5. |
| data controller’s authorised representative: | József Kmetty, CEO |
| data controller’s email address: | kurt@kurt.hu |
| data controller’s telephone number: | +36 1 424 6666 |
| data controller’s fax number: | +36 1 228 5414 |
DATA PROCESSING PRINCIPLES
KÜRT Ltd. processes any data that qualifies as personal data in accordance with the principles of legality, fair treatment, transparency and data minimization. Data is only processed for a specific purpose and KÜRT Ltd. processes data only if one of the legal bases specified in this notice exists and only for the duration of the relevant legal basis.
KÜRT Ltd. does not use the data for profiling, and does not disclose it to any third party – except where requested by an authority or court also specifying the legal basis for disclosure or where it is necessary for the enforcement of a right –, and only uses data processors named in this notice for the processing of the data.
KÜRT Ltd. protects the data by appropriate and risk-proportionate technical and organizational measures, and addresses any data breach in accordance with the provisions of the GDPR, and reports it to the parties concerned in such manner and with such content as required in the relevant law.
SCOPE OF DATA PROCESSING, TYPE OF DATA PROCESSED
Viewing information shared on the websites does not require the entry of personal data, it is only necessary for using the following services that are subject to registration or for contacting KÜRT Ltd.
- Using the KÜRT Data Recovery Service (https://adatmentes.kurt.hu/adatvesztes-bejelentese/)
- SeCube (https://www.secube.com)
However, when downloading or viewing the websites, we monitor visitors’ activities in accordance with this notice during which we may also collect personal data.
The following data needs to be provided for services that are subject to registration or for contacting us, provided that you have given your consent to the processing of your data:
- name of data subject;
- email address:
- optionally, phone number; and
- name of the organization represented by them and their position.
The data subject may freely decide whether or not to provide the above data, however, in lack of the consent to data processing or if at least some of the details are not provided, some of our services will be unavailable or your registration or contacting us may fail.
In addition, as part of monitoring visitors’ activities, KÜRT Ltd. collects data of the IP addresses (the IP Address is a unique network identifier which enables communication between the computers), operating systems, browsers used for accessing the website and the date and time and duration of the visit. The data collected qualify as personal data if they enable the direct or indirect identification of the natural person concerned.
To enhance user experience, the websites use cookies i.e. information identifiers installed in the users’ browser and stored for a pre-determined validity period. The use of cookies enables us to track patterns in the user’s use of the websites, to identify returning users and to link browser history relating to the given website. Cookies itself are not suitable for identifying the users, they only enable the identification of the user’s browser. Cookies are only used by the websites and only when the user downloads or views the website. KÜRT Ltd. does not use cookies to identify users who are only visiting the website. Users can set the rules of using cookies in their browser or even block the use of cookies (you can find more information on cookie settings in the user’s manual of the browser).
KÜRT Ltd. does not process sensitive personal data.
THE LEGAL BASIS AND PURPOSE OF DATA PROCESSING
Data processing in relation to the website is always based on the data subject’s consent or KÜRT Ltd’s legitimate interest. Accordingly, the legal basis of data processing is
- the data subject’s consent pursuant to paragraph a) of Article 6(1) of the GDPR; or
- enforcing KÜRT Ltd’s legitimate interests pursuant to paragraph f) of Article 6(1) of the GDPR.
The purpose of data processing
- to contact KÜRT Ltd’s potential partners and customers, maintain such contacts and manage comments and enquiries;
- to share information; and
- to ensure lawful and safe operation of the websites and protect their integrity;
- to enforce the rights in intellectual property and trademarks protected by copyrights.
As part of sharing information, KÜRT Ltd. may share data for marketing purposes relating to the company’s products and services. If the data subject does not want to receive marketing information, they may prohibit the sending of marketing information via the contact details specified in this notice.
DURATION OF THE DATA PROCESSING
KÜRT Ltd. processes the data
- until withdrawal of the data subject’s consent;
- in respect of the relevant purposes, as long as the legitimate interest relating to such purposes exists; or
- until receipt of notification of changes in the contact person’s details.
RIGHTS OF THE DATA SUBJECT
In accordance with Chapter III of the GDPR, the data subject has the right to be informed about
- the circumstances and characteristics of data processing (the identity and contact information of the data controller; the legal basis and purpose of data processing; the duration of the data processing; the data subject’s rights, in particular the right to withdraw their consent; the right to file a complaint;
- the right to request information from the data controller about the data processing;
- the right to request access to the personal data pertaining to the data subject;
- the right to data portability;
- the right to request the rectification, deletion of their data (right to be forgotten), restriction of processing; and
- the right to object to the processing of their personal data.
The data controller may apply an administrative fee in case the right to access or data portability is exercised repeatedly without reasonable grounds. The right to access and data portability may be exercised on the condition that the data subject shall provide a data storage device that is suitable for storing the personal data in a reasonably secure manner. The data controller shall enable access and data portability in the format and with the technological parameters applied during the processing of data.
In case of any breach relating to the data processing, the data subject may turn to the court that has jurisdiction according to the head office of KÜRT Ltd. or the data subject’s home address or residence address. To check and facilitate the enforcement of their rights, the data subject may also contact the Hungarian National Authority for Data Protection and Freedom of Information (seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; phone: 36 (1) 391-1400 fax: +36 (1) 391-1410 email address: ugyfelszolgalat@naih.hu). The steps to enforce your rights via the Authority can be found on the website www.naih.hu.
The data subject may exercise their rights via the contact details provided by the controller in this notice.
DATA PROCESSORS
During data processing relating to its websites, KÜRT Ltd. uses the services of the following data processors:
KÜRT Ltd. uses the Google Analytics service provided by Google LLC. (1600 Amphitheatre Parkway Mountain View, CA 94043 USA; www.google.com/contact) to analyze the operation of its websites. Google Analytics uses cookies for its operation, the information on use generated by the cookies is transmitted to Google’s own servers where it is stored and processed. The websites uses the IP-address anonymization service which means that Google renders users’ IP address unsuitable for identification before transmitting the same in the Member States of the European Union or within countries affiliated by a treaty to the European Economic Area. By downloading and installing the add-on available from http://tools.google.com/dlpage/gaoptout, the user can prevent Google Analytics from collecting and processing the information generated by the cookies in relation to the use of the websites.
KÜRT Ltd. uses the Google Adwords service provided by Google LLC. (1600 Amphitheatre Parkway Mountain View, CA 94043 USA; www.google.com/contact) to support its advertising campaigns. Google AdWords enables the tracking of Google advertising campaigns and to measure their effectiveness. Google AdWords also uses cookies for its operation which can be blocked according to the general instructions for blocking cookies.
The privacy policies of the data processors engaged can be found at the addresses of the data processors indicated above.
DATA SECURITY
The websites, KÜRT Ltd’s information system and network serving them are all protected against computer fraud, espionage, sabotage, vandalism, fire and flood as well as against hacking and denial-of-service attacks. KÜRT Ltd. has technical and organizational measures and server and application level safety procedures, which are appropriate and proportional to the relevant risks, to prevent unauthorized access, modification, transmission, disclosure, deletion or destruction or accidental loss of or damage to data. All employees and contractual partners of KÜRT Ltd. that have access to the personal data of the data subject have committed themselves to protecting the confidentiality, integrity and availability of the personal data.
Budapest, 09.11.2018.
KÜRT Információbiztonsági és Adatmentő Zrt.
