Privacy Notice of AppWise Consultancy and Service

Limited Liability Company

1. INTRODUCTION:

The operator of the www.appwise.hu website is AppWise Consultancy and Service Limited Liability Company (registered office: 1113 Budapest, Bocsaki út 134-146. D. épület III. emelet, comp. reg. no.: 01-09-285498, represented by: Daróczi Imre Péter, Managing Director; hereinafter: “Controller”) which hereby informs the Users, its customers and business partners regarding the data processing activities carried out on the Website and in relation to the services provided by the Controller, in accordance with Act CXII of 2011 on Informational Self-determination and Freedom of Information and Regulation (EU) 2016/679 of the European Parliament and of the Council on the General Data Protection Regulation (hereinafter: “GDPR”).

The Controller accepts the content of this Privacy Notice as binding on itself. The Controller attaches utmost importance to respecting the right to informational self-determination of its partners, users, customers and any other Data Subject. Accordingly, the Controller handles the personal data confidentially, and takes any measure that guarantees the security of such data.

In the course of its data processing activity, the AppWise LLC acts in conformity with the guidelines of the Hungarian National Authority for Data Protection and Freedom of Information, as well as with the effective laws governing data processing, in particular, the following:

  • Act CVIII of 2001 on Certain Issues of Electronic Commerce Activities and Information Society Services (E-commerce Act), 
  • Act C of 2003 on Electronic Communications (E-communications Act), 
  • Act CXII of 2011 on Informational Self-determination and Freedom of Information (Info Act), 
  • Act XLVIII of 2008 on the Essential Conditions of and Certain Limitations to Business Advertising Activity,
  • Regulation (EU) 2016/679 of the European Parliament and of the Council on the General Data Protection Regulation (hereinafter: “GDPR”).

2. DEFINITIONS:

2.1. Website: complexity of the content and services available at the domain www.appwise.hu where the Users can obtain information on the Controller’s activity. The website also contains links which are not operated by the Controller, and solely serve for informing the users. We kindly ask the Data Subjects to review the privacy notice of such websites prior to entering their personal data on the website concerned.

2.2. Data Subject: any natural person identified or identifiable in the course of processing. The Controller’s customers, business partners, suppliers, the Users visiting the Website and any other person whose personal data are processed by the Controller.

2.3. Business partner: The persons and suppliers who are in a contractual relationship with the Controller.

2.4. Customer: the person who orders the Controller’s services.

2.5. User: the person who uses the website. The services of the website may be used by persons over 18 years only.

2.6. Personal data: any information relating to the Data Subject. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2.7. Processing: any operation or set of operations irrespective of the applied method of processing which is performed on data, such as collection, recording, organisation, storage, alteration, retrieval, consultation, use, transmission, disclosure, alignment or combination, restriction, erasure or destruction, also including the prevention of the further use of such data. 

2.8. Controller: AppWise LLC (registered office: 1113 Budapest, Bocsaki út 134-146. D. épület III. emelet, comp. reg. no.: 01-09-285498) which sets out the purpose of processing, makes and implements the decision on processing, or ensures its implementation by the assigned processor.

2.9. Processing of data: performance of technical tasks relating to processing operations, irrespective of the method and tool applied for the execution of such operations, and of the location of application.

2.10. Processor: a natural or legal person or other entity without legal personality which processes personal data on behalf of the Controller.

2.11. Consent: any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2.12. Transfer: the case where the data is made accessible to a specific third person.

2.13. Disclosure: the case where the data is made accessible to anybody.

2.14. Erasure: making the data unrecognisable in a manner that they cannot be restored any more.

2.15. Destruction: complete physical destruction of the data or of the medium which contains them.

2.16. Objection: the statement of the Data Subject whereby he or she objects to the processing of his or her personal data, and whereby he or she requests the termination of processing and the erasure of the data. In such case the Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims.

2.17. Restriction: making impossible the transfer, learning, disclosure, adaptation, alteration, destruction, erasure, alignment or combination or use of the data, either definitively or for a specific period. 

2.18. Third person: a natural or legal person or other entity without legal personality which is not identical to the Data Subject, the Controller or the processor.

2.19. Privacy Notice: in consideration of the fact that by using the Controller’s services, visiting the Website, as well as through the persons entering into a contractual relationship with the Controller, a contract is established between the Data Subjects and the Controller. The Controller provides information to the Data Subjects about the processing activities carried out in relation to this contract by means of this Privacy Notice. The Controller reserves itself the right to amend this Privacy Notice within 15 days and to publish it on the Website in case any substantial change occurs in the processing.

The Controller informs the Data Subjects that by concluding the contract with the Controller and by entering and using the functions of the Website, they acknowledge the content of this Privacy Notice without making any further legal statement.

3. OUR PROCESSING ACTIVITIES

Our Company may carry out processing activity on the following legal grounds under Article 6(1) of the GDPR:

in accordance with point (a), the Data Subject has given consent (hereinafter: “Consent”) to the processing of his or her personal data for one or more specific purposes following the provision of information;

in accordance with point (b), processing is necessary for the performance of a contract (hereinafter: (“Performance of contract”) to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract;

in accordance with point (c), processing is necessary for compliance with a legal obligation to which the Controller is subject (hereinafter: “Legal obligation”);

in accordance with point (d), processing is necessary in order to protect the vital interests of the data subject or of another natural person (hereinafter: “Vital interest”);

in accordance with point (e), processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (hereinafter: “Public interest”);

in accordance with point (f), processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (hereinafter: “Legitimate interest”).

3.1 Processing the data of the contact persons of our business customers, business partners and suppliers:

Scope of Data Subjects: contact persons of our business customers, business partners and suppliers

Purpose of processing: a) performance of contract, 

b) communication, enforcement of claims and rights

Scope of the data processed: name, phone number, e-mail address, position

Legal grounds for processing: for case a): Article 6(1)(b) of the GDPR (performance of contract)

for case b): Article 6(1)(f) (legitimate interest)

Source of data: business customers, business partners, suppliers

Date of erasure: 5 years from the termination of the contract. If the data form part of the contract, they are erased following the lapse of the retention period stipulated by the Accounting Act, meaning after 8 years from the termination of the contract.

Transfer: no data is transferred.

3.2. Processing the personal data of job applicants: 

We inform the Data Subjects that by sending a CV or job application they automatically consent to the processing and storage of their personal data for the purpose of recruitment, making job offers and communication, as well as to being sent messages to their contact details provided. The consent given to processing may be withdrawn at any time by sending an e-mail to appwise@appwise.hu which contains your name, address and e-mail address. In such case we identify you based on the data provided, and erase all your data stored either electronically or on paper.

If you apply for a job, we process the personal data provided by you until the given position is taken and following this we immediately erase them, unless you expressly consent to storing your CV in our database for a further year for the purpose of sending you future job offers. Once this year lapses we will repeatedly ask for your consent to further processing. If you do not respond thereto, or wish to prevent us from further processing, we will remove your CV from our database.

Scope of Data Subjects: job applicants

Source of data: provided by job applicants.

Scope of the data processed: data provided in the CV (name, phone number, address, e-mail address, place and date of birth, nationality, photo, language knowledge, type of driving licence, educational attainment, jobs, professional experience, hobby etc.)

Purpose of processing: communication, offering

Legal grounds for processing: Article 6(1)(a) of the GDPR (consent)

Transfer: no data is transferred.

We notify the Data Subjects following the position is taken at the e-mail address provided by the job applicant whether or not we intend to establish an employment relationship with them. We process the personal data of the persons with whom we establish an employment relationship in accordance with our privacy notice applicable to our employees.

3.3. Processing of data stored in the database of our customers and clients:

Our Company typically provides IT professional consultancy, processing of data, other IT and web hosting services for its clients. In the course of or in connection with the provision of our services, personal data of natural persons may become accessible to us. In such case, we ask our clients to make available the information relating to the processing to the Data Subjects.

Scope of Data Subjects: all natural persons with whom our clients came into contact and made their personal data available to the same.

Source of data: our clients 

Scope of the data processed: all personal data that were made available to our clients by the Data Subjects. We ask our clients to pseudonymise or anonymise the personal data where this is enabled by the nature of the given service.

Purpose of processing: provision of web hosting, processing of data, IT and other services.

Legal grounds for processing: Article 6(1)(b) of the GDPR (performance of contract)

Transfer: no data is transferred.

Date of erasure: 5 years from the termination of the contract.

4. Rights of the data subjects, remedies:

The Data Subject shall have the right to request information on the processing of his or her personal data, may ask for their rectification or – in the case of a processing based on consent – erasure, may request the restriction of processing, may withdraw his or her consent to processing, as well as shall have the right to object to the processing of the same.

Right of information:

The information addressed to the Data Subject by the Controller on the processing of personal data shall be concise, transparent and shall be provided in a clear and plain language. The right of information may be exercised in writing. The Data Subject may be provided with information orally as well following the verification of his or her identity.

Right of access:

The Data Subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, information on the scope of data processed, the purpose and duration of processing, the recipients of his or her personal data, the source of the personal data, as well as on his or her rights in this regard.

The Controller shall provide information within 30 days from the submission of such request.

Right to rectification:

The Data Subject shall have the right to obtain from the Controller the rectification of inaccurate personal data concerning him or her, and shall have the right to have incomplete personal data completed.

Right to erasure:

The Data Subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,
  • the Data Subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing,
  • the Data Subject objects to the processing and there are no overriding legitimate grounds for the processing,
  • the personal data have been unlawfully processed,
  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject,
  • the personal data have been collected in relation to the offer of information society services.

The erasure of data may not be requested if the processing is necessary for ensuring the compliance with a legal obligation which requires processing by Union or Member State law to which the Controller is subject, or where processing is necessary for the establishment, exercise or defence of legal claims.

Right to object:

The Data Subject shall have the right to object to the processing of his or her personal data, where 

  • it is necessary solely for the purposes of the legitimate interests pursued by the Controller or by a third party, including the profiling. In such case the Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims.
  • personal data are processed for scientific or historical research purposes or statistical purposes, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

The Controller shall examine the objection within the shortest possible time, and shall inform the Data Subject within 30 days in this regard.

Right to restriction of processing:

The Data Subject shall have the right to obtain from the Controller restriction of processing where one of the following applies:

  • the accuracy of the personal data is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of the personal data,
  • the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead,
  • the Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims, or
  • the Data Subject has objected to processing, pending the verification whether the legitimate grounds of the Controller override those of the Data Subject.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the Data Subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

The Controller shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The Controller shall inform the Data Subject about those recipients if the Data Subject requests it.

Right of complaint: 

If you have any grievance in relation to the processing, you have the right to lodge a complaint with the competent supervisory authority: 

Hungarian National Authority for Data Protection and Freedom of Information (registered office: H-1125 Budapest, Szilágyi Erzsébet fasor 22/C)

Mailing address: 1530 Budapest, P.O. Box 5.

Phone: +36 (1) 391-1400, Fax: +36 (1) 391-1410

E-mail: ugyfelszolgalat@naih.hu, Website: http: //www.naih.hu

A court review may be initiated against the decision of the Authority.

Furthermore, you can bring an action against the Controller. The court will act with priority in such case.

You can submit your request for exercising your above rights by sending an e-mail to appwise@appwise.hu or a postal mail to the Controller’s registered office. The Controller undertakes to inform the Data Subject on the measures taken within 30 days from the date of such inquiry.

6. Data of the Controller:

Company name: AppWise Consultancy and Service Limited Liability Company

Registered office: 1113 Budapest, Bocsaki út 134-146. D. épület III. emelet

Company registration number: 01-09-285498, VAT code: 25719640-2-43

Represented by: Daróczi Imre Péter Managing Director

Phone: +36203868802, e-mail address: appwise@appwise.hu

The employee of the Controller who can be contacted in privacy issues in the event of any problem occurring in relation to the processing by Appwise LLC: Tildy-Balogh Enikő (phone: +36203868802, e-mail: appwise@appwise.hu).

The Controller is not required to assign a data protection officer.

7. PROCESSORS:

In order to carry out its activity, the Controller engages the following Processors:

    1. EDITUS NOVUM Kft (registered office: 1116 Budapest, Kővirág sor 63/b., comp.reg.no.: 01-09-695210, e-mail: company@editus.hu

purpose of processing of data: server service

scope of the data concerned: the data specified in Clause 3. The processor shall not use the personal data for any purpose other than that required for the performance of the mentioned task.

    1. B&B Audit Consulting Kft (registered office: 1116 Budapest, Kardhegy utca 5., comp. reg.no.: 01-09-980440, e-mail: bbauditconsulting@gmail.com)

purpose of processing of data: accounting, payroll services

scope of the data concerned: the data necessary for the performance of the task. The processor shall not use the personal data for any purpose other than that required for the performance of the mentioned task.

    1. Microsoft Office 365 (Microsoft Corporation, One Microsoft Way, Redmond WA 98052-7329 USA; the Hungarian privacy notice of Microsoft is available at the website www.microsoft.com under the menu item „data processing at Microsoft”.)

purpose of processing of data: cloud service

scope of the data concerned: the data specified in Clause 3. The processor shall not use the personal data for any purpose other than that required for the performance of the mentioned task.

The service provider of Microsoft Office365 is a corporation established in the USA, and is named on the EU-USA Privacy Shield List set up pursuant to an adequacy decision as per Article 45 of the GDPR and Commission Implementing Decision (EU) 2016/1260. The companies on this list undertook to comply with the GDPR. The transfer of data to this company does not qualify as a transfer to outside the EU, to a third country, and thus does not require a separate authorisation from the data subjects. For further information about the EU-USA Privacy Shield List visit the website www.naih.hu/külföldi-adattovábbítás. 

The Controller reserves the right to involve further processors in the processing in the future, and the Controller will provide information to the Data Subjects in this regard by means of amending this Privacy Notice.

7. Protection of data:

We process personal data only for the purpose and for a period specified in this Privacy Notice. We process only such personal data that are essential for the fulfilment of the purpose of processing and suitable for the same.

Our Company protects the personal data from any unauthorised access, alteration, transfer, disclosure, erasure or destruction, as well as from any accidental destruction or damage, and prevents them from becoming inaccessible due to a change in the applied technique. We ensure the integrity of personal data, and also ensure that they can be accessed solely by those authorised to do so or by those assigned with a task which makes such access necessary.

Our Company commits to call any third party to whom the data are transferred or handed over on the basis of the Data Subject’s consent to comply with the applicable privacy requirements. The Controller prescribes this obligation for its employees and processors engaged in its processing activity, as well.

Our computers are protected by antivirus software and passwords, and the use of foreign media is restricted (can be used in secure circumstances, after being checked only). Back-ups are created on external media, and we also arrange for the secure storage thereof.

Personal data are stored on our own server locked up in a closed premise which can be accessed by a limited scope of persons on the basis of strict authorisation rules. Personal data are also stored on the hard disk drives of our computers, as well as in clouds by using the Microsoft Office 365 cloud service, which can be accessed solely by entering a password and holding the necessary authorisation.

We regularly train our employees in the subject of data and information security requirements, and we comply with the data security requirements in the course of document management.

In the event of a personal data breach – in accordance with our corresponding policy – we notify to the supervisory authority within 72 hours. Our Company also keeps records of such events.

Budapest, 25 May 2018