This Policy summarizes the purpose and legal basis of the data processing conducted by Comnica Kft., and the rights natural persons have as Data subjects. Our objective is to provide an accurate view on why and how we process personal data of those who contact our company via our website or other channels.
Legislative Background
This Policy is created based on the following laws and recommendations:
- Regulation (EU) 2016/679 of the European Parliament and of the Council („GDPR”)
- Act CXII of 2011 on informational self-determination and freedom of information („Data Protection Act”)
- Act XLVIII of 2008 on the basic requirements and certain restrictions of commercial advertising activities („Economic Advertising Activities Act”)
- Act CVIII of 2001 on certain issues relating to electronic commercial services and services concerning the information society („E-Commerce Act”)
- Act C of 2003 on electronic communications („E-Communications Act”)
- Act CXIX of 1995 on the use of name and address information serving the purpose of research and direct marketing
Basic concepts for better understanding the Policy
Personal data
Personal data can be any data or information based on which a natural person can be directly or indirectly identified. This includes the Data subject’s name, email address, phone number and address.
Data processing
Data processing means all the actions performed on personal data. This includes collecting, capturing, organizing, storing, using, querying, forwarding, disclosing, restricting, deleting or destructing personal data.
Data Controller
The Data Controller is responsible for specifying the purpose and means of data processing. The controller of your data is Comnica Kft. (Registered seat/address: H-1119 Budapest, Mohai út 38.; VAT number: 14242036-2-43; Business registration number: 01-09-895207, Registering court: Company Registry Court of Budapest – Capital Regional Court).
Data subject
Those who share their personal data with our company via our website or anywhere else, or those whose data are processed by our company otherwise. Such as you, who is reading this Policy.
What data do we process?
Typically, we are collecting and processing the following personal data:
- Email address
- Name
- Phone number, mobile number
- Position, job description
- Name of the company you represent
- Information regarding the size and business activity of the company
For jobseekers: personal data included in CV (More details)
In addition to the above, we utilize cookies on our website for collecting personal data.
What are cookies and why do we use them?
Cookies are data packages sent from our webserver to your computer when you visit our website, and stored there for a specific amount of time – depending on their type.
Cookies do not pose any security risk to your computer, and do not cause malfunctions.
To ensure undisturbed use of our website, some cookies (the so-called management cookies) are automatically deployed on your computer when you visit our website. The purpose of such cookies are to guarantee the safety of our website, retain data saved on our online forms, display multimedia contents and load-balance our website. Personal data (especially the IP address of your computer) collected by these cookies are processed based on our legitimate interests regarding the safe and uninterrupted operation of our website, and processed only for the duration of your visiting our website. Closing the browser automatically deletes these cookies from your computer.
Based on your consent given on our website, the following cookies for the following purposes may be deployed on your computer:
- Cookies for measuring web analytics for statistic purpose (Google Analytics). These are important for us, as this is how we learn certain characteristics of our visitors (their IP address, town, the type of device, browser and operating system they use, as well as the pages visited on our website and the time spent on them). We create general statistics and reports from these anonymous data, and use them to improve our website and perfect our marketing strategy.
- Cookies for remarketing (Google Adwords), with which we can analyse the way you use our website, and display personalized contents and advertisements accordingly, even on platforms outside our websites (e.g. other websites or social media sites).
Upon revisiting our website you may withdraw your consent at any time without costs and restrictions using the popup window displayed when our website is loading.
You can manage cookies in browser settings as well.
For what other purpose and when do we collect your personal data?
Typically, we ask for your personal data when:
- You are asking for a bidding or information regarding our products and services
- You would like to obtain information materials via subscription (e.g. brochures, researches, eBooks, case studies, customer stories, videos and other multimedia educational materials)
- You would like to subscribe to our newsletter or eDMs
- You sign up for a demo or a trial version of a product available on our website
- You would like to sign up for a quiz or prize competition occasionally announced on our website
- Requesting a phone or e-mail consultation with us
- You would like to contact us via our other online platforms, social channels and events, or other events
The purpose of our data processing – depending of the level of your consent – is to fulfil your request, provide you with our information materials, send you our newsletter, and that you can participate in quizzes, price competitions and product trials.
What are the conditions of our processing your personal data?
In short, your explicit and voluntary consent based on complete information (except for our legitimate interests explicitly highlighted in this Policy). You may withdraw your consent at any time by e-mail, post, or in person with our Data Protection Officer at the address below. Obviously, the withdrawal of consent does not affect the lawfulness of data processing before the withdrawal.
In special cases, we might require your personal data for exercise or defence of our possible legal claims, and based on that legitimate interests, we keep processing your personal data until the binding settlement of the litigation.
How long do we keep your personal data?
We keep processing the personal data you provided until:
a) You ask for the deletion of the data (you withdraw your consent)
b) In the event of ad hoc data processing, until the purpose of the data processing ceases to exist. Such ad hoc data processing is the participation in prize competitions or quizzes, or the request for custom information or offer. The purpose of data processing ceases to exist if the competition, quiz or product testing are over, the possible winner is accounted for, or the custom request is fulfilled;
c) For price competitions, we may have to issue an accounting document for you, in such case – pursuant to Act C of 2000 on accounting – we are obliged to keep your data contained in the document (generally for 8 years).
IP addresses obtained automatically by cookies are kept in the system for 7 days.
Where do we store your personal data?
All personal data are stored on our own servers secured by trusted protection. All our servers are located inside European Union territory, and the data stored on the servers – with the exception noted in the Policy – are not accessible from third countries.
What rights can you exercise regarding your personal data?
Request for information (right of access): You may request for information about the processing of your personal data at any time – in person with our Data Protection Officer at the address below, in writing by sending a registered letter to our address, or by sending an email to adatvedelem@comnica.hu email address.
The requested information may regard the processed data, the sources of the data, the purpose, legal basis and duration of the data processing, the name and address of possible Data Processors, and the activities and your rights regarding the data processing. In the event of data transmission, it may regard the recipients and the purpose of the transmission.
We consider your request for information authentic, if you can be clearly identified based on your request. Should you request for information by email or mail, only requests received from your email address on file are considered valid, and we can send information by mail only to your postal address on file. Unless you voluntarily verify your identity in a different way, we cannot send information to email or postal addresses not on file – in order to ensure the security of your data.
Rectification: You may ask for rectification, modification or completion of your data at any time, in the same manners described in “Request for information” section. These requests can only be fulfilled based on requests from authenticate sources described in the “Request for information” section.
Restriction: You may ask us to restrict our processing of your personal data, especially if:
a) You contest the accuracy of the personal data. In this event, restriction applies for the duration of our validating the accuracy of the data.
b) Our legal basis of data processing ceased to exist, but you request for the retention of the data in writing for possible establishment, exercise or defence of legal claims.
Objection: If we process your data in our legitimate interest in accordance to this Policy, you may object to our processing your personal data at any time. In that case, we review the lawfulness of your objection, and if we decide your objection to be reasoned, we cease to process your data, furthermore, we notify everyone about the objection and the measures taken on the basis of the objection to whom the data affected by the objection may have been transferred.
Deletion: You may ask us to delete your personal data at any time.
We may refuse the deletion, if our processing of personal data is stated by a law, or if the data is required for exercise of our legal claims. You will be notified about the refusal of the request for deletion in any event.
The data cannot be recovered after the deletion.
Disclosing personal data (data portability): You may ask us at any time to provide you with your personal data in a structured, commonly used and machine-readable format, or to transmit those data to another controller.
Who can access your personal data?
We handle your data confidentially, and do not disclose them to third parties, except for those below.
If you have subscribed to our newsletter, we forward your email address to our partner Data Processor. Such Data Processor is the MailChimp email sending service, which we use for sending our eDMs and newsletters. MailChimp does not use your email address for any purpose other than completing its task. The Data Processor cannot make any decisions on their own regarding personal data.
Name and address of the Data Processor:
Name: MailChimp c/o The Rocket Science Group, LLC
Address: 675 Ponce De Leon Ave NE
Suite 5000
Atlanta, GA 30308 USA
Read the Privacy Policy of the Data Processor here:
https://mailchimp.com/legal/privacy/
Although some MailChimp servers are located outside EU territory, the European level of security of your email address is still ensured, as MailChimp in the United States joined the so-called Privacy Shield, a cooperation between the European Union and the United States.
What external service providers have social media extensions on our website?
We use extensions of social media websites (i.e. external providers) to share our contents and to get feedback regarding them. Extensions are only activated if you specifically click on their buttons, thus enabling the extensions to connect to social media websites. We use the extensions of the following three social media websites: Facebook, Twitter and LinkedIn.
During browsing, if you are logged into any of these websites, that specific social media website may connect your visit to your social media account. If you click on the appropriate button, the browser will forward the relevant information directly to the specific social media website, and store the information there. In details:
a) Twitter: the server of the social media website saves the data of your activities on our website, and connects them to your Twitter account. In the event of clicking on the Retweet button, Twitter will publish these data, and make them available for its users.
b) Facebook: during browsing our website, a direct connection is established between your browser and the Facebook server via the extensions. Facebook therefore obtains the information that our site has been visited from your IP address. If you use these extensions (e.g. click on Like or Share buttons or write a comment etc.) while logged into your Facebook account, the relevant contents of our website will be connected to your Facebook profile. In that case, Facebook will connect your activity on our website to your Facebook user account.
c) LinkedIn: the server of the provider saves the data of your activities on our website, and connects them to your LinkedIn account. In the event of using the LinkedIn share button, LinkedIn will publish these data, and make them available for its users.
Information about the scope and purpose of such data collection, any further processing or use of your data by Facebook/Twitter/LinkedIn, and your rights and settings regarding the protection of your privacy can be found in the privacy statement of Facebook/Twitter/LinkedIn using the following links:
https://www.facebook.com/policy.php
https://twitter.com/privacy
https://www.linkedin.com/legal/privacy-policy
To whom and when are we obliged to disclose personal data?
Upon the request of the authorities, we are obliged to provide the personal data we are processing to the acting authority. Our company cannot be held responsible in case of such data transmissions and its consequences. You will always be notified about such data transmissions.
What responsibilities may arise regarding the personal data?
When you provide us with your personal data, you assume responsibility for the data being true and originated from you.
Please, provide data of a third party only if you have been explicitly authorized to do that by the third party. Our company does not take responsibility for possible resulting claims.
If a third party is objecting to the data processing after proving their identity in a credible way, the personal data will be immediately deleted without you being notified. Provide data of a third party only after informing the third party about the access of this Privacy Policy.
To whom can you turn with your questions about your personal data or to exercise your rights?
In the event of violation of your rights, you may lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information:
Name: Hungarian National Authority for Data Protection and Freedom of Information
Registered seat: H-1125 Budapest, Szilágyi Erzsébet fasor 22/c.
Postal address: H-1530 Budapest, PO BOX 5.
Phone: +3613911400
E-mail: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu