COOKIE DATA PROCESSING POLICY
I. INTRODUCTION OF DATA CONTROLLER
In order to ensure the lawfulness of the internal data processes of Quadron Cybersecurity Ltd.(hereinafter: the “Data Controller”, the “Company”) and the rights of the data subjects, the following data protection information is provided.
Name of data controller:
Data processor (hereby: Quadron): Quadron Cybersecurity Ltd.
Location: H-1051 Budapest, Sas u. 10-12.
Registration number: 01 09 189206
Tax number: 24919414-2-41
Email: [email protected]
Data privacy contact: [email protected]
The Data Controller handles personal data in accordance with the provisions of all applicable laws, but primarily in accordance with the laws as follows:
• Act CXII of 2011 on the Right to Informational Self-Determination and on Freedom of Information (hereinafter: “Info Act”),
• Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Data Protection Regulation) (hereinafter: “Regulation” or “GDPR”).
The Data Controller treats the personal data confidentially, and in order to preserve the data, it takes all technical and organisational measures related to the storage and data processing of IT and other secure data processing.
Definitions
The conceptual system of this Data Management Information is the same as the interpretative explanations defined in Section 4 of the Regulation, and in certain points supplemented by the interpretative provisions of Section 3 of the Info Act.
When this information decides on information or data processing, it is to be understood as personal data and their processing.
II. DATA PROCESSING PURPOSE: THE MANAGEMENT OF COOKIES ON THE WEBSITE
In order to maintain and develop the services of the website and to enhance the user experience, the Data Controller uses so-called cookies on its website (hereinafter: the “Website”) available at https://www.quadron.hu.
What is a cookie?
Cookies are small text identification and information collection files placed on a user’s device by a browser. A cookie is a series of unique numbers that is used primarily to distinguish between computers and other devices that download a website. Cookies have several functions, including collecting information, memorising user settings, and giving the website owner the opportunity to learn about users’ habits in order to enhance user experience.
For what purposes are cookies used?
- To ensure the proper and high-quality operation of the website.
- To measure attendance.
- To create web analytics and analyse how visitors use the website.
- To control and improve the quality of the services provided by the website.
- To enhance user experience.
- To facilitate the management of our webpages.
- To identify malicious visitors attacking our website.
What cookies does the website use?
Detailed information about the cookies used by the website is provided through the website’s cookie manager.
The information collected by cookies is not sold by the website, it is not rented to third parties, except to the extent necessary to provide the services for which the data subject has provided such information in advance and voluntarily.
What is the legal basis for data processing by cookies?
We use cookies that are essential for the use of the website in our legitimate interest in accordance with Section 6(1)(f) of the GDPR, the legal basis for the use of additional cookies is ensured by the consent of the data subject, which can be given through the cookie manager.
How can you check and disable cookies?
In addition to the website’s cookie manager, all modern browsers allow you to change the setting of cookies. Most browsers automatically accept cookies by default, but these can usually be changed to prevent automatic acceptance and offer you the choice of whether or not you allow cookies each time.
As cookies are intended to facilitate or enable the use and processes of the website, by preventing or deleting the use of cookies, users may not be able to use the full functionality of the website, or the website will function differently in your browser.
You can find information about the cookie settings of the most popular browsers at the following links:
Google Chrome: https://policies.google.com/technologies/cookies
Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
Microsoft Edge: https://support.microsoft.com/hu-hu/help/4468242/microsoft-edge-browsing-data-and-privacy
Microsoft Internet Explorer: https://support.microsoft.com/en-us/topic/description-of-cookies-ad01aa7e-66c9-8ab2-7898-6652c100999d
Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Safari: https://support.apple.com/guide/safari/manage-cookies-sfri11471/mac
III. THE RIGHTS OF THE DATA SUBJECT WITH REGARD TO DATA PROCESSING
The right to information
The data subject has the right to the information related to data processing, which the Data Controller provides by making this information available.
Consent-based data processing
If the legal basis of a data processing is ensured by the consent of the data subject, he or she has the right to withdraw his or her consent to data processing at any time. However, it is important to know that the withdrawal of consent can only apply to data for which there is no other legal basis for processing. Unless there is another legal basis for the processing of the personal data concerned, the Data Controller shall permanently and irrevocably delete the personal data after the withdrawal of the consent. Withdrawal of consent pursuant to the Regulation does not affect the lawfulness of data processing carried out on the basis of consent prior to withdrawal.
Access rights
At the request of the data subject, the Data Controller shall at any time provide information on whether the processing of the data subject’s personal data is in progress and, if so, provide access to the personal data and the following information:
a) the purposes of data processing,
b) the categories of the personal data of the data subjects,
c) the recipients or categories of recipients to whom or with whom the controller communicated or will communicate the personal data, including in particular third country recipients or international organisations,
d) the intended period for which the personal data will be stored or, if that is not possible, the criteria for determining that period,
e) the data subject is also informed of his or her right to request the controller to rectify, delete or restrict the processing of personal data concerning him or her and to object to the processing of such personal data,
f) the right to lodge a complaint with a supervisory authority or to institute legal proceedings,
g) if the data were not collected directly from the data subject by the Data Controller, to all available information on the source of the data,
h) where automated decision-making takes place, the fact of that decision, including profiling, and at least the logic used in those cases, i.e. the significance of such processing and the likely consequences for the data subject.
Right to rectification of personal data
The data subject has the right at any time to have inaccurate personal data concerning him/her rectified by the Data Controller without undue delay upon request. Taking into account the purpose of the data processing, the data subject is also entitled to request that the incomplete personal data be supplemented, inter alia, by means of a supplementary declaration.
If a request is made to correct (modify) the data, the data subject must substantiate that the data requested to be modified is true and real, and the data subject must also prove that the person actually entitled to do so requests the data to be modified. This is the only way for the Data Controller to judge whether the modified data is real and, if so, whether to modify the previous data.
Furthermore, the Data Controller draws attention to the fact that the data subject must report the change in his/her personal data as soon as possible, thus facilitating lawful data processing and the enforcement of his/her rights.
Right of cancellation
At the request of the data subject, the Data Controller shall, without undue delay, delete the personal data concerning the data subject if one of the following reasons exists:
a) the data controller no longer needs the personal data for the purpose for which they were collected or otherwise processed,
b) in the case of consent-based processing, the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing,
c) the data subject objects to data processing, and there is no overriding legitimate reason for data processing or objects to data processing for the purpose of direct marketing,
d) personal data is unlawfully processed by the Data Controller,
e) personal data must be deleted in order to fulfil a legal obligation to which the controller is subject under Union or Member State law,
f) personal data have been collected in connection with the provision of information society services.
Right to restrict data processing
The data subject has the right to restrict data processing by the Data Controller at the request of the data subject if any of the following is met, he/she:
a) disputes the accuracy of personal data; in this case, the restriction applies to the period of time that allows the Data Controller to verify the accuracy of personal data,
b) the processing is unlawful and opposes the erasure of the data and, instead, request a restriction on their use,
c) the Data Controller no longer needs the personal data for the purpose of data processing, but the data subject requests them in order to submit, enforce or protect legal claims, or
d) the data subject has objected to the processing; in this case, the restriction shall apply for the period until it is determined whether the legitimate reasons of the Data Controller take precedence over the legitimate reasons of the data subject.
Right to object
If the processing of personal data is based on a legitimate interest of the Data Controller [Section 6(1)(f) of the Regulation] or the processing is necessary for the performance of a task carried out in the exercise of public authority conferred on the data controller [Section 6(1)(e) of the Regulation], the data subject shall have the right to object at any time to the processing of his or her personal data, including profiling based on those provisions, for reasons related to his or her situation.
If the Data Controller processes the personal data of the data subject for the purpose of direct marketing (i.e. sending information letters), he/she has the right to object at any time to the processing of personal data concerning him/her for this purpose, including profiling, insofar as it relates to direct marketing. If the data subject objects to the processing of his/her personal data for the purpose of direct marketing, the personal data may no longer be processed for this purpose.
Balance of interest test
If the legal basis for the processing of personal data is a legitimate interest of the Data Controller or a third party in accordance with Section 6(1)(f) of the Regulation, the Data Controller shall prepare a written “interest test” in accordance with Section 47 of the Recital and Section 5(2), which can be requested by the data subject by sending a letter to the e-mail address of [email protected].
Right to data portability
The data subject is entitled to receive the personal data concerning him/her made available to the Data Controller in a structured, widely used, machine-readable format. Furthermore, the data subject is also entitled to transfer such data to another data controller by the Data Controller if:
a) data processing is based on the data subject’s consent or on a contract concluded in accordance with Section 6(1)(b) of the Regulation; and
b) the processing is carried out in an automated manner.
IV. PROCEDURE FOR ENFORCING THE RIGHTS OF THE DATA SUBJECTS
The data subject may exercise the above rights in person by sending an e-mail to [email protected], by post to the Data Controller’s registered office, or in person at the Data Controller’s registered office. The Data Controller shall start the examination and execution of the data subject’s request without undue delay upon receipt thereof. The Data Controller shall inform the data subject of actions taken on the basis of the request within 30 days of its receipt. If the Data Controller is unable to comply with the request, it shall inform the data subject of the reasons for the refusal and the right of appeal within 30 days.
Within five years after the death of the data subject, the authorised person is entitled to enforce the rights of the deceased in his/her lifetime set out in this information by an administrative order or a statement in an authentic instrument or a private document of full probative value made to the Data Controller – if the data subject has made more than one, by virtue of a statement made at a later date. If the data subject has not made a corresponding legal declaration, his or her close relative under the Civil Code is still entitled to do so in accordance with Section 16 (right to rectification) and 21 (right to protest) of the Regulation, and – if the data processing has been illegal or the purpose of the processing has ceased with the death of the data subject – to enforce the rights of the deceased during his or her lifetime within five years after the death of the data subject as set out in Section 17 (right of cancellation) and Section 18 (right to restrict data processing) of the Regulation. A close relative who is the first to exercise that right of the data subject shall be entitled to exercise such rights under this Section.
V. RIGHT OF APPEAL IN CONNECTION WITH DATA PROCESSING
In order to enforce the right to judicial remedy, the data subject may apply to a court against the Data Controller if, in his/her opinion, the Data Controller or a data processor or joint data controller acting on our behalf or at our disposal is processes his/her personal data in breach of the provisions laid down in the legislation on the processing of personal data or in a binding act of the European Union. The court shall act out of turn in the case. The trial falls within the jurisdiction of the Regional Court of Law. The lawsuit may also be initiated before the court of the data subject’s place of residence or stay or the data controller’s registered office (Budapest-Capital Regional Court of Law).
By filing a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (HNADPFI), anyone may initiate an investigation against the Data Controller on the grounds that there has been or is an imminent threat of a personal data breach or that the enforcement of his/her rights to data processing is restricted by the Data Controller or his/her request aimed at the enforcement of such rights is rejected by the Data Controller. The notification can be made at one of the following contacts:
Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH) (Hungarian National Authority for Data Protection and Freedom of Information) (HNADPFI) Postal address: 1363 Budapest, POB: 9.
Address: 1055 Budapest, Falk Miksa utca 9-11.
Telephone number: +36 (1) 391-1400 Fax: +36 (1) 391-1410 E-mail: [email protected] URL: https://naih.hu/
Budapest, 26 September 2021