Privacy policy

1. Introduction

Comp-Xpert Kft. (Hungary, H-6115 Kunszállás, Lődomb utca 30., hereinafter referred to as: Service Provider, Data Controller) operates the comp-xpert.hu website (hereinafter referred to as: Website). The Service Provider fulfils its obligations to provide information related to data processing with this notice. The Service Provider acknowledges the contents of this legal notice as binding on itself and undertakes to ensure that all data processing in connection with its activities complies with the requirements set out in this Policy and the applicable legislation.

The Data Controller:

  • reserves the right to change this information.
  • is committed to protecting the personal data of its customers and partners, and attaches the utmost importance to respecting its customers’ right to information self-determination.
  • treat personal data confidentially and take all security, technical and organisational measures to ensure the security of the data,
  • process personal data solely for specified, explicit and legitimate purposes, for the exercise of a right or the performance of an obligation; it collects and processes personal data in accordance with the principles of fairness and lawfulness,
  • only process personal data that is necessary for the purposes for which it is processed and adequate for the purposes for which it is processed. The Service Provider processes personal data to the extent and for the duration necessary to achieve the purpose. The personal data shall be stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are collected or further processed.

Its data management principles comply with the applicable data protection legislation, in particular:

  • Act CXII of 2007 on the Right to Informational Self-Determination and Freedom of Information (Infotv.)
  • Act V of 2007 – on the Civil Code (Civil Code)
  • Act CLV of 2006 – on consumer protection (Fgytv.)
  • Act XIX of 2007 – on Criminal Procedure (Be.)
  • Act C of 2006 on Accounting (Accounting Act)
  • Act CVIII of 2007 – on certain issues of electronic commerce services and information society services (Eker. tv.)
  • Act XLVIII of 2007 – on the basic conditions and certain limitations of economic advertising (Act XLVIII)
  • Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC

The Data Controller and Data Processor is the operator of the Website, which also provides the related IT services. For the purposes of this Policy, any person accessing and visiting the Website is considered a user (hereinafter referred to as User or Data Subject) who accesses the Website and, in doing so, provides data in accordance with this Policy.

Based on the User’s choice, the Data Controller may process the data indicated in this notice in connection with the use of the services available through the Website. If the User sends an e-mail to the Data Controller, the Data Controller will record the User’s name, company name, telephone number and e-mail address and will process it to the extent and for the duration necessary.

The transfer of data to the Data Processors specified in this Policy may be made without the User’s specific consent. Unless otherwise provided by law, the disclosure of personal data to third parties or public authorities is only possible on the basis of a decision by a public authority or with the prior express consent of the User.

The User warrants that the consent of the natural person concerned has been obtained lawfully for the processing of personal data provided or made available by him/her in the course of using the Services.

The Data Controller is not able to verify the eligibility of the consenting person or the content of his/her declaration, so the User warrants that the consent is in accordance with the law.

The Data Controller shall ensure the security of Personal Data and shall take technical and organisational measures and establish procedural rules to ensure that the stored or processed data are protected and to prevent their accidental loss, unlawful destruction, unauthorised access, unauthorised use, unauthorised alteration or unauthorised disclosure. To comply with this obligation, the Data Controller shall invite all third parties to whom it transfers Personal Data.

In view of the relevant provisions of the GDPR, the Data Controller is not obliged to appoint a Data Protection Officer.

2. Scope of personal data, purpose, legal basis and duration of processing

Rackhost Zrt.The Data Controller’s processing of personal data is based on legal authorisation or voluntary consent, with the proviso that where the data subject does not provide their own personal data, the data subject is obliged to obtain the consent of the data subject. If the data subject does not consent to the processing of his or her data in relation to a particular service, the possible consequence of not providing the data may be that the data subject may not be able to use the service or may not be able to use the service in full.

2.1. User data

The purpose of the processing is to identify and contact the User, if he/she sends an e-mail to the Data Controller to one of the e-mail addresses indicated here.

Legal basis for processing: voluntary consent of the data subject Article 6 (1) (a) GDPR.

Data processed: e-mail address.

Duration of processing: until the time of withdrawal of consent to processing.

2.2 The Website’s own cookie management

The purpose of data processing is: to identify and distinguish users, to identify users’ current session, to store the data provided during the session, to prevent data loss, to identify and track users, to measure web analytics.

Through the use of cookies, the Data Controller processes the following personal data interest information, habits, preferences (based on browsing history) and data technically recorded during the operation of the systems: data of the User’s logging in computer, which are generated during the use of the Service and which are recorded by the Data Controllers’ system as an automatic result of technical processes. The automatically recorded data are automatically logged by the system upon logging in or logging out, without any specific declaration or action by the User.

Legal basis for processing: voluntary consent of the data subject Article 6 (1) (a) GDPR.

The data processed include: ID number, date, time and the page previously visited.

Duration of processing: 30 days

Cookies with an exact expiry date (persistent) are stored on your computer until they are deleted or until their expiry date at the latest.

You can delete the cookie from your computer or disable the use of cookies in your browser. By disabling the use of cookies, the User acknowledges that without a cookie the functionality of the site is not fully functional. The management of cookies is usually possible under the browsers’ settings menu, under the designation cookie, cookie or tracking.

A cookie is a variable alphanumeric packet of information sent by a web server, which is stored on the user’s computer and stored for a predefined period of time. The use of cookies allows the visitor to retrieve certain data and to track his/her Internet usage. Cookies can therefore be used to determine precisely the interests, Internet usage habits and website visit history of the user concerned. As cookies act as a kind of tag that allows the website to recognise a visitor returning to the site, they can also be used to store the username and password of the site. If, during a visit to a website, the user’s browser returns a cookie previously saved on the hard disk, the sending service provider can link the current visit to the previous one, but since cookies are domain-linked, it can only do so for its own content. Cookies are not in themselves capable of identifying the user, they are only capable of recognising the visitor’s computer.

Data processor:

  • Comp-Xpert Kft. (Hungary, H-6115 Kunszállás, Lődomb utca 30., E-mail: info@comp-xpert.com)
  • Providing online hosting: Rackhost Zrt., 6722 Szeged, Tisza Lajos körút 41., info@rackhost.hu, +36 1 445 1200  

2.3 Data processing by external service providers on the Website

Third party service providers: the Controller may use, directly or indirectly, third party service partners in connection with the operation of the Website or the provision of services on the Website, to whom Personal Data are or may be transferred or who may transfer Personal Data to the Controller. Third party service providers are also service providers that are not in cooperation with the Data Controller, but by accessing the websites of the Services, collect data about Users, which may be used to identify the User, either individually or in combination with other data.

Personal Data processed in the systems of Third Party Service Providers is governed by the Third Party Service Providers’ own privacy notices.

Some service partners place a small data package, a so-called cookie, on the user’s computer for the purpose of identifying and tracking users, and read it back during subsequent Internet use. When the browser returns a previously saved cookie, the cookie provider has the possibility to link the user’s current visit to previous visits to websites where the third-party provider’s cookie is used. These providers are: addthis.com, facebook.com, ad.adverticum.net

When you visit the Website, Google Analytics uses a cookie to operate its web analytics system.

For more information on data processing by www.google.com/analytics, please contact http://www.google.com/intl/hu/policies.

The document “How Google uses data when you use one of our partners’ sites or apps” is available at the following link: http://www.google.com/intl/hu/policies/privacy/partners/

You can delete the cookie from your computer or disable the use of cookies in your browser. You can usually manage cookies by going to your browser’s settings menu and selecting cookie, cookie or tracking.

If, during a visit to the website, the user’s browser returns a cookie previously saved on the hard disk, the service provider that sent the cookie can link the current visit to previous visits, but since cookies are domain-specific, it can only do so for its own content. Cookies are not in themselves capable of identifying the user, they are only capable of recognising the visitor’s computer.

There are Third Party Service Providers with whom none of the Data Controllers has a contractual relationship or intentionally does not cooperate with regard to the processing of the data, but they still access the Website, with or without the user’s involvement, and collect data about Users or about the User’s activities on the Services’ websites, which may sometimes be used to identify the User, either individually or in combination with other data collected by these Third Party Service Providers. Such External Service Providers may include, but are not limited to, Facebook Ireland LTD., Google LLC, Instagram LLC, Infogram Software Inc, PayPal Holdings Inc, Pinterest Europe Ltd, Playbuzz Ltd, Twitter International Company, Viber Media LLC, Vimeo INC, YouTube LLC

These Third Party Service Providers process Personal Data transferred to them in accordance with their own privacy policies.

2.4 Other data processing

Information about data processing not listed in this notice is provided at the time of collection. We inform our customers that the court, the prosecutor, the investigative authority, the administrative authority, the National Authority for Data Protection and Freedom of Information, the administrative authority, the National Authority for Data Protection and Freedom of Information, or other bodies authorised by law may contact the data controller to provide information, to disclose or transfer data, or to provide documents.

The Service Provider shall disclose to the authorities – if the authorities have indicated the exact purpose and scope of the data – personal data only to the extent and to the extent strictly necessary for the purpose of the request.

3. How personal data are stored, security of processing

The Service Provider’s computer systems and other data storage locations are located at its headquarters and premises.

The Service Provider shall select and operate the IT tools used to process personal data in the course of providing the service in such a way that the processed data:

  • is accessible to authorised persons (availability);
  • authenticity and verification (authenticity of processing);
  • can be verified to be unchanged (data integrity);
  • be protected against unauthorised access (data confidentiality).

The Service Provider shall take appropriate measures to protect the data, in particular against unauthorised access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction, damage and loss of access due to changes in the technology used.

The Service Provider shall ensure the security of data processing by means of technical, organisational and organisational measures that provide a level of protection appropriate to the risks associated with data processing, taking into account the state of the art.

Data transfers outside the EU: the Data Controller does not transfer personal data directly or indirectly to third countries outside the EU.

Physical server: the Data Controller stores the personal data processed on a server located in the European Union through a data processor (back-up and development systems).

4. Contact details of the controller

+36 1 445 1200 info@rackhost.hu,Name: Comp-Xpert Kft.

Address: 6115 Kunszállás, Lődomb utca 30.

Managing Director: Hajnal László István

E-mail: info@comp-xpert.com

Company registration number: Cg. 03-09-138359/5

Name of the court of registration: Kecskeméti Törvényszéki Bíróság

Hosting provider: Rackhost Zrt. 

Located at: Hungary, H-6722 Szeged, Tisza Lajos körút 41.

Website: https://www.rackhost.hu/

E-mail address: info@rackhost.hu,

Phone number: +36 1 445 1200 

5. Remedies available

The data subject may request information about the processing of his or her personal data and may request the rectification, erasure or blocking of his or her personal data, except for mandatory processing, by the means indicated when the data were collected or by contacting the controller’s customer service.

5.1 Right to information

At the request of the data subject, the Service Provider as data controller shall provide information on the data processed by the Service Provider or by a processor commissioned by the Service Provider, the source of the data, the purpose, legal basis and duration of the data processing, the name and address of the data processor and its activities related to the data processing, the circumstances and effects of the data breach and the measures taken to remedy the data breach, and, in the case of data transfer, the legal basis and the recipient of the data transfer. The controller shall provide the information in writing, in an intelligible form and at the request of the data subject, within the shortest possible time from the date of the request, but not later than 30 days. This information shall be provided free of charge if the data subject has not yet submitted a request for information to the controller in the current year for the same set of data. In other cases, the Service Provider shall charge a fee.

5.2 Right of access

The data subject has the right to receive feedback from the Service Provider as to whether or not his or her personal data is being processed and, if such processing is ongoing, the right to access the personal data.

5.3 Right of rectification

The Service Provider will correct the personal data if it is not accurate and the accurate personal data is available to it.

5.4 Right to cancellation

The Service Provider will delete the personal data if.

  1. (a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  2. (b) the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;
  3. (c) the data subject objects to the processing and there are no overriding legitimate grounds for the processing or the data subject objects to the processing;
  4. d) the personal data have been unlawfully processed;
  5. (e) the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
  6. f) the personal data were collected in connection with the provision of information society services.

The erasure of data may not be initiated for the purposes of: a) exercising the right to freedom of expression and information; b) complying with an obligation under Union or Member State law to which the controller is subject to which requires the processing of personal data, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; (d) for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes where the right to erasure would be likely to render impossible or seriously impair such processing; or (e) for the establishment, exercise or defence of legal claims.

5.5 Right to restriction

The data subject shall have the right to obtain, at his or her request, the restriction of processing by the controller if one of the following conditions is met:

  1. (a) the data subject contests the accuracy of the personal data, in which case the restriction shall apply for the period of time necessary to allow the controller to verify the accuracy of the personal data;
  2. (b) the processing is unlawful and the data subject opposes the erasure of the data and requests instead the restriction of their use;
  3. (c) the controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or
  4. (d) the data subject has objected to the processing; in this case, the restriction shall apply for the period until it is established whether the legitimate grounds of the controller override those of the data subject.

Where processing is subject to a restriction under the foregoing, such personal data may be processed, except for storage, only with the consent of the data subject or for the establishment, exercise or defence of legal claims or the protection of the rights of another natural or legal person or for important public interests of the Union or of a Member State.

5.6 Right to object

The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to processing of his or her personal data necessary for the purposes of the legitimate interests pursued by the controller or by a third party. In such a case, the controller may no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such purposes, including profiling, where it is related to direct marketing.

5.7 Procedural rules

Without undue delay and in any event within one month of receipt of the request, the controller shall inform the data subject of the action taken in response to the request pursuant to Articles 15 to 22 of the GDPR. Where necessary, taking into account the complexity of the request and the number of requests, this period may be extended by a further two months. The controller shall inform the data subject of the extension, stating the reasons for the delay, within one month of receipt of the request. Where the data subject has made the request by electronic means, the information shall, where possible, be provided by electronic means, unless the data subject requests otherwise.

If the controller fails to act on the data subject’s request, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for the failure to act and of the possibility for the data subject to lodge a complaint with a supervisory authority and to exercise his or her right of judicial remedy. If necessary, taking into account the complexity of the request and the number of requests, this time limit may be extended by a further two months (60 days)

The Service Provider shall provide the requested information and information and action free of charge. Where the data subject’s request is manifestly unfounded or excessive, in particular because of its repetitive nature, the Data Controller may, taking into account the administrative costs of providing the requested information or information or of taking the requested action, charge a reasonable fee or refuse to act on the request.

Any person who has suffered pecuniary or non-pecuniary damage as a result of a breach of this Regulation shall be entitled to receive compensation from the controller or processor for the damage suffered. Each controller involved in the processing shall be liable for any damage caused by processing in breach of this Regulation. A processor shall only be liable for damage caused by processing if it has failed to comply with the obligations expressly imposed on processors by this Regulation or if it has disregarded or acted contrary to lawful instructions from the Controller. The controller or processor shall be exempted from liability if it proves that it is not in any way responsible for the event giving rise to the damage.

The Service Provider may not delete the data of the data subject if the processing is required by law.

5.8 Right of recourse to the Data Controller

If you have any questions or comments about data management, you can contact the Data Controller at the postal address, at the e-mail address info@comp-xpert.com

5.9 Right to apply to the courts

The data subject may take the controller to court if his or her rights are infringed. The court shall rule on the case out of turn.

5.10 Data protection authority procedure

You can lodge a complaint with the National Authority for Data Protection and Freedom of Information:

Name: National Authority for Data Protection and Freedom of Information

Headquarters: 1055 Budapest, Falk Miksa utca 9-11

Postal address: 1363 Budapest, PO Box 9.

 

  1. 01. 01.