Name and purpose of the data processing
The handling of personal data received from the website, webinars, and other events is for the purpose of facilitating future communication.
The purpose of the data processing is to send offers to our existing and potential partners.
Legal basis for the data processing
In the case of individual entrepreneurs, the GDPR Article 6(1)(a) (consent of the data subject) is fulfilled by providing data with indicative behavior.
In the case of persons acting on behalf of a company, the GDPR Article 6(1)(f) (legitimate interests pursued by the controller or by a third party) applies.
The legitimate interest is to manage the request for an offer, maintain business-related contacts, facilitate successful and efficient conclusion of the contract, and prepare the contract.
Scope of processed data and their source
The scope of the processed data includes name, email address, phone number, and job title.
The source of the data is directly from the requester.
Duration of data processing
If a contract is not concluded, the offer related to the conclusion of the contract is kept for a period of 1 year from the receipt of the offer by the addressee or the express rejection of the offer, or, in the absence of an offer, from the last communication.
* Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Name and purpose of the data processing
Conclusion of contracts, performance of contracts, handling of personal data related to invoicing.
Legal basis for the data processing
For individual entrepreneurs, GDPR Article 6(1)(b) applies (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract).
For persons acting on behalf of a company, GDPR Article 6(1)(f) applies (processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data).
The legitimate interest in this case is to facilitate the conclusion and performance of contracts, coordinate the economic activities of the parties, exercise contractual rights, and fulfill obligations.
Scope of processed data and their source
Scope of processed data: name, email address, phone number, job title, signature, and other necessary data for concluding and fulfilling the contract.
Source of data: directly from the partner.
Duration of data processing
The data should be kept for a period of 5 years from the termination of the contractual relationship with the partner, in connection with enforcing civil law claims and fulfilling obligations.
If the processing of this data is necessary for fulfilling the company’s tax obligations, then the data must be kept for a period of 5 years from the last day of the calendar year in which tax returns, data reports, or notifications were required to be filed, or in the absence of such filings, the tax should have been paid.
Name and purpose of the data processing
Sending general marketing messages, promotional offers, and invitations to events via email.
Legal basis for the data processing
GDPR Article 6(1)(f) (the legitimate interests of the data controller and a third party) applies in this case.
The legitimate interest is to provide information to data subjects about the services and products of the data controller, and to send general marketing messages and promotional offers to partners via email for the purpose of direct business acquisition.
Scope of processed data and their source
Data processed includes: name and email address.
Source of the data: directly from the partner.
Duration of data processing
The general marketing messages and promotional offers may be sent until the termination of the contract or until the data subject exercises their right to object according to GDPR Article 21(2)-(3), whichever occurs earlier.
Name and purpose of the data processing
Exercising legal claims related to the contractual relationship by the data controller.
Legal basis for the data processing
GDPR Article 6(1)(f) (the legitimate interests of the controller or a third party)
The legitimate interest: Enforcement of legal claims by the data controller and successful defense in potential legal disputes or administrative proceedings initiated by the customer.
Scope of processed data and their source
Scope of processed data:
Any of the data listed above.
Source of data: directly from the partner.
Duration of data processing
***
- Data controller’s name, registered office, website and email address:
Cluedit Kft. – 1095 Budapest, Gát utca 21. fszt. 1., web: cluedit.hu e-mail address: info@cluedit.hu
The contact person(s) of the Data Controller
| Email address: | Phone: |
| info@cluedit.hu | +36 20 598 4030 |
Entities authorized to access data at the Data Controller:
- Company executives
- Presales and marketing organization employees, as well as consultants assigned to the respective customer
Data processors, and other data controller recipients’ names, registered office, website (where data protection notices are available):
- Salesforce (415 Mission Street, 3rd Floor San Francisco, CA 94105) website: https://www.salesforce.com/company/privacy/
- Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) website: https://policies.google.com/privacy?hl=en
- Mailchimp/The Rocket Science Group LLC (675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308, USA) website: https://mailchimp.com/legal/privacy/
Description of data processing activities:
- Salesforce
- Mailchimp
Handling of special personal data for the purpose specified in this Privacy Notice:
No special personal data is processed.
Data security measures:
To guarantee the confidentiality, integrity, and availability of your personal data, the Data Controller stores your data in a password-protected and/or encrypted database in compliance with IT security standards and regulations.
Your rights regarding data processing:
The GDPR contains detailed information on your data protection rights, remedies, and limitations (particularly Articles 15, 16, 17, 18, 19, 20, 21, 22, 77, 78, 79, and 82 of the GDPR). You have the right to request information about your data, request correction, deletion, or limitation of processing, object to processing based on legitimate interest, and have the right to data portability. The most important provisions are summarized below.
Right to information:
If the Data Controller processes personal data concerning you, the Data Controller is obliged to provide you with information – even without your request – on the most important characteristics of data processing, such as the purpose, legal basis, duration, the Data Controller’s and representative’s identity and contact details, the recipients of personal data, the Data Controller’s and/or third party’s legitimate interest in processing based on legitimate interest, as well as your rights and remedies regarding data processing (including the right to file a complaint with the supervisory authority), if you do not already have this information. The Data Controller provides this information by making it available to you in this notice.
Access rights:
You are entitled to receive feedback from the Data Controller regarding whether your personal data is being processed, and if such data processing is taking place, you are entitled to access personal data and certain information related to data processing, including the purposes of data processing, the categories of personal data concerned, the recipients of personal data, the (planned) duration of data processing, your rights and remedies (including the right to file a complaint with the supervisory authority), as well as information about the source of the data if the data was not collected from you. Upon your request, the Data Controller shall provide you with a copy of the personal data being processed. For any additional copies you request, the Data Controller may charge a reasonable fee based on administrative costs. The right to obtain a copy cannot adversely affect the rights and freedoms of others. The Data Controller will provide you with information about the possibility of issuing a copy, the method, any costs, and other details upon your request.
Right to rectification:
You have the right to request the Data Controller to rectify inaccurate personal data concerning you without undue delay. Taking into account the purposes of data processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.
Right to restriction of processing:
You have the right to request the Data Controller to restrict the processing of your personal data if one of the following applies:
- You contest the accuracy of the personal data, in which case the restriction applies for a period enabling the Data Controller to verify the accuracy of the personal data;
- The processing is unlawful, and you oppose the erasure of the personal data and instead request the restriction of its use;
- The Data Controller no longer needs the personal data for the purposes of processing, but you require them for the establishment, exercise, or defense of legal claims; or
- You have objected to processing, in which case the restriction applies for the period until it is determined whether the legitimate grounds of the Data Controller override yours.
If the processing of personal data is subject to restriction based on the above, such personal data may only be processed with your consent or for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State, with the exception of storage.
If the restriction of processing is lifted, the Data Controller will inform you in advance.
Right to data portability:
You have the right to receive your personal data provided to a data controller by you in a structured, commonly used, and machine-readable format, and you have the right to transmit such data to another data controller without hindrance from the data controller to which the personal data have been provided, where:
- the processing is based on your consent or on the performance of a contract to which you are a party; and
- the processing is carried out by automated means.
When exercising the right to data portability, you have the right to have the personal data transmitted directly from one data controller to another, where technically feasible.
The right to data portability shall not adversely affect the rights and freedoms of others and shall not prejudice the right to erasure.
Right to object:
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on the legitimate interests of the data controller. In such case, the data controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.
The framework for exercising rights:
The data controller shall inform you without undue delay, but in any case within one month of the receipt of the request, of the measures taken in relation to your rights listed above as a result of the request. Where necessary, taking into account the complexity and number of requests, this period may be extended by a further two months. The data controller shall inform you of any such extension within one month of receipt of the request, together with the reasons for the delay. If the data controller does not take action on your request, it shall inform you without delay, but at the latest within one month of receipt of the request, of the reasons for not taking action and of the possibility of lodging a complaint with the competent supervisory authority (in Hungary, the National Authority for Data Protection and Freedom of Information, “NAIH”), and of exercising your right to a judicial remedy. The contact details of NAIH are as follows: Falk Miksa u. 9-11, 1055 Budapest, Hungary, Tel: +36 1 391 1400, Fax: +36-1-391-1410, Email: ugyfelszolgalat@naih.hu, website: http://naih.hu/
If your rights are violated, you may bring a lawsuit. The court shall have jurisdiction over the case. The action may be brought before the court of the place of residence or domicile of the data subject, as chosen by the data subject. The court may order the data controller to provide information, rectify, restrict, or erase data, taking into account your right to object. The court may order that the judgment be made public in such a way that the data controller or any other data controller and the infringement committed by them can be identified.
You may request compensation for the damage suffered as a result of illegal data processing (including failure to implement data security measures) from the data controller responsible for the damage. If the data controller violates your personality rights by unlawfully processing your data or by violating the requirements of data security, you may claim compensation for moral damages. The data controller shall be released from liability if it proves that the damage or violation of the personality rights of the data subject was caused by an unavoidable reason outside the scope of the data processing.
Compensation for damage does not have to be paid and compensation for moral damages cannot be claimed to the extent that the damage or injury to the person’s personality rights arose from the intentional or grossly negligent behavior of the injured party.
Website usage
Cookies
When we leave a comment on the website, the name, email, and website address provided are stored in cookies. The storage serves convenience purposes so that we don’t have to fill out these fields again when leaving the next comment. The expiration time of cookies is one year.
When we visit the login page, temporary cookies are set to determine whether the browser accepts cookies or not. These cookies do not contain personal information and are deleted when we close the browser.
When we log in to the website, several cookies are created to store login information and display options for the editor interface. The login cookies are valid for two days, and the cookie storing the display options for the editor interface is valid for one year. If we check the “Remember me” option, the login will continue for two weeks. When we log out, the login cookies are removed.
When we edit a post or page, another cookie is stored in our browser. This cookie does not contain personal data and is not suitable for identifying natural persons; it simply stores the identification number of the post we edited. Its validity expires after one day.
Upon the first visit to the website, the user can accept the use of cookies. After acceptance, if the user visits the site from the same IP address, the site will not require consent.
If the user wishes to modify the use of cookies, they can do so in their browser settings.
The website’s views are tracked using Google Analytics. During use, view data is transmitted to the provider, and this data is not suitable for identifying the user. Further information about the data protection policies of this service can be found at the following link: https://policies.google.com/technologies/cookies#types-of-cookies
The user can prevent any use of their data by Google by using the following plug-in application: https://tools.google.com/dlpage/gaoptout/
The website uses Facebook, Google, Pardot remarketing code snippets to provide our customers and prospective customers with more relevant content.
These remarketing codes also use cookies that are unsuitable for identification purposes.
Embedded content from other websites
Posts available on the website may use embedded content (such as videos, images, articles, etc.) from external sources. Embedded content from external sources behaves exactly as if the visitor has visited another website.
These websites may collect data about visitors, use cookies or third-party tracking codes, monitor user behavior related to embedded content if we have a user account and are logged in to the website.
With whom do we share user data?
If you request a password reset, the IP address will be included in the reset email.
How long do we retain personal data?
If we leave a comment, the comment and its metadata will remain in the system for 5 years. The purpose of this is to make all subsequent comments known and approved by us, i.e., not to be put on the list of comments to be moderated.
The personal data of registered users on the website (if any) is also stored in their own user profile. Every user can view, edit, or delete their personal data at any time (except for changing their own username). Website administrators can also view and edit this information.
What rights does the user have regarding their data?
In the case of a registered account or writing a comment on the website, personal data can be requested to be sent in an export file, which contains any data previously provided by the user. It can also be requested that any previously provided personal data be deleted. This does not apply to data that we are required to retain for administrative, legal, or security reasons.
Where do we transmit data?
Comments submitted by visitors can be checked by an automatic spam filtering service.
Pardot Legal Disclosures
We use Pardot forms on our website as a means of communication with our clients, as well as providing customers with the opportunity to easily contact us. By using our website and subscribing to our newsletter, the user agrees to the following guidelines and consents to the use of their data for marketing purposes:
- https://www.pardot.com/legal/
- https://www.pardot.com/legal/permission-based-marketing-policy/
- https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/salesforce_MSA.pdf