Privacy and Data Protection Policy

The following Privacy and Data Protection Policy applies to viewers and users of the website located at http://www.alphanet.hu, operated by ALPHANET Informatikai Zrt.

I. Introduction

As operator of the website, ALPHANET Informatikai Zrt. (henceforth Data Handler) handles the personal data of users with the goal of providing satisfactory services to its customers.

The Data Handler does so in full compliance with all applicable rules and regulations regarding Data Protection, namely those defined in European Parliament and European Council Regulation 2016/679.

This Data Protection Policy is concerned with the protection of individuals’ personal data as the free flow of said data as defined in European Parliament and Council Regulation 2016/679 and the Act 2011. CXII. law’s contents, which deals with information freedom and the right of individuals to request release of their personal data.

Data Handler Details:

Name/Company Name:ALPHANET Informatikai Zrt.
Headquarters:1039 Budapest, Pünkösdfürdő u. 52.
Tax Number:14153833-2-41
Company Registry Number:01-10-045858
Name and address of the website:Www.alphanet.hu
The location of the Data Protection Policy:Data Handler’s website

The Data Handler’s Contact Information:

Mailing address:1039 Budapest, Pünkösdfürdő u. 52.
E-mail:
Telephone:+36 1 242 1830

Over the course of their business and financial activities, the Data Handler will take care to protect individual’s data, take all measures required by law, and to safely and respectfully handle individuals’ data. By the statements made in this Data Protection Policy, the Data Handler promises to be a trustworthy handler of individual data, and to take every safety, technical, or organizational measure required to guarantee complete compliance with data protection regulations.

The Data Handler places a great importance on its partners and customers, as well as the data protection rights of any individual impacted by its activities (henceforth, Affected Parties).

The Data Handler accepts responsibility for the compliance of its services with Data Protection expectations and regulations.

The Data Handler’s handling, processing, forwarding, and release of Affected Parties’ data occurs according to the stipulations of the 2016/679/EU Regulation (henceforth GDPR Regulation) and the Act 2011. CXII. Info Law (henceforth: Info Law).

II. Guidelines for Data Handling

The Data Handler declares that data handling activities will be carried out according to the stipulations of this Data Protection Policy, and will comply with all applicable regulations, with particular attention to the following:

Personal Data will be handled respectfully and transparently, and will abide by applicable laws.

Personal data handling will only occur in the ways below defined, with sound and law-abiding goals.

Personal data handling will occur in the aid of relevant and necessary goals.

Stored personal data must be up-to-date and relevant. Any personal data that is outdated or not reflective of reality must be removed.

The storage of personal data may only occur for the period required to complete the identification of Affected Parties. Prolonged storage may only occur if the personal data is being archived for the public good, for scientific or historical research, or for statistical analyses.

Data handling must be handled in such a way as to implement the essential technical or organizational measures to ensure the safety of stored personal data from unauthorized handling, unintended deletion, or damage.

The data protection guidelines must be followed in any situation where any identified or identifiable individual’s data is being handled.

III. Important Data Handling Information

The goal of data handling is to provide users of the Data Handler’s website with an acceptable level of service.

The legal basis for data handling is founded upon the Affected Parties’ consent. The parties affected by the data handling are the users of the Data Handler’s website.

The extent of the data handling period, and deletion of data: the period for which personal data is stored depends upon the exact goal of the data retention, but upon the end of that period, stored data must be deleted with no further ado.

The Affected Parties may at any time revoke their consent by sending an e-mail to the appropriate contact of the Data Handler. Provided that there is no legal obstacle to the deletion of the data in question, said data must be deleted with no further ado.

The Data Handler and employees are authorized to view and familiarize themselves with stored personal data.

III.1 Legal bases for the use of personal data

Marketing activities: GDPR article 6, paragraph 1, point a

Online registration: GDPR article 6, paragraph 1, point a

Contact, newsletter subscription: GDPR article 6, paragraph 1, point f. The legal intent of partners’ employees and contractors is the maintenance of a stable flow of business.

Contract partner data handling: GDPR article 6, paragraph 1, point b

III.2. Goals of data handling

Data handled as part of business activities are stored to satisfy legal obligations, and for the purpose of maintaining customer relationships;

Handling of partner contact information;

Completion of customers’ orders;

Streamlining of internal administration processes;

III.3. Data handling related to the Data Handler’s website

The purpose of the data handling: sending of the company newsletter to registered users, as well as provision of extra services and contact by the Data Handler.

The legal basis for the data handling is the Affected Parties consent. Modification or deletion of stored data can be requested via e-mail, or by mailing the mailing address above.

The extent of the data handling period begins with registration, and ends with the deletion of the stored personal data, and lasts as long as it takes to reach the goal for which the data was stored, or for the period otherwise legally defined. The data handling will occur until the revocation of consent. The Affected Party may revoke their consent at any time by sending an e-mail to the Data Handler’s designated contact. The deletion of stored data will occur upon the revocation of consent.

The parties affected by the data handling are the website’s users. Registered users who have agreed to receive the company newsletter may at any time, and free of charge, without any need to provide a reason for their request, may revoke their consent to receive the newsletter, by sending an e-mail to with the revocation of data handling consent stated in the subject, or by sending an equivalent letter by post to the mailing address stated above.

Individuals are hereby notified, that neither the username or e-mail address are required to contain personal information. For example, neither the username or e-mail address of the users are required to contain the user’s given name. It is the user’s personal decision whether the create an e-mail address or username that contains personal details otherwise not requested by the Data Handler. An e-mail address – which serves the purpose of maintaining contact – is an indisputable prerequisite for the delivery of the company newsletter or other technical information.

The Data Handler and employees are authorized to view and familiarize themselves with stored personal data.

The method of personal data storage storage is electronic.

Providing personal data is necessary for the purposes of identifying users in the customer database and to establish contact with users.

Handled dataThe exact purpose of data handling
E-mailIdentification, contact
Registration dateTechnical information
IP addressTechnical information

The user may provide their data handling consent by ticking the checkbox provided on the website’s data handling consent form .

The users are hereby notified that they are entitled to a request for deletion of personal data and the suspension of data handling activities, which may be submitted via the methods stated above, and will be responded to via the methods and within the periods stated above.

Cookies

The definition of a cookie: a small file or part of a file stored on a World Wide Web user’s computer, created and subsequently read by a website server, and containing personal information (such as a user identification code, customized preferences, or a record of pages visited). With the use of cookies, the Data Handler can obtain a better picture of users’ page viewing and internet usage habits and history. Cookies do not contain any information which allows for the identification of the user, only to recognize the user’s computer.

Consent by viewing the website: upon viewing the Data Handler’s website, the website will begin to gather using cookies. Users are hereby notified that cookies – which, as stated above, do not collect personal information – may be consented to by clicking the cookie notice presented upon visiting the Data Handler’s website.

The users are also hereby notified, that cookies may be blocked or deleted using the relevant options in the browser settings (if applicable).

Users are notified that blocking cookies in their browser will prevent the use of cookies on their computer, thereby limiting websites’ usability and clearing any settings previously stored on websites.

Cookies used on the Data Handler’s website:

Essential cookies

Google Analytics cookies

Social media: the Data Handler does not store or accept responsibility for any personal data retention or cookie downloads resulting from Social Media interactions initiated by the Data Handler’s website. In these situations, the data protection and cookie policies of the third parties (the communications platform – e.g. Twitter, Facebook LinkedIn, etc.) are in effect.

The parties affected by the data handling: the website’s users.

The purpose of the data handling: extra services, identification, monitoring of viewers.

The legal basis for the data handling: user consent is not required, as long as the use of cookies is vital to site functionality.

The collected data: unique ID, access date/time, stored settings.

The authorized data handlers: the Data Handler and employees. With the use of cookies, the Data Handler does not store personal data.

The method of personal data storage storage is electronic.

Google Analytics

The Data Handler’s website makes use of the Google Analytics platform.

Google Analytics makes use of internal cookies to provide website operators with insight into users usage and viewing habits.

By the request of the website operator, Google uses collected information to analyze how users interact with the website. As an additional service, Google presents analyses and reports on user activities to aid the website operator in providing their essential services.

Collected data is stored in encrypted format on Google’s services, in order to provide better protection for the data.

The user is hereby informed that Google Analytics may be disabled by the following method[1]: “In addition, Google Analytics supports an optional browser add-on that – once installed and enabled – disables measurement by Google Analytics for any site a user visits. Note that this add-on only disables Google Analytics measurement.”

More information on the usage and protection policies regarding data collected by Google can be found on the following sites: https://policies.google.com/privacy?hl=en and https://static.googleusercontent.com/media/www.google.com/en//intl/hu/policies/privacy/google_privacy_policy_en.pdf

IV. The Affected Party’s Rights

The Affected Party may submit a request to the Data Handler for access, modification, deletion, terms of usage modification, and protest privileges regarding their handled personal data.

The Affected Party may at any point in time revoke their data handling consent, though such a request does not retroactively effect the legality of prior data collection. The Affected Party reserves the right to submit a complaint to the relevant supervisory agency. The Affected Party reserves the right to request the Data Handler to, without any justification, correct or modify any inaccurate data that applies to their person. The Affected Party reserves the right to request the Data Handler to, without any justification, delete any information that applies to their person, upon which the data handler is obligated to immediately, without any further ado, delete the personal data in question, provided that the deletion of said data is not prevented by any legal restriction.

The modification or deletion of personal data can be initiated by an e-mail or written letter sent to the contact designated above.

V. Rights related to data handling

Right to information: The user reserves the right to request what data the Data Handler handles, what their legal justification is for handling data, what sources we retrieve data from, and for how long their data will be handled. Upon request, the Data Handler will provide the requested information within 15 days by e-mail.

Right to modify: The user reserves the right to request modification of handled data via the contact information above. Upon request, the Data Handler will provide the requested information within 15 days by e-mail.

Right to request deletion: The user reserves the right to request deletion of handled data via the contact information above. Upon request, the Data Handler will provide the requested information within 15 days by e-mail.

The right to protest:  The user reserves the right to protest data handling via the contact information above. Upon request, the Data Handler will inform the user of the measures taken to respond to their protest within 15 days by e-mail.

The right to complain to the supervisory authority: If the user experiences any illegal data handling on the part of the Data Handler, the first action taken should be to inform the Data Handler of this breach, so that the Data Handler has a chance to resolve the situation. The Data Handler will take any and all measures to resolve verified breaches in GDPR compliance. If, in the user’s opinion, the breach cannot be resolved, the supervisory authority may be contacted through the following:

National Data Protection and Information Freedom Authority

Mailing address: 1515 Budapest, Pf.: 5.

Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c

Telephone: +36 (1) 391-1400

Fax: +36 (1) 391-1410

E-mail:

VI. Data Handlers (parties entitled to view, forward, and process user data)

Data Handling privileges are primarily conveyed upon the Data Handler, and the Data Handler’s internal employees. Data is not published, and with the exception of contractors of the Data Handler and external contracted parties, the data is not forwarded to third parties.

Data Handlers

Regarding user data, the Data Handler forwards to and utilizes the data processing services of the following companies.

Contracted third party data handlers do not reserve the right to make independent decisions regarding personal data, but must abide exclusively to the terms of handling stipulated in the contract with the Data Handler. Contracted data processors will handle forwarded personal information in full compliance with GDPR, with regard to storage, handling, and data processing.

Storage provider:

Name/Company Name:AZURE Cloud Services / Microsoft Ireland Operations Limited
Headquarters:One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland
Telephone:+353 (0) 1 295 3826

The data collected from the user is stored in Cloud Storage operated by the party listed above. Only employees of the Data Handler authorized to handle customer data are allowed access to this storage space, all of whom are aware of the responsibilities belonging to the handling of user data.

The activity name: storage service, server rental

The purpose of the data handling: essential to the operation of the Data Handler’s website

The handled data: data collected from Affected Parties

The extent of the data handling period: The data handling will occur until the website ceases operations, or until the hosting contract between the Data Handler and the storage provider expires without renewal. The user reserves the right to contact the storage provider directly to request deletion of their personal data.

The legal basis for the data handling is the agreement of the Affected Party, and the legal right to collect data.

VII. The method of Data Handling and Security

The Data Handler is responsible for the security of personal data handled, and will follow the necessary technical and organizational measures, including the establishment of internal data processing rules and procedures, to guarantee compliance with the Info Law and other privacy-focused rules and regulations. It is the responsibility of the Data Handler to protect personal data handled from unauthorized access, modification, forwarding, publication, deletion, and damage, as well as to ensure the constant availability of the handled data to authorized parties.

The Data Handler places particular emphasis on the protection of electronically handled data files in the interest of limiting access to said files to authorized individuals and the user – with the exception of legal requests to access handled data.

The data handled is stored in a physically protected data center, and can only be accessed electronically by a unique ID in the form of a username-password combination. Data security is further enforced by daily backups.

The Data Handler guarantees the following over the course of automated data processing:

The prevention of unauthorized write access to handled data;

The use of systems by unauthorized individuals;

The ability to establish at any given time, which individuals and organizations have or are authorized to forward user data;

The ability to establish at any given time, which automatic processing systems have received user data for processing;

The ability to restore full accessibility of user data following any operation lapses in storage services.

The Data Handler will provide, upon request, a full statement of data handling activities, which will allow the review of the legality of any and all data forwarding. The statement will included the scope of the collected data, date of forwarding, legal basis, receiving party’s contact information, and any other data required by law.

VIII. Other provisions, dates effective

This Privacy and Data Protection Policy will be published on the ALPHANET Informatikai Zrt. (Data Handler) website (http://www.alphanet.hu).

The Data Handler reserves the right to independently modify this policy.

The current Privacy and Data Protection Policy will always be made available on the Data Handler’s website, and notifications regarding changes to the policy will be made available to Affected Parties on said website.

Composed: Budapest, 28 October, 2018

Effective from: 01 November, 2018

ALPHANET Informatikai Zrt.

Representative: Péter Berényi, CEO

[1]     Word-for-word quote from the following webpage: https://support.google.com/analytics/answer/6004245?hl=en