Privacy notice

1. Introduction:

We hereby inform you that Sapientics Plc. (official name: Sapientics Tanácsadó és Informatikai Zártkörűen Működő Részvénytársaság) uses the personal data of the natural person visitors (hereinafter referred as Data Subjects) as a Data Controller (hereinafter: Data Controller) in the course of operating its informative home page i.e. http://sapientics.com/ (hereinafter: Webpage). Pursuant to the Articles 13 and 14 of the Regulation (EU) 2016/679 of European Parliament and of the Council of 27 April 2016 (hereinafter referred as GDPR), regarding the processing of personal data of the Data Subjects, Data Controller provides the following information.

2. Contact details of the Data Controller and its representative:

Data Controller:

Name: Sapientics Tanácsadó és Informatikai Zártkörűen Működő Részvénytársaság (hereinafter: Data Controller)

Registered seat: 1036 Budapest, Lajos street 74-76.

Representative:

Name: Ákos Simonyi

E-mail:info@sapientics.com

Telephone:+3612312290

3.Name and contact details of the data protection officer

Under the relevant provisions of GDPR, Data Controller is not obliged to appoint a data protection officer. Therefore, the Data Controller can be contacted via the following e-mail address with any questions concerning data protection.

Name: Tamás Sváb

Contact: dataprivacy@sapientics.com

4.Data processing for contacting purposes

By sending an e-mail to info@sapientics.com or using the messaging function under the Contact menu of the Weppage, Data Subjects can directly contact the Data Controller.

Data Subjects: Those natural persons who contact the Data Controller by email or by the messaging function of the Webpage.

Scope of processed data: name, e-mail address, subject and any other data provided by the Data Subject in the message field

Purpose of data processing: contacting between the Data Controller and the Data Subjects, responding to any requests and questions

Legal basis of the data processing: the Data Controller processes these data of the Data Subject pursuant to Article 6(1)(a) of GDPR (subject to your approval). The approval is provided by sending the e-mail or ticking the checkbox before sending the message on the Webpage

Scope of persons entitled to access personal data: Relevant colleagues of the organization of Data Controller, in particular sales and marketing colleagues (or in case the message is related to an event organized by the Data Controller, the coordinator of the event) may have access to the above mentioned personal data voluntarily provided through the incoming message.

Data transfer: Data Controller doesn’t transfer the provided personal data of the Data Subjects neither to third party in the EU, nor to third country, nor to any international organization.

Data processors: For processing purposes, Data Controller uses the services of the following data processors:

Name and contact details of the data processor

Operation of websites

Processing operations provided by the data processor

Sapientics Tanácsadó és Informatikai Szolgáltató Korlátolt Felelősségű Társaság

Address: 1036 Budapest, Lajos utca 74-76.

e-mail: info@sapientics.com

Webhosting services

Wix.com Ltd.

40 Namal Tel Aviv Street Tel Aviv, 6350671 Israel

Using cloud storage space of Office 365

Microsoft Corporation

Dept. 551, Volume Licensing

6100 Neil Road, Suite 210

Reno, Nevada 89511-1137

USA

Place and method of data processing: The voluntarily provided personal data of the Data Subject is stored by the webhosting data processors entrusted by the Data Controller, on the servers of data processors, in the territory of the European Union.

Data retention period: Data Controller processes the personal data of the Data Subject until the withdrawal of his/her consent, but maximum for one year from data supply.

5. Cookies and data processing

Data Controller hereby informs Data Subjects about the use of cookies of the Webpage. Cookies are small data files which help the websites to provide better user experience. These files are saved on the user’s device on his/her first visit on the Webpage, and during the next visit, the browser reads the files and identifies the user. According to the GDPR, these data files are considered personal data in certain circumstances, since in case the earlier set of cookies is sent back by the browser, then the service provider handling the cookies is able to link the current visit of the user with his/her earlier visits, but only for its own content. According to the relevant legislation, cookies can be placed on the user’s device without his/her consent only if it’s a prerequisite for the proper functioning of the website. Every other (not necessary) cookie can be saved only based on the consent of the user. To check or to modify your earlier consent regarding the usage of cookies, click here.

5.1. Necessary cookies

Data Subjects: natural persons who visit the http://sapientics.com/ informative website

Scope of processed data: session id, date and time of the visit on the website

Purpose of data processing: The necessary cookies improve the usability of the website, allow users to navigate on it or to access secure connection. Without these cookies, the Webpage doesn’t function properly.

Legal basis for the data processing: For the usage of the necessary cookies, the consent of the Data Subject is not necessary. Data Controller can process these data in accordance with Article 6(1)(f) of the GDPR (the legitimate interest of the Data Controller).

Data Controller has prepared an interest balancing test in connection with the „legitimate interest” as lawful basis. Upon request, Data Controller provides the test to the Data Subjects.

NAME: PHSESSID

PURPOSE: saves the user’s session data during each request

TYPE: http

EXPIRY: end of the session

RECIPIENT OF THE DATA TRANSFER: no recipient

SERVICE PROVIDER: sapientics.com

5.2. Common rules concerning the handling of cookies

Scope of persons entitled to access personal data: The personal data collected by cookies can be accessed by the management of the Data Controller and the colleagues who operate the IT systems and who are responsible for marketing tasks.

Data processors: For processing purposes, Data Controller uses the services of the following data processors:

Name and contact details of the data processor:

Wix.com Ltd.

40 Namal Tel Aviv Street Tel Aviv, 6350671 Israel

Processing operations provided by the data processor:

Webhosting services

6. Links

Please note that on the Webpage there are links to other websites. The usage of these external websites is ruled by their privacy policy or privacy notice. After clicking on the external link or button, the Data Controller cannot control the collecting, storing or processing of the personal data anymore.

7. Data security

We kindly inform you that Data Controller takes all the technical and organizational measures, and draws up the rules of procedure which are necessary for compliance with the GDPR-requirements of confidentiality and secure data management.

Data Controller protects his/her processed data by all the appropriate measures against unauthorised access, alteration, forwarding, disclosure, erasure, destruction, accidental destruction or damage.

During the data processing procedure, Data Controller maintains:

a) confidentiality: protects the information, therefore only the entitled people can access the data;

b) integrity: protects the accuracy and completeness of the information and the data processing method;

c) availability: ensures that the information can be accessed by the entitled user and the necessary accessing tools are also available whenever the user needs it.

Data Controller provides sufficient protection for his IT systems and networks against computer fraud, espionage, fire, flood, viruses and computer intrusion. The operator ensures security both on software level and on application level. In order to be able to record every single security incident and also to able to provide evidence in case of a security incident occurs, Data Controller is constantly monitoring his/her systems. With system monitoring it’s also possible to verify the effectiveness of the security measures applied. Furthermore, Data Controller requires and controls his contracted data processors to comply with the information security measures applied, under the provisions of their agreements.

8. Rights of the data subject, law enforcement

We kindly inform you that regarding your personal data, anytime and without limitation you may ask for

further information, access to the data
rectification of the data
delete your personal data
limit the data processing
data portability
withdraw your consent
moreover, you may object against the processing of your personal data.

8.1. The right to information

Data Controller takes approprate measures to provide Data Subjects with all the informations covered by the Articles 13,14, 15-22 and 34 of GDPR in a concise, transparent, intelligible and easily accessible form, using clear and plain language.

The right to recieve information shall be exercised in written form, via the contact details mentioned in the 3rd section of this Notice. On the request of the Data Subject – after proving his/her identity – information can be provided in oral form as well.

8.2. The right to access

The Data Subject has the right to receive feedback from the Data Controller on whether the processing of its personal data is in progress, and if such data processing is in progress, the Data Subject is entitled to receive access to his/her personal data and the details of the data processing, in accordance with the GDPR.

Data Controller provides the Data Subject with the copy of the processed personal data of the Data Subject. For each additional copies, Data Controller may charge a fee which is reasonably related to the administrative cost of the service. On the request of the Data Subject, Data Controller can provide the requested information in electronic form as well.

Data Controller shall provide the requested information no later than one month from the presentation of the request.

8.3. The right to rectification

The Data Subject is entitled to request the rectification and the supplementation of the inaccurate personal data concerning him/her.

8.4.The right to erasure

The Data Subject is entitled to request the erasure of personal data concerning him/her by the Data Controller, without undue delay, if any of the following reasons exists:

the personal data indicated by the Data Subject is not necessary for the purpose which the Data Controller collected or otherwise processed it;
the Data Subject withdrew his/her consent and there is no other legal basis for the data processing;
the Data Subject objects to the data processing and there is no legitimate reason enjoying precedence for data processing;
the personal data were processed illegally;
the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject;
the personal data have been collected in relation to the offer of information society services;

Erasure of the data cannot be applied in case the data processing is necessary; for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires data processing by Union or Member State law to which Data Controller is subject; for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller; for reasons of public interest in the area of public health; for archiving purposes, scientific, historical research or statistical purposes of the public interest; or for the establishment, exercise or defence of legal claims.

8.5. The right to the restriction of data processing

The Data Subject has the right to obtain restriction of data processing from the Data Controller if one of the following condition applies:

the Data Subject disputes the accuracy of personal data. In this case, the restriction lasts until the Data Controller checks the accuracy of the data;
the data processing is unlawful, but the Data Subject opposes the erasure of the personal data and requests the restriction of its use instead;
the Data Controller no longer needs the personal data for the purposes of data processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims;
the Data Subject objected to the data processing. In this case, pending the verification whether the legitimate grounds of the Data Controller override the legitimate grounds of the Data Subject, data processing is to be restricted.

In the case of restrictions, the personal data may only be processed (with the exception of storage) with the consent of the Data Subject or for establishing, exercising or defending legal claims or to protect the rights of other natural persons or legal entities or out of important public interest of the Union or a Member State. The Data Controller informs the Data Subject before lifting the restriction on the data processing.

8.6. The right to data portability

The Data Subject is entitled to receive personal data concerning and provided by the Data Subject from the Data Controller in a sequenced, widely used format that is machine-readable. Furthermore, Data Subject is entitled to transfer such data to another data controller if:

the data processing is based on the consent of the Data Subject or on contractual legal basis in which the Data Subject is a counterparty and
the data processing is done in an automated way.

8.7. The right to object

The Data Subject is entitled to object, on grounds relating to his/her particular situation, at any time to the processing of personal data concerning him/her is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller, or the data processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, including profiling based on the mentioned provisions.

In case of object, Data Controller shall no longer process the personal data of the Data Subject unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or which are connected to the establishment, exercise or defence of legal claims.

If the personal data is processed for direct marketing purposes, the Data Subject shall have the right to object at any time to processing of personal data concerning him/her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

In case the Data Subject objects to processing for direct marketing purposes, his/her personal data shall no longer be processed for such purposes.

8.8. Right to object to automated decision-making in individual cases, including profiling

Data Subject shall have the right not to be the subject to a decision based exclusively on automated data processing, including profiling, which produces legal effects concerning him/her or similarly significantly affects him/her.

This right shall not apply in case of the data processing:

is necessary for entering into, or performance of, a contract between the Data Subject and the Data Controller;
is authorised by a Union or Member State law to which the Data Controller is subject and which also lays down suitable measures to safeguard the rights, freedoms and legitimate interests of the Data Subject;
is based ont he explicit consent of the Data Subject.

We hereby inform you that Data Controller does not apply automated decision-making concerning any of the data processing purposes declared in this notice. Furthermore, Data Controller does not process personal data for the purpose of profiling.

8.9. Right to withdraw consent

The Data Subject is entitled to withdraw his/her consent at any time. The withdrawal of the consent does not affect the lawfulness of data processing based on consent before its withdrawal.

8.10. Procedural rules

The Data Controller shall provide information on actions taken on a request to the Data Subject without undue delay but no later than one month from receiving the request. That period may be extended by two further months if necessary, taking into account the complexity and the number of the requests.

If the Data Controller does not act on the request of the Data Subject without undue delay but no later than one month from receiving the request, the Data Controller shall inform the Data Subject on the reasons of not taking any action and on the possibility of lodging a complaint with a supervisory authority and seeking judicial remedy.

The Data Controller shall provide the requested information free of charge. If the requests of the Data Subject are manifestly unfounded or excessive, in particular because of the repetitive character of the requests, the Data Controller may either charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested; or refuse to act on the request.

8.11. Compensation and restitution

Any person who has suffered material or non-material damage as a result of an infringement of the data protection regulation shall have the right to receive compensation from the Data Controller or Data Processor for the damage he/she suffered. Data Processor shall be liable for the damage caused by data processing only where he/she has not complied with obligations provided by the law specifically directed to data processors or where he/she has acted outside or contrary to the lawful instructions of the Data Controller.

If more than one data controller or data processor, or both a controller and a processor, are involved in the same data processing and if they are responsible for any damage caused by the data processing, each controller or processor shall be held liable for the entire damage.

The Data Controller or Data Processor shall be exempt from liability if he/she proves that he/she is not in any way responsible for the event giving rise to the damage.

We hereby inform you that if you have any complaints regarding the processing of your personal data, please feel free to contact us in order to find peaceful resolution. In case of failure, you can report the infringement of your rights concerning your personal data to the competent data protection authority or you can contact the court of your domicile or place of residence.

You can lodge your complaint with the supervisory authority via the following contact details:

Name of the supervisory authority:

Hungarian National Authority for Data Protection and Freedom of Information (NAIH) (website: http://www.naih.hu)

Seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.,

Mailing address: 1530 Budapest, Pf.: 5.

9. Profiling, automated decision-making

We hereby inform you that Data Controller doesn’t use automated decision-making measures related to the data processing purposes declared in the present notice, furthermore, doesn’t process personal data for profiling.

10. Data processing with other purposes

We hereby inform you that according to this notice, your data provided to the Data Controller is not used for purposes other than those declared in this notice.