Of the MultiSoft Ltd.
Of the MultiSoft Ltd.
Our website address is: https://partner.multisoft.hu.
1. The Company provides among others direct marketing within the framework of activities, – including promotional activities (sending newsletters and advertisement newsletters, calls to participate in giveaways, offering products/services) and telemarketing/telesales activities – to that end handling company names and residential address data (contact details), as well as personal data.
2. Computer programming (software development) is also an activity of the Company, during which client data may be transferred to the Company in relation to carrying out this activity.
5. The Company ensures that data are collected and used in a fair and lawful manner.
6. The Company shall process such data • For the purpose specified in the Data Processing Policy, thus for marketing or direct marketing activities, • And the Client Data in the course of their software development activity performed for their contractual partners exclusively in the interest of carrying out software development activity (hereinafter jointly: activity or activities) in accordance with them, in addition to be allowed to process only data, which are required and suitable for such respective activities. Data processing is allowed exclusively to the extent required for the purposes of carrying out the respective activity and in the case of Client Data with respect to the software development activity specified in the respective contract for the duration necessary for performing the software development activity under the respective contract.
8. Access to data will be granted by the Company exclusively to employees, or persons working under any other arrangement who by virtue of their duties are authorized and obligated to • Carry out activities, and/or • Operate the server hosting data.
9. During data handling attention should be paid to data integrity.
10. In the event the process of activities changes or otherwise warranted by circumstances influencing the performance of activities, the company will – as required – amend this data protection and the data processing policy accordingly.
1. The Company shall store data on password protected servers or also in password protected CRM databases ensuring that they are displayed only on password protected work stations.
2./a. The Company shall provide for the physical protection of the data-hosting server by using premises equipped with security locks (server rooms). The entrance of the premise dedicated to safeguard the server (server room) can only be accessed after entering the building of the company’s seat, any other doors and windows will prevent forced entry using generally accepted methods.
The seat of the company is located in an office building with 24-hour concierge and equipped with an alarm system. There is one designated person at the company authorized to use the keys to the server room. At the same time, the Company designates a substitute person to use the keys should the person in care of the keys be unable to perform this duty for any reason. The keys can be handed over exclusively in this latter case, to the identified substitute person with the purpose of handling the keys.
2. b. In addition to this, the Company uses cloud services to store data, where access is also password-protected.
3. To prevent any unauthorized person from accessing the IT assets storing data accessible through networks all IT/information technology tools available at all times should be utilized.
6. The Company by sustaining and maintaining the actually available IT asset park shall ensure their availability and load capacity required for the software development activity as per contract.
7. The erasure of electronically stored data will be performed by final deletion.
1. The Company will grant data access exclusively for employees, or who work for them under any other arrangement and who due to their duties are authorized and obligated to have access to such data • To perform their respective activities, they need to have access to data pertaining to given activity, as well as to persons, who • Operate the server hosting data.
4. Displaying data is only allowed during the work when such activity is performed and only for that purpose, only for the time period necessary to carry out given activity.
5. Furthermore, it is expressly forbidden to print or display the data by any other physical means (hard copy) for any other purpose than performing the activity, or to take the hard copy of the document from the premises designated to carry out such tasks. It should also be ensured that while displaying data, no such data is lost, damaged or destroyed and their content does not become known to, or accessed by any unauthorized person. Should the storage of the hard copy of data become inevitable, it should be kept for the time period absolutely necessary to normally carry out the activity and only in closed premises and in lockable filing cabinets. Any hard copy of the data, when the purpose of printing the hard copy ceased to exist, should be immediately destroyed.
7. Client Data forwarding is only permitted strictly in accordance with the provisions of the software development contract, unless otherwise stated in the relevant contract exclusively for the contractual partners under the respective contract of the Company.
10. The Company keeps records of the data handled ensuring control over data handling, as well as over the provisions on data protection and data security, and to trace the database path. The records include the name of the database, the date of each phase and the end of data handling, as well as the name and signature of persons handling the data along with their superiors.
Budapest, 18. March 2020
MULTISOFT Information Technology Services Limited Liability Company
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Visitor comments may be checked through an automated spam detection service.
Pursuant to the effective Hungarian regulations as well as Regulation No 2016/679 of the European Parliament and the Council (hereinafter: Regulation) you are voluntarily consenting to MultiSoft Ltd. (seat: 1115 Budapest, Bartók Béla út 105-113.; Company Registration Number: 01-09-161858; Data Protection Register Number: NAIH-83380/2015., NAIH-129040/2017., NAIH-112080/2017; email address: firstname.lastname@example.org) – hereinafter: “MultiSoft Ltd.” or “Data Controller”, upon registering on their website, submitting a Contact form, or subscribing to the newsletter of MultiSoft Kft. (hereinafter: newsletter), to handle your personal data for data processing purposes specified under section 5 in compliance with the referred legal provisions.
You have the right to revoke your consent to your data being processed at any time, to request information on your data being processed at any time, as well as to request rectification or deletion of your data, (cessation of data processing) for the purposes, or for some of the purposes outlined below in writing in a letter sent to “1115 Budapest, Bartók Béla út 105-113.“ or to the email address email@example.com.
You should be especially aware that the User has the right to object to processing his or her data for direct marketing purposes in a letter sent to “1115 Budapest, Bartók Béla út 105-113.“ or to firstname.lastname@example.org.
While registering on the webpage of Data Controller, submitting the Contact form, or signing up for the newsletter, the personal data entered by the User will be processed by the Data Controller until such consent is revoked by the User.
The Data Controller will not be liable for the authenticity of the data you provided.
Data Protection Register Numbers: NAIH-83380/2015., NAIH-129040/2017., NAIH-112080/2017;
User declares to consent to keeping contact using the User Account, or the options provided by him/her, upon registration or upon using the Website.
The User declares that the information provided during registration is true and that it does not constitute a breach of personal or other rights, nor legally protected rights of third parties.
Management of the Users’ personal information will be carried out for: – the use, provision, maintenance, protection of services offered through the website by the Data Controller (hereinafter: “Services”); – further development of Services, as well as the development of new services; – protection of the Data Controller and the User; – for the preparation and completion of activities by the Data Controller with regard to the Services, specifically including the display of contents posted on the Website, as well as providing support for such activities by the Data Controller; – promotional purposes related to above activities (to sending newsletters, or promotional mails, to participate in giveaways, to send product/service offers, for direct marketing and telemarketing/telesales activity, promotion of functions)..
The provisions related to handling and the protection of User’s personal data are applicable exclusively to natural persons given that personal information may only be interpreted in the context of natural persons. The Data Controller will only register personal data that had been voluntarily provided by the User.
6.1. Personal information processed for the purposes of user identification, or any other activities The Data Controller processes the following personal data of Users for identification:
– (1) Natural personal identification data of user: first and surname, date of birth;
– (2) User’s email address;
– (3) User’s residential and mailing address;
– (4) User’s direct telephone and fax number;
– (5) Any personal information provided voluntarily by the User (such as address, position, interests) and other information.
The Data Controller may ask for other personal information about the User on the webpage for different activities, upon submitting such data the Users also give their express and voluntary consent to processing the personal information provided and the Data Controller may only manage the personal information provided for purposes outlined in Section 5 and only until reaching the purpose related to the activity.
6.2. Information processed in order to use the Services
– (1) The IP address of User’s computer;
– (2) Information on User’s activity related to the use of the webpage (such as tracking metrics of banner ad clicks). Such data will be automatically logged by the Data Controller’s system. These data are not suitable for personal identification, the Data Controller shall not link the data in the log file to other personal data in order to use such data for trend analysis, for preparing statistics of site use, for administering the services, analysing and satisfying user demands, to contribute to developing the level of service.
Registration forms: on these pages the Data Controller may ask for personal data required to use the services, these are submitted also voluntarily.
Contact forms: on these pages the Data Controller may ask for personal data required to keep contact, these are submitted also voluntarily.
Newsletter: The Data Controller may also operate a newsletter sending service on the Website. If the User wishes to receive newsletter regarding the use of Services and novelties related to the Services, the Data Controller will ask only for the email address from the User for use for an indeterminate period of time, where the newsletter is expected to be received.
The email address is also provided voluntarily.
The newsletter may also include advertising deals or promotional offers.
Users, who at any time after signing up for a newsletter that may be offered on the Website, decide that they no longer wish to receive the newsletters, may withdraw their consent to receiving such newsletters without justification using the method indicated in the newsletter or on the Website, or by sending an email or postal message to any of the contact details of Data Controller indicated in Section 1 of this Policy.
Withdrawal of the consent to receiving the newsletters will also result in terminating data processing for this purpose.
Direct marketing: Upon registering on the website and/or signing up for the newsletter and/or submitting the Contact form, User voluntarily and expressly consents to Data Controller using the User’s personal information for the purpose of direct marketing.
The Data Controller may send out informational materials to Users from time to time relating to certain Services to inform Users about novelties related to such Services.
In the event the User places an order on the webpage, until delivering the order pursuant to Article 6(1) b) of the Regulation and Article 6(4) of the Info Act the lawful basis for data processing is the legal interest of Data Controller in the fulfilment of the contract – in case they are needed to fulfil the contract.
In compliance with Article 7 of the Info Act and Articles 32-34 of the Regulation, the Data Controller shall make every effort to ensure the security of your personal data.
In addition, the Data Controller will take all necessary technical and organisational measures and establish the operational rules required to enforce the Info Act and other data and privacy regulations.
In the event there is any change to details provided by the User the corresponding updates should also be indicated This may be carried out by mailing a letter to the “1115 Budapest, Bartók Béla út 105-113.” address, or to email@example.com email address, in the event User has a user account on the webpage, updates may also be performed on the webpage. Cloud computing also forms a part of the Services.
Cloud computing is typically international, or cross border in nature and serves the purposes of data storage, for example, where the host is not the computer/corporate IT centre of Data Controller, but a server centre located anywhere in the world.
The primary advantage of cloud computing is that it is essentially moves beyond geographical location, it provides a high security and a flexible, extendable IT storage and processing capacity.
The Data controller will choose partners offering cloud computing with the highest level of consideration, and shall take all reasonably expected measures to enter into agreements that prioritize the data security of Users, to make their data processing principles transparent to Users and to support data security by conducting regular reviews.
Links: The Website of Data Controller may also include some reference or link to certain webpages maintained by other service providers (such as buttons, logos to login or sharing options), over which Data Controller has no control with respect to personal data processing practices, or where the Data Controller is not involved in data sharing/data transfer.
Users are hereby informed that by clicking on such links, they will be forwarded to the websites of other service providers. In such cases consulting the applicable data processing rules for using such websites is recommended.
The User may request information on the data processing, and if processing his or her personal information is in progress, and if during data processing in progress he/she may receive a copy of his or her personal information processed and may request access to his or her personal information, their rectification, cancellation (cessation of data processing), or restricting data handling and may also object to the handling of such personal information.
Based on the complexity and the number of requests, the Data Controller may extend this deadline by up to two months.
The Data Controller will advise the User about the deadline extension by specifying the causes of delay within one month following receipt of the request at the most.
In the event the Data Controller fails to take measures as a follow up on the User’s request, then within one month following receipt of the request they will advise the User as to the reason of failing to take measures, as well as of User’s option to lodge a complaint at the National Agency for Data Protection, or he or she may seek judicial redress.
Any such request will be addressed by the Data Controller free of charge, except, if the request is clearly unfounded, excessive or excessive due to repetitive occurrences, in which case the Data Controller may charge a reasonable fee or may deny taking measures based on the request.
(a) Information, access
Information may be requested about personal data processing based on Article 14. A), as well as Article 15(1) of the Regulation.
Upon request the Data Controller may give information to the User if his or her personal information is processed by the Data Controller or a Data Processor, who is commissioned or assigned by the Data Controller. If the information is processed by the Data Controller or by a Data Processor commissioned for processing or assigned by the Data Controller, then the Data Controller will make the personal information processed by the Data Controller or the Data Processor commissioned for processing or assigned by the Data Controller available to User and within the framework of or depending on the request will inform User about
– the source of the personal data processed and;
– the purpose and the legal ground, the duration of data processing,
– the scope of personal data,
– in case of forwarding the personal information processed the scope of recipients of data forwarding including recipients in third countries and international organisations,
– the duration of storing the personal information managed, the viewpoints in determining this time frame,
– the rights User is entitled to under the Info Act, as well as advising about the ways of enforcing such rights,
– in case of profiling, this fact itself, furthermore
– the circumstances of any eventual data protection incidents in handling User’s personal information, their impact and the measures taken to manage and mitigate them, in addition to advising the User about their activities in relation to data processing.
The Data Controller may rectify a personal data if requested by a User, in case some of the personal information is inaccurate and the accurate data is made available to the Data Controller.
Besides, the User is entitled to ask for any missing personal data. In compliance with the provisions in this Section 8(b) if the information processed by the Data Controller or by the Data Processor commissioned or assigned by the Data Controller is incomplete, incorrect or missing, then they will immediately be rectified or corrected by Data Controller especially so if requested by the User, or if it is compatible with the purpose of data processing, it will be complemented with the additional personal data made available by the User or with User’s comment on the personal information handled.
The Data Controller will be exempted from the liability described in the previous sentence, if no correct, true and complete personal information is available and they are not provided by the User, or the truthfulness of the personal information provided by the User cannot be assessed beyond any doubt.
Based on User’s voluntary decision and request, the Data Controller shall delete the data requested to be deleted within twenty-five (25) days following the receipt of such a deletion request By withdrawing consent to the processing of personal data, as well as by requesting the deletion of data, the User will relinquish the right to participate in the activities related to the registration Deletion is cost-free in all cases.
(d) Restriction of data processing
The Data Controller will restrict data processing, if
– the User disputes the accuracy, truthfulness or completeness of the personal data processed by the Data Controller or by the Data Processor commissioned or assigned by the Data Controller, and the accuracy, truthfulness and completeness of the personal data processed cannot be established beyond any doubt, or
– as a result of unlawful data processing the information should be deleted due to the unlawfulness of data processing, but based on the written statement by the User or based on the information available for the Data Processor there are grounds to believe that deleting the information would harm legitimate user interests, for the duration of legitimate interests giving grounds for not deleting data or
– due to unlawful data processing the information should be deleted, but for examinations or procedures carried out by the Data Controller or by or with the participation of other bodies with public service mission set forth in regulations – thus especially in criminal proceedings – the information should be retained as evidence until closing such examination or procedure.
Personal data restricted in this fashion will be handled by the Data Controller only until the time the purpose of data handling that excluded the deletion of the personal data continues to exist.
Restricted personal information, except for storage, may only be processed for enforcing legitimate User interests, or with User’s consent, or for litigation, enforcement of to defend legal claims, or in the defence of other natural or legal entity or on the grounds of an important public interest of the European Union or a member state.
The Data Controller will notify the User if restriction is imposed.
The Data Controller will give advance notice to User on the withdrawal of restriction, in the case restriction was necessary for verifying data accuracy, truthfulness or completeness.
The User may at any time object to processing his or her personal information. In the event the User objects to data processing, then his or her personal data should not be further processed, unless the Data Controller proves that there is a compelling justification for data processing which outweigh User interests, rights and freedoms, or which are linked to litigation, enforcement of defence of legal claims. In the event the User objects to processing personal information for direct marketing efforts, then the personal information may not be further used for such purpose.
To object to data processing for direct marketing, the User has options ranging from other communications to selecting the appropriate checkbox on the website of the Data Controller.
(f) Right to Data Portability Within the scope of right to data portability the User is entitled to ask for a structured, widely used, machine-readable copy of his or her personal information processed by the Data Controller, as well as to ask the Data Controller to directly forward his or her personal information to another data controller.
a) Judicial Enforcement
The User may turn to court in relation to the Data Controller or – to the data processing operations falling within the Data Controller’s activities – against the Data Controller, if in his or her view the Data Controller or the Data Processor commissioned or assigned by the Data Controller handles his or her personal information contravening the provisions outlined in the regulations on personal data processing or in any mandatory EU legislative act. Demonstrating compliance with the requirements outlined in regulations or in the mandatory EU legislative acts on processing personal information is the responsibility of Data Controller or Data Processor commissioned by the Data Controller.
The case may be brought before the court competent according to his or her residence or place of stay at his or her discretion.
Persons with no legal capacity may also be party to the case. If the Data Controller or the Data Processor commissioned or assigned by the Data Controller breaches the provisions set forth in the regulations or mandatory EU legislative acts on processing personal information, thus causing damage to others is liable to compensate for. If the Data Controller or the Data Processor commissioned or assigned by the Data Controller breaches the provisions set forth in the regulations or mandatory EU legislative acts on processing personal information, infringing personality rights of somebody else, the person whose personality rights suffered harm by the Data Controller or the Data Processor commissioned or assigned by the Data Controller may claim compensation in tort. The detailed means of enforcement, as well as the detailed legal provisions on the responsibilities of the Data Controller are set out in the Info Act. The rights of incapacitated Users, or Users with limited legal capacity regarding data processing – including giving consent to personal data processing – will be exercised by their legal representative, or guardian and the User’s responsibilities will be fulfilled by such representative or guardian.
No consent or post factum approval by the legal representative or guardian is required for the validity of a consent provided by a minor under the age of 16.
(b) Public Enforcement
– may initiate an investigation by the National Agency for Privacy Protection to examine the legality of measures by the Data Controller, if before starting data processing the Data Controller failed to inform the User or failed to inform in accordance with the provisions of the Info Act, or hindered the User in enforcing his or her rights outlined in Section 9 of this Data Processing Policy or refused the application to enforce such rights, or
– may initiate a procedure by the National Agency for Privacy Protection if in his or her view during processing his or her personal information the Data Controller or the Data Processor commissioned or assigned by the Data Controller breaches the provisions specified in the Regulation or in the mandatory EU legislative acts on data processing.
The Internal Data Protection and Data Security Policy of Data Controller forms a not severable Schedule I of this Policy that specifies all technical and organisational measures ensuring the protection of data processed for direct marketing.
Budapest, 18. March 2020.