When handling personal data, LogDrill Informatikai és Szolgáltató Kft. (hereinafter: LogDrill Kft.) pays particular attention to act in compliance with the provisions of Act CXII of 2011 on Informational Self-determination and Freedom of Information (hereinafter: ISFI), as well as other current applicable laws for the protection of personal data, in accordance with the privacy practices established by the Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság, NAIH) and the former Data Protection Supervisor, taking also into account the relevant international recommendations. LogDrill Kft., as data controller, expresses its consent to be bound by the content of this Statement and accepts liability for that data management in connection with its services meets the criteria stipulated in this document.
LogDrill Kft. informs the visitors of this portal (hereinafter: data subjects) by means of this document about the scope of personal data controlled in connection with registration on its homepage, the practice followed in the course of data management, the organisational and technical measures implemented to ensure personal data protection, as well as about the possibilities and the method of data subjects to exercise their rights.
1. The denomination of the data controller
|Name:||LogDrill Informatikai és Szolgáltató Kft.|
|Registered office and mailing address:||HU-8200 Veszprém, Virág Benedek utca 4.|
|Company registration number:||19-09-514871|
|Name of representative:||Dr. Zsolt Nagy, managing director|
|Phone number:||+36 (70) 978-0088|
|Portal address:||www.logdrill.com; www.logdrill.hu|
|Data processing registration number:||NAIH-69342/2013|
The following expressions, words and notions of this Privacy Statement should be interpreted as defined below – the definitions shall be valid for the whole text of the Statement:
dataset: the overall data processed in one register;
data processing: the implementation of technical tasks related to data management procedures, regardless of the method and means of the implementation of procedures or its place, provided that the technical task is implemented on the data;
data processor: the natural or legal person or unincorporated organization who or which performs data processing on the basis of a contract –including also contracts concluded under provisions of the law;
data management: all or any of the procedures implemented on data regardless of the nature of the method applied, including in particular the collection, recording, capture, sorting, storage, change, utilisation, query, transmission, publication, coordination or combination, blocking, deletion and destruction, as well as the prevention of the further utilisation of data, taking photo, audio or video recording, and the recording physical characteristics suitable for personal identification (e.g. finger or palm print, DNA sample, iris image);
data controller: the natural or legal person or unincorporated organization who or which either alone or by cooperating with others defines the purpose of controlling data, makes decisions concerning data management (including the device used) and implements them or have it implemented by the data processor;
data destruction: the complete physical destruction of the data medium containing data;
data transmission: the act of making data available for a specified third party;
data deletion: the act of making the data unrecognisable so as to ensure that data repair is not possible anymore;
data blocking: the act of providing data with an identification mark for the purpose of limiting further management for a permanent or a specified period of time;
EEA state: each Member State of the European Union and other states that are parties to the agreement on the European Economic Area; furthermore, the state whose citizens enjoy the same legal status as those of the European Economic Area on the basis of an international contract concluded between the European Union and its member states and a country which is not party to the agreement on the European Economic Area;
data subject: any natural person identified or – directly or indirectly – identifiable on the basis of any specified personal data;
third country: any non-EEA states.
third party: any natural or legal person or unincorporated organization who or which is not identical with data subject, data controller or data processor;
consent: the voluntary and definite expression of data subject’s will, based on adequate information with which data subject gives their unambiguous assent for the – entire or partial – controlling of personal data related to them;
a) personal data concerning race, ethnicity, political opinion or party affiliation, religious or other philosophical beliefs, advocacy association membership or sexual life,
b) personal data concerning state of health, addictions or personal data regarding criminal record;
LogDrill Kft. does not process special data; there is no need to share such data during the use of services provided on the website.
publication: the act of making data available for anybody;
personal data: data which can be associated with data subject – especially the name, identification mark as well as characteristic information about one or more physical, physiological, mental, economic, cultural or social identity – and the conclusions in connection with data subject drawn from data;
objection: the statement of data subject in which they raise a complaint about data management and ask for the termination of management and the deletion of managed data.
3. Legal basis, purpose and method of data management
The legal basis of data management is data subject’s voluntary consent, as referred to in Art. 5(1) under a) of ISFI. Data subject provides its consent in respect of certain data managements by using the portal and the services available through it, registration and the voluntary record of data.
The purpose of data management is to ensure the availability and legal use of its services of LogDrill Kft. LogDrill Kft. controls data – necessary and suitable for achieving data management goals – provided by data subject in an assigned way, solely for the trial and order of the product, the access to related product information services, the implementation of liabilities and the enforcement of rights arising from the contractual relationship with data subject; moreover, for the legal and safe operation of the services and the portal, as well as for the legitimate protection of third parties’ interests.
Log data concerning the operation of the portal, any steps or actions performed by data subject on it – together with the technical identification data of the computer used for logging in or other device used for accessing the website – are recorded automatically by its data processing system, without external intervention. By opening the portal and using its services, data subject provides their explicit consent for the recording and management of these data. In the event of a third party utilising a device belonging to a natural person, the portal or the user of the services available on it is liable for the legality of data recording. The data recording and processing of browsers, other software and tools used by data subjects for accessing and using the portal and its services are outside the interest and liability scope of LogDrill Kft., data controller does not accept liability for them.
The data connection and access information and log data recorded in the course of the utilisation of the portal and the services available on it are available for the purpose of ensuring the safe operation, development and quality assurance of the portal, the enforcement of the legitimate interests of LogDrill Kft. and data subjects, the performance of official data reporting and for the production of client statistics.
Data recorded automatically shall not be connected with other personal data or with data created during the use of other websites or services by data subject – unless otherwise specified by law.
The portal may install for the purpose of customised service one or more packet(s) of data called cookie(s) – i.e. a technical file containing a string of characters -, through which the browser shall be individually identifiable. The system sends cookies to the visitors’ computer only in the case of opening certain subpages, i.e. they only record the fact that the subpage was visited and the time of visit, no further information is recorded.
The ‘Help’ option available in the menu bar of most browsers provides information regarding the method of blocking cookies.
Data controller shall not use personal data for purposes other than those specified in this Statement. Data shall only be provided to a third party on the prior informed consent of data subject. The above phrase does not apply to compulsory data transmissions based on the legally binding request of the law, court’s judgement or other authority’s decision.
Data controller controls data to the extent necessary to achieve the goal defined in this Statement. The management of data shall – in all phases of data management – correspond to the aims defined in this Statement.
LogDrill Kft. acts fairly and lawfully in the course of data recording and management. In order to protect personal data, data controller shall take all the necessary security, technical and organisational measures and establish all the procedures which guarantees the highest level of security for the controlled data (preventing unauthorised access to, change, transmission, publication, deletion or destruction of data, accidental destruction and damage as well as their becoming inaccessible because of changes of the technique used) that is reasonably available at the current state of technology, as well as which are needed for the enforcement of the provisions of ISFI and further Hungarian and EU data and secret protection laws.
In the course of the automated processing of personal data, data controller ensures the prevention of unauthorised data recording, as well as the use of data processor systems by unauthorised persons with the help of data transmission devices; the means to control and determine the bodies to which data are or can be forwarded with the help of data transmission devices; the means to control and determine that which personal data were recorded in the automatic data processing systems, when it happened and who executed the process; the restorability of the installed systems in the case of a breakdown and that errors occurring during the automated processing are documented.
The IT system, network and portal of LogDrill Kft. are protected from computer aided fraud, espionage, sabotage, vandalism, fire and flood as well as from computer viruses, computer hacking and denial-of-service attacks. The operator ensures security with server-level and application-level protection procedures.
4. Scope of managed personal data
Upon registration to the portal, the following data are required to be entered:
- full name;
- client group (analyst and expert/business decision-maker/trader/investor).
- e-mail address;
Data that can be entered optionally in the course of registration – for a wider access of product information services:
- telephone number;
- name of the business organisation represented by data subject.
- postal address (postal code/country/city/street/house number);
Technical data recorded automatically in the course of the operation of the portal constitutes personal data only insofar as they can be associated with data subject or if their connection with data subject can be restored by data controller.
5. Duration of data management
The management of personal data entered within the framework of registration begins with the registration (by giving consent to data management) and ends with the withdrawal of the consent. The withdrawal of consent to data management involves the simultaneous cancellation of the registration.
In the case of optional data, data management starts on the date the data is entered and ends with its deletion (withdrawal of consent to data management). The deletion of optional data does not result in the automatic cancellation of the registration.
Log data are stored for six months from the date of creation.
Pursuant to Art. 5(5) of ISFI, data controller may manage personal data without further particular consent or after the withdrawal of data subject’s consent to ensure the compliance with its mandatory restoring or other legal obligations, as well as (if it is in proportion with the restriction of the right to the protection of personal data) the enforcement of the data controller’s or a third person’s legitimate interest.
6. The scope of persons that can access the data, data transmission, the use of data processor
Only those colleagues of data controller shall be entitled to access the data who are obliged to retain confidential data, and who complete tasks necessary for the achievement of the goals of data management. Persons acting on behalf or in the interest of data controller shall not publish data or provide them to a third person. The acting colleagues of data controller are aware of the provisions of this Privacy Statement and express their consent to be bound by it.
Personal data may be transmitted and different data managements may be connected if data subject has given its consent or if the law permits it and the terms of data management are complied with regarding each and every personal datum.
Regardless of data transmission device or the method of transmission, personal data may only be transmitted to a data controller or data processor of a third country if data subject gave its explicit consent or if the law permits it and the appropriate level of personal data protection is ensured in the course of the management and processing of transmitted data. Data transmission to EEA states shall be regarded as domestic data transmission. Data controller shall not transmit personal data to a third country.
Data controller shall keep a record of data transmission which shall contain the date of data transmission, the legal basis and addressee of the transmission, as well as the scope of data transmitted.
Data controller may employ a data processor for the operation of the IT system, fulfilment of orders and the settlement of accounts. Data controller accepts liability for the activities of data processors as defined in ISFI. Data processor utilised by data controller shall not execute data processing for its own purposes or make serious decisions and shall only process the data it becomes aware of along the orders of data controller.
7. Data subject’s rights and right enforcement possibilities
Data subject may object to the management of its personal data in cases listed in Article 21 of ISFI. Data controller shall examine the objection as soon as possible, but not later than fifteen (15) days following the submission of the application, shall come to a decision regarding its substantiation and informs applicant in writing about the decision.
Insofar as data controller establishes the substantiation of the data subject’s objection, it shall terminate data management, also including further data recording, as well as data transmission, and blocks data, then informs all those persons about the objection and the measures taken on its basis for whom it previously transmitted the personal data of the objecting data subject and who are obliged to take measures for the enforcement of the right to object.
Insofar as data subject does not accept data controller’s decision or if data controller fails to meet the applicable deadline, may go to court (within thirty (30) days following notification of the decision or the last day of the deadline).
Data subject may request information on personal data managed by data controller, may call for data correction, deletion, blocking or may submit their observations regarding data management. Data deletion may obstruct to the access or use of the service. Data controller shall inform data subject in writing as soon as possible, but not later than thirty (30) days following the receipt of the relevant request.
Insofar as data subject has not submitted a request for information in the current year regarding data set, the information provided for the request is free of charge.
At the request of data subject, data controller shall provide information on data subject’s personal data managed and processed by data controller or data processor commissioned by data controller, the name and address of data processor, and activities in connection with data management and – in the case of the transmission of personal data – on the legal basis and addressee of data transmission. Data controller informs data subjects on the purpose and legal basis of data management as well as the source of data by means of this Privacy Statement.
If data controller fails to perform data subject’s request for correction, blocking or deletion, it shall communicate the factual and legal reasons for the rejection of the request within thirty (30) days following the receipt of the request in writing. In the event of rejecting the request for correction, deletion or blocking, data controller shall inform data subject about its possibilities to judicial proceedings or to turn to the Hungarian National Authority for Data Protection and Freedom of Information.
Data controller shall correct data that does not reflect reality – insofar as data controller learns about this fact and the truthful data are available. Data subject may modify or correct its data given in the course of registration any time.
Data shall be deleted if data management is unlawful, it is so requested by data subject, data are deficient or incorrect and there is no way to correct them, the purpose of data management ceased to exist, the deadline for storing data expired or if it is so ordered by court or the Hungarian National Authority for Data Protection and Freedom of Information. Deletion may be prohibited by the provisions of the law. Instead of deletion, data controller blocks data if data subject requests so or it is assumed on the basis of available information that deletion would violate the data subject’s legitimate interests. Blocked personal data shall only be managed until the data management goal excluding personal data deletion exists.
Data controller marks personal data managed by it if data subject disputes their correctness or accuracy, but the incorrectness or inaccuracy of the disputed personal data cannot be clearly established.
Data controller shall notify data subject of the correction, blocking, marking and deletion. Notification may be omitted if it does not violate data subject’s interest regarding the purpose of data management.
In the case of data controller’s violation of data subject’s rights, data subject may refer the matter to the court (according to its choice, the court of its temporary residence or place of residence) or may notify the Hungarian National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C, postal address: 1530 Budapest, Pf.: 5., telephone number: +36 (1) 391-1400, e-mail address: firstname.lastname@example.org, portal address: www.naih.hu). In the case of a dispute at law, those who otherwise lack legal capacity, may also be parties at the proceedings.
Data controller is obliged to compensate for any damage caused by the unlawful controlling of subject’s data or by the failure to comply with data security requirements. Data controller also accepts liability for damages caused to data subject by data processor. Data controller shall be excused liability if it proves that damage was caused by unavoidable reasons falling outside the scope of data management. Damage may not be compensated insofar as it was a result of the aggrieved party’s intentional or grossly negligent conduct.
Insofar as data subject entered the data of a third party in the course of registration necessary for the use of service or cause any damage during the use of the portal, data controller may assert a claim to the registered party. Data controller provides the prosecuting authority with all reasonable assistance for the termination of the infringement, the exploration of the circumstances and for the identification of the wrongdoer.
Data controller is not obliged to verify data entered by data subjects. The person who gave the data is solely responsible for the conformity of the entered data. Every data subject takes responsibility in the course of entering their e-mail address for that nobody else uses services from the given e-mail address. In respect of this responsibility, any sort of liability in connection with logging in with a given e-mail address is accepted exclusively by the user who registered the relevant e-mail address. The legal statements made on the portal by individuals relate to the conclusion of contracts occurring in abundance in everyday life which require no particular consideration, hence these shall be regarded as legally effective also in respect of incapacitated persons or persons with limited capacity – in the absence of a court decision ruling otherwise.
8. Further provisions
Data controller reserves the right to amend this Statement unilaterally with the preliminary notification of data subject. Following the entry into force of the amendment, data subject accepts the content of the amended Statement by the further use of the service and implicit conduct.
The html codes of www.logdrill.com and www.logdrill.hu websites may contain hyperlinks arriving from external servers and pointing towards external servers, irrespective of data controller. The external server helps the independent audit of attendance and other web analytical data. The web analytical service provider is not entitled to control personal data commissioned by LogDrill Kft., it is only entitled to manage data deprived from information referring to data subjects. Web analytical services are executed by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043) for LogDrill Kft. in the framework of its Google Analytics service (further information about the service are available at the www.google.com website).
Veszprém, 20 September 2013