Privacy Policy

Mito Digital Zrt. (hereinafter referred to as the “Data Controller“) considers it of paramount importance to respect the right of its partners and visitors to informational self-determination. The Data Controller shall process personal data confidentially in accordance with applicable European Union, and domestic law and relevant data protection (official) practices and shall take all information security and organizational measures to ensure the security, confidentiality, integrity, and availability of the data.

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (hereinafter referred to as the GDPR) and Act CXII of 2011 on the right to information self-determination and freedom of information (hereinafter: The Information Act) and the provisions of other legislation relevant to the main activities of the Data Controller, in order to protect the personal data processed, publishes the following Privacy Policy (hereinafter: The Privacy Policy).

The Privacy Policy is effective from 07 November 2022 until revoked regarding the processing of personal data of those involved in the main activities of the Data Controller.

The Data Controller reserves the right to unilaterally change this Privacy Policy at any time. If the Privacy Policy is changed, the Data Controller will inform the parties concerned.

The purpose and legal basis of data processing

By accepting this Privacy Policy, you agree that the personal data you have provided when signing up can be used by Mito Digital Zrt. (hereinafter referred to as MITO) as data controller, for the purpose of get in touch with you.

Pursuant to Art. 6 (1) a) of the GDPR the data processing related to the service available at mito.digital/privacy-policy is based on the voluntary consent of the users concerned.

The Data Controller shall not be liable in any form for any errors or damages resulting from incorrectly or incorrectly provided data, and any liability arising therefrom shall be borne by you.

Information about the data controller

Company name: Mito Digital Zrt.
Registry number: 01-10-140906
Registered offices: 9 Károlyi street, 4th floor, Budapest 1053
Tax number: 27989502-2-41
E-mail address: contact@mito.digital

Information about the data processors

Company name: Trampoline Software SRL

Privacy Policy: https://formspark.io/legal/privacy-policy/

Activity: Using Formspark.io (owned by Trampoline Software SRL) in order to save contact details for contact purposes.

Data processed

We process the following personal data:

• First and last name
• Email address
• Company name
• Message

Categories of data subjects: data controller

The source of the personal data processed: the data subject.

Purpose of data processing: purpose of contact purposes.

Legal basis for processing: the consent of the data subject under Article 6 (1)(a) of the GDPR.

Duration of data processing

The data will be stored until withdrawn, but after 1 year after giving consent, they will be automatically deleted. You can revoke your consent for data processing at any time and you can request for your data to be deleted by writing to  adatvedelem@mito.hu.

We will send a message confirming the deletion of the provided personal data. Exceptions to this are possible enforcement of rights or claims, proceedings before a court, prosecutor’s office, investigating authority, infringement authority, administrative authority, the National Data Protection and Freedom of Information Authority, or other bodies

Access

The processed personal data is primarily accessed by the Data Controller.

Transmission

Personal data will not be transferred to third parties (except from the above-mentioned data processors) unless otherwise provided in the contract between the data subject and the Data Controller or under the authority of any law or claim, court, public prosecutor’s office, investigating authority, misdemeanor authority, administrative authority, national data protection and freedom of information authority, or other bodies authorized by law.

Processing method

The Data Controller shall process the personal data of the data subject electronically.

Profiling

The Data Controller does not make a decision based solely on automated processing in connection with the data subject and does not profile the data subject on the basis of the personal data available.

Rights of the data subject

In the context of data processing, data subjects may exercise the rights to withdraw consent, access, rectification, erasure, restriction of data processing, data portability.

Data Security

The Data Controller and the data processors are entitled to get acquainted with the personal data of the data subject to the extent necessary for the performance of the tasks falling exclusively and exclusively within their area of responsibility.

In the interest of data security, the Data Controller assesses and records all data processing activities performed by him.

Based on the record of data processing activities, the Data Controller performs a risk analysis in order to assess the conditions under which each data processing is carried out and which risk factors may cause harm and possible data protection incidents during the data processing. The risk analysis should be performed on the basis of the actual data processing activity. The purpose of the risk analysis is to define security rules as well as measures that effectively ensure the adequate protection of personal data in line with the performance of the Data Controller’s activity.

The Data Controller shall take appropriate technical and organizational measures to ensure and demonstrate that the processing of personal data is in accordance with the GDPR, taking into account the nature, scope, circumstances, and purposes of the processing and the varying probability and severity of the risk to the rights and freedoms of natural persons. happens. Including, where appropriate:

• pseudonymization and encryption of personal data;
• ensuring the continued confidentiality, integrity, availability, and resilience of the systems and services used to process personal data;
• in the event of a physical or technical incident, the ability to restore access to and availability of personal data in a timely manner;
• a procedure for regular testing, assessment, and evaluation of the effectiveness of the technical and organizational measures taken to ensure the security of data processing.

In determining the appropriate level of security, explicit account shall be taken of the risks arising from the processing, in particular arising from the accidental or unlawful destruction,

loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data that have been transmitted, stored or otherwise processed.

The Data Controller shall implement appropriate technical and organizational measures to ensure that, by default, only personal data that are necessary for the specific data processing purpose are processed. This obligation applies to the amount of personal data collected, the extent to which they are processed, the duration of their storage, and their availability. In particular, these measures should ensure that, by default, personal data cannot be made available to an indefinite number of persons without the intervention of a natural person.

In the event of personal data damage or destruction, attempts should be made to replace the damaged data as far as possible from other available data sources. The replaced data must indicate the fact of the replacement.

Data Controller protects your internal network with multi-level firewall protection. In all cases, a hardware firewall (border protection device) is located at the entry points of the applied public networks. The Data Controller stores the data redundantly – ie in several places – in order to protect it from destruction, loss, damage or illegal destruction due to the failure of the IT device. It protects your internal networks from external attacks with multi-level, active protection against complex malicious code (eg virus protection).

The Data Controller will do everything with the utmost care to ensure that its IT tools and software continuously comply with the technological solutions generally accepted in the operation of the market.

Rights of the data subject in relation to data processing

It is important for the Data Controller that his data processing meets the requirements of fairness, legality, and transparency. In connection with data processing, the data subject may at any time:

• request information on data processing and access to data processed concerning it,
• in the event of inaccurate data, request its correction or completion,
• request the deletion of data processed under his consent,
• object to the processing of your data,
• request a restriction on data processing.

Upon request for information, if it is not subject to restrictions in the interest specified by law, you can find out whether the processing of your personal data is in progress with the Data Controller and is entitled to receive information about the data processed concerning him/her:

• the purpose for which it is treated,
• what authorizes the processing of the data (on its legal basis),
• when and for how long they process their data (duration),
• what data he processes and makes a copy available to the data subject,
• the recipients of the personal data or the categories of recipients,
• transfers to a third country or to an international organization,
• if they were not collected from the data subject, the source of the data,
• the characteristics of automated decision-making, if used by the controller,
• the data subject’s rights in relation to data processing,
• redress.
  
  

The Data Controller shall respond to requests for information and access within 25 days at the latest. The Data Controller may charge a reasonable fee based on administrative costs for additional copies of the personal data processed about the data subject.

When requesting the correction (modification) of the data, the data subject must prove the reality of the data requested to be modified and must also prove that the person entitled to do so requests the modification of the data. This is the only way for the Data Controller to judge whether the new data is real and, if so, whether to modify the old one.

If it is not clear whether the processed data is correct or accurate, the Data Controller does not correct the data, only marks it, ie indicates that it has been objected to by the data subject, but it may not be incorrect. After confirming the authenticity of the request, the data controller shall, without undue delay, correct the inaccurate personal data or supplement the data affected by the request. The Data Controller shall notify the data subject of the correction or marking.

In case of requesting the deletion or blocking of the data, the data subject may request the deletion of his / her data, which means that the Data Controller is obliged to delete the data concerning the data subject without undue delay, if:

• personal data have been processed unlawfully
• personal data are no longer required for the purpose for which they were processed,
• if the processing was based on the data subject’s consent and was withdrawn and another legal basis does not justify further processing of the data,
• the legislation requiring the Data Controller to delete the data imposes such an obligation and has not yet complied with it.

You can request a data processing restriction, which the data controller complies with if one of the following is met:

• the data subject disputes the accuracy of the personal data, in which case the restriction shall apply for a period which allows the controller to verify the accuracy of the personal data,
• the processing is unlawful and the data subject opposes the deletion of the data and instead requests that their use be restricted,
• the controller no longer needs the personal data for the purpose of data processing, but the data subject requests them in order to make, enforce or protect legal claims; or against data processing concerning him.

Where data are restricted, such personal data may be processed, with the exception of storage, only with the consent of the data subject or for the purpose of bringing, enforcing or protecting legal claims or protecting the rights of another natural or legal person or in the important public interest of the Union or a Member State. The Data Controller shall inform the data subject in advance of the lifting of the restriction of data processing.

If the data subject considers that the data processing is in accordance with GDPR or Infotv. If you violate the provisions of the Data Protection Act or consider it infringing the way the Data Controller processes your personal data, we recommend that you first contact the Data Controller with your complaint. Your complaint will be investigated in all cases.

Despite your complaint, you continue to complain about the way the Data Controller processes your data or would like to contact an authority directly, you can file a complaint with the National Data Protection and Freedom of Information Authority (address: 1055 Budapest, Falk Miksa utca 9-11., Postal address: 1363 Budapest, Pf. 9. E-mail: ugyfelszolgalat@naih.hu, website: www.naih.hu).

You have the option of going to court to protect your data, which will act out of turn in the case. In this case, you are free to decide whether to bring an action before the court of your place of residence (permanent address) or your place of residence (temporary address) (http://birosag.hu/torvenyszekek).

You  can find the court of your place of residence or stay at http://birosag.hu/ugyfelkapcsolati-portal/birosag-kereso.

Annex 1. – Relevant legislation

In developing the Privacy Policy, the Data Controller has taken into account the relevant existing legislation and major international recommendations, in particular:

• Regulation (EU) No 2016/679/EU of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (GDPR);
• Act CXII of 2011 on the right to information self-determination and freedom of information;
• Civil Code Act V of 2013 (Ptk.);
• Act CXXX of 2016 on the Code of Civil Proceedings (Pp).

Annex 2. – Definitions relating to the processing of personal data

• controller: the legal entity which defines the purposes and means of processing personal data;
• “processing” means any operation or set of operations carried out on personal data or files by automated or non-automated means, such as collection, recording, ordering, articulation, storage, transformation or alteration, querying, inspection, use, communication, transmission, dissemination or otherwise making available, coordination or interconnection, restriction, erasure or destruction;
• transmission: making the data available to a specific third party;
• data wipe: rendering data unrecognizable in such a way that it is no longer possible to recover them;
• ‘data marking’ means the identification of the data with a view to distinguishing it;
• limitation of processing: indication of the personal data stored with a view to limiting their future processing;
• data destruction: complete physical destruction of the data medium;
• processor: the legal person who processes personal data on behalf of the controller;
• recipient: the natural or legal person, public authority, agency or any other body with whom the personal data is communicated, whether or not it is a third party;
• concerned: an identified or identifiable natural person; identify a natural person who can be identified directly or indirectly, in particular by means of an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person;
• “third party” means any natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or persons authorised to process personal data under the direct direction of the controller or processor;
• consent of the data subject: a voluntary, specific and informed and unambiguous statement of the data subject’s will to indicate, by means of a statement or an unmistakably expressive act of confirmation, that he or she consents to the processing of personal data concerning him;
• personal data: any information relating to the data subject;
• objection: a statement by the data subject objecting to the processing of his or her personal data and requesting the termination of the processing or the deletion of the data processed.