→ privacy
policy

1. Overview

Who controls my data?

Complytron as Data Collector controlls and processes data collected through its website, contracts and any other channels linked with Complytron Ltd.

Our contact info:

Complytron Kft.
Address: 2459 Rácalmás, Fő utca 102.
Email: contact@complytron.com

1.1. Where does the Privacy Policy take place?

The Privacy Policy applies to the Complytron’s website, application (app.sourcecodeleak.com, Complytron.com hereinafter referred to as ‘Complytron apps’) and all other direct services. Complytron is developing and operating the COMPLYTRON app.

1.2. Who collects the data, and what does it consist of?

A data controller is the one who determines what data is collected, with which tools, and for what purposes.

Data can be any information you give to Complytron while using its services.

  • 1.2.1. Personal data includes information which can directly or indirectly identify the owner—typically being name and email.
  • 1.2.2. Special data: data that is collected and stored by Complytron Ltd. from a publicly accessible databases. Special data includes, but is not limited to data of public interest, data from criminal records, sanction program databases. Special data can be names, legal entity names, birth data, address. Data processing based on the Article 6. (1) e. of the Regulation (EU) 2016/679 of the European Parliament and of the Council
  • 1.2.3. Open domain data: Names of persons and legal entities expressly disclosed by the data subject and collected and stored by Complytron Ltd. Public data include, but are not limited to, publications of corporate and official websites, public business registers and government publications and bulletins. Data processing based on the Article 6. (1) e. of the Regulation (EU) 2016/679 of the European Parliament and of the Council.
  • 1.2.4. Searched terms and names: The names of the natural and legal persons who may be included in the databases stored and processed by the data controller and on whom any user may apply searches in order to fulfill its contractual or other obligations.

Learn more about this at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=OJ:L:2016:119:FULL&from=EN

1.3. What does this notice do for me?

Our primary goal is to make sure we offer protection for our visitors and travellers. We pay particular attention to making sure we guarantee the rights of the services we provide to everyone without discrimination of any kind. We want to make sure that we give you your right to privacy when handling personal data in any way.

The Info. (Act CXII. of informational self-determination and freedom of information law in 2011) and the European General Data Protection Regulation (2016/679 The EU Regulation on the protection of natural persons with regard to the processing of personal data and such free flow of data, hereinafter referred to as "GDPR"), which came into force on May 25th, 2018, also necessitates adequate information for stakeholders.

1.4. What are the basic principles of data management?

Legality: The legal basis for handling data is explicit and well-founded
Fairness and Transparency: There is sufficient amount of information that can be easily understood and accessible regarding data management
Purpose limitation: Data management is exclusively for the purposes defined and communicated in advance
Saved data: Only the data required and relevant are requested during data processing
Accuracy: Managed data is up to date
Limited storage: Data management is only done for the duration of its purpose
Integrity and confidentiality: The technical and organizational measures used in data management provide a high level of security
Accountability: The Complytron procedure is aligned with the national and international standards

2. Data Types and Purposes

2.1. How do I find out what my data is used for?

Each time we collect data it is done with a predefined purpose. We ensure that the information requested is done in a transparent manner. When signing up for any of our trips or sending your contact info though our website, we highlight what we will use the requested information for. Your consent will be asked based on this.
If you have further questions, please contact us at contact@complytron.com.

2.2. Exactly what type of data do you ask me for and where?

It depends on which of our services you’d like to use. We make sure that we have your understanding and consent for every different case by providing you with the information you need, then asking for your agreement by ticking checkboxes which express that you have read, understood, and give us permission to handle your data.

Otherwise, Processing shall be lawful only if and to the extent that at least one of the following applies:

  • processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
  • processing is necessary for compliance with a legal obligation to which the controller is subject
  • processing is necessary for the purposes of the legitimate interests pursued by the controller
  • processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract

The following table shows all the possible cases where we may ask for your data:

Your role Where you enter your data Data types and Addresses Purpose(s) of data use and lawfulness How long your data will be stored How to take back your consent
Requesting for more info through our web page The 'Contact us' subpage of our website Name, email address
CEO and Ops
We will send you an email to answer your question (GDPR Article 6. (1) a) Until withdrawal of consent You can reply to our email or call and indicate that you want to be removed from our list
Signing up to COMPLYTRON app http://app.sourcecodeleak.com/registration#/ Name, Email, phone number, employer, medium you ae working for, other you may share
_______
CEO, Ops
Completing registration, system emails in connection with app use Until withdrawal of consent Withdrawal means hard delete from app that you can ask for through email
Searching names of persons in Complytron apps https://complytron.com/search.html
or via API key
Name, legal entity name, a.k.a. name Provision of data to third parties for the performance of contractual or other obligations 180 days Permanent deleting
You subscribed interested in Complytron news and direct marketing You have subscribed to our newsletter and/or during registration Name, email address

CEO, Ops
We will send you our newsletter through email.

(GDPR Article 6. (1) a)
As long as you are a subscriber You will find the option to unsubscribe at the footer of every newsletter
Your visit our website Info collected by cookies IP address

Google
Google analytics collects and manages IP addresses anonymously. Our goal is to improve the usability of our website based on statistics.
(GDPR Article 6. (1) a)
5 years You must provide your consent at the first visit of the website, which can not be withdrawn, so you can delete the installed cookies at any time from your browser.

In any case we wish to use your personal data for any other purpose than the original request, we will talk to you first.

3. Data management mode

3.1. What happens to my data when I sign a contract?

In all cases, your data will be processed according to our principles and will be used solely to perform the contract or to fulfill legal obligations. The contracts are stored in closed folders.

3.2. What happens to my data in other cases?

Complytron app
Registering as a user: During registration, the user agrees, by checking the checkbox, that personal data will be processed by Complytron for the purpose of completing the registration, sending system messages, and other purposes necessary for the provision of the service. Data management is a prerequisite for the provision of the service, the withdrawal of the consent means the hard (final) deletion from the application. The personal data you submit will be stored in an encrypted way on our Google Cloud server.

By registering, you agree to be reached out by us: During registration, the user by checking the checkbox may consent to process his / her personal data for the purpose of receiving news/direct marketing emails containing personalized services, satisfaction measurement, feedback request and direct marketing, as specified in the Privacy Policy, executed by Complytron. Data management is not a prerequisite for the provision of the service; withdrawal of the consent does not constitute a hard deletion from the application.

Contact us and ‘I’m interested’
If you have a question, then we will ask for your name and email address so that we can contact you with the resources or support your request. Your name and email address will be stored for two years, which means the operation of an online database that is only accessible to us. In any case, we will not forward or sell your personal data to third parties and it will not be published anywhere. Also, it's important to know that we do not automatically subscribe you to our newsletter. To unsubscribe you can email us that you do not want to receive more messages from us.

4. Rights of the data subject

4.1. What are the rights to access my personal information?

Right of prior information
Before requesting data, we ensure to communicate accurate information to you on what the purpose of the data collection is and how it is processed, such as who can access it.

On our webpage, we visibly display an outline that highlight what we will use personal information for.

Right of withdrawal of consent
You are entitled to withdraw your consent for us to manage your data at any time.

If you do not wish to receive news from us, you can unsubscribe at any time by clicking the 'Unsubscribe' button at the bottom of the newsletter. If you do not want to receive any more emails from us, you can easily reply to us by email.

Right of access
Users have the right to know about the personal information of their given organization and information about the management of the organization, and to inquire about what information is kept by an organization at any time.

Through our contacts you can send this request to Complytron.

Right to data portability
The data subject shall have the right to receive the personal data that the data controllers have, and if technically possible, able to request the data to be forwarded to another data controller.

Through our contacts you can send this request to Complytron.

Right to rectification

The data subject may request to correct inaccurate information from data controller without undue delay.

Through our contacts you can send this request to Complytron.

The right to restriction of processing
The user has the right to request that the data controller stops processing his/her data if:

  • the user disputes the accuracy of the personal data
  • the data handling is illegal, and the user is opposed to the deletion of the data
  • the data controller no longer needs personal data, but the user requires them to enforce legal claims

Through our contacts you can send this request to Complytron.

Right to object
The user has the right to object to the processing of his or her personal data for any reason relating to personal reasons if they are processed in the interest of the data controller or his public authority.
Through our contacts you can send this request to Complytron.

Right to erasure
The user has the right to request that data controller without delays, delete personal data if:

  • - personal data is no longer needed for the purpose from which they were collected
  • - the user withdraws the consent of the data controller and does not have any other legal grounds for data processing
  • - the user objects to the processing of his/her data because there was no prior legitimate reason for data handling
  • - the personal data was unlawfully processed

Deletion means hard delete.

If you receive an email from us through either the newsletter or any of the other ways detailed above and unsubscribe or do not request for more emails, your name and email address will be deleted immediately from our database. (hard delete)

Through our contacts you can send this request to Complytron.

Right to be forgotten

If the data controller has disclosed personal data and is obliged to delete it for some reason, he takes technical measures to take into account the available technology and the costs of implementation to inform other data controllers that the person concerned has made such a request. The other data controller is typically a search engine operator who has access to handle the personal data if requested.

Complytron does not disclose any personal data.

Right to complain

Through our contacts you can send this request to Complytron.

4.2. Where can I enforce my rights?

Complytron seeks to maximize your rights and prioritize any questions or requests about our data management practices.
Data protection issues are dealt by the Hungarian National Data Protection and Information Freedom Authority, based on paragraph 22 of the GDPR definition.
Hungarian National Data Protection and Information Freedom Authority

Postal address 1530 Budapest, Pf.: 5.
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat@naih.hu<
URL: http://naih.hu

5. Data transfer

5.1. To whom are my personal information transmitted?

During data management we use data processors. As a data controller, Complytron collects and manages the data in its own name and purpose, while its data processors carry out data processing operations based on the instructions and instructions of Complytron.

We are constantly updating the range of data processors in the data management register, in the data processing register or in connection with them, we provide detailed information in the privacy policy.

Most relevant data processors:

Accountant:

In order to be compliant with national legal obligations, we have to forward the invoices (with personal information on it) to our bookkeeper. We shall forward the contracts, too, if necessary. Our bookkeeper is subject to the ‘Data Processor Agreement’ established during our preparation for GDPR.

Hubspot Inc.
Headquarter:
25 First Street, 2nd Floor, Cambridge, MA 02141 USA

Hubspot stores the names and email addresses of subscribers who are signing up to the newsletter as well as any other person seeking us. The Hubspot helps us generate our websites.
During our preparation for GDPR, we secured that Hubspot guarantees the protection of personal data at least at the European level in accordance with the Regulation and has prepared all its products accordingly. You can read more about Hubspot's relevant service and the GDPR guarantee by clicking the links below:

https://www.hubspot.com/data-privacy/gdpr/product-readiness

Google LLC.
Headquarter:

During our preparation for GDPR, we secured that Google guarantees the protection of personal data at least at the European level in accordance with the Regulation and has prepared all its products accordingly. You can read more about Google's relevant service and the GDPR guarantee by clicking the links below:

https://gsuite.google.com/faq/security/

RACKFOREST KFT.
Cím: 1132 Budapest,Victor Hugo u. 18-22.
Adószám: 14671858-2-41

A Rackforest Kft. Is our server provider where we host our data
During our preparation for GDPR, we secured that Hubspot guarantees the protection of personal data at least at the European level in accordance with the Regulation and has prepared all its products accordingly. You can read more about Rackforest’s relevant service and the GDPR guarantee by clicking the links below:

https://rackforest.com/wp-content/uploads/2019/07/adatkezelesi-szabalyzat.pdf

6. Cookies

6.1. Do you use cookies on your website or app?

A cookie is a piece of information that a visited web site sends to a visitor's browser (in the form of a variable name value) to store it and later to load the same website.

Website
During visits to our website, we send one or more cookies (a small file containing a string of characters) to the visitor's computer, which will allow its browser to be uniquely identified. These cookies are provided by Google through Complytron and Google Analytics. Google Analytics generates cookies through Google AdWords. These cookies will only be sent to the visitor's computer by visiting certain subpages—only the actual time to visit that subpage will be stored.
Google uses these cookies for statistical purposes when a user has previously visited the advertiser's websites.

The cookies used are:

  • Analytics, tracking cookie (Google)
  • Site tracking (Google)
  • COMPLYTRON app log in token (converted to cookie)

More information on Google Analytics cookies:
https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
Accepting and authorizing the use of cookies is optional. Your browser settings can be restored to reject all cookies or to indicate when a cookie is being sent. While most browsers automatically accept cookies as a default, they can generally be changed to prevent automatic acceptance and offer the option of choosing each time.

6.2. How do I set up cookies?

The "Help" feature in most of the browser's menu bar provides you with instructions:

  • how to disable cookies,
  • how to accept new cookies,
  • how to instruct your browser to set a new cookie or
  • how to turn off other cookies.

7. Children

Are there any provisions related to age restrictions?

Age-related restrictions on the conclusion of a contract are in accordance with the provisions of the Hungarian Civil Code.

Any use of the COMPLYTRON app is permitted only to persons who have reached the age of 16. By registering with the Application, the user acknowledges that he / she has reached the age of 16, but Complytron is not obliged to examine it and is not entitled to request any official document in this respect.
However, in order to protect children's rights, if Complytron becomes aware that the user does not comply with the above requirement, he / she is entitled to immediately delete the user's rights and account and the content shared by the user. Users who have reached the age of 16 but are under the age of 18 may use the COMPLYTRON app only if there is parental or guardian consent. By giving consent, the parent or guardian fully accepts the provisions of the Complytron policies for both the 16 to 18-year-old user and for their own use. In addition, the parent or guardian expressly acknowledges that he is solely responsible for the use and content of the user between the ages of 16 and 18, regardless of whether or not he was aware of the use in advance.

8. Security management and measures

Complytron ensures that the processing of personal data is in accordance with the rights, interests and data protection regulations of those concerned will be supported by the following technical actions and regulations:

8.1. What privacy policies are in force in the operation of Complytron?

  • Creation of data register, in standard with the regulations
  • More detailed internal data protection and data management rules, with a clear definition about accessibility
  • Elaborate a process to define the steps to be taken whenever security or data protection incident occur

8.2. What steps are being taken to ensure security?

The followings are applied:

Privacy trainings Backup copies
Password protected wifi Document Shredder
Firewall Username and password protected laptops
Lockable file cabinet Mobile devices protected with password or biometric identified
Antivirus Audit
Data storage only available for defined user groups

Encryption
All the personal data sent through the subpage ‘Contact us’ or the COMPLYTRON app, is transmitted via a https (TLS cryptographic protocol) channel between the user's browser and the cloud service provider.

Encrypting end-of-life databases is encrypted using security keys ('Industry standard AES-256 encryption algorithm').

Security incidents
Complytron maintains a policy and procedure for information security and privacy incidents that include initial response, investigation, notification and/or public disclosure. These guidelines are regularly reviewed and tested annually.
In the event of information security and/or privacy incidents, we will immediately notify the affected users with appropriate security measures and without delay and, if possible, 72 hours after the privacy incident has come to our attention, to the competent authority. Our procedure is in line with our GDPR obligations and industry standards. We are committed to constantly informing you about issues that are relevant to the security of your account and provide you with all the information you need.

9. Changes to the Privacy Policy

The Privacy Policy may be amended unilaterally by Complytron but will notify the users. Any modification is valid only if it complies with applicable legislation.