1. Overview

Who controls my data?

Complytron Kft. (hereinafter “Complytron”), as Data Collector, controls and processes data collected through its website, contracts and any other channels linked with Complytron.

Our contact information:
Address: 2459 Rácalmás, Fő utca 102.
Email: contact@complytron.com

1.1. Where does the Privacy Policy take place?

The Privacy Policy applies to Complytron’s website (www.complytron.com) and web app (app.sourcecodeleak.com), hereinafter referred to as “Complytron web apps” as well as all other direct services.

Complytron Kft. develops and operates the Complytron web apps.

1.2. Who collects the data, and what does it consist of?

The data controller determines what data is collected, with which tools, and for what purposes.

Data can be any information you give to Complytron while using its services.

  • 1.2.1. Personal data includes information which can directly or indirectly identify the owner—typically things like name and email.
  • 1.2.2. Special data is the data that is collected and stored by Complytron Kft. from publicly accessible databases. Special data includes, but is not limited to, data of public interest, data from criminal records, sanctions databases etc. Special data can be names, legal entity names, birth dates, addresses etc. Data processing is based on Article 6. (1) e. of the Regulation (EU) 2016/679 of the European Parliament and of the European Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
  • 1.2.3. Open domain data is names of persons and legal entities expressly disclosed by the data subject and collected and stored by Complytron Kft. Public data includes, but is not limited to, corporate and official websites, public business registers and government publications and bulletins. Data processing based on Article 6. (1) e. of the Regulation (EU) 2016/679 of the European Parliament and of the European Council.
  • 1.2.4. Searched terms and names are the names of the natural and legal persons who may be included in the databases stored and processed by the Data Controller and on whom any user may apply searches in order to fulfil its contractual or other obligations.

Learn more.

1.3. What does this notice do for me?

We want to make sure we give you your right to privacy when handling your personal data.

The “Privacy Act” (Act CXII of 2011) and the European General Data Protection Regulation (2016/679) on the protection of natural persons with regard to the processing of personal data and free flow of data (hereinafter referred to as “GDPR”) which came into force on May 25th, 2018, also necessitates that we provide you with adequate information.

1.4. What are the basic principles of data management?

Legality: The legal basis for handling data is explicit and well-founded

Fairness and transparency: There is sufficient information regarding data management, which is both easily understood and accessible 

Purpose limitation: Data management is exclusively for the purposes defined and communicated in advance

Saved data: Only the data required and relevant are requested during data processing

Accuracy: Managed data is up to date

Limited storage: Data management is only done for the duration of its purpose

Integrity and confidentiality: The technical and organisational measures used in data management provide a high level of security

Accountability: Complytron’s privacy policy and procedures are aligned with national and international standards

2. Data Types and Purposes

2.1. How do I find out what my data is used for?

Each time we collect data it has a predefined purpose. We always ensure that requests for information are transparent. When signing up for any of our services or sending us your personal data via our website, we always highlight what we will use the requested information for. Your consent will be requested based on this.

If you have any specific questions, please contact us at contact@complytron.com

2.2. Exactly what type of data do you ask me for and where?

It depends on which of our services you’d like to use. We make sure that we have your understanding and consent for every different case by providing you with the information you need, then asking for your agreement by ticking a checkboxes which expresses that you have read, understood, and given us permission to handle your data.

Should we wish to use your personal data for any other purpose than the original request, we will talk to you first.

In all other cases, Processing shall be lawful only if and to the extent that at least one of the following applies:

  • Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
  • Processing is necessary for compliance with a legal obligation to which the Controller is subject
  • Processing is necessary for the purposes of the legitimate interests pursued by the Controller
  • Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

The following table shows all the possible cases where we may ask for your data:

Your role Where you enter your data Data types and addresses Purpose (s) of data use and lawfulness How long your data will be stored How to take back your consent
Requesting more information through our web page The ‘Contact us’ subpage of our website Name, email address We will send you an email to answer your question (GDPR Article 6. (1) a) Until withdrawal of consent You can reply to our email or call and indicate that you want to be removed from our list
Signing up to Complytron’s web apps https://www.complytron.com Name, email, phone number, company name, and any other information you may share

_______

Completing registration, system emails in connection with app use Until withdrawal of consent Withdrawal means hard delete from the web app which you can request via email
Searching names of persons in Complytron apps https://www.complytron.com/search.html

or via API key

Name, legal entity name, a.k.a. name Provision of data to third parties for the performance of contractual or other obligations 180 days You can request deletion via email
You subscribed to Complytron newsletters and direct marketing You have subscribed to our newsletter via our website and/or during registration Name, email address We will send you our newsletter or direct marketing through email.

(GDPR Article 6. (1) a)

As long as you are a subscriber You will find the option to unsubscribe at the footer of every email and in the My Profile section of your account on our website
Your visit to our website Info collected by cookies IP address Google Analytics collects and manages IP addresses anonymously. Our goal is to improve the usability of our website based on statistics.

(GDPR Article 6. (1) a)

5 years You must provide your consent at the first visit to the website, which cannot be withdrawn. You can delete the installed cookies at any time from your browser.

 

3. Data management mode

3.1. What happens to my data when I sign a contract?

In all cases, your data will be processed according to this Privacy Policy and will be used solely to perform the contract or to fulfil legal obligations. The contracts are stored in closed folders.

3.2. What happens to my data in other cases?

Complytron web app

Registering as a user: During registration, the user agrees, by checking the Privacy Policy checkbox, that personal data will be processed by Complytron for the purpose of completing the registration, sending system messages, and other purposes necessary for the provision of the service. Data management is a prerequisite for the provision of the service. The withdrawal of consent means the hard (final) deletion from the web app. The personal data you submit will be stored in an encrypted way on our Google Cloud server.

Newsletter and direct marketing

By registering, you agree that we may reach out to you. During registration, the user, by checking the Privacy Policy checkbox, consents to the processing of his/her personal data for the purpose of receiving news/direct marketing emails, satisfaction measurement, feedback requests and direct marketing, as specified in the Privacy Policy and executed by Complytron. Data management is not a prerequisite for the provision of the service; withdrawal of consent does not constitute a hard deletion from the web app.

“Contact us” forms

If you have a question, then we will ask for your name and email address so that we can contact you to respond. Your name and email address will be stored for two years. We will not forward or sell your personal data to third parties and it will not be published anywhere. We do not automatically subscribe you to our newsletter. 

4. Rights of the data subject

4.1. What are the rights to access my personal information?

Right of prior information

Before requesting data, we will communicate accurate information to you on what the purpose of the data collection is and how it will be processed, including who can access it.

On our website, we visibly display an outline that highlights what we will use personal information for.

Right of withdrawal of consent

You are entitled to withdraw your consent for us to manage your data at any time.

If you do not wish to receive newsletters, direct marketing or other emails from us (other than system messages which are required for you to be able to use our service), you can unsubscribe at any time by clicking the “unsubscribe” button at the bottom of one of our emails or by contacting us. 

Right of access

Users have the right to know about the personal information of their given organisation and information about the management of the organisation, and to enquire about what information is kept by an organisation at any time. You can request this by contacting us.

Right to data portability

The data subject shall have the right to receive the personal data that the Data Controllers have, and if technically possible, be able to request the data to be forwarded to another Data Controller. You can request this by contacting us.

Right to rectification

The data subject may request to correct inaccurate information without undue delay. You can request this by contacting us.

The right to restriction of processing

The user has the right to request that the Data Controller stops processing his/her data if:

  • The user disputes the accuracy of the personal data
  • The data handling is illegal and the user is opposed to the deletion of the data
  • The data controller no longer needs the personal data, but the user requires them to enforce legal claims

You can request this by contacting us.

Right to object

The user has the right to object to the processing of his/her personal data for any reason relating to personal reasons if they are processed in the interest of the Data Controller or his/her public authority. You can request this by contacting us.

Right to erasure

The user has the right to request that the Data Controller delete personal data without delay if:

  • Personal data is no longer needed for the purpose for which it was collected
  • The user withdraws consent and the Data Controller does not have any other legal grounds for data processing
  • The user objects to the processing of his/her data because there was no prior legitimate reason for data handling
  • The personal data was unlawfully processed.

Deletion means hard delete

If you  unsubscribe from our email mailing list, your name and email address will be deleted  from our database immediately. To request this, click on the unsubscribe link found at the bottom of our emails or contact us.

Right to be forgotten

If the Data Controller has disclosed personal data and is obliged to delete it for some reason, he/she takes technical measures to take into account the available technology and the costs of implementation to inform other Data Controllers that the person concerned has made such a request. The other Data Controller is typically a search engine operator who can  handle the personal data if requested.

Complytron does not disclose any personal data.

Right to complain

You can request this by contacting us.

4.2. Where can I enforce my rights?

Complytron seeks to maximise your rights and prioritise any questions or requests about our data management practices.

Data protection issues are dealt with by the Hungarian National Data Protection and Information Freedom Authority, based on paragraph 22 of GDPR.

Hungarian National Data Protection and Information Freedom Authority

Postal address: 1530 Budapest, Pf.: 5.
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c 
Phone: +36 1 391 1400
Fax:+36 1 391 1410
Email: ugyfelszolgalat@naih.hu
Website: http://naih.hu

5. Data transfer

5.1. To whom is my personal information transmitted?

For data management we use Data Processors. As a Data Controller, Complytron collects and manages the data while Data Processors carry out data processing operations based on the instructions we give.

We are constantly updating the range of Data Processors in the data management register and in the data processing register.

Most relevant data processors:

Accountant

In order to comply with national legal obligations, we have to forward invoices (with personal information on it) to our bookkeeper. We shall forward contracts, too, if necessary. Our bookkeeper is subject to the ‘Data Processor Agreement’ established during our preparation for GDPR.

Hubspot Inc.

Headquarters: 25 First Street, 2nd Floor, Cambridge, MA 02141 USA

Hubspot stores all names and email addresses of any persons we contact personally or via email or phone during our lead generation work.

During our preparation for GDPR, we ensured that Hubspot guarantees the protection of personal data at least at the European level in accordance with the Regulation and has prepared all its products accordingly. You can read more about Hubspot’s relevant service and the GDPR guarantee by clicking the link below:

https://www.hubspot.com/data-privacy/gdpr/product-readiness

Google LLC.

Headquarters: 1600 Amphitheatre Parkway, Mountain View, California, USA

During our preparation for GDPR, we ensured that Google guarantees the protection of personal data at least at the European level in accordance with the Regulation and has prepared all its products accordingly. You can read more about Google’s relevant service and the GDPR guarantee by clicking the links below:

https://gsuite.google.com/faq/security/

Rackforest Kft.

Address: 1132 Budapest,Victor Hugo u. 18-22.
Tax number: 14671858-2-41

Rackforest Kft. is our server provider for hosting our data. During our preparation for GDPR, we ensured that Rackforest guarantees the protection of personal data at least at the European level in accordance with the Regulation and has prepared all its products accordingly. You can read more about Rackforest’s relevant service and the GDPR guarantee by clicking the link below:

https://rackforest.com/wp-content/uploads/2019/07/adatkezelesi-szabalyzat.pdf

6. Cookies

6.1. Do you use cookies on your website or app?

A cookie is a piece of information that a visited website sends to a visitor’s browser (in the form of a variable name value) to store and later use to load the same website.

Website

During visits to our website, we send one or more cookies to the visitor’s computer, which will allow its browser to be uniquely identified. These cookies are provided by Google through Complytron and Google Analytics. Google Analytics generates cookies through Google AdWords. These cookies will only be sent to the visitor’s computer by visiting certain subpages.

Google uses these cookies for statistical purposes when a user has previously visited the advertiser’s websites.

The cookies used are:

  • Analytics, tracking cookie (Google)
  • Site tracking (Google)
  • Complytron app login token (converted to cookie)

More information on Google Analytics cookies:

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

Authorising the use of cookies is optional. Your browser settings can be restored to reject all cookies or to indicate when a cookie is being sent. While most browsers automatically accept cookies as a default, they can generally be changed to prevent automatic acceptance and offer the option of choosing each time.

6.2. How do I set up cookies?

The “Help” feature in most  browser’s menu bar provides you with instructions on

  • how to disable cookies
  • how to accept new cookies
  • how to instruct your browser to set a new cookie
  • how to turn off other cookies.

7. Children

Are there any provisions related to age restrictions?

Age-related restrictions on the conclusion of a contract are in accordance with the provisions of the Hungarian Civil Code.

Any use of the Complytron web app is permitted only to persons who have reached the age of 16. By registering with the web app, the user acknowledges that he/she has reached the age of 16. Complytron is not obliged to examine it and is not entitled to request any official document in this respect.

In order to protect children’s rights, if Complytron becomes aware that a user does not comply with the above age requirement, Complytron is entitled to immediately delete the user’s rights and account and the content shared by the user. Users who have reached the age of 16 but are under the age of 18 may use the Complytron app only if there is parental or guardian consent. By giving consent, the parent or guardian fully accepts the provisions of the Complytron policies for both the 16- to 18-year-old user and for their own use. In addition, the parent or guardian expressly acknowledges that he/she is solely responsible for the use and content of the user between the ages of 16 and 18, regardless of whether or not he/she was aware of the use in advance.

8. Security management and measures

Complytron ensures that the processing of personal data is in accordance with the rights, interests and data protection regulations of those concerned will be supported by the following technical actions and regulations:

8.1. What privacy policies are in force in the operation of Complytron?

  • Creation of data register, in line with the relevant regulations
  • More detailed internal data protection and data management rules, with a clear definition about accessibility
  • A process to define the steps to be taken whenever a security or data protection incident occur

8.2. What steps are being taken to ensure security?

The followings are applied:

  • Privacy training
  • Password protected WiFi
  • Firewall
  • Lockable filing cabinets
  • Antivirus software
  • Backup copies
  • Document shredder
  • Username and password protected laptops
  • Mobile devices protected with password or biometric identification
  • Data storage only available for defined user groups
  • Audit

Encryption

All the personal data sent through the ‘Contact Us’ page or the Complytron app, is transmitted via a https (TLS cryptographic protocol) channel between the user’s browser and the cloud service provider.

Encrypting end-of-life databases is encrypted using security keys (‘Industry standard AES-256 encryption algorithm’).

Security incidents

Complytron maintains a policy and procedure for information security and privacy incidents that include initial response, investigation, notification and/or public disclosure. These guidelines are regularly reviewed and tested annually.

In the event of an information security and/or privacy incident, we will immediately notify the affected users with appropriate security measures and without delay (if possible, within 72 hours after the privacy incident has come to our attention), to the competent authority. Our procedure is in line with our GDPR obligations and industry standards. We are committed to constantly informing you about any issues that are relevant to the security of your account and provide you with all the information you need.

9. Changes to the Privacy Policy

The Privacy Policy may be amended unilaterally by Complytron but we will notify users in such cases. Any modification is valid only if it complies with the applicable legislation.