Data Regulation Disclaimer

1. General Provisions

Details and Contact Information of the Data Controller

Name/Company Name: Vipulse Technology Kft.
Registered Office: H-1054 Budapest, Szabadság tér 7. Bank Center Granite tower, 1st floor
Tax Number: 32541661-2-13
Company Registration Number: 01-09-452175
E-mail: info@vipulsetech.com

The operator of the website www.vipulsetech.com, Vipulse Technology Kft. (1065 Budapest, Révay köz) (hereinafter: “Data Controller”), acknowledges the binding nature of this legal notice upon itself. The Data Controller undertakes to ensure that all data processing activities related to its operations comply with the requirements set forth in this Policy and in the applicable legislation in force.

2. Categories of Personal Data Processed, Purpose, Legal Basis and Duration of Data Processing

The Data Controller hereby sets out its data processing principles, which are in compliance with the applicable data protection legislation, including in particular:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation – GDPR) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;

• Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: “Infotv.”);

• Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services;

• Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities.

2.1. Data of Visitors to the Website www.vipulsetech.com

Purpose of data processing:
During visits to the website, the service provider records visitor data in order to monitor the proper functioning of the service and to prevent misuse.

Legal basis of data processing:
The Data Controller’s legitimate interest in identifying users and preventing misuse pursuant to Article 6(1)(f) GDPR, and Section 13/A (3) of Act CVIII of 2001.

Categories of personal data processed:
Date and time, IP address of the user’s computer, address of the visited page, address of the previously visited page, data relating to the user’s operating system and browser.

Duration of data processing:
30 days from the date of visiting the website.

Data Processor:

Name

Registered Office

Processing Activity

H-1054 Budapest, Szabadság tér 7. Bank Center Granite tower, 1st floor

2.2. Cookie Management on www.vipulsetech.com

For the purpose of providing customized services, the service provider and external service providers place and read small data files (“cookies”) on the user’s computer. If the browser sends back a previously saved cookie, the service provider processing the cookie may link the user’s current visit to previous visits, but exclusively with respect to its own content.

Purpose of data processing:
Identification and differentiation of users, identification of the user’s current session, storage of data provided during the session, prevention of data loss, identification and tracking of users.

Legal basis of data processing:
The Data Controller’s legitimate interest pursuant to Article 6(1)(f) GDPR and Section 13/A (3) of Act CVIII of 2001.

Categories of personal data processed:
Identification number, date, time, and previously visited page.

Duration of data processing:

• End of session: PHPSESSID

• 10 minutes: _gat

• 1 day: uvc, _gid

• 6 months: NID

• 1 year: __cfduid

• 2 years: _ga

An external server of Google Analytics assists in the independent measurement and auditing of website traffic and other web analytics data. Detailed information on the processing of measurement data is available at www.google-analytics.com.

Data Processor:

Name

Registered Office 

Processing Activity

H-1054 Budapest, Szabadság tér 7. Bank Center Granite tower, 1st floor

2.3. Other Data Processing

Courts, public prosecutors, investigating authorities, authorities conducting misdemeanor proceedings, administrative authorities, the National Authority for Data Protection and Freedom of Information, and other bodies authorized by law may contact the Data Controller to provide information, disclose or transfer data, or make documents available.

The Data Controller shall disclose personal data to authorities only to the extent strictly necessary for the achievement of the purpose specified in the request, provided that the authority has indicated the exact purpose and scope of the requested data.

3. Method of Storage of Personal Data and Security of Data Processing

Taking into account the state of the art, implementation costs, nature, scope, circumstances and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, the Data Controller and its data processors implement appropriate technical and organizational measures to ensure a level of data security appropriate to the risk.

The Data Controller protects personal data against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction, damage, and inaccessibility resulting from changes in applied technology.

During data processing, the Data Controller ensures:

a) Confidentiality: access to information is restricted to authorized persons only;
b) Integrity: the accuracy and completeness of information and processing methods are protected;
c) Availability: authorized users have access to the information when needed and the necessary tools are available.

4. Rights of the Data Subject and Legal Remedies

The data subject may request information regarding the processing of his or her personal data, request rectification, and—except in cases of mandatory processing—request erasure, withdrawal of consent, restriction of processing, and may exercise the right to data portability and the right to object, using the contact details provided above.

4.1. Right to Information

Upon request, the Data Controller shall provide the information referred to in Articles 13 and 14 GDPR, as well as information pursuant to Articles 15–22 and 34 GDPR, in a concise, transparent, intelligible and easily accessible form, using clear and plain language.

4.2. Right of Access

The data subject has the right to receive confirmation as to whether or not personal data concerning him or her are being processed and, if so, access to the personal data and the information specified in Article 15 GDPR, including purposes of processing, categories of data, recipients, storage period, rights of the data subject, right to lodge a complaint, source of data, and information regarding automated decision-making, including profiling.

The Data Controller shall provide a copy of the personal data processed. For additional copies, a reasonable fee based on administrative costs may be charged.

4.3. Right to Rectification

The data subject may request the correction of inaccurate personal data and completion of incomplete data.

4.4. Right to Erasure

The data subject shall have the right to obtain the erasure of personal data without undue delay where one of the grounds set out in Article 17 GDPR applies.

Erasure shall not apply where processing is necessary, inter alia, for exercising the right of freedom of expression and information, compliance with a legal obligation, public interest, archiving or research purposes, or for the establishment, exercise or defense of legal claims.

4.5. Right to Restriction of Processing

The data subject shall have the right to obtain restriction of processing where the conditions set out in Article 18 GDPR apply.

Where processing is restricted, personal data shall, with the exception of storage, only be processed with the data subject’s consent or for legal claims or public interest reasons.

4.6. Right to Data Portability

The data subject shall have the right to receive the personal data concerning him or her, provided to the Data Controller, in a structured, commonly used and machine-readable format, and to transmit those data to another controller.

4.7. Right to Object

The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to processing based on legitimate interests or public authority, including profiling.

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to such processing.

4.8. Automated Decision-Making, Including Profiling

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, subject to the exceptions set out in Article 22 GDPR.

4.9. Right to Withdraw Consent

The data subject shall have the right to withdraw consent at any time. Withdrawal shall not affect the lawfulness of processing based on consent before its withdrawal.

4.10. Procedural Rules

The Data Controller shall provide information on action taken on a request under Articles 15–22 GDPR without undue delay and in any event within one month of receipt of the request. This period may be extended by two further months where necessary.

Information shall generally be provided free of charge, unless the request is manifestly unfounded or excessive.

5. Legal Remedies

5.1. Right to Judicial Remedy

In the event of infringement of his or her rights, the data subject may bring legal proceedings against the Data Controller before the competent court (either at the registered office of the defendant or at the domicile of the data subject). Court proceedings shall be expedited and exempt from fees in personal data protection cases.

5.2. Data Protection Authority Procedure

Complaints may be lodged with the National Authority for Data Protection and Freedom of Information:

Name: National Authority for Data Protection and Freedom of Information
Registered Office: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Postal Address: 1530 Budapest, P.O. Box 5.