Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: the “Regulation”), Inter-Computer-Informatika Zrt. (hereinafter: the “Organisation”), as data controller, provides the following information.

The data controller acknowledges the content of this legal notice as binding upon itself and undertakes to ensure that all data processing activities carried out in connection with its operations comply with the provisions of this Privacy Policy, the applicable national legislation in force, as well as the legal acts of the European Union.

The data protection principles related to the Organisation’s data processing activities are continuously available at http://intercomputer.hu/.

The Organisation reserves the right to amend this Privacy Policy at any time, provided that it duly informs the public of any such changes in a timely manner. This Privacy Policy shall enter into force upon its publication.

The legal bases for our data processing activities are as follows:

  1. pursuant to Article 6(1)(a) of the GDPR: the data subject has given consent to the processing of their personal data for one or more specific purposes (hereinafter: “Consent”);
  2. pursuant to Article 6(1)(b) of the GDPR: processing is necessary for the performance of a contract to which the data subject is party (hereinafter: “Performance of a Contract”);
  3. pursuant to Article 6(1)(c) of the GDPR: processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. compliance with accounting and bookkeeping obligations – hereinafter: “Compliance with a Legal Obligation”).

The specific legal basis applicable to each category of personal data and each processing purpose is detailed below, with reference to the list above.

I. Who processes your personal data and who has access to it?

The organisation issuing this Privacy Policy, which also acts as the data controller:

Company name: ICody d.o.o.

Registered address: Ivana Šibla 17, 10000 Zagreb

Company registration number: 081607959

Tax number: 52348576367

Phone number: +385916308158

Email: [email protected]

Website: www.icody.hr

 

Data subjects may request information in writing regarding the processing of their personal data, or submit their requests or complaints through the following contact details:

  1. by e-mail: [email protected]
  2. by post: 1118 Budapest, Gombocz Z. utca 12. fszt. 1.

 

Data processors

For the processing and storage of your personal data, we engage various service providers with whom we have concluded data processing agreements. We transfer your personal data to these entities solely for the purposes listed below. The following data processors process your personal data:

Provision of IT services:

The Organisation engages data processors to maintain and manage its website. These processors provide IT services (such as web hosting) and, under the terms of the contract concluded with them, process the personal data provided on the website for the duration of the contract. The processing operation carried out by these entities consists of the storage of personal data on their servers.

The names of these data processors are as follows:

Name and address of data processor Purpose of processing
Manhertz-Pylon Számítástechnikai, Szolgáltató és

Kereskedelmi Kft. (2085 Pilisvörösvár, Fő út 126.)

 a) Web hosting and website operation,
Facebook, Inc. (USA – 1601 Willow Road Menlo

Park, California 94025)

 a) Advertising, analytics, and measurement services,
GOOGLE LLC (USA – Google Data Protection Office,

1600 Amphitheatre Pkwy

 a) Advertising, analytics, and measurement services,
LinkedIn Corporation: LinkedIn Ireland (Ireland –

Gardner House, Wilton Place, Wilton Plaza, Dublin 2)

 a) Advertising, analytics, and measurement services,

The data controller shall inform all recipients to whom personal data have been disclosed of any rectification, erasure or restriction of processing, unless this proves impossible or involves disproportionate effort. Upon request, the data controller shall inform the data subject about such recipients.

Information regarding international data transfers:

Google LLC and its affiliates, as well as LinkedIn and its affiliates, are covered by the European Commission’s adequacy decision pursuant to Article 45 of the GDPR and Commission Implementing Decision (EU) 2016/1250, and are listed on the EU–U.S. Privacy Shield List. Therefore, transfers of personal data to these entities do not constitute transfers to a third country outside the European Union and do not require the data subject’s explicit consent. Such data transfers are permitted under Article 45 of the GDPR. These companies have committed themselves to compliance with the GDPR.

Facebook Inc. and its affiliates process personal data originating from data subjects in the European Union in accordance with the modifications set out in the Schrems II judgment.

II.      What personal data do we process, for how long, for what purposes, and on what legal basis?

  1. Data processing based on consent:
  • Consent shall also be deemed to have been given where, when visiting our website, you tick a relevant checkbox, configure your browser or device settings related to information society services accordingly, or make any other clear affirmative statement or action that, in the given context, indicates your consent to the intended processing of your personal data (this may include, for example, the continued use of the website).
  • You may withdraw your consent at any time, as described in Chapter IV of this Privacy Policy.
  1. Data processing based on the performance of a contract
A B C D E F
Data subject Category of personal data Source of data Purpose of processing Legal basis for processing Retention period
Contracting party or contact person Name Provided by the data subject a) Establishment, definition, amendment, and performance of a contract or non-disclosure agreement Article 6(1)(b) of the GDPR – Performance of a contract For the performance of the contract and invoicing: in accordance with the provisions of the Accounting Act (currently 8 years)
Company phone number Provided by the data subject
  1. Establishment, definition, amendment, and performance of a contract or non-disclosure agreement
  1. Communication
 For the purpose specified in point a) of Column D: Article 6(1)(b) of the GDPR – Performance of a contract

For the purpose specified in point b) of Column D: Article 6(1)(f) of the GDPR – Legitimate interest

 For the performance of the contract and invoicing: in accordance with the provisions of the Accounting Act (currently 8 years)

For the purpose specified in point b) of Column D: until the termination of the contract
Company name Provided by the data subject a) Establishment, definition, amendment, and performance of a contract or non-disclosure agreement Article 6(1)(b) of the GDPR – Performance of a contract For the performance of the contract and invoicing: in accordance with the provisions of the Accounting Act (currently 8 years)
Job title Provided by the data subject a) Establishment, definition, amendment, and performance of a contract or non-disclosure agreement Article 6(1)(b) of the GDPR – Performance of a contract For the performance of the contract and invoicing: in accordance with the provisions of the Accounting Act (currently 8 years)
Company e-mail address Provided by the data subject a) Establishment, definition, amendment, and performance of a contract or non-disclosure agreement Article 6(1)(b) of the GDPR – Performance of a contract For the performance of the contract and invoicing: in accordance with the provisions of the Accounting Act (currently 8 years)
Signature Provided by the data subject a) Establishment, definition, amendment, and performance of a contract or non-disclosure agreement Article 6(1)(b) of the GDPR – Performance of a contract For the performance of the contract and invoicing: in accordance with the provisions of the Accounting Act (currently 8 years)
Invoice name and address (if different from the above) Provided by the data subject c) Invoicing of fees arising from the contract Article 6(1)(b) of the GDPR – Performance of a contract For the performance of the contract and invoicing: in accordance with the provisions of the Accounting Act (currently 8 years)
  1. Sending newsletters via e-mail
A B C D E F
Data subject Category of personal data Source of data Purpose of processing Legal basis for processing Retention period
User subscribed to the newsletter e-mail address* provided by the data subject a) sending newsletters and event invitations Article 6(1)(a) of the GDPR – Consent Until consent is withdrawn

*Fields marked with an asterisk are mandatory. Without providing this data, subscription to the newsletter is not possible.

d) Data processing based on compliance with a legal obligation:

Where the processing of personal data is based on compliance with a legal obligation, the scope of the personal data that may be processed, the purpose of processing, the retention period, and the recipients of the data are governed by the provisions of the applicable legal regulation. A detailed list of such processing activities can be found in the previous section, under data processing related to contract conclusion and invoicing.

 

III.  What data do we collect about you automatically and how might it affect you? (Visitor data processing on the Organisation’s website and information on the use of cookies)

The cookies used by the Service Provider serve the following purposes:

  1. Security: To support and enable security, and to assist the Service Provider in detecting unlawful or harmful conduct.
  2. Preferences, features, and services: Cookies can inform the Service Provider of the User’s language preferences, communication settings, and assist the User in completing forms on the Website, making them easier to use.
  3. Advertising: The Service Provider may use cookies to display relevant advertisements to the User both on and outside the Website. Some cookies may, for example, help determine whether Users who viewed an ad on the Website later visited the advertiser’s site. Similarly, the Service Provider’s business partners may use cookies to assess whether their advertisements appeared on the Website, how those ads performed, and may share information with the Service Provider about how the User interacted with the ads. The Service Provider may also cooperate with partners who display advertisements to the User on or outside the Website after the User has visited the partner’s site.
  4. Performance, analytics, and research: These cookies help the Service Provider understand how the Website performs in different locations. The Service Provider may also use such cookies to evaluate, improve, and research the Website, its products, features, and services – including when the User accesses the Website from other websites or devices such as a computer or mobile device.

 

Types of cookies used by the Service Provider:

  1. analytics and tracking cookies
  2. session cookies: only active during a session (typically during a visit to the Website or a browser session)
  3. persistent cookies: help recognise the User as an existing user, making it easier to return to the Website without logging in again. Once the User has logged in, a persistent cookie remains in the User’s browser and can be read by the Website upon returning.

 

Cookies used on the Service Provider’s website and data generated during visits:

During use of the website, the Service Provider may record and process the following data about the visitor and the device used for browsing:

  1. the IP address used by the visitor
  2. browser type
  3. characteristics of the operating system of the device used for browsing (e.g. set language)

d)   time of visit

  1. the visited (sub)page, function, or service
  2. click activity.

These data are retained for a maximum of 90 days and may primarily be used for the investigation of security incidents.

Adobe Flash is another technology that offers functionality equivalent to that of cookies. Adobe Flash is capable of storing data on the User’s device. However, not all browsers allow for the removal of Adobe Flash cookies. The User can limit or block Adobe Flash cookies via the Adobe website. If the User restricts or blocks such cookies, some functions of the Website may become unavailable.

Cookies placed by third parties:

Trusted partners assist the Organisation in displaying advertisements on and off the Website. In addition, analytics providers such as Google Analytics may place cookies on the User’s device.

The Organisation uses third-party cookies in relation to the following accounts: https://www.facebook.com/
https://www.google.com/

https://www.linkedin.com/

 

Controlling and managing cookies:

Most browsers allow Users to control the use of cookies through their settings. However, if the User restricts the Website from using cookies, this may negatively affect the User experience, as the Website will no longer be personalised for the User. The User may also disable the saving of personalised settings, such as login information.

If the User does not want the Organisation to use cookies during their visit to the Website, they can disable certain cookies via the settings menu. In order for the Organisation to be aware of such a restriction, a so-called opt-out cookie will be placed on the User’s device, which will signal to the Organisation not to place any cookies the next time the User visits the Website. If the User does not wish to receive cookies at all, they can modify the cookie settings in their browser. If the User continues to use the Website without changing browser settings, the Organisation considers this to constitute consent to the use of any cookies on the Website. Please note that the Website may not function properly without cookies.

For more information about cookies – including their types, management and deletion – please visit:
https://www.allaboutcookies.org/ or https://www.aboutcookies.org/

For more information about Google Analytics cookies, please visit:

https://policies.google.com/technologies/cookies?hl=hu

 

You can disable the use of Google cookies via the Google Ads opt-out page.
In general, you can manage or permit cookies through the following websites:

https://www.aboutads.info/choices
http://www.networkadvertising.org/choices/
https://www.youronlinechoices.eu

Accepting or enabling cookies is not mandatory. You can reset your browser to reject all cookies or to alert you when a cookie is being sent. Although most browsers accept cookies by default, these settings can usually be changed to prevent automatic acceptance and to allow the User to choose on each occasion.

 

For more information on cookie settings in the most common browsers, please refer to the following links:

Google Chrome: https://support.google.com/chrome/answer/95647?hl=hu&co=GENIE.Platform%3DDesktop&o co=0

Firefox: https://support.mozilla.org/hu/kb/tovabbfejlesztett-kovetes-elleni-vedelem-azasztal?redirectslug=sutik-engedelyezese-es-tiltasa-amit-weboldak-haszn&redirectlocale=hu

Microsoft Internet Explorer 11: http://windows.microsoft.com/hu-hu/internet-explorer/deletemanage-cookies#ie=ie-11

Microsoft Internet Explorer 10: http://windows.microsoft.com/hu-hu/internet-explorer/deletemanage-cookies#ie=ie-10-win-7

Microsoft Internet Explorer 9: http://windows.microsoft.com/hu-hu/internet-explorer/deletemanage-cookies#ie=ie-9

Microsoft Internet Explorer 8: http://windows.microsoft.com/hu-hu/internet-explorer/deletemanage-cookies#ie=ie-8

Microsoft Edge: http://windows.microsoft.com/hu-hu/windows-10/edge-privacy-faq

Safari: https://support.apple.com/hu-hu/HT201265

 

Nevertheless, please note that certain website functions or services may not operate properly without cookies.

IV.  What rights do you have in relation to the processing of your personal data, and how do we ensure their exercise?

  1. Right of access: You have the right to request information on what personal data we process about you, for what purpose, for how long, to whom we disclose them, and the source of the data we hold about you.
  2. Right to rectification: If your data change or have been recorded incorrectly, you may request the rectification, correction, or clarification of your personal data.
  3. Right to erasure (“right to be forgotten”): In cases specified by law, you may request the erasure of your personal data processed by us.
  4. Right to restriction of processing: In the cases provided by law, you may request that we restrict the processing of your personal data.
  5. Right to data portability: By filling in the data portability request form attached to this Privacy Policy, you may request the portability of your personal data. By exercising this right, you may ask us to provide you with certain types of personal data, as defined by law, or to transfer such data directly to another organisation designated by you, based on your specific request and authorisation.

The data portability request form can be viewed by clicking the link below and downloaded using the “Download” button.

If you submit any of the above requests, we will act in accordance with the relevant legal provisions and inform you within one month of the measures taken in response to your request.

Please note that in the case of erasure requests, the Organisation will, for the purpose of enforcing or defending legal claims, retain the personal data listed above—excluding any further modifications except those based on rectification requests—within the general limitation period of 8 years as set out in the Accounting Act. The anonymisation of the data will take place after the legitimate interest ceases to exist.

  1. Right to withdraw consent: Where your personal data are processed based on your consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
  2. Right to lodge a complaint: If you believe that your rights have been violated in connection with our data processing, you have the right to lodge a complaint with the competent supervisory authority:

Agencija za zaštitu osobnih podataka

Website: https://azop.hr/

Postal address: Ulica grada Vukovara 54, 10000 Zagreb

E-mail: [email protected]

Phone number: 00 385 1 46-090-99

In addition, you may bring an action before the Metropolitan Court of Budapest against the Organisation in the event of a violation of your rights relating to the protection of personal data.

h)     Right to object: If, in the future, your personal data are processed on the basis of legitimate interest, you have the right to object to such processing.

In the event of objection, your personal data will no longer be processed for this purpose.

V. How do we ensure the security of your personal data?

We have comprehensive internal regulations in place to ensure the security of all data and information we process, which are binding on all of our partners.

Data security within the IT infrastructure

Personal data are stored within our own IT environment, access to which is strictly limited to a designated group of individuals in accordance with access control rules. Our workstations are password-protected, the use of external storage devices is restricted, and only permitted under secure and controlled conditions.

All IT devices operated by the Organisation are equipped with continuous and up-to-date protection against malicious software.

Data security in document handling

We also comply with data security requirements in the context of document management, as defined in our internal document handling procedures. We maintain detailed regulations regarding the destruction, storage, and issuance of documents.

Physical data security

Paper-based documents containing personal data are stored in lockable, asset-protected cabinets that can only be accessed by specifically authorised personnel.

VI.     What do we do in the event of a personal data breach?

In accordance with applicable legal requirements, we notify the supervisory authority of any personal data breach within 72 hours of becoming aware of it. We also maintain a register of personal data breaches. Where required by law, we also inform the affected data subjects of such incidents.

VII.    When and how do we amend this Privacy Policy?

If there is any change in the scope of the personal data processed or in other circumstances of data processing, we will amend this Privacy Policy in accordance with the GDPR within 30 days and publish the revised version on http://intercomputer.hu. We kindly ask you to carefully review any amendments to this Privacy Policy, as they may contain important information regarding the processing of your personal data.

 

Place and date, Budapest, 10. January 2022