Your privacy is important to us; in relation to the data processing activities of N-Ware Informatikai és Tanácsadó Korlátolt Felelősségű Társaság ("N-WARE" or "Data Controller" or "Controller"), please read carefully this Privacy Policy that generally describes what personal information N-WARE processes, how it is processed, and for what purposes.
Identification data of the Data Controller:
This Privacy Policy contains provisions regarding the processing of data of software users, contractors, recipients of marketing messages, visitors to marketing events, and visitors to websites ("Data Subject").
This Privacy Policy also describes how we collect and use personal data and what choices and rights are available to users regarding our data processing. If you have questions or concerns regarding this Policy, please contact us at info@n-ware.hu
Data Subjects may exercise certain rights regarding the data processing by N-WARE, in particular:
Transparent information: Concurrently as the data is collected, the Data Subject shall be entitled to receive information from the Data Controller in a concise, transparent, intelligible, and easily accessible form, using clear and plain language about the following points:
Access to data: Data Subjects shall be informed if their personal data is being processed; if such data processing is in progress, they are entitled to access their personal data and the conditions of data processing (purpose of data processing, categories of personal data, recipient(s) of personal data, duration of data management, where their personal data are collected, data subject rights).
Subject to data security requirements and to protect the rights of the Data Subject, the Controller shall verify the identity of the Data Subject and any person who wishes to exercise the right of access, therefore, any access to personal data is subject to an identification process.
Right to rectification: Data Subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her.
Right to be forgotten: Data Subject shall have the right to obtain from the Controller the deletion of personal data concerning him or her without undue delay and the Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies.
Right to restriction of processing: The Data Subject shall have the right to obtain from the Controller restriction of processing where one of the following applies:
Right to data portability: The Data Subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a Controller, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another Controller without hindrance from the Controller to which the personal data have been provided, if the processing is based on consent and the processing is carried out by automated means.
Right to object: Any requests to exercise Data Subjects’ rights can be directed to the Controller through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the Controller as early as possible and always within one month.
The Data Subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on legitimate interest of the Controller. The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the Data Subject or for the establishment, exercise, or defense of legal claims. Data Subjects must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn whether the Controller is processing Personal Data for direct marketing purposes, Data Subjects may refer to the relevant sections of this Policy.
Automated individual decision-making, including profiling: The Data Subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her; except if the processing
Right to judicial remedy: If the Data Subject considers that the Data Controller has infringed the applicable data protection laws by processing his or her personal data, he or she may
Taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Controller implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
In order to ensure the confidentiality, integrity, availability, and resilience of processing systems and services, the Controller has classified its IT systems into risk classes based on the confidentiality of the data handled in them and their impact on Data Subjects, and has assigned information security controls to these classes according to their level of confidentiality.
The Controller undertakes to use of two-factor identification and password management (requiring and enforcing password complexity and password changes) related to its IT systems, thereby ensuring controls on access rights. The Controller ensures that only controlled devices shall have access to the corporate infrastructure and only persons whose knowledge of the data is essential for their work performance.
The Controller operates heterogeneous protection system against commonly used malware (bots, malware, spyware) on its computers and network devices. The Controller provides a secure access channel to corporate device systems and protection against malware and network attacks; moreover, deploys firewalls and other intrusion detection software and performs continuous monitoring. The Controller preserves technical logs of the systems whereby able to detect and reconstruct technical incidents.
The Controller shall have lockable server rooms and internal policies to ensure that the stored devices are accessible only to authorized persons. The Controller shall print documents containing personal data only in case of necessity and after the use of such documents, the physical documents shall be stored in lockable cabinets.
The Controller shall monitor the internet access and browsing activity from its network and devices and block access to unsafe sites, preventing any external attack. Automated systems may be used to filter emails containing spam, phishing, and malware.
The Controller shall educate its employees and partners to ensure the highest possible level of data security.
The purposes of the data processing | Personal data necessary for the purposes for which they are processed | Legal basis of the processing | The period for which the personal data will be stored |
---|---|---|---|
Assessing the business needs of clients. Management and administration during fulfillment of the clients’ inquiries. | Name, Company Name, Natural Person’s current role (position at his/her Company), Cell phone number, E-mail Address. |
If user is a natural person, data processing is necessary for the performance of a contract between the Data Controller and user or to take steps at the request of the Data Subject prior to entering into a contract. (GDPR Article 6 (1) point b)). If the user is not a natural person, processing the data of contact persons acting on behalf of the user; the legitimate interest of the Data Controller related to the performance of the contract between the represented partner and the Data Controller (GDPR Article 6 (1) point f)). |
One year after the fulfillment of the inquiry. |
If a contract is concluded between the client and N-Ware, administering the orders and performing the contractual duties. | Name, Company Name, Natural Person’s current role (position at his/her Company), Cell phone number, E-mail Address. |
If a user is a natural person, data processing is necessary for the performance of a contract between the Data Controller and user or to take steps at the request of the Data Subject prior to entering into a contract. (GDPR Article 6 (1) point b)). If the user is not a natural person, processing the data of contact persons acting on behalf of the user; the legitimate interest of the Data Controller related to the performance of the contract between the represented partner and the Data Controller (GDPR Article 6 (1) point f)). |
Five years from the termination of the contractual relationship. |
Billing Information | Invoice imaging and metadata thereof: Invoice Serial Number, Name, Company Name, Tax Number, Date, and Price (net and gross). |
If a user is a natural person: data processing is necessary for the performance of a contract between the Data Controller and user or to take steps at the request of the Data Subject prior to entering into a contract. (GDPR Article 6 (1) point b)). If the user is not a natural person: processing the data of contact persons acting on behalf of the user; the legitimate interest of the Data Controller related to the performance of the contract between the represented partner and the Data Controller (GDPR Article 6 (1) point f)). |
Period governing the retention period of accounting documents: 8 years |
The purposes of the data processing | Personal data necessary for the purposes for which they are processed | Legal basis of the processing | The period for which the personal data will be stored |
---|---|---|---|
We provide news about our activity and novelty achievements to clients. These data are processed for direct marketing purposes to send advertisements to users, subscribers, and partners. | Name, E-mail address, Natural Person’s current role (position at his/her Company) | The legitimate interest of the Data Controller is to inform users and partners about the most important news of the products/services and direct marketing. (GDPR Article 6 (1) point f) | Until the existence of a contractual relationship between the Data Controller and the Data Subject. |
We would like to build connections with interested clients, send marketing materials to them, and launch personalized advertising campaigns targeting them. | Name, E-mail address, Natural Person’s current role (position at his/her Company) | Data Subject’s consent (Article 6 (1) point a) GDPR. | Until the withdrawal of the Data Subject. The consent shall be renewed every three years. |
The purposes of the data processing | Personal data necessary for the purposes for which they are processed | Legal basis of the processing | The period for which the personal data will be stored |
---|---|---|---|
Selecting the most suitable candidate through job applications. | Data provided by the applicants: personal data necessary for the identification of the applicant, maintaining contact, as well as additional personal data possibly necessary to assess suitability for the advertised position and duties, which may be in particular: name, face picture, place and time of birth, telephone number, e-mail address, education, data on previous workplace and experience, salary and fee requests, any additional personal data voluntarily provided in the CV, motivation letter, etc. | Data Subject’s consent (Article 6 (1) point a) GDPR. | 90 days after the end of the application. |
Notifying applicants of new vacancies. | Data provided by the applicants: personal data necessary for the identification of the applicant, maintaining contact, as well as additional personal data possibly necessary to assess suitability for the advertised position and duties, which may be in particular: name, face picture, place and time of birth, telephone number, e-mail address, education, data on previous workplace and experience, salary and fee requests, any additional personal data voluntarily provided in the CV, motivation letter, etc. | Data Subject’s consent (Article 6 (1) point a) GDPR. | One year after the closure of the tendering procedure. |
Where processing is to be carried out on behalf of a controller, the Controller shall use only processors providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject. The Data Controller uses the services of the following partners (as Data Processors):
monday.com Ltd. (address: 6 Yitzhak Sadeh St., Tel-Aviv 6777506, Israel )
Microsoft Ireland Operations Limited (address: One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland)
Blackhole Group Kft. (address: 2721 Pilis Hét Vezér utca 21. Hungary)