{"id":3,"date":"2021-04-13T08:58:00","date_gmt":"2021-04-13T08:58:00","guid":{"rendered":"https:\/\/www.commsignia.com\/?page_id=3"},"modified":"2021-04-23T10:25:48","modified_gmt":"2021-04-23T10:25:48","slug":"privacy-policy","status":"publish","type":"page","link":"https:\/\/www.commsignia.com\/privacy-policy\/","title":{"rendered":"Privacy Policy"},"content":{"rendered":"\n

This Privacy Policy (hereinafter referred to as the \u201ePolicy<\/strong>\u201d) was posted on and is effective as of 13 April 2021.<\/p>\n\n\n\n

The present Policy provides information regarding the processing of personal data which occurs when you (the data subject) are browsing the https:\/\/www.commsignia.com\/<\/a> website (hereinafter: the \u201cWebsite<\/strong>\u201d) operated by Commsignia Ltd.<\/p>\n\n\n\n

The present Policy applies to the entire Website including all subdomains (notwithstanding the my.commsignia.com subdomain). The present Policy does not apply to websites accessible on domains other than the Website, even if the data subject may have accessed them via a link placed on the Website. The Data Controller acts in accordance with the legislation on data protection and advertising being in force – in particular in accordance with the provisions of the Act CXII of 2011 on the right to informational self-determination and on the freedom of information (hereinafter: \u201cInfotv<\/strong>.\u201d); and that of the regulation (EU) 2016\/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95\/46\/EC (hereinafter: \u201eGDPR<\/strong>\u201d), that of the Act CVIII of 2001 on certain issues of electronic commerce services and information society services (hereinafter: \u201eEker. tv.<\/strong>\u201d),  as well as that of the Act XLVIII of 2008 on the basic conditions and certain restrictions of commercial advertising activity (hereinafter: \u201eGrt.<\/strong>\u201d). Data Controller shall process the data subject\u2019s personal data confidentially, shall ensure their protection, shall take necessary technical and organizational measures and establish procedural rules necessary to enforce the GDPR and other data protection rules.<\/p>\n\n\n\n

Data Controller<\/u><\/strong><\/p>\n\n\n\n

Commsignia Ltd.<\/strong> (seat: 14 Sz\u00e9chenyi utca, Attala 7252, Hungary, postal address: 4-20 Irinyi J\u00f3zsef utca, Budapest 1117, Hungary, phone number: +36 70 883 9700, e-mail: info@commsignia.com,<\/a> hereinafter: \u201eData Controller<\/strong>\u201d)<\/p>\n\n\n\n

Scope of data being processed, purpose and period of data processing<\/u><\/strong><\/p>\n\n\n\n

Data Controller does not use automated decision-making and does not perform profiling.[1]<\/sup><\/strong><\/sup><\/strong><\/p>\n\n\n\n

Data Controller does not process sensitive data.<\/strong><\/p>\n\n\n\n

The following tables list types of data processing which may occur while using the Website, detailing the persons concerned, the scope of the data being processed, the purpose of data processing, the duration of data processing, the persons who have access to the data and the legal basis of data processing.<\/p>\n\n\n\n

In the present case, the three main areas of data processing are communication between the Data Controller and the data subject, subscribing to the newsletter and requesting whitepapers.<\/p>\n\n\n\n

<\/p>\n\n\n\n

1. Contact with the Data Controller<\/strong><\/h3>\n\n\n\n

<\/p>\n\n\n\n

Activity linked to data processing<\/strong><\/td>Getting in contact with Data Controller using the \u2018Contact us\u2019 module of the Website<\/strong> <\/strong><\/strong><\/td><\/tr>
Data subject<\/strong><\/td>Natural person using the \u2018Contact us\u2019 module on the Websitec.<\/td><\/tr>
Data processed<\/strong><\/td>Name, company name, e-mail address, and optionally \u2013 at the discretion of the data subject \u2013 phone number of the data subject, provided by the data subject using the \u2018Contact us\u2019 module.<\/td><\/tr>
Purpose of data processing<\/strong><\/td>Communication with the data subject. Processing messages that were sent to Data Controller using the \u2018Contact us\u2019 module and answering inquiries and requests. .<\/td><\/tr>
Period of data processing<\/strong><\/td>Personal data is processed until the withdrawal of the consent of the data subject.<\/td><\/tr>
Legal ground of data processing<\/strong><\/td>The freely given consent of the data subject, based on Point a) Paragraph (1) of Article 6 of GDPR.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

<\/p>\n\n\n\n

2. Newsletter<\/strong><\/h3>\n\n\n\n

<\/p>\n\n\n\n

Activity linked to data processing<\/strong><\/td>Subscribing to the newsletter, and giving consent to receiving newsletters<\/strong><\/td><\/tr>
Data subject<\/strong><\/td>Natural person who has consented to receiving direct marketing messages from the Data Controller.<\/td><\/tr>
Data processed<\/strong><\/td>E-mail address of the data subject provided by the data subject when subscribing to the newsletter of the Data Controller.<\/td><\/tr>
Purpose of data processing<\/strong><\/td>Data Controller processes personal data for the purpose of sending data subject e-mails (e.g. newsletters and direct marketing advertisements) containing commercial advertising, direct business and marketing communication and other information concerning or related to the activities, products and services of the Data Controller and to ensure compliance with the relevant legal obligations.<\/td><\/tr>
Period of data processing<\/strong><\/strong><\/td>Personal data is processed until the Data Controller utilizes direct marketing campaigns or until the withdrawal of the consent of the data subject (whichever is the sooner). The consent can be withdrawn at any time by sending an e-mail to the e-mail address specified above, indicating the withdrawal or by clicking on the link in the newsletter.<\/td><\/tr>
Legal ground of data processing<\/strong><\/strong><\/td>The freely given consent of the data subject, based on Point b) Paragraph (1) of Article 5 of Infotv., Point a) Paragraph (1) of Article 6 of GDPR, Paragraph (4) of Article 13\/A of Act CVIII of 2001 on certain issues of electronic commerce services and information society services (hereinafter: \u201eEker. tv<\/strong>.\u201d), and Paragraph (1) of Article 6 of the Act XLVIII of 2008 on the basic conditions and certain restrictions of commercial advertising activity (hereinafter: \u201eGrt<\/strong>.\u201d).<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

<\/p>\n\n\n\n

3. Whitepapers<\/strong><\/h3>\n\n\n\n

<\/p>\n\n\n\n

Activity linked to data processing<\/strong><\/td>Requesting and downloading whitepapers<\/strong><\/td><\/tr>
Data subject<\/strong><\/td>Natural person requesting access to whitepapers, and providing contact information to receive one.<\/td><\/tr>
Data processed<\/strong><\/td>Name, company name and e-mail address of the data subject, provided by the data subject when requesting a whitepaper.<\/td><\/tr>
Purpose of data processing<\/strong><\/td>Data Controller offers the opportunity for the data subject to request a whitepaper (informational document issued by the Data Controller regarding its products and technology, with the marketing purposes). The Data Processor sends an e-mail to the provided e-mail address with a link where the data subject can download the chosen whitepaper. As such whitepapers occasionally contain information regarding the technology and business of the Data Controller, which is not available to the wider public, the Data Controller reserves the right to decline a request for a whitepaper, if \u2013 at its own reasonable discretion \u2013 the fulfilment of such request would be contrary to its business interests. For this reason, the Data Controller identifies the requesting party, using the name and company name provided by the data subject.<\/td><\/tr>
Period of data processing<\/strong><\/td>Personal data is processed until the e-mail with the link to the requested whitepaper or with the rejection of the request is sent.<\/td><\/tr>
Legal ground of data processing<\/strong><\/td>The freely given consent of the data subject, based on Point b) Paragraph (1) of Article 5 of Infotv., Point a) Paragraph (1) of Article 6 of GDPR, Paragraph (4) of Article 13\/A of Eker. tv., and Paragraph (1) of Article 6 of Grt.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

<\/p>\n\n\n\n

4. Direct Marketing toward sales prospects<\/strong><\/h3>\n\n\n\n

<\/p>\n\n\n\n

Activity linked to data processing<\/strong><\/td>Giving consent to receiving direct marketing materials and receiving such materials and communication<\/strong><\/td><\/tr>
Data subject<\/strong><\/td>Natural person while requesting access to whitepapers also requests further information containing, direct business and marketing communication, commercial advertising and other information concerning or related to the activities, products and services of the Data Controller.<\/td><\/tr>
Data processed<\/strong><\/td>Name, company name and e-mail address of the data subject, provided by the data subject simultaneous to requesting a whitepaper.<\/td><\/tr>
Purpose of data processing<\/strong><\/td>Data Controller processes personal data for the purpose of sending data subject e-mails (direct marketing advertisements) containing offers, business propositions, commercial advertising, direct business and marketing communication and other information concerning or related to the activities, products and services of the Data Controller and to ensure compliance with the relevant legal obligations.<\/td><\/tr>
Period of data processing<\/strong><\/td>Personal data is processed until the Data Controller utilizes direct marketing campaigns or until the withdrawal of the consent of the data subject (whichever is the sooner). The consent can be withdrawn at any time by sending an e-mail to the e-mail address specified above or replying to the direct marketing message, indicating the withdrawal.<\/td><\/tr>
Legal ground of data processing<\/strong><\/td>The freely given consent of the data subject, based on Point b) Paragraph (1) of Article 5 of Infotv., Point a) Paragraph (1) of Article 6 of GDPR, Paragraph (4) of Article 13\/A of Eker. tv., and Paragraph (1) of Article 6 of Grt.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

<\/p>\n\n\n\n

5. Cookies[2]<\/sup><\/strong><\/h3>\n\n\n\n

<\/p>\n\n\n\n

The Data Controller uses cookies on the Website. Certain cookies are essential for the operation of the Website, while others are not. Please note that blocking certain cookies from the latter category may result in limited access to or usability of the Website. Please note that there are cookies in both categories which handle personal data. The Data Controller uses cookies which handle personal data and cookies which do not handle personal data on the Website. Certain cookies on the website are third party cookies, which are used by some of the data processors (listed below), making personal data available to these data processors.  The data subject of the personal data being processed is the visitor of the Website.<\/p>\n\n\n\n

In addition to the functions and cookies which are essential for the operation of the Website and thus for providing the service of Data Controller, Data Controller only uses cookies, if the data subject has given their consent to their use (Point a) (1) Article 6 of GDPR). When accessing the Website for the first time the data subject may \u2013 at their own discretion \u2013 give these consents or refrain from doing by using the pop-up cookie tool (UserCentrics). The data subject can change their cookie settings and consent (i.e. revoke any given consent or give consent to further processing) by clicking on the fingerprint icon on the Website (bottom left corner). Using the UserCentrics tool the data subject can access further information regarding the specific cookies and other services used (e.g. function, type, data being processed, duration of storage).<\/p>\n\n\n\n

Browsers offer the option to change cookie settings in general. Most browsers automatically accept cookies as default cookies, but this can be changed in order to prevent their automatic acceptance after the change of settings. More information about the settings of some popular browsers is available at the following links:<\/p>\n\n\n\n

Google Chrome<\/a>; <\/a>Firefox<\/a>; <\/a>Microsoft Internet Explorer 11<\/a>; <\/a>Microsoft Internet Explorer 10<\/a>; Microsoft Edge<\/a>.<\/p>\n\n\n\n

Persons having access to personal data<\/u><\/strong><\/p>\n\n\n\n

In this point, the persons having access to the data being processed \u2013 apart from Data Controller \u2013 are presented, according to the cases when the data transfer can take place and according to which data processors can have access to the scope of the data being processed.<\/p>\n\n\n\n

The data may be accessed by the employees of Data Controller and by the data processors listed below to perform their duties related to the personal data. Thus, for example, the data processors defined in the present Policy may have access to personal data in order to provide services, handle cases and process data.<\/p>\n\n\n\n

Data transfer<\/u><\/strong><\/p>\n\n\n\n

The data subject\u2019s data shall not be transferred to third parties, except for the transfer to the data processor defined below. The data transfer to a third party or any recipient shall only take place if we inform the data subject about the potential recipient in advance and then the data subject gives his or her prior consent or if the given data transfer is otherwise required by law. Data Controller shall not transfer personal data to third countries or international organizations in the course of its data processing activities, unless otherwise stated in this Policy.<\/p>\n\n\n\n

Data processors<\/u><\/strong><\/p>\n\n\n\n

The Data Controller uses the Mailchimp online marketing platform. The Data Controller is in contractual relationship with The Rocket Science Group LLC d\/b\/a Mailchimp (address: 675 Ponce de Leon Ave NE, Atlanta, GA 30308 USA; website: https:\/\/mailchimp.com\/<\/a>; contact: privacy@mailchimp.com<\/a>;), hence the latter entity is the data processor. Data received by The Rocket Science Group LLC d\/b\/a Mailchimp or its affiliates may be stored and processed in a third country (especially in the USA). Hence the Data Controller and The Rocket Science Group LLC d\/b\/a Mailchimp has entered into a data processing agreement which includes standard contractual clauses in accordance with the 2010\/87\/EU Decision of the European Commission with the intention to provide appropriate safeguards to the data subjects as laid down in GDPR. More information regarding GDPR compliance: https:\/\/mailchimp.com\/gdpr\/<\/a>.  <\/p>\n\n\n\n

The Data Controller uses the Salesforce customer relationship management solution. The Data Controller is in contractual relationship with salesforce.com inc. (address: 415 Mission Street, 3rd Floor San Francisco, CA 94105; website: www.salesforce.com<\/a>; contact:  privacy@salesforce.com<\/a>; address: Salesforce Data Protection Officer (Salesforce Privacy Team) 415 Mission St, 3rd Floor San Francisco, CA 94105, USA), hence the latter entity is the data processor. Data received by salesforce.com inc. or its affiliates may be stored and processed in a third country (especially in the USA). Hence the Data Controller and salesforce.com inc. has entered into a data processing agreement which includes standard contractual clauses in accordance with the 2010\/87\/EU Decision of the European Commission with the intention to provide appropriate safeguards to the data subjects as laid down in GDPR. More information regarding GDPR compliance: https:\/\/compliance.salesforce.com\/en\/gdpr<\/a>.  <\/p>\n\n\n\n

The Data Controller uses Google Workspace services (which is a collection of cloud computing, productivity and collaboration and e-mail tools, software and products, formerly known as: GSuite) including especially the Google Drive cloud services. The Data Controller uses Google Drive to store data which are not stored in the systems of salesforce or Mailchimp, and to create backup copies of data (including personal data) stored in these systems and the system of the Data Controller. The Data Controller is in contractual relationship with Google LLC (address: 1600 Amphitheatre Parkway, Mountain View, California, USA; website: https:\/\/gsuite.google.hu\/intl\/hu\/<\/a>, contact:  https:\/\/support.google.com\/policies\/contact\/general_privacy_form<\/a>). Data received by Google or its affiliates may be stored and processed in a third country (especially in the USA). Hence the Data Controller and Google has entered into a data processing agreement which includes standard contractual clauses in accordance with the 2010\/87\/EU Decision of the European Commission with the intention to provide appropriate safeguards to the Users as laid down in GDPR. More information regarding GDPR compliance: https:\/\/privacy.google.com\/businesses\/compliance\/<\/a>.<\/p>\n\n\n\n

Measures to ensure data security: <\/u><\/strong>  <\/strong><\/p>\n\n\n\n

Data Controller is obliged to ensure data security, it must take technical and organizational measures and establish procedural rules which ensure that the recorded, stored and processed data are protected, and which prevent their destruction, unauthorized use or unauthorized alteration. Data Controller also draws the attention of third parties \u2013 which the data subject\u2019s data have been transferred to \u2013 to the fact that they have to comply with the data security requirements.<\/p>\n\n\n\n

Data Controller shall ensure that the processed data cannot be accessed, disclosed, transmitted, modified or deleted by unauthorized persons. Data Controller shall make its best efforts to ensure that the data cannot be damaged or destroyed. The above obligation is also prescribed by Data Controller for the employees participating in its data processing activities and for the data processors acting on its behalf.<\/p>\n\n\n\n

The Data Controller stores personal data in its own systems and the systems of the data processors (including the Google Workplace service called Google Drive) in the course of the processing of the data, and the employees of the Data Controller access and download the data on a case-by-case basis, if data processing is needed.<\/p>\n\n\n\n

In order to prevent unauthorized access to the data, Data Controller ensures the protection of personal data and prevents unauthorized access to them on its tools as follows: the access to the server and to the computers is protected by passwords and a firewall and antivirus software is applied<\/em>.<\/p>\n\n\n\n

Communication of a personal data breach to the data subject<\/u><\/strong><\/p>\n\n\n\n

In the following, the regulation of some general issues shall be presented. Thus, the procedure used to ensure the security of the data, the action to be taken in the event of a personal data breach, as well as the rights of the data subject and the means of redress.<\/p>\n\n\n\n

Personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.<\/p>\n\n\n\n

If the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, Data Controller shall communicate the personal data breach to the data subject without undue delay in clear and plain language.<\/p>\n\n\n\n

The communication to the data subject shall not be required if any of the following conditions are met:<\/p>\n\n\n\n