Privacy Policy

1. General information
   1. During the necessary processing performed by our company, we pay special attention to the protection of the personal and sensitive data our company receives.
   2. Our company pays special attention to the observance of the provisions of the applicable laws when processing personal data. Our company processes personal data confidentially and takes all technical and security measures that guarantee the security of the data. Our company's Privacy Policy is in compliance with the applicable data protection laws, in particular:
      • REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 Privacy Policy) (before and after: GDPR)
      • Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (before and after: Info tv.
      • Act C of 2000 on Accounting (hereinafter: Accounting Act)
      • Act CVIII of 2001 on Certain Issues of Electronic Commercial Services and Information Society Services.
      • Act I of 2012 on the Labor Code
   3. ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
   4. ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
   5. Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation (‘special categories of personal data’ or ‘sensitive data’) shall be prohibited.
   6. The purpose of this Privacy Policy is to make transparent, as a data controller, the procedures of data processing followed during contacting us, the enforcement of principles and rules relating to the protection of individuals with regard to the processing of personal data, regardless of their nationality or place of residence. It is a fundamental objective of our company to respect the fundamental rights and freedoms of these individuals, in particular with regard to their right to the protection of their personal data.
2. Rights of the data subject
   1. Right to information
   The data subject has the right to transparent information, the processing of his/her data and the exercise of his/her rights in relation to the processing of his/her data. Our company complies with this obligation by publishing this policy on its website: www.docktape.com
   2. Access right
   The data subject shall have the right to receive feedback from the controller as to whether personal data are being processed and, if so, to have access to the personal data and information relating to the processing thereof.
   3. Right to rectification
   If the data of the data subject changes or is incorrectly recorded, the data subject shall have the right to rectify any inaccurate personal data concerning him or her upon request without undue delay.
   4. Right to delete
   In cases specified by law (Article 17 of the GDPR), the data subject may request the deletion of data processed by our company.
   5. Right to restrict processing
   In cases specified by law (Article 18 GDPR), the data subject may request a restriction on the processing of personal data by our company.
   6. Right to object
   In the case of data processing based on a legitimate interest, the data subject may object to the processing of the data. In this case, our company shall not further process your personal data unless we demonstrate that the processing is justified by compelling legitimate grounds that override the interests, rights and freedoms of the data subject, or that are related to the filing, enforcement or defense of legal claims.
   7. Right to portability
   The data subject is entitled to provide our company with their personal data processed in an automated way in connection with data processing activities based on consent or the performance of the contract to the company or another data controller designated by him.
   8. Right to complain
   The data subject is entitled to lodge a complaint with the supervisory authority if he/she considers that the processing of his/her personal data is in breach of the GDPR.
3. Types of processing
   1. Partner contact information
   In order to maintain contact with our non-individual business partners (customers, suppliers), and to conclude and facilitate the execution of contracts, our company processes the personal data of contact persons as follows:
   Processed data	Purpose of the processing	Legal basis for processing	Duration of processing	The scope of the persons eligible for processing
   name	Facilitating communication with a client, business partner, concluding and executing contracts, and enforcing claims and rights under the contract	Article 6 (1) f) of GDPR: the legitimate interest of our company	If the information is in the contract, 5 years from the date of termination of the contract. In other cases, 30 days from the date of termination of the contact	managing director
   e-mail address
   phone number
   position
   LinkedIn Profile
   The personal information defined above is that of an employee of our non-individual contractual partner, so personal information will be transferred to our company by our contractual partner to the extent necessary to maintain contact. In this case, our contracting partner obtains and processes the personal data based on Article 6 (1) b) of GDPR and Section 10 (1) of Labor Code, while our company receives and processes them according to Article 6 (1) f) of GDPR, for the legitimate interest of our contractual partner or our company to the extent necessary and for a period appropriate. With regard to the reference to Article 6 (1) f) of the GDPR, our company specifically documents that the enforcement of the legitimate interest of our contractual partner or our company has a distinct advantage over to the individual's right to dispose of the employee's personal data, as this is a necessary and proportionate restriction on the employee's position.
   2. Access to partner databases while providing the service
   While providing services to our partners, our company or employees do not, in principle, have access to personal information, given that our contracts state that the partner is required to provide a test environment and may only give us access to depersonalized data.
   However, if a partner gives access to live data, or give a command, the performance of which requires access to or processing of personal data, the partner shall be responsible for such activities, especially as our company will only act as data processor in these partnerships. In the latter case, our company concludes a data processing contract with the given partner; its activities are determined by the provisions of this data processing contract, and in no case does it carry out independent data processing.
   The data provided to us in the context of our data processing activities will be processed as follows:

   Processed data	Purpose of the processing	Legal basis for processing	Duration of processing	The scope of the persons eligible for processing
   It varies according to the service provided to the partner, and the scope of the actual data is specified in the data processing contract concluded with the partner.	Processing of data to fulfill a service contract with our partner.	Article 6(1b) of GDPR: the fulfilment of contract	Until the service is completed.	management, sales and marketing manager, project staff

   3. Contact form
   In order to get in contact with new potential clients or business partners, our company provides a contact form on its website. In case a potential client or business partner contacts our company by using the form, our company processes the personal data of the potential client or business partner as follows:

   Processed data	Purpose of the processing	Legal basis for processing	Duration of processing	The scope of the persons eligible for processing
   name	Facilitating communication with a potential client, business partner	Article 6 (1) b) of GDPR: in order to take steps at the request of the data subject prior to entering into a contract	30 days from the date of last contact	managing director
   e-mail address
   phone number
   content of request

   4. Cookies
   Similarly to many other websites, our company uses cookies.
   Cookies are data that are temporarily stored on your browsing device by your browser and may be transmitted to your device when you use our website. Cookies do not contain any personal information and they are not suitable for identifying individual users, they are not linked to the personal data. Cookies are small files that do not damage the user's device and do not contain any virus or malware. Some cookies are automatically deleted after a site is closed, while others are stored on the user's device for a longer period of time, depending on what setting the user applies in his or her browser.
   Our company's website uses only its own cookies (cookies) which are necessary for the operation of the website and are of a temporary nature. In addition, the website uses partner cookies (cookies) operated by our partners entrusted with various services for website analytics and personalized marketing communications. This site uses the following partner cookies and other similar programs:

   • Google AdWords remarketing, e-DM retargeting and display/banner retargeting and search remarketing
   • Google Analytics service
   • Google Tag Manager

   Acceptance of cookies is not obligatory and may be restricted or prevented by the user, however, in this case you may not be able to use certain functions of the website. By changing your browser settings, you can enable or disable cookies on the websites you visit. If you would like to disable cookies, please refer to your browser user guide or help and take the necessary steps.

   Processed data	Purpose of the processing	Legal basis for processing	Duration of processing	The scope of the persons eligible for processing
   user's IP address	Survey of the search habits of the visitors of our company's website, mapping of the search terms used, compilation of statistics and technical development of the IT system	Article 6 (1) f) of GDPR: the legitimate interest of our company	depending on the settings of the user’s browser but not longer than 2 years from the date of last visit	managing director
   browser type
   the device’s operating system characteristics
   visit duration
   page visited by the user
   sub-page, the function used
   time spent on the website

4. Data transfer
   1. By accepting these terms and conditions, you accept data transfer to the following partners and authorities: Google LLC.
   2. In the case of transfer of data abroad, the level of data protection in the third country to which the personal data are transferred may be lower than in the European Union. You acknowledge and expressly consent, when making contact, that your personal information may be accessed or transmitted by employers in such third countries. You must contact the employer, sponsor or, where applicable, the third party to prohibit their data processing.
   3. We will not transfer sensitive data to any third party in writing or verbally, nor do we create the possibility for any third party to access sensitive data in any way.
5. Data security
   1. To protect the privacy of personal data, our Company has in place technical and procedural rules that prevent unauthorized access, alteration or transmission, deliberate and accidental deletion or destruction of such information.
   2. The data of our Partners, Clients and interested parties are recorded and managed in the Google Drive system.
   3. Please be advised that our company concludes an agreement with any partner to whom it transfers personal data or that provides our company with data processing activities. In order to increase the security available when processing your data, our company obliges this partner to carry out its activities in accordance with the Privacy Policy.
   4. In addition to the above, our company conducts audits in every 3 years to verify if the requirements of these and the related internal policies have been met, any data protection incident has occurred, the requests for data processing (including deletion) has been performed, or whether there have been any circumstances that may affect the data processing. Through this periodic review, our company aims to promote the security of personal data and the most appropriate management of data.
   5. We expressly state that monitoring and control will be carried out solely for the specific purpose to be achieved, when the economic interests of our company, any employee of our company (especially property protection) or one of our partners are justifiable.
   6. The monitor for viewing and reviewing the images or other data is placed so that they cannot be seen by anyone outside the scope of authority.
   7. It is to be noted that there is currently no other method or procedure by which the above stated objectives can be achieved, which would involve either no data processing or more limited processing.
6. Enforcement
   1. You can assert your right to the protection of your personal data before a civil court, or you can contact the Office of the Commissioner for Fundamental Rights or the National Authority for Data Protection and Freedom of Information.
   2. National Data Protection and Freedom of Information Authority (address: 1055 Budapest, Falk Miksa utca 9-11., postal address: 1363 Budapest, Pf.: 9.) anyone may initiate an investigation by filing a complaint alleging that there has been or there is an imminent threat of infringement of law relating to the processing of personal data or the exercise of their rights to becoming aware of information of public interest or which are public due to public interest.
   3. You can refer to the court concerned:
      • the denial of information
      • the rejection of the request for rectification, deletion or blocking
      • the violation of your rights; and
      • if you disagree with the decision on the request for objection, or if our company fails to comply with the deadline for examining the request for objection, within 30 days of the date of notification of the decision or the last day of the deadline.
   4. The court in the place where the company as the defendant is seated (Budapest Metropolitan Court) has jurisdiction to hear the case. At the choice of the data subject, the lawsuit may be initiated before the court in the place where they are domiciled.
7. Incident management
   1. Pursuant to the Regulation, ‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed (so called ‘incident’).
   2. As soon as our company becomes aware of an incident, it shall report it to the competent supervisory authority without undue delay and, if possible, no later than 72 hours after becoming aware of the incident.
   3. If you have any complaints, objection about our company's processing, please contact our company for consultation before initiating any of the above procedures.