GDPR

Contents

1. What is the purpose of this Privacy Notice?

2. What is personal data? Who does the GDPR apply to? 

3. Who processes personal data? 

4. Our data processing principles 

4.1. What is data processing? 

4.2. How do we process personal data? 

5. What personal data do we process? 

5.1. Data processing related to Optiliser services orders, workflows, and operations 

5.2. Data processing during the use of the website 

5.3. Processing of the contact form on the website 

5.4. Newsletter service

5.5. Cookie management 

6. Data security

7. What is a data breach and what steps do we take if, despite our efforts, such an incident occurs? 

8. Special protection of children’s data

9. What are the rights of Data Subjects and how do we ensure them? 

9.1. Right to information 

9.2. Right of access 

9.3. Right to rectification 

9.4. Right to erasure ("right to be forgotten") 

9.5 Right to data portability 

9.6 Right to object 

10. What remedies are available to you in case of a problem?

PRIVACY NOTICE

No part of this document may be used for resale purposes!

1. What is the purpose of this Privacy Notice?

The purpose of this Privacy Notice is to present the data management principles and main rules regarding the handling of personal data on the Optiliser services, products, and the www.optiliser.hu/www.optilsier.com website, as well as to inform Users about their data protection rights.

It provides prior information in accordance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (hereinafter GDPR). 

2. What is personal data? Who does the GDPR apply to? 

Personal data is any information that can identify a natural person (hereinafter referred to as the “Data Subject”) directly or indirectly based on one or more factors. This identification can be direct (e.g., name, date of birth) or indirect (e.g., an identifier, code).

Examples of personal data include: name, number, location data, online identifier, or any information relating to the physical, physiological, genetic, mental, economic, cultural, or social identity of a natural person.

Who is not covered by the GDPR?
The GDPR does not apply to the processing of data relating to legal entities, including their name and legal form, or to the contact information of legal entities.

3. Who processes personal data?

Data Controller: A natural or legal person, public authority, agency, or any other body which, alone or jointly with others, determines the purposes and means of processing personal data. (GDPR, Article 4(7)) 

Name of the Data Controller: Interaction Design Hungary Korlátolt Felelősségű Társaság

Registered Office:                    1119 Budapest, Mohai köz 7. 

Tax Number:                  28774387-2-43

Company Registration Number:  01 09 373520

Contact Information:

Phone: +36 30 9714 777

E-mail: buzna.kristof@optiliser.hu

Webiste: www.optiliser.com

In order to carry out certain activities more efficiently, the Data Controller may engage a Data Processor. These services may involve the processing of personal data and the transfer of personal data to the Data Processor.

Data Processor: a service provider who processes personal data on behalf of the Data Controller, following its instructions and guidelines.

For our operations, we use services provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Such activities include email system operation, storage provision, and Google Drive services – in Europe, the service provider is Google Ireland Limited (Registered Office: Gordon House, Barrow Street, Dublin 4, Ireland, Company Registration Number: 368047).

Google’s rules on data processing and security measures are detailed in its Privacy Policy, available at: https://policies.google.com/?hl=en.

The website also operates on Google’s platform, which the European Commission recognizes as providing an adequate level of protection for the personal data of individuals residing in EU member states.

The GDPR provisions apply to the “processing of personal data of data subjects in the Union by a controller or processor not established in the Union” (GDPR Article 3), regardless of whether the processing takes place within the territory of the Union. (GDPR Recitals 22-25).

Further details about data processing can be found in Chapter 5 of this Privacy Notice.

4. Our data processing principles 

4.1. What is data processing?

Data processing means any operation or set of operations performed on personal data or data sets, whether automated or not. Such operations may include: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination, or otherwise making data available, alignment or combination, restriction, erasure, or destruction. (GDPR Article 4(2)) 

4.2. How do we process personal data?
In accordance with the principles of personal data processing set out in the GDPR (Article 5) and the Hungarian Data Protection Act (Infotv.), it is our primary concern to always handle personal data fairly and lawfully. It is important that our data processing is transparent and understandable for you (principle of lawfulness, fairness, and transparency).

Our data processing is governed by the purpose limitation principle, meaning that all data is collected and processed only for a specific, lawful, and clear purpose, and only to the extent necessary to achieve that purpose (data minimization principle).

We strive to ensure accuracy and up-to-dateness; if data is incorrect, we correct or erase it without undue delay.

When storing data, we follow the storage limitation principle, i.e., we retain personal data only as long as necessary to achieve the purpose, as required by law, or as long as you consent.

We ensure appropriate technical and organizational measures to guarantee the security of personal data and to protect against data breaches (integrity and confidentiality).

We take responsibility for compliance with the above principles (accountability).

5. What personal data do we process? 

5.1. Data processing related to Optiliser services orders, workflows, and operations 

Purpose of processing: To fulfill orders and carry out workflows (including billing and tax-related activities) and to ensure the secure and convenient use of the website for users. Providing personal data is always voluntary.

Scope of data subjects: Optiliser clients, website users.

Categories of personal data processed:

• User’s name

• User’s email address

• User’s phone number
  
  

Invoice data:

• Name

• Address

• Tax ID / Tax number

• Bank account number
  
  

For statistical purposes only, aggregated data is collected regarding users’ age ranges and gender.

Legal basis for processing: Compliance with legal obligations, including tax and accounting requirements.

Storage method: Electronically (invoices may also be stored on paper).

Retention period: 5 years after termination of the service; for invoices, 8 years according to accounting rules.

Authorized personnel: Only staff ensuring service operation and accounting services can access the data, strictly as required for the service and application operation.

5.2. Data processing during the use of the website 

The www.optiliser.com website was built using Google’s website builder. Google interacts only with the Data Controller and not with its clients.

Detailed information can be found in Google’s Privacy Policy: https://policies.google.com/?hl=hu. 

5.3. Processing of the contact form on the website 

Purpose of processing: The Data Controller provides an opportunity on the www.optiliser.hu website for interested parties to contact us via email, phone, or directly. The purpose is to facilitate communication, requests for quotes, and information.

Categories of personal data processed:

• Name

• Email address

• Phone number
  
  

No other personal data is requested on the contact form or via email. Any additional personal data provided in free-text messages is treated confidentially.

Legal basis for processing: Explicit and voluntary consent of the data subject.

Storage method: Electronically

Retention period: Data is stored until consent is withdrawn, but no longer than 5 years. Upon request, personal data will be deleted immediately. Requests can be sent to: buzna.kristof@optiliser.hu

5.4. Newsletter service 

Purpose of processing: If you are interested in our services, products, developments, or programs, you may subscribe to our newsletter via email or the website. Newsletters are occasional, not sent at regular intervals.

Categories of personal data processed:

• Name

• Email address

• Phone number

• Subscription date
  
  

Legal basis for processing: Explicit and voluntary consent of the data subject, and legitimate interests of the Data Controller and the data subject.

Storage method: Electronically

Retention period: Data is kept until consent is withdrawn. Unsubscribing from the newsletter can be requested at: buzna.kristof@optiliser.hu

5.5. Cookie management 

The application may use cookies in certain cases.

Cookie: Cookies are small data files placed on the user’s computer by the visited website. They provide various convenience features and assist with statistical analysis.

More information about cookies can be found at:
https://policies.google.com/?hl=hu and https://policies.google.com/technologies/cookies?hl=hu

Cookies can be managed through your browser settings, including deleting cookies or blocking their use. Disabling cookies may affect the website’s functionality and browsing experience.

6. Data Security

We take all necessary measures to protect the personal data of our Users and Clients against unauthorized access, as well as to prevent unauthorized disclosure, transmission, damage, or accidental destruction.

During data processing, we implement appropriate technical and organizational measures aimed both at effectively applying data protection principles, such as data minimization, and at meeting the requirements set out in the GDPR while incorporating safeguards to protect the rights of data subjects throughout the data processing process. 

7. What is a data breach and what steps do we take if, despite our efforts, such an incident occurs? 

Data breach: A breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data that has been transmitted, stored, or otherwise processed (GDPR Article 4(12)).

Examples of a data breach include a destroyed storage device, personal data lost due to a software error, personal data disclosed without authorization, or a stolen IT device containing personal data.

If we become aware of any security breach, we will always investigate whether it constitutes a data breach.
We will notify the competent authority about any identified incident without undue delay, but no later than 72 hours (see Chapter 10).

If the data breach is likely to result in a high risk to the rights and freedoms of natural persons, we will notify the affected individuals via their provided email addresses as soon as possible so they can take the necessary precautions.

The notification will include:

• the nature of the data breach;

• the name and contact details of a contact person who can provide further information;

• the likely consequences of the data breach;

• the measures taken or planned by the data controller to address the data breach, including, where appropriate, measures to mitigate any possible adverse effects of the breach.

8. Special Protection of Children’s Data 

Our current products are primarily not designed for children and are mainly intended for adult education.

If a user under the age of 16 wishes to use our services or products, we require written consent and authorization from the parent or legal guardian exercising parental supervision over the child. 

9. What are the rights of Data Subjects and how do we ensure them? 

9.1. Right to information 

You have the right to receive appropriate information about the processing of your personal data before the processing begins. This Privacy Policy provides such information. You are entitled to continuous information for the entire duration of the data processing.

9.2. Right of access 

You have the right to receive confirmation of whether your personal data is being processed. Upon request, we will respond within 30 days, providing information on:

a) Whether personal data is being processed;
b) If personal data is being processed, information regarding:
i) the purposes of processing;
ii) the categories of personal data involved;
iii) whether personal data is being disclosed and to whom;
iv) the intended storage period of personal data;
v) how you can exercise your rights as a data subject;
vi) your right to lodge a complaint with a supervisory authority;
vii) all available information on the source of the data (if not collected directly from the data subject);
viii) the existence of any automated decision-making, including profiling, and its logic and technologies used.

We provide a free copy of the personal data being processed. Additional copies may be subject to administrative fees.

9.3. Right to rectification

You may request the correction of your personal data by sending an email to buzna.kristof@optiliser.hu. We will rectify your data without undue delay.

9.4. Right to erasure ("right to be forgotten") 

You have the right to have your personal data deleted without undue delay, i.e., upon request, we will erase your personal data, except where required for legal obligations or to assert the legitimate interests of the Data Controller.

9.5. Right to Restriction of Processing 

You have the right to request that the Data Controller restricts processing in the following cases:

• You contest the accuracy of the personal data; the restriction applies while the Data Controller verifies the accuracy;

• Processing is unlawful, and you oppose erasure, requesting restriction instead;

• The Data Controller no longer needs the data for processing purposes, but you require them for legal claims;

• You have objected to processing; restriction applies until it is determined whether the Data Controller’s legitimate reasons override yours.

9.6. Right to data portability 

We ensure your right to data portability, meaning you can receive personal data you have provided to a Data Controller in a structured, commonly used, machine-readable format, and you have the right to transmit this data to another Data Controller without hindrance.

9.7. Right to Object

You have the right to object at any time, on grounds relating to your situation, to the processing of your personal data.

10. Remedies in Case of Issues

We strive to cooperate throughout the data processing and resolve any disputes primarily internally.
For any questions, concerns, or complaints, please contact our staff:
E-mail: buzna.kristof@optiliser.hu

Under Article 77 of the GDPR, every data subject has the right to lodge a complaint with the supervisory authority if they consider that the processing of their personal data violates the Regulation.

Contact information:
Name: National Authority for Data Protection and Freedom of Information (NAIH)
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing Address: 1530 Budapest, P.O. Box 5
Phone: +36 (1) 391-1400 | Fax: +36 (1) 391-1410
Email: ugyfelszolgalat@naih.hu

Under Article 79 of the GDPR, without prejudice to administrative or non-judicial remedies, every data subject has the right to an effective judicial remedy if they believe their rights under the Regulation have been infringed due to non-compliant data processing.

11. Other Provisions

This document is prepared in multiple languages. In case of discrepancies, the Hungarian version shall prevail.

No part of this document may be used for resale purposes.