Privacy Policy
AppCorner Kft. as a data controller (henceforward referred to “we” as the plural first person) is obliged to comply with the contents of this legal notice. We have committed ourselves to ensure that all data management related to our business complies with the requirements of this policy along with the applicable national legislation and the legal acts of the European Union.
We reserve the right to change this policy at any time. We will notify our customers of any changes in due time.
We are committed to protect the personal information of our customers and partners, and we always prioritize their privacy.
All personal data is handled confidentially, and we take extensive security, technical and organizational measures that guarantee proper data protection.
What kind of data do we collect and for what purpose?
Our processing is based on voluntary consent and/or other legal grounds detailed below. In the case of voluntary consent, the subject’s consent may be withdrawn at any time. Below you will find Article 6 (1) of Regulation (EU) 2016/679 of the European Parliament and of the Council. Please review this because we will refer to it in many places. You can access the full text of the regulation via this link.
Processing shall be lawful only if and to the extent that at least one of the following applies:
a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
c) processing is necessary for compliance with a legal obligation to which the controller is subject;
d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;
e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Point (f) of the first subparagraph shall not apply to processing carried out by public authorities in the performance of their tasks.
Diagnostic data
Legal grounds for processing: Point (f) of the (first) paragraph in Article 6 of Regulation (EU) No. 2016/679: the enforcement of legitimate interests pursued by the controller
We collect diagnostic data of the page loads on our web site. The data includes information about the downloaded page, the download method and the result, and the downloader’s IP address. This data is used for the detection of errors and detection and prevention of hostile attacks. The recorded information is stored separately from any other personal data, furthermore, we take all the necessary steps to ensure that such information cannot be used for any purpose other than diagnostics. All recorded data will be automatically destroyed after 14 days, on a daily interval.
Data provided when asking for quotes
Legal grounds for processing: Points (b) and (f) of the (first) paragraph in Article 6 of Regulation (EU) No. 2016/679
Personal data that you provide when asking for a quote, will solely be used for communication regarding the quote and creating the project proposal itself.
Any data that you provide when asking for a quote, including personal data, will be handled on the above mentioned legal grounds and will be stored indefinitely. Should you provide any personal data for which we have no legal grounds to handle, the data will not be used in any way and will be deleted as soon as possible.
Data provided within the framework of a contractual relationship
Legal grounds for processing: Points (b), (c) and (f) of the (first) paragraph in Article 6 of Regulation (EU) No. 2016/679
Any data provided to us within the framework of a contractual relationship will be used solely for the performance of such contract, for pursuing our legitimate interests, and in fulfillment of any statutory obligations arising out of the performance of the contract.
Any information provided to us within the framework of a contractual relationship, which directly affects the contract, its fulfillment, its requirements or the method of performance, will be handled based on the legal grounds above and stored for an indefinite period.
Any other type of personal information we may receive in the context of the contractual relationship is only used exclusively in the fulfillment of our contractual obligations, based on explicit directions of the providing party, in accordance with the applicable national law and the acts of the European Union. Such data will be deleted as soon as it is no longer required for the performance of the contract.
Data provided during other form of communications
Legal grounds for processing: Point (a) of the (first) paragraph in Article 6 of Regulation (EU) No. 2016/679: the voluntary consent of the subject
In the case of any other communication or support request, the personal data of the subject will be used solely in relation with the communication or the fulfillment of any requests communicated. Such data is stored for an indefinite period unless otherwise requested by the subject.
What do we do to secure data?
Security
We store and manage data in accordance with the latest security standards. While designing our internal processes, we concentrate on reducing the potential for human error and making sure we can effectively mitigate any damage resulting from such error.
Access
Our internal processes have been designed in a way that our employees only have access to the data needed to complete their work. Access to personal data is audited and logged. Our employment contract contains a strict confidentiality clause and the importance of protecting personal data is always emphasized to our employers. The performance of our data handling related processes is measured and revised on a regular basis.
With whom do we share data?
In case of any data collected by us, it is generally true that such data will not be shared with third parties who are considered to be data controllers. However, as our company uses third-party services to carry out certain tasks, some of the data will be transmitted to third-party service providers acting as data processors. We are very careful when picking these third-party service providers, making sure that they can guarantee the confidentiality and security of the data, and they are in compliance with the national legislation in force and the legal acts of the European Union. Below you will find a list of such data processors and the scope of the data being transmitted.
-
DigitalOcean
Our private servers are virtual private servers provided by DigitalOcean. Servers that are involved in our data processing run on hardware physically placed in DigitalOcean data centres of the Netherlands and Germany. This website is also served from such a server. DigitalOcean's privacy policy can be found here. -
1Password
We use AgileBits 1Password to store and manage various accesses, passwords, important digital documents especially protected data or sensitive personal data. When AgileBits receives the data, it is already encrypted, and they only store it in an encrypted form. This guarantees that nobody has access to this information apart from us. Access to data stored here is audited. You can find 1Password's privacy policy here. -
Google Analytics
On this website, anonym analytical data is collected and forwarded to this third-party. You can find Google’s privacy policy here. -
Google G Suite
Our company uses G Suite apps for everyday communication, email and other daily activities. Emails sent to us – therefore most of the data sent by you - are also received through this service and stored on Google’s servers. You can find Google’s privacy policy here. -
Dropbox
We use Dropbox to store most of our documents. Sometimes these documents contain personal information as well. You can find Dropbox's privacy policy here. -
Jira
We use Jira provided by Atlassian for project management, as part of which we can store personal information. You can find Atlassian's privacy policy here. -
Basecamp
We use Basecamp for customer communication and project management, as part of which we can store personal information. Basecamp's privacy policy can be found here. -
Help Scout
We use Helpscout for customer support related tasks, as part of which we can store personal information. The service is used to handle user requests we receive to our support email address. The privacy policy of Help Scout can be found here. -
Facebook
We use Facebook chat plugin for customer support related tasks, as part of which we can store personal information. The privacy policy of Facebook can be found here.
About your rights
We would like to inform you that in case the legal basis for data processing is point (a) of the (first) paragraph in Article 6 of Regulation (EU) 2016/679, i.e. the voluntary contribution of the subject, in accordance with national legislation in force and acts of the European Union you are entitled to the following rights:
Right to be informed
As the data subject, you shall have the right to access all of the information relating to data processing referred to in Articles 13 and 14 of Regulation (EU) 2016/679, and Articles 15-22 and 34 in a short, concise, easily understandable and accessible form. You can access the full text of the regulation on this link.
Right to access
As the data subject, you shall have the right to access personal data or any other information that may arise in the data processing: the purposes of data management; the categories of personal data concerned; the categories of recipients or recipients with whom personal data was shared or will be shared, including in particular third-country addressees or international organizations; the intended duration of the storage of personal data; the right for rectification, deletion or the restriction of data processing and the right to object; the right to file a complaint addressed to the supervisory authority; information about data sources; the fact of automated decision making, including profiling, as well as easily understandable information based on the applied logic of such data management and the likely consequences for the data subject. The data controller shall provide the information required within 25 days of the submission date.
Right to rectificate
As the data subject, you shall have the right to ask for the correction of inaccurate data and have incomplete personal data completed during data processing.
Right to be erased
As the data subject, you shall have the right to obtain from the controller the erasure of personal data concerning you without undue delay where one of the following grounds apply:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data subject withdraws consent on which the processing is based and there is no other legal ground for the processing;
- the data subject objects to the processing pursuant and there are no overriding legitimate grounds for the processing;
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- the personal data have been collected in relation to the offering of information society related services.
Erasure of data cannot be initiated if data management is necessary: with the aim of exercising the right to freedom of expression and the right of access; the fulfilment of an obligation under EU or Member State law applicable to the data controller for the processing of personal data, if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for the performance of a task carried out in the exercise of public authority exercised in the public interest or on the data controller; for the purpose of public health or archiving, scientific and historical research or statistics, out of public interest; or for the submission, validation or protection of legal claims.
Right to restrict processing
As the data subject, you shall have the right to obtain from the controller restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or
- the data subject has objected to processing pursuant pending the verification whether the legitimate grounds of the controller override those of the data subject.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
Right for data portability
As the data subject, you shall have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
Right to object
As the data subject, you shall have the right to object, on grounds relating to your situation, at any time to processing of personal data concerning you or the existence of appropriate safeguards, which may include encryption or pseudonymisation, or data processor or the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions. In case of objection, the controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Automated individual decision-making, including profiling
As the data subject, you shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Right to withdraw
As the data subject, you shall have the right to withdraw consent at any time.
Right to go to judicial authorities
As the data subject, should you feel that your rights have been violated, you may be directed to the court against us. The court proceeds out of turn.
Right to file a complaint
To file a complaint please contact Nemzeti Adatvédelmi és Információszabadság Hatóság at:
Nemzeti Adatvédelmi és Információszabadság Hatóság
Registered office: 1055 Budapest, Falk Miksa utca 9-11.
Mailing address: 1363 Budapest, Pf.: 9.
Phone: +36 1 391 1400
Fax: +36 1 391 1410
Email: [email protected]
Website: www.naih.hu.
Other provisions
The scope of this Privacy Policy is this website of AppCorner Kft., and the company’s main activity of custom software development and related tasks based on contractual relationship.
If you have a contract with us, it may override certain provisions of this document. In such cases, the content of the individual contract shall always be the authorative provision.
This document does not cover any software, products or services developed or maintained by AppCorner Kft. In terms of such software, products or services please refer to the privacy policy of the specific software, product or service.