PRIVACY POLICY AND TERMS OF USE

PRIVACY POLICY

INFORMATION FOR CUSTOMERS AND USERS OF THE SITE ABOUT THE HANDLING OF THEIR PERSONAL DATA
(Effective from 2021)  

The Inter-CAD Engineering Software Development and Service Provider Kft. is the operator of thewww.axisvm.hu website, as Data Controller, for its customers and visitors to the website— Natural persons should be Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of data with regard to the processing of data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (hereinafter: GDPR) provides the following information regarding the processing of your personal data.

Data Controller and Internal Data Protection Officer:
Inter-CAD Engineering Software Development and Service Kft.
Contact details:
E-mail:
Website: www.axisvm.hu (Hungarian version)/ www.axisvm.eu (English version)
Postal address: H-1075 Budapest, Károly krt. 9. VI/606

Phone: +36 1 3229072
Internal Data Protection Officer: Tamás DEIM Managing Director
(hereinafter: “Data Manager”)

Inter-CAD Kft., as the operator of www.axisvm.hu / www.axisvm.eu, respects the personal rights of its Customers, therefore, in the course of its data processing, it proceeds in accordance with the following data processing notice. The Data Controller reserves the right to change the prospectus due to its alignment with the legal background and other internal regulations which will be modified in the meantime. The current version of the data protection notice is available at www.axisvm.hu / www.axisvm.eu

1. THE PURPOSE OF DATA PROCESSING:

1.1 The primary purpose of this prospectus is to define and comply with the basic principles and provisions concerning the processing of the data of natural persons and customers who come into contact with the Data Controller in order to protect the privacy of natural persons in accordance with the relevant legal regulations, and the data controller informs the customers about the scope of their personal data required for the use of the services, the purpose and manner of the data processing and all other facts related to the data processing, in particular, but not exclusively, their data processing rights and remedies.

1.2. Referring to the provisions set out in Section 1.1, the purpose of this prospectus is to ensure that the Controller fully complies with the provisions of applicable law relating to data protection, in particular but not limited to

• General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter: GDPR),
• Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information
• Act CVIII of 2001 on certain aspects of electronic commerce services and information society services,
• Act XLVII of 2008 on the Prohibition of Unfair Commercial Practices against Consumers,
• the provisions of Act XLVIII of 2008 on the Basic Conditions and Certain Limits of Economic Advertising.

1.3. The Data Controller therefore considers it highly important and is committed to protecting the personal data provided by the data subject through the website or other forum or otherwise processed by the Data Subject, and the Data Subject shall provide information respect the right to self-determination. In this context, it contributes to the creation of secure internet access for data subjects in full compliance with the relevant legislation in force.

2. DEFINITION

• Data Subject, Customer, Visitor: any specific natural person identified or, directly or indirectly, identifiable on the basis of personal data;
• Personal data: the data relating to the data subject, in particular the name, identification mark and knowledge of one or more physical, physiological, mental, economic, cultural or social identities of the data subject, and the conclusion drawn from the data subject;
• Consent: a voluntary and firm statement of the will of the data subject, which is based on appropriate information and gives his unambiguous consent to the processing of personal data relating to him either in full or in particular operations;
• Data Controller: a natural or legal person or organisation without legal personality who, alone or jointly with others, determines the purpose for which the data are processed, makes and executes decisions relating to the processing (including the means used), or have it carried out by the processor entrusted to it. Data Manager: Inter-CAD Engineering Software Development and Service Provider Limited Liability Company, registered office: H-1161 Budapest, Gusztáv u 45., registration number: Cg. 01-09-074941, Tax number: 10509452-2-42;
• Data management: any operation or set of operations on data, irrespective of the procedure used, in particular their collection, recording, recording, systematisation, storage, alteration, use, interrogation, transmission, disclosure, coordination or linking, blocking, erasure and destruction, and prevent further use of the data, take photographs, sound or images and record physical characteristics capable of identifying the person;
• Transmission: making data available to a specific third party;
• Data processing: the performance of technical tasks related to data management operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;
• Data deletion: making data unrecognizable in such a way that its recovery is no longer possible;
• Data blocking: for the purpose of limiting further processing of the data to a permanent or specified period of time;
• Data destruction: total physical destruction of the media containing the data
• Dataset: the sum of the data processed in a single register;
• Third party: a natural or legal person, or an organisation without legal personality, other than the data subject, the controller or the processor;
• Personal data breach: unlawful processing or processing of personal data, in particular unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction or damage;
• Website: the www.axisvm.hu / www.axisvm.eu portals and all sub-pages of which the Controller is operated;
• Facebook page: the page on https://www.facebook.com/AxisVMInterCAD/ portálon található oldal.
• LinkedIn page: page on https://www.linkedin.com/showcase/axisvm/ portálon található oldal.
• YouTube page: page on https://www.youtube.com/channel/UCJoC3PkFc8XK4hGZ-1dUzuw portálon található oldal.
• Instagram page: https://www.instagram.com/axisvm/ on the portal.

3. PRINCIPLES of DATA PROCESSING

3.1. Principle of proportionality, necessity: Only personal data that is essential to the fulfilment of the purpose of the data processing can be processed and suitable for the purpose of the purpose. Personal data can only be processed to the extent and for the time necessary to achieve the purpose.

3.2. Purpose limitation principle: Personal data shall be processed only for specific purposes, for the exercise of rights and for the fulfilment of obligations. At all stages of data processing must correspond to the purpose of the processing, the collection and processing of data must be fair and legal.

3.3. The personal data retains this quality during the processing as long as its relationship with the data subject can be restored. The data subject can be restored if the controller has the technical conditions necessary for its recovery.

3.4. Processing shall ensure the accuracy, completeness and, where necessary with regard to the purposes of the processing, keep the data subject up to date and that the data subject can be identified only for the period necessary for the purposes of the processing.

3.5. Principle of volunteering: The provision of data by the data subject is voluntary. The Data Controller processes the personal data with the consent of the data subject. Voluntary consent shall be understood as consent to the user’s behaviour whereby the user, using the website, accepts that he is automatically covered by all regulations relating to the use of the website.

4. DECLARATIONS OF DATA MANAGER

4.1. The Data Controller declares that

1. a) act in accordance with the provisions of Act CXII of 2011 on Informational Self-Determination and Freedom of Information and the GDPR.
2. b) only those persons working with the Data Controller and their contractual partners who have tasks in connection with the data processing may be made known to the data controller during the processing of personal data.
3. c) ensure that the prospectus in force at all times is kept available to the data subject, thereby enforcing the principle of transparency.
4. d) the website handles personal data of visitors confidentially and in accordance with applicable legal requirements, ensures their security, takes technical and organisational measures, and has established procedural rules to ensure full compliance with the principles of data protection.
5. e) processes the personal data of Customers confidentially, in accordance with applicable legal provisions, ensures their security, takes technical and organizational measures, and has established procedural rules to ensure full compliance with the principles of data protection.
6. f) take all measures to facilitate IT and other secure processing related to data storage, processing and transfer in order to preserve the data managed by it.
7. g) it shall make every effort to ensure the personal data processed by it to ensure unauthorized access, alteration, disclosure, deletion, damage, destruction protection, guarantee the technical conditions necessary for this purpose.
8. h) does not control the personal data provided to him and excludes liability for their correctness.
9. i) transfers personal data to a third party only in exceptional cases and in such cases, and connects the database managed by it to another data controller only if the data subject expressly consents to it or is permitted by law, and if the conditions of data processing for each personal data are met.
10. j) transmits personal data to a controller or processor in a third country as set out in the prospectus.
11. k) keep a record of the data protection incident measures and inform the data subject, including the scope of the personal data concerned, the scope and number of data subject incidents, the date, circumstances, effects of the data protection incident and the measures taken to remedy it, and the data processing legislation specified other data.

In case of server data theft, the incident must be recorded, indicated to the authority (form on their website) and information to customers.

4.2. Data Controller excludes liability for the lawfulness of the processing of the contractual partner in legal relations with the Data Controller.

4.3. By applying appropriate security measures to protect the personal data stored in the data files, the Data Controller shall ensure the prevention of accidental or unlawful destruction or accidental loss, as well as unauthorized access, alteration or distribution. megakadályozásáról.

5. SCOPE OF ACTIVITIES AND DATA INVOLVED IN DATA MANAGEMENT

5.1. To visit the site[1]

The processed data are as follows:

IP address+geo location data

The purpose of data processing:

Protection of the IT system and security of the site,

Legal basis of data processing

Rightful interest (Art. 6 para. 1 (f) GDPR)

Duration of data processing

26 months from his last visit. (based on Google Analytics data management)

Does data transfer take place?:

Yes, for data processors

• Virág Tóth is an individual entrepreneur (1022 Budapest, Bipbó street 116-118 C intact. 1 floor/1 door)
• Tárhely.eu Szolgáltató Kft. (H-1144 Budapest, Ormánság street 4. 10th floor 241)

To view the contents of the site, the Visitor will ask the Data Controller’s server for the content to be viewed. You will act the same way for each page you view. The server stores the visitor’s IP address in log files to maintain a seamless connection.

The links to www.axisvm.hu / www.axisvm.eu can be found on YouTube, LinkedIn and Instagram pages operated by Inter-CAD Kft. If you follow Data Controller on these pages or visit Inter-CAD Kft’s profile, the operators of social networks may, depending on their privacy policy, use different cookies and other tracking technologies to use personal data and other types of behaviour may collect information about the visitor. In connection with these data processing, the Inter-CAD Kft. does not qualify as a data controller or as a data processor. The Data Controller is not aware of the data collected by these sites, so any liability for these possible data processing is excluded by the Data Controller.

5.2. Send newsletter[2]

The processed data are as follows:

Name*, Email Address*, Country*, IP Address*

The purpose of data processing:

Information to the data subject about the events, news, latest discounts and updates of the Data Controller.

Legal basis of data processing

Contribution (Art. 6 para. 1 (a) GDPR)

Duration of data processing:

Until the withdrawal of consent, until the date of unsubscribe from the newsletter.

Does data transfer take place?:

Yes, for data processors

• Virág Tóth is an individual entrepreneur (1022 Budapest, Bipbó street 116-118 C intact. 1. floor/1 door)
• MailerLite – https://www.mailerlite.com/legal/data-processing-agreement

Subscribe and unsubscribe to the newsletter are voluntary.

The purpose of data processing related to the sending of the newsletter is to manage the database for the purpose of sending the newsletter and to provide the recipient with full general or personalized information about the events, news, latest discounts, current events (marketing and sales sending bids).

The Data Controller sends newsletter only with the consent of the data subject.
The Data Controller stores the provided personal data in a separate list separately from the data provided to the Controller for other purposes, this list is only available to the authorised staff and data processors of the Data Controller.
The controller shall not transmit the list or data to third parties to unauthorised persons and shall take all security measures to prevent them from being known to an unauthorised person.
The Data Controller processes the personal data collected for this purpose only until the data subject unsubscribes from the newsletter list or requests the deletion of his data. The Data Controller shall review the newsletter list at least once a year.
The data subject may unsubscribe from the newsletter at any time, at the bottom of the electronic mail and by means of a cancellation request sent to .
Data Controller keeps statistics on the readability of posted newsletters by clicking on links in newsletters. The Data Controller does not use analytical systems to collect personal information.
.

1 The data marked with * must be filled in.
2 The data marked with * must be filled in.

5.3. Call for Proposal[3]

The processed data are as follows:

Name*, Email*, Country*, Company Name, Message, IP Address+geo location data*

The purpose of data processing:

The exact offer is given. Identification of the Customer.

Legal basis of data processing:

Rightful interest (Art. 6 para. 1 (f) GDPR)

Duration of data processing:

• until the offer is accepted (invoicing)
• in the event of rejection of the offer, by the date of rejection,
• if no reply is received, until the day following the expiry of the tender limitation.

Does data transfer take place?:

Yes_If a local contracted distributor exists (List of Distributors Annex 1)

If there is a local distributor based on the IP address, the notification of the request for quotation is automatically sent to the distributor.

5.4. To download a trial version[4]

The processed data are as follows:

Data required for the downloadable link:
Name*, Email*, Country*, Company Name, Message, IP Address*

The purpose of data processing:

Provides the Customer Identification and the data required to use the trial version (license file).

Legal basis of data processing:

Rightful interest (Art. 6 para. 1 (f) GDPR)

Duration of data processing:

A trial version can only be requested once for a program version, so the data will be processed through the 2nd year after the end of the 30-day trial period.

Does data transfer take place?:

Yes_If there is a contracted local distributor (List of Distributors Annex 1)

If there is a local distributor based on the IP address, the notification will automatically be sent to the distributor about the download of the trial version.

3 The data marked with * must be filled in.
4 The data marked with * must be filled in.

5.5. To download an educational version[5]

The processed data are as follows:

Data required for the downloadable link:
Name*, Email*, Country*, Higher Education*, Message, IP Address*

The purpose of data processing:

Identification of the Customer, delivery of the downloadable link of the educational version and confirmation of the student legal relationship.

Legal basis of data processing:

Data required for the downloadable link:
Rightful interest (Art. 6 para. 1 (f) GDPR)

Duration of data processing:

Until the end of the 3rd year following the last claim.

Does data transfer take place?:

Yes_If a local contracted distributor exists (List of Distributors Annex 1)

If there is a local distributor based on the IP address, the instruction version is automatically notified to the distributor.

5.6. Download a free version[6]

The processed data are as follows:

Data required for the downloadable link:
Name*, Email*, Country*, Company Name, Message; IP Address
Data required for installation:
Name*, Email*

The purpose of data processing:

Identification of the Customer.

Legal basis of data processing:

Rightful interest (Art. 6 para. 1 (f) GDPR).

Duration of data processing:

Until the end of 2 years following the claim.

Does data transfer take place?:

Yes_If there is a contracted local distributor (List of Distributors Annex 1).

If there is a local distributor based on the IP address, the distributor will automatically be notified when the free version is downloaded.

5 The data marked with * must be filled in.
6 The data marked with * must be filled in.

6. WEBSITE TRAFFIC DATA (LINKS)

6.1. The Data Controller’s website may also contain links that are not operated by the Data Controller, but are intended to inform visitors only. The Data Controller has no influence on the content and security of the websites operated by the partner companies and is therefore not responsible for them.

6.2. Please review the Privacy Policy and Privacy Statement of the sites you visit before providing any information on that site in any form.

Google Chrome data management: https://www.google.com/chrome/terms/dpa_terms.html
Mozilla Firefox data management: https://support.mozilla.org/en-US/kb/information-eu-eea-swiss-and-california-users
Adobe Safari data management: https://www.apple.com/safari/
Facebook: https://www.facebook.com/legal/terms/dataprocessing
Instagram: https://help.instagram.com/519522125107875
YouTube https://www.youtube.com/static?template=terms
LinkedIn: https://www.linkedin.com/legal/l/dpa
Pinterest: https://policy.pinterest.com/en/privacy-policy

6.3. Analytics, cookies

1. a) The Data Controller uses an analytical tool to track its websites, which produces a series of data and tracks how visitors use the website. When the page is viewed, the system creates a cookie for the purpose of recording information about the visit (pages visited, time spent on our pages, browsing data, exits, etc.), which, however, cannot be used to contact the visitor. This tool helps to improve the ergonomics of the site, create a user-friendly site, enhance the online experience of visitors. The Data Controller does not use analytical systems to collect personal information. Most web browsers automatically accept cookies, but visitors have the option to delete them or automatically reject them. Because all browsers are different, the visitor can set their cookie preferences individually using the browser toolbar. You may not be able to use certain properties on our website if you choose not to accept cookies.
2. b) The technological background of the storage space required for the operation of the website is hosted.eu Szolgáltató Kft.. seat: H-1144 Budapest, Ormánság utca 4. 10th floor 241., Tax number: 14571332-2-42) as Data Processor provides.

INFORMATION ABOUT COOKIES >>

7. STORAGE OF PERSONAL DATA, INFORMATION

7.1. Personal data may only be processed in accordance with the activities referred to in Chapter 5 and according to the purpose of the processing.

7.2. Modification and deletion of personal data, withdrawal of voluntary consent and request information on the processing of personal data by contacting there is a way.

7.3. The Data Controller ensures the security of the data. To this end, it shall take the necessary technical and organisational measures, establish and enforce the procedural rules.

7.4. The Data Controller shall take appropriate measures to protect the data against unauthorized access, alteration, transmission, disclosure, erasure or destruction, accidental destruction and damage and changes in the technique used resulting from inaccessibility. The controller shall take all necessary technical and organizational measures to avoid any possible personal data breach (e.g. damage, disappearance, access to files containing personal data). In the event of a nonetheless occurring incident, the controller shall keep a record of the personal data concerned, the scope and number of persons involved in the personal breach, the date of the personal data breach, the date of the personal data breach, circumstances, effects and measures taken to eliminate them, as well as any other data specified in the law requiring the processing.

7.5. The Data Controller shall ensure the proper preparation of the relevant Staff members in order to enforce the conditions of data security.

7.6. When defining and applying measures to secure data, the Data Controller shall take into account the current technological development and choose from a number of possible data processing solutions that ensure a higher level of protection of personal data, except if that would be a disproportionate difficulty.

7.7. In the context of its tasks related to IT protection, the Data Controller shall ensure in particular:

1. a) Measures to protect against unauthorised access, including the protection of software and hardware devices and physical protection (access protection, network protection);
2. b) Measures to ensure the possibility of restoring data files, including regular backups and separate secure management of copies (mirroring, backups);
3. c) On the protection of data files against viruses (antivirus protection);
4. d) Physical protection of data files and the means of carrying them, including protection against fire damage, water damage, lightning, other elementary damage, and the restoration of damage due to such events (archiving, fire protection).

7.8. The Data Controller provides the required level of protection in the course of the data processing, in particular the storage, rectification and erasure of the data subject during the request or objection of information.

7.9. Data transfer shall be carried out confidentially with the consent of the data subject, without prejudice to his interests, while ensuring a fully adequate IT system, subject to the purpose, legal basis and principles of data processing. The Data Controller does not transmit the personal data of the data subject without his consent and does not make it available to third parties, unless it is required by law.

7.10. Other data, which are not directly or indirectly related to the data subject, which are not identifiable, hereinafter anonymous, shall not be considered personal data. adatnak nem minősülnek.

8. EXERCISE OF THE RIGHTS OF THE DATA SUBJECT

8.1. Rights of the Data Subject
The data subject may request information from the Data Controller about the processing of his personal data, and may request the rectification, erasure, withdrawal, restriction of processing, and exercise his right of data portability and objection.

a.) Right to receive information
At the request of the data subject, the Controller shall take appropriate measures to ensure that all information and information relating to the processing of personal data provided for in the General Protection Regulation for data subjects in a concise, transparent, understandable and easily accessible form, in a clear and understandable way.

b.) The right to access the data subject:
The data subject shall have the right to receive feedback from the Controller as to whether the processing of his personal data is in progress, if so, he shall have the right to obtain access to the personal data and to the following information:

• the purposes of data processing;
• categories of personal data concerned;
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, including, in particular, recipients in third countries or international organisations;
• the intended period of storage of personal data; the right to restrict rectification, erasure or processing and to object; the right to lodge a complaint addressed to the supervisory authority;
• information on data sources;
• the fact of automated decision-making, including profiling, and comprehensible information on the logic used and the significance of such data management and the expected consequences for the data subject.

The Data Controller shall provide a copy of the personal data subject to processing to the data subject. For additional copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. At the request of the data subject, the data controller shall provide the information in electronic form.

The right to information may be exercised in writing through the contact details indicated in point 1. At the request of the data subject, after a credible proof of his identity and identification, information may be provided orally.

c.) Right of rectification:
The data subject may request the rectification of inaccurate personal data relating to him processed by the Data Controller and the completion of incomplete data.

d.) Right to erasure:
The data subject shall have the right to delete the personal data concerning him without undue delay at his request for one of the following reasons:

• personal data are no longer required for the purposes for which they were collected or otherwise processed;
• the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;
• the data subject objects to data processing and there is no priority legitimate reason for processing;
• the personal data have been unlawfully processed;
• the personal data must be deleted in order to comply with the legal obligation imposed by EU or Member State law applicable to the Controller.
• personal data were collected in connection with the provision of information society services.

The erasure of data cannot be initiated if processing is necessary:

• for the purpose of exercising the right to freedom of expression and information;
• to fulfil an obligation under European Union or national law applicable to the controller to process personal data, or to carry out a task in the public interest or in the exercise of a public authority conferred on the controller;
• for research purposes in the field of public health or for archiving, scientific and historical research or statistical purposes, on the basis of public interest;
• or for the establishment, exercise or defence of legal claims.

e.) Right to restrict data processing
At the request of the data subject, the Controller restricts the processing if one of the following conditions is met:

• the data subject contests the accuracy of the personal data, in which case the restriction relates to the period enabling the accuracy of the personal data to be verified;
• the processing is unlawful and the data subject opposes the deletion of the data and instead requests the restriction of their use;
• the Data Controller no longer needs the personal data for the purposes of processing, but the data subject requests them for the establishment, exercise or defence of legal claims; or
• the data subject objected to the processing; in this case the restriction relates to the period until it is established whether the legitimate grounds of the Data Controller take precedence over the legitimate grounds of the data subject.

Where processing is subject to restriction, personal data, except for storage, may be processed only with the consent of the data subject, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or in accordance with the European Union or any may be dealt with in the important public interest of a Member State. The Data Controller shall inform the data subject in advance of the lifting of the restriction of data processing.

f.) Right to data portability:
The data subject shall have the right to receive personal data concerning him and which he has made available to the Controller in a structured, widely used, machine-readable format and to transmit such data to another controller.

g.) Right of objection:
The data subject shall have the right to object at any time for reasons relating to his or her own situation to the processing necessary for the performance of a task in the public interest or within the framework of the exercise of a public authority vested in the controller, or by the Controller or by a third party against the treatment necessary to enforce legitimate interests.
In case of objection, the Data Controller may no longer process the personal data unless justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the data subject, or which are required to establish, enforce legal claims or are related to the protection of.
For direct marketing purposes, the Data Controller does not process personal data.

8.2. Rules of Procedure
The Data Controller shall inform the data subject of the measures taken following the request without undue delay and in any case within one month of receipt of the request. If necessary, taking into account the complexity of the application and the number of applications, this time limit may be extended by a further two months. The Data Controller shall inform the Data Subject of the extension of the deadline, indicating the reasons for the delay, within one month from the receipt of the request. Where the data subject has submitted the request by electronic means, the information shall be provided electronically, unless the data subject so requests otherwise.
If the Data Controller fails to take action at the request of the Data Subject, it shall inform the Data Subject without delay, but no later than within one month from the receipt of the request, of the reasons for non-action and that the Data Subject may lodge a complaint with a supervisory authority.
The Data Controller provides the requested information and information free of charge. If the data subject’s request is clearly unfounded or exaggerated, in particular because of its repetitive nature, the Controller may charge a reasonable fee for the administrative costs involved in providing the requested information or information or taking the requested action, or may refuse action on the basis of application.
The Controller shall inform all recipients of any rectification, erasure or restriction of processing to whom the personal data has been disclosed, unless this proves impossible or requires disproportionate effort. Upon request, the Data Controller shall inform the data subject of these recipients.
The Data Controller shall provide a copy of the personal data subject to processing to the data subject. The Controller may charge a reasonable fee based on administrative costs for further copies requested by the data subject. Where the data subject has submitted an application by electronic means, the information shall be provided in electronic format, unless otherwise requested by the data subject.

8.3. Compensation and compensation
Any person who has suffered material or non-material damage as a result of a breach of the General Protection Regulation shall be entitled to compensation from the Controller or the processor for the damage suffered. The Processor shall be liable for damages caused by data processing only if he has not complied with the obligations imposed by law, specifically on the processors, or if the legal instructions of the Controller have been ignored or with he acted in the opposite way.
If both the Controller and the Processor are involved in the same processing and are liable for any damage caused by the processing, the Controller and the Processor shall be jointly and severally liable for all damages.
The Controller or the Processor shall be exempted from liability if he proves that he is not liable in any way for the event that caused the damage.

8.4. Data Protection Authority Procedure
The data subject may lodge a complaint concerning the processing of his personal data by the Data Controller with the National Authority for Data Protection and Freedom of Information as a supervisory authority. Contact details of the supervisory authority:

National Authority for Data Protection and Freedom of Information (NAIH)
address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/c
postal address: H-1530 Budapest, Pf.: 5
e-mail:
phone: +36 (1) 391-1400
fax: +36 (1) 391-1410

9. DATA INCIDENTIFICATION SYSTEM

9.1. Data Protection Incident: a breach of security which entails accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to personal data transmitted, stored or otherwise processed. results.

9.2. Notification of a personal data breach to the supervisory authority

a.) The Data Controller shall notify the data breach to the competent supervisory authority without undue delay and, if possible, no later than 72 hours after the personal data breach becomes aware of it, unless the personal data breach is likely not to entail a risk in the natural rights and freedoms of persons. If the notification is not made within 72 hours, it shall be accompanied by reasons justifying the delay.

b.) The Processor shall notify the data breach to the controller without undue delay after becoming aware of it. (24 hours maximum)

c.) If and where it is not possible to communicate the information at the same time, it may be provided in instalments without further undue delay.

d.) The Data Controller records data breaches, indicating the facts relating to the personal data breach, its effects and the measures taken to remedy it.

9.3. Informing the data subject of the personal data breach

a.) If the personal data breach is likely to entail a high risk to the rights and freedoms of natural persons, the controller shall inform the data subject of the personal data breach without undue delay. (maximum 24 hours)

b.) The information provided to the data subject shall clearly and clearly explain the nature of the personal data breach and provide the abovementioned information and measures.

c.) The data subject shall not be informed if any of the following conditions are met:
• the Controller has implemented appropriate technical and organisational protection measures and these measures have been applied to the data affected by the personal data breach, in particular those measures, such as the use of encryption, which are intended to address the make the data unintelligible to persons who are not authorised to access it;
• the Controller has taken further measures following the data breach to ensure that the high risk to the rights and freedoms of the data subject referred to in the preceding paragraph is no longer likely to materialise;
• the information would require a disproportionate effort. In such cases, data subjects shall be informed by means of publicly disclosed information or similar measures shall be taken to ensure that data subjects are equally effectively informed.

Tamás Deim
Managing director
Inter-CAD Engineering
Software Development and Service Provider Kft.