© 2019 by IP Camp Kft.

1113 Budapest, Bocskai str. 134-146, Hungary

  • LinkedIn Social Icon
  • Facebook Social Icon

PRIVACY POLICY OF IP CAMP

Valid from: 25.05.2018

 

The operator of the WWW:IP-CAMP.EU website (hereinafter: Website), IP-CAMP Kft. (hereinafter: Service Provider) informs the Users regarding the data processing on the website and the Service Provider’s activities in accordance with the General Data Protection Regulation no. 2016/679 of the European Parliament and of the Council (hereinafter: GDPR).

 

1. Definitions

 

Service Provider: IP CAMP Kft. (Registered seat: 1113 Budapest, Bocskai út 134-146., Company register number: 01-09-299379, Represented by: László Ferenczi managing director) operating the website and providing the services.

 

Website: The totality of the contents and services available under the www.ip-camp.eu domain. 

 

User: A person visiting, browsing the Website.

 

Service: The information technology service provided by the Service Provider: software development, support, education etc.

 

Client: The person who concluded a contract with the Service Provider for the Service and uses the Service of the Service Provider.

 

Contact persons: the contributors, employees, subcontractors of the Client, with whom the Service Provider is obliged to cooperate in order to perform the contract.

 

2. What is the purpose of this privacy policy?

By using the Website and the Services, a contract is made between the Service Provider and the User or Client.  In this privacy policy, the Service Provider informs the Users and Clients, in accordance with the relevant laws, about the personal data processing occurring on the Website and during the provision of the Service in detail.  In respect of the data processing occurring on the Website, the Service Provider is considered as data controller.  The Service Provider is also considered as data controller during the provision of the Services. 

 

3. What is the purpose of the Website?

On the Website, the Users may get information regarding the Services offered by the Service Provider without registration. The Users and Clients are responsible for the data provided and the contents uploaded by the Users and Clients; the Service Provider excludes its liability therefor.

 

4. How does the privacy policy concern the User and other data subjects?

By visiting the Website, using the services available on the Website, using the functions of the Website, the User automatically, without any further legal declaration, acknowledges the content of this privacy policy. By concluding the contract for a Service or by ordering a Service, the Client automatically, without any further legal declaration, acknowledges the content of this privacy policy.

 

5. Who may modify this privacy policy and how, and where and how does the Service Provider publish it?

The Service Provider is entitled to unilaterally modify this privacy policy at any time. The service provider publishes the modification of the privacy policy by displaying the consolidated text of the privacy policy under a separate menu entry on the Website. We request the Users and Clients to carefully read the privacy policy every time they visit the Website. This privacy policy is continuously available on the Website. The Users and Clients may open, review, print and save this privacy policy from the Website, however, they may not modify it, since that can be done only by the Service Provider. 

 

6. Which of your personal data and how long do we process, what do we use them for and upon what authorization? 

The legal grounds for our data processing are the following:

a) according to paragraph (1) a) of Article 6 of the GDPR, the informed and freely given consent of the user to the data processing (hereinafter: Consent);

b) according to paragraph (1) b) of Article 6 of the GDPR, the data processing is necessary for the performance of a contract to which the User as data subject is a party (hereinafter: Performance of contract)

c) according to paragraph (1) c) of Article 6 of the GDPR, the processing is necessary for compliance with a legal obligation to which the data controller is subject (hereinafter:  Compliance with legal obligation)

d) according to paragraph (1) d) of Article 6 of the GDPR, processing is necessary to protect the vital interests of the data subject or of another natural person (hereinafter: Vital interest);

e) according to paragraph (1) e) of Article 6 of the GDPR, processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (hereinafter: Public interest);

f) according to paragraph (1) f) of Article 6 of the GDPR, processing is necessary for the exercising of the legitimate interests pursued by the controller or by a third party (hereinafter: Legitimate interest)

 

6.1. Processing the data of persons requesting an offer

 

The Service Provider processes the following data and for the below purposes of the persons contacting it in order to request a quote:

 

Category of the data subject

Category of the processed data

Data source

Purpose of data processing

Legal ground for data processing

Data storage period, time of erasure

Person requesting an offer

Name, Telephone number, e-mail address

Provided by the data subject

Giving an offer

Concluding a contract

5 years from the receipt of the offer (general limitation period)

 

The processing and storage period of the data related to making an offer corresponds with the general civil law limitation period of 5 years; keeping the data is necessary within this limitation period for the possible enforcement of rights and claims.

 

6.2. Processing data of the contact persons of contractual Clients

 

The Service Provider uses the data of the contact persons of the Clients having contractual relationship with the Service Provider in order to perform its contract existing with the Client and to keep contact with the Client as follows: 

 

Category of the data subject

Category

of the processed data

Data source

Purpose of data processing

Legal ground

for data processing

Data storage period, time of erasure

Contact persons and representatives of the contractual Clients

name

Contractual Client

a) Communication in respect of the contract

b) Performance of the contract c) Enforcing claims and exercising rights

Legitimate interest

If the data are included in the contract, for 8 years from the termination of the contract If the data are not included in the contract, for 5 years from the termination of the contract

 

telephone number / mobile telephone number

Contractual Client

a) Communication in respect of the contract
b) Performance of the contract c) Enforcing claims and exercising rights

Legitimate interest

If the data are included in the contract, for 8 years from the termination of the contract If the data are not included in the contract, for 5 years from the termination of the contract

 

e-mail address

Contractual Client

a) Communication in respect of the contract
b) Performance of the contract c) Enforcing claims and exercising rights

Legitimate interest

If the data are included in the contract, for 8 years from the termination of the contract If the data are not included in the contract, for 5 years from the termination of the contract

 

position

Contractual Client

a) Communication in respect of the contract
b) Performance of the contract c) Enforcing claims and exercising rights

Legitimate interest

If the data are included in the contract, for 8 years from the termination of the contract If the data are not included in the contract, for 5 years from the termination of the contract

 

It is in the legitimate interest of both the Service Provider and the Client that the Client may be continuously reached through its contact persons. The data regarding the contact persons are limited and only include data that are significant from the point of view of sending notifications; the provided telephone number and e-mail address usually serve specifically for corporate communication, therefore this does not affect the basic rights and freedoms of the relevant contact person unproportionately. The storage period, if the data are part of the contract, corresponds to the storage period prescribed by the accounting act, which relates to the storage of the contract. If the data are not included in the contract, the storage period is the general civil law limitation period of 5 years 

 

6.3. Data processed during the automatic data collection related to the Website

 

We use cookies and different other programs in order to get to know the needs of the Website Users and their behaviour related to the Website and to further develop the Website based on those and prepare anonymous statistics about the Website visits. Some tiny programs facilitate that the User does not need to repeatedly enter their identification data at the next sign-in and that their identification is easier and faster, while other programs serve the identification of the User.

 

We specify the data collected on the Website as follows:

 

Category of the data subject

Category of the processed data

Data source

Purpose of data processing

Legal ground for data processing

Data storage period, time of erasure

Users

visiting the Website IP address, country, type and version of browser, device and operation system used, language settings, time of visit Website visit data (pages viewed, time spent, clicks, openings)

Automatically collected

Preparation of Statistics by the Service Provider Website Development Identification, recognition of the User

necessary for pursuing the legitimate interests of the data controller

... years from the visit

 

The above data processing is in the legitimate interest of the Service Provider, since it can develop its Website and make it safer by this. The scope of the processed and collected data is not significant, the Service Provider only uses those to prepare and analyse anonymized statistics, it does not collect behavioural preferences and no automated decision-making happens based on those, furthermore, neither does the Service Provider send personalized offers to the Users.   As a result of the above, this data processing does not affect the basic rights and freedoms of the User unproportionately.

 

During the visit of the Website and using the services, we place cookies in the browser of the User and in the HTML-based e-mails in accordance with this privacy policy. In general, the cookie is a tiny file, which is composed of letters and numbers and which we send to the device of the User from our server.

 

The purpose of the cookies used by the Service Provider:

 

a) Security: supporting and making security possible  

b) Performance, analytics and research: these types of cookies help the Service Provider get to know how the Website performs at different places. The Service Provider may also use such cookies, which evaluate, correct and search the Website, products, functions, services, including the case when the User enters the Website from other websites, and including other devices as, for example, the computer or mobile device of the User.

 

The types of cookies used by the Service Provider:

 a) analytics, tracking cookies

b) session cookies, which only work until the work session (generally the given visit on the Website or a browser session) lasts;

c) permanent cookies: help to recognize the User as an existing User, thereby the return to the Website is easier without a repeated sign-in. After the User signs in, the permanent cookie stays in the browser of the User and the Website can read it when the user returns to the Website.

 

Control and direction of cookies: Most browsers make it possible that the Users control the use of cookies through the settings. However, if the User limits the Website in using cookies, that may be to the detriment of user experience, since it will not any more be personalized to the User. Furthermore, the User may stop the saving of personalized settings as well, for example, the saving of sign-in information. If the user does not want that the Service Provider uses cookies when he visits the Website, the User may block the use of cookies. In order that the Service Provider gets to know that the User blocked the use of cookies, the Service Provider places a block cookie on the device of the user, so that the Service Provider will know next time the User visits the Website that it may not place cookies.

 

If the User does not wish to receive cookies, the User may change the browser settings on his computer. The Website does not work properly without cookies.

 

6.4. Processing the data of job applicants

 

The resumé and other data submitted to the Service Provider by job applicants are processed by the Service Provider as follows: We inform you that by sending your resumé or job application to our company, you consent to it that we process and store your personal data for the purposes of recruitment, giving job offers, contact and identification and that we send  messages and notifications to your provided contact details to this end.

 

During the course of the recruitment process, when applying for a specific position, we process the below mentioned personal data provided by you and other personal data collected by us about you only during the recruitment process and we erase all of your data after the end of the recruitment process.

 

 

Should the recruitment process be protracted and last for longer than a year, we process your data for maximum one year from their submission and at the end of such period we ask you again whether you wish to prolong the processing of your data for the entire term of the recruitment process, i.e. also for the period exceeding the one year. If you do not answer to such question within 30 days or if you do not wish to prolong the data processing period, we erase your data.

 

However, you also have the opportunity to have your such data saved in our data basis and let us process them for future recruitment and job offer purposes irrespective of the specific position your application is related to.  To this, we request your consent. If you gave your consent to this, then we shall be entitled to process your data in our own data basis for this purpose for further two years. The reason for a two-year period is that we need to ensure the accuracy and actuality of the data provided by you and the data collected and processed by us, and this may not be ensured after three years, since data may be outdated and may lose their actuality. Before the expiry of the three years, we may again contact you in order to receive your data processing consent for another 2 years and to suggest the clarification and actualization of your data. If you do not consent to further data processing or do not make any declaration within 30 days from sending such request, we erase your data from the data basis.

 

If we establish an employment relationship with you, then our employee data processing policy will apply to the processing period of these data, about which we will inform you at the time of concluding the employment contract.

 

We will determine the legal ground for the data processing particularly for each data category and data processing purpose:

 

Type of data processed

Data source

Purpose of data processing

Legal ground for data processing

Resumé data: name, address, mother’s name, contact details (e-mail, telephone number), photograph, professional qualification, education, skills, work places, professional experience, hobby etc.

respective applicant

Recruitment,
Making an offer Keeping contact Identification

consent of the data subject

Personality and behavioural traits observed during the interview in order to determine suitability

service provider

Recruitment
Making an offer

consent of the data subject

results of professional tests

service provider

Recruitment
Making an offer

consent of the data subject

 

In case of an application to a job advertisement, we may ask you to take professional tests and professional aptitude tests. Such examinations and aptitude testing are done by us, and following their evaluation, we immediately destroy the tests and the answers given to them and will inform you of the result of the test.  Before any such professional or aptitude test, we will inform you about what skill or ability the test is aiming to assess, what tool or method the examination is carried out with and also about whether it is prescribed by law and, if it is, then we also indicate the relevant law.   The details and documentation of the professional examinations and aptitude tests are destroyed by the Employer following their evaluation and only that information is kept whether you are suitable for the position determined in the job advertisement.  After the closing of the recruitment process, we will inform you in an e-mail about whether or not your application was successful and whether we wish to conclude an employment relationship with you.

 

Giving and withdrawing the consent

 

You freely give your consent to the processing of your above mentioned data for the above mentioned purposes by actively sending your application to the job advertisement. You may withdraw your consent to the data processing at any time by sending an e-mail message to the info@ip-camp.com e-mail address, where the obligatory data to be provided are: name, date of birth and an e-mail address in order that we can identify whose data we have to erase. In case of the withdrawal of your consent, you will have all of your data processed by us erased. The erasure obligation applies both to electronically stored and paper-based data and it also includes all our notes regarding you and all conclusions deduced.

 

 

7. Who processes your personal data and who has access to them?

 

7.1. The data controller The data controller of the data determined in clause 6 is the Service Provider, the contact details and corporate data of which are as follows:

 

IP CAMP Kft.

Registered seat: 1113 Budapest, Bocskai út 134-146.,

Company register number: 01-09-299379,

Represented by: Contact details of László Ferenczi, managing director: he may be reached at the registered seat and office of the company and on the telephone numbers of the company,

Tax number: 25972665-2-43

Telephone: +36 20 930 9866

E-mail address: laszlo.ferenczi@ip-camp.com

Website: www.ip-camp.eu

 

On behalf of the Service Provider, the employees of the Service Provider have access to your data to the extent that it is absolutely necessary for completing their jobs.  

 

7.2. Data processors

 

For processing and storing your personal data, we employ different undertakings, with which we conclude contracts for the processing of data.  The following data processors process your data:

 

 

Name and address of data processor

Purpose of data processing

Data concerned by the data processing

 

 

Accounting, payroll accounting

data necessary for fulfil accounting tasks

 

Webhosting, hosting

data indicated in clause 6.3.

 

Server lease, server hosting

data indicated in clause 6.

Microsoft (Microsoft Corporation

One Microsoft Way

Redmond, WA 98052

United States)

cloud service

data indicated in clauses 6.1., 6.2., 6.4.

 

 

From the data processors used, the data processor resident in the USA is included in the adequacy decision passed by the European Commission according to Article 45 of the GDPR and in the Commission Implementing Decision no. 2016/1260 and it is on the US-EU Privacy Shield List prepared based on the latter, which means that such data transfer is not considered as data transfer to a third country outside the European Union and no separate consent of the data subjects is necessary therefor, and that the data transfer thereto is allowed under Article 45 of the GDPR. These undertakings have agreed to comply with the GDPR.

 

 

8. Who is the data protection officer of the Service Provider and what are his contact details?

 

The Service Provider is not obliged to appoint a data protection officer. 

 

9. What rights do you have regarding the processing of your data and how do we ensure their exercise?

 

a) Right of access: you can request information as to what data, for what purpose and how long we process, to whom we disclose them and the source of your data processed by us.

 

b) Right to rectification: if your data have changed or we recorded them incorrectly, you may request their rectification, correction or specification. Please check your data regularly and inform us of any change in your data within 15 days thereof, so that our database about you can always be up-to-date and accurate.

 

c) Right to erasure: in the cases laid down in the law, you may request that we erase your data processed by us. 

 

d) Right to restriction of processing: in the cases laid down in the law, you my request that we restrict the data processing.

 

e) Right to object: in case of data processing based on legitimate interest, you may object to the processing of your data, in which case we do not process your data any further, but erase them.

 

Right of data portability: by exercising this right, you may request that we provide you with your certain type of data determined by law, or in case of your specific request and authorization, that we transmit them directly to another service provider appointed by you.   We call your attention to it that data portability may only be requested regarding data provided by you and processed by us by automated means and upon your consent, and that we can fulfil the request to transmit them to another service provider only if that is technically feasible and secure.  In case of the above request, we proceed in accordance with the law and we inform you of the measures we have taken based on your request within a month.

 

g) Right to withdraw consent: when we process your data based on your consent, you have the right to withdraw your consent at any time, however, this does not affect the lawfulness of our processing before such withdrawal of consent. 

 

h) Right to lodge a complaint: in case you experience an infringement of your rights in respect of our data processing, you may lodge a complaint at the competent supervisory authority:

National Authority for Data Protection and Freedom of Information

Website: http://naih.hu

Mailing address: 1530 Budapest, Pf.: 5.

E-mail: ugyfelszolgalat@naih.hu

Telephone number: +36 (1) 391-1400

 

Besides all the above, you may initiate a lawsuit against the Service Provider in case of the breach of personal data protection. You may exercise the above rights by sending an e-mail to the info@ip-camp.com customer service address or in a letter mailed to the registered seat of the Service Provider; in case of such request, we proceed in accordance with the provisions of the relevant laws and will inform you about the measures we have taken within a month.

 

In respect of requesting information exercising the right to access, we inform you that, based on Article 15 paragraph (3) and (4) of the GDPR, we are not able to provide you with a copy of data processed exclusively on paper, if the personal data of other persons are also included in such document, since the disclosure of such data to third parties prejudices the data protection and individual rights of the given person. 

 

11. How do we ensure the safety of your data?

 

The Service Provider put in place and implemented the following information security measures in order to protect the data:

 

The personal data are stored on the servers we rent and on the hard discs of the computers of the Service Provider, to which only a limited group of persons and employees have access based on strict rules of authorization management.

Access to the data and documents stored in the document management system is only possible with a password and with appropriate authorization.

 

The use of our local computers require the use of passwords. Our servers are placed in a guarded server room, where the protection against water, fire and unlawful entry is assured. We test and inspect our information technology systems from time to time, repeatedly and regularly in order to create and maintain data security and IT security.

 

Regular and continuous protection against malicious software is ensured for all systems and system elements of the Service Provider. During the course of planning and operating programs, applications and tools, we consider the security functions as priority and deal with them separately. We arrange for the protection of the data regarding the security of the information system (e.g. passwords, authorizations, logs) when allocating the access authorizations.

 

A backup is created about the data every day.  Only a very limited group of authorized persons may access the backups. In respect of the messages, files sent electronically, we ensure the integrity of the data both for (communication) controller data and for user data in order to comply with the requirement of secure data exchange. We also comply with the data security requirements, which we determined in the document management rules, during document management.  In order to create physical data security, we ensure the appropriate protection of our doors and windows and apply strict visiting and access rules regarding our visitors. The premises provide adequate security against unlawful or forcible entry as well as against fire and natural disasters. Furthermore, the storage of data carriers used for data transfer, saving and archiving is only permissible in a reliably locked place.

 

12. What do we do if a data breach occurs at us?

 

In accordance with the relevant laws, we report the data breach to the supervisory authority within 72 hours of becoming aware of it, and we keep record of personal data breaches. In case it is required by law, we also inform thereof the users concerned and we proceed in compliance with our incident management policy.

 

13. When and how do we modify this privacy policy?

 

If the scope of the processed data or other circumstance of data processing changes, this privacy policy will be modified and published on the website in accordance with the GDPR within 30 days.