Privacy policy
GDPR, ePrivacy, Privacy Act
Last updated on .
1. Introduction
This Privacy Policy (hereinafter referred to as Policy) seeks to harmonize the protection of fundamental rights and freedoms of natural persons in respect of processing activities of personal data during the activities of the natural persons on the website https://www.skyint.io (hereinafter referred to as Website) and during the activities of the natural persons on the business relationship of the Skyint Limited Liability Company (hereinafter referred to as Controller) as Controller. So, every data processing by the Controller in connection with using, browsing, or acting on the Website of any natural person or acting any mode on business relationship of the Controller by any natural person are the scopes of this Policy.
The purpose of this Policy is to lay down, in the areas falling within its scope, the fundamental rules for data processing to ensure that natural persons' right to privacy is respected and protected by the Controller.
The Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR) (hereinafter referred to as GDPR) and the (Hungarian) Act CXII of 2011 on the right to informational self-determination and on the freedom of information (hereinafter referred to as Information Act) apply on this Policy.
2. Definitions
| Term | Definition |
|---|---|
| Personal data | Personal data means any information relating to an identified or identifiable natural person ("Data Subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. During the application of this Policy personal data means also the log files, the cookie files, the email address, the organisations in relation to the natural person etc. |
| Processing | Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. |
| Controller | Controller means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by European Union or Hungarian law, the Controller or the specific criteria for its nomination may be provided for by European Union or Hungarian law. During the application of this Policy the Skyint Limited Liability Company set forth as Controller. The Controller has been accurately recorded in point 1 of this Policy. |
| Processor | Processor means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the Controller. The Processor has been accurately recorded in point 6 of this Policy. |
| Data Subject | Data Subject means a natural person identified or identifiable based on any information. |
| Identifiable natural person | Identifiable natural person means a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. |
| Consent of the Data Subject | Consent of the Data Subject means any freely given, specific, informed, and unambiguous indication of the Data Subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. |
| Third party | Third party means a natural or legal person, public authority, agency, or body other than the Data Subject, controller, processor, and persons who, under the direct authority of the Controller or Processor, are authorised to process personal data. |
| Personal data breach | Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed. |
3. Principles
| Principle | Description |
|---|---|
| Lawfulness, fairness and transparency | Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the Data Subject. |
| Purpose limitation | Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes. |
| Data minimisation | Personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed. |
| Accuracy | Personal data shall be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased, or rectified without delay. |
| Storage limitation | Personal data shall be kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the Data Subject |
| Integrity and confidentiality | Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures. |
| Accountability | The Controller shall be responsible for and shall be able to demonstrate compliance with the principles of the personal data processing. |
4. Controller
The Controller determines the purposes for which and the means by which personal data is processed.
The content of the Website is provided by the Controller. The Controller creates and maintains the website.
| Name | Skyint Limited Liability Company (Skyint Korlátolt Felelősségű Társaság) |
|---|---|
| Short name | Skyint Ltd. (Skyint Kft.) |
| Registered address | H-2314 Halásztelek, Eötvös Lóránd utca 9/A, Hungary |
| Business Registration Court | Company Registry Court of Budapest Environs Regional Court |
| Business Registration Number | 13-09-213236 |
| VAT number | 29270006-2-13 |
| EU VAT number | HU29270006 |
| Chief Executive Officer | Dr. TIMÁR, András |
| Website | https://www.skyint.io |
| Business Email | helloskyint.io / infoskyint.io |
| Telephone | +36-70-318-1789 |
5. Processor
There is no automated decision making involved during processing.
The Controller processes all the data under scope of this Policy together with the Processor(s) listed below:
| Name | Cloudflare Inc. |
|---|---|
| Address | Cloudflare Germany GmbH Rosental 7 80331 München Attention: Data Protection Officer |
| Website | https://www.cloudflare.com |
| privacyquestionscloudflare.com | |
| Description | The Processor provides the following services to the Controller: web hosting, content delivery network and cyber security required for operation of the Website. The Processor processes website logs and network traffic logs. In addition, the Processor is a data processor for any of the content provided by the Controller and End Users through the Services that transits, or in some cases, is stored on, the Cloudflare network. Where Cloudflare is a data processor, Cloudflare processes data on behalf of the Controller pursuant to its data processing instructions. |
6. Data processed by the Controller and the purpose of processing
The General Data Protection Regulation and the Hungarian Information Act do not give specific storage periods for personal data. Other legislation may specify minimum data retention periods in connection with specific documents (e.g., general period of limitation for civil law claims, employment-related documents, safe-keeping of accounting documents and tax returns, employer's certificates concerning social security and workplace accident allowance, declarations on social security entitlement, etc.), however, which the Controller shall comply with.
The length of time the Controller keeps personal data varies from a few minutes to many years.
When personal data is kept for longer than the data retention periods, the Controller takes measures to ensure this personal data is only used for purposes that require a longer retention period.
6.1. Cookies
Cookies are used as defined in the Skyint Website Cookie Policy.
| Cookies | Purpose of processing | Term of processing |
|---|---|---|
| Strictly Necessary Cookies | Content delivery and cyber security. | As defined in the Skyint Website Cookie Policy. |
6.2. Log files
| Log file (data) | Purpose of processing | Term of processing |
|---|---|---|
| IP address and hostname | Content delivery and cyber security. | 30 days |
| Operation system type and version | Content delivery and cyber security. | 30 days |
| Browser type, version, locale, and language settings | Content delivery and cyber security. | 30 days |
| Date and time of the request | Content delivery and cyber security. | 30 days |
| Internet service provider | Content delivery and cyber security. | 30 days |
6.3. Contact data
| Cookies | Purpose of processing | Term of processing |
|---|---|---|
| Data Subject's first name and last name, organization, email address and phone number | To be in contact with the Data Subject as potential or as existing client of the Controller. | Kept for 8 years after your business relationship with Skyint ends. |
7. Data processed by the Controller and the legal basis of processing
7.1. Cookies
The legal basis of processing is the Controller's legitimate interests to ensure uninterrupted operation of the Website and to ensures its network security.
7.2. Log files
The legal basis of processing is the Controller's legitimate interests to ensure uninterrupted operation of the Website and to ensures its network security.
7.3. Contact data
The legal basis of processing is Consent and the Controller's legitimate interest to process data from a prospect or lead to communicate about potential business and process data for a customer necessary to support the ongoing business relationship.
8. Consent of Data Subject
8.1. By sending email to "skyint.io" domain the Data Subject gives consent to process the contact data, and the Data Subject shall also acknowledge to read and to know this Policy, and to accept the provisions of this Policy. Giving consent by Data Subject is required to implement any contact with the Data Subject by the Controller.
8.2. The Data Subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the Data Subject shall be informed thereof. (Right to erasure). The withdrawal of consent may be implemented by email to the address: data-protectionskyint.io.
9. Rights of the Data Subject
9.1. Right to be informed: With regard to the personal data of the Data Subject processed by the Controller acting on behalf of, or instructed by, the Controller, according to the conditions laid down in the GDPR and / or in the Information Act, the Data Subject shall be entitled to receive information, prior to the start of processing, on the facts connected to the processing. By publishing this Policy on the Website and making its available to the Data Subject, the Controller provides complete information to the Data Subject according to the prior information right.
9.2. Right to access: With regard to the personal data of the Data Subject processed by the Controller acting on behalf of, or instructed by, the Controller, according to the conditions laid down in the GDPR and / or in the Information Act, the Data Subject shall be entitled to have his/her personal data and the information related to their processing provided by the Controller on his/her request. After proof of identity, the Data Subject is entitled to request in email (to email address data-protectionskyint.io) any information related to him/her personal data processing of the Controller.
9.3. Right to rectification: With regard to the personal data of the Data Subject processed by the Controller acting on behalf of, or instructed by, the Controller, according to the conditions laid down in the GDPR and / or in the Information Act, the Data Subject shall be entitled to have his/her personal data rectified or completed by the Controller on his/her request by email (to email address data-protectionskyint.io).
9.4. Right to erasure: With regard to the personal data of the Data Subject processed by the Controller acting on behalf of, or instructed by, the Controller, according to the conditions laid down in the GDPR and / or in the Information Act, the Data Subject shall be entitled to have his/her personal data erased by the Controller on request by email (to email address data-protectionskyint.io). The Data Subject acknowledges that the data has been automatically erased by the Controller after term of processing according to Section 6 of this Policy.
9.5. Right to restriction of processing: With regard to the personal data of the Data Subject processed by the Controller acting on behalf of, or instructed by, the Controller, according to the conditions laid down in the GDPR and / or in the Information Act, the Data Subject shall be entitled to have the processing of his/her personal data restricted by the Controller on his/her request. The Data Subject acknowledges that, by restricting data processing, the Website is not or is not fully accessible.
9.6. Right to data portability: With regard to the personal data of the Data Subject processed by the Controller acting on behalf of, or instructed by, the Controller, according to the conditions laid down in the GDPR and / or in the Information Act, the Data Subject shall be able to obtain and reuse their personal data for their own purposes across different services. To allow the Data Subject to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. This request shall be made by email (to email address data-protectionskyint.io).
9.7. Right to object: With regard to the personal data of the Data Subject processed by the Controller acting on behalf of, or instructed by, the Controller, according to the conditions laid down in the GDPR and / or in the Information Act, the Data Subject shall be able to object to the processing of his/her personal information in certain circumstances. This request shall be made by email (to email address data-protectionskyint.io).
9.8. Rights in relation to automated decision making and profiling: With regard to the personal data of the Data Subject processed by the Controller acting on behalf of, or instructed by, the Controller, according to the conditions laid down in the GDPR and / or in the Information Act, the Data Subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. There is no automated individual decision-making nor profiling performed by the Data Controller or the Data Processor.
10. Right to remedies
10.1. Right to lodge a complaint with the Controller: Without prejudice to any other administrative or judicial remedy, every Data Subject shall have the right to lodge a complaint with the Controller if the Data Subject considers that the processing of personal data relating to him or her infringes the GDPR and / or the Information Act. Any complaint has been entitled to submit on email to the email address data-protectionskyint.io of the Controller.
10.2. Right to lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information: Without prejudice to any other administrative or judicial remedy, every Data Subject shall have the right to lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (hereinafter referred to as “Authority”), if the Data Subject considers that the processing of personal data relating to him or her infringes the GDPR and / or the Information Act.
Contacts to Authority:
| Name | Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság) |
|---|---|
| Address | H-1055 Budapest, Falk Miksa utca 9-11., Hungary |
| Postal Address | H-1363 Budapest, Pf.: 9., Hungary |
| ugyfelszolgalatnaih.hu | |
| Official Gateway | Short name: NAIH KR ID: 429616918 |
| Phone | +36-1-391-1400 |
| Fax | +36-1-391-1410 |
10.3. Right to an effective judicial remedy against the Authority: Without prejudice to any other administrative or non-judicial remedy, each natural or legal person (any Data Subject) shall have the right to an effective judicial remedy against a legally binding decision of the Authority concerning them. Proceedings against the Authority shall be brought before the courts of the Hungary where the Authority is established, so before Budapest-Capital Regional Court.
Contacts to Budapest-Capital Regional Court:
| Name | Budapest-Capital Regional Court |
|---|---|
| Address | H-1055 Budapest, Markó utca 27., Hungary |
| Phone | +36-1-354-6000 |
10.4. Right to an effective judicial remedy against the Controller or the Processor: Without prejudice to any other administrative or non-judicial remedy, each natural or legal person (any Data Subject) shall have the right to an effective judicial remedy where he or she considers that his/her rights under the GDPR and / or the Information Act have been infringed as a result of the processing of his/her personal data in non-compliance with the GDPR and / or the Information Act. Proceedings against the Controller or the Processor shall be brought before the courts of the EU Member State where the Controller or Processor has an establishment. Alternatively, such proceedings may be brought before the courts of the EU Member State where the Data Subject has his/her habitual residence, unless the Controller or Processor is a public authority of an EU Member State acting in the exercise of its public powers.
The court where the Controller is established:
| Name | Budapest Environs Regional Court |
|---|---|
| Address | H-1146 Budapest, Hungária körút 179-187., Hungary |
| Postal Address | H-1590 Budapest, Pf.: 225. |
| birosag_bktbirosag.hu | |
| Phone | +36-1-885-6000 |
| Fax | +36-1-550-3936 |
11. Right to compensation and liability
The Data Subject who has suffered material or non-material damage as a result of an infringement of the GDPR or the Information Act shall have the right to receive compensation from the Controller or Processor for the damage suffered.
Any controller involved in processing shall be liable for the damage caused by processing which infringes this Regulation. The Processor shall be liable for the damage caused by processing only where it has not complied with obligations of the GDPR and / or the Information Act specifically directed to processors or where it has acted outside or contrary to lawful instructions of the Controller.
The Controller or the Processor shall be exempt from liability for damage if it proves that it is not in any way responsible for the event giving rise to the damage.
Where more than one controller or processor, or both a controller and a processor, are involved in the same processing and where they are, responsible for any damage caused by processing, each controller or processor shall be held liable for the entire damage in order to ensure effective compensation of the Data Subject. Where a controller or processor has, paid full compensation for the damage suffered, that controller or processor shall be entitled to claim back from the other controllers or processors involved in the same processing that part of the compensation corresponding to their part of responsibility for the damage.
Court proceedings for exercising the right to receive compensation shall be brought before the courts competent under point 10.4 of this Policy.
12. Responsibility of the Controller
Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the Controller shall implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with the GDPR and the Information Act. Those measures shall be reviewed and updated where necessary.
The measures shall include the codification, the edition, and the implementation of this Policy by the Controller.
Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing, the Controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures, such as pseudonymisation, which are designed to implement data-protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of the GDPR and of the Information Act and protect the rights of Data Subjects.
The Controller shall implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed. That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. In particular, such measures shall ensure that by default personal data are not made accessible without the individual's intervention to an indefinite number of natural persons.
13. Responsibility of the Processor
The Processor and any person acting under the authority of the Controller or of the Processor, who has access to personal data, shall not process those data except on instructions from the Controller, unless required to do so by European Union or EU Member State law.
14. Data transfer
Unless otherwise provided by an (Hungarian) Act or a bidding legal act of the European Union, no data transfer is used by the Controller, except for the Processor.
15. Restrictions
European Union or Hungarian or other EU Member State law to which the Controller or Processor is subject may restrict by way of a legislative measure the scope of the obligations and rights, when such a restriction respects the essence of the fundamental rights and freedoms and is a necessary and proportionate measure in a democratic society to safeguard:
- National security.
- Defence.
- Public security.
- The prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.
- Other important objectives of general public interest of the European Union or of Hungary or of other EU Member State, in particular an important economic or financial interest of the European Union or of Hungary or of other EU Member State, including monetary, budgetary and taxation matters, public health and social security.
- The protection of judicial independence and judicial proceedings.
- The prevention, investigation, detection, and prosecution of breaches of ethics for regulated professions.
- A monitoring, inspection or regulatory function connected, even occasionally, to the exercise of official authority.
- The protection of the Data Subject or the rights and freedoms of others.
- The enforcement of civil law claims.
In particular, any legislative measure shall contain specific provisions at least, where relevant, as to:
- The purposes of the processing or categories of processing.
- The categories of personal data.
- The scope of the restrictions introduced.
- The safeguards to prevent abuse or unlawful access or transfer.
- The specification of the Controller or categories of controllers.
- The storage periods and the applicable safeguards taking into account the nature, scope and purposes of the processing or categories of processing.
- The risks to the rights and freedoms of Data Subjects.
- The right of Data Subjects to be informed about the restriction unless that may be prejudicial to the purpose of the restriction.
16. Data security measures
For the purpose of ensuring an appropriate level of security concerning the personal data processed, the Controller and the Processor shall implement technical and organisational measures to reflect the level of risks, resulting from the processing to the enforcement of the Data Subjects' fundamental rights, taking into account, in particular, risks entailed by any processing of the sensitive data of the Data Subjects.
In the course of developing and implementing the measures, the Controller and the Processor shall take all circumstances of the processing into account, in particular the state of the art, the cost of implementing the measures and the nature, scope and purposes of processing, as well as the risks of varying likelihood and gravity for the enforcement of the rights of Data Subjects posed by the processing.
The Controller and, within the limits of its activity, the Processor shall ensure through the measures:
- The denial of access by unauthorised persons to the equipment used for the processing (hereinafter referred to as “processing system”).
- The prevention of unauthorised reading, copying, modification or removal of data-storage media.
- The prevention of unauthorised recording of personal data in the processing system, as well as of unauthorised access to, modification or erasure of the personal data stored therein.
- The prevention of using the processing system by unauthorised persons by means of data transmission equipment.
- That the persons authorised to use the processing system shall only have access to the personal data specified in the authorisation of access.
- The possibility of verifying and determining the identity of the recipients to whom the personal data have been or can be transferred or provided by means of data transmission equipment.
- The possibility of subsequently verifying and determining the scope of the personal data entered into the processing system, as well as the time of entering such data and the identity of the person who entered them.
- The prevention of unauthorised access to, copying, modification or erasure of personal data during their transmission or the transportation of the data-storage medium.
- The recoverability of the processing system in the event of a breakdown.
- The operability of the processing system, the reporting of malfunctions that occurred during its operation, and the prevention of the stored personal data being altered through the malfunctioning of the system.
17. Personal data breach
In the case of a personal data breach, the Controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the Authority, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the Authority is not made within 72 hours, it shall be accompanied by reasons for the delay.
The Controller shall document any personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken. That documentation shall enable the Authority to verify compliance.
When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Controller shall communicate the personal data breach to the Data Subject without undue delay. The communication to the Data Subject shall describe in clear and plain language the nature of the personal data breach and contain at least the information and measures referred to as follows:
- The name and contact details of the data protection officer or other contact point where more information can be obtained.
- The likely consequences of the personal data breach.
- The measures taken or proposed to be taken by the Controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
The communication to the Data Subject shall not be required if any of the following conditions are met:
- The Controller has implemented appropriate technical and organisational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption.
- The Controller has taken subsequent measures which ensure that the high risk to the rights and freedoms of Data Subjects is no longer likely to materialise.
- It would involve disproportionate effort. In such a case, there shall instead be a public communication or similar measure whereby the Data Subjects are informed in an equally effective manner.
18. Miscellaneous provisions and information
A separate data protection officer has not been designated by the Controller and has not been operated. The implementation of this Policy and performance of the requirements of the data privacy and protection shall be under the responsibility of the Chief Executive Officer of the Controller.
The GDPR and the Information Act shall apply with regard to the question not or not completely regulated in this Policy.