Please note that the websites operated by AppVision Kft. are not addressed to individuals.Due to its activities, AppVision Kft. does not provide services to individuals. Its products and services are software solutions and related services that support companies’ business activities and processes. When filling out forms or subscribing to our newsletters on our websites please, enter real business contact information!
AppVision Kft. (Registered office: 1087 Budapest, Könyves Kálmán Krt. 48-52. I.em. D/107, hereinafter referred to as “AppVision” or "Data controller") is committed to protecting the personal data of its clients and partners and considers that it is of utmost importance to respect its customers Right of Informational Self-Determination. The Data controller shall treat the personal data confidentially and will take any security, technical and organizational measures guaranteeing the security of these data.
This policy provides information about what personal data the Data controller manages and how it is used through its websites. You can learn how to verify the accuracy of this information and how to request deletion from the Data controller’s registers.
Please note that you can view most pages of our website, without providing any personal information. However, on our websites, it may be necessary for the purpose of customer relationship to register and identify the contact person of You as a specific enterprise, budgetary or social organization. This statement applies only to the websites operated by the Data controller.
Personal data or data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Data processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Data controller: the processing is carried out by employees directly involved in the provision of AppVision Kft. in the context of their activities according to the purpose of the processing.
Contact details of AppVision Kft, as the Data controller:
Data controller name: AppVision Kft.
Address of the Data controller: 1087 Budapest, Könyves Kálmán Krt. 48-52. I.em. D/107.
Personal data or data: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Data Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data controller;
Third-party means a natural or legal person, public authority, agency or body other than the Data subject, Data controller, Data processor and persons who, under the direct authority of the Data controller or Data processor, are authorized to process personal data;
User: The natural person who registers on the websites and, in this context, provides the information listed in section 4 below.
Consent of the data subject: any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
Personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Principles of data processing
The Data controller shall act in accordance with the following principles when processing personal data:
Personal data shall be:
processed lawfully, fairly and in a transparent manner in relation to the data subject (“lawfulness, fairness and transparency”);
collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimization”);
accurate and, where necessary, kept up to date; The Data controller shall take all reasonable steps to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (“accuracy”);
kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for statistical purposes (“limited storage”);
processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (“integrity and confidentiality”).
Legal ground and purposes of processing, scope of data processed
The legal ground for processing is the voluntary consent of you as a User. The User is entitled to withdraw its consent to the processing at any time and is entitled to request information about the processing, rectification or erasure of data (so the termination of processing) via e-mail to firstname.lastname@example.org.
The personal data provided by the Users during registering, submitting a contact form or subscribing to a newsletter on the Data controller's websites, shall be handled for up to 3 months from the User’s withdrawal of its consent to the processing.
The Data controller handles the following data, indicating the purpose of the processing in brackets:
E-mail address (identification, contact);
Telephone number (contact);
Date of registration (technical information operations)
IP Address (technical information operations)
The Data controller does not verify the personal data provided to him. Only the person who provided them is responsible for the adequacy of the data. When a data subject enters an email address, the Data subject is solely responsible for taking advantage of the provided email address.
By subscribing to our websites, you expressly consent to and agree that the Data controller may address the relevant enterprise, social or budgetary organization in newsletters with informational or commercial purposes or engage contact via the given phone number.
Notwithstanding the above, it may occur that a service provider technically connected to the operated websites, conducts processing activities on any of the websites without informing the Data controller. Such activities shall not be considered as data processing conducted by the Data controller. The Data controller will do its utmost to prevent and eliminate such processing.
Right to Information
The Data subject shall have the right to request information about personal data processed by the Data controller. Upon the request of the Data subject, the Data controller shall provide information about the purposes of the processing, the recipients to whom the personal data have been or will be disclosed and where possible the envisaged period for which the personal data will be stored.
The Data controller shall provide the requested information in written form within 30 days from the date of submission of the request.
Data subject may raise its questions and comments towards the Data controller via the contact information provided in the 2. sections of this policy.
Rectification and erasure
The Data subject shall have the right to obtain from the Data controller without undue delay the rectification of inaccurate personal data or the erasure of personal data concerning him or her via the contact information provided in the 2. sections of this policy.
The Data controller shall correct or delete the information within 5 working days from receiving the request, where data will not be recoverable in the latter case. The deletion does not apply to data processing required under the law (e.g. accounting regulations) and is retained by the Data controller for the necessary period.
If the Data controller does not comply with the request for rectification or erasure, it will communicate the factual and legal grounds for rejecting the request for rectification or erasure in writing within 30 days from receiving the request.
Restriction of processing
The Data subject shall have the right to obtain from the Data controller restriction of processing where one of the following applies:
the accuracy of the personal data is contested by the Data subject, for a period enabling the Data controller to verify the accuracy of the personal data;
the processing is unlawful, and the Data subject opposes the erasure of the personal data and requests the restriction of their use instead;
the Data controller no longer needs the personal data for the purposes of the processing, but they are required by the Data subject for the establishment, exercise or defense of legal claims
the Data subject has objected to processing pending the verification whether the legitimate grounds of the Data controller override those of the Data subject.
The Data controller shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed unless this proves impossible or involves a disproportionate effort. The Data controller shall inform the Data subject about those recipients if the Data subject requests it.
The notification may be omitted if it does not prejudice the legitimate interest of the Data subject in the purpose of the processing.
Object against data processing
The Data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her. The Data controller shall no longer process the personal data unless the Data controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the Data subject or for the establishment, exercise or defense of legal claims.
Where the Data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
The possibility of law enforcement against data processing
In case of any unlawful processing please inform the Data controller via the contact information provided in section 2, making it possible to restore the appropriate legal status within a short period of time. The Data controller will do its utmost to solve the problem outlined.
If the Data subject considers that the legal status cannot be recovered, please inform the authority on the following contact details:
National Authority for Data Protection and Freedom of Information
Postal address: 1530 Budapest, Pf.: 5.
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory, each Data subject shall have the right to an effective judicial remedy where he or she considers that his or her rights under this Regulation have been infringed as a result of the processing of his or her personal data in non-compliance with this Regulation.
Proceedings against a Data controller or a Data processor shall be brought before the courts of the Member State where the Data controller or processor has an establishment. Alternatively, such proceedings may be brought before the courts of the Member State where the Data subject has his or her habitual residence unless the Data controller or processor is a public authority of a Member State acting in the exercise of its public powers.
Security of processing
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Data controller and the Data processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
The Data Manager selects and maintains the IT tools used to process personal data in such a way that:
the processed data is accessible only to those entitled;
authenticity and authentication of the processed data is ensured;
the unchangeability of the processed data can be justified;
the data processed is protected against unauthorized access.
The Data controller shall protect the data by appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, erasure or destruction, as well as accidental destruction, injury, and the inaccessibility caused by the change of techniques used.
Cloud applications are part of the services. Cloud applications are typically international and cross-border in nature and are used for data storage purposes when the data is not stored on the Data controller’s premises, but in a data center that can be placed anywhere in the world. The main advantage of cloud applications is that it provides geographically independent, high-security, and flexibly expandable capacity for storage and processing capabilities. The Data controller selects its partners providing the cloud services with the utmost care, and will make all reasonable efforts to:
conclude a contract that includes the data security interests of the users;
continuously verify data security.
Managing a privacy incident
In the case of a personal data breach, the Data controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 5.5, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.