Data protection and management and privacy policy

1. Introduction

NA-Soft Ltd. (hereinafter: "NA-Soft") considers it important to respect and enforce the rights of its users, customers, subscribers and all other parties concerned in relation to data management. When NA-Soft handles the personal data of the data subjects, the General Data Protection Regulation of the European Union (Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and the free flow of such data, and the 95/46/ CXII of 2011 on the repeal of the EC Regulation ["GDPR"]), on the right to self-determination of information and freedom of information. Act (hereinafter: "Infotv"), as well as other legal provisions on data protection (a detailed list of them can be found in the definitions).

2. Definitions

Frequently occurring terms during data management have the following meaning:
Data file: the totality of the data managed in a register;
Data processing: performing technical, technological tasks related to data management operations, regardless of the method and tool used when performing the operations, as well as the location of the operation;
Data processor: the natural or legal person or organization without legal personality who, or which processes the data based on the contract concluded with NA-Soft;
Data controller: the person responsible for the structure and data content of the personal data registration system from a business or organizational point of view. A data controller in NA-Soft's organization - with regard to the given IT system - is a responsible manager who is responsible for a given part of NA-Soft's information assets. The data controller is the manager of the area that produces the information, or has significant influence over the management of the information;
Data carrier: a device that enables the display of data, including documents. Paper-based or magnetic data carriers, in particular: documents, magnetic discs, flash drives, CDs, DVDs, magnetic tapes, HDDs, video tapes, audio tapes;
Data management: regardless of the procedure used, any operation performed on personal data or the set of operations, so this includes in particular the collection, recording, recording, organization, storage, change, use, querying of public or non-public databases, transmission, disclosure of data , aligning or connecting, locking, deleting and destroying, as well as preventing the further use of the data, taking photographs, audio or video recordings;
Data controller: the natural or legal person or organization without legal personality who, or which determines the purpose of data management, makes and implements decisions regarding data management (including the device used), or has them implemented by the data processor commissioned by it;
Data marking: providing personal data with an identification mark for the purpose of distinguishing it. Data designation is mandatory if the data subject disputes the correctness or accuracy of the personal data;
Data destruction: complete physical destruction of the data carrier containing the data;
Data transmission: making personal data available to a uniquely defined third party;
Data erasure: rendering personal data unrecognizable in such a way that their recovery is no longer possible;
Data protection incident: an event affecting the security of personal data resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data;
Data blocking: provision of personal data with an identification mark for the purpose of limiting its further processing permanently or for a specified period of time;
Applied legislation: NA-Soft takes the following legal provisions into account during its data management:

  • GDPR
  • Directive 95/46/EC of the European Parliament and of the Council (October 24, 1995) on the protection of individuals with regard to the processing of personal data and on the free movement of such data ("Data Protection Directive")
  • Infotv
  • Act V of 2013 on the Civil Code ("Civil Code")
  • Act C of 2000 on accounting ("Accounting Act")
  • CVIII of 2001 Act on certain issues of electronic commercial services and services related to the information society ("Eker. TV")
  • XLVIII of 2008 Act on the Basic Conditions and Certain Limitations of Economic Advertising Activities ("Grt.")
  • CIV of 2010 Act on freedom of the press and the basic rules of media content ("Smtv")

Pseudonymization: the handling of personal data in a way that, without the use of additional information, it is no longer possible to establish which specific natural person the personal data refers to, provided that such additional information is stored separately from the personal data and appropriate technical and organizational measures ensure that this personal data cannot be linked to a previously identified or identifiable natural person;
Anonymization: a technical procedure that ensures that the connection between the data subject and the personal data can no longer be established;
Restriction of data management: marking of stored personal data so that NA-Soft can only manage them in a limited way in the future;
The person acting on behalf of the data controller: the natural person - employee, partner, agent of NA-Soft - who performs the data management operations or a specific group of data management operations;
Biometric data: all personal data related to the physical, physiological or behavioral characteristics of a natural person, obtained by specific technical procedures, which enable or confirm the unique identification of a natural person (for example, a facial image or a fingerprint);
Recipient: the natural or legal person, public authority, or any other body to which the personal data is communicated, regardless of whether it is a third party;
Direct marketing activity: the set of informational activities and additional services carried out by the method of direct inquiry, the purpose of which is to recommend products or services to the person concerned, to forward advertisements in order to promote business;
Health data: personal data relating to the physical or mental health of a natural person, including data relating to the health services provided to the natural person, which carries information about the natural person's health condition;
Electronic direct mail (EDM): electronic message aimed at promoting the sale of products, services and content available on websites owned by NA-Soft;
Subscriber: the interested party who buys and/or uses, views, and learns about the contents of the products, services, and content available on the website owned by NA-Soft through the website owned by NA-Soft or by placing an order at an event organized by NA-Soft. ;
Data subject: any specific natural person identified on the basis of personal data or - directly or indirectly - identifiable;
User: a data subject who uses or views NA-Soft's service or the content it produces free of charge after registering on a website owned by NA-Soft;
Supervisory authority: an authority designated to monitor compliance with data protection regulations in the relevant member state legislation based on the authorization of the GDPR;
Genetic data: all personal data relating to the inherited or acquired genetic characteristics of a natural person, which carries unique information about the physiology or state of health of that person, and which primarily results from the analysis of a biological sample taken from said natural person;
Third country: states outside the member states of the European Union and the member states of the European Economic Area (EEA) (Iceland, Norway and Liechtenstein);
Third party: a natural or legal person, or an organization without legal personality, who or which is not the same as the data subject, data controller or data processor;
Newsletter: professional information delivered to recipients electronically (e.g. by e-mail) in connection with the content available through the website owned by NA-Soft, or as part of the service provided through the website owned by NA-Soft;
Consent: the voluntary and firm declaration of the data subject's will to process his/her personal data, which is based on appropriate, prior information, and with which he/she gives his/her unequivocal consent to the processing of his/her personal data - in full or covering certain operations;
Document: written or electronic text, figures, sketches, graphs and figures. In the absence of a different provision, the rules applicable to the document must also be applied to audio recording and image recording;
Shared e-mail address: info@nasoft.hu, nasoft@nasoft.hu
Special data: personal data referring to racial or ethnic origin, political opinion, religious or worldview beliefs or trade union membership, as well as genetic and biometric data aimed at the unique identification of natural persons, health data and personal data relating to the sex life or sexual orientation of natural persons data;
Customer: a data subject who purchases and/or uses NA-Soft's product and/or service on a website owned by NA-Soft or by placing an order at an event organized by NA-Soft;
Disclosure: making personal data available to anyone;
Profiling: the automated processing of personal data, during which personal data is used to evaluate certain personal characteristics of a natural person (e.g. work performance, economic/financial situation, health, personal preferences, interests, reliability, behavior), place of residence or used to analyze or predict motion-related characteristics;
Marking of personal data: providing personal data with an identification mark for the purpose of distinguishing it;
Personal data: data that can be associated with the data subject - in particular the data subject's name, any identification mark, be it an identifier created by the authority or the data controller, as well as one or more physical, physiological, mental, economic, cultural or social characteristics of the data subject - or the conclusion about the data subject that can be drawn from the data;
Personal data registration system (registry system): any structured, functionally or geographically centralized, decentralized or dispersed file of personal data that is accessible based on specific criteria;
Natural person: a living person who may be entitled to personal rights, such as the right to the protection of personal data;
Prohibited (Robinson) list: registration of name and address data of those concerned who did not consent to the processing of their data for direct marketing purposes, or prohibited the further processing of their data for this purpose;
Objection: the statement of the data subject in any form (for example, verbally, in writing, or by e-mail), with which he objects to the processing of his personal data by NA-Soft and requests the termination of data processing or the deletion of processed data;
Partner: an entrepreneur or agent with a contractual relationship with NA-Soft.

3. Data controller

Name: "NA-Soft Kft."
Headquarters: 5700 Gyula, Székely Aladár utca 15
Tax number: 13970178-2-13
Email address: info@nasoft.hu
Telephone number: +36 20 514-5755

4. Basic principles of data management

  1. During data processing, personal data will retain its quality as long as it can be linked to the data subject. Personal data can be connected to the data subject if NA-Soft actually has the technical conditions necessary to restore the connection.
  2. NA-Soft handles personal data exclusively in compliance with the regulations defined by the legislation of the European Union and Hungary (principle of legality).
  3. NA-Soft places particular emphasis on ensuring that the data management it carries out is understandable, transparent (principle of transparency) and fair (non-deceptive) for both the data subjects and NA-Soft. NA-Soft ensures the implementation of the requirement of transparency by means of prior information to the parties concerned, and up-to-date records of data management within its organization.
  4. "NA-Soft only processes the personal data of the data subject for the purposes specified in the chapter" (principle of purpose limitation).
  5. NA-Soft only manages personal data that is absolutely necessary for the realization of the purpose of data management and suitable for achieving the purpose (principle of data saving).
  6. NA-Soft processes personal data only to the extent and for the period of time absolutely necessary for the realization of the purpose of data management (principle of limited storage).
  7. In the course of data management, NA-Soft ensures the accuracy, completeness and – if necessary in view of the purpose of the data management – up-to-dateness of the managed data by means of corrections carried out by it after detecting a data entry error, or initiated by the data subject, as well as that the data subject is only used for the purpose of the data management. can be identified for the necessary time (accuracy principle).
  8. During data management, NA-Soft ensures that the personal data it manages is kept confidential and access by unauthorized persons is prevented (principle of confidentiality).
  9. NA-Soft does not handle personal data about website visitors who are not users, customers, or subscribers.