Squery Solutions Privacy Policy
Thank you for visiting the websites of Squery
Solutions (hereinafter “Squery” or “We”).1 We
take the protection of your personal data during processing in accordance with
the statutory data protection regulations very seriously.
The following Policy provides you (hereinafter also
called “Customer”, “Data Subject” or “User”) with
an overview of how We ensure this protection, what type of data are collected
and for what purpose.
I. Name and Address of the Controllers
The following entities are controllers within the meaning of the EU General
Data Protection Regulation (hereinafter “GDPR”) and other national
data protection laws.
Principal controller
Squery Solutions Számítástechnikai Korlátolt
Felelősségű Társaság
1091 Budapest, Üllői út 169-179. E. lház. 10. em. 42. ajtó
Phone: +36 30 496 2489
E-Mail: [email protected]
Internet: squery.hu
II. Contact Information for the Data Protection
Officer
Bleszity Máté
CEO
1091 Budapest, Üllői út 169-179. E. lház. 10. em. 42. ajtó
Phone: +36 30 4712964
You can reach our data protection officer at [email protected]
.
III. Terms and Definitions
The terms and definitions are based on the GDPR, the Hungarian
Data Protection Law) and other provisions of data protection law. In
particular, the definitions of Articles 4 and 9 GDPR apply.
IV. General Principles and Rights of Data Subjects
1. Scope of processing of personal data
We generally process your personal data only to the
following extent, where this is required for the provision of our web and
online services, including functional websites:
- Users of our websites, Customers, interested
parties, applicants, participants in (online) events
- Conferences, symposia, download of
publications, newsletter, contact requests, study participation,
assessments
- Memberships, other events, online orders
2. Legal bases
Where personal data are processed on the basis of the
data subject’s consent, point (a) of Article 6(1) GDPR is the legal basis for
processing.
Processing of personal data for the performance of a
contract where the data subject is a party is based on point (b) of Article
6(1) GDPR; this also applies to any processing required for the performance of
pre-contractual measures.
If personal data are processed for compliance with a
legal obligation to which We are subject, the legal basis to do so is point (c)
of Article 6(1) GDPR.
In the event that vital interests of the data subject
or another natural person require the processing of personal data, the legal
basis is point (d) of Article 6(1) GDPR.
If processing is necessary to protect our legitimate
interests or those of a third party, except where such interests are overridden
by the interests or fundamental rights and freedoms of the data subject, the
basis for processing is point (f) of Article 6(1) GDPR.
3. Possible recipients of personal data
In some instances, in order to provide our web and
online offerings as well as for the general provision of our services, We may
use IT service providers, IT developers, external consultants, or cloud or
archiving service providers, who may act on our behalf and according to
instructions in the context of the provision of services (so-called
processors). These service providers may receive personal data or come into
contact with personal data in the course of providing their services and
constitute third parties or recipients as defined in the GDPR.
In such a case, We ensure that our service providers
provide sufficient security measures, that appropriate technical and
organizational measures are implemented and that processing is carried out in a
manner that meets the relevant data protection requirements and ensures the
protection of the rights of data subjects (cf. Article 28 GDPR).
We furthermore process your personal data within
various Squery departments involved in the execution of the respective business
processes; where permitted, We also process data for advertising purposes
outside the execution of the business. In addition, We may be obligated by
statutory requirements to make our collected data available to public
authorities (e.g., tax authorities, state offices of criminal investigation,
social security authorities). To the extent permitted by law, We process
personal data with cooperation partners, sponsors and business conference
participants.
4. Processing of personal data in third countries
Your personal data generally will be processed within
the European Union (hereinafter “EU”) or the European Economic Area
(hereinafter “EEA”). Information may be transferred to third
countries only in exceptional cases (e.g., where service providers are engaged
to provide web analytics services or personal data are disclosed within Squery).
Third countries are countries outside the EU and/or EEA where an adequate level
of data protection in line with European requirements cannot be readily
assumed.
If the transferred information also includes personal
data and is not transmitted in pseudonymized or anonymized form, We ensure
prior to such transfer that an appropriate level of data protection is
guaranteed in the respective third country or by the respective recipient in
the third country. This may follow from an “adequacy decision” of the
European Commission or may be ensured by using the so-called “EU standard
contractual clauses”.
5. Data erasure and storage period
Personal data of the data subjects will be erased once
the data are no longer required for the respective processing purposes or if
the legal basis for the storage ceases to apply. Instead of erasing them, the
data may be stored with processing restrictions if this is required by European
or EU Member State law in Union regulations, laws or other provisions.
At the very latest, the data will be erased once a
storage period prescribed by the aforementioned provisions expires, unless
further storage by us is necessary and a legal basis to do so exists.
6. Categories of data
As regards the type of personal data concerned, We
mainly distinguish between the following categories:
a) Master data: Master data are data that you
provide to us about your company and / or about you personally. They include,
in particular, company name, first name, last name, e-mail address and
telephone number.
b) Event and marketing data: These are data that
We receive from you in the context of, for example, webinars, (online) events,
trade fair events, studies, conferences, or specialist events. They include,
among other things, meta and log files, IP addresses and session IDs.
c) Meta and log files: Meta and log files
include, for example, IP addresses, session IDs, browser types, information on
operating system and time of request.
7. Rights of data subjects
The GDPR grants certain rights to persons affected by
the processing of personal data (so-called data subject rights, in particular
Articles 12 to 22 GDPR). If you would like to exercise one or several of these
rights listed below, you may contact us at any time. In particular, as a data
subject, you have the following rights:
a) Right of access pursuant to Article 15 GDPR
You have the right to obtain from the controller
information as to whether and to what extent personal data concerning you were
or are being processed by us.
b) Right to rectification pursuant to Article 16 GDPR
You have the right to demand from the controller the
rectification and/or completion of inaccurate or incomplete personal data
concerning you. The controller is obligated to make such rectification without
undue delay.
c) Right to erasure pursuant to Article 17 GDPR
You have the right to request from the controller the
erasure of personal data concerning you without undue delay and the controller
is obligated to erase such data without undue delay except if one of the
exceptions provided for in the GDPR applies or other statutory retention
obligations require the controller to keep the data in question.
d) Right to restriction of processing pursuant to
Article 18 GDPR
Under the conditions set forth in the GDPR, you may
demand the restriction of processing of the personal data pertaining to you.
e) Right to data portability pursuant to Article 20
GDPR
You have the right to receive personal data concerning
you that you have provided to the controller and the processing of which is
based on your consent or on an agreement with you (including e.g. the requested
agreement preparation, point (b) alternative 2 of Article 6(1) GDPR), in a
structured, commonly used and machine-readable format. Under the conditions
governed by the GDPR, you also have the right to transmit those data to another
controller without hindrance from the controller to which the personal data was
provided. In exercising this right, you furthermore have the right to have the
personal data concerning you transmitted directly from one controller to
another, where technically feasible. This right must not adversely affect the
rights and freedoms of others.
f) Right to object pursuant to Article 21 GDPR
You have the right to object, on grounds relating to
your particular situation, at any time to processing of personal data
concerning you which is based on points (e) or (f) of Article 6(1) GDPR,
including profiling based on those provisions. Where personal data concerning
you are processed for direct marketing purposes, you have the right to object
at any time to processing of the personal data concerning you for such
marketing, which includes profiling to the extent that it is related to such
direct marketing. In the event of an objection, the personal data concerning
you will no longer be processed for such purposes.
g) Right to withdraw consent pursuant to Article 7(3)
GDPR
You have the right to withdraw your declaration of
consent under data processing law at any time. The withdrawal of consent shall
not affect the lawfulness of processing based on consent before its withdrawal.
This also applies to the withdrawal of consent granted
to us before the GDPR came into force, i.e. before 25 May 2018. You may
withdraw your consent at any time.
h) Right to lodge a complaint pursuant to Article 77
GDPR
In the event of allegedly or actually committed
violations of data protection regulations, you have the right to lodge a
complaint with a data protection supervisory authority, in particular in the
Member State of your habitual residence, your place of work or in which the
alleged violation took place. The right to lodge a complaint exists without
prejudice to other administrative or judicial remedies.
Our competent data protection supervisory authority
for the principal controller (see section I.) is:
Hungarian National Authority for Data Protection and
Freedom of Information
Street address: 1055 Budapest, Falk Miksa utca 9-11.
Mailing address: 1374 Budapest, Pf. 603.
However, you may also lodge your complaint with any
other supervisory authority. The contact details of other data protection
supervisory authorities are available at the following link:
https://www.naih.hu/ugyfelszolgalat-kapcsolat
8. No obligation to provide personal data
The conclusion of contracts or performance of our
online offerings with us does not depend on you first providing us with
personal data. You, as a Customer, interested party, website visitor, applicant
or other participant, furthermore generally are under no statutory or
contractual obligation to provide us with your personal data; however, We may
be able to provide certain services only with limitations or not at all if you
do not provide the data required for such purpose.
V. Data Collection through Informational Use of our
Websites
1. Description and scope of data processing
Each time you access our website, our systems
automatically collect data and information from the accessing computer’s
system. The following log files are processed:
- browser type and version
- operating system used
- referrer URL
- accessing computer’s host name
- date and time of the server request
- IP addresses for backend log, IP ban, and
domain factory log
For information on the processing of other meta and
log files through the use of, for example, Google Analytics, YouTube, Google
Maps or our social media channels etc. please refer to section IX onward.
These data are not aggregated with other data sources.
2. Purpose and legal basis of processing
IP address and, if applicable, other log files must be
temporarily stored by the systems each time our websites are visited to allow
for the provision of the websites to your computer. This is necessary to
address the communication traffic between the User and our web and/or online
offering or is required to use our web and/or online offering. The legal basis
for this data processing – i.e., for the duration of your visit to the website
– is point (b) of Article 6(1) GDPR.
Processing and storage of the address and log files
beyond the communication process is carried out for the purpose of ensuring the
functionality of our web and online offerings, for the purpose of optimizing
these offerings, and also to ensure the security of our information technology
systems. The legal basis for storing the IP address for these purposes beyond
the communication process is point (f) of Article 6(1) GDPR.
3. Storage period
The data will be stored for as long as this is
required to realize the aforementioned purposes of processing. This is the case
when collecting data for the provision of the websites, if the respective
session – i.e., the website visit – has ended. Log files, including the IP
address, are stored longer for the purposes of system security and optimization
of our web and online offerings for a maximum period of seven days from the end
of the User’s access to the site.
4. Option to reject
The collection of log files for the provision of our
websites, including their storage within the aforementioned limits, is
absolutely necessary for the operation of the websites and the individual
functions stored there. Accordingly, website Users do not have the option to
reject. The situation is different when it comes to the processing of log files
for analytical purposes. The option to reject here – depending on the
respective web analytics tools used and the type of data analysis (personal /
anonymous / pseudonymous) – is subject to section IV. 7. f) of this Privacy
Policy.
VI. E-mail Contact and Contact Form
1. Description and scope of data processing
You may contact us by either using the e-mail
addresses provided on our websites or our contact forms. If you make use of
these options, personal data will be processed and stored by us for the purpose
of answering the inquiry. In this context, We process in particular first name,
last name and e-mail address. We do not disclose these data without your
consent.
2. Purpose and legal basis of processing
The processing of these data is based on point (b) of
Article 6(1) GDPR and / or on our legitimate interests pursuant to point (f) of
Article 6(1) GDPR. The processing of data transmitted in the course of an
inquiry is based on point (a) of Article 6(1) GDPR.
3. Storage period
The data are generally erased once they are no longer
required to achieve the purpose for which they were collected.
Data are regularly erased where they are no longer
required to perform contractual or statutory obligations, including retention
obligations under commercial and tax law, as well as for the pursuit of
legitimate interests, i.e., to preserve evidence within the framework of the
statutory provisions on limitation.
VII. Registrations, Downloading Studies, Registering
for (Online) Events
1. Description and scope of data processing
In some instances, user registration is required to
use some of the services on our websites (e.g., downloading studies or white
papers, as well as registering for (online) events). In so doing, among other
things, We process the following data:
- salutation, last name and first name
- company name, address or P.O. Box
- e-mail address
2. Purpose and legal basis of processing
The processing of these data is based on your consent
pursuant to point (a) of Article 6(1), point (b) of Article 6(1) GDPR and / or
point (f) of Article 6(1) GDPR. You may withdraw your consent at any time.
3. Storage period
If you register on our websites for a service
requiring registration, after the consent procedure has been completed,
personal data will be stored in our Customer Relationship Management System
(CRM). Your personal data will be stored by us until you withdraw your consent
or until We update our master data in the CRM.
VIII. Data Processing for the Purpose of Newsletters,
Advertising, Marketing and Press Work
In addition to the purely informational use of our
website, personal data may be processed for the purpose of advertising and/or
marketing measures (e.g., newsletters), to conduct customer satisfaction
surveys, or for the purposes of press work and public relations (hereinafter
collectively called “marketing”).
1. Newsletter
Our website provides the option of subscribing to a
newsletter. Subscription to our newsletter is free of charge and voluntary. If
you would like to take advantage of the newsletter offered by us, the following
“newsletter data” will be processed by us:
- a valid e-mail address
- date and time of registration and
confirmation
- the IP address used (collectively:
“registration confirmation details”)
- anonymized performance data such as click
and open rates
To verify whether you are the owner of the specified
e-mail address or whether its owner agrees to receive the newsletter, after the
first registration step, We will send an automated e-mail to the specified
e-mail address (so-called double opt-in). We will include the specified e-mail
address in our distribution list only once the newsletter registration has been
confirmed via a link in the confirmation e-mail. We do not collect any further
data other than the e-mail address and information to confirm the registration.
Unless you confirm your registration within 48 hours,
your information will be blocked and automatically erased after one week. In
addition, We will store your IP addresses used as well as the times of registration
and confirmation.
Your data will be processed exclusively for the
purpose of sending you the requested newsletter. The legal basis for this
processing is point (a) of Article 6(1) GDPR.
The data will be erased once they are no longer
required to achieve the purpose for which they were collected. This means that
your e-mail address as well as other “newsletter data” will be stored
for as long as your newsletter subscription is active. Your consent and
newsletter order as well as your withdrawal of consent or unsubscription will
be stored for evidence purposes for a period of two years after the withdrawal
of consent becomes effective. Moreover, We store personal data only to assert
or defend against legal claims or for as long as statutory obligations to store
them apply.
You may at any time withdraw your consent to receive
the newsletter and unsubscribe. You may withdraw your consent by clicking on
the link provided in every newsletter e-mail, ont he website, by e-mail
to [email protected] or by sending a message to the contact details given in
the imprint.
2. Use of personal data for advertising and marketing
purposes / customer surveys
The use of your personal data for advertising and / or
marketing messages as well as to conduct customer satisfaction surveys is
subject to you having given your consent or there being another legal basis
permitting us to contact you for marketing and/or direct marketing purposes
even without having obtained your consent. Where legally permitted, We also
reserve the right to contact clients for marketing purposes on the basis of
publicly accessible data and/or third-party address data extracted by such
third parties from publicly accessible sources (e.g., data from directory
media, the Internet, company homepages, public registers, etc.). Details on the
information notices required to be provided by us, together with the
instruction on rejecting data use for marketing purposes and direct marketing can
be requested by sending us an email to: [email protected] .
The following data are processed within the scope of
data transmission for advertising and marketing messages / customer surveys:
- salutation, last name and first name
- company name, address or P.O. Box
- e-mail address and telephone number
- position
a) The legal basis for advertising and/or marketing
measures based on express consent is point (a) of Article 6(1) GDPR; the
statements regarding consent under section IV. 7. g) apply accordingly.
b) The legal basis for the use of personal data for
the purpose of direct marketing by conventional mail is point (f) of Article
6(1) GDPR (legitimate interests); the legitimate interest here is to approach
potential customers for the purpose of direct marketing of our products and
services.
c) The legal basis for advertising and/or marketing
measures by telephone call is Act XLVIII of 2008;
in the case of consumers, this requires express consent, and at least presumed
consent in the case of other market participants; regarding the requirement of
express consent see above.
d) The legal basis for advertising and/or marketing
measures via e-mail for the purpose of direct marketing of our own similar
goods or services is Act XLVIII of 2008, provided that We
(i) have received your e-mail address in connection
with the provision of a service,
(ii) you have not objected to the use of your e-mail
address for the purpose of direct marketing, and
(iii) when collecting the e-mail address and whenever
using it, We will clearly inform you that you may at any time object to such
use of your e-mail address.
Depending on the respective legal basis of the
marketing measure (consent or legitimate interests), personal data will be
stored and used for marketing purposes for an indefinite period until you have
objected or withdrawn your consent to the processing of your data for marketing
purposes.
You may withdraw your consent to the processing of
personal data at any time with effect for the future without providing reasons.
Withdrawal may be made by telephone, in writing or by e-mail (e.g., to [email protected],
or using the provided e-mail addresses of the advertising company).
You may at any time object to processing on the basis
of legitimate interests; a right to object exists in particular in the case of
profiling in accordance with Article 21 GDPR.
In case of a withdrawal and/or objection, the personal
data will no longer be processed for the respective purposes concerned; in any
case, this does not include the processing of data that are still required for
the purpose of performance of a contract (point (b) of Article 6(1) GDPR),
including statutory retention obligations, and/or if the data are still
required in the context of legitimate interests (point (f) of Article 6(1)
GDPR) (e.g., in the case of objection to marketing, the processing of data in a
so-called blacklist in order to prevent future advertising messages).
Upon request, We will provide you with further
information on how We handle data in the area of marketing and/or on the
sources of our data; please contact our data protection officer, whose contact
details can be found in section II.
3. Press work and public relations
In the area of press work and public relations, We
collect and process master data, contract execution data or third-party data
from journalists and/or press representatives for the purpose of press work and
public relations. This may include, in particular, the provision of press
information, the handling of press inquiries, addressing press representatives,
or organizing and invitations to (press) events. The legal basis for such data
processing is point (b) of Article 6(1) GDPR (performance of contract / taking
steps prior to entering into a contract), provided this is done to fulfill a
corresponding agreement and/or in the context of a specific inquiry. Moreover,
data processing is carried out in the context of legitimate interests according
to point (f) of Article 6(1) GDPR; the legitimate interest here lies in the
organization of press work and public relations for the benefit of Squery.
Moreover, data processing is carried out on the basis
of appropriate consent. Such consent may also be withdrawn by the data subject
for the future at any time and without giving reasons. Moreover, the data
subject is entitled to the rights specified in section IV. (7.).
IX. Social Media and Direct Links
We have integrated buttons of a range of social
networks on our websites. These buttons provide you with various functions
which you may use to share information on the respective third-party portal
with your contacts. Their subject matter and scope is determined by the social
network operators.
The basis of processing such data is points (a) and
(f) of Article 6(1) GDPR, to enable us to offer you the opportunity to interact
with the social networks and other Users, improve our offering and make it more
interesting for you as a User.
Please note that We are not the provider of the social
networks and have no influence on the data processing by the respective
providers. We also have no knowledge of the content of the transmitted data or
its use by the respective provider. More information on how your data are
handled is available in the respective privacy notices of the social network
providers:
a) Facebook
Our websites have integrated the social network
Facebook, Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2
Ireland and 1601 South California Avenue, Palo Alto, CA 94304, USA. You can
recognize the link to Facebook by the Facebook logo or the “Like”
button on our website. An overview of the Facebook plugins is available
here: developers.facebook.com/docs/plugins/.
If you activate the Facebook button, a direct
connection is established via the button between your browser and the Facebook
server. Facebook thereby receives the information that you have visited our
websites with your IP address. If you are logged in to Facebook, Facebook can
associate the visit with your Facebook account. The purpose and scope of the
data collection and the further processing and use of the data by Facebook, as
well as your rights in this regard and options to select settings to protect
your privacy, can be found in Facebook’s privacy policy.
More information is available in Facebook’s privacy
policy at https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0
b) LinkedIn
Our websites have integrated the function of the
social network LinkedIn. This function is offered by LinkedIn Ireland Limited,
77 Sir John Rogerson’s Quay, Dublin 2, Ireland. It also involves the
transmission of data to LinkedIn. Please note that as the provider of the
pages, We have no knowledge of the content of the transmitted data or its use
by LinkedIn. If you are logged in to LinkedIn, LinkedIn can associate your visit
with your LinkedIn account. The purpose and scope of the data collection and
the further processing and use of the data by LinkedIn, as well as your rights
in this regard and options to select settings to protect your privacy, can be
found in LinkedIn’s privacy policy. More information is available in LinkedIn’s
privacy policy at
https://www.linkedin.com/legal/privacy-policy
X. Third-party Cookies and Analytics Tools
Cookies
1. Description and scope of data processing
We use “cookies” on our websites. Cookies
are small text files that your Internet browser places and stores on your
computer and which transmit certain information to the body placing the cookie.
The purpose of cookies is to optimize our website and our offerings.
They mostly are “session cookies”, which are
deleted again when you leave the site. However, some cookies generate information
in order to recognize you automatically. While this recognition is based on the
IP address stored in the cookies, they cannot directly identify a user.
We also use web analysis tools (“performance
cookies”) to analyze the online platform. In so doing, with the help of
cookies, We are able to process usage data of the online platform and thus
obtain insights about the use of our online platform (e.g., number of visits,
number of users).
Advertising cookies or targeting cookies are used to
offer website users demand-driven advertising on the website or third-party
offers and to gauge the effectiveness of such offerings. Sharing cookies are
used to improve our website’s interactivity with other services (e.g., social
networks).
Any use of cookies that is not strictly technically
necessary constitutes data processing that is only permitted with your explicit
and active consent pursuant to point (a) of Article 6(1) GDPR. This
applies, in particular, to the use of advertising, targeting, or sharing cookies.
In addition, We disclose your personal data that have been processed via
cookies to third parties only if you have given your explicit consent to do so
in accordance with point (a) of Article 6(1) GDPR.
You may refuse the use of cookies by selecting the
appropriate settings on your browser, however, please note that if you do so,
you may not be able to use the full functionality of our websites.
Our websites use transient (e.g., “session
cookies”), persistent, and third-party cookies; below, We will explain
their storage periods.
2. Storage period
Transient cookies are automatically deleted when you
close the browser. These include, in particular, the session cookies. They
store a so-called session ID, which can be used to associate various requests
from your browser to the joint session. In this way, your computer can be
recognized when you return to our websites. The session cookies are
deleted when you log out or close the browser. Persistent cookies are
automatically deleted after a predefined period of time, which may differ
depending on the cookie. You can delete the cookies at any time in your
browser’s security settings.
A summary and additional information on the cookies
used by us, together with details on the provider, the purpose of data
processing, technology used, data collected, legal basis, processing location,
retention period, data recipient, data protection officer and transfer to third
countries is available in our cookie settings.
Third-party analytics tools
Our websites use third-party analytics tools such as
Google Analytics with anonymization function. Analytics tools commonly use
cookies to be able to create evaluations.
Analytics cookies are used for the purpose of
improving the quality of our websites and their content. We use analytics
cookies to learn how the websites are used. This enables us to constantly
optimize our offering. Analytics cookies are used only where the User has
granted the relevant consent; the legal basis for processing personal data
using analytics cookies thus is point (a) of Article 6(1) GDPR. You may
independently withdraw your consent at any time by rejecting or deleting our
cookies.
XI. Further Information
Your trust is important to us. We therefore aim to be
available at any time to answer your questions regarding the processing of your
personal data. If you have any questions that have not been answered by this
Privacy Policy or if you would like to learn more on any issue, please contact
us at any time by e-mail at: [email protected]
We reserve the right
to amend this Privacy Policy at non-regular intervals as data protection law
develops and as technological or organizational changes require, and We will
inform you about any major changes affecting the use of your personal data.
This Privacy Notice is current as of October 2022.