GDPR - EN - Squery

Squery Solutions Privacy Policy

Thank you for visiting the websites of Squery Solutions (hereinafter “Squery” or “We”).¹ We take the protection of your personal data during processing in accordance with the statutory data protection regulations very seriously.

The following Policy provides you (hereinafter also called “Customer”, “Data Subject” or “User”) with an overview of how We ensure this protection, what type of data are collected and for what purpose.

I. Name and Address of the Controllers

The following entities are controllers within the meaning of the EU General Data Protection Regulation (hereinafter “GDPR”) and other national data protection laws.

Principal controller

Squery Solutions Számítástechnikai Korlátolt Felelősségű Társaság
1091 Budapest, Üllői út 169-179. E. lház. 10. em. 42. ajtó
Phone: +36 30 496 2489
E-Mail: [email protected]
Internet: squery.hu

II. Contact Information for the Data Protection Officer

Bleszity Máté
CEO
1091 Budapest, Üllői út 169-179. E. lház. 10. em. 42. ajtó
Phone: +36 30 4712964

You can reach our data protection officer at [email protected] .

III. Terms and Definitions

The terms and definitions are based on the GDPR, the Hungarian Data Protection Law) and other provisions of data protection law. In particular, the definitions of Articles 4 and 9 GDPR apply.

IV. General Principles and Rights of Data Subjects

1. Scope of processing of personal data

We generally process your personal data only to the following extent, where this is required for the provision of our web and online services, including functional websites:

Users of our websites, Customers, interested parties, applicants, participants in (online) events
Conferences, symposia, download of publications, newsletter, contact requests, study participation, assessments
Memberships, other events, online orders

2. Legal bases

Where personal data are processed on the basis of the data subject’s consent, point (a) of Article 6(1) GDPR is the legal basis for processing.

Processing of personal data for the performance of a contract where the data subject is a party is based on point (b) of Article 6(1) GDPR; this also applies to any processing required for the performance of pre-contractual measures.

If personal data are processed for compliance with a legal obligation to which We are subject, the legal basis to do so is point (c) of Article 6(1) GDPR.

In the event that vital interests of the data subject or another natural person require the processing of personal data, the legal basis is point (d) of Article 6(1) GDPR.

If processing is necessary to protect our legitimate interests or those of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, the basis for processing is point (f) of Article 6(1) GDPR.

3. Possible recipients of personal data

In some instances, in order to provide our web and online offerings as well as for the general provision of our services, We may use IT service providers, IT developers, external consultants, or cloud or archiving service providers, who may act on our behalf and according to instructions in the context of the provision of services (so-called processors). These service providers may receive personal data or come into contact with personal data in the course of providing their services and constitute third parties or recipients as defined in the GDPR.

In such a case, We ensure that our service providers provide sufficient security measures, that appropriate technical and organizational measures are implemented and that processing is carried out in a manner that meets the relevant data protection requirements and ensures the protection of the rights of data subjects (cf. Article 28 GDPR).

We furthermore process your personal data within various Squery departments involved in the execution of the respective business processes; where permitted, We also process data for advertising purposes outside the execution of the business. In addition, We may be obligated by statutory requirements to make our collected data available to public authorities (e.g., tax authorities, state offices of criminal investigation, social security authorities). To the extent permitted by law, We process personal data with cooperation partners, sponsors and business conference participants.

4. Processing of personal data in third countries

Your personal data generally will be processed within the European Union (hereinafter “EU”) or the European Economic Area (hereinafter “EEA”). Information may be transferred to third countries only in exceptional cases (e.g., where service providers are engaged to provide web analytics services or personal data are disclosed within Squery). Third countries are countries outside the EU and/or EEA where an adequate level of data protection in line with European requirements cannot be readily assumed.

If the transferred information also includes personal data and is not transmitted in pseudonymized or anonymized form, We ensure prior to such transfer that an appropriate level of data protection is guaranteed in the respective third country or by the respective recipient in the third country. This may follow from an “adequacy decision” of the European Commission or may be ensured by using the so-called “EU standard contractual clauses”.

5. Data erasure and storage period

Personal data of the data subjects will be erased once the data are no longer required for the respective processing purposes or if the legal basis for the storage ceases to apply. Instead of erasing them, the data may be stored with processing restrictions if this is required by European or EU Member State law in Union regulations, laws or other provisions.

At the very latest, the data will be erased once a storage period prescribed by the aforementioned provisions expires, unless further storage by us is necessary and a legal basis to do so exists.

6. Categories of data

As regards the type of personal data concerned, We mainly distinguish between the following categories:

a) Master data: Master data are data that you provide to us about your company and / or about you personally. They include, in particular, company name, first name, last name, e-mail address and telephone number.

b) Event and marketing data: These are data that We receive from you in the context of, for example, webinars, (online) events, trade fair events, studies, conferences, or specialist events. They include, among other things, meta and log files, IP addresses and session IDs.

c) Meta and log files: Meta and log files include, for example, IP addresses, session IDs, browser types, information on operating system and time of request.

7. Rights of data subjects

The GDPR grants certain rights to persons affected by the processing of personal data (so-called data subject rights, in particular Articles 12 to 22 GDPR). If you would like to exercise one or several of these rights listed below, you may contact us at any time. In particular, as a data subject, you have the following rights:

a) Right of access pursuant to Article 15 GDPR

You have the right to obtain from the controller information as to whether and to what extent personal data concerning you were or are being processed by us.

b) Right to rectification pursuant to Article 16 GDPR

You have the right to demand from the controller the rectification and/or completion of inaccurate or incomplete personal data concerning you. The controller is obligated to make such rectification without undue delay.

c) Right to erasure pursuant to Article 17 GDPR

You have the right to request from the controller the erasure of personal data concerning you without undue delay and the controller is obligated to erase such data without undue delay except if one of the exceptions provided for in the GDPR applies or other statutory retention obligations require the controller to keep the data in question.

d) Right to restriction of processing pursuant to Article 18 GDPR

Under the conditions set forth in the GDPR, you may demand the restriction of processing of the personal data pertaining to you.

e) Right to data portability pursuant to Article 20 GDPR

You have the right to receive personal data concerning you that you have provided to the controller and the processing of which is based on your consent or on an agreement with you (including e.g. the requested agreement preparation, point (b) alternative 2 of Article 6(1) GDPR), in a structured, commonly used and machine-readable format. Under the conditions governed by the GDPR, you also have the right to transmit those data to another controller without hindrance from the controller to which the personal data was provided. In exercising this right, you furthermore have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This right must not adversely affect the rights and freedoms of others.

f) Right to object pursuant to Article 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on points (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of the personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. In the event of an objection, the personal data concerning you will no longer be processed for such purposes.

g) Right to withdraw consent pursuant to Article 7(3) GDPR

You have the right to withdraw your declaration of consent under data processing law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

This also applies to the withdrawal of consent granted to us before the GDPR came into force, i.e. before 25 May 2018. You may withdraw your consent at any time.

h) Right to lodge a complaint pursuant to Article 77 GDPR

In the event of allegedly or actually committed violations of data protection regulations, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, your place of work or in which the alleged violation took place. The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.

Our competent data protection supervisory authority for the principal controller (see section I.) is:

Hungarian National Authority for Data Protection and Freedom of Information
Street address: 1055 Budapest, Falk Miksa utca 9-11.
Mailing address: 1374 Budapest, Pf. 603.

However, you may also lodge your complaint with any other supervisory authority. The contact details of other data protection supervisory authorities are available at the following link:

https://www.naih.hu/ugyfelszolgalat-kapcsolat

8. No obligation to provide personal data

The conclusion of contracts or performance of our online offerings with us does not depend on you first providing us with personal data. You, as a Customer, interested party, website visitor, applicant or other participant, furthermore generally are under no statutory or contractual obligation to provide us with your personal data; however, We may be able to provide certain services only with limitations or not at all if you do not provide the data required for such purpose.

V. Data Collection through Informational Use of our Websites

1. Description and scope of data processing

Each time you access our website, our systems automatically collect data and information from the accessing computer’s system. The following log files are processed:

browser type and version
operating system used
referrer URL
accessing computer’s host name
date and time of the server request
IP addresses for backend log, IP ban, and domain factory log

For information on the processing of other meta and log files through the use of, for example, Google Analytics, YouTube, Google Maps or our social media channels etc. please refer to section IX onward.

These data are not aggregated with other data sources.

2. Purpose and legal basis of processing

IP address and, if applicable, other log files must be temporarily stored by the systems each time our websites are visited to allow for the provision of the websites to your computer. This is necessary to address the communication traffic between the User and our web and/or online offering or is required to use our web and/or online offering. The legal basis for this data processing – i.e., for the duration of your visit to the website – is point (b) of Article 6(1) GDPR.

Processing and storage of the address and log files beyond the communication process is carried out for the purpose of ensuring the functionality of our web and online offerings, for the purpose of optimizing these offerings, and also to ensure the security of our information technology systems. The legal basis for storing the IP address for these purposes beyond the communication process is point (f) of Article 6(1) GDPR.

3. Storage period

The data will be stored for as long as this is required to realize the aforementioned purposes of processing. This is the case when collecting data for the provision of the websites, if the respective session – i.e., the website visit – has ended. Log files, including the IP address, are stored longer for the purposes of system security and optimization of our web and online offerings for a maximum period of seven days from the end of the User’s access to the site.

4. Option to reject

The collection of log files for the provision of our websites, including their storage within the aforementioned limits, is absolutely necessary for the operation of the websites and the individual functions stored there. Accordingly, website Users do not have the option to reject. The situation is different when it comes to the processing of log files for analytical purposes. The option to reject here – depending on the respective web analytics tools used and the type of data analysis (personal / anonymous / pseudonymous) – is subject to section IV. 7. f) of this Privacy Policy.

VI. E-mail Contact and Contact Form

1. Description and scope of data processing

You may contact us by either using the e-mail addresses provided on our websites or our contact forms. If you make use of these options, personal data will be processed and stored by us for the purpose of answering the inquiry. In this context, We process in particular first name, last name and e-mail address. We do not disclose these data without your consent.

2. Purpose and legal basis of processing

The processing of these data is based on point (b) of Article 6(1) GDPR and / or on our legitimate interests pursuant to point (f) of Article 6(1) GDPR. The processing of data transmitted in the course of an inquiry is based on point (a) of Article 6(1) GDPR.

3. Storage period

The data are generally erased once they are no longer required to achieve the purpose for which they were collected.

Data are regularly erased where they are no longer required to perform contractual or statutory obligations, including retention obligations under commercial and tax law, as well as for the pursuit of legitimate interests, i.e., to preserve evidence within the framework of the statutory provisions on limitation.

VII. Registrations, Downloading Studies, Registering for (Online) Events

1. Description and scope of data processing

In some instances, user registration is required to use some of the services on our websites (e.g., downloading studies or white papers, as well as registering for (online) events). In so doing, among other things, We process the following data:

salutation, last name and first name
company name, address or P.O. Box
e-mail address

2. Purpose and legal basis of processing

The processing of these data is based on your consent pursuant to point (a) of Article 6(1), point (b) of Article 6(1) GDPR and / or point (f) of Article 6(1) GDPR. You may withdraw your consent at any time.

3. Storage period

If you register on our websites for a service requiring registration, after the consent procedure has been completed, personal data will be stored in our Customer Relationship Management System (CRM). Your personal data will be stored by us until you withdraw your consent or until We update our master data in the CRM.

VIII. Data Processing for the Purpose of Newsletters, Advertising, Marketing and Press Work

In addition to the purely informational use of our website, personal data may be processed for the purpose of advertising and/or marketing measures (e.g., newsletters), to conduct customer satisfaction surveys, or for the purposes of press work and public relations (hereinafter collectively called “marketing”).

1. Newsletter

Our website provides the option of subscribing to a newsletter. Subscription to our newsletter is free of charge and voluntary. If you would like to take advantage of the newsletter offered by us, the following “newsletter data” will be processed by us:

a valid e-mail address
date and time of registration and confirmation
the IP address used (collectively: “registration confirmation details”)
anonymized performance data such as click and open rates

To verify whether you are the owner of the specified e-mail address or whether its owner agrees to receive the newsletter, after the first registration step, We will send an automated e-mail to the specified e-mail address (so-called double opt-in). We will include the specified e-mail address in our distribution list only once the newsletter registration has been confirmed via a link in the confirmation e-mail. We do not collect any further data other than the e-mail address and information to confirm the registration.

Unless you confirm your registration within 48 hours, your information will be blocked and automatically erased after one week. In addition, We will store your IP addresses used as well as the times of registration and confirmation.

Your data will be processed exclusively for the purpose of sending you the requested newsletter. The legal basis for this processing is point (a) of Article 6(1) GDPR.

The data will be erased once they are no longer required to achieve the purpose for which they were collected. This means that your e-mail address as well as other “newsletter data” will be stored for as long as your newsletter subscription is active. Your consent and newsletter order as well as your withdrawal of consent or unsubscription will be stored for evidence purposes for a period of two years after the withdrawal of consent becomes effective. Moreover, We store personal data only to assert or defend against legal claims or for as long as statutory obligations to store them apply.

You may at any time withdraw your consent to receive the newsletter and unsubscribe. You may withdraw your consent by clicking on the link provided in every newsletter e-mail, ont he website, by e-mail to [email protected] or by sending a message to the contact details given in the imprint.

2. Use of personal data for advertising and marketing purposes / customer surveys

The use of your personal data for advertising and / or marketing messages as well as to conduct customer satisfaction surveys is subject to you having given your consent or there being another legal basis permitting us to contact you for marketing and/or direct marketing purposes even without having obtained your consent. Where legally permitted, We also reserve the right to contact clients for marketing purposes on the basis of publicly accessible data and/or third-party address data extracted by such third parties from publicly accessible sources (e.g., data from directory media, the Internet, company homepages, public registers, etc.). Details on the information notices required to be provided by us, together with the instruction on rejecting data use for marketing purposes and direct marketing can be requested by sending us an email to: [email protected] .

The following data are processed within the scope of data transmission for advertising and marketing messages / customer surveys:

salutation, last name and first name
company name, address or P.O. Box
e-mail address and telephone number
position

a) The legal basis for advertising and/or marketing measures based on express consent is point (a) of Article 6(1) GDPR; the statements regarding consent under section IV. 7. g) apply accordingly.

b) The legal basis for the use of personal data for the purpose of direct marketing by conventional mail is point (f) of Article 6(1) GDPR (legitimate interests); the legitimate interest here is to approach potential customers for the purpose of direct marketing of our products and services.

c) The legal basis for advertising and/or marketing measures by telephone call is Act XLVIII of 2008; in the case of consumers, this requires express consent, and at least presumed consent in the case of other market participants; regarding the requirement of express consent see above.

d) The legal basis for advertising and/or marketing measures via e-mail for the purpose of direct marketing of our own similar goods or services is Act XLVIII of 2008, provided that We

(i) have received your e-mail address in connection with the provision of a service,

(ii) you have not objected to the use of your e-mail address for the purpose of direct marketing, and

(iii) when collecting the e-mail address and whenever using it, We will clearly inform you that you may at any time object to such use of your e-mail address.

Depending on the respective legal basis of the marketing measure (consent or legitimate interests), personal data will be stored and used for marketing purposes for an indefinite period until you have objected or withdrawn your consent to the processing of your data for marketing purposes.

You may withdraw your consent to the processing of personal data at any time with effect for the future without providing reasons. Withdrawal may be made by telephone, in writing or by e-mail (e.g., to [email protected], or using the provided e-mail addresses of the advertising company).

You may at any time object to processing on the basis of legitimate interests; a right to object exists in particular in the case of profiling in accordance with Article 21 GDPR.

In case of a withdrawal and/or objection, the personal data will no longer be processed for the respective purposes concerned; in any case, this does not include the processing of data that are still required for the purpose of performance of a contract (point (b) of Article 6(1) GDPR), including statutory retention obligations, and/or if the data are still required in the context of legitimate interests (point (f) of Article 6(1) GDPR) (e.g., in the case of objection to marketing, the processing of data in a so-called blacklist in order to prevent future advertising messages).

Upon request, We will provide you with further information on how We handle data in the area of marketing and/or on the sources of our data; please contact our data protection officer, whose contact details can be found in section II.

3. Press work and public relations

In the area of press work and public relations, We collect and process master data, contract execution data or third-party data from journalists and/or press representatives for the purpose of press work and public relations. This may include, in particular, the provision of press information, the handling of press inquiries, addressing press representatives, or organizing and invitations to (press) events. The legal basis for such data processing is point (b) of Article 6(1) GDPR (performance of contract / taking steps prior to entering into a contract), provided this is done to fulfill a corresponding agreement and/or in the context of a specific inquiry. Moreover, data processing is carried out in the context of legitimate interests according to point (f) of Article 6(1) GDPR; the legitimate interest here lies in the organization of press work and public relations for the benefit of Squery.

Moreover, data processing is carried out on the basis of appropriate consent. Such consent may also be withdrawn by the data subject for the future at any time and without giving reasons. Moreover, the data subject is entitled to the rights specified in section IV. (7.).

IX. Social Media and Direct Links

We have integrated buttons of a range of social networks on our websites. These buttons provide you with various functions which you may use to share information on the respective third-party portal with your contacts. Their subject matter and scope is determined by the social network operators.

The basis of processing such data is points (a) and (f) of Article 6(1) GDPR, to enable us to offer you the opportunity to interact with the social networks and other Users, improve our offering and make it more interesting for you as a User.

Please note that We are not the provider of the social networks and have no influence on the data processing by the respective providers. We also have no knowledge of the content of the transmitted data or its use by the respective provider. More information on how your data are handled is available in the respective privacy notices of the social network providers:

a) Facebook

Our websites have integrated the social network Facebook, Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland and 1601 South California Avenue, Palo Alto, CA 94304, USA. You can recognize the link to Facebook by the Facebook logo or the “Like” button on our website. An overview of the Facebook plugins is available here: developers.facebook.com/docs/plugins/.

If you activate the Facebook button, a direct connection is established via the button between your browser and the Facebook server. Facebook thereby receives the information that you have visited our websites with your IP address. If you are logged in to Facebook, Facebook can associate the visit with your Facebook account. The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and options to select settings to protect your privacy, can be found in Facebook’s privacy policy.

More information is available in Facebook’s privacy policy at https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0

b) LinkedIn

Our websites have integrated the function of the social network LinkedIn. This function is offered by LinkedIn Ireland Limited, 77 Sir John Rogerson’s Quay, Dublin 2, Ireland. It also involves the transmission of data to LinkedIn. Please note that as the provider of the pages, We have no knowledge of the content of the transmitted data or its use by LinkedIn. If you are logged in to LinkedIn, LinkedIn can associate your visit with your LinkedIn account. The purpose and scope of the data collection and the further processing and use of the data by LinkedIn, as well as your rights in this regard and options to select settings to protect your privacy, can be found in LinkedIn’s privacy policy. More information is available in LinkedIn’s privacy policy at

https://www.linkedin.com/legal/privacy-policy

X. Third-party Cookies and Analytics Tools

1. Description and scope of data processing

We use “cookies” on our websites. Cookies are small text files that your Internet browser places and stores on your computer and which transmit certain information to the body placing the cookie. The purpose of cookies is to optimize our website and our offerings.

They mostly are “session cookies”, which are deleted again when you leave the site. However, some cookies generate information in order to recognize you automatically. While this recognition is based on the IP address stored in the cookies, they cannot directly identify a user.

We also use web analysis tools (“performance cookies”) to analyze the online platform. In so doing, with the help of cookies, We are able to process usage data of the online platform and thus obtain insights about the use of our online platform (e.g., number of visits, number of users).

Advertising cookies or targeting cookies are used to offer website users demand-driven advertising on the website or third-party offers and to gauge the effectiveness of such offerings. Sharing cookies are used to improve our website’s interactivity with other services (e.g., social networks).

Any use of cookies that is not strictly technically necessary constitutes data processing that is only permitted with your explicit and active consent pursuant to point (a) of Article 6(1) GDPR. This applies, in particular, to the use of advertising, targeting, or sharing cookies. In addition, We disclose your personal data that have been processed via cookies to third parties only if you have given your explicit consent to do so in accordance with point (a) of Article 6(1) GDPR.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do so, you may not be able to use the full functionality of our websites.

Our websites use transient (e.g., “session cookies”), persistent, and third-party cookies; below, We will explain their storage periods.

2. Storage period

Transient cookies are automatically deleted when you close the browser. These include, in particular, the session cookies. They store a so-called session ID, which can be used to associate various requests from your browser to the joint session. In this way, your computer can be recognized when you return to our websites. The session cookies are deleted when you log out or close the browser. Persistent cookies are automatically deleted after a predefined period of time, which may differ depending on the cookie. You can delete the cookies at any time in your browser’s security settings.

A summary and additional information on the cookies used by us, together with details on the provider, the purpose of data processing, technology used, data collected, legal basis, processing location, retention period, data recipient, data protection officer and transfer to third countries is available in our cookie settings.

Third-party analytics tools

Our websites use third-party analytics tools such as Google Analytics with anonymization function. Analytics tools commonly use cookies to be able to create evaluations.

Analytics cookies are used for the purpose of improving the quality of our websites and their content. We use analytics cookies to learn how the websites are used. This enables us to constantly optimize our offering. Analytics cookies are used only where the User has granted the relevant consent; the legal basis for processing personal data using analytics cookies thus is point (a) of Article 6(1) GDPR. You may independently withdraw your consent at any time by rejecting or deleting our cookies.

XI. Further Information

Your trust is important to us. We therefore aim to be available at any time to answer your questions regarding the processing of your personal data. If you have any questions that have not been answered by this Privacy Policy or if you would like to learn more on any issue, please contact us at any time by e-mail at: [email protected]

We reserve the right to amend this Privacy Policy at non-regular intervals as data protection law develops and as technological or organizational changes require, and We will inform you about any major changes affecting the use of your personal data. This Privacy Notice is current as of October 2022.

Squery Solutions Kft.