Cloudagents Zrt. (registered seat: 12-14. Könyves Kálmán krt., Budapest, H-1097, Hungary; registration number: 11-10-001667; hereinafter: Cloudagents) in accordance with the relevant data protection laws processes and protects (Sensitive) Personal Identifiable Information (hereinafter: SPII/PII) in the course of the registration (hereinafter: Registration) of vendors independently whether the communication channel used is email, phone, personal or social media (hereinafter: Channel). Data Protection Registry Number: NAIH-72876/2014.
1. PURPOSE AND LAWFUL BASIS OF DATA COLLECTION
Cloudagents collects SPII/PII throughout business correspondence on the following lawful basis:
(i) performance of a contract or to comply with a legal obligation;
(ii) legitimate interest of Cloudagents in relation with contract;
(iii) vital interest of Cloudagents and the Vendor;
(iv) Consent of the Vendor.
Cloudagents uses SPII/PII for the following purposes:
(v) registering your business representatives’ data to evaluate and conduct business between the Parties;
(vi) sending information about Cloudagents’ activity, the important company news and updates;
(vii) and communication with you in relation to the above.
Cloudagents stores any information about representatives of their Vendors only as long as 10 years from the conclusion of the contract unless any legal requirements set out longer retention. Cloudagents does only collect and store necessary amount and type of information from Vendors. Cloudagents will always inform you about the purpose of the data collection, the list of data collected and the time of retention of the data, and will never request any unnecessary information and will not use it for any other reason than described.
2. COLLECTED DATA
Cloudagents may collect the following PII/SPII upon business correspondence..
(i) Full Name;
(ii) Job title;
(iii) Company registered address;
(iv) Phone number(s);
(v) Email address;
(vi) Company International Bank Account Number (IBAN);
(vii) IP address;
(viii)CCTV recording of you recorded at Cloudagents Head Office premises;
(ix) Audio-visual multimedia content related to Cloudagents or its events, where you participated;
3. INFORMATION ON PROCESSED DATA
Upon your request, Cloudagents as the Data Controller of your PII/SPII, will inform you about the data stored, the data processed about you or by the commissioned Data Processor, and about the source of these data, the purpose, the legal basis, and the duration of the data management, furthermore, about the name, address and data management-related activity of the Data Processor as well as, in case your personal data are forwarded, about the legal basis and addressee thereof.
Although Cloudagents as the Data Controller, will commit everything to ensure that your data will remain integral throughout processing, you are exclusively responsible for the correctness and the validity of the data disclosed for processing.
Please note, Cloudagents does not conduct profiling or structured data analysis concerning your PII/SPII.
4. THIRD-PARTY DATA PROCESSORS AND DATA FORWARDING
Cloudagents does not make your PII/SPII accessible for any third-party without your prior consent, excluding the cases when (according to legal regulations) the disclosure of your personal data to other companies, financial institutions or to public bodies is necessary and desirable for the purpose of crime prevention and customer protection, and if it is stipulated or permitted by law. In case Cloudagents discloses your personal data to any third party, Cloudagents always informs you prior to the disclosure, requires your consent and ensures that sharing your data is always in compliance with the legal regulations on data protection.
Cloudagents may forward your PII/SPII for the following 3rd party entities for the below reasons:
(i) RSM Hungary Zrt. (registered at 1138 Budapest, Faludi Street 3., Hungary) may use your full name, job title, email address, phone number and company IBAN for accounting activities;
(ii) Oklav Kft. (registered at 2051 Biatorbágy, Rosenbach J. Street 49., Hungary) may use your full name, job title, email address, phone number and company IBAN for financial auditing and consulting purposes;
(iii) Microsoft Corp. and its affiliates (registered at One Microsoft Way, Redmond, WA 98052, United States) may use your full name, job title, phone number and email address to provide IT services;
(iv) MiniCRM Zrt. (registered at 1075 Budapest, Madách Imre út 13-14.) may use your full name, job title, phone number and email address to provide IT services.
5. YOUR RIGHTS IN CONNECTION WITH DATA PROTECTION
According to data protection regulations you are entitled to access the information about the management of your PII/SPII at any time. Information is given free of charge. Cloudagents will give you the information within 30 (thirty) calendar days from the submission of your request. If you have any question in relation to the management of your PII/SPII, Cloudagents asks you to contact us at the contact details indicated on the Websites.
Through the contact details indicated on the Websites, you have the right
(i) to access the information on the management of your personal data;
(ii) to request or conduct the correction, cancellation (excluding the case of lawfully obliged data management) and blocking of your personal data;
(iii) to protest against the management of your personal data in cases defined in the legal regulations on data protection;
(iv) to turn to the competent court or authority if your rights have been violated or in other cases defined by the law; and
(v) to demand compensation for damage caused by unlawful data management or by the violation of data security provisions.
Cloudagents draws your attention to the fact that in certain cases, in connection with the data management defined in this data protection policy, the Data Controller may manage your personal data according to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and according to the Act CXII of 2011 on Informational Self-determination and Freedom of Information. This means that the management of personal data may be necessary for the fulfilment of certain legal obligations of the Data Controller or for the observation of the legitimate interest of third parties. In these cases, personal data may be managed even if you have withdrawn your permission thereto. You may ask for further information from the Data Controller at its contact details. Furthermore, you are responsible to report any data or information breach immediately via firstname.lastname@example.org so Cloudagents can duly respond to any concerns in line with its security incident management process.
6. DATA SUBJECT’S ENFORCEMENT OPPORTUNITIES
In the event of violation of Data Subjects personality rights Data Subject may request the assistance of the National Authority for Data Protection and Freedom of Information.
Name: National Authority for Data Protection and Freedom of Information
Postal address: 1530 Budapest, Pf.: 5.
Address: Szilágyi Erzsébet fasor 22/c 1125 Budapest, Hungary
Phone: +36 (1) 391-1400
7. DATA PROTECTION
It is the obligation of Cloudagents to provide protection for your personal data. Cloudagents has introduced physical, electronic and administrative procedures for the protection of your PII/SPII from unauthorised access, modification, transmission, publication, cancellation or destruction, furthermore, from inaccessibility caused by causal destruction, damage or by the modification of the applied technology. Cloudagents pays particular attention to the protection of your personal data from unlawful and unauthorised procedure during data management. Despite all of these measures Cloudagents cannot fully guarantee the security of your data.
Cloudagents provides security for your data by the following means: usage of FIPS 140-2 compliant data encryption when storing and TLS 3.0 encryption when transmitting data where possible, password protection where applicable, limitation of the access to information by employing logical separation of duties principle throughout information systems and procedures (i.e. only those employees have access to these data for whom it is necessary for the attainment of the purposes written above). Cloudagents requests you to help protecting the information by following Cloudagents Information Security Policy guidelines on system access and passwords. Information Security Policy becomes available upon successful submission to any open position after Registration. Furthermore, Cloudagents also requests you not to make your password accessible for any other person.
Personally Identifiable Information
Any information that can be associated with a unique individual or that can be used to identify, locate, or contact a unique individual.
Sensitive personal data
A critical subset of PII and is entitled to additional protection and is classified as Secret. SPII includes powerful data elements that depending on the context of the PII and/or the local law governing its use, distribution, and disclosure could permit another person to “assume” a person’s identity such as Social Security Number, bank or insurance account numbers, government issued ID numbers, biometric data, and location data identifiable to a person.
A person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be processed
In relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller.
A unique string of numbers separated by full stops that identifies each computer using the Internet Protocol to communicate over a network.
in relation to information or data means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including—
(i) organisation, adaptation or alteration of the information or data,
(ii) retrieval, consultation or use of the information or data,
(iii) disclosure of the information or data by transmission, dissemination or otherwise making available, or
(iv) alignment, combination, blocking, erasure or destruction of the information or data.