Privacy Policy 

Table of Contents

Effective from 1. January 2023.

Last Updated: 21. September 2023.

For our company, the EverIT Kft., the lawfulness of the processing of personal data and the protection of personal data are of primary importance. The purpose of this notice is to provide information on our data processing activity in accordance with relevant law in force such as the provisions of Regulation 2016/679 of the European Parliament and of the Council (EU) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter referred to as Infotv.).

If you have any further questions about this notice or the processing of your personal data already provided, please contact us at any time at one of the following contact details.

1. Data Controller

The controller of the processing described in this Privacy Notice is:

EverIT Kft. (seat: 1137 Budapest, Katona József utca 17. III.em. 2., company registry number: 01-09-901986, Court of Registry: Fővárosi Törvényszék Cégbírósága, tax number: 14396434-2-41)

(hereinafter referred to: „we”, or „our company”)


Our contact details for queries relating to data processing:

postal address: 1137 Budapest, Katona József utca 17. III.em. 2.

e-mail address:

phone: +36 20 568 6583


2. Some basic definitions in connection with the data protection to help you understand this privacy notice

Personal data: means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law

Processor: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Third party: means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data

Data subject: the subject of processing

Consent of the data subject: means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her

Personal data breach: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed

3. Our data processing activities

3.1. Conclusion and performance of contracts

This section applies to contracts concluded in the course of our business, i.e. contracts that we enter into with our customers or subcontractors, collaborators, suppliers. Employment contracts and other employment relationships are not covered by this clause.

In relation to the contracts covered by this point, personal data processing may take place where our contracting partner is a sole trader, which necessarily involves the processing of personal data. In such a case, all data relating to, connected with or in connection with the contract which comes to our knowledge concerning our partner shall be considered as personal data of our partner.

If our contracting partner is a company (legal person), personal data are processed essentially in relation to the contact person acting on behalf of the partner or designated by the partner.

What is the purpose of the data process?

If our contracting partner is a sole trader, the purpose of processing their personal data is the establishment, registration and performance of the contract. The purposes of processing in the context of the performance of the contract also include the settlement of any warranty and guarantee claims and other disputes.

If the contract is subject to an obligation to issue an invoice and our contracting partner is a sole trader, the data relating to the invoice issued on the basis of the contract are also personal data, and the purpose of the processing of which is to fulfil our accounting obligations as defined by law (issuing invoices, keeping invoices).

If our contracting partner is a company or other organisation, the purpose of the processing of personal data of the person acting on its behalf or of the contact person is the smooth establishment, performance or termination of the contract.

Which personal data do we process for the above purposes?

In case of sole trader:

  • name of the sole trader
  • sole trader registration number
  • tax number
  • seat
  • signature in case of written contract
  • contact details (phone number, e-mail address)
  • Invoice details (invoice number, date, date of performance, payment deadline, gross and net amount, VAT amount, bank name, bank account number, tax number, discounts and entitlements, etc.)
  • order details: name and identification of products or services, quantity, price, date and status of order
  • payment details (bank account number, date, amount, method of payment, record of any debts)
  • reported warranty and guarantee claims, the content of the report on the claim, the method and date of fulfilment of the claim
  • confirmation of performance, details of time records

In case of contact person:

  • name, e-mail address, phone numer, company name, job

Confirmation of performance

  • place, date and quantity of performance
  • the name of the person who carried out the activity, if relevant to the settlement
  • name and signature of the person issuing the record

On what legal basis and for how long do we process this personal data?

In the case of a contract with a sole trader, we need their personal identification and contact details in order to conclude and perform the contract. The legal basis for processing these data is the performance of the contract pursuant to Article 6(1)(b) of the GDPR.

In addition, in the case of a sole trader contractor, certain personal data are processed on the basis of the following legal obligation (Article 6(1)(c) GDPR):

  • In the case of an obligation to issue or retain an invoice, we must process invoicing data (invoicing name and address, invoice details) in accordance with Act C of 2000 on Accounting (Act on Accounting) and we are obliged to retain the documents issued in connection with the contract, together with the data contained therein, for 8 years in accordance with Section 169 of the Act on Accounting;
  • If our client or customer is subject to VAT, we are obliged to indicate the tax number of the purchaser or service user on the invoice in accordance with Section 169 (d) (dc) of Act CXXVII of 2007 on Value Added Tax (hereinafter: VAT Act). The retention period of the tax number is aligned with the retention period of the invoice

We process the contact details in our legitimate interest for the smooth performance of the contract pursuant to Article 6(1)(f) GDPR, during the limitation period for the performance of the contract and the related claims.

Given that the contracts and the related accounting documents and the necessary contact details form a logical unit for the existence and smooth performance of the contract, they share the legal rules in terms of their preservation. The retention period is 8 years, counted from the last day of the year in which the contract in question expired.

3.2. Newsletter, marketing offer

On our website you have the possibility to voluntarily subscribe to a newsletter about the Company and our application.

By downloading a trial or making a purchase of any of our apps from our website or the Atlassian Marketplace interface, you agree to our privacy notice at the time of download and automatically subscribe to receive marketing materials related to the app.

What is the purpose of the data processing?

Our Company aims to inform its partners from time to time about our Company’s activities, business offers and news concerning the Company. Those interested in our news and offers may therefore register to receive such messages. The purpose of processing the personal data required for this purpose is to ensure the communication of newsletters and offers.

Which personal data do we process for the present purpose?

required data: surname, first name, e-mail address, information relating to licences.

optional: telephone number, company name, position

If you do not provide any of the required information, we will not be able to accept your newsletter subscription.

On which legal title do we process these personal data?

If the voluntary subscription to the newsletter is made by filling in the form on our website, the data subject has given his or her voluntary consent based on this notice (Article 6(1)(a) GDPR). Without consent, we cannot accept the subscription and thus cannot send our newsletters to the data subject.

If the newsletter subscription is automatic, the legal basis for processing is our legitimate interest pursuant to Article 6 (1) (f) GDPR. In these cases, the user has downloaded one of our apps, started a trial or made a purchase from us on our website or on the Atlassian Marketplace interface. In these cases, we have a legitimate interest in contacting the data subject with additional product offers to increase our sales.

For how long do we process these personal data?

Regarding voluntary subscriptions made through our website: you can unsubscribe from the newsletter at any time by sending us an e-mail.

If you have subscribed to our newsletters via the Atlassian Marketplace interface, you will have the option to unsubscribe each time you receive a notification email from MailChimp. The data of those subscribed to the newsletter will be deleted after a period of inactivity of 1 year.

Furthermore, we will delete your personal data processed in connection with your newsletter subscription from our database at any time if

  • you request it, or
  • withdraw your consent to data processing, or
  • unsubscribe from the newsletter.

You may unsubscribe from our newsletter at any time, free of charge, without justification and without any limitation:

  • by clicking on the “Unsubscribe” link in the footer of the newsletter;
  • by sending an e-mail declaration to;
  • by post to EverIT Kft. at the address: 1137 Budapest, Katona József utca 17.

3.3. Product support services

We also provide product support services for our Users.

3.3.1. JIRA-based requests and requests by e-mail

We use an external service provider’s system, JIRA Service Management (“JIRA”), to handle requests from our users. For requests related to consulting, license sales, training, we use the JIRA Cloud application, i.e. the application is hosted through a SaaS service operated by Atlassian. The data of the enquirers/reporters is only accessible by authorised colleagues of EverIT Ltd. and will not be transmitted to third parties.

Which personal data do we process for the above purpose?

name, e-mail address, licence details, screen shots, data necessary to reproduce the error, other personal data provided by the reporting party (including in particular the reporting party’s signature, telephone number or other contact details of the person concerned and the circumstances of the matter with which the reporting party has contacted us).

3.3.2. Contacting through the webpage

For requests for consultancy, implementation or custom software development regarding Atlassian or, we use the cloud-based service of an external service provider,  (

The data is sent by e-mail to our Company’s e-mail address:, then stored in the system.

What is the purpose of the data processing?

If you contact us with a question or complaint (contact us), we will process the personal data you provide in a message/e-mail, to contact you and respond to your request.

This point covers enquiries of an informative nature. If the correspondence relates to the drafting of a contract or to a contract that is in progress or has been performed, the details of that type of processing will apply to that contact.

Which personal data do we process for the above purpose?

name, e-mail address, phone number, other personal data provided by the enquirer (including in particular the contact details of the enquirer or other person concerned and the circumstances of the matter with which the enquirer has contacted us)

On which legal basis do we process the personal data?

The personal data of the data subject processed in accordance with this point are processed in accordance with Article 6 (1) (f) of the GDPR for our legitimate interest in order to record and respond to the data subject’s request and for the settlement of any claims arising therefrom.

For how long do we process these personal data?

Personal data (including e-mails) processed in connection with enquiries will be deleted after the purpose for which they were processed has ceased to exist. Thus, if the e-mail and the response to it are not expected to be needed for further administration or claims, they will be deleted immediately, otherwise the request and the response will be deleted after they are no longer needed for these purposes.

3.3.3. Inquiries regarding self-developed products

In some cases, we request personal data from end users of products (apps) developed by our Company to Atlassian products for contacting purposes. In all cases, the provision of this information is optional and voluntary.

What is the purpose of the data processing?

The purpose of the processing is to contact users for making out an appointment for an interview to discuss any questions they may have about the use of the product. During the interview, we assess user needs, and user feedback helps us to improve our services and products and to ensure their quality.

During the interview, we ask the user questions about the use of the app, based on which we assess the way and cases of use, and based on this, we identify further development needs and directions.

Which personal data do we process for the above purpose?

We request and store the following personal data:

  • name
  • e-mail
  • position

For how long do we process these personal data?

The data will be stored for a maximum of 1 (one) year and then deleted from our active systems.

The physical location of the data:

3.3.4. Inquiries regarding self-developed products

We use Heap Analytics, a service of Heap Analytics Inc., to analyze user behavior. With the help of the application, we can aggregate and analyze which content related to our product is clicked on by interested parties or which browser they use.

What is the purpose of the data processing?

By collecting data, our goal is to improve we do to optimize the app experience for our users and to help our development colleagues in their design and development decisions related to the product.

Which personal data do we process for the above purpose?

We do not process personal data using Heap, it is completely anonymous.

  • 3.4. Data processing in connection with job advertisements, job applications and selection

    What is the purpose of the processing?

    The purpose of the processing is to manage the human resources of our Company, to provide potential candidates with detailed information about open positions, to fill vacancies with the best possible candidates and to contact the candidate.

    What personal data do we process for the above purposes?

    Personal data provided by the candidate in his/her CV or documents provided or uploaded during registration, such as personal identification data (name, place of residence, date of birth), as well as data relating to his/her education, training, professional experience, skills and competences. The provision of any data and information beyond that requested in the specific job vacancy notice is at the Data Subject’s discretion.

    On what legal basis do we process these personal data?

    The processing of personal data is based on the voluntary consent of the applicant. Processing based on consent is permitted under Article 6(1)(a) of the GDPR.

    How long do we process your personal data?

    In the case of an application for an open position, we process the personal data of applicants for 3 months after the end of the selection process.

    If the applicant does not apply for a specific advertised position but simply enquires whether we have a suitable vacancy, we will endeavour to respond to the candidate as soon as possible, but no later than one month. If we do not have a suitable offer for the candidate and he or she does not agree to further processing of his or her personal data, we will delete his or her personal data.

    And if candidates consent, we will keep their CV and application material for a period of 2 years so that we can notify the candidate in case of future vacancies.

3.5. Social media 

Our company has a company profile on various social media platforms:

The operating principles of social media platforms and the functions available on them are essentially decided by the operator of the social media platform. However, as a user, our company is given the opportunity to (to a limited extent) customise certain functions, thus both our company and the social media platform concerned are involved in the data processing. Consequently, the company/organisation operating the social media platform and our company are considered to be joint controllers in relation to the processing of data on the platform. However, we have no control over the decisions of the company/entity operating the social media platform and we do not have any information about their data processing activities beyond what is provided in their privacy policy, and therefore we exclude our liability in this regard.

Before using a social media platform, please also read the privacy policy of the social media platform in question so that you, as a user, can also take advantage of the personalised privacy settings provided by the social media platform.

The operation of our social media pages is in the legitimate interest of our company. It is in our legitimate interest to promote our company on these platforms, to be accessible, and to enable those interested in our services and job opportunities to contact us and obtain information through these platforms.

In the social networking platforms, we may learn personal data, such as profile picture, name, etc., about users who have joined our sites, in accordance with the site’s rules and the user’s preferences. Users can also rate (like), rate, share and comment on our posts. Comments and posts will be moderated and if we believe that they are illegal or infringe the rights and interests of our company or others, we have the right to remove them.

Given that joining our social media platforms is completely voluntary, the legal basis for processing is your consent (Article 6(1)(a) GDPR).

When the profile of the social media site or our company is terminated, the data processing on the social media site will also cease. In addition, data processing will also cease if you unfollow our social media platform.

We have placed simple links on our website to Facebook and LinkedIn. In such cases, data will only be transferred to these social media operators when you click on the relevant icon (e.g. the “f” icon in the case of Facebook). When you click on the icon, you will be taken to our corporate interface on the social platform to which the link relates, where you can read our posts, write comments and send us messages.

3.6. Cookies

What are cookies and what is the purpose of their use?

We use cookies on the website at

A cookie is a file (small data packet consisting of letters and numbers) that is placed on your computing device (computer, smartphone, tablet, etc.) when you visit the site. This allows the website to recognise the user’s browser, for example to determine whether the user has visited the website before.

The cookie itself does not contain or collect personal data, it is only used to help identify users. This helps them to provide a more convenient, user-friendly service.

The primary purpose of cookies is to enable the website to function properly, in particular to track the data that is collected about visits to the website and to detect possible abuse of the website.

In particular, the cookies needed to operate:

  • cookies that store data recorded by users (“user-input cookies”)
  • authentication session cookies (“authentication cookies”).
  • user centric security session cookies (user centric security cookies)
  • multimedia player session cookies (“multimedia player session cookie”)
  • load balancing session cookies
  • user interface customization session cookies

In addition, some cookies allow us to analyse usage trends, improve and enhance website features and to obtain aggregate traffic data on overall website usage.

We may use your cookie data to compile and analyse statistics about your use of the website and to provide non-identifiable statistical information (e.g. number of visitors, most viewed topics or content) to third parties or to disclose it in aggregate and anonymously.

The data collected by cookies cannot, in principle, be used to identify the user and will only be combined with other potentially identifiable data if the user explicitly consents to the use of cookies to identify him or her.

Cookies are stored in the browser’s memory and typically include the following:

  • Name of the sending server
  • The cookie’s lifetime
  • The value – usually a randomly generated unique number

The server of the website sending the cookie uses this number to identify the user when they return or move from page to page. Only the sending server can read and use this value. Cookies play a central role in the customisability of the internet and behavioural advertising is usually cookie-based.

How can you turn off cookies?

You can also delete cookies from your device or set your browser to block cookies. It is also possible to disable all cookies, but this will significantly degrade your web browsing experience if you use services that use cookies.

You can find out how to set cookies for different browsers here:

Browser Setting of cookies (link)
Google - Chrome
Microsoft Edge
Internet Explorer

To find out what cookies our Company uses, please click here, the Cookie Policy is available on our website –

We also use the services of Google Analytics in connection with the Website. The cookies managed by Google Analytics help us to measure website traffic and other web analytics data. The information collected by cookies is transmitted to and stored on external servers operated by Google. Google will use this information primarily for the purpose of tracking website activity and compiling analytics about website activity for us. Google may transfer this information to third parties where required to do so by law. Google may also transfer this information to third parties which it uses to process the data. Google Analytics can provide detailed information on the processing of data by Google Analytics (

You can disable Google’s use of cookies by going to the Advertising settings (for more information: Users can also opt-out of cookies from third-party service providers by visiting the unsubscribe page of the Network Advertising Initiative (

The processing of data by the aforementioned third-party service providers is governed by the privacy policies of those service providers and our company assumes no responsibility for such processing.

4. Who may have access to your personal data?

Personal data will be processed confidentially and will not be disclosed to third parties, except as provided below.

The personal data we process may be accessed by our employees who need to know it in order to perform their job duties, and by our data processors and their employees in connection with the tasks they perform. These persons are also required to treat the personal data they receive as confidential.

Our data processors and their tasks:

Data Processors Operations performed by the processor
Rackforest Zrt.
seat: 1132 Budapest, Victor Hugo utca 11.5.em
Tel.: +36 1 211 0044
Activity: hosting (leased cloud, leased server)
Rackforest Zrt. Rackforest's Privacy Policy is available at the following link:
Service 2009 Kft.
seat: 2151 Fót, Móricz Zsigmond út 28. B.ép.fsz. 3.
Tel.: 06-20-285-73-82
Activity: financial, accounting tasks
The Rocket Science Group LLC d/b/a MailChimp
seat: 675 Ponce de Leon Ave NE, Suite 5000, Atlanta GA 30308 USA
Tel.: +1 678 999 0141
To send our system messages, eDMs, newsletters related to the operation of our services, we use MailChimp, an online newsletter sending service operated by The Rocket Science Group LLC d/b/a MailChimp.
Please note that some of MailChimp's servers are located outside the European Union, but your email address is still protected to the same level as in Europe, as MailChimp in the United States is subject to the European Court of Justice's decision under GDPR 40. MailChimp is subject to the Standard Contractual Clauses ("SCC"), a code of conduct approved by the Court of Justice of the European Union under Article 40 of the GDPR, which ensures that, in the event of a transfer of data to a third country outside the European Union, a controller or processor outside the EU who acts in accordance with the SCC ensures a level of protection of personal data equivalent to that of the European Union and in compliance with the provisions of the GDPR.
More information on the SCC is available here: -
You can find out more about MailChimp's data processing in accordance with the SCC here: -
Atlassian B.V. c/o Atlassian, Inc.
address: 350 Bush Street San Francisco, CA 94104 USA
Fulfilling customer service requests when using the JIRA cloud application, our data processing partner is Atlassian B.V. c/o Atlassian, Inc:
Atlassian's privacy policy can be found here: -
Atlassian may not use the data detailed above for any purpose outside the performance of its duties or make any independent decisions regarding the personal data. Atlassian has also subjected itself to the provisions of the SCC.
The Atlassian SCC-compliant Data Privacy Notice can be downloaded at the following link: -
address: 6 Yitzhak Sadeh St Tel Aviv 6777506, Israel
We use forms powered by the cloud based platform to process requests coming through our website.’s privacy policy can be found here:

For all our contracted partners, contact details are stored in HubSpot CRM, Jira Project Management and Google Workspace document management systems.

We disclose personal data to courts, prosecutors and other authorities in the context of our statutory obligations, to the extent and in the manner required by law.

In the event of a legal claim against you, your personal data may also be disclosed to the extent necessary for the enforcement of the claim by our respective legal cooperation partners and our claims management partners.

5. Data security

We are committed to taking the necessary data security measures. As part of this, we adopt and implement, regularly review the technical and organisational measures and procedures to ensure that the personal data we process is secure and we will do our utmost to prevent the destruction, unauthorised use or alteration of the data, to ensure that the personal data we process is not accessible, disclosed, transmitted, modified or deleted by unauthorised persons. We remind all those to whom we transfer personal data to comply with data security requirements, and we require our employees involved in data processing activities to do the same.

In the context of the above, information technology solutions will be designed and selected to ensure that those who have access to the data have exclusive access to the data and that the data remain authentic and unaltered. This includes password-protected access systems, activity logging, regular backups.

We monitor the technological developments at any time, and apply the available technical, technological, organizational solutions that meet the level of protection justified by our data processing.

Based on the above, personal data is stored in the cloud we rent, on rented servers and on the hard drive of our Company’s computers. Access to each system is controlled by rights management – personal data is accessible to those whose work requires knowledge of the data.

Our IT systems are tested on a recurring and regular basis to establish and maintain data and IT security.

Our office workstations are password protected. The use of foreign data media is not permitted by default.

Our systems are protected against malicious software.

Data is backed up daily. Only a restricted group of authorised users has access to the backups.

6. Management of personal data breach

All cases are classified as personal data breach when an unauthorized person has access to personal data or the data is destroyed, lost, altered, e.g. the database is destroyed or the media on which the data was stored get lost.

In the event of personal data breach, we assess its effects and risks (what kind of data are affected, in what quantity, can they be restored, etc.) and take immediate action for remedy.

We will notify a data breach to the competent supervisory authority without undue delay and no later than 72 hours after we become aware of it, unless the data breach is unlikely to pose a risk to the rights and freedoms of natural persons.

7. Your rights

Withdraw of consent: If the processing is based on your consent, you have the right to withdraw your consent at any time without giving any reason. After withdrawal of consent, your personal data will no longer be processed. Withdrawal of consent does not affect the lawfulness of the processing that preceded it.

Right of access: You shall have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information:

the purposes and the legal ground of the processing, your personal data processed by us and their categories, the recipients or categories of recipients (including the processors) to whom the personal data have been or will be disclosed (where personal data are transferred to a third country, you shall have the right to be informed of the appropriate safeguards relating to the transfer), the legal ground of the data transfer, period for which the personal data will be stored, the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing, the right to lodge a complaint with the Hungarian Data Protection Authority, the source of the data, the circumstances and effects of the possible data breach and the measures implemented for their prevention

Simultaneously we shall also provide a copy of the personal data undergoing processing.

Our Company will respond to your request within the time period specified in point 8 by sending a reply letter to the contact details provided in the request. If you have sent your request by electronic means, we will also send you our reply by electronic means.

If you request a copy of the personal data we process, the first copy will be free of charge, and we may charge a reasonable fee based on our administrative costs for each additional copy. The amount of this charge will be communicated to you in advance.

Right to rectification and supplementation: If you become aware that any of your personal data is incorrect, inaccurate or incomplete, please provide us with the correct or additional information as soon as possible so that we can make the correction or completion.

Right to erasure („Right to be forgotten”): You have the right to request the deletion of your personal data. Please note that we may refuse to erase your data in particular if we need or may need the data to comply with a legal obligation or to pursue a claim.

In the case of processing based on legitimate interest, objection to processing shall entail the deletion of the data, unless there are overriding reasons why the deletion cannot be complied with.

Furthermore, erasure takes place if

  1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  2. the personal data have been unlawfully processed;
  3. the personal data have to be erased for compliance with a legal obligation out of EU law or national law.

Right to restriction of processing: You shall have the right to obtain from us restriction of processing where one of the following applies (i) the accuracy of the personal data is contested by you, in which case the restriction applies for the period enabling us to verify the accuracy of the personal data; (ii) the processing is unlawful and you opposes the erasure of the personal data and requests the restriction of their use instead; (iii) we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; (iv) you has objected to processing, in which case the restriction applies until it is established whether our legitimate grounds prevail over your legitimate grounds.

Where processing has been restricted, such personal data shall, except for storage, only be processed with your consent or for the establishment, exercise, or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.

In case of restriction of processing you shall be informed by us before the restriction of processing is lifted.

Right to object: Regarding data processing based on our legitimate interest, you may object to our data processing if you feel that the data processing is prejudicial to you.

In the event of an objection, personal data will be deleted unless there is an overriding reason to keep it. Such an overriding reason may be if we wish to pursue a claim against you.

Right to data portability: In the case of processing based on your consent or a contractual legal basis, you may request that the personal data you have provided to us that we process electronically is transferred to you or to another person designated by you in a commonly known and easily usable electronic format.

8. Submission of requests and answering them

If you wish to exercise any of the above rights, please send your request in writing by post to our address or by e-mail to our e-mail adress as determined in Section I of this notice. In the letter, please also include your identification details and postal address. If we have any doubts about your identity or if the information provided is not sufficient to identify you, we are entitled to ask you for additional identification data.

Your request will be fulfilled within 1 month. If necessary, we are entitled to extend this period by a further 2 months and will send you a reasoned decision.

Valid requests will be granted free of charge. However, if the request is manifestly unfounded or excessive, in particular because of its repetitive nature, we are entitled to charge a reasonable fee or even refuse to act on the request.

We will inform all those to whom we have disclosed the data concerned of the rectification, erasure or restriction of the data, unless this proves impossible or involves a disproportionate effort. Upon your request, we will inform you of the recipients to whom we have communicated or informed as described above.

9. Damages and restitutions

Should we cause any damage to you or to a third person through unlawful or unsecure processing of your personal data, you or the person suffered damage is entitled to require damages from us.

If, in this regard, we infringe your privacy, you are entitled to claim restitution.

Please note that we shall be exempt from liability if the damage is proven to be caused by an unavoidable external cause outside the scope of the data processing or if the damage comes from your deliberate or grossly negligent behaviour.

10. Remedies

10.1 Contacting the controller

If you consider that we are processing your personal data unlawfully, please advise us, as the controller, of your observations or claims first, at any of our contact details listed in paragraph I so that we can process and handle your remarks as quickly and efficiently as possible.

10.2 Submitting a complaint at the data protection authority

In the event of unlawful processing, you also have the right to turn to the National Authority for Data Protection and Freedom of Information (NAIH) and initiate their proceedings.

Contact details of the authority:


address: 1055 Budapest, Falk Miksa utca 9-11.

postal address: 1363 Budapest, Pf.: 9.


10.3 Going to court

Please note that you are entitled to lodge a claim at court. You may file the lawsuit at the county court having jurisdiction based on our seat.