General Privacy Policy
Last modified: 13th June 2024
In order to make the changes of present Privacy Policy more transparent we summarize each modification in the chart below with indicating the most important changes and the date from which the changes are effective:
Thank you for choosing the services provided by or the software developed META-INF Kft. We would like to kindly inform you that it is our priority to properly protect your personal data and to respect your rights related thereto.
To achieve the above goals present privacy policy (hereinafter as: “Policy”) in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter as: “GDPR”) contains all information regarding the processing of personal data provided to us by our users (hereinafter as: “User”) related to the services provided and the software distributed by
Company name: META-INF Szolgáltató Korlátolt Felelősségű Társaság
Registered seat: 1192 Budapest, Taksony utca 6. fszt. 1., Hungary
Company registration number: 01-09-170431
Tax number: 13024583-2-43
Registered by: Company Registry Court of the Metropolitan Court of Budapest
Represented by: Attila Gáspár, Tibor Hegyi managing directors individually
E-mail: info@meta-inf.hu
Telephone: +36 30 515 4464
(hereinafter as: “Service Provider”)
The aim of the Policy is to give a clear picture about why, how, and how long we process personal data related to our Users who contacted us through our website or via other channels.
I. A few data privacy related definitions to better understand the Policy
Personal data
means any information, controlled by the Service Provider, relating to an identified or identifiable natural person (‘data subject’ – User as a user of the services); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing
means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Controller
means the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data;
The controller of the User’s personal data is META-INF, as the Service Provider
Processor
means a natural or legal person which processes personal data on behalf of the controller.
Third party
means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Data forwarding
Means the disclosure of personal data to specific third parties.
Data subject
Everybody who shares personal data with the Service Provider through the Website or via other channels or whose personal data is processed by the Service Provider otherwise. For example, the User who reads this Policy.
Consent of the data subject
means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Personal data breach
means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
Most of the above definitions are used by the GDPR. The full text of the GDPR is available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=HU . The above list is not complete so should the User needs more information or explanation do not hesitate to contact the Service Provider.
The Service Provider would like to inform the User that during the processing it does not process or request any sensitive, genetic, or biometric data.
II. Other definitions
Website
means the websites available at the domain addresses listed in appendix no.1. of present Policy that are operated by the Service Provider and through which the visitors may acquire information on the Service Provider, the Service and may use them
Service
means collectively the software developed by the Service Provider that are listed on and distributed through Atlassian Marketplace (hereinafter as: „Vendor Services”) and the services related to consultancy, support, training, licensing, event organizing activities of the Service Provider (hereinafter as: „Solution Partner Services”)
User
means collectively during the interpretation of present Privacy the visitor of the Website, the person requesting offer or consultation, the person subscribing to newsletter and the user of the Service (regardless of the user level), the person applying for support on behalf of a nonprofit organization.
Vendor
means those natural or legalpersons who sell so-called Apps developed by META-INF for the Atlassian systemto third parties
III. In which cases do the Service Provider process personal data?
In accordance with the principles laid down by Article 5 Section (1) of the GDPR the personal data of the User is processed regarding Vendor Services and Solution Partner Services in the following cases:
In connection with the general activity of the Service Provider:
· Browsing the Website
· Requesting offer by e-mail
· Newsletter subscription
· Invoicing
· Applying for a position
· Keeping contact during contractual relationship
· Providing support for nonprofit organizations
· Customer service
· Sending educational and marketing materials
· Data processingrelated to data security (ISO270001, SOC2)
· Placement of cookies on the Website
In connection with „Atlassian Vendor” activities
· Using the software developed by the Service Provider
· License sales
· Vendor deal registration
· Data migration
In connection with „Atlassian Solution Partner” activities
· Pre-contract registration
· Consulting and support and registration
· Training
· Event organizing
IV. What data, for what purpose and for how long do the Service Provider processes?
In the cases detailed above the legal ground for processing shall be the following:
- In accordance with article 6 Section (1) Point a) of the GDPR the freely given, specific, informed, and unambiguous consent of the User (hereinafter as: „Consent”).
- In accordance with article 6 Section (1) Point b) of the GDPR processing is necessary for the performance of a contract to which the User is party (hereinafter as: „Performance of Contract”).
- In accordance with article 6 Section (1) Point c) of the GDPR processing is necessary for compliance with a legal obligation to which the controller is subject (hereinafter as: „Compliance”).
- In accordance with article 6 Section (1) Point f) of the GDPR processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (hereinafter as: „Legitimate Interest”).
With respect to that the Service Provider is not able to limit the amount of personal data may be sent to the Service Provider by the User via any communication channel, because the Service Provider has no influence on the User who voluntarily provide personal data, therefore the Service Provider kindly ask the User to provide only the minimum information and data required by the Service Provider in present Policy when contacting the Service Provider in any way, and the Service Provider expressly and emphatically ask the User to do the best to ensure that the Service Provider does not receive any data that it does not want to process.
IV.1. Data processing in connection with the general activity of the Service Provider
IV.1.1. Browsing
The Website may be freely visited and browsed by the User without expressively providing any personal data to the Service Provider. However, when visiting the Website at any time, the User’s computer or mobile device sends a request to the Service Provider. It is like sending a letter to which the User wishes to get the content of the Website as an answer. The Service Provider (and the Website) can only answer this request if the User provides his/her address. This address is the User’s internet identifier address, IP address for short. The Service Provider sends the requested Website to this IP address. This is an automatic process. With respect to the IP address, we would like to inform the Visitor that the Service Provider does not handle the IP address in any way and does not log visits or IP addresses.
IV.1.2. Requesting offer
The Service Provider provides several channels for Users to request an offer from us for the Service Provider’s Services, including by sending a request for offer by email or by using the contact form at the bottom of the page on the Website, which can be accessed by scrolling down or clicking on the "Contact Us" button.
IV.1.2.1. Requesting offer by e-mail
If the User wishes to be contacted by the Service Provider via e-mail the User may do so by sending a message to the email address indicated on the Website. The Service Provider would like to draw the User’s attention that, by sending an email, the User may unwittingly share personal data with the Service Provider, because the email the User sends includes email address and the name of the User specify in the email client which the User wants to appear in the emails. In addition, if the User thinks it makes contacting easier, the User’s phone number is welcomed. Furthermore, it may occur that the User shares social media contact information with is if the e-mail „signature” contains such information so if this is the case, the Service Provider will also process this data. By sending an email with such data, the Service Provider assumes that the User voluntarily consent to the processing.
IV.1.2.2. Requesting offer via the contact form on the Website
If the User contacts the Service Provider via the contact form on the Website and request an offer from the Service Provider, the following personal data will be processed.
When requesting an offer via the contact form, providing the phone number is optional and will only be processed if the User has provided it to the Service Provider. When the User request an offer through the contact form, for ease of identification and management, the Service Provider will add an identification number to the offer request the User sends to the Service Provider, which the User did not provide , but the Service Provider will process it in relation to the User and it will be considered personal data under the provisions of the GDPR. The Service Provider will only process the fact that the email message has been read if they have contacted the User by email in response to the User offer request.
Whichever way the Users choose to request an offer or to contact the Service Provider, the Service Provider hereby asks Users that, given that the Service Provider cannot limit the personal data that each Users may sends, the User is requested to share only the most necessary data and information when contacting, so in no case should the User share any personal information with the Service Provider beyond the above in the User’s e-mail or on the contact form, especially if the Service Provider do not specifically and explicitly asks the User to do so. Any unsolicited personal data will be immediately deleted and the Service Provider will not be held liable in any way.
IV.1.3. Notices regarding the Services
The User may subscribe to our notices. There are several ways to do this. The User may sign up for it at one of the Service Provider’s events by completing the form provided for this purpose or if the User uses the Service Provider's software in a trial version, at the time of downloading and accepting its privacy policy and general terms and conditions and clicking on the download button the User subscribes to the Service Provider’s newsletter, which lasts until the User unsubscribes but until the end of the trial period as latest, unless the User continue to use the product after the trial period expired, because in this case until the User unsubscribe. In connection with this, the Service Provider processes the User's e-mail address under the explicit consent of the User until the User withdraws this consent. There are several ways to withdraw the consent, for more details, see Section VI of present Policy. In addition, it is also possible to unsubscribe directly from the Service Provider's newsletters via the link at the bottom of the newsletter.
IV.1.3.1. If the subscription is made by completing the form at one of our events:
IV.1.3.2. If the subscription is made by downloading our products:
IV.1.4. Handling of contact data in connection with invoicing
IV.1.4.1. If the invoice about the Service is issued for a legal entity, then the Service Provider process the personal data found below. The Service Provider informs the Users the if the products of the Service Provider are purchased through Atlassian Marketplace then invoicing is managed by Atlassian Pty Ltd. therefore the Service Provider does not process any personal data for this purpose.
The Service Provider processes the above personal data only if the contact person’s e-mail address contains the name of a natural person. If the contact e-mail address is general (e.g., info@example.com or finance@example.com) then the Service Provider process the data, but it shall not be considered as personal data. The Service Provider draws the User attention that if the e-mail address contains the name of a natural person the consent of the contact person to provide such data shall be obtained by the User.
IV.1.4.2. If the invoice about the counter value of using the Service shall be issued for a natural person, the Service Provider process the following data.
The mandatory content of the invoice and the duration of storing is prescribed by law therefore the Service Provider process these in order to comply with its legal obligation.
IV.1.5. Applying for a position
From time to time the Service Provider is seeking staff for various positions to which the Users may apply by submitting their professional CV. The Users may send their applications by e-mail to job@meta-inf.hu. By sending the e-mail the Users give their consent for the Service Provider to process their personal data as part of the application process starting from the date the CV is sent to us. The exact rules of the data handling regarding applying for a position is contained in a separate privacy policy which can be found here .
IV.1.6. Keeping contact during contractual relationship
If a contractual relationship is established between the Service Provider and the User, then the personal data – detailed below – of the contact person designated by the User is indicated in the contract. In these cases, the legal ground for processing is the legitimate interest of the Service Provider and its purpose is to provide information and other communications to the User regarding any issues arising during the contractual relationship. The User acknowledges that it is the User's responsibility and liability to obtain consent from the designated contact person to provide his/her data to the Service Provider.
IV.1.7. Providing support for nonprofit organizations
Once a year the Service Provider provides support for a chosen nonprofit organization for whom it provides help and introduces Atlassian’s efficiency boosting solutions completely free of charge. The User may apply for support through a tender. Further information on the support and the application is available on the Service Provider's Website, at the link https://www.meta-inf.hu/en/pledge-1-percent/ . To apply for the support, the following personal data must be provided:
Application shall be made through the Service Provider’s Website by filling and submitting a form. In addition to the above the User shall provide the name of the organization on behalf of which the User submits the application and the year of founding the organization, however these are not considered to be personal data. The User shall furthermore upload a detailed application and may write a short message to accompany the application. We request the User to not provide any additional personal data other than the ones specified above. Shall the User provide any additional personal data the Service Provider will irreparably and permanently delete these data and the Service Provider shall have no liability for such personal data.
By submitting an application, the User acknowledges and gives consent that in case of gaining support from the Service Provider the Service Provider is entitled to make video recording and use that recording for marketing purposes in connection with the application about receiving support and introducing of the Atlassian system.
IV.1.8. Customer service
In order to provide technical support for the Service Provider maintains customer service which may be reached in two ways. Either through a JIRA based system developed by Atlassian Pty Ltd. or by e-mail
In case the request is sent through JIRA based system
To manage customer service inquires We use the system of a third party, an application named JIRA Service Management (hereinafter as: “JIRA”). We use the cloud version of JIRA. For further information on processing and possible data transfer see Section IX.2. of present Policy.
If the User access customer service through the JIRA in order to fulfill the customer service request, the following data must be processed, which in any case is accessible by us from the JIRA System Central Database:
In case of requests sent by e-mail:
If the User contacts our Customer Service by e-mail at the address support@meta-inf.hu then by sending the e-mail the User acknowledges the processing of his/her personal data. In order to be able to fulfill the customer service requests, certain personal data must be processed. Without these, the Service Provider will not be able to complete the User’s customer service request as the Service Provider would not be able to contact the User.
IV.1.9. Sending educational and marketing materials
If it is required, the User may request educational materials from the Service Provider related to the Service by providing the above data to the Service Provider through the Website. If the User chose this, the educational materials will be sent by e-mail to the e-mail address provided by the User not more than a few times a month. If the User does not wish to receive educational materials anymore later, he / she may request the Service Provider in e-mail to delete his / her data, in which case the Service Provider will no longer send such messages to the User.
If the User when requesting the educational materials expressly consents to it by ticking a separate checkbox, the Service Provider will send the User marketing materials related to the Service and its self-developed products, as well as the products and services of its partners, in addition to the educational materials. If the User no longer wishes to receive marketing content, his / her consent may be withdrawn in one of the ways indicated in Section VI. below.
IV.1.10. Data processing related to data security
In order to ensure the security of data and to comply with the International Organization for Standardization (ISO) 27001 and SOC2 information security standards, the Service Provider is required to manage and monitor certain data for this purpose, which are the following:
IV.2. Data processing related to the Service Provider’s “Vendor” activities
IV.2.1. Using the software developed by the Service Provider
The Service Provider sells its software listed on the Atlassian Marketplace. Within this scope, the Service Provider will not process any personal data in connection with any software that runs in the hardware environment provided by the User because it does not have access to this software. In case of software that are only available in a cloud based version, the Service Provider shall be considered partly as controller and partly as processor with respect to the fact that it has no control over the data uploaded into the applications, however, the cloud-based software operates in a computing environment provided by the Service Provider, so that personal data contained therein is stored on the infrastructure provided by the Service Provider without any processing made by us. However, in addition, in some cases, the Service Provider performs processing in connection with the software, especially when the User logs in to his/her account through the domain provided for this purpose by the Service Provider. Within this scope, the Service Provider processes the following data:
IV.2.3 License sales
IV.2.4. Vendor deal registration
Vendors of the software developed by the Service Provider, i.e. the so-called META-INF Apps, are required to register the following personal data in connection with their negotiations for the conclusion of a contract on the Service Provider's dedicated website, available at https://www.meta-inf.hu/en/deal-registration, prior to the conclusion of the contract. The Vendor is also required to provide certain data relating to the potential contractual partner, in relation to which the Vendor, by providing such data, declares that it has obtained the consent of the Data Subjects to provide such data.
IV.2.3.1. Processing of data related to the conclusion of contract
The Service Provider sells product keys related to different software pursuant to the provisions of the individual contract with the User, during which processing is performed only in respect of the personal data specified in the individual contract. In addition, if the User purchases the software developed by the Service Provider through Atlassian Marketplace, Atlassian will disclose certain personal data to us. In this regard, the Service Provider notes that this information is not provided to the Service Provider directly by the User, but transmitted by Atlassian Pty Ltd., which operates the Atlassian Marketplace, as follows:
IV.2.4. Data migration
For Users who use a version of the software sold by the Service Provider that are running on the User's own servers (server / data center deployment), the Service Provider allows them to switch to the cloud deployment version of the software through a tool built into the software (Email This Issue Cloud Migration Assistant, a.k.a Migration Tool) to perform data migration. In case the User initiates the migration of the data stored in the software running on its own servers to the cloud-based servers, the data affected by the migration is stored on the servers of Atlassian for a duration of 2 weeks to which the Service Provider has reading access rights in order to facilitate the migration and to avoid data duplication, data error, data loss etc. and in order to avoid the need for the User to clean the data after the migration is completed.
During the migration the configuration data and the content of the Email Audit Log of the application named Email this Issue are affected.
The configuration data may contain the following personal data:
· any data that the Migration Tool users with admin authorization may configure in the migration tool, including account connection details (e.g., passwords)
Of the configuration data affected by the migration, passwords and tokens are converted to an encrypted format during the migration, which means that they cannot be interpreted by third parties.
The audit log may contain the following personal data:
· complete e-mail messages that include names, e-mail addresses, and any personal information that may be included in the e-mail message
The legal ground for data processing is the fulfillment of the contract between the User and the Service Provider. After the expiration of the 2 weeks period, Atlassian automatically deletes the stored data permanently and irrevocably, which also means the Service Provider’s rights to access also cease to exist.
IV.3. Processing related to the Service Provider’s „Atlassian Solution Partner” activities
IV.3.1. Pre-contractual registration
If the User intends to use an Atlassian Solution Partner service (consulting, support, etc.) of the Service Provider in connection with software available via the Atlassian Marketplace, the Service Provider shall register the User and the User's representative with whom it negotiates for the purpose of concluding a contract in order to perform the contract between the Service Provider as an Atlassian Solution Partner and Atlassian Pty Ltd. As required by Atlassian, the Service Provider shall record the following information of the representative acting on behalf of the User in Atlassian Pty Ltd.'s system upon contact. By contacting the Service Provider, the User gives his/her consent to the Service Provider's transfer of the following data to Atlassian.
IV.3.2. Consulting and Support
IV.3.2.1. Processing of data related to the conclusion of contract
The Service Provider performs consulting and follow-up system monitoring activities for customers of various products sold by Atlassian Pty Ltd. under an individual order which aims to integrate Atlassian Pty Ltd.’s or third parties’ solutions into the User's IT system and that helps to find the appropriate software and includes their implementation and calibration. The Service Provider is able to perform this activity only if the User makes certain personal data available, as without this the Service Provider will not be able to carry out this activity undertaken in a separate agreement. The scope of data processed by the Service Provider in this regard are the following:
IV.3.2.2. Contract registration
If the User uses an Atlassian Solution Partner service (consulting, support, etc.) the Service Provider in in connection with the software available via the Atlassian Marketplace and a contract has been concluded between the parties, the Service Provider shall register the User and the User's representative with whom the contract has been concluded for the purpose of using the service in order to perform the contract between the Service Provider as Atlassian Solution Partner and Atlassian Pty Ltd. As required by Atlassian, the Service Provider shall register the following data of the representative acting on behalf of the User in Atlassian Pty Ltd.'s system after the conclusion of the contract.
IV.3.3 Training
The Service Provider uses a separate privacy policy for processing of data related to trainings which is available at: https://www.meta-inf.hu/legal-documents/trainings-privacy-policy Present Policy is only applicable regarding data processing in connection with the training if the privacy policy for training expressly provides so.
IV.3.4 Event organizing
The Service Provider uses a separate privacy policy for processing of data related to event organization which is available at: https://www.meta-inf.hu/legal-documents/event-privacy-policy Present Policy is only applicable regarding data processing in connection with the event organization if the privacy policy for event organization expressly provides so.
V. What are cookies and why we use them?
Cookies are data packages that are sent by webservers to the User’s computer automatically, where they are stored – depending on the type of the cookie – for a definite period.
Cookies do not hold any security risk to the User’s computer or not cause any malfunction.
In order to ensure the smooth operation of the Website, certain cookies (known as session cookies) are automatically installed on the computer when the User visits the Website. The purpose of such cookies is to ensure the security of the Website, to preserve the data recorded on our online forms, to display multimedia content and to balance the traffic on the Website. Personal data collected using these cookies (in particular the IP address of the User’s computer) will be processed for our legitimate interest in the safe and smooth operation of the Website for the duration of the User’s stay on the Website. Closing the browser will automatically delete them from the computer.
With the User’s consent given on the Website, the following types of cookies may be installed on the computer for the following purposes:
- Cookies for web analytical measurements and for statistical purposes (e.g., Google Analytics). These are important to us because the Service Provider is provided with information about the specific characteristics of the visitors (IP address, city, type of device, browser, operating system are they using, and what sub-pages the User have visited on our site). the Service Provider uses these data anonymized for statistics and reports to improve the Website and the marketing strategy.
- Remarketing cookies (such as Google AdWords) allow us to analyze how the User uses the Website and, consequently, to display personalized content to the User, including advertising on online platforms outside our site (e.g., other websites or social media).
In addition, the Service Provider distinguishes between session-specific cookies and persistent cookies. A cookie valid for a single session only survives until the User closes the browser. Permanent cookies continue to live and are not automatically deleted when browser is closed. Why do they stay there and what's good about it? Well, such persistent cookies, for example, help to make the site run faster and remembering things that the User has set on the Website.
The User can manage cookies in the browser’s settings. How these settings are set depends on the type of the browser.
Further information may be found on cookie settings for the most popular browsers on the following links:
Google Chrome: https://support.google.com/chrome/answer/95647?hl=hu-hu&p=cpn_cookies
Firefox: https://support.mozilla.org/hu/kb/sutik-informacio-amelyet-weboldalak-tarolnak-szami
Internet Explorer / Edge: https://support.microsoft.com/hu-hu/help/17442/windows-internet-explorer-delete-manage-cookies
Safari: https://support.apple.com/hu-hu/HT201265
If the User has any further question regarding cookies, please contact the Service Provider at privacy@meta-inf.hu where its colleagues are more than happy to help.
Further information regarding the cookies used by the Service Provider can be found at https://www.meta-inf.hu/en/cookie-policy/
VI. How can the User withdraws the consent if the ground for processing is based on consent?
If under present Policy the legal ground of processing is the data subject's i.e., the User's consent, then the User has the right to withdraw this consent. Depending on the purpose of processing there are many ways to do it. The consent given at browsing can be withdrawn at any time, free of charge and without limitation by revisiting the Website and clicking on the pop-up window. In addition, if the User does not have the possibility to withdraw the consent given this way, it can be withdrawn by sending a message to privacy@meta-inf.hu or in case of newsletter subscription by clicking on the "Unsubscribe" button at the bottom of the email or by sending a letter to the Service Provider's headquarters address.
Please note that the withdrawal of consent does not affect the legality of the processing prior to the withdrawal.
VII. Where and how my personal data is stored?
All personal data is stored electronically on trusted secure servers. The data which is stored by the Service Provider is either on a server located within the European Union or on a server of a processor who is properly certified in relation to the processing of personal data.
The Service Provider ensures the protection of data on several levels (physically, technically, and organizationally), which in each case comply with industry standards.
Notwithstanding the above, the Service Provider shall not be liable for any damage, destruction, or unauthorized access to the data in the event of technical error, natural disaster, terrorist or criminal act.
VIII. What rights do the User has in connection with processing personal data?
Request for information (right to access): the User may request information about the processing of the collected personal data at any time, either in person, at the Service Provider’s registered seat address, in writing by sending a registered letter or by email to privacy@meta-inf.hu.
Pursuant to Article 15 Section (1) of the GDPR, a request may include information on the data processed, their source, purpose, legal ground, duration, name and address of any processor, processing activities and the User’s rights in relation to processing. In the case of data transfer, to whom and for what purpose thedata have been or will be transferred.
A request for information is considered authentic if the User is clearly identified by the Service Provider. If the request is sent by e-mail or post, only the e-mail sent from the User’s registered e-mail address will be considered as authentic, and the Service Provider will only be able to send information to the postal address registered by it. Unless the User voluntarily verify the identity otherwise thereof, the Service Provider will not be able to send information to an e-mail address or postal address that is not registered in its records in order to protect the User’s privacy.
Rectification: The User may at any time request the rectification, modification, or amendment of the collected data in the same manner described above. The Service Provider can also do this only on the basis of a request from a credible source presented when submitting the request.
Restriction: The User may request that the Service Provider restricts the processing of the personal information in particular if:
a) The User argues the accuracy of the personal data we process. In this case, the limitation refers to the period during which the accuracy of the data is checked.
b) Although the legal ground for processing does not stand for us, but the User is requesting the Service Provider in writing to keep them for the purpose of filing, asserting, or defending any legal claim the User may have
Objection: If the Service Provider process the User’s personal data on the ground of legitimate interest, the User may at any time object to the processing of the Users personal data. In such cases, the Service Provider will review the legality of the objection and, if it is well established, the Service Provider terminate the processing of data and notify anyone to whom the personal data subject to the objection may have been previously transmitted.
Deletion (“Right to be forgotten”): The User may request the deletion of the User’s personal data at any time for any of the reasons set out in Article 17 Section (1) of the GDPR.
The Service Provider may refuse deletion if the processing of the User’s personal data is required by law or if it is necessary to enforce the legal claims. The Service Provider will always inform the User about the refusal of the request for deletion. Once it is deleted, the data cannot be recovered.
Transfer of Personal Data (Portability): The User may at any time request to transfer the data processed in connection with the User in a structured, widely used, machine-readable format to the User or to another controller.
The Service Provider kindly ask the User not to exercise the above rights improperly, but only if it has a real ground or if any of the conditions set out in the GDPR actually exist.
IX. To whom we transfer personal data and who has right to access them?
The -User’s personal data is kept confidential and will not be disclosed to any third party except as provided below.
IX.1. Transmission of data related to the sending of newsletters, system messages and educational or marketing materials, messages in connection with consultancy and licensing and data storage, processing of data provided on website forms
If the User subscribed to our newsletter, either voluntarily or by using one of the Service Provider paid or free apps, furthermore if the User chose to use the services detailed in Section IV.1.9. above and if the User uses the Service Provider's consultancy or license sales services or fill any of the forms on the Service Provider's website the Service Provider will forward the User’s email address and other date provided by the user (e.g. on the form) to its processing partner. This processor is HubSpot a provider of cloud-based case management, forms and customer relationship management services through which the Service Provider sends system messages, eDMs and newsletters related to the operation of the Service and forms and contact details are recorded and managed.
HubSpot may not use the e-mail address or other data provided for any purpose other than the performance of its task or make any personal decision about it.
Contact details of the processor:
Name: HubSpot Ireland Limited
Address: Hubspot House, 1 Sir John Rogerson's Quay, Dublin Docklands, Dublin, D02 CR67, Ireland
Registration number: IE515723
Email: privacy@hubspot.com
Phone: +353 1 5187500
Represented by: Christian Kinnear director
Contact details of the DPO: https://preferences.hubspot.com/privacy
(hereinafter referred to as “Hubspot”)
If Hubspot transfers any data outside of the European Union, for example to its parent company HubSpot Inc., (seat: 25 First Street, 2nd Floor, Cambridge, MA 02141, USA, registration number number: 000955519, represented by: Brian Halligan director), the User’s email address and other data is protected in the same level as in Europe, in light of the European Commission's adequacy decision for EU-US data flows.
Hubspot’s privacy related documents may be found at the following links:
https://legal.hubspot.com/privacy-policy
https://www.hubspot.com/data-privacy/gdpr/product-readiness
IX.2. Fulfilling customer service requests through the JIRA cloud application or within the scope our “Vendor” activities in case of consulting
If the User is using the cloud-based version of the JIRA Service Management application (in connection with customer support) in connection with the software developed by the Service Provider, then in the case of customer service requests or in case of providing consultancy services, the Service Provider’s data processing partner is:
Name: Atlassian B.V. c / o Atlassian, Inc.
Address: 350 Bush Street San Francisco, CA 94104 USA
Email: eudatarep@atlassian.com
(hereinafter referred to as “Atlassian”)
Atlassian may not use the data detailed above for any purpose other than the performance of its task or make any personal decision regarding the personal data.
The Atlassian’s privacy policy is available at: https://www.atlassian.com/legal/privacy-policy
Atlassian also takes all reasonable efforts to ensure the protection of personal data as provided by the GDPR, so Atlassian has also complied with the provisions of the SCC. The data processing addendum regarding Atlassian’s compliance with SCC can be downloaded from the following link: https://www.atlassian.com/legal/data-processing-addendum
IX.3. In connection with software developed by the Service Provider:
The software developed by the Service Provider are stored at and operated from external servers, therefore if the User use them – depending on the used software – we use the services of the following server providers as processors:
IX.3.1. Amazon Web Services
The Service Provider stores and operates particular software through Amazon Web Services a cloud-based webserver which may be reached at:
Name: Amazon Web Services, Inc.
Registered seat: 410 Terry Avenue North, Seattle, WA 98109-5210, USA
E-mail: EU-privacy-DSR@amazon.com
Phone number: +1-206-266-1000
Represented by Eva Gehlin and Barbara Scarafia directors
European server locations: London, Frankfurt, Stockholm, Paris, Dublin
(hereinafter as: “Amazon”)
Although the Service Provider use the servers of Amazon located outside the territory of the European Union, namely in the United States the User’s data is still secure and protected by the provisions of the GDPR, with respect to the European Commission’s adequacy decision for EU-US data flows.
Amazon ensures the protection of data on multiple levels, physically protecting data storage servers, its infrastructure through uninterruptible power supplies and other advanced tools, limiting access to data, continuous monitoring of its system, encryption, and finally, environmentally selecting data center locations, because Amazon set up its data centers in places where it is not exposed to nature, such as seismic activity. More information about Amazon's security solutions is available at https://aws.amazon.com/compliance/data-center/data-centers/
Amazon’s general privacy policy can be reached at: https://aws.amazon.com/privacy/
IX.3.2. Datadog
The Service Provider monitors the software and data stored at and maintained from external servers by using a third-party service named Datadog, which may be contacted at:
Name: Datadog, Inc.
Registered seat: 620 8th Avenue 45th Floor New York, NY, USA
E-mail: gdpr@datadoghq.com
Phone number +1-866-329-4466
Represented by Olivier Pomel director
(hereinafter as: “Datadog”)
Datadog’s privacy policy can be reached at: https://www.datadoghq.com/legal/privacy/
IX.3.3. Hetzner
Furthermore, the Service Provider use the server providing services of Hetzner which servers are located within the European Union. Hetzner may be reached at:
Name: Hetzner Online GmbH
Registered seat: Industriestr. 25, 91710 Gunzenhausen, Germany
Company Ansbach, HRB 6089
E-mail: info@hetzner.com
Phone number: +49 9831 505-0
Represented by: Martin Hetzner, managing director
(hereinafter as: “Hetzner”)
Hetzner’s privacy policy shall be reached through this link: https://www.hetzner.com/legal/privacy-policy
IX.4. Correspondence (e-mail)
IX.4.1. Sending and receiving e-mails
The Service Provider uses Gmail a product of Google Inc. to manage correspondence by e-mail.
Name: Google Ireland Ltd
Registered seat: Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Location of Servers: Dublin, Ireland
(hereinafter as: “Google”)
Google processes EU related data within the territory of the European Union through its servers located in Dublin, Ireland. Google may not access, modify, delete, use, or otherwise manipulate user related data stored on the server provided by Google. If, for any reason, Google processes personal data outside the European Union, it will provide adequate protection in accordance with the provisions of the GDPR as a result of being subject to the SCC code of conduct. Learn more at https://policies.google.com/privacy/frameworks
Google provides the protection of data on multiple levels, such as physically protecting data storage servers, which are secured and supervised by security guards and technicians, it restricts access to server rooms by its employees and by providing uninterruptible power supply and other state-of-the-art infrastructure, restricting access to data, continuously monitoring its system, encryption, and firewall protection. The Google Privacy Policy is available at https://policies.google.com/privacy
IX.4.2. Tracking the receipt of e-mails
If under the provisions of present Policy, the Service Provider tracks the delivery of messages, it uses the services of an external service provider called Mailtrack as a data processor, the contact details of which are as follows:
Name: The Mail Track Company S.L.
Address: Calle Córcega, número 301, ático 2a, 08008 Barcelona, Spain
Registration number: B66095670
E-mail: privacy@mailtrack.io
Phone number: +1 678 999 0141
Represented by: Eduardo Manchón director
(hereinafter as: “Mailtrack”)
Mailtrack is a data processor residing within the European Union, in Spain, therefore it shall comply with the provisions of the GDPR.
More information on Mailtrack’s data processing is available at: https://mailtrack.io/en/privacy
IX.5. In connection with „Solution Partner” related activities:
IX.5.1. Hetzner
In connection with its „Solution Partner” related activities the Service Provider use the services of Hetzner introduced in Section IX.3.3.
IX.5.2. Office365
In connection with its „Solution Partner” related activities the Service Provider also use Office 365 by Microsoft Corporation to share documents and educational materials etc. with the User. In connection with Office 365 the processor is:
Name: Microsoft Ireland Operations Limited
Registered seat: One Microsoft Place, South County Business Park, Leopardstown, Dublin 18., Ireland
Online contacting form: https://privacy.microsoft.com/en-us/privacy-questions
Phone number: +353-1-706-3117
Represented by Satya Nadella director
(hereinafter as: “Microsoft”)
Microsoft process the data of people living within the territory of the European Union within the EU in Ireland. It may occur that Microsoft transmits data to its parent company Microsoft Corporation however these are in compliance with the effective privacy regulations with respect to the above reasons.
Privacy related materials of Microsoft may be reached at:
https://privacy.microsoft.com/hu-hu
https://privacy.microsoft.com/en-us/privacystatement
IX.6. In connection with the Website:
In connection with the maintenance of the Website the Service Provider use the services of Amazon Web Services introduced in Section IX.3.1.
IX.7. In connection with invoicing
The Service Provider issues its invoices with one of Hungary's largest online billing system, http://szamlazz.hu . If the User provides his/her own data as billing data, then as described above, since it is considered as personal data it is subject to processing by the Service Provider. Operator of http://szamlazz.hu website as our processing partner is:
Name: http://KBOSS.hu Kereskedelmi és Szolgáltató Kft.
Registered seat: 1031 Budapest, Záhony utca 7., Hungary
Company registration number: 01-09-303201
E-mail address: info@szamlazz.hu
Represented by: Balázs Ángyán managing director
(hereinafter as: „KBOSS”)
KBOSS has a privacy policy complying with the GDPR which is available at: https://www.szamlazz.hu/adatvedelem/
IX.8. In connection with data security and compliance with the ISO 27001 standard
In order to monitor its systems and the level of data security, the Service Provider uses a solution provided by an external service provider, Vanta, whose contact details are as follows:
Name: Vanta Inc.
Registered seat: 369 Hayes St, San Francisco, CA 94102, United States of America
E-mail: privacy@vanta.com
Represented by Christina Cacioppo director
DPO: GDPR Local Ltd (címe: 1st Floor Front Suite 27-29 North Street, Brighton BN1 1EB, United Kingdom; e-mail: contact@gdprlocal.com; telefonszám: + 441 772 217 800)
(hereinafter as: “Vanta”)
Although Vanta is a provider located outside the territory of the European Union, namely in the United States the data is still secure and protected by the provisions of the GDPR, with respect to the European Commission’s adequacy decision for EU-US data flows.
The privacy policy of Vanta is available here: https://www.vanta.com/privacy
X. What third-party social media plug-ins may be found on the Website?
To receive feedback on the contents we share on the Website and to share them we use socal media sites meaning the Service Provider uses the services (plugins) of third-party providers. The plugins are only active when the User specifically click on the button to allow them to contact social media sites. The plugins of the following two social media sites can be found on the Service Provider’s website: Facebook, Twitter, LinkedIn, Meetup, YouTube
If the User is logged in to any of these sites, it may occur that the User’s visit on the site will be attached to the User’s personal profile. If the User clicks on the specific button, the User’s browser will forward the relevant information directly to that social media site and store them there.
Information about the scope and purpose of the data collected, further processing of the User’s data and use of the User’s data by the social media provider, and the User’s rights regarding personal data can be found in privacy statements of the social media providers, which are available at:
Facebook: https://www.facebook.com/policy.php
Twitter: https://twitter.com/en/privacy
LinkedIn: https://www.linkedin.com/legal/privacy-policy
Meetup: https://www.meetup.com/privacy/
YouTube: https://policies.google.com/privacy
XI. To whom and in what cases are the Service Provider is obliged to disclose personal data?
The Service Provider may be requested to disclose personal data it processes to authorities in response to legal requests, like search warrants, court orders, production orders or subpoenas. These requests come from third parties such as civil litigants, law enforcement and other government authorities. The Service Provider discloses data in accordance with applicable law, the Service Provider cannot be held liable for any such transfer or any resulting consequences. The Service Provider will always inform the User about the transfer if it is not prohibited by law or by the requester authority.
XII. What are the responsibilities regarding the personal data the User provides?
When the User provides to the Service Provider personal data, the User is responsible for ensuring that the information and contributions are true and correct.
The Service Provider asks the User to provide third-party data only if specifically authorized to do so by the third party. The Service Provider assumes no liability for any resulting claims.
If a third-party object the processing of personal data by credibly verifying its identity, the Service Provider will immediately delete third-party data without notifying. The User is requested to only provide third-party personal data only if the User has informed the third party of the availability of this Policy.
XIII. Management of Personal data breach
Personal data breach – except that is unlikely to result in a risk to the effected person – may occur will be reported to the supervisory authority within 72 hours from becoming known to us in accordance with the law, and we will also maintain records of any breach that may occur. In the cases specified by law, we also inform users concerned.
XIV. Data Protection Officer (DPO)
Pursuant to Article 37 of the GDPR appointment of a DPO is mandatory if:
a) the processing is carried out by a public authority or body, except for courts acting in their judicial capacity.
b) the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or
c) the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 and personal data relating to criminal convictions and offences referred to in Article 10.
With respect to that the Service Provider is not subject to any of the clauses above and because there is no other compelling reason to appoint a DPO we are not appointing anyone for this position.
XV. Amendment of the Privacy Policy
If the scope of the processed data, the legal ground of the processing or other circumstances change, this Policy will be amended and published in accordance with the provisions of the GDPR and the User will be notified of such change given that the changes will become effective from the following day of publication, through our Website. Please be sure to read the Policy changes carefully as they contain important information about the processing of the personal data.
XVI. To whom the User can turn to for information regarding the User’s personal data or to exercise the rights?
If the User has any questions, please contact us by email privacy@meta-inf.hu, phone +36 30 515 4464 or at 1117 Budapest, Irinyi József utca 4-20. B. ép. 3. em., Hungary
The User is entitled to exercise the rights related to the processing of personal data against the Service Provider as controller. If the User wish to exercise such rights, the User must first notify the Service Provider.
If the User feels that the rights have been violated, the User can complain to the National Authority for Privacy and Freedom of Information:
Name: National Authority for Privacy and Freedom of Information
Address: 1055 Budapest, Falk Miksa utca 9-11., Hungary
Mailing address: 1363 Budapest, PO box: 9., Hungary
Phone: +36 1 391 1400
E-mail: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu
In the event of a dispute arising out of or in connection with this the present Privacy Policy, its breach, validity or interpretation, the User may bring the dispute to the competent court under Act CXXX of 2016 on the Code of Civil Procedure (Code of Civil Procedure):
Name: Budapest District Court for the XVIII. and XIX. Districts
Name: Budapest District Court for the XVIII. and XIX. Districts
Address: 1191 Budapest, Kossuth tér 7/9., Hungary
Mailing address: 1703 Budapest, PO Box. 4., Hungary
Phone: +3613574333
E-mail: kispest.elnokseg@birosag.hu
Website: https://fovarositorvenyszek.birosag.hu/jarasbirosagok/budapesti-xviii-es-xix-keruleti-birosag
In-depth expertise, knowledge transfer and Atlassian apps from the highest-level Atlassian partner.
