DATA PROTECTION POLICY

(effective from 13/11/2019)

Reacty Digital Ltd. (hereinafter: Reacty Digital, the Company) manages the personal data obtained or recorded in the course of its activities in accordance with the provision by the European Parliament and the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, decree No 2016/679 overruling Regulation (EC) No 95/46 and Act of CXII of 2011 on Informational Self-determination and Freedom of Information.

Purpose and scope of the prospectus:

The purpose of this prospectus is to set out Reacty Digital's privacy and management policies which Reacty Digital, as a data controller, recognizes as binding to it.

By the publication of this prospectus Reacty Digital, as the data controller, will disclose general information about the processing of personal data to those concerned.

Unless otherwise specified, the scope of the prospectus does not cover data processing during official proceedings.

Data controller:

Reacty Digital Ltd.

Registered office: 6000 Kecskemét, Szalag u. 1.

Email: hello@reacty.digital

Webpage: http://reacty.digital/

What principles do we follow in our data management?

Our company follows the following principles in its data management:

1. a) personal data is processed in a lawful and fair way, transparently for you.
2. b) personal data is exclusively collected for specified, explicit, and legitimate purposes, and it is not processed in ways incompatible with the purposes.
3. c) the personal data we collect, and process is appropriate and relevant for the data processing objectives and is limited to the necessary extent.
4. d) our Company shall make all reasonable measures necessary to ensure that the we process is accurate and up to date; any inaccurate personal data shall be erased or rectified.
5. e) personal data is stored in a way that they can be identified only for the duration necessary for achieving the objectives of the personal data processing.
6. f) the appropriate security of the personal data is ensured by suitable technical and organizational measures against unauthorized or unlawful processing, accidental loss, destruction, or damage.

Your personal information 

1. a) is processed - that is: collected, recorded, organized, stored, and used - based on your prior informed and voluntary consent, only to the extent necessary, and always with a certain purpose.
2. b) in some cases, the processing of your data is mandatory and based on regulatory requirements, in such cases, your attention will be called to this fact.
3. c) in some cases, the processing of your personal data is in the legitimate interest of our Company or a third person, such case may be the operation, development, or the safety of our website.

Data processed by our Company:

Our website is primarily for informational purposes, but we ask you to provide personal information when you contact us in writing through our site (name and email address). It is also possible to subscribe to the newsletter on the site, for which we ask you to provide an e-mail address.

If you have any questions regarding your data management, you can request further information at the e-mail address hello@reacty.digital or at our postal address, our answer will be sent to you without delay, but within 25 days at the latest.

Legal basis of the data processing:

Purpose of data processing:

Time of data management:

Whose data we handle, stakeholders:

To provide high-quality service to our customers, our company uses the following data processors:

In case the scope of the data processors is modified, the appropriate modifications shall also be made in this prospectus.

Other data management issues

Data transfer

We are only entitled to transfer your data within the framework specified by legislation; in case your data is processed by our data processors, contractual terms are specified to ensure that your personal data may not be used for purposes other than the ones you consented to. The persons or employees participating in the data processing of our Company are entitled to see your personal data to the extent determined in advance, and they are bound by confidentiality obligations.

Our company may only transfer data abroad based on the respective provisions of the GDPR (Chapter V) and Act CXII.

The Court of Justice, the public prosecutor’s office, or other authorities (e.g. police, tax authority, National Authority for Data Protection and Freedom of Information) may request information, data, or documents from our Company. In such cases we are required to comply with our data reporting obligation, but only to the extent necessary for fulfilling the purpose of the request.

Data security

The persons or employees participating in the data processing of our Company are entitled to see your personal data to the extent determined in advance, and they are bound by confidentiality obligations.

Your personal data is protected by appropriate technical and other measures, and we also provide the security and availability of the data; furthermore, it is protected from unauthorized access, modification, damage, disclosure, or any other unauthorized use.

Within the framework of organizational measures, we check physical access, our employees are continuously trained, and appropriate protection is ensured for paper-based documents. Within technical measures, encryption, password protection and anti-virus software are used. However, please note that data transfer via the Internet cannot be considered a form of fully secure data transfer. Our Company will make every effort to ensure that the process is as secure as possible, but we cannot take full responsibility for data transfer via our website; however, regarding the data received by our Company, we comply with strict regulations in order to provide the safety of your data, and to prevent any illegal access.

What are your rights and available legal remedies?

Right to receive information and access:

Through the contact information of our company, you can request information in writing from Reacty Digital that:

• what personal information,
• on what legal basis,
• for what purpose,
• from what source,
• for how long we process,
• do we still process your personal data,
• to whom, when, for what reason and to which personal data we have granted access or to whom we have transferred your personal data.

In addition, you may request a copy of your personal information stored with our Company.

Reacty Digital will, upon your request for written information, provide the requested information within a maximum of 30 days in a response letter sent to the contact details provided in the request. We will also send you our reply letter electronically to your request sent electronically. If you would like to receive our response in a different way, please indicate this in your request.

Providing such information may only be refused in cases specified by legislation, indicating the relevant legal regulation, and providing information on judicial remedy or the possibility of seeking advice from the authorities.

Right to rectification

Through the contact details of our company, you can request in writing that we modify or clarify any of your personal information.

Reacty Digital will, upon your written request, modify the requested information within a maximum of 30 days and confirm the modification in a response letter sent to the contact details provided in the request. We will also send you our reply letter electronically to your request sent electronically. If you would like to receive our response in a different way, please indicate this in your request.

Right to data erasure

Through the contact details of our company, you can request in writing that we erase your personal information.

If our Company is required by law to further store your personal data, your request for cancellation will be rejected. If we do not have such a legal obligation, we will delete your data without delay, but within a maximum of 30 days, and will notify you in the reply letter sent to the contact details provided in the request. We will also send you our reply letter electronically to your request sent electronically. If you would like to receive our response in a different way, please indicate this in your request.

Right to restriction of processing

You can request the restriction of processing of your personal data in writing through the contact details of our company. The restriction of processing means that our Company may only store your personal data, we may perform other data processing activities only with the consent of the person requesting the restriction due to a legal claim or in the public interest.

You can request the restriction of data processing if:

• You think your personal data is inaccurate,
• You believe your data has been compromised by Reacty Digital, but you do not want your data deleted,
• You require the data processing to enforce or protect your legal claim, but Reacty Digital no longer needs that data.

Reacty Digital will, upon your written request, comply with your request for data restriction without delay, but within a maximum of 30 days, and will notify you in a response letter sent to the contact details provided in the request. We will also send you our reply letter electronically to your request sent electronically. If you would like to receive our response in a different way, please indicate this in your request.

Right to withdraw consent

Through the contact details of our company, you can withdraw your consent to data management in writing at any time during the data processing period. In the event of withdrawal of consent, Reacty Digital's processing of data prior to withdrawal will remain lawful.

Reacty Digital will, upon your written request, comply with your request for revocation of data processing without delay, but within a maximum of 30 days, and will notify you of this in a response letter sent to the contact details provided in the request. We will also send you our reply letter electronically to your request sent electronically. If you would like to receive our response in a different way, please indicate this in your request.

Common rules for rectification, erasure, restriction, and revocation

Our company will notify you of the rectification, restriction and deletion of personal data, as well as all those to whom we have previously transferred your data for data processing purposes, unless failure to do so does not harm your legitimate interests.

If we do not comply with your request for rectification, restriction, or cancellation, we will inform you in writing or, with your consent, by electronic means, as soon as possible (but within a maximum of 25 days) after receipt of the request.   In the letter we will justify our decision and inform you about the options of legal remedy and the authorities you can turn to.

If you object to the processing of your personal data, we will investigate the objection as soon as possible (but not later than 25 days) from the submission of the request and will inform you in writing of our decision. If we have determined that your objection is well-founded, we will terminate the processing of data, including further data collection and transfer, and will notify all persons to whom we have previously transmitted the personal data concerned about the objection and the action taken on it, and who are obliged to take action to enforce the right to protest.

We will refuse to comply with your request if we prove that the processing is justified by overriding legitimate reasons which take precedence over your interests, rights and freedoms or which relate to the submission, enforcement or defence of legal claims. If you do not agree with our decision, or if we miss the deadline, you can go to court within 30 days of notification of the decision or the last day of the deadline.

Legal remedy

If, in your opinion, the data management of our Company has not complied with the legal requirements, you may apply to a court.

In addition, by filing a complaint with the National Authority for Data Protection and Freedom of Information (NAIH), you may initiate an investigation alleging that your rights to the processing of your personal data have been infringed or are in imminent danger.

Contact details of the National Authority for Data Protection and Freedom of Information:

National Authority for Data Protection and Freedom of Information

Registered address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Postal address: 1530 Budapest, Pf.: 5.

Phone: +36 (1) 391-1400

Fax: +36 (1) 391-1410

E-mail: ugyfelszolgalat@naih.hu

Website: https://naih.hu/

Please contact our Company before lodging your complaint at the supervisory authority or the court of justice in order to consult and resolve the problem as quickly as possible.

At the data subject’s own discretion, the data protection proceedings may be initiated at the tribunal court at the address or temporary place of residence of the data subject. A foreign national may also turn to the competent supervisory authority of his/her place of residence.

What are the major laws governing our operations?

• Regulation 2016/679 of the European Parliament and of the Council on the processing of personal data of natural persons (GDPR)
• Act CXII of 2011 on informational self-determination and the freedom of information (Info tv.)
• Act V of 2013 on the Civil Code
• Act CVIII of 2001 on certain issues concerning electronic commerce and information society services – (Eker tv.)
• Act C of 2003 on Electronic Communications - (Ehtv)
• Act CLV of 1997 on Consumer Protection (Fogyv. tv.)
• Act CLXV of 2013 on Complaints and Notices of Public Interest. (Pktv.)
• Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activity (Grtv.)

Amending the Data Processing Policy

Our company reserves the right to amend this Privacy Policy, of which we will inform the data subjects accordingly. Information on data management is published on the website http://reacty.digital/.