Privacy Policy

Kolt-Systems Kft. (hereinafter the “Service Provider”, “data controller” or “data processor”) undertakes to comply with all applicable data protection legislation when handling, processing and storing the personal data of its customers and users — in particular Regulation (EU) 2016/679 (the “GDPR”), the Hungarian Act CXII of 2011 on the right to informational self-determination and freedom of information (“Infotv.”) and Act CVIII of 2001 on electronic commerce and information society services.

1. Who we are

Kolt-Systems Kft. is a company registered in Hungary that provides the services of the Kvery.io system, which it owns and operates.

2. Key definitions

The following terms are used throughout this policy, consistent with the GDPR and the Infotv.:

• Data subject: any natural person who is identified or can be identified, directly or indirectly, on the basis of specific personal data.
• Personal data: any information relating to an identified or identifiable natural person, such as a name, identification number, location data or online identifier.
• Consent: a voluntary and explicit indication of the data subject’s wishes, based on appropriate information, giving unambiguous permission for the processing of their personal data.
• Data controller: the entity that determines the purposes and means of processing personal data.
• Data processor: a natural or legal person that processes data on behalf of, and under contract with, the controller.
• Data breach: unlawful processing of personal data — in particular unauthorised access, alteration, disclosure, transmission, erasure, destruction, or accidental loss or damage.

3. Purpose of processing & data security

The Service Provider processes and stores the personal information of users solely to provide the service, and only to the extent and for the duration strictly necessary. We only process personal data that is necessary for, and suitable to achieve, the purpose of processing.

The data controller will not disclose your personal data to third parties, except to the Customer and to the intermediaries and processors specifically named in this Privacy Policy. We design and implement our processing operations to protect the privacy of data subjects, and take the technical and organisational measures needed to safeguard data against unauthorised access, alteration, disclosure, deletion, destruction, accidental loss or damage. When processing data by automated means, we take additional measures to prevent unauthorised data entry and use, to ensure traceability of transfers, and to enable recovery in the event of a failure.

4. Legal basis for processing & consent

Personal data may be processed with the consent of the data subject, or where it is required by law. The communication of the user’s personal data to the Service Provider, and consent to its processing, is based on the data subject’s voluntary written consent given at registration. Personal data may also be processed where necessary to comply with a legal obligation to which the controller is subject, or for the legitimate interests pursued by the controller or a third party, provided those interests are proportionate to the restriction of the right to data protection.

5. Data we collect

Subject to Article 20(4) of the Infotv., before consent is given the controller informs the data subject of the following:

• Scope of data processed: password, first and last name, e-mail address, and IP address at the time of registration.
• Data subjects: all data subjects registered in the app or on the website.
• Purpose of data collection: to enable the full use of the website and the Kvery.io service.
• Duration of processing / deletion deadline: personal data is deleted immediately upon cancellation of registration, except for accounting documents.
• Accounting retention: pursuant to Act C of 2000 on Accounting, accounting documents must be retained in legible form for at least 8 years.

You may modify your password, first and last name and e-mail address at any time on the website. You may request the deletion or modification of your personal data by post to 1095 Budapest, Lechner Ödön fasor 2. B building, 7th floor 713., or by e-mail to [email protected].

6. Processors & sub-processors

Hosting provider

• Server4You — Host Europe GmbH
• Address: Hansestr. 111, 51149 Cologne, Germany
• VAT ID: DE187370678
• Website: https://www.server4you.net/legal-notice

Payment processor

The Service Provider processes online payments through Stripe (www.stripe.com) but does not store or handle any of your credit or debit card details. No card data is handled by the Service Provider.

Invoicing provider

Billing data (name, billing address, e-mail address, phone number, tax number) is received from the payment provider and transferred to the invoicing system provider for the purpose of issuing invoices. The Service Provider does not store billing data.

• KBOSS.hu Ltd.
• Registered office: 1031 Budapest, Záhony utca 7.
• Company registration number: 01-09-303201
• Tax number: 13421739-2-41
• Website: www.szamlazz.hu

7. Cookies & local storage

The website does not use cookies. For better functionality we use HTML5 Local Storage, which keeps data locally in your browser — this information is not sent to our servers. We measure website and mobile app traffic using Google Analytics; the data transmitted by this service cannot be used to identify you. You can read more about Google’s privacy practices at http://www.google.hu/policies/privacy/ads.

8. Data transfers

The purpose of Kvery.io’s data transfer activity is to transmit a user’s data to the Customer in order to inform them about the user’s subscription and to enable the Customer to provide their service. Billing data is transferred to the invoicing provider (KBOSS.hu Ltd.) solely to issue invoices for the subscription fee. We do not transfer personal data to the payment processor beyond what is required to complete a transaction.

9. Your rights as a data subject

You have the right to receive information about the processing of your personal data, and to request its rectification, erasure or blocking. Upon request, the controller will provide written information about your processed data, its source, purpose, legal basis and duration, within a maximum of 25 days.

• Provide accurate data: you are obliged to provide true data; inaccurate data may be corrected by the controller.
• Deletion: your personal data is deleted if its processing is unlawful, if you request it, if it is incomplete or incorrect and cannot lawfully be remedied, if the purpose has ceased or the statutory retention period has expired, or if ordered by a court or authority.
• Blocking: instead of erasure, the controller may block personal data if you so request or if deletion would harm your legitimate interests.

10. Objection & enforcement

You may object to the processing of your personal data where the processing or transfer is based on a legal obligation or on legitimate interests (except for mandatory processing), or where the data is used for direct marketing, opinion polling or scientific research. The controller will examine your objection within 15 days and inform you in writing of its decision. In the event of a breach of your rights, you may bring legal action against the controller; the court will hear the case out of turn, and you may bring it before the court of your place of residence.

11. Damages & compensation

If the controller causes damage through the unlawful processing of your data or by breaching data security requirements, it must compensate you for that damage, and you may claim damages. The controller is liable for damage caused by its processor. The controller is exempted from liability where it proves the damage was caused by an unavoidable cause outside the scope of processing, or by your own intentional or grossly negligent conduct.

12. Supervisory authority

If you have any questions about this Privacy Policy or how we handle your data, please contact us at [email protected].