DATA MANAGEMENT INFORMATION
PURPOSE AND SCOPE OF THE DATA MANAGEMENT INFORMATION
1.1 The purpose of this Data Management Information is to record the data protection and management principles applied by DARKECHO INTELLIGENCE LIMITED LIABILITY COMPANY (registered office: 2461, Tárnok Halász József street 44/2.; company registration number: 13-09-235071; representative: Bálint Hada, sole managing director; hereinafter: "COMPANY" or "DATA CONTROLLER") and the data protection and management policy of the Company, which the Company, as the data controller, acknowledges as binding on itself.
1.2 This Data Management Information contains the principles for handling personal data provided voluntarily by Users on the Website for the purpose of using the services provided by the Company.
1.3 In establishing the provisions of this Data Management Information, the Company took particular account of the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (hereinafter: "GENERAL DATA PROTECTION REGULATION" or "GDPR"), Act CXII of 2011 on the right to informational self-determination and freedom of information (hereinafter: "INFO ACT"), Act V of 2013 on the Civil Code (hereinafter: "CIVIL CODE"), and Act XLVIII of 2008 on the basic requirements and certain restrictions of commercial advertising activities (hereinafter: "ADVERTISING ACT").
1.4 Unless otherwise informed, the scope of this Data Management Information does not extend to services and data processing related to promotions, prize draws, services, other campaigns, and contents published by third parties advertising on or appearing in other ways on the Website referenced in this Data Management Information.
1.5 Unless otherwise informed, the scope of this Data Management Information does not extend to the services and data processing of websites and service providers to which links are provided on the Website. For such services, the data protection information of the service provider operating the service is applicable, and the Data Controller does not assume any responsibility for such data processing.
DEFINITIONS
2.1 "Data Processing": any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
2.2 "Data Controller": the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
2.3 "Personal Data": any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
2.4 "Data Breach": a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
2.5 "Data Processor": a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the data controller. In the context of the services referenced in this Data Management Information, Data Processors may include:
Google Inc.: 1600 Amphitheatre Parkway, Mountain View, California 94043, USA
Squarespace: Le Pole House, Ship Street Great, Dublin 8, Ireland
2.6 "Website": the www.darkechointelligence.com website operated by the Data Controller, including its press products.
2.7 "Service(s)": the services operated and provided by the Data Controller, which are accessible through the Website.
2.8 "User": the natural person who registers for the Services and provides the data listed below.
2.9 "Data Management Information": this Data Management Information of the Data Controller.
SCOPE OF PERSONAL DATA PROCESSED
3.1 If the User visits the surface of the Website, the system of the Data Controller automatically records the IP address of the User.
3.2 Based on the User's decision, the Data Controller may process the following data in connection with the use of certain Services available through the Website:
3.2.1 Registration:
email address;
purchased service.
3.2.2 Content Editing: The Data Controller, during its content editing activities, handles the data of all natural persons who have contributed to the creation of the content, either as sources or in such a way that they are referenced in the edited content. In this case, the personal data most frequently processed by the Data Controller may include the name, position, workplace, age, residence data, and other data of the data subject that indicate how the data subject is related to the topic of the edited content.
3.3 Regardless of the above, it may happen that a service provider technically related to the operation of the Services, without the Data Controller's information, carries out data processing activities on the Website. Such activity does not qualify as Data Processing carried out by the Data Controller. The Data Controller will make every reasonable effort to prevent and filter such data processing activities.
ADDITIONAL DATA PROCESSED BY THE DATA CONTROLLER
4.1 For the purpose of providing personalized service, the Data Controller may place a small data package (so-called "cookie") on the User's computer. The purpose of the cookie is to ensure the high-level operation of the given site, provide personalized services, and increase the user experience. The User can delete the cookie from their own computer or set their browser to disable the use of cookies. By disabling the use of cookies, the User acknowledges that the operation of the given site without cookies is not fully functional.
4.2 In providing personalized services, the Data Controller processes the following Personal Data using cookies: demographic data (based on the aforementioned data) and interest information, habits, preferences (based on browsing history).
4.3 Technically recorded data during the operation of the systems: the data of the User's login computer generated during the use of the Service, which the system of the Data Controller records as a result of automatic technical processes. The automatically recorded data are logged by the system without the User's specific declaration or action at the time of login and logout.
PURPOSE AND LEGAL BASIS OF DATA PROCESSING
5.1 The purposes of data processing carried out by the Data Controller:
5.1.1 Registration:
o maintaining contact with the User;
o fulfilling services;
o creating statistics and analyses;
o protecting the rights of Users;
o enforcing the legitimate interests of the Data Controller.
5.1.2 Online purchase:
o maintaining contact with the User;
o fulfilling services;
o creating statistics and analyses;
o protecting the rights of Users;
o enforcing the legitimate interests of the Data Controller.
5.1.3 Contact:
o maintaining contact with the User;
o fulfilling services;
o handling individual User inquiries;
o creating statistics and analyses;
o protecting the rights of Users;
o enforcing the legitimate interests of the Data Controller.
5.1.4 Complaint handling:
o maintaining contact with the User;
o fulfilling services;
o handling individual User inquiries;
o creating statistics and analyses;
o protecting the rights of Users;
o enforcing the legitimate interests of the Data Controller.
5.1.5 Content editing:
o providing online content services;
o fulfilling services;
o protecting the rights of Users;
o enforcing the legitimate interests of the Data Controller.
5.2 The Data Controller will not use the provided Personal Data for purposes other than those specified in sections 5.1.x.
5.2.1 Data Processing is based on the voluntary, informed declaration of the Users, which contains their explicit consent to the use of their Personal Data provided or generated about them during the use of the Website. In the case of consent-based data processing, the User is entitled to withdraw their consent at any time, which does not affect the lawfulness of the data processing carried out prior to the withdrawal.
5.2.2 The Data Controller records the User's IP address upon entering the Website in connection with providing the Service, based on the Data Controller's legitimate interest and for the lawful provision of the Service (e.g., filtering illegal use and content), without the User's specific consent.
5.2.3 In addition to the User's voluntary consent, the legal basis for data processing in the context of content provision may be the fundamental rights to information and freedom of expression within the framework defined by law.
5.2.4 The User guarantees that they have lawfully obtained the consent of the relevant natural person in accordance with the applicable laws before providing or making available any personal data of other natural persons during the use of the Services (e.g., gift-giving).
5.2.5 The User is solely responsible for the content they provide. When providing an email address and other data during registration, the User also assumes responsibility for ensuring that only they use the Service with the provided email address and data. Consequently, all liability for access and use of the Service with the provided email address and/or data rests solely with the User who registered and provided the data.
PRINCIPLES AND METHODS OF DATA PROCESSING
6.1 The Data Controller handles Personal Data in good faith and fairness and transparency and in accordance with applicable laws and this Data Management Information.
6.2 Personal Data essential for the use of the Services is handled by the Data Controller based on the User's consent and exclusively for the intended purpose.
6.3 The Data Controller processes Personal Data only for the purposes specified in this Data Management Information and the applicable laws. The scope of the processed Personal Data is proportionate to the purpose of the data processing and does not extend beyond it. In all cases, if the Data Controller intends to use Personal Data for a purpose different from the original purpose of data collection, the User will be informed in advance, and their explicit consent will be obtained, or they will be provided the opportunity to prohibit the use.
6.4 The Data Controller does not verify the Personal Data provided. The accuracy of the provided Personal Data is solely the responsibility of the person providing it. The Data Controller will make all reasonable efforts to delete or correct inaccurate personal data promptly, given the purpose of data processing.
6.5 Personal data of individuals under 16 years of age can only be processed with the consent of a person exercising parental control over the minor. The Data Controller cannot verify the legitimacy or content of the consent of the consenting person; therefore, the User and the person exercising parental control guarantee that the consent complies with the applicable laws. If the User intends to provide personal data of a person under 16 years of age as third-party personal data (e.g., gift-giving), the User guarantees that they have obtained the necessary consent in compliance with the laws. Without such consent, the Data Controller will not collect personal data of individuals under 16 years of age, except for the IP address used during the use of the Service, which is automatically recorded due to the nature of internet services.
6.6 The Data Controller does not transfer Personal Data to third parties other than the Data Processors specified in this Data Management Information.
6.7 An exception to the above provision is the statistical use of data in an aggregated form, which does not contain any data that could identify the User and thus does not constitute Data Processing or data transfer.
6.8 The Data Controller notifies the User and all parties to whom Personal Data has been previously transferred for data processing purposes of the correction, restriction, or deletion of the Personal Data. The notification may be omitted if it does not violate the legitimate interest of the User, considering the purpose of data processing.
6.9 The Data Controller ensures the security of Personal Data, takes technical and organizational measures, and establishes procedural rules to protect the recorded, stored, and processed data and prevent accidental loss, unlawful destruction, unauthorized access, unauthorized use, unauthorized alteration, and unauthorized dissemination. The Data Controller calls on all third parties to whom Personal Data is transferred to fulfill this obligation.
6.10 In view of the relevant provisions of the GDPR, the Data Controller is not obliged to appoint a data protection officer.
DURATION OF DATA PROCESSING
7.1 The automatically recorded IP addresses are stored by the Data Controller for a maximum of 30 days following their recording.
7.2 For emails and postal letters sent solely for contact or complaint handling purposes, the contacted Data Controller deletes the email address or any address possibly indicated in the letter 90 days after the case referenced in the request is closed, unless the Data Controller's legitimate interest justifies the further processing of the Personal Data for the duration of such legitimate interest.
7.3 The processing of Personal Data provided by the User remains as long as the User does not delete the account created during registration, unsubscribe from the Service, otherwise request the deletion of Personal Data, withdraw the given consent, or the Data Controller terminates the Service provision. In this case, the Personal Data will be irretrievably deleted from the Data Controller's systems.
7.4 The User's request to terminate Data Processing without deleting the registered account or unsubscribing from the Service does not affect the User's right to use the Service, but it may result in some Services not being available without Personal Data.
7.5 In the case of illegal, misleading use of Personal Data or a crime or attack against the system committed by the User, the Data Controller is entitled to immediately delete the User's Personal Data. At the same time – in the case of suspected crime or civil liability – the Data Controller is entitled to keep the Personal Data for the duration of the procedure to be conducted.
7.6 If a court or authority orders the deletion of Personal Data, the Data Controller will execute the deletion.
USER RIGHTS AND THEIR ENFORCEMENT
8.1 The User may request the Data Controller to inform them whether their Personal Data is being processed and, if so, provide access to the Personal Data, particularly concerning the following:
the purposes of Data Processing;
the categories of Personal Data concerned;
the recipients or categories of recipients to whom the Personal Data have been or will be disclosed, including recipients in third countries or international organizations;
where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period;
the right of the User to request rectification or erasure of Personal Data or restriction of processing of Personal Data concerning the User or to object to such processing;
the right to lodge a complaint with a supervisory authority;
if the Personal Data is not collected from the User, any available information about their source;
the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the User.
8.2 The User can request information about their Personal Data processing at any time in writing, by sending a registered or return receipt requested letter to the Data Controller's address or by sending an email to info@darkechointelligence.com. I acknowledge that I have read and understood the contents of the data management information.
8.3 The Data Controller considers a request for information sent by mail to be authentic if the User can be clearly identified based on the request received. The Data Controller considers a request for information sent by email to be authentic only if it is sent from the User's registered email address.
8.4 The User may request the rectification or modification of their Personal Data processed by the Data Controller.
8.5 Considering the purpose of Data Processing, the User may request the completion of incomplete Personal Data.
8.6 Personal Data provided by the User related to the given Service can be modified by sending an email to the Data Controller's email address above or by clicking on the link at the end of each Newsletter or by editing the account settings in the User's registered account. Once the request to modify Personal Data is fulfilled, the previous (deleted) data cannot be restored.
8.7 The User may request the deletion of their Personal Data processed by the Data Controller. The deletion may be refused:
for exercising the right of freedom of expression and information, or
if the processing of Personal Data is authorized by law; and
to establish, exercise, or defend legal claims to the extent necessary. 8.8 The Data Controller informs the User about the refusal of the deletion request in all cases, indicating the reason for the refusal. Once the request to delete Personal Data is fulfilled, the previous (deleted) data cannot be restored. 8.9 Newsletters sent by the Data Controller can be unsubscribed from through the link in the newsletter. In case of unsubscription, the Data Controller deletes the User's Personal Data from the newsletter database. 8.10 The User may request the restriction of processing their Personal Data if:
the User contests the accuracy of the Personal Data, for a period enabling the Data Controller to verify the accuracy of the Personal Data;
the processing is unlawful, and the User opposes the erasure of the Personal Data and requests the restriction of their use instead;
the Data Controller no longer needs the Personal Data for processing, but the User requires them for the establishment, exercise, or defense of legal claims; or
the User has objected to processing, pending the verification whether the Data Controller's legitimate grounds override those of the User. 8.11 The User may request, if applicable, that the Data Controller provide them with their Personal Data that they have provided to the Data Controller and that the Data Controller processes in an automated manner, in a structured, commonly used, machine-readable format, and/or transmit those data to another Data Controller. 8.12 The User may object to the processing of their Personal Data:
if the processing of Personal Data is necessary solely for the performance of a legal obligation of the Data Controller or for the legitimate interests of the Data Controller or a third party;
if the processing is for direct marketing purposes, opinion polling, or scientific research; or
if the processing is carried out in the public interest. The Data Controller examines the legality of the User's objection, and if the objection is justified, the Data Controller terminates the Data Processing and locks the processed Personal Data, and notifies all those to whom the objected Personal Data was previously transferred of the objection and the measures taken based on it. 8.13 If a Data Breach is likely to result in a high risk to the rights and freedoms of Users, the Data Controller will inform the User of the Data Breach without undue delay. The User does not need to be informed if any of the following conditions are met:
the Data Controller has implemented appropriate technical and organizational protection measures, and those measures were applied to the Personal Data affected by the Data Breach, particularly those measures – such as encryption – that render the Personal Data unintelligible to unauthorized persons;
the Data Controller has taken subsequent measures that ensure that the high risk to the rights and freedoms of the User is no longer likely to materialize; or
it would require disproportionate effort. In such cases, the Data Controller will inform Users through publicly available information or take a similar measure ensuring effective communication to Users.
DATA PROCESSING
9.1 The Data Controller uses the Data Processors named above in this Data Management Information to perform its activities.
9.2 Data Processors do not make independent decisions; they are authorized to act solely based on the contract with the Data Controller and the received instructions.
9.3 The Data Controller monitors the work of Data Processors.
9.4 Data Processors are only entitled to engage another Data Processor with the consent of the Data Controller.
9.5 By accepting this Data Management Information, the User explicitly consents to the transfer of their Personal Data to Data Processors by the Data Controller.
DATA TRANSFER POSSIBILITY
10.1 Data Transfer to the Data Processors specified in this Data Management Information may be carried out without the separate, individual consent of the User, as the User gives explicit and unambiguous consent to such data transfer by accepting this Data Management Information. Personal Data may only be released to third parties or authorities based on a statutory provision or with the User's prior, explicit consent.
10.2 The Data Controller is entitled and obliged to transfer any Personal Data available to it and properly stored by it to the competent authorities, which it is obliged to transfer by law or a binding official order. Such data transfer and the consequences thereof cannot hold the Data Controller responsible.
10.3 The Data Controller maintains a record of data transfers to check the lawfulness of data transfers and to ensure the User's information.
MODIFICATION OF THE DATA MANAGEMENT INFORMATION
11.1 The Data Controller reserves the right to unilaterally modify this Data Management Information at any time.
11.2 Relevant laws and practices change from time to time. If the Data Controller decides to update this Data Management Information, the changes will be published on the Website. If there is a significant change in how the Data Controller handles the User's Personal Data, the Data Controller will notify the User in advance, and if required by law, will obtain the User's consent before implementing such changes. The Data Controller strongly recommends that the User reads this Data Management Information and stays informed about the practices of the Data Controller. This Data Management Information was last modified on 2024.07.15.
ENFORCEMENT OF RIGHTS
12.1 For any questions or comments related to data processing, the Data Controller's employees can be contacted at info@darkechointelligence.com.
12.2 The User can directly contact the National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; phone: +36-1-391-1400; email: ugyfelszolgalat@naih.hu; website: www.naih.hu) with any complaints related to data processing.
12.3 In case of a violation of the User's rights, the User may turn to the court. The case falls within the jurisdiction of the regional court. The case may be initiated before the court of the User's residence or place of stay. The Data Controller will inform the User about the possibility and means of legal remedy upon request.
Budapest, 2024.07.15