Privacy policy

CYDRILL Software Security Ltd (hereinafter referred to as we, us, our or Data controller) as the owner of http://cydrill.com/ website (hereinafter referred to as the Website) hereby informs you (hereafter referred to as you) as the user of the Website and our services that Data controller shall process your personal data in accordance with the provisions of this Privacy Policy (hereinafter referred to as Privacy Policy).

1. Name and contact details of the Data controller

Name
CYDRILL Software Security Ltd.

Registered seat
Lágymányosi street 11, H-1111 Budapest, Hungary

Company registration number
01-09-336917

Court of registration
Company Registry Court of Budapest-Capital Regional Court

Tax number of the Data controller
26645113-2-43

Phone number of the Data controller
+36 1 279 6246

E-mail address of the Data controller
info@cydrill.com

Mailing address of the Data controller
Lágymányosi utca 11, Budapest H-1111 Hungary

2. Definitions

Data processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Personal data means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Your company means your employer or other company which concluded an agreement on your training course, learning process, assessment, or certification with us.

3. Procedure of Data Processing

We may process your personal data in different ways depending on what kind of services you order and use.

a) Visiting our website

In the event you visit our Website without contacting us, you may not provide us with any personal data of yours; however you will not be able to access all the content of the Website if you do not accept “cookies” as follows:

Cookie technology

We inform you that the operational and maintenance tasks relating to the Website is carried out by CYDRILL Software Security Ltd. (registered seat: Lágymányosi utca 11, Budapest H-1111 Hungary, company registration number: 01-09-336917, tax number: HU26645113).

If you visit our Website, we record data which are generated during your visit, in particular data relating to your use of our Website and your browsing habits (e. g. time of your visit, visited pages, used browser applications). Such data may reach the Data controller by means of cookie technologies, which works as follows:

If you allow cookies by ticking the box next to the declaration “Allow cookies”, small text files (hereinafter referred to as cookies) are sent to and placed on your electronic device, and as a result, your browser becomes individually identifiable.

We inform you that we use Google Analytics (hereinafter referred to as Google Analytics), which is a web analysis service provided by Google Inc. (hereinafter referred to as Google). By means of Google Analytics, the Website collects information and makes analysis on how you have access to and use our Website. Based on the information obtained by the analysis, various reports are made, and the Website may be developed. Data are collected unanimously so that such data cannot be linked to you and other users of our Website.

Google Analytics cookies result from visiting the interfaces which have Google Analytics tracking code and such cookies are stored on your device for 2 (two) years from your visit. Further information on Google Analytics cookies are available at https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage.

We inform you that we use Leadfeeder which is website visitor tracking software using Google Analytics to identify companies visiting our Website. For more information on Leadfeeder, please visit https://www.leadfeeder.com/.

You may delete cookies from your electronic device and disable their use in your browser. Generally, cookies may be managed in Tools / Settings / Privacy Settings in browsers. We draw your attention that if you do not allow cookies or you disable their use, the functionality of our Website and in particular, the services available on the Website may be limited.

b) “Contact us” and “Inquiry”

If you are interested in our courses, you may send us a message at “Contact us” or “Inquiry”. In this case we will process your personal data as follows:

  • Scope of personal data processed
    • your name,
    • your e-mail address,
    • your phone number,
    • the name of your company,
    • your country,
    • further data you may provide in your free text message.
  • Legal basis of data processing: your specific consent [Article 6 (1) a) of GDPR] which you give by ticking the box next to the following statement:

I hereby give CYDRILL my consent to process my personal data in order to reply to my message in accordance with the provisions of the Privacy Policy.

    • Purposes of data processing: contact you in order to provide you with more information on our training courses, learning processes, assessments, certifications, and other services.
  • Means of data processing: electronic means.
  • Term of data processing: until revocation of your consent, but at the latest for 60 (sixty) days following your last message, unless you ordered one of our services.
c) Attending one of our training courses, learning processes, taking part in assessment processes and earning certifications

If you attend one of our training courses, learning processes, take part in assessment processes and earn certifications, you or your company (in case your company concluded an agreement with us on your training course, learning process, assessment process or certification) may provide us with personal data of yours which are necessary for the attendance at the training course, learning process, assessment process or certification. In this case we will process your personal data as follows:

In order to attend one of our training courses, you will have access to the training materials at an online platform. In order to reach this online platform, you shall have an account which consists of your e-mail address and a password. We create your account and send you an e-mail in which you will find a one-time password which is necessary to log in to your account. After login you must change your password. Your password must be at least 8 (eight) characters in length and must contain uppercases, lowercases and digits. Please keep your password safe.

The details of data processing may be different depending whether the training course, learning process, assessment process or certification is purchased by you or your company.

I. In case the training course, learning process, assessment process or certification is purchased by your company

1./ Scope of personal data processed

  • (a) your name,
  • (b) your e-mail address,
  • (c) your password,
  • (d) your feedback,
  • (e) your achievements,
  • (f) your test results and performance scores, and
  • (g) the name of your company.

2./ Legal basis for data processing: The legitimate interest pursued by your company and the Data controller [Article 6 (1) f) of GDPR]

3./ Purposes of data processing (categorized by personal data)

We process

  • (a) your name,
  • (b) your e-mail address, and
  • (g) the name of your company

for identification of you and other participants.

We process

  • (a) your name,
  • (b) your e-mail address,
  • (c) your password,
  • (d) your feedback, and
  • (e) your achievements

for performing the training course, learning process, assessment process, certification, and other services, including recording the attendance and achievements during the training and performing electronic lab exercises and drills, and getting feedback in particular:

  • creating your account;
  • providing you with learning materials;
  • recording attendance;
  • recording achievements during the training and lab-exercises;
  • collecting your feedback about the training for quality assurance;
  • organizing tests and assessments before, during and following the training course, learning process, assessment process or certification.

We process

  • (a) your name,
  • (b) your e-mail address, and
  • (f) your test results and performance scores

for recording and communicating test results, qualifications, certifications and other achievements in order to provide information on such results if it is requested.

According to [Article 6 (1) a) of GDPR], upon your consent, your company will receive your feedback, achievements and test results and performance scores, and act as a Data processor related to (e), (f) and (g).

4./ Means of data processing: electronic means or on paper.

5./ Term of data processing (categorized by personal data)

We process

  • (b) your e-mail address,
  • (d) your feedback,
  • (e) your achievements, and
  • (f) your test results and performance scores

for 5 (five) years following the end of the training course, learning process, assessment process, certification (If you attend more courses, this deadline shall be determined from the end of the last training you attended);

  • (c) your password

for 30 (thirty) days following the termination of your user account. Your user account may be terminated by you anytime or it will be terminated within 30 (thirty) days following the end of your training course (If you decide to attend another training course within this deadline, you will use the same account as earlier; however if you decide to attend another training course after the termination of your account, we will create another account for you);

We process

  • (a) your name, and
  • (g) the name of your company

for the period set out in Act C of 2000 on accounting for the obligation to keep accounting documents, i.e. for 8 (eight years) from the preparation of the annual report for the business year in which the personal data were provided.

II. In case the course, learning process, assessment process or certification is purchased or initiated by you

1./ Scope of personal data processed

  • (a) your name,
  • (b) your e-mail address,
  • (c) your password,
  • (d) your feedback,
  • (e) your achievements,
  • (f) your test results and performance scores,
  • (g) your home address, and
  • (h) your credit card information, in particular:
    • credit card number;
    • name of the credit card owner;
    • expiration date of the credit card;
    • CVC.

2./ Legal basis for data processing: Data processing is necessary for the performance of a contract (agreement on your training course) to which you are a party [Article 6 (1) b) of GDPR]

3./ Purposes of data processing (categorized by personal data)

We process

  • (a) your name, and
  • (b) your e-mail address

for identification of you and other participants.

We process

  • (a) your name,
  • (b) your e-mail address,
  • (c) your password,
  • (d) your feedback, and
  • (e) your achievements

for performing the training course, learning process, assessment process or certification, and other services including recording the attendance and achievements during the training, and getting feedback in particular:

  • creating your account;
  • providing you with learning materials;
  • recording attendance;
  • recording achievements during the training;
  • collecting your feedback about the training for quality assurance;
  • organizing tests and assessments before, during and following the training course, learning process, assessment process or certification.

We process

  • (a) your name,
  • (b) your e-mail address, and
  • (f) your test results and performance scores

for recording and communicating test results, qualifications, certifications and other achievements in order to provide information on such results if it is requested.

We process

  • (a) your name,
  • (g) your home address, and
  • (h) credit card information

in order to issue the invoice and receive your payment.

4./ Means of data processing: electronic means or on paper.

5./ Term of data processing (categorized by personal data)

We process

  • (b) your e-mail address,
  • (d) your feedback,
  • (e) your achievements, and
  • (f) your test results and performance scores

for 5 (five) years following the end of the training course, learning process, assessment process, certification. (If you attend more courses, this deadline shall be calculated from the end of the last training you attended)

We process

  • (c) your password

for 30 (thirty) days following the termination of your user account. Your user account may be terminated by you anytime or it will be terminated within 30 (thirty) days following the end of your training course. (If you decide to attend another training course within this deadline, you will use the same account as earlier; however, if you decide to attend another training course after the termination of your account, we will create another account for you)

We process

  • (a) your name,
  • (g) your home address, and
  • (h) your credit card information.

for the period set out in Act C of 2000 on accounting for the obligation to keep accounting documents, i.e. for 8 (eight years) from the preparation of the annual report for the business year in which the personal data were provided.

III. In case you take part in one of our self assessments

1./ Scope of personal data processed

  • (a) your name,
  • (b) your e-mail address,
  • (c) your feedback,
  • (d) your achievements,
  • (e) your test results and performance scores.

2./ Legal basis for data processing: Data processing is necessary for communicating the assessment results privately.

The information you will share with us if you participate in any of the assessments will be kept completely confidential to the full extent of the law.

The assessment evaluator will be able to see the assessment you participated in. Your information will be assigned a code that is unique to every assessment. A link containing this code will be shared with you by e-mail so that only you can access your results, without having an account in our system. This code should be therefore kept in secret.

3./ Purposes of data processing (categorized by personal data)

We process

  • (a) your name, and
  • (b) your e-mail address

for sharing the results and other relevant materials with you.

We process

  • (a) your name,
  • (b) your e-mail address,

for performing the assessment and sharing results and learning options in particular:

  • providing you with learning materials;
  • providing you with assessment results, clarifications and feedbacks.

We process

  • (a) your name,
  • (b) your e-mail address, and
  • (f) your assessment results and scores

for communicating assessment results in order to provide information on such results if it is requested.

4./ Means of data processing: electronic means.

5./ Term of data processing (categorized by personal data)

We process

  • (a) your name,
  • (b) your e-mail address,
  • (d) your assessment results and scores

for 5 (five) years following the end of the assessment.

4. Our declarations regarding Data Processing

We explicitly declare that we are going to process your personal data in accordance with the EU and Hungarian legislation in force, in particular, REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: GDPR) and Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: DP Act).

We explicitly declare that we will not disclose, transmit, disseminate, or make available your personal data to third parties, with the exception of the Data processors.

We explicitly declare that we will not use your personal data for purposes other than specified in Section 3 of this Privacy Policy.

We explicitly declare that we will delete all your personal data at the end of the terms specified in Section 3.

We explicitly declare that the data processors involved in our data processing (hereinafter referred to as Data processor) meet the requirements specified as Section 5.

5. Data processor

We involve Microsoft, Google, Amazon and Hidden Design Kft. (registered seat: Gát utca 21, Budapest, H-1095 Hungary, EU), operating our Website, as data processor in the data storage and processing.

We involve Mailchimp (Mailchimp c/o The Rocket Science Group, LLC 675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308) as data processor in the data storage and processing and e-mail management. We use MailChimp to create, send, and manage e-mails. MailChimp may collect your personal information, including your e-mail address and other information for the distribution of e-mail campaigns and other important information. You consent to your personal information being collected, used, disclosed and stored as set out in MailChimp’s Privacy policy and agree to abide by MailChimp’s Terms of Use.

You can opt out of our newsletters and e-mails if you choose the ‘unsubscribe’ option provided in every e-mail or contact us.

We may involve data processors in the data processing if it is necessary for the achievement of the purposes set out in Section 3. This includes but is not limited to trainers carrying out the specific training.

We ensure that Data processors provide sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of the regulations and ensure the protection of the rights of yours.

We ensure that the agreement concerning the data processing activities carried out by the Data processor is concluded in writing.

We ensure that the Data processor:

  • processes the personal data only on documented instructions from us as Data controller;
  • ensures that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
  • takes appropriate technical and organizational measures regulated by the legislation, in order to ensure the security of data processing;
  • at our choice, deletes or returns all the personal data to us after the end of the provision of services relating to processing, and deletes existing copies unless European Union or Hungarian law or any other applicable Member State law requires storage of the personal data.

Data processor may not make any substantive decision concerning the data processing, Data processor may only process the personal data he/she acquired according to our requests, Data processor may not process personal data for his/her own account, and Data processor shall store and retain personal data according to our instructions. In case of any request concerning the acquaintance or transmission of the data, we are liable and entitled to make the decision on the merits.

Data processor may involve further processors only upon our written authorization.

6. Your Rights Concerning the Data Processing

We explicitly inform you that

  • you may request from us
    • information on your personal data;
    • access to your personal data;
    • the rectification of your personal data;
    • the erasure of your personal data;
    • the restriction of the processing of your personal data; and
  • you may exercise your right to data portability against us,
  • you are entitled at any time to revoke your declaration of consent to the data processing.

Based on the right to information, you are entitled to receive information from us in such detail as specified in this Privacy Policy.

Based on the right to access, you are entitled to get feedback from us on whether the processing of your personal data is in progress, and if so, you are entitled to get access to personal data and information concerning data processing (the categories of personal data concerned and further data and information concerning the data processing included in this Privacy Policy).

Based on the right to rectification of personal data, you are entitled to that, at your request, we rectify the inaccurate data concerning you without undue delay, and that we complete your incomplete personal data.

Based on the right to erasure of personal data, you are entitled to that, at your request, we delete the personal data concerning you without undue delay, should any of the following conditions exist:

  • the personal data are no longer needed for any purpose specified in Section 3;
  • you revoke your consent to the data processing and the data processing has no other legal basis;
  • you protest against the data processing and there is no high-priority right to process the data;
  • the personal data have been unlawfully processed;
  • the personal data have to be erased for compliance with an obligation in European Union or Hungarian law to which we are subject.

Based on the right to the restriction of the processing of personal data, you may request that personal data, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or an EU member state.

You shall have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit such data to another data controller without hindrance from us, considering that the data processing is based on your consent.

You are entitled to revoke the declaration of consent any time in cases specified in subsections a)-c) of Section 3 of this Privacy Policy.

7. Your Right to legal remedy

If you wish to enter complaints against the data processing, you may do it at the contact possibilities of us included in Section 1 of this Privacy Policy.

You may enter your complaint concerning the data processing directly to the National Authority for Data Protection and Freedom of Information (address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/c.; phone: +36-1-391-1400; e-mail address: ugyfelszolgalat@naih.hu; website: www.naih.hu) or another supervisory authority competent in your country.

In case of the infringement of your rights concerning the data processing, you may seize the court. The action shall be heard by the competent general court. If you request that, the action may be brought before the general court in whose jurisdiction your home address or your temporary residence is located.

8. Miscellaneous

This Privacy policy shall be interpreted and governed by Hungarian law.

You explicitly declare that you have read this Privacy Policy by ticking the box next to one of the declarations specified in Section 3 of this Privacy Policy.

This Privacy Policy is valid as of April 16, 2019.

CYDRILL Software Security Ltd