Privacy policy

CYDRILL Software Security Ltd (hereinafter referred to as we, us, our or Data controller) as the owner of http://cydrill.com/ website (hereinafter referred to as the Website) hereby informs you (hereafter referred to as you) as the user of the Website and our services that Data controller shall process your personal data in accordance with the provisions of this Privacy Policy (hereinafter referred to as Privacy Policy).

1. Name and contact details of the Data controller

Name
CYDRILL Software Security Ltd.

Registered seat
Lágymányosi street 11, H-1111 Budapest, Hungary

Company registration number
01-09-336917

Court of registration
Company Registry Court of Budapest-Capital Regional Court

Tax number of the Data controller
26645113-2-43

Phone number of the Data controller
+36 1 279 6246

E-mail address of the Data controller
info@cydrill.com

Mailing address of the Data controller
Lágymányosi utca 11, Budapest H-1111 Hungary

2. Definitions

Data processingmeans any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data processormeans a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Personal datameans any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Your companymeans your employer or other company which concluded an agreement on your training course with us.

3. Procedure of Data Processing

We may process your personal data in different ways depending on what kind of services you order and use.

a) Visiting our website

In the event you visit our Website without contacting us, you may not provide us with any personal data of yours; however you will not be able to access all the content of the Website if you do not accept “cookies” as follows:

Cookie technology

We inform you that the operational and maintenance tasks relating to the Website is carried out byCYDRILL Software Security Ltd. (registered seat: Lágymányosi utca 11, Budapest H-1111 Hungary, company registration number: 01-09-336917, tax number: <b<HU26645113).
If you visit our Website, we record data which are generated during your visit, in particular data relating to your use of our Website and your browsing habits (e. g. time of your visit, visited pages, used browser programme). Such data may reach the Data controller by means of so-called “cookie technology” which works as follows:

If you allow cookies by ticking the box next to the declaration “Allow cookies”, small text files (hereinafter referred to ascookies) are sent to and placed on your electronic device, and as a result, your browser becomes individually identifiable.

We inform you that we use Google Analytics (hereinafter referred to asGoogle Analytics) which is a web analysis service provided by Google Inc. (hereinafter referred to as Google). By means of Google Analytics, the Website collects information and makes analysis on how you have access to and use our Website. Based on the information obtained by the analysis, various reports are made and the Website may be developed. Data are collected unanimously so that such data cannot be linked to you and other users of our Website.

Google Analytics cookies result from visiting the interfaces which have Google Analytics tracking code and such cookies are stored on your device for 2 (two) years from your visit. Further information on Google Analytics cookies are available at https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage.

We inform you that we use Leedfeeder which is website visitor tracking software using Google Analytics to identify companies visiting our Website. For more information on Leedfeeder, please visit https://www.leadfeeder.com/.

You may delete cookies from your electronic device and disable their use in your browser. Generally, cookies may be managed in Tools / Settings / Privacy Settings in browsers. We draw your attention that if you do not allow cookies or you disable their use, the functionality of our Website and in particular, the services available on the Website may be limited.

b) “Contact us” and “Inquiry”

If you are interested in our courses, you may send us a message at “Contact us” or “Inquiry”. In this case we will process your personal data as follows:

  • Scope of personal data processed:
    • your name,
    • your e-mail address,
    • your phone number,
    • name of your company,
    • your country,
    • further data you may provide in your free text message.
  • Legal basis of data processing: your specific consent [Article 6 (1) a) of GDPR] which you give by ticking the box next to the following statement:

I hereby give CYDRILL my consent to process my personal data in order to reply to my message in accordance with the provisions of the Privacy Policy.

  • Purposes of data processing: contact you in order to provide you with more information on our training courses and other services.
  • Means of data processing: electronic means.
  • Term of data processing: until revocation of your consent, but at the latest for 60 (sixty) days following your last message, unless you ordered one of our services.
c) Attending one of our training courses

If you attend one of our courses, you or your company (in case your company concluded an agreement with us on your training course) may provide us with personal data of yours which are necessary for the attendance at the training course. In this case we will process your personal data as follows:

In order to attend one of our training courses, you will have access to the training materials at an online platform. In order to reach this online platform, you shall have an account which consists of your e-mail address and a password. We create your account and send you an e-mail in which you will find a one-time password which is necessary to log in to your account. After login you must change your password. Your password must be at least 8 (eight) characters in length and must contain uppercases, lowercases and digits. Please keep your password safe.

The details of data processing may be different depending whether the training course is purchased by you or your company.

In case the training course is purchased by your company

1./ Scope of personal data processed

  • (a) your name,
  • (b) your e-mail address,
  • (c) your password,
  • (d) your test results,
  • (e) name of your company

2./ Legal basis for data processing: The legitimate interest pursued by your company and the Data controller [Article 6 (1) (f) of GDPR]

3./ Purposes of data processing (categorised by personal data)

We process

  • (a) your name and
  • (b) your company

foridentification of you and other participants.

We process

  • (a) your e-mail address and
  • (b) your password

forperforming the training course and other services, in particular:

  • creating your account;
  • providing you with learning materials;
  • organizing the test following the training course.

We process

  • (a) your name and
  • (d) your test results

forrecording test results, qualifications, certifications and other achievementsin order to provide information on such results if it is requested.

4./ Means of data processing: electronic means

5./ Term of data processing (categorised by personal data)

We process

  • (a) your name,
  • (b) your e-mail address
  • (d) your test results and
  • (e) the name of your company

for 5 (five) years following the end of the training course. (If you attend more courses, this deadline shall be calculated from the end of the last training you attended.)

We process

(c) your password

for 30 (thirty) days following the termination of your user account. Your user account may be terminated by you anytime or it will be terminated within 30 (thirty) days following the end of your training course. (If you decide to attend another training course within this deadline, you will use the same account as earlier; however if you decide to attend another training course after the termination of your account, we will create another account for you.)

 

In case the training course is purchased by you

1./ Scope of personal data processed

  • (a) your name,
  • (b) your e-mail address,
  • (c) your password,
  • (d) your test results,
  • (e) your home address
  • (f) your credit card information, in particular:
    • credit card number;
    • name of the credit card owner;
    • expiration date of the credit card;
    • CVC

2./ Legal basis for data processing: Data processing is necessary for the performance of a contract (agreement on your training course) to which you are a party [Article 6 (1) b) of GDPR]

3./ Purposes of data processing (categorised by personal data)

We process

  • (a) your name

foridentification of you and other participants.

We process

  • (b) your e-mail address and
  • (c) your password

forperforming the training course and other services, in particular:

  • creating your account;
  • providing you with learning materials;
  • organizing the test following the training course.

We process

  • (a) your name and
  • (d) your test results

forrecording test results, qualifications, certifications and other achievementsin order to provide information on such results if it is requested.

We process

  • (e) your home address and
  • (f) credit card information

in order toissue the invoice and receive your payment.

4./ Means of data processing: electronic means

5./ Term of data processing (categorised by personal data)

We process

  • (b) your e-mail address and
  • (d) your test results

for 5 (five) years following the end of the training course. (If you attend more courses, this deadline shall be calculated from the end of the last training you attended.)

We process

  • (c) your password

for 30 (thirty) days following the termination of your user account. Your user account may be terminated by you anytime or it will be terminated within 30 (thirty) days following the end of your training course. (If you decide to attend another training course within this deadline, you will use the same account as earlier; however if you decide to attend another training course after the termination of your account, we will create another account for you.)

We process

  • (a) your name,
  • (b) your home address and
  • (d) your credit card information

for the period set out in Act C of 2000 on accounting for the obligation to keep accounting documents, i.e. for 8 (eight years) from the preparation of the annual report for the business year in which the personal data were provided.

4. Our declarations regarding Data Processing

We explicitly declare that we are going to process your personal data in accordance with the EU and Hungarian legislation in force, in particular, REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter:GDPR) and Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: DP Act).

We explicitly declare that we will not disclose, transmit, disseminate or make available your personal data to third parties, with the exception of the Data processors.

We explicitly declare that we will not use your personal data for purposes other than specified in Section 3 of this Privacy Policy.

We explicitly declare that we will delete all your personal data at the end of the terms specified in Section 3.

We explicitly declare that the data processors involved in our data processing (hereinafter referred to asData processor) meet the requirements specified as Section 5.

5. Data processor

We involve HIidden Design Kft. (registered seat: Gát utca 21, Budapest, H-1095 Hungary), operating our Website, as data processor in the data processing.

We may involve data processors in the data processing if it is necessary for the achievement of the purposes set out in Section 3.

We ensure that Data processors provide sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of the regulations and ensure the protection of the rights of yours.

We ensure that the agreement concerning the data processing activities carried out by the Data processor is concluded in writing.

We ensure that the Data processor:

  • processes the personal data only on documented instructions from us as Data controller;
  • ensures that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
  • takes appropriate technical and organizational measures regulated by the legislation, in order to ensure the security of data processing;
  • at our choice, deletes or returns all the personal data to us after the end of the provision of services relating to processing, and deletes existing copies unless Union or Hungarian law or any other applicable Member State law requires storage of the personal data.

Data processor may not make any substantive decision concerning the data processing, Data processor may only process the personal data he/she acquired according to our requests, Data processor may not process personal data for his/her own account, and Data processor shall store and retain personal data according to our instructions. In case of any request concerning the acquaintance or transmission of the data, we are liable and entitled to make the decision on the merits.

Data processor may involve further processors only upon our written authorisation.

6. Your Rights Concerning the Data Processing

We explicitly inform you that

  • you may request from us
    • information on your personal data;
    • access to your personal data;
    • the rectification of your personal data;
    • the erasure of your personal data;
    • the restriction of the processing of your personal data; and
  • you may exercise your right to data portability against us,
  • you are entitled at any time to revoke your declaration of consent to the data processing.

Based on theright to information, you are entitled to receive information from us in such detail as specified in this Privacy Policy.

Based on theright to access, you are entitled to get feedback from us on whether the processing of your personal data is in progress, and if so, you are entitled to get access to personal data and information concerning data processing (the categories of personal data concerned and further data and information concerning the data processing included in this Privacy Policy).

Based on theright to rectification of personal data, you are entitled to that, at your request, we rectify the inaccurate data concerning you without undue delay, and that we complete your incomplete personal data.

Based on theright to erasureof personal data, you are entitled to that, at your request, we delete the personal data concerning you without undue delay, should any of the following conditions exist:

  • the personal data are no longer needed for any purpose specified in Section 3;
  • you revoke your consent to the data processing and the data processing has no other legal basis;
  • you protest against the data processing and there is no high-priority right to process the data;
  • the personal data have been unlawfully processed;
  • the personal data have to be erased for compliance with an obligation in Union or Hungarian law to which we are subject.

Based on theright to the restrictionof the processing of personal data, the you may request that personal data, with the exception of storage, only be processed with the your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or an EU member state.

You shall have theright to receive the personal dataconcerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit such data to another data controller without hindrance from us, considering that the data processing is based on the your consent.

You are entitled torevoke the declaration of consentany time in cases specified in subsections a)-c) of Section 3 of this Privacy Policy.

7. Your Right to legal remedy

If you wish to enter complaints against the data processing, you may do it at the contact possibilities of us included in Section 1 of this Privacy Policy.

You may enter your complaint concerning the data processing directly to the National Authority for Data Protection and Freedom of Information (address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/c.; phone: +36-1-391-1400; e-mail address: ugyfelszolgalat@naih.hu; website: www.naih.hu) or another supervisory authority competent by your nationality.

In case of the infringement of your rights concerning the data processing, you may seize the court. The action shall be heard by the competent general court. If you request that, the action may be brought before the general court in whose jurisdiction your home address or your temporary residence is located.

8. Miscellaneous

This Privacy policy shall be interpreted and governed by Hungarian law.

You explicitly declare that you have read this Privacy Policy by ticking the box next to one of the declarations specified in Section 3 of this Privacy Policy.

This Privacy Policy is valid as of April 16, 2019.

CYDRILL Software Security Ltd