Textura data management regulations

Contact information of Textura Zrt., as controller

Address: 1147 Budapest, Ilosvai Selymes Péter u. 10-12.
Telephone: +36 1 2514 063
e-mail: info@textura.hu

General information or observations, questions and requests related to specific information can be forwarded through the contacts listed above.

Date of the drafting of regulations: 24.04.2018
Subsequent review of the regulations: 04.2019

I. Introduction

As a necessity, throughout its operation, Textura partially works with data considered to be personal data. Such data may include client data, supplier data, point of contact data, employee data as well as data belonging to individuals Textura establishes ties with through its operations and which are required for their cooperation.
The present document presents how such data is to be acquired, used and stored in order to adhere to the company’s internal regulations and relevant legislation

II. Textura data management principles

  • The company manages the personal data in its possession in a legal and transparent manner
  • The collection of data is carried out with specific and legitimate purposes
  • The range of stored data is limited and is solely used for the declared purposes
  • The precision of the data is to be maintained; outdated or imprecise data are to be corrected or deleted
  • Personal data is stored in a secure manner, in a way which cannot be accessed by other organizations or individuals
  • Textura does not operate any machine-based, automatic, profile-based decision-making processes without human intervention.

III. Legal basis for Textura’s collection and storage of data

In reference to item 6 of the General Data Protection Regulation (GDPR), there are four elements of the legal basis of the company’s data collection and storage practices.
1. Consent. The data subject consents to the processing of his or her personal data, for the purpose of maintaining and developing joint commercial activities.
2. Contract. The processing and storage of data is necessary due to the contractual obligation existing between Textura and its business partner, which cannot be fulfilled without access to the data in question.
3. Compliance with legal obligations. The possession and safekeeping of certain data is necessary for compliance with legal obligations, for example, relevant taxation or commercial laws.
4. Vital interests. Data processing in situations when commercial partners can expect said processing or which causes no surprise and has a minimal effect on the confidentiality of the personal data in question.

IV. Rights related to the data of private individuals

1. Right of information. All individuals have the right to receive information as to what data is being stored and processed on them as well as the legal basis of the data storage. This information shall be provided in a clear and unambiguous manner, free of charge and within a reasonable period of time.

2. Right of access. All private individuals whose personal data is being processed and stored by Textura have the right to review said information and to ascertain the legal basis of processing. Additionally, they may request a free copy of the data in question on a single occasion. For each additional requests, Textura may charge a fee proportionate to the administrative work.

Textura shall fulfill request of this nature within 1 month of their receipt. If the diversity of the requested information is great that its collection and copying cannot be carried out within said deadline, the fulfillment time limit shall be increased to 2 months.

3. Right to rectification. Based on this right, private individuals shall be entitled to obtain the rectification or supplementation of their data being stored. Such requests are to be made in either oral or written form. The rectification or supplementation of data shall take place within a deadline of 1 month.

4. Right of erasure. Pursuant to this right, also known as the right to be forgotten, private individuals may request the permanent deletion of their data. Requests can be made in oral or written form, which Textura will respond to within 1 month.

Item 17 of the GDPR precisely regulates said right, which is not absolute in its nature and can be refused in certain cases. The deletion of the data can be requested in the following cases

  • The legal grounds of the data collection and storage no longer exist
  • The data is stored for direct marketing purposes, for which the private individual withdraws their consent
  • The data was illegally obtained.

The request for deletion can be refused in the following cases

  • If the data is required to practice the freedom of expression
  • If the data is required to fulfill statutory requirements
  • If the storage or archiving of the data is tied to public interests.

5. Right to restriction of processing. In such cases, private individuals may consent to the storage of their data, yet not their use. Request of this nature may be stated verbally or in writing and the data controller has 1 month to fulfill said requests. The practical implementation of this depends on the type of data, yet in all cases, its active use shall be terminated.

Data controller may utilize the data in question, despite the request insofar as

  • the data is required for legal, court proceedings
  • the data is required for protecting the rights of others
  • the data is of particular public interest.

6. Right to data portability. Private individuals may request a copy or transfer of their own data for personal use. Data shall be provided in a commonly used, machine readable format, such as csv or txt. The request for data is free of charge and has a maximum deadline of 1 month.

V. Data security

Textura works with the latest IT solutions. Its servers are maintained in the Azure system provided by Microsoft, where they are operated with the highest possible system security.
Work stations feature the latest versions of Windows and computers are operated in a domain system with unified security measures. Accessing the system requires a login and unique passwords.
Our CRM system is provided by one of the world’s leading service providers, Zoho. Our entire system runs on the Zoho servers via a cloud-based service. Accessing the system requires a user password. Users are linked to various roles and only access a minimum amount of information relevant to them. Data copying or deletion is not possible as only the system administrator has such competencies.
We do not disclose our data to third parties.
Textura’s IT systems adhere to the stipulations of GDPR, item 5/1/f and thus provide appropriate security against unauthorized or unlawful processing as well as the destruction or damage of data.
We continuously train our employs in the subject of information security.

VI. Data protection officer

The GDPR clearly prescribes the cases which require appointing a data protection officer. These include

  • public administrations
  • activities which entail the regular and systematic monitoring of a large body of private individuals
  • activities which involve a large amount of personal information which requires particularly protection.

In light of the above, Textura is not obliged to and does not appoint a data protection officer.

VII. Security breach

The GDPR classifies a breach of security as an event leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data.

In the case of a security breach, the incident must be reported pursuant to the provisions of the GDPR. The report is filed within 72 hours. If the breach was so severe that it effected individual freedoms, the private individuals in question must be notified.

Textura maintains a log on all incidents resulting in a security breach.

VIII. Cookie management

1. Data management, scope of managed data: Individual identification number, dates, times

2. Scope of affected parties: All visitors of the website are affected parties.

3. Purpose of data management: Identify users and track visitors.

4. Duration of data management, deadline for deleting the data:

Type of cookie
Session cookies
Persistent or saved cookies
Legal grounds for data management
Paragraph (3) of Section 13/A of Act CVIII of 2001 on certain issues of electronic commerce services and information society services.
Duration of data management
The period lasting until the closure of the relevant visitor session
until the deletion of the affected party, maximum 30 days
Scope of managed data
connect.sid

5. Potential data managers entitled to access the data: Data managers shall not manage personal data by using the cookies.

6. The affected party’s rights related to data management: The affected party has the option to delete the cookies in the Tools/Settings menu of the browsers, typically under the settings of the Data Protection menu option.

7. Legal grounds of the data management: The affected party’s approval is not required if the exclusive purpose of cookie usage is to transmit information via electronic communication networks or if it is indispensable for the service provider to be able to provide the information society related service explicitly requested by the subscriber or user.

IX. Use of Google Ads (Adwords) conversion tracking

1. The data manager uses the online advertisement programme “Google Ads (Adwords)” and, as part of the above, utilizes Google’s conversion tracking service. Google conversion tracking is an analytical service of Google Inc (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; „Google“).

2. When Users arrive at a website via a Google ad, a conversion tracking cookie is placed on their computer. These cookies have a limited validity period and they do not contain any personal data, so they do not allow for the identification of the User.

3. When Users browse certain pages of the website at a time when the cookie has not yet expired, both Google and the data manager can see that the User clicked on the ad.

4. Each Google Ads (Adwords) client is assigned a different cookie so they cannot be tracked via the websites of Ads (Adwords) clients.

5. The purpose of the information gained with the help of conversion tracking cookies is to make conversion statistical reports for Ads (Adwords) clients choosing conversion tracking. This is how clients can receive information on the number of users clicking on their ads and forwarded to the website equipped with a conversion tracking label. However, they cannot receive any information that would allow for the identification of any user.

6. If you do not wish to be involved in conversion tracking, you can reject the service by disabling cookie installation in your browser. After that, you will not be included in conversion tracking statistical reports.

7. Further information and Google’s privacy policy are available at the website below: www.google.de/policies/privacy/

X. Application of Google Analytics

1. This website uses the Google Analytics application, which is a web analytical service of Google Inc. („Google”). Google Analytics applies “cookies” i.e., text files that are saved to your computer, thus allowing for analyzing traffic on the website visited by the User.

2. The information generated by the cookies related to the website visited by the User are usually transferred to and stored on a Google server located in the USA. By activating the IP anonymization on the website, Google priorly shortens the User’s IP address in the member states of the European Union or other states participating in the agreement on the European Economic Area.

3. It is only in exceptional cases when the complete IP address is transferred to Google servers located in the USA and then shortened there. By commission of the website operator, Google will use these data to analyze how the User used the website as well as to generate reports related to the website traffic for the website operator and to perform other services related to website and Internet usage.

4. Google Analytics does not merge the IP address forwarded by the User’s browser with other Google data. Users have the option to prevent cookie storage by setting the browser to such parameters but let us call your attention to the fact that if you do so, you may not have access to the full functionality of this website. You can also prevent Google from collecting and processing the cookie-generated data related to your usage of your website (including your IP address), if you download and install the browser plugin from the link below: https://tools.google.com/dlpage/gaoptout?hl=hu

XI. Data processors employed

Hosting service provider

1. Activity performed by data processor: Hosting service

2. Data processor’s name and contacts:

  • Bábelhal Webstudio Kft.
  • Registered head office: 8360 Keszthely, Honvéd u. 17/2.
  • E-mail: info@babelhal.hu
  • Phone number: +368377603

3. Data management, scope of management data: All personal data provided by the affected party

4. Scope of affected parties: All affected parties using the website.

5. Purpose of data management: Provide access to the website and operate it properly.

6. Duration of data management, deadline for deleting the data: Data management shall continue until the termination of the agreement between the data manager and the hosting service provider, or until the affected party submits a request for deletion to the hosting service provider.

7. Data processing activities are conducted based on the following legal grounds: Sub-paragraphs c) and f) of Paragraph (1) of Section 6 and Paragraph (3) of Section 13/A of Act CVIII of 2001 of Hungary on certain issues of electronic commerce services and information society services.

Budapest, November 09, 2018