Privacy Policy

 

1. Name of the Controller

BalaBit-Europe Kft. (hereinafter BalaBit or Service Provider).

 

2. Address of the Controller

H-1117 Budapest, Alíz utca 2

 

3. Contact information

info@balabit.hu

 

4. Regulations pertaining to Privacy

In its data management practice, Service Provider takes into account the related regulations in force. The data management principles published in the present statement comply with the following regulations.

  • 1992. Act LXVI of 1992 on the Name and Address Records of Citizens;
  • 1995. Act CXIX of 1995 on the Use of Name and Address Information Serving the Purposes of Research and Direct Marketing;
  • 2001. Act CVIII of 2001 on Certain Aspects of Electronic Commerce and Information Society Services;
  • 2008. Act XLVIII of 2008 on the Essential Conditions and Certain Limitations of Business Advertising Activity;
  • 2011. Act CXII of 2011 on Informational Self-determination and Freedom of Information.

 

5. Definitions

5.1 personal data

Personal data shall mean any information relating to an identified or, directly or indirectly, identifiable natural person (hereinafter data subject), in particular the name, identification number of the data subject, or one or more factors specific to his physical, physiological, mental, economic, cultural or social identity, and any reference drawn from such data related to the data subject.

5.2 consent

Consent shall mean a freely given specific and informed indication of the data subject's wishes by which the data subject signifies his agreement to personal data relating to him being managed without limitation or with regard to specific operations.

5.3 objection

Objection shall mean the data subject's statement by which data subject objects to the management of his/her data and requests that the management of such data be terminated and/or the managed data be deleted.

5.4 controller

Controller shall mean a natural or legal person or unincorporated organization that determines alone or with others the purpose of the management of personal data, makes decisions regarding data management (including the means) and implements such decisions itself or engages a processor to implement them.

5.5 data management

Regardless of the process applied, data management shall mean any operation or set of operations that is performed upon data, such as collection, recording, organization, storage, adaptation or alteration, use, disclosure by transmission, publication, alignment or combination, blocking, deletion or destruction, and blocking the data from further use, photographing, sound and video recording, and the recording of physical attributes for identification purposes (such as fingerprints and palm prints, DNA samples and retinal images).

5.6 disclosure by transmission

Disclosure by transmission shall mean making data available to a specific third party.

5.7 public disclosure

Public disclosure shall mean making data available to the general public.

5.8 deletion of data

Deletion of data shall mean the destruction or elimination of data sufficient to make them irretrievable.

5.9 blocking of data

Blocking of data shall mean marking data with identification tags in order to restrict their procession permanently or for a predetermined period.

5.10 destruction of data

Destruction of data shall mean the complete physical destruction of data or the medium containing the data.

5.11 data processing

Data processing shall mean the technical operations involved in data management, irrespective of the method and instruments employed for such operations and the venue where it takes place, provided that the technical operations are done on data.

5.12 processor

Processor shall mean a natural or legal person or unincorporated organization that is engaged in the processing of personal data on behalf of a controller on contractual basis - including when ordered by virtue of legal regulation.

5.13 third person

Third person shall mean any natural or legal person or unincorporated organization other than the data subject, the controller or the processor.

5.14 third country

Third country shall mean any country that is not a member of the European Economic Area.

5.15 cookie

Cookie shall mean a text file that is stored on the computer by a home page visited through an internet browser. Cookie is used to make browsing more comfortable and customized, as it facilitates storing various personal data, passwords. By using cookies, targeted or customized advertisement campaigns can be run.

 

6. Data Management Principles Followed

Personal data may be managed if the data subject has given his/her consent, or decreed by law or decreed by a local authority, based on authorization conferred by law concerning specific data defined therein, to achieve a purpose in the public interest (hereinafter mandatory data management).

Personal data may be managed only for specified and explicit purposes, where it is necessary for carrying out certain rights or obligations. This purpose must be satisfied in all stages of operations of data management. Recording and the processing of data shall be fair and lawful.

The personal data managed must be essential for the purpose for which it was collected, it must be suitable to achieve that purpose. Personal data may be managed to the extent and the duration necessary to achieve that purpose.

During data management, data shall be kept accurate, complete and, if necessary for the purpose of data management, up-to-date, and data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected.

Personal data may be managed only if the data subject has given his/her prior, informed consent.

Processor may transfer personal data to a third country processor or controller if the data subject has given his/her explicit consent. Transmission of data to member states of the European Economic Area shall be treated as transmission within the territory of the Republic of Hungary.

Prior to the start of data management, data subject shall be informed whether data management is voluntary or compulsory. Prior to the start of data management, data subject shall be clearly and elaborately informed of all aspects concerning the management of his/her personal data, such as the purpose for which the data are required and the legal grounds, the person entitled to carry out the processing, the duration of the proposed processing operation and the persons to whom his data may be disclosed.

The data subject shall be informed of his/her rights and the possibilities of seeking legal remedies in connection with data management.

 

7. Legitimacy of Data Management

Data management is performed with the voluntary consent of the users registered on www.balabit.com homepage. Registration includes filling in a sheet containing personal data and accepting the content of the privacy statement.

8.0 Data of the visitors of Balabit.com web page

Purpose of data management: ensuring the operation, control of the homepage, preventing security issues and their subsequent evaluation.

Legal ground of data management: Act CVIII of 2001 on certain issues of electronic commerce activities and information society services, Paragraph 3.
Scope of managed data: date and exact time of the visit, address of the web page visited, address of the web page visited previously, visitor's IP address and data characterizing the web browser and operation system used.
Deadline of data deletion: 2 years since the visit
Registration number: NAIH-62311/2013

7.1 Data recording by third party service providers on the home page

No third party service providers collect and manage personal data on behalf of Balabit Kft.

The web analytics service provider, Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043) on behalf of BalaBit Kft. is entitled to manage only data stripped of information identifying the individual. You can read about the applied data management principles on the http://www.google.com/intl/hu/privacy/ web page.

Using the Facebook Comments application embedded on Service Provider's web page, visitors, logging into their own Facebook account, may write comments in the Service Provider's web page. You can read about the privacy policy of Facebook on the http://www.facebook.com/about/privacy/ web page.

7.2 Using cookies on the web page of Balabit.

When visiting http://www.balabit.com web page, the following cookies will be stored on your computer.

 

7.2.1. Session cookie

Purpose of the cookie: identifying the data subject during his/her visit.
The cookie is valid: for the entire time of the visit.
Information stored: randomly generalized character string.

 

7.2.2. has_js cookie

Purpose of the cookie: during the visit of the data subject, the cookie informs the programs run on the web page if the browser setting of the data subject allows the execution of javascript programs.
The cookie is valid: for the entire time of the visit.
Information stored: character "l", if the execution of javascript is allowed.

 

7.2.3. "Topbar" cookie

Purpose of the cookie: observing if the data subject disabled the ad bar on product pages.
The cookie is valid: for 24 hours.
Information stored: character "l", if the execution of javascript is allowed.

 

7.2.4. Google Analytics "_utma" cookie

Purpose of the cookie: observing the number of times the data subject visited the web page of the Service Provider.
The cookie is valid: for one year.
Information stored: one digital character string

 

7.2.5. Google Analytics "_utmb" and "_utmc" cookies

Purpose of the cookies: recording the approximate time that the data subject spent on the web page of the Service Provider.
The cookie is valid: for half a year.
Information stored: one digital character string

 

7.2.6. Google Analytics "_utmz" cookie

Purpose of the cookie: observing the traffic source from which the data subject came to the web page of the Service Provider.
The cookie is valid: for half a year.
Information stored: one digital character string that includes the type and exact name of the traffic source.

 

7.2.7. Google remarking cookie

Purpose of the cookie: classifying the data subject based on his/her behavior shown on the web page of the Service Provider. The cookie links the data subject with the products he/she showed interest in. Based on this classification, Balabit Kft. publishes customized ads for the data subject on third party web pages through the Google AdWords advertisement system.
The cookie is valid: for one year.
Information stored: one digital character string.

 

7.2.7. Facebook cookies

Prior to using Facebook Comments application embedded into the web page of the Service Provider, data subject should log into his/her Facebook account. When logging in, Facebook places cookies on the data subject's computer. You can read detailed information about these cookies on http://www.facebook.com/about/privacy.

Cookies can be disabled or deleted by using the browser settings.

 

7.3 Maintaining contact

Service Provider interprets the download of specific studies, trial versions, call back requests and applying for webinars as making contact.

Purpose of data management: maintaining contact
Legal ground of data management: data subject's voluntary consent.
Scope of managed data: company name, country, e-mail address, name, telephone number, job.
Deadline of data deletion: 2 years since the last contact made.
Registration number: NAIH-62312/2013

7.4 Registering for the events of BalaBit Kft.

Purpose of data management: Event organization
Legal ground of data management: data subject's voluntary consent.
Scope of managed data: company name, country, e-mail address, name, telephone number, job.
Deadline of data deletion: 2 years since the last contact made.
Registration number: NAIH-62313/2013

7.5 Signing up for newsletters

Purpose of data management: giving information, maintaining contact and sending advertisement like offers.
Legal ground of data management: data subject's voluntary consent.
Scope of managed data: e-mail address, name.
Deadline of deleting data: 2 years starting from the last activity.
Registration number: NAIH-62314/2013

7.6 Applying for a job

Purpose of data management: recruiting, maintaining contact.
Legal ground of data management: data subject's voluntary consent.
Scope of managed data: name, e-mail address, date of birth, period of time working as programmer, programming languages known, languages spoken, highest degree of education earned, previous work.
Deadline of deleting data: five years since the date of application
Registration number: NAIH-62310/2013

 

8. Deleting Personal Data

Balabit deletes personal data if their management is unlawful, the purpose of data management ceased to exist, or the statutory deadline for storing personal data expired, or if the court or the data protection commissioner ordered the deletion.

The user may request the deletion of his/her own personal data by writing to info@balabit.hu. Service Provider will delete the data in 15 work days upon receiving the request for deletion.

 

9. Data Security Measures

Personal data are stored in dedicated servers that are guarded in 24 hours a day. The servers are installed in the server rooms of InterNetX GmbH in the territory of the Federal Republic of Germany and in the server room of the Service Provider.

 

10. Updating the Privacy Policy

Balabit reserves the right of unilaterally changing the present privacy policy subsequent to informing the users. You accept the updated privacy policy by using the service after the update becomes effective.

 

11. Users' Rights in Relation with the Management of their Personal Data

The data subject may request information about the management of his/her personal data and may also request data correction, or, with the exception of the cases set forth in the law, data deletion. Upon the data subject's request, Service Provider provides information concerning the data relating to him/her, including those processed by a data processor on its behalf, the purpose, grounds and duration of processing, the name and address (corporate address) of the data processor and on its activities relating to data management, and the recipients of his/her data and the purpose for which they are or had been transferred. Controller shall comply with requests for information without any delay, and provide the information requested in an intelligible form within no more than 30 days. The information provided is free of charge. Request for information shall be sent via e-mail to info@balabit.hu that shall be answered in 8 work days.

 

12. Enforcement of Rights

The data subject may object to the management of his/her personal data,

  1. if processing or transfer is carried out solely for the purpose of enforcing the rights and legitimate interests of the controller or a third person recipient, unless processing is prescribed by law;

  2. if personal data is used or transferred for the purposes of direct marketing, public opinion polling or scientific research;

  3. if the right to object is ensured by law.

In the event of objection, controller shall investigate the objection within the shortest possible time, not to exceed 15 days, and shall make a decision if the objection is justified, and shall notify the data subject in writing of the findings of its decision.
If the objection is justified, the controller shall terminate all processing operations (including data collection and transmission), block the data involved and notify all recipients to whom any of these data had been previously transferred concerning the objection and the ensuing measures; these recipients shall also take measures regarding the objection.

If the data subject disagrees with the decision taken by the controller, the data subject may file for court action within 30 days of the date the decision was conveyed, or the by the last day of deadline.

 

13. Statement of the Controller

Controller accepts to be bound by the content of the present privacy statement, and declares that the data management related to its service corresponds with the expectations defined in the present statement.