Last updated: 2019/03/19
This Policy (hereinafter referred to as “Policy”) is aimed at ensuring the processing and protection of personal data (hereinafter referred to as “Personal data”) DATA TOWER Trade and Service Ltd, located at 2/3, Andrassy ut 31., Budapest 1061, Hungary (hereinafter referred to as “Company” or “We”), to Internet resources, services and other products (services) of the Company through which we collect personal data and which refer to the Policy.
The policy complies with the General Data Protection Regulation (GDPR).
1. General Provisions
1.1. Personal data is any information relating directly or indirectly to an identified or identifiable individual. For instance, personal data can be used to identify an individual and includes, but is not limited to surname, name, middle name, position, company name, e-mail address, phone number. Personal data also includes technical information if correlated with an individual, for example, IP address, type of browser used and language settings, etc. If we cannot relate technical information to an individual, we will not consider this information as personal data.
1.2. Personal Data Subject is an individual who transfers personal data to the Company.
1.3. The company is the Personal Data Operator and independently performs the functions of a personal data processor: collection and processing of personal data, and personal data controller: determining the purpose of processing personal data, the details of personal data being processed, actions (operations) performed with personal data.
1.4. At the same time, the Company processes only personal data provided by individuals by means of Company’s online resources, products, and services (hereinafter referred to as Services).
1.5. This document determines the Company's policy in processing and protection of personal data and is located https://lampyre.io/privacy. The Company also provides unrestricted access to the Policy to any person who has personally contacted the Company.
1.6. The primary objective of the Company is to ensure the protection of the rights and freedoms of a person and a citizen when processing his personal data, including protection of the rights to privacy, personal and family secrets, and strict compliance with the requirements in personal data protection.
1.9. Your Consent to provide the Company's personal data and their processing by the Company is valid until the termination of the Company's activities or until you withdraw your consent. By activating registration on the Company's Internet Resource and performing subsequent actions, you confirm that you act based on your own free will:
- • provide your personal data to the Company for processing and agree to their processing. You are notified that personal data is processed by the Company based on the General Data Protection Regulation (GDPR);
- • you confirm that the personal data you provide belong to you personally;
- • you acknowledge and confirm that you have carefully read and are fully aware of this Policy and the conditions of personal data processing contained therein, specified in the appropriate fields when registering on the Company's Internet resource and its further use;
- • you acknowledge and confirm that all provisions of this Policy and the conditions for processing personal data are clear to you;
- • you agree to the terms of processing personal data without any reservations or restrictions.
2. Purposes of processing personal data
The company is guided by the principle of sufficiency, rationality and expediency of processing personal data. We process personal data aiming at conclusion and performance of agreements with subjects of personal data:
2.2. When communicating with you — to timely communicate with you as a person who has transferred your personal data to the Company and to provide you with any necessary reliable and complete information related to the Company's obligations fulfilled to you under the Agreement on the use of the Internet resource. Including, but not limited to, providing information on the Services, e-mail messaging on services and events organized by the Company. The company can use the contact information you provide to contact you.
2.3. When obtaining feedback from you — for information about loyalty and satisfaction with services.
2.4. When ensuring protection and confidentiality of personal data — to ensure the efficiency and security of the Company's Internet resources, to confirm the actions you commit, for actions to prevent fraud, cyber attacks and other abuses, and to investigate such cases.
3. List of personal data being processed on consent
3.1. Depending on the web form you are filling out, we can process the personal data as follows: personal information that you provide when subscribing to the Internet resource or using the Company's Internet resources, including personal data transmitted during reaching of any Company agreements with you.
3.2. Impersonal information processed by the Company:
3.2.1. Data on hardware (devices): IP address, type and version of the operating system, type of device (personal computer, mobile phone, tablet), type and version of the browser, and other data transmitted by your browser depending on its settings.
3.3. Information obtained as a result of your actions, including the information you provide in the submitted comments, inquiries, appeals, feedback and questions.
4. Principles of processing personal data
4.1. The principle of legality, fairness and transparency means processing in a legitimate, fair and transparent way with respect to the data subject.
4.2. The principle of limiting the goal means collected for specific, explicit and legal purposes and not subject to further processing in a manner inconsistent with these goals.
4.3. The principle of minimum information is adequate, relevant and limited to what is required for processing.
4.4. Accuracy principle means accurate and, if necessary, updated; all possible steps shall be taken to ensure that inaccurate personal data is promptly deleted or corrected, considering the purpose of processing.
4.5. Principle of limiting storage means saving in a form that allows you to identify data subjects only as long as it is necessary for the purposes of personal data processing.
4.6. Principle of integrity and confidentiality means processing to ensure appropriate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or changes by appropriate technical or organizational measures.
4.7. Principle of responsibility: as a company, we are responsible for compliance with the law and the fundamental principles for the protection of personal data.
5. Processing of Personal Data
5.1. Collection of personal data.
Personal data is collected as follows:
- • providing your personal data when filling out forms, including web forms on the Services;
- • via other channels related to the Services (for example, via electronic messages);
- • automatically in the process of using the Company's Internet resources using the software installed on your device; your personal data in writing, including by means of communication.
5.2. Storage and use of personal data.
- • personal data is stored only on properly protected media, including electronic media, and is processed both automatically and without the use of such equipment.
5.3. Transfer of personal data.
- • the company can transfer personal data to third parties in order to provide services in your interests under the existing agreements. And also when the data is transmitted in order to comply with the requirements of the applicable law, prevent or stop illegal actions and protect the legitimate interests of the Company and third parties.
5.4. Destruction of personal data.
The company destroys personal data in the cases as follows:
- • your violation of the terms of the Policy or existing agreements between you and the Company;
- • expiration of personal data storage in accordance with applicable law;
- • at your request.
6. Your rights
6.1. You are entitled to receive information on processing of your personal data at your request, including:
- • confirmation of processing your personal data;
- • legal basis for processing your personal data;
- • objectives and methods used by the Company to process your personal data;
- • exact personal data we process and the source of this data;
- • your personal data processing time, including the storage period;
- • procedure for implementing the rights provided for by the General Regulations for the Protection of Personal Data (GDPR);
- • information on completed or intended cross-border data transfer;
- • information on individuals to whom personal data may be disclosed on the basis of an agreement with the Company or in accordance with the General Data Protection Regulation (GDPR);
- • other information provided by the General Data Protection Regulation (GDPR).
You are entitled to receive such information an unlimited number of times by sending a request to the Company as described in Section 11 of the Policy.
6.2. You are entitled to complain to the Company in case of violation of the rules for handling your personal data using the methods described in Section 11 of the Policy, and also, if you are a citizen / resident of a European Union Member State, to the national Data Protect Authorities (DPA) office.
7. Obligations of the Company
7.1. In accordance with the Law, the Company is obliged to:
7.1.1. upon your request, provide information on processing of your personal data specified in clause 6.1. Policies, or reasonable refusal;
7.1.2. take necessary measures that are necessary and sufficient for performance of duties under applicable law;
7.1.3. upon your request, clarify the processed personal data, block or delete incomplete, outdated, inaccurate, illegally obtained data or not relevant to the stated processing objectives;
7.1.4. ensure the legality of the processing of personal data. If it is impossible to ensure legal processing of personal data, the company shall destroy the data or ensure destruction within a period not exceeding 10 (ten) working days from the date of unlawful processing of personal data;
7.1.5. if you withdraw your consent to the processing of personal data, we stop processing and destroy them within a period not exceeding 30 (thirty) business days from the date of receipt of your feedback in writing to email@example.com, except when processing may continue under applicable law.
8. Data on personal data protection
8.1. All personal data you provide is confidential by default. The Company ensures personal data protection implementing legal, organizational and technical measures necessary and sufficient to meet the requirements in personal data protection. However, we always try to protect your data and apply a greater number of measures to protect personal data than is provided for by law. Some measures the Company implements to protect personal data are as follows:
8.2. Legal measures include:
8.2.1. development of Company local regulations implementing the requirements of the General Data Protection Regulation (GDPR), including this Policy in relation to the processing and protection of personal data, and locating it at https://lampyre.io/privacy;
8.2.2. refusal to process your personal data by means that do not meet the goals predefined by the Company.
8.3. Organizational measures include:
8.3.1. appointment of a person responsible for consideration of requests for personal data processing. You can contact this person using the following email address firstname.lastname@example.org;
8.3.2. limiting the number of the Company employees who have access to personal data and access control system;
8.3.4. conducting internal investigations to detect unauthorized access to personal data;
8.3.5. introducing Company's employees with the personal data protection standards, fixed by local acts of the Company on personal data processing;
8.3.6. organization of a security regime for the premises where personal data carriers are placed, preventing uncontrolled entry or stay of persons not authorized to access these premises.
8.4. Technical measures include:
8.4.1. use of information security tools, including firewall and anti-virus software;
8.4.2. network access control;
8.4.3. monitoring and analysis of the security of the network infrastructure and Company Internet resources.
9. Foreign Personal Information Subjects
9.1. We may transfer your personal data to countries other than the country they were originally received from, to achieve the objectives specified in the Policy, i.e. cross-border transfer of personal data. Prior to the commencement of the cross-border transfer of personal data, the Company shall ensure that a foreign state, where personal data is transfered, protects your rights as a subject of personal data. We protect cross-border data transfers in accordance with the Policy.
9.2. Cross-border personal data transfer to the foreign states that do not provide effective protection of your rights is possible in the cases as follows:
- • Your written consent to the cross-border transfer of your personal data;
- • Performance of the Agreement you are party to;
- • Protecting your life, health, and other vital interests when it is impossible to get your consent in writing.
10. Policy Restriction
10.1. You shall be sensible and responsible in placing your own personal data in the public domain, including the Company's Internet resources.
10.2. The minimum age for using the Company Internet resources is 18 years.
10.3. The company does not verify the accuracy of the provided personal data and the capacity of the person who provided them. You guarantee that all data provided by you, including impersonal, is your personal, reliable and relevant.
10.4. The company is not responsible for disclosing your personal data due to your fault.
10.5. All data that you transmit through the Lighthouse service when performing requests are translated to third-party resources. The Company does not check and does not store data transmitted by you through the Company's servers to third-party resources, including request results.
11. Personal Data Subject Appeals
11.1. You may send your requests to the Company, including requests for the use of your personal data:
11.1.1. in writing to the address: 2/3, Andrassy ut 31., Budapest 1061, Hungary;
11.1.2. in electronic form by e-mail to: email@example.com.
11.2. The request shall contain the e-mail that was provided when subscribing to our online resource on the Company's Service and your signature in the case of a complaint as specified in clause 11.1.1. of the Policy.
11.3. The Company shall consider the request and send a response to the address indicated in the request within 30 (thirty) calendar days from the moment the application was received.