Last updated: 2022/10/01
DATA TOWER Kft. (DATA TOWER, Company, we, our, us) is a Hungary-registered company that sells fixed-term software licenses and provides online services for open-source data retrieval.
This document represents our policy on processing and protection of personal data and is located at https://lampyre.io/privacy .
By using DATA TOWER`s websites (lampyre.io and account.lampyre.io), software products or services you expressly accept and consent that your information may be transferred to DATA TOWER’s subcontractors, agents, or representatives who perform tasks related to the Sites and services, and transfers for the purpose of storing the data in relevant databases. Our subcontractors guarantee at least the same level of the protection of your personal data as we guarantee.
How we will contact you
We will communicate with you via email you provide when you register online and the chat room you create in your personal account on our websites.
We may email you with service, technical and other administrative messages. We may also contact you to inform about the changes in the way we provide our products, to remind that soon you will be charged for the auto-renewal of your products and to warn about security issues or fraudulent activity in your account if there is any. These messages are part of the Lampyre products and services, and you cannot refuse or unsubscribe from them.
We may also use other forms of communication to respond to your requests. By default, we will respond to your requests using the type of communication through which we receive your request. If you wish to receive a response through any other means, please let us know in your request letter and we will try to accommodate your request, if possible.
DATA TOWER Kereskedelmi- és Szolgáltató Korlátolt Felelősségű Társaság
Short title: DATA TOWER Kft.
Our legal address: 2/3, Andrassy út. 31, Budapest 1061, Hungary.
VAT EU ID: HU26658799
Company registration number: 01 09 337671
Types of collected personal data
“Processing” means any operation or set of operations which is performed on personal data or personal data sets, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The personal data we collect includes individual information about you: your name, address, email, company data, unique computer identifier, IP address, payment history, username, password, host country, VAT ID, payment information detailed below, and any additional information that may be disclosed by you to our staff when you contact us through official channels. We do not collect personal data while you use our software.
The scope of personal data collected depends on the services you order and the products and services you use, so not all pieces of information provided may be relevant to you.
We do not link anonymized data to other personal data unless you have registered for a product or service or logged in to our online service. This is intended to provide additional protection for your account against possible fraud.
We may also receive and process personal data from publicly available sources when necessary to better provide our services.
Purposes and legal basis of personal data processing
The Company is guided by the principles of lawfulness, fairness, transparency, minimization of data processing, sufficiency, rationality and expediency of personal data processing. Your data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. We strive for keep your personal data accurate and, where necessary, up to date.
We ensure the lawfulness of the personal data processing by the fact that the Company processes your personal data on the legal basis as follows:
Your consent to the processing of personal data (based on the Article 6. (1) a) of the GDPR).
In all cases, before granting consent, we shall inform you that you have the right to withdraw your consent at any time pursuant to Article 7 (3) of the GDPR. Withdrawal of consent shall not affect the lawfulness of the data processing prior to withdrawal.
The need to process personal data based on performance of the agreement under which you are a party or to perform, on your behalf, the steps preceding the conclusion of the agreement (based on the Article 6. (1) b) of the GDPR).
The data belonging to this legal basis are a precondition for concluding the agreement with us.
The need to process for purposes arising from our legitimate interests or the legitimate interests of third parties, but your interests or your fundamental rights and freedoms as a data subject always take precedence over such interests (based on the Article 6. (1) f) of the GDPR).
In the case of this legal basis, the Company is obliged to perform a test for balance of interests. In this test, the Company decides on the basis of objective criteria whether the client's interests over data management take precedence over the goals set by the Company. During the interest balance test, the Company pays special attention to the following:
the chosen method or individual technology by which the data processing is performed must be necessary for the legitimate interests of the Company;
data management should be proportionate to the business needs, ie the purpose to be achieved;
data management should be carried out in a way that minimizes interference and should focus on the specific risk area.
The need to process for fulfillment of a legal obligation. In this case we process your personal data for the purpose that the Company fulfill its obligations (Article 6 (1) (c) GDPR).
Examples of such legal obligations are: fulfillment of accounting obligations, fulfillment of administrative and official obligations, fulfillment of official requests.
The purpose of processing depends directly on the actual data processing related activity (e.g. distribution of software licenses). We only collect and process your personal data for purposes that cannot be achieved by other means. The detailed purposes are listed below.
|Identification of visitors to the website, preparation of statistics and analyzes||IP address||consent|
|Providing personalized services, facilitating the customization of advertisements, using convenience features using cookies||interest information, habits, preferences (based on your browsing history)||consent, legitimate interests|
|Creating a user account for Customer and identifying Customer|| e-mail |
|Protection of the Customer's data, ensuring that no unauthorized person has access to the Customer's account||password||consent|
|Protection of the Customer's data, ensuring that no unauthorized person has access to the Customer's account||temporary password||consent|
|To make a sale and purchase or a license agreement|| e-mail address |
date of the transaction
|Billing|| name |
date of the transaction
|Logging past purchases within a personal customer account is a convenience feature for our customers; based on previous purchases, the Customer can more easily find out about the stock of the previously ordered product and any price changes in the meantime||payment history: details of each previous (completed) purchase (date, time, purchased product, value of the purchase)||consent|
|To solve issues with the payment services (e.g. Braintree, PayPal)|| customer ID |
|consent, legitimate interests|
|To process your communications through official channels|| e-mail address |
your data given regarding to the usage our software
|consent, performance of the agreement|
|To prevent fraud against the customer’s account||data given by the customer earlier||consent|
|To prevent fraud against our services|| e-mail address |
|Compliance with applicable laws or regulatory procedures (when processing is necessary to fulfill a legal obligation imposed on us or to fulfill a public interest task or to protect the vital interests of the data subject or another person).||data given by the customer earlier||legal obligation|
We explicitly urge you to contribute to regular updating and updating of user account information.
Our website may collect cookies. Cookies are small files that are stored on your device and contain information about your recent activity and enable us to distinguish you from other users. We use the information we receive from cookies to make your experience with our web sites, products, and services safer and more convenient and to improve our services. Cookies are used to enable you to log in and make settings, purchases, and other actions related to your account so that they can be stored. We may use temporary and permanent cookies. Temporary cookies last for only one session and are deleted as soon as you close your browser or mobile app. Persistent cookies remain on your device until they expire or you clear the system yourself.
The following tables provide information on the types of cookies we use, why we set them, and how long they last.
|account_type||1 month||Customizing||Implements the function of setting the interface display depending on the type of account|
|auth_token||1 month||Functional||Implements the user authentication function in the system|
Cookies are not only created by our website that you browse, but also by other websites that run ads, widgets, or other items on the page you load. These cookies are called third-party cookies and we are also using them. The majority of these cookie files are created when we access web analysis services offered by Google Analytics. Such third-party files may be temporary or persistent.
To refuse being tracked by Google Analytics on all web sites that are using its services visit https://tools.google.com/dlpage/gaoptout.
Use common sense when it comes to using public computers. Don’t enter personal data that may be stored in cookies, and always make sure you log out of your account before you move away from the public computer. Please mind that some cookies may be created by your browser. You can always delete your browser history and cookies. For more information about controlling and setting cookies, see your browser’s help section or visit its website
Please note that if you do not accept cookies, you may not be able to use some of the DATA TOWER products or services as effectively as intended. In addition, disabling some cookies may affect the website functionality
We use web analysis services from IRELAND LIMITED, Gordon House, Barrow Street, Dublin 4, D04E5W5, Ireland.
Personal Data Storage Periods
We do not retain your personal data longer than is necessary for the purposes for which we process such personal data:
|Legal basis||Storage period|
|fulfillment of a legal obligation||for a period specified by law|
|performance of the contract||until legal claims can be enforced in connection with the performed contract, ie as a general rule until the expiry of the general civil law enforcement period of five years following the performance of the contract|
|the enforcement of the legitimate interests of the Company or a third party||as long as there is a legitimate interest|
|protection of the vital interests of the natural person||for as long as is necessary to protect the vital interest|
|data procession based on the consent of the Customer||for the necessary period of time commensurate with the purpose of the processing, but not beyond the withdrawal of consent by the data subject (unless there is an additional legal basis remaining or applicable for the further processing of such personal data)|
Who else can access your personal data
DATA TOWER will never disclose your personal data to third parties unless required to fulfill contractual obligations to you, or for organizational purposes, or as a legal or regulatory requirement. The instances of such transfer are specified below.
We may share your personal data with our employees and affiliates to achieve the purposes for which you have provided us with your personal data. To ensure our contractual obligations to you, we delegate some of our functions to specialists in other organizations who process your personal data to the necessary extent. We may also share your personal data with other parties who need that information to assist us in establishing, maintaining and managing our relationship with you and in providing the services, products and services you request.
All your payments made on our websites are processed by Braintree or PayPal, depending on your choice. All payment data (name, surname, address, email address, phone number, bank account number, bank identification number, bank card number, account amount, currency and transaction number) are sent directly to these systems and are not processed by DATA TOWER. We do not store your bank card information, but we do receive some payment information (including the first 6 and last 4 digits of your card, your name and your email) as a result of the purchases you make. Braintree and PayPal give us access to this payment information. When making any purchase on our websites, you consent to Braintree or PayPal's processing of your personal data, depending on your choice. We recommend that you review the privacy policies of these payment processors before making a financial transaction (since processing of your personal data will be subject to their privacy policies in addition to ours) and visit their websites.
Cross-border data transmission
We only process your personal data within the organizational system of our company. We do not transfer your personal data to third parties located outside the European Union to provide services on your behalf in accordance with our agreement.
We may transfer your personal data in order to comply with legal requirements, prevent or stop illegal activities and protect the legitimate interests of the Company and third parties, but strictly in accordance with the relevant legislation.
If you are an individual who uses our software products, websites and services and provides your personal data to DATA TOWER, you have certain rights:
1. Right to access
According to the Article 15 of the GDPR, you are entitled to receive feedback from us as to whether the processing of your personal data is in progress, and if such processing is in progress, you are entitled to have access to the personal data and the following information:
the purpose of the processing;
categories of your personal data;
the recipients or categories of recipients to whom the personal data have been or will be communicated;
where applicable, the intended period for which the personal data will be stored or, if that is not possible, the criteria for determining that period;
to request the controller to rectify, delete or restrict the processing of personal data concerning you and to object to the processing of such personal data;
the right to lodge a complaint with a supervisory authority;
if the data were not collected from you, all available information on our source;
the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Your right of access:
covers personal data concerning you as defined in Article 15 of the GDPR;
includes pseudonymous data that can be clearly linked to you.
At your request, we shall provide access to your personal data in accordance with Article 15 of the GDPR, if:
you request confirmation from us regarding the handling of your data; and
we handle your personal data; and
you request access to your personal data.
We will provide you with a copy of your personal data if:
you request confirmation from us regarding the processing of your personal data, and
we handle your personal data, and
you request a copy of your personal data.
2. Right to rectification
According to the Article 16. of the GDPR, you have the right to request that DATA TOWER correct your personal data by submitting a request if you believe your personal data is not sufficiently accurate or reliable. You also have the right to request additional information on your personal data if you believe that the details you have provided us are not sufficiently complete.
Your right to correct inaccurate data:
covers personal data concerning you as defined in Article 16 of the GDPR;
includes pseudonymous data that can be clearly linked to you.
We will correct or supplement your personal data in case of the following:
we handle your personal data, and
the personal data concerned are inaccurate or incomplete, and
you request the correction or the supplementation of your personal data.
You also have the right to request additional information on your personal data if you believe that the details you have provided us are not sufficiently complete.
We shall notify the recipients of the personal data (if any) of the correction of the personal data of the Customer. However, we will not notify recipients of the correction of personal information if it proves impossible or disproportionate to notify recipients. Upon request, we shall inform the Customer of the recipients.
3. Right to erasure
According to the Article 17. of the GDPR, we delete or de-identify personal data that is no longer expected to be processed.
We are obliged to delete your personal data without undue delay if:
we handle your personal data, and
you request the deletion of your personal data, and
at least one of the following conditions (i-v) is met (these are collectively referred to as the "Preconditions for cancellation"):
the personal data are not necessary for the purposes for which they were collected by us and you don’t request a restriction on data processing instead of deletion;
the processing of the data is based on your consent and you withdraw this consent, and there is no other legal basis for the processing of the data;
you object to the processing of your data pursuant to Article 21 (1) of the GDPR and there is no priority legitimate reason for the processing of the data or the data processing for the direct acquisition of the data subject protests
the personal data has been processed unlawfully (without a legal basis) by the Company and you do not request a restriction on the processing of the data instead of deleting it;
personal data must be deleted in order to fulfill a legal obligation under the laws applicable to the Company.
We are not obliged to delete the data even if the preconditions for Deletion exist, if the data processing is necessary for the submission, validation and protection of legal claims.
We shall notify the recipients of the personal data (if any) of the deletion of the Customer's personal data. However, the Company will not notify recipients of the deletion of personal information if it would be impossible or disproportionate to notify recipients. Upon request, the Company shall inform the Customer of the recipients.
4. Right to restriction of processing
According to the Article 18. of the GDPR, you have the right to request to restrict the processing of your personal data. Restricting the processing of your personal data does not mean deleting it. Restricting the processing of your personal data is primarily intended to suspend further data processing and leave the data unchanged until the purposes of the restriction have been achieved. We can use tools to restrict your personal data, for instance temporarily transfer selected data to another processing system in order to make selected personal data inaccessible to users, or temporarily delete the published data from the website.
You may request a restriction on the processing of your personal data if any of the following occurs:
you dispute the accuracy of the personal data: in this case the restriction applies to the period of time that allows us to check the accuracy of the personal data; obsession
the data processing is illegal and you object to the deletion of the data and instead request a restriction on their use; or
we no longer need personal data for the purpose of data processing, but you request them in order to submit, enforce or protect legal claims; or
you objected to the processing in accordance with Article 21 (1) of the GDPR: in this case, the restriction shall apply for as long as it is determined whether the legitimate reasons of the controller take precedence over the legitimate reasons of the data subject.
The right to request a restriction on the processing of your personal data:
covers personal data concerning you as defined in Article 18 of the GDPR;
includes pseudonymous data that can be clearly linked to you.
We shall notify the recipients of the personal data (if any) of any restrictions on the processing of the Customer's personal data. However, we will not notify recipients of such a restriction if it would be impossible or disproportionate to notify recipients. Upon request, we shall inform the Customer of the recipients.
If the we restrict the processing of your personal data based on the above, we are only entitled to:
store such personal data;
process such personal data with your consent;
process personal data without your consent in order to submit, enforce, protect or defend the rights of another natural or legal person.
If the processing of your data has been restricted as described above, we are obliged to inform you in advance about the lifting of the restriction.
5. Right to object
You have the right to object to the processing of your personal data at any time. You have the right to object to the use of your personal data for direct marketing purposes.
6. Right to data portability
If we process personal data relating to you by automated means, according to the Article 20 of the GDPR, you may request this data from us in a structured, commonly used and machine-readable format. You also have the right to freely transfer the specified data to another controller. Please note, however, that this right must not interfere with the rights and freedoms of others.
Your right to data portability:
covers personal data concerning you;
covers pseudonymous data that can be clearly linked to you.
7. Right to withdraw Consent to Personal Data Processing
You have the right to withdraw your consent to the processing of personal data at any time and we will not use the results of the withdrawn information for further processing. However, we inform you that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
8. Right to complain to the supervisory authority
Pursuant to Article 13 of the GDPR, we inform you that if, in your opinion, we did not comply with the provisions of the GDPR in its data processing and your rights have been violated in the processing of its personal data, you are entitled to file a complaint with the supervisory authority.
In order to effectively remedy the breach, we recommend you to contact us prior to making a complaint. The conduct of the conciliation does not exclude your right to complain, however, if it is successful, the dispute between the parties can be resolved directly.
Current contact details of the supervisory authority:
Nemzeti Adatvédelmi és Információszabadság Hatóság (Hungarian National Authority for Data Protection and Freedom of Information)
seat: 1055 Budapest, Falk Miksa u. 9-11
postal address: 1363 Budapest, Pf.: 9.
phone: +36 (1) 391 1400
fax: +36 (1) 391-1410
Please note that the information you request is provided free of charge. However, we may charge you an additional fee under Article 12 (5) of the GDPR in the cases as follows:
If you request any additional copies from us, including copies of information already provided;
If the requirements stated in your request would be clearly excessive (including due to the frequently repeated nature of the request) or unreasonable.
Request Response Time
Estimating the time limit starts from the day of receipt of the request or, if applicable, after receiving confirmation of the identity of the person requesting the information, and is one month. We also reserve the right, under Article 12 (3) of the GDPR, to extend the response period for an additional two months due to the complexity of the request or the large number of requests, provided that we give notice of such extension and state the reasons for the delay.
We will ensure that we process your requests without undue delay and respond to them in a way that will help you exercise your rights with respect to processing personal data. We will also inform you at all times of any reasons that may prevent your request from being resolved.
Safety and our responsibility
We store personal data that we receive from you on our own or rented technical devices, and on properly protected media. We are committed to implementing appropriate technical and organizational security measures, consistent with industry standards, to protect your personal data from unauthorized or accidental disclosure, access, misuse, loss or alteration.
In some cases, the Company may have reasonable doubt over the identity of the person making the request when processing it. In that case, we may need additional information to verify that you are the person making the request, to ensure the security of your personal data.
All data that you transmit through the Lighthouse service when making requests is transferred to third parties. The Company does not verify the data you transfer through the Company's services to third parties, including the results of requests.
We remind you that you should be reasonable and responsible when posting your own personal data in the public domain, including the Company's Internet resources. We are not responsible for the disclosure of your personal data through your own fault.
If we are unable to prevent a breach of your personal data through no fault of your own, we will inform you as quickly as possible of all information we have about the incident and take steps to report it to the relevant regulatory authorities.
Please note that persons who transmit in any way information to DATA TOWER about another subject of personal data, without having any legal basis, will be liable in accordance with applicable law.
Consent to processing of personal data
Your consent to the provision of personal data to the Company and its processing by the Company is valid until the Company terminates its activities or until you withdraw your consent. When you consent to the processing of personal data, you acknowledge that:
You act voluntarily and consciously;
You are aware that the Company processes personal data based on the General Data Protection Regulation (GDPR);
The personal data you provide belongs to you personally;
You are aware of the name of the controller and the purposes for processing the personal data you provide;
You are aware of your rights and of the obligations and limitations concerning the protection of personal data imposed on you;
Withdrawal of consent to processing of personal data
You have the right to withdraw your consent to the processing of your personal data at any time by writing to our email address listed in the Contact Details, or by deleting your account in your account Settings section.
Please note that withdrawing your consent to the processing of your personal data means that your account with all active licenses, subscriptions and services will be deleted without the possibility of further access.
In turn, we shall not use the results of the withdrawn information for further processing. However, we inform you that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
We delete or de-identify personal data that is no longer expected to be processed. If we de-identify personal data, we only use de-identification methods that prevent re-identification of personal data subjects.
Alternatively, you can also pursue your right to a judicial remedy in court (please see the following link for the contact details of the tribunals: http://birosag.hu/torvenyszekek).