Privacy Policy

INTRODUCTION

Welcome to Mabureg Compliance Kft. (“Mabureg Compliance”) privacy policy.

This policy addresses how Mabureg Compliance uses, transfers and stores the personal data we collect about individuals (“Users”) when they access our website (the “Portal”), or use our compliance services (the “Software”) (collectively, the “Mabureg Compliance Products”), or otherwise have their personal data submitted to us in accordance with this policy. This policy is drafted with reference to the EU General Data Protection Regulation (“GDPR”).

By using the Portal and/or you or a corporate subscriber you work for agreeing to our terms and conditions when subscribing to the Software, Users are accepting the practices and guidelines set out in this document (the “Privacy Policy”), so please take a few minutes to read it over carefully.

This Privacy Policy was last updated on 28 May 2022.

Table of content

  1. IMPORTANT INFORMATION AND WHO WE ARE
    1. Purpose of this Privacy Policy
    2. Controller / Processor
    3. Contact details
    4. Changes to the Privacy Policy and your duty to inform us of changes
  2. THE DATA WE COLLECT ABOUT YOU
    1. Personal data we collect
    2. If you fail to provide personal data
  3. HOW IS YOUR PERSONAL DATA COLLECTED
  4. HOW WE USE YOUR PERSONAL DATA
    1. Global framework
    2. Purposes for which we will use your personal data
    3. Cookies
    4. Change of purpose
  5. DISCLOSURES OF YOUR PERSONAL DATA
  6. INTERNATIONAL TRANSFERS
  7. DATA SECURITY AND CONFIDENTIAL INFORMATION
  8. DATA RETENTION
  9. YOUR LEGAL RIGHTS
    1. Your rights
    2. No fee usually required
    3. What we may need from you
    4. Time limit to respond
  1. IMPORTANT INFORMATION AND WHO WE ARE

1.1 Purpose of this Privacy Policy

This Privacy Policy aims to give you information on how Mabureg Compliance collects and processes your personal data through your use of the Mabureg Compliance Products, including any data you may provide through the Software when you register for an account.

It is important that you read this Privacy Policy together with any other privacy notice(s) or fair processing notice(s) we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Policy supplements the other notices and is not intended to override them.

1.2 Controller / Processor

For the purposes of the GDPR, where we are the party that determines the purposes for which, and the manner in which, any personal data is processed, the data controller of any such personal data is Mabureg Compliance with the corporate registration number 01-09-389504 located at Kacsa utca 22. 2. em. 18., 1027 Budapest, Hungary. However, we may also collect or be provided with certain personal data pursuant to our agreements with our customers who remain the data controller of that personal data – in this case, we act as a data processor of the relevant customer. Where we act as a data processor of any personal data, we will process such personal data in accordance with this Privacy Policy, our Terms and Conditions and the relevant data controller’s instructions.

1.3 Contact details

Full name of legal entity: Mabureg Compliance Korlátolt Felelősségű Társaság (a company registered in Hungary with company registration number 01-09-389504, whose registered office address is at Kacsa utca 22. 2. em. 18., 1027 Budapest, Hungary).

1.4 Changes to the Privacy Policy and your duty to inform us of changes

This version was last updated on the date stated at the beginning of this Privacy Policy. We reserve the right to amend this Privacy Policy from time to time as required to ensure its accuracy.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

  1. THE DATA WE COLLECT ABOUT YOU

2.1 Personal data we collect

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). For the full definition of personal data, please see Article 4 subsection 1 of GDPR.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes your name.
  • Contact Data includes your mobile phone number, telephone number and your e-mail address.
  • Corporate Subscriber Data includes the name of the corporate subscriber authorising your access to the Software and your job title.
  • Technical Data includes your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, operating system and platform, pages viewed when using Mabureg Compliance Products.
  • Profile Data includes your username and password.
  • Usage Data includes information about how you use the Mabureg Compliance Products.
  • As a User of the Software, the Company, i.e. the corporate subscriber authorising your access to the Software, is legally obligated under article 18 of the EU Market Abuse Regulation No 596/2014 (“MAR”) to collect and store personal data from you such as: (i) name and surname, (ii) birth surname, (iii) national identification number, (iv) personal and professional telephone numbers, (v) position, (vi) date of birth, and (vii) personal full home address. For further information on the data processing of the Company, please consult the Company’s respective privacy policy.

We may also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data, but is not considered personal data in law, as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of Users accessing a specific feature of Mabureg Compliance Products.

We may also anonymise data that we collect, use and share for the purposes of providing support to you, a corporate subscriber and other Users of Mabureg Compliance Products. Like aggregated data, this data does not directly or indirectly reveal your identity.

However, if we combine or connect aggregated data or anonymised data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

2.2 If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with the corporate subscriber authorising your access to the Software and you fail to provide that data when requested, we may not be able to allow your access to the Software. In this case, we will let you know if access to the Software is denied.

  1. HOW IS YOUR PERSONAL DATA COLLECTED

3.1 We use different methods to collect data from and about you including through:

3.1.1 Direct interactions. You, or a third party authorised by your employer will or will arrange to provide your Identity, Contact, Corporate Subscriber and Profile Data when registering an account with us or requesting access to Mabureg Compliance Products. You may also provide us with this information when corresponding with us by telephone, phone, e-mail, social media or otherwise.

3.1.2 Automated technologies or interactions. As you interact with any Mabureg Compliance Products, we may automatically collect Technical Data and Usage Data. We collect this personal data by using cookies, server logs, web beacons/pixels and other similar technologies.

3.1.3 Third parties. We may receive personal data about you (Identity, Contact, Corporate Subscriber Data) from various third parties, e.g. your employer or a corporate subscriber to whom we are providing services and who has authorised your access to any Mabureg Compliance Products.

  1. HOW WE USE YOUR PERSONAL DATA

4.1 Legal Ground

We will use your personal data in the following circumstances:

4.1.1 Where we need to allow you to access the Mabureg Compliance Products and to provide support services.

4.1.2 Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. For example, our legitimate interests may include the administration and management of our business and the provision of our services to the corporate subscriber authorising your access to any Mabureg Compliance Product.

4.1.3 Where we need to comply with a legal or regulatory obligation.

Generally, where applicable, we obtain, collect and process your personal data on the basis of consent for some specific marketing purposes (i.e. proposal of products and services, invitation to events etc.).

4.2 Purposes for which we will use your personal data

We use your personal data in the following ways:

4.2.1 personal data that you provide to us is used to:

4.2.1.1 provide you with access to the information and services that the corporate subscriber authorising your access to the Software requests from us

4.2.1.2 provide services to your employer or the corporate subscriber authorising your access to the Software

4.2.1.3 provide support services to you

4.2.1.4 manage and administer our business

4.2.1.5 review and improve our services

4.2.1.6 to provide you with promotional communications, such as e-mail, to the extent that you have provided consent to receive such communications under applicable law, to notify you about changes to the Mabureg Compliance Products.

4.2.1.7 to provide you with an SMS service that provides you a security token that allows you to access the Software.

4.2.2 personal data that we receive from third parties may be combined with the personal data that you provide to us and used for the purposes described above.

4.2.3 personal data about your use of any Mabureg Compliance Product is used to:

4.2.3.1 administer the Mabureg Compliance Products and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes

4.2.3.2 provision of support services to you

4.2.3.3 improve the Mabureg Compliance Products to ensure that content is presented in the most effective manner for you and for your computer or mobile device

4.2.3.4 improve other websites we operate

4.2.3.5 refine the provision of the services offered and to assist in the development of new services

4.2.3.6 allow you to participate in interactive features of Mabureg Compliance Products, when you choose to do so

4.2.3.7 keep the Mabureg Compliance Products safe and secure

4.2.3.8 provide services to your employer or a corporate subscriber

4.2.3.9 provide services to a third-party that has been expressly authorised to access Mabureg Compliance Products by you, your employer or a corporate subscriber.

4.3 Cookies

The Portal uses cookies to distinguish you from other Users of the Portal. This helps us to provide you with a good experience when you use the Portal and also allows us to improve the Portal.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Portal may become inaccessible or not function properly.

List of third party cookies

Third parties

Purposes

Google Analytics

Analytics

LinkedIn

Advertising

4.4 Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at info@mabureg.com.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

  1. DISCLOSURES OF YOUR PERSONAL DATA

5.1 We may disclose your personal data to third parties in relation with the purposes for which personal data are processed including:

  • regulatory authorities and law enforcement agencies;
  • our trusted third-party service providers and our IT service providers;
  • third parties involved in financial market activities;
  • third parties involved in hosting or organizing events or courses;
  • professional advisors such as tax or legal advisors, consultants and accountants, and
  • any prospective buyers of Mabureg Compliance or the business of Mabureg Compliance.

5.2 We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

  1. INTERNATIONAL TRANSFERS

We store and process your personal data on servers located within the European Economic Area (the “EEA”). We only transfer your personal data outside the EEA where the European Commission has decided that the third country in question ensures an adequate level of protection in line with EEA data protection standards or where there are appropriate safeguards in place to protect your personal data.

  1. DATA SECURITY AND CONFIDENTIAL INFORMATION

We have put in place appropriate security measures (commensurate with the sensitivity of the personal data we process) to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Mabureg Compliance employs encryption technology to protect certain transmissions of data to/from the services, but e-mail and other communications are not encrypted. You should not send any personal or identifying information, such as bank or credit card details via e-mail. By employing e-mail or other insecure electronic communication means you acknowledge that you have no expectation of privacy with respect to the information delivered thereby and that Mabureg Compliance will not be responsible for any loss or damage that could result from interception by third parties of any information so sent.

  1. DATA RETENTION

How long will you use my personal data for?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, reporting, regulatory or contractual requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances you can ask us to delete your data: please see paragraph 9 below for further information.

Please be aware that we keep personal data for Users of Mabureg Compliance Products (including Identity Data, and Usage Data) for audit purposes whilst the relevant corporate subscriber is contracted to us and as required by any regulatory requirements applicable to the relevant corporate subscriber.

We may be subject to contractual requirements that specify how long we can keep your personal data for (for example, in our contract for the supply of services to the corporate subscriber authorising your access to any Mabureg Compliance Product).

  1. YOUR LEGAL RIGHTS

9.1 Your rights

The table below sets out the rights which you have to address any concerns or queries with us about our processing of your personal data. Please note that these rights are not absolute and are subject to certain exemptions under applicable data protection law.

RIGHT

FURTHER  INFORMATION

RIGHT TO BE INFORMED

You have the right to know your personal data is being processed by us, how we use your personal data and your rights in relation to your personal data.

RIGHT OF ACCESS

You have the right to ascertain what type of personal data Mabureg Compliance holds about you and to a copy of this personal data.

RIGHT TO RECTIFICATION

You have the right to have any inaccurate personal data which we hold about you updated or corrected.

RIGHT TO ERASURE

In certain circumstances you may request that we delete the personal data that we hold on you.

RIGHT TO RESTRICTION OF PROCESSING

You have the right to request that we stop using your personal data in certain circumstances including if you believe that the personal data we hold about you is inaccurate or that our use of your personal data is unlawful. If you validly exercise this right, we will store your personal data and will not carry out any other processing until the issue is resolved.

RIGHT TO OBJECT

Where we rely on our legitimate interests to process your personal data, you have a right to object to this use. We will desist from processing your personal information unless we can demonstrate an overriding legitimate interest in the continued processing.

RIGHT TO DATA PORTABILITY

In case the processing is based on your consent or a contract concluded with you, you may request us to provide you with certain personal data which you have given us in a structured, commonly used and machine-readable format and you may request us to transmit your personal data directly to another controller where this is technically feasible.

You can exercise any of these rights by:

By sending an e-mail to the following address: info@mabureg.com

You have the right to make a complaint at any time to NAIH the Hungarian supervisory authority for data protection issues (1055 Budapest, Falk Miksa utca 9-11.; website: http://naih.hu; postal address: 1363 Budapest, Pf.: 9.; telephone number: +36-1-391-1400; fax: +36-1-391-1410; e-mail: ugyfelszolgalat@naih.hu). We would, however, appreciate the chance to deal with your concerns before you approach NAIH, so please contact us here: info@mabureg.com – in the first instance.

You also have the right to initiate court proceedings before the court having competence over your place of domicile or habitual residence in connection with unlawful data processing.

9.2 No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.

9.3 What we may need from you

We may need to request specific information from you to help us to confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

9.4 Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or if you have made a number of requests. In this case, we will notify you and keep you updated.