Data Security and Privacy Statement

You are reading this document because You are using the software developped by Ixenit Kft. Please note that it is very important to our Company that Your personal data is properly processed and protected and Your related rights are respected.

To achieve the above goals present privacy policy (hereinafter as: “Policy”) in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter as: “GDPR”) contains all information regarding the processing of personal data provided to Us by the users (hereinafter as: “User”) of Our software named TeamTrax (hereinafter as: “Software”) developed and operated by

Company name: Ixenit Tanácsadó Korlátolt Felelősségű Társaság

Registered seat: 52. Pünkösdfürdő street, 1039 Budapest, Hungary

Company registration number: 01-09- 716069

Tax number: 13045513-2-41

Registered by: Company Registry Court of the Metropolitan Court of Budapest

Represented by: Zoltán Magyar as managing director individually

E-mail: info@ixenit.com

Web: https://www.ixenit.com

(hereinafter as: „Service Provider”)

and available at the Atlassian Marketplace operated by Atlassian.

The purpose of the Policy is to provide an accurate picture of why and how, and for how long, we process personal data relating to Users who are using the Software.

Personal data

means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing

means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Controller

means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by EU or Member State law.

The controller of your personal data is the Service Provider.

Processor

means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Third party

means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Data forwarding

Means the disclosure of personal data to specific third parties.

Data subject

Everybody who shares his/her personal data with the Service Provider through the Website or via other channels or whose personal data is processed by the Service Provider otherwise. For example, you who reads this Policy.

Consent of the data subject

means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Sensitive data

personal data referring to racial origin, nationality, political opinions or membership in any political party, religious or other beliefs, membership of an advocacy organization, sex life, personal data concerning health, pathological data.

Genetic data

means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question.

Biometric data

means personal data resulting from specific technical processing relating to the physical, physiological or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopy data.

Personal data breach

means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Most of the above definitions are used by the GDPR. The full text of the GDPR is available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=HU. The above list is not complete so should you need more information or explanation do not hesitate to contact us.

We would like to inform You that during our processing we do not process or request from You any sensitive, genetic or biometric data.

Other definitions

Atlassian

Atlassian Pty Ltd, an Australian corporation (ABN 53 102 443 916)

Atlassian Marketplace

is an online marketplace for on-demand applications and downloadable software applications that interoperate with applicable Atlassian Products. Atlassian Marketplace can be reached on the following link: https://marketplace.atlassian.com;

Website

means the websites available at the domain https://www.ixenit.com that is operated by the Service Provider and through which the visitors may acquire information on the Service Provider, the Software and the services provided by the Service Provider

User

means collectively during the interpretation of present Privacy the visitor of the Website, the person requesting offer or consultation, the person subscribing to newsletter and the user of the Service (regardless of the user level), the person applying for support on behalf of a nonprofit organization, the person applying for a position, furthermore person who attend to an event either as visitor or as speaker or expert

III. In which cases do we process personal data?

In accordance with the principles laid down by Article 5 Section (1) of the GDPR the personal data of the User is processed in the following cases:

  • Browsing the Website
  • Using the Software
  • Contacting

IV. What data, for what purpose and for how long do we process?

In the cases detailed above the legal ground for processing shall be the following:

  • In accordance with article 6 Section (1) Point a) of the GDPR the freely given, specific, informed and unambiguous consent of the User (hereinafter as: „Consent”).
  • In accordance with article 6 Section (1) Point b) of the GDPR processing is necessary for the performance of a contract to which the User is party (hereinafter as: „Performance of Contract”).
  • In accordance with article 6 Section (1) Point c) of the GDPR processing is necessary for compliance with a legal obligation to which the controller is subject (hereinafter as: „Compliance”).
  • In accordance with article 6 Section (1) Point f) of the GDPR processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (hereinafter as: „Legitimate Interest”).

With respect to that we are not able to limit the amount of personal data may be sent to us by the User via any communication channel, because we have no influence on the User who voluntarily provide personal data, therefore we kindly request You that please only provide the most necessary information and data that is prescribed by the Service Provider in present Policy when contacting us in any was so do not share any personal data that we do not request or wish to handle under this Policy. If, despite our explicit request under this section, you provide us with information that is not necessary for the purposes of processing personal data and that may subsequently be detrimental to our Company, then by accepting present Policy You undertake to exempt our Company from any harmful consequences, including fines.

IV.1. Browsing the Website

Scope of data processedPurpose of processingGround for processingNaming of legitimate interestDuration of processing
IP address of the UserProtection of the IT systems of the Service Provider and securing the WebsiteLegitimate Interest of the Service ProviderProtection of the IT systems of the Service Provider and securing the Website30 days from visiting the Website as latest

The Website may be freely visited and browsed by the User without expressively providing any personal data to the Service Provider. However, when visiting the Website at any time, the User’s computer or mobile device sends a request to the Service Provider. It is like sending a letter to which You wish to get the content of the Website as an answer. The Service Provider can only answer this request if the User provides his/her address. This address is the User’s internet identifier address, IP address for short. The Service Provider sends the requested Website to this IP address. This is an automatic process, by typing the domain of the Website to the web browser or by clicking to a link published anywhere that is directing to the Website the User gives his/her consent to provide the IP address for this purpose and to be processed by the Service Provider. To make this „correspondence” smooth the servers of the Service Provider store the IP address of the User in log files.

The identification and storing of IP addresses is necessary to protect the IT systems of the Service Provider and the Website as well. Protection against possible malicious activities against the Website is partly ensured by that the Service Provider is logging the operation of the Website and in this log, it lists the IP addresses from which requests to its servers were made. If the Service Provider detects an activity from an IP address that interferes with the secure operation of the Website, he addresses will be blacklisted. Any malicious activity is prevented and resolved through legal action. If nothing unordinary occurs, the Service Provider deletes the log files and the IP addresses. IP addresses stored in log files will not be used by the Service Provider for any other purpose and will be automatically deleted within 90 days and we keep it only if the User has performed any prohibited activity from that IP address. These activities are either listed above or other activities that violate local, state, national or international law.

IV.2. Using the Software

Scope of processed dataPurpose of processingGround for processingDuration of processing
Atlassian ID of the UserIdentifying the UserPerformance of ContractUntil the end of the User’s subscription to the Software

IV.3. Contacting

In order to help the Users using our Software We maintain a helpdesk to provide technical assistance and information to Users.

If the User contacts the helpdesk by e-mail at the address info@ixenit.com then by sending the e-mail the User acknowledges the processing of his/her personal data. In order to be able to fulfill Your requests, certain personal data must be processed. Without these, we will not be able to complete Your request as we would not be able to contact You

Scope of processed dataPurpose of processingGround for processingDuration of processing
E-mail address of the UserIdentifying the User, fulfillment of requestsPerformance of ContractUntil 31st December of the second year following the year in which the request was resolved.
First and last name of the UserIdentifying the User, fulfillment of requestsPerformance of ContractUntil 31st December of the second year following the year in which the request was resolved.
The social media contact of the User possibly shared by the User in his/her e-mail „signature”-Performance of ContractUntil 31st December of the second year following the year in which the request was resolved.

V. Where and how my personal data is stored?

All personal data is stored electronically on trusted secure servers. The data we store is either on a server located within the European Union or on a server of a processor who is properly certified in relation to the processing of personal data.

The Service Provider ensures the protection of data on several levels (physically, technically and organizationally), which in each case comply with industry standards.

Notwithstanding the above, the Service Provider shall not be liable for any damage, destruction or unauthorized access to the data in the event of technical error, natural disaster, terrorist or criminal act.

If under present Policy the legal ground of processing is the data subject's i.e., the User's consent, then the User has the right to withdraw this consent. Depending on the purpose of processing there are many ways to do it. You may withdraw Your consent given at browsing at any time, free of charge and without limitation by revisiting the Website and clicking on the pop-up window. In addition, if You do not have the possibility to withdraw Your consent this way, you may withdraw it by sending a message to info@ixenit.com or in case of newsletter subscription by clicking on the "Unsubscribe" button at the bottom of the email or by sending a letter to the Service Provider's headquarters address.

Please note that the withdrawal of consent does not affect the legality of the processing prior to the withdrawal.

VII. What rights do You have in connection with processing Your personal data?

Request for information (right to access): You may request information about the processing of Your personal data at any time, either in person, at our registered seat address, in writing by sending a registered letter or by email to info@ixenit.com.

Pursuant to Article 15 Section (1) of the GDPR, a request may include information on the data processed, their source, purpose, legal ground, duration, name and address of any processor, processing activities and Your rights in relation to processing. In the case of data transfer, to whom and for what purpose Your data have been or will be transferred.

A request for information is considered authentic by us if You are clearly identified by it. If the request is sent by e-mail or post, only the e-mail sent from Your registered e-mail address will be considered as authentic, and we will only be able to send information to the postal address registered by us. Unless You voluntarily verify Your identity otherwise, we will not be able to send information to an e-mail address or postal address that is not registered in our records in order to protect Your privacy.

Rectification: You may at any time request the rectification, modification or amendment of Your data in the same manner described above. We can also do this only on the basis of a request from a credible source presented when submitting the request.

Restriction: You may request that we restrict the processing of our personal information in particular if:

  1. a) You argue the accuracy of the personal data we process. In this case, the limitation refers to the period during which the accuracy of the data is checked.
  2. b) Although the legal ground for processing does not stand for us, but You are requesting us in writing to keep them for the purpose of filing, asserting or defending any legal claim You may have

Objection: If we process Your personal data on the ground of legitimate interest, You may at any time object to the processing of Your personal data. In such cases, we will review the legality of the objection and, if it is well established, we terminate the processing of data and notify anyone to whom the personal data subject to the objection may have been previously transmitted.

Deletion (“Right to be forgotten”): You may request the deletion of Your personal data at any time for any of the reasons set out in Article 17 Section (1) of the GDPR.

We may refuse deletion if the processing of Your personal data is required by law or if it is necessary to enforce our legal claims. We will always inform You about the refusal of the request for deletion. Once it is deleted, the data cannot be recovered.

Transfer of Personal Data (Portability): You may at any time request us to transfer the data processed in connection with You in a structured, widely used, machine-readable format to You or to another controller.

We kindly ask You to not exercise the above rights improperly, but only if it has a real ground or if any of the conditions set out in the GDPR actually exist.

VIII. To whom we transfer personal data and who has right to access them?

VIII.1. Amazon Web Services (AWS)

The Service Provider stores and operates the Software through Amazon Web Services a cloud-based webserver which may be reached at:

Company name: Amazon Web Services Inc.

Registered seat: 410 Terry Avenue North, Seattle, WA 98109-5210, USA

E-mail: EU-privacy-DSR@amazon.com

Phone number: +1 206 266 1000

Represented by: Eva Gehlin and Barbara Scarafia directors

European server locations: London, Frankfurt, Stockholm, Paris, Dublin

(hereinafter as: “Amazon”)

Although the Service Provider use the servers of Amazon located outside the territory of the European Union, namely in the United States Your data is still secure and protected by the provisions of the GDPR, as in the event Amazon processes data outside the European Union, it will provide adequate protection in accordance with the provisions of the GDPR as Google has undertaken to comply with the code of conduct called Standard Contractual Clauses (SSC) approved by the Court of Justice of the European Union in accordance with the provisions of Article 40 of the GDPR, which ensures that transfers of data from the EU to third countries outside the European Union to a controller or processor outside the EU.

More information on SCC is available at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_hu

Information on Amazon’s processing in compliance with SCC can be found here: may be found at https://aws.amazon.com/blogs/security/aws-gdpr-data-processing-addendum

Amazon ensures the protection of data on multiple levels, physically protecting data storage servers, its infrastructure through uninterruptible power supplies and other advanced tools, limiting access to data, continuous monitoring of its system, encryption, and finally, environmentally selecting data center locations, because Amazon set up its data centers in places where it is not exposed to nature, such as seismic activity. More information about Amazon's security solutions is available at https://aws.amazon.com/compliance/data-center/data-centers

Amazon’s general privacy policy can be reached at: https://aws.amazon.com/privacy

VIII.2. Correspondence (e-mail)

The Service Provider uses Google Inc.'s Gmail GSuite service to communicate via email:

Company name: Google Ireland Ltd

Registered seat: Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Registration number: 368047

Represented by: Elizabeth Margaret Cunningham director

Phone: +353 1 436 1000

Data center: Dublin, Ireland

(hereinafter as: “Google”)

Google processes EU related data within the territory of the European Union through its servers located in Dublin, Ireland. Google may not access, modify, delete, use or otherwise manipulate the User related data stored on the server provided by Google. If, for any reason, Google processes personal data outside the European Union, it will provide adequate protection in accordance with the provisions of the GDPR as a result of being subject to the SCC code of conduct. Learn more at https://policies.google.com/privacy/frameworks

Google provides the protection of data on multiple levels, such as physically protecting data storage servers, which are secured and supervised by security guards and technicians, it restricts access to server rooms by its employees and by providing uninterruptible power supply and other state-of-the-art infrastructure, restricting access to data, continuously monitoring its system, encryption and firewall protection. The Google Privacy Policy is available at https://policies.google.com/privacy

IX. What are the responsibilities with regard to the personal data You provide?

When You provide us Your personal data, you are responsible for ensuring that the information and contributions You make are true and correct.

We ask You to provide us third-party data only if specifically authorized to do so by the third party. Our company assumes no liability for any resulting claims.

If a third-party object the processing of personal data by credibly verifying its identity, we will immediately delete third-party data without notifying You. Please only provide third-party personal data only if you have informed the third party of the availability of this Policy.

X. Management of Personal data breach

Any personal data breach that may occur will be reported to the supervisory authority within 72 hours from becoming known to us in accordance with the law, and we will also maintain records of any breach that may occur. In the cases specified by law, we also inform the User or Data subject concerned.

XI. Data Protection Officer (DPO)

Pursuant to Article 37 of the GDPR appointment of a DPO is mandatory if:

  1. a) the processing is carried out by a public authority or body, except for courts acting in their judicial capacity.
  2. b) the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or
  3. c) the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 and personal data relating to criminal convictions and offences referred to in Article 10. With respect to that the Service Provider is not subject to any of the clauses above and because there is no other compelling reason to appoint a DPO we are not appointing anyone for this position.

XII. Amendment of the Privacy Policy

If the scope of the processed data, the legal ground of the processing or other circumstances change, this Policy will be amended and published in accordance with the provisions of the GDPR and the User will be notified of such change given that the changes will become effective from the 5th business day following the date of publication. Please be sure to read the Policy changes carefully as they contain important information about the processing of Your personal data.

XIII. Whom You may contact for information regarding Your personal data or to exercise Your rights?

If You have any questions, please contact us by email info@ixenit.com, phone +36 1 886 2673 or at 52. Pünkösdfürdő street, 1039 Budapest, Hungary

The User is entitled to exercise his / her rights related to the processing of personal data against the Service Provider as controller. If You wish to exercise Your rights, you must first notify the Service Provider

If You feel that Your rights have been violated, you can complain to the National Authority for Privacy and Freedom of Information:

Name: National Authority for Privacy and Freedom of Information

Address: 1055 Budapest, Falk Miksa utca 9-11., Hungary

Mailing address: 1363 Budapest, PO box: 9., Hungary

Phone: +36 1 391 1400

E-mail: ugyfelszolgalat@naih.hu

Website: https://www.naih.hu