Nextent Informatika Zrt. – Privacy policy

 

1. Introduction

2. Scope of Personal Data, Purpose, Legal Basis, and Duration of Data Processing
    2.1 User Data
    2.2 The Website’s Own Cookie Management
    2.3 Data Processing by External Service Providers on the Website
    2.4 Other Data Processing Activities

3. Method of Storing Personal Data, Data Processing Security

4. Data Controller’s Details and Contact Information

5. Legal Remedies
    5.1 Right to Information
    5.2 Right of Access
    5.3 Right to Rectification
    5.4 Right to Erasure
    5.5 Right to Restriction of Processing
    5.6 Right to Object
    5.7 Procedural Rules
    5.8 Right to Contact the Data Controller
    5.9 Right to Judicial Remedy
    5.10 Data Protection Authority Procedure

---

1. Introduction

Nextent Informatika Zrt. (registered office: 1119 Budapest, Fehérvári út 97-99., hereinafter referred to as: Service Provider or Data Controller) operates the website nextent.hu (hereinafter: Website). With this notice, the Service Provider fulfills its obligation to inform users about data processing activities. The Service Provider acknowledges the contents of this legal notice as binding and undertakes to ensure that all data processing activities related to its operations comply with this policy and applicable laws.

The Data Controller:

• Reserves the right to modify this notice.

• Is committed to protecting the personal data of its clients and partners and highly values the right to informational self-determination.

• Handles personal data confidentially and takes all necessary security, technical, and organizational measures to ensure data protection.

• Processes personal data exclusively for specific, explicit, and legitimate purposes, for the exercise of a right or the fulfillment of an obligation, and collects and processes such data lawfully and fairly.

• Only processes personal data that is necessary for achieving the purpose of data processing and only for the period required for that purpose. Data is stored in a form that allows identification of the data subject only for as long as is necessary for the data processing purpose.

Its data protection principles comply with applicable data protection laws, especially the following:

• Act CXII of 2011 on Informational Self-Determination and Freedom of Information

• Act V of 2013 on the Civil Code

• Act CLV of 1997 on Consumer Protection

• Act XIX of 1998 on Criminal Proceedings

• Act C of 2000 on Accounting

• Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services

• Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising

• Regulation (EU) 2016/679 of the European Parliament and Council (GDPR)

The Data Controller operates the Website as a media content provider and related IT service provider. For the purposes of this Policy, any person who accesses or visits the Website is considered a User (also referred to as Data Subject), especially those who register for services provided via the Website and submit their data as described herein.

By choosing to use the services accessible through the Website, the User consents to the processing of the data defined in this Notice. If the User sends an email to the Data Controller, their name, company name, phone number, and email address will be recorded and processed to the necessary extent and duration.

Data may be transferred to Data Processors listed in this Policy without separate consent. Personal data may only be disclosed to third parties or authorities based on a legal obligation or the User’s prior, explicit consent.

The User guarantees that if they provide or make available personal data of other individuals, they have lawfully obtained the consent of those individuals.

The Data Controller cannot verify the authority or the content of the consent obtained by the User, therefore the User is responsible for ensuring its lawfulness.

The Data Controller ensures the security of personal data, implements appropriate technical and organizational measures, and establishes procedural rules to protect the data against accidental loss, unlawful destruction, unauthorized access, use, alteration, or dissemination. These obligations also apply to any third parties receiving such data.

According to the GDPR, the Data Controller is not required to appoint a Data Protection Officer.

---

2. Scope of Personal Data, Purpose, Legal Basis, and Duration of Processing

Data processing by the Data Controller is based on legal authorization or the User’s voluntary consent. If the data provider submits data of another person, it is their obligation to obtain that person’s consent. Refusal to provide data may result in the unavailability or limited availability of the requested service.

2.1 User Data

• Purpose: Identification and contact in case the User sends an email to the Data Controller.

• Legal basis: Voluntary consent of the Data Subject under GDPR Article 6(1)(a).

• Scope of data processed: Email address.

• Duration: Until consent is withdrawn.

2.2 Website’s Own Cookie Management

• Purpose: User identification, session management, data retention, loss prevention, tracking, and web analytics.

• Legal basis: Voluntary consent under GDPR Article 6(1)(a).

• Data processed: ID number, date, time, previously visited page.

• Duration: 30 days or until expiration date of persistent cookies.

Cookies can be deleted by the User or disabled in the browser. Blocking cookies may impact website functionality. Cookies are alphanumeric info packets sent by the web server and stored on the user’s device for a pre-defined duration.

Data Processor:
Tárhely.Eu Szolgáltató Kft. (1097 Budapest, Könyves Kálmán körút 12-14., Website: tarhely.eu, Email: ugyfelszolgalat@tarhely.eu, Phone: +36 1 789 2 789)
Functions: Online hosting, backup, development, database maintenance

2.3 External Service Providers on the Website

Third-party service providers may receive or provide personal data in connection with the Website operation. These include both partners cooperating with the Data Controller and providers collecting data independently.

Such providers include:

• addthis.com, facebook.com, ad.adverticum.net, and for web analytics: Google Analytics

More information:

• Google Analytics: https://www.google.com/analytics

• Google’s privacy practices: https://www.google.com/policies/privacy/partners/

Cookies can be managed in browser settings under names such as “cookies”, “tracking”, etc.

Some third-party providers may access the Website and collect user activity data without cooperation from the Data Controller. These may include, but are not limited to:

• Facebook Ireland LTD., Google LLC, Instagram LLC, Infogram Software Inc, PayPal Holdings Inc., Pinterest Europe Ltd., Playbuzz Ltd., Twitter International Company, Viber Media LLC, Vimeo INC., YouTube LLC

These providers process data based on their own privacy policies.

2.4 Other Data Processing

For data processing not covered in this notice, information will be provided at the time of data collection.

Authorities such as courts, prosecution, police, or supervisory bodies may request data disclosure. The Service Provider will only disclose data to the extent necessary and when legally required.

---

3. Data Storage and Security

Data is stored at the headquarters or premises of the Service Provider.

The Service Provider ensures that data is:

• Accessible only to authorized individuals (availability)

• Authentic and verifiable (data authenticity)

• Unaltered (data integrity)

• Protected from unauthorized access (data confidentiality)

Security measures are applied to prevent unauthorized access, disclosure, destruction, and accidental loss.

---

4. Data Controller’s Contact Details

• Name: Nextent Informatika Zrt.

• Address: 1119 Budapest, Fehérvári út 97-99.

• Email: adatvedelem@nextent.hu

• Tax Number: 13522225-2-43

• Court of Registration: Metropolitan Court of Registration

---

5. Legal Remedies

The Data Subject may request information about their data, its correction, deletion (except for mandatory data processing), or restriction.

5.1 Right to Information

Upon request, the Data Controller will provide information about processed data, its source, purpose, legal basis, duration, data processor details, and any data breaches. Response is given within 30 days, free of charge unless repetitive.

5.2 Right of Access

The Data Subject may request confirmation of whether their data is being processed and access to such data.

5.3 Right to Rectification

Incorrect data will be corrected if accurate data is available.

5.4 Right to Erasure

Data will be erased if:

• It is no longer needed

• Consent is withdrawn

• Processing is objected to

• Data was unlawfully processed

• Law requires erasure

• Data was collected for information society services

Exceptions apply, such as for legal obligations, public interest, health, scientific research, or legal claims.

5.5 Right to Restrict Processing

Processing is restricted if:

• Data accuracy is contested

• Processing is unlawful but deletion is refused

• Data is no longer needed but is required for legal claims

• Processing is objected to and awaiting assessment

During restriction, data may only be stored or processed with consent or for legal claims.

5.6 Right to Object

The Data Subject can object to processing based on legitimate interest. In such cases, processing must cease unless justified by overriding legitimate grounds.

For direct marketing, the Data Subject may object at any time, including related profiling.

5.7 Procedural Rules

The Data Controller must respond to requests within one month (extendable by two months). If denied, the Data Subject must be informed of reasons and rights to appeal. Responses must be free unless requests are excessive or repetitive.

Data Controllers and Processors are liable for damages unless they can prove they are not responsible.

5.8 Right to Contact the Data Controller

Contact via:

• Email: adatvedelem@nextent.hu

• Phone: +36 1 246 2907

• Postal Address: Same as headquarters

5.9 Right to Judicial Remedy

In case of rights violation, the Data Subject may take legal action. Courts proceed urgently.

5.10 Data Protection Authority Procedure

Complaints can be submitted to the Hungarian National Authority for Data Protection and Freedom of Information:

• Name: Nemzeti Adatvédelmi és Információszabadság Hatóság

• Address: 1055 Budapest, Falk Miksa utca 9-11

• Mailing Address: 1363 Budapest, Pf. 9