Privacy Policy

INTRODUCTION

Enhance Zrt. (Registered seat: H-3623 Borsodszentgyörgy, Hegyalja út 5., VAT number:
28955779-2-05) (hereinafter referred to as: Service provider, Data controller) shall be
subject to the following policy.


Pursuant to the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF
THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the
processing of personal data and on the free movement of such data, and repealing
Directive 95/46/EC (General Data Protection Regulation), we give the following
notification.


This privacy policy regulates the data handling of the following websites: http://nhance.io

The privacy policy is available from the site: http://n-hance.io/privacy-policy
The modification of the policy shall enter into force by its publication on the website above.


NAME AND CONTACTS OF THE DATA CONTROLLER:

Name: Enhance Zrt.
Registered seat: H-3623 Borsodszentgyörgy, Hegyalja út 5.,
E-mail: info@n-hance.io
Telephone: +36 30 336 2320
August 23. 2021. [PRIVACY POLICY – N-HANCE.IO]

DEFINITIONS

1. ‘personal data’ means any information relating to an identified or identifiable natural
person (‘data subject’); an identifiable natural person is one who can be identified,
directly or indirectly, in particular by reference to an identifier such as a name, an
identification number, location data, an online identifier or to one or more factors
specific to the physical, physiological, genetic, mental, economic, cultural or social
identity of that natural person;


2. ‘processing’ means any operation or set of operations which is performed on personal
data or on sets of personal data, whether or not by automated means, such as
collection, recording, organisation, structuring, storage, adaptation or alteration,
retrieval, consultation, use, disclosure by transmission, dissemination or otherwise
making available, alignment or combination, restriction, erasure or destruction;


3. ‘controller’ means the natural or legal person, public authority, agency or other body
which, alone or jointly with others, determines the purposes and means of the
processing of personal data; where the purposes and means of such processing are
determined by Union or Member State law, the controller or the specific criteria for its
nomination may be provided for by Union or Member State law;


4. ‘processor’ means a natural or legal person, public authority, agency or other body
which processes personal data on behalf of the controller;


5. ‘recipient’ means a natural or legal person, public authority, agency or another body,
to which the personal data are disclosed, whether a third party or not. However, public
authorities which may receive personal data in the framework of a particular inquiry
in accordance with Union or Member State law shall not be regarded as recipients; the
processing of those data by those public authorities shall be in compliance with the
applicable data protection rules according to the purposes of the processing;


6. ‘consent’ of the data subject means any freely given, specific, informed and
unambiguous indication of the data subject’s wishes by which he or she, by a
statement or by a clear affirmative action, signifies agreement to the processing of
personal data relating to him or her;


7. ‘personal data breach’ means a breach of security leading to the accidental or unlawful
destruction, loss, alteration, unauthorised disclosure of, or access to, personal data
transmitted, stored or otherwise processed;

PRINCIPLES RELATING TO PROCESSING OF PERSONAL DATA

Personal data shall be:
a) processed lawfully, fairly and in a transparent manner in relation to the data
subject (‘lawfulness, fairness and transparency’);


b) collected for specified, explicit and legitimate purposes and not further processed
in a manner being incompatible with those purposes; further processing for
archiving purposes in the public interest, scientific or historical research purposes
or statistical purposes shall, in accordance with the paragraph (1) of the Article 89,
not be considered to be incompatible with the initial purposes (‘purpose
limitation’);


c) adequate, relevant and limited to what is necessary in relation to the purposes for
which they are processed (‘data minimisation’);


d) accurate and, where necessary, kept up to date; every reasonable step must be
taken to ensure that personal data that are inaccurate, having regard to the
purposes for which they are processed, are erased or rectified without delay
(‘accuracy’);


e) kept in a form which permits identification of data subjects for no longer than is
necessary for the purposes for which the personal data are processed; personal
data may be stored for longer periods insofar as the personal data will be
processed solely for archiving purposes in the public interest, scientific or
historical research purposes or statistical purposes in accordance with the
paragraph (1) of the Article 89 subject to implementation of the appropriate
technical and organisational measures required by this Regulation in order to
safeguard the rights and freedoms of the data subject (‘storage limitation’);


f) processed in a manner that ensures appropriate security of the personal data,
including protection against unauthorised or unlawful processing and against
accidental loss, destruction or damage, using appropriate technical or
organisational measures (‘integrity and confidentiality’).


The data controller shall be responsible for, and be able to demonstrate compliance with
the ones above (‘accountability’).

DATA PROCESSING
MESSAGE, CONTACT, REQUEST FOR QUOTATION
1. The fact of data collection, scope of the processed data and the aim of data processing:


Personal data / Aim of data processing
Name, E-mail address. /  Contact, identification.
Time and date of the message / Performance of technical operation
The IP address the message was sent / from Performance of technical operation


2. Scope of data subjects: Any data subjects sending message, inquiring or requesting a
quotation in the website.


3. Period of the data processing, deadline of the erasure of the data: Data processing shall
be performed until the closure of the case.


4. Possible data controllers entitled to get to know the data: The personal data shall be
treated by an employee authorised by the data controller, by considering the
principles above.


5. Description of the rights of the data subjects regarding data processing:
• The data subject may request from the controller access to and rectification or
erasure of personal data or restriction of processing concerning the data subject
and
• may object to processing of these personal data and
• the data subject shall have the right to data portability and to withdraw his/her
consent any time.


6. The data subject may request the erasure or the modification of the personal data:
– via post to the address H-3623 Borsodszentgyörgy, Hegyalja út 5.,
– via e-mail to the e-mail address info@n-hance.io
– via phone to the phone number +36 30 336 2320


7. Legal basis of the data processing: the consent of the data subject, item a) of the
paragraph (1) of the article 6, paragraph (1) of the section 5 of the Act CXII of 2011 on
the Right of Informational Self-Determination and on Freedom of Information


8. Hereby we notify you that
data processing shall be based on your consent.
• you shall give your personal data to let us reply your message.
• the lack of data supply has a consequence that we are unable to comply with
your request.


THE DATA PROCESSORS APPLIED

Hosting provider
1. Activity performed by the data processor: Hosting and server services


2. Name and contacts of the data processor:
Mail:
A2 Hosting, Inc.
Attn: Privacy Policy
PO Box 2998
Ann Arbor, MI 48106
USA
Web: https://www.a2hosting.com/contact/


3. The fact of data processing scope of the processed data: All personal data given by
the data subject.


4. Scope of data subjects: All data subjects using the website


5. Aim of data processing: Availability and the appropriate operation of the website.


6. Period of the data processing, deadline of the erasure of the data: Data processing
takes place until the termination of the agreement between the data controller and
the hosting provider or until the erasure request of the data subject to the hosting
provider.


7. The legal basis of the data processing: the consent of the user, as described in the
paragraph (1) of the section 5 of the Act CXII of 2011 on the Right of Informational
Self-Determination and on Freedom of Information, the item a) of the paragraph
(1) of the article 6, and the paragraph (3) of the section 13/A of the Act CVIII of
2001 on certain aspects of electronic commerce and information society services.

HANDLING OF COOKIES

1. The fact of data processing scope of the processed data: Unique identifier, dates, times


2. Scope of data subjects: All data subjects visiting the website


3. Aim of data processing: Identification of the users and the tracing of the visitors


4. Period of the data processing, deadline of the erasure of the data:


Cookie type / Legal basis of the data processing / Period of the data processing / Processed scope of data
Session cookies / paragraph (3) of the ssection 13/A of the Act CVIII of 2001 on certain aspects of electronic commerce and information society services. /  The period until the closure of the related visiting session / connect.sid

In case of hotjar, data processing takes place until 365 days and in case of Facebook
pixel, erasure takes place after 180 days.


5. Possible data controllers entitled to get to know the data: The data controller does
not process personal data by using the cookies.


6. Description of the rights of the data subjects regarding data processing: The data
subject have the possibility to delete the cookies in the Tools/Setup menu of the
browsers, usually among the settings of the Data protection.


7. Legal basis of the data processing There is no need for the consent of the data subject,
if the exclusive aim of the use of the cookies is the transmission of communications
via electronic communication system or if the use of the cookies is absolutely
necessary for the service provider to provide services explicitly requested by the
subscriber or the user, regarding the information society.


OTHER COOKIES


8. The data controller uses the remarketing code of the Facebook. As regards, we give
the following notification: cookie lifetime: 20 days; aim of data processing:
Personalisation of Facebook advertisements; further
information: http://facebook.com/help/cookies/


9. The data controller uses the service of the HotJar, which is a service used for heat map
analytics and collects data about the position of the clicks and the movement of the
mouse. Detailed information: https://www.hotjar.com/cookies


NEWSLETTER, DIRECT MARKETING ACTIVITY


1. Pursuant to the section 6 of the Act XLVIII of 2008 on the Essential Conditions and
Certain Limitations of Business Advertising Activity, the User may give his/her prior
and explicit consent to let the service provider contact him/her with its
advertisement offers and other consignments via his/her contact data given upon
registration.


2. Furthermore, by keeping an eye at the stipulations hereof, the Client may contribute
to the processing of his/her personal data necessary for the delivery of
advertisement offers by the Service provider.


3. The Service provider does not send unsolicited advertising material and it is free of
charge for the User to unsubscribe from the delivery of offers without restriction and
justification. In this case, the Service provider shall erase all personal data (necessary
for the delivery of advertisements) of the User from its registry and may not contact
the User with its further offers. The User may unsubscribe from the advertisements
by clicking the link in the e-mail.


4. The fact of data collection, scope of the processed data and the aim of data processing:
Personal data / Aim of data processing
Name, E-mail address. / Identification, making possible the subscription to the newsletter.
Time of subscription / Performance of technical operation
The IP address upon subscription / Performance of technical operation


5. Scope of data subjects: All data subjects having subscribed to the newsletter.


6. The aim of the data processing: sending electronic messages (e-mail, SMS, push
message) containing advertisement to the data subject, provision of notification on
actual information, products, promotions, new functions etc.


7. Period of the data processing, deadline of the erasure of the data: data processing
takes place until the withdrawal of the consent, i.e. until the cancellation of
subscription.


8. Possible data controllers entitled to get to know the data, the recipients of the
personal data: The personal data may be treated by the sales and marketing staff of
the data controller, by considering the principles above.


9. Description of the rights of the data subjects regarding data processing:
• The data subject may request from the controller access to and rectification or
erasure of personal data or restriction of processing concerning the data subject
and
• may object to processing of these personal data and
• The data subject shall have the right to data portability and to withdraw his/her
consent any time.


10. The access to personal data and their erasure, modification or the limitation of
their processing, the portability of data and the claim against data processing
may be initiated by the data subject via the contacts below:
– Via post to the address H-3623 Borsodszentgyörgy, Hegyalja út 5.,
– Via e-mail to the e-mail address info@n-hance.io
– Via phone to the phone number +36 30 336 2320


11. The data subject may any time unsubscribe from the newsletter free of charge.


12. Legal basis of the data processing: the consent of the data subject, the item a) of the
paragraph (1) of the article 6, the paragraph (1) of the section 5 of the Act CXII of 2011
on the Right of Informational Self-Determination and on Freedom of Information and
the paragraph (5) of the section 6 of the Act XLVIII of 2008 on the Basic Requirements
and Certain Restrictions of Commercial Advertising Activities.


The advertiser, the advertising service provider and the publisher of the advertisement shall keep record about the personal data of the people having made a declaration on their consent, in the scope determined in the consent. Any data – on the recipient of the advertisement – in this record shall be processed until the withdrawal of the consent, only according to the declaration on consent and may be delivered to a third party only with the prior consent of the data subject.

13. Hereby we notify you that
• data processing shall be based on your consent.
• you have to give your personal data, if you want to receive newsletter from us.
• the lack of data supply has a consequence that we are unable to send newsletter
to you.


SOCIAL NETWORKING SITES


1. The fact of data processing scope of the processed data: The name of the person
having registered at the social networking sites, such as Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc. and his/her public
profile picture.


2. Scope of data subjects: Any data subject having registered at the social networking
sites, such as Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc. and
liked the website.


3. Aim of the data collection: Sharing, liking and popularisation of the website itself or
certain content elements, products, promotions of it via the social networking sites.


4. Period of the data processing, deadline of the erasure of the data, possible data
controllers entitled to get to know the data and the notification of the data subjects
regarding their rights on data processing: The data subject may get information in the
given social networking site about the sources, the processing of the data and about
the way and the legal basis of the delivery of the data. Data processing takes place in
the social networking sites, therefore, the period and the way of the data processing
and the erasure and modification possibilities of the data shall be governed by the
regulations of the given social networking site.


5. Legal basis of the data processing: the voluntary consent of the data subject to the
processing of his/her personal data in the social networking site.


APPLICATION OF THE GOOGLE ANALYTICS


1. This website uses the Google Analytics application, which is the web analytics service
of the Google Inc. (Google). The Google Analytics uses the so-called cookies, text files,
which are saved to the computer and they facilitate the analysis of the use of the
website visited by the User.


2. The information generated with the cookies regarding the website used by the User
are usually sent to and stored on one of the Google servers in the USA. With the
website activation of IP-anonymisation, the Google previously shortens the IP
address of the User within the member states of the European Union or in other
countries involved in the Agreement on the European Economic Area.


3. The full IP addresses are delivered to and shortened in the Google servers in the USA
only in exceptional cases. On commission from the operator of the website, the Google
will use these data to evaluate how the user used the website, to make reports to the
operator of the website regarding the activity of the website and to perform further
services regarding the use of the website and the internet.


4. Within the framework of the Google Analytics, the Google does not compare the IP
address forwarded by the browser of the User with the other data of the Google. The
User may prevent the storage of cookies by the appropriate settings of his/her
browser, however, we call your attention that in this case it might occur that not all
functions of this website will be fully operational. Furthermore, the User may prevent
the Google to collect and process the website use data of the user, as collected by the
cookies (including the IP address), if he/she downloads and installs the browser
plugin available at: https://tools.google.com/dlpage/gaoptout?hl=hu

CUSTOMER RELATIONSHIPS AND OTHER DATA PROCESSING

1. If the data subject has any questions during the use of our data processing services or
he/she has any problems, he/she may contact the data controller via the contact data
in the website (phone, e-mail, social networking sites etc.).


2. The e-mails, messages and the data, including the name and the e-mail address of the
inquiring person, given via Facebook etc., together with his/her other voluntarily
delivered personal data will be erased by the data controller within 2 years from the
data publication at the latest.


3. About any data processing not listed herein, notification is given upon the entry of the
data.


4. In case of the exceptional call of authorities or in case of the call of other bodies
authorised by law, the Service provider shall issue information, disclose or deliver
data or documents to such authorities or bodies.


5. In these cases, if the authorities and bodies above indicated the exact aim and the
scope of the data, the Service provider shall issue personal data in an amount and
extent strictly necessary for the achievement of the aims of such call.

RIGHTS OF THE DATA SUBJECTS


1. Right of access
You shall have the right to obtain from the data controller confirmation as to whether or
not the personal data concerning you are being processed, and, where that is the case, you
shall have the right to have access to the personal data and the information stipulated by
the regulation.


2. Right to rectification
You shall have the right to obtain from the controller without undue delay the rectification
of your inaccurate personal data. Taking into account the purposes of the processing, you
shall have the right to have incomplete personal data completed, including by means of
providing a supplementary statement.


3. Right to erasure
You shall have the right to obtain from the controller the erasure of the personal data
concerning you without undue delay and the controller shall have the obligation to erase
the personal data concerning you without undue delay among the set circumstances.


4. Right to be forgotten
If the controller has made the personal data public and is obliged to erase the personal
data, the controller, taking account of available technology and the cost of
implementation, shall take reasonable steps, including technical measures, to inform the
data controllers which are processing the personal data that you requested the erasure of
any links to, or copy or replication of, those personal data.


5. Right to restriction of processing
You shall have the right to obtain from the controller restriction of processing where one
of the following applies:
• You contest the accuracy of the personal data, in this case, restriction refers to a
period enabling the controller to verify the accuracy of the personal data;
• the processing is unlawful and you oppose the erasure of the personal data and
request the restriction of their use instead;
• the controller no longer needs the personal data for the purposes of the processing,
but you require these data for the establishment, exercise or defence of legal
claims;
• You objected to processing; in this case the restriction refers to the period until it
is verified whether the legitimate grounds of the controller override your ones.


6. Right to data portability
You shall have the right to receive the personal data concerning you, which you have
provided to a controller, in a structured, commonly used and machine-readable format and you shall have the right to transmit those data to another controller without
hindrance from the controller to which the personal data have been provided (…)


7. Right to object
You shall have the right to object, on grounds relating to your particular situation, at any
time to the processing of personal data concerning you, including profiling based on those
provisions.


8. Objection against direct marketing
Where personal data are processed for direct marketing purposes, you shall have the right
to object at any time to the processing of personal data concerning you for such marketing,
which includes profiling to the extent that it is related to such direct marketing. If you
object to the processing of the personal data for direct marketing purposes, the personal
data shall no longer be processed for such purposes.


9. Automated individual decision-making, including profiling
You shall have the right not to be subject to a decision based solely on automated
processing, including profiling, which produces legal effects concerning you or similarly
significantly affects you.
The previous paragraph shall not apply, if the decision:
• is necessary for entering into, or performance of, a contract between you and the
data controller;
• is authorised by European Union or Member State law to which the controller is
subject and which also lays down suitable measures to safeguard your rights and
freedoms and legitimate interests; or
• is based on your explicit consent.


DEADLINE OF MEASURES

The data controller shall notify you without undue delay, but within 1 month after the
receipt of the request by all means, about the measures taken concerning the requests
above.


If necessary, this deadline may be prolonged by further 2 months. The data controller
shall notify you within 1 month after the receipt of the request about the prolongation of
the deadline, by indicating the reasons of the delay.


If the data controller fails to take measures regarding your request, the data controller
shall notify you without undue delay, but within 1 month after the receipt of the request
at the latest about the reasons of the omission of the measure and about that you are
eligible to submit a claim to a supervisory authority and you may exercise your right to
judicial remedy.


SECURITY OF DATA PROCESSING


Taking into account the state of the art, the costs of implementation and the nature, scope,
context and purposes of processing as well as the risk of varying likelihood and severity
for the rights and freedoms of natural persons, the data controller and the data processor
shall implement appropriate technical and organisational measures to ensure a level of
security appropriate to the risk, including inter alia as appropriate:
a) the pseudonymisation and encryption of personal data;
b) the ability to ensure the ongoing confidentiality, integrity, availability and
resilience of systems and services used for the processing of personal data;
c) the ability to restore the availability and access to personal data in a timely manner
in the event of a physical or technical incident;
d) a process for regularly testing, assessing and evaluating the effectiveness of
technical and organisational measures for ensuring the security of the processing.


COMMUNICATION OF A PERSONAL DATA BREACH TO THE DATA SUBJECT


When the personal data breach is likely to result in a high risk to the rights and freedoms
of natural persons, the controller shall communicate the personal data breach to the data
subject without undue delay.


The communication to the data subject shall describe in clear and plain language the
nature of the personal data breach and the name and contact details of the data protection
officer or other contact point where more information can be obtained; shall describe the
likely consequences of the personal data breach; and shall describe the measures taken
or proposed to be taken by the controller to address the personal data breach, including,
where appropriate, measures to mitigate its possible adverse effects.


The communication to the data subject shall not be required if any of the following
conditions are met:
• the data controller has implemented appropriate technical and organisational
protection measures, and those measures were applied to the personal data
affected by the personal data breach, in particular those that render the personal
data unintelligible to any person who is not authorised to access it, such as
encryption;
• the data controller has taken subsequent measures which ensure that the high
risk to the rights and freedoms of data subjects is no longer likely to
materialise;
• the notification would involve disproportionate effort. In such a case, there shall
instead be a public communication or similar measure whereby the data subjects
are informed in an equally effective manner.
If the controller has not already communicated the personal data breach to the data
subject, the supervisory authority, having considered the likelihood of the personal data
breach resulting in a high risk, may require it to do so.


NOTIFICATION OF A PERSONAL DATA BREACH TO THE AUTHORITY

In the case of a personal data breach, the controller shall without undue delay and, where
feasible, not later than 72 hours after having become aware of it, notify the personal data
breach to the supervisory authority competent in accordance with Article 55, unless the
personal data breach is unlikely to result in a risk to the rights and freedoms of natural
persons. Where the notification to the supervisory authority is not made within 72 hours,
it shall be accompanied by reasons for the delay.


POSSIBILITY OF COMPLAINTS


In case of an incidental violation of law by the data controller, a complaint may be lodged
to the Hungarian National Authority for Data Protection and Freedom of Information:
Hungarian National Authority for Data Protection and Freedom of Information
H-1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Correspondence address: H-1530 Budapest, P.O. Box: 5.
Telephone: +36 -1-391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu

AFTERWORD


During making this privacy policy, the following regulations were considered
– REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE
COUNCIL of 27 April 2016 on the protection of natural persons with regard to the
processing of personal data and on the free movement of such data, and repealing
Directive 95/46/EC (General Data Protection Regulation);
– Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom
of Information;
– Act CVIII of 2001 on Certain Aspects of Electronic Commerce and Information
Society Service (especially the section 13/A thereof);
– Act XLVII of 2008 on the Prohibition of Unfair Business-to-Consumer Commercial
Practices;
– Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of
Commercial Advertising Activities (especially the section 6 thereof)
– Act XC of 2005 on the Freedom of Information by Electronic Means;
– Act C of 2003 on Electronic Communications (especially the section 155 thereof)
– Opinion 16/2011 on EASA/IAB Best Practice Recommendation on Online
Behavioural Advertising
– Recommendation of the Hungarian National Authority for Data Protection and
Freedom of Information on the data protection requirements of the prior notification
– Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April
2016 on the protection of natural persons with regard to the processing of personal
data and on the free movement of such data, and repealing Directive 95/46/EC
(General Data Protection Regulation)