Privacy and Data Protection Policy
https://www.playerranks.net
1. Summary
Saker Soft SRL-D (hereinafter referred to as the Data Controller) processes the data of visitors to the Website, those who register on the Website, and those who purchase it (hereinafter collectively referred to as the Data Subject) in the course of operating its websites. We collect and process all personal data exclusively in accordance with the law.
We can send system messages without separate consent, but DM letters only with consent.
We store your data as securely as possible and only transfer them to third parties with consent.
You can request information about your personal data or its deletion in writing at contact@sakersoft.ro or at https://www.playerranks.net/hu/page/view/Kapcsolat/contact.
2. Name and contact details of the data controller
Name of the data controller: Saker Soft SRL-D.
Email address of the data controller: contact@sakersoft.ro
Phone number of the data controller: +40 746 332581
3. Purpose of the privacy policy
The purpose of this Privacy and Data Management Policy (hereinafter referred to as: Policy) is to ensure that Saker Soft SRL-D.
(registered office: 540559 Targu Mures, Infratirii nr. 17/32; CUI: 332786640; telephone number: +40 746 332581; to record the data protection and data management principles applied by and the data protection and data management policy of the Company.
The Data Controller acknowledges the content of this legal notice as binding on itself. It undertakes to ensure that all data management related to its activities complies with the expectations set out in this regulation and the applicable laws. In connection with the management of data, the Data Controller hereby informs Users about the personal data it processes on the Website, its principles and practices followed in the management of personal data, as well as the methods and possibilities for exercising the rights of the data subjects.
The Service Provider respects the personal rights of its Website visitors; it processes the recorded personal data confidentially, in accordance with data protection laws and international recommendations, and in accordance with this data management statement. Data Controller reserves the right to change this information at any time, the Data Subject will inform the Users about the entry into force of which, the data subjects must accept the modifications in the manner provided by the Data Controller in order to continue using the website. The principles and procedures set out in this data protection information comply with Act CXII of 2011 on the right to informational self-determination and freedom of information (“Infotv.”), and Regulation (EU) 2016/679 of the European Parliament and of the Council (“Regulation”).
4. Scope, time and purpose of the processed personal data
You can order the relevant service during registration or login on the Data Controller's website. The provision of data is voluntary, the Data Controller is not obliged to provide their personal data, however, in the absence of such data, in some cases (for example, in the case of ordering as a private individual) they cannot order the services provided by our company.
The purpose of data processing provided with the consent of the Data Controller is: provision of services, documentation of the adequacy of performance, proof of the conclusion of contracts and fulfillment of legal obligations (e.g. issuing an invoice). Within the scope of mandatory data processing, the Data Controller complies with its legal obligations regarding the processing of certain data required by law, for the
period specified by law, regarding the scope of data that is mandatory for the effective laws. The Data Controller is not responsible for the authenticity of the data provided.
Technical data
When using the Website, the Data Controller automatically records the User's IP address, the operating system used and the type of browser and other information for technical reasons.
The system continuously logs this data, but it does not link it with the data provided during registration or during use. The data obtained in this way is not accessible to the Users, but only to the Service Provider and the administrators on the site.
The Service Provider may record the data of the websites from which the User reached the Website, and those visited on the Website, as well as the time and duration of the visit.
No conclusions can be drawn about the person concerned or his profile from this data.
The system identifies the computers of the Website visitors with a so-called cookie. The Data Controller uses the technical data exclusively for the technical operation of the Website and for statistical purposes.
Data provided during registration and purchase of services and their management
During registration, the Data Subject must provide the following personal data: login email address, password, last name, first name, verification code (for filtering out bots).
After providing the data, the Data Controller will notify the Data Subject by e-mail about the success of the registration if the Data Subject needs to confirm the correctness of his/her email address.
After registration, the Data Subject may optionally provide additional data and comments, if necessary for the performance or facilitation of the service provided by the Service Provider.
After registration, the data subject agrees to the display of some of his/her personal data (e.g. name, email address, etc.) if this is essential for the proper functioning of the service.
The Data Controller undertakes not to send electronic mail to the e-mail addresses provided by the Data Subject during registration, except for e-mails and system messages related to the services used by the Data Subject.
The purpose of data processing: documenting purchases, orders and payments; issuing financial documents; service provider performance; communicating changes affecting the given service, sending reminders (e.g. payment reminders, requesting other technical information essential for the performance of the service).
The legal basis for data processing: the data subject's consent or legal requirement (Accounting Act).
The duration of data processing: 8 years in the case of mandatory data processing based on law, otherwise until the data subject's consent is withdrawn.
During the purchase, the Data Subject must also provide the following data: billing address (postal code, town, street, house number), country, county, telephone number, own e-mail address.
Other services
The Service Provider also provides the opportunity for various e-services on the Website. The Service Provider processes the technical data generated during the use of the service, as well as the data provided by the User during the order.
The Data Subject may also provide additional data (comments) on a non-mandatory basis during the use of the services, in which case he/she agrees to the display of the provided information on the Website, if the Service Provider wishes to display it or the operation of the service requires this.
Duration of data management: 8 years in the case of mandatory data management based on the law, otherwise until the data subject withdraws his/her consent.
Data provided when subscribing to the newsletter and how it is processed
The data subject has the option to subscribe to the newsletter if he/she selects this when editing his/her profile or during registration.
In this case, the Service Provider may send the newsletter until the data subject cancels the selection.
The legal basis for data processing is: the data subject's consent or legal requirement (Accounting Act).
Data stored in connection with non-service-related, interest-based emails sent to email addresses and their management
Processed data: e-mail address, name, telephone number, if the letter writer also provided this.
Purpose of data processing: maintaining contact.
Legal basis for data processing: consent of the data subject.
Duration of data processing: until consent is withdrawn.
Other data processing
We will provide information on data processing not listed in this information when the data is collected. A court, prosecutor, investigative authority, misdemeanor authority, administrative authority, the National Data Protection and Freedom of Information Authority, or other bodies authorized by law may contact the Data Controller to provide information, communicate, transfer data, or make documents available.
Personal data will only be released to the authorities – if the authority has specified the exact purpose and scope of the data – to the extent and insofar as it is absolutely necessary to achieve the purpose of the request.
5. Storage, protection and access to personal data
The Data Controller stores personal data using IT tools at the Data Controller’s headquarters and on its own servers. The Data Controller’s manager and employees are primarily entitled to access the data.
As stated in this information, certain data are transferred to data processors and other data controllers (e.g. accountants) in order to achieve the goals set out in this information.
In addition to the above, the transfer of personal data concerning the User may only take place in cases specified by law (e.g. in the event of a request from an authority authorized by law) or based on the User’s consent.
The Data Controller protects the processed data against unauthorized access, alteration, transmission, deletion, damage and destruction. The Data Controller keeps a data protection register containing the scope of personal data processed by it, the scope and number of persons affected by a possible data protection incident, the date, circumstances, effects of the data protection incident and the measures taken to remedy it, as well as other data specified in the legislation prescribing data processing.
6. Data security
The Data Controller takes all necessary steps to ensure the security of personal data provided by the Data Subject both during network communication and during data storage and safeguarding.
Access to personal data is strictly limited to prevent unauthorized access, unauthorized modification or unauthorized use of personal data.
The servers serving the Data Controller's website are located at its own premises, Saker Soft SRL-D (sakersoft.hu). During data processing, the Data Controller maintains confidentiality: protects the information so that only those who are authorized to do so can access it; integrity: protects the accuracy and completeness of the information and the processing method; availability: ensures that when the authorized user needs it, he can actually access the desired information and that the related tools are available. The Data Controller also requires the above commitment from its employees participating in its data processing activities and from data processors acting on behalf of the Data Controller.
Data protection incident
A data breach is a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed. The controller shall keep records of data breaches, indicating the facts related to the data breach, its effects, and the measures taken to remedy it.
In the event of an incident, the controller shall, unless it does not result in a risk to the rights and freedoms of natural persons, inform the data subject and the supervisory authority of the data breach without undue delay, but no later than 72 hours after the incident.
The data subject does not need to be informed if any of the following conditions are met:
the Data Controller has implemented appropriate technical and organizational protection measures and these measures have been applied to the data affected by the data breach, in particular measures – such as the use of encryption – that make the data unintelligible to persons not authorized to access the personal data;
the Controller has taken additional measures following the data breach to ensure that the high risk to the rights and freedoms of the data subject referred to in Article 33(1) of the Regulation is no longer likely to materialise; providing information would involve a disproportionate effort. In such cases, the data subjects shall be informed by means of publicly available information or a similar measure shall be taken to ensure that the data subjects are informed in a similarly effective manner.
7. User rights and remedies
The data subject has the right to request information about the personal data concerning him or her processed by the Data Controller at any time and to modify them at any time. The data subject also has the right to request the deletion of his or her data via the contact details provided in this section.
The data subject may request information from the Data Controller about the processing of his or her personal data, the correction of his or her personal data, the deletion or blocking of his or her personal data – with the exception of mandatory data processing –,
the restriction of data processing, and may object to data processing.
Rights of data subjects
Right of access
Right to rectification Right
to erasure
Right to restriction of processing
Right to data portability
The data subject can exercise his/her rights at the contact details described above.
The data subject may contact the Data Controller's employee with any questions or comments related to data management via the above contact details.
The Data Controller is obliged to provide the information in writing, in a clear and understandable form, in the same manner as the request, as soon as possible after the request is submitted, and no later than 25 days after the request is submitted.
The data subject may at any time request the correction or deletion of incorrectly recorded data. The Data Subject may correct some of his/her data on the Website; in other cases, the Data Controller will delete the data within 3 working days of receipt of the request, in which case they will not be recoverable. The data
subject has the option of requesting the deletion of his/her personal data, which the Data Controller will comply with within 15 days at the latest. The deletion does not apply to data processing required by law (e.g. accounting regulations), and the Data Controller will retain them for the necessary period.
At the request of the data subject, the Data Controller shall restrict the processing of the personal data if the accuracy of the personal data is disputed, or if the data subject objects to the processing,
or if the Data Controller no longer needs the personal data.
The data subject shall also have the right to receive the personal data concerning him or her, which he or she has provided, in a structured, widely used and machine-readable format, and shall have the right to transmit these data to another data controller without hindrance from the Data Controller, provided that the necessary conditions are met. The data subject
may, at his or her choice, also assert his or her rights before the county court of the place of residence/registered office of the data subject (legislative background:
Section 22 (1) of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information). He or she may also request the assistance of the President of the National Authority for Data Protection and Freedom of Information.
The Data Controller may refuse to provide information to the data subject only in the cases and for the reasons specified in the Infotv. or the Regulation. In such a case, the Data Controller shall inform the data subject in writing of the provision of the Information Act or the Regulation on the basis of which the information was refused. In the event of refusal of information, the Data Controller shall inform the data subject of the legal remedies.
If the Data Subject provided third party data during registration to use the service, the Data Controller shall provide all possible assistance to the authorities in order to establish the identity of the person infringing the law.
8. OTHER PROVISIONS
The Data Controller reviews this information annually. The Service Provider reserves the right to unilaterally modify this Data Protection Statement with prior notice to the Data Subject.
The Data Controller is also obliged to review the information in this information if a significant change in legislation comes into force, or if its data protection and data management processes and procedures change significantly.
In such cases, the Data Controller will modify this information accordingly and publish it on its website, while also drawing attention to the changes. Our website is not responsible for the data management practices of other external websites.
The Data Controller does not check the personal data provided to it. The person providing it is solely responsible for the adequacy of the data provided. When providing the e-mail address of any Data Subject, he/she also assumes responsibility for the fact that he/she is the only one using the service from the provided e-mail address.
This information is effective as of May 25, 2018.
Dated: Targu Mures, May 25, 2018.