Data Processing and Privacy Policy

Last updated: 03-Sep-2024
Effective date: 28-Jul-2022

I. Introduction / General information

NIX Tech Kft. (hereinafter referred to as the “Company” or the “Data Controller“), as the data controller, informs you in this Privacy and Data Protection Policy (hereinafter referred to as the “Policy“) about the processing of personal data provided when applying for open positions, training programs, training courses on the website https://nixstech.com (hereinafter referred to as the “Website” or the “Service“) and personal data collected during the use of the Website and data related to contractual partners.

The Policy also covers the procedure for the collection, use and possible transfer of the personal data you have provided, the right to object to certain uses of the data, and access to the data.

Your personal data will be processed in accordance with this Policy and the legislation applicable at the time of processing, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation) (hereinafter referred to as: “GDPR“) and Act CXII of 2011 on the right to information self-determination and freedom of information.

If you do not agree with our Privacy Policy and do not wish to have your data processed, please do not use the Company’s Website and do not use the Services on the Website or the Company’s services.

The Data Controller reserves the right to update this Policy at any time and to publish the revised Policy via the Company’s website. Where possible, the Data Controller will notify you of any significant changes to the Policy.
The revised Policy will be effective immediately when the revised Policy is posted by the Company through the website and your continued access or use of the website after that date will constitute acceptance of the revised Policy.

The terms used in this Policy to provide information are those set out below in the GDPR:

Personal data: any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Data controller: the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by European Union or Member State law, the controller or the specific criteria for the controller’s designation may also be determined by European Union or Member State law;

Data processing: any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;

Recipient: the natural or legal person, public authority, agency or any other body to whom or with which the personal data is disclosed, whether or not a third party. Public authorities which may have access to personal data in the context of an individual investigation in accordance with Union or Member State law are not recipients; the processing of those data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing.

II. Controller of the personal data

  • NIX Tech Kft. (“Data controller”)
  • Registered office: H-1138 Budapest, Föveny utca 4-6. 5. em.
  • Represented by: dr. Benjámin Lajos Málik, Managing Director
  • Company registration number: 01-09-401461
  • Registering company court: Company Registry Court of the Budapest High Court
  • VAT number: 27870916-2-41
  • Our Data Protection Officer’s e-mail address: [email protected]
  • Hosting provider: AMAZON WEB SERVICES EMEA SÀRL, address: 38 AVENUE JOHN F. KENNEDY, L-1855 LUXEMBOURG, company registration number: B186284, VAT number: LU 26888617, web: aws.amazon.com, e–mail address: [email protected]

In addition to the email address of our Data Protection Officer, you can also send your requests and questions regarding the exercise of your data protection rights to [email protected].

We inform you that the Data controller will only process personal data that is necessary for the purpose for which it is processed and that is suitable for that purpose, bearing in mind the purpose limitation principle of the GDPR.

Data controller will process your personal data only to the extent and for the duration necessary for the purposes for which it is collected, in accordance with the principles of data minimisation and storage limitation in accordance with the GDPR.

III. Information for website users

During use, our website automatically collects the IP address of the computer used by the visitor and the start and, depending on the visitor’s computer, the browser type and operating system, as well as the geographical location of the visitor’s computer based on the IP address. The data collected in this way cannot be linked to any personal data and is used for statistical purposes only.

An IP address is a sequence of numbers that uniquely identifies users’ computers and mobile devices and is assigned to all devices connected to the internet. IP addresses can even be used to geolocate the visitor using a particular computer. The IP address identifies your browsing device and allows it to communicate with other devices. If the user can be identified through the IP address (either by the IP address alone or in combination with other information), the IP address may also be considered personal data. However, the Data Controller is not able to identify you on the basis of the IP address collected on its website and does not have a record of IP addresses. Consequently, you will not be identified via the IP address by the Data Controller.

In order to provide you with a personalised service, the web server provider places a data package, a so-called cookie, on your computer and reads it back during your subsequent visit, which the Data Controller uses to track certain information about you during your use of the Website/Service.

This information includes the elements you use, the response time of pages, the links you click on, the duration of visits to each page, the type, size and file name of attachments you upload to the Site, download errors, frequently used search terms, page interaction information, and interactive elements used to contact the Company.

Your device stores the cookie for a specified period of time. This allows the website you are visiting to remember certain data and settings for a specific period of time. Cookies themselves are not capable of identifying the user, they are only able to recognise the visitor’s computer.

The purpose of the processing of data related to the use of the website is: to distinguish users from each other, to identify users’ current session, to store the data provided during the session, to prevent data loss and misuse, to optimize the website and make it more user-friendly, in this context to compile statistics on user habits, to support the Company’s marketing and promotional activities, to improve the Website/Service and for other statistical purposes.

Legal basis for data processing: the data controller has a legitimate interest to distinguish users and prevent abuse [Article 6(1)(f) GDPR].
This data processing lasts until the end of the session.

While the legal basis for the processing of functional cookies, which are essential for the functioning of the website, is Article 6(1)(f) GDPR, cookies for statistical and marketing purposes are processed by our Company with the explicit consent of the website visitor (Article 6(1)(a) GDPR).

The recipients of the personal data are our employees working in the marketing and online.

For statistical and functional cookies that are not strictly necessary for the functioning of the website, the starting point of the data processing is when you allow the use of cookies when you visit the website and the end point is when you delete the cookies by changing your settings or when they expire, whichever is sooner. The lifetime of each cookie is set out in our separate cookie policy.

Anonymous information and aggregated data, none of which identifies you (directly or indirectly), may be stored by the Data Controller indefinitely.

If you would like to know more about your choices regarding these tracking technologies and how they are used, please read our updated Cookie Policy and decide accordingly on your consent to the use of cookies, which can be accessed via the link https://nixstech.com/cookie-policy/.

When you visit the website for the first time, the banner will prominently warn you that our website uses cookies, which you can choose to accept or decline in advance.

We also provide the possibility to set and change cookies when you use our website, and most browsers also allow you to manage, delete and disable cookies from a particular website.

Please note that data processing with your consent is voluntary, not based on law or contractual obligations, and not a prerequisite for entering into a contract. You are not obliged to provide your consent and data, but failure to do so may result in you not being able to use our website properly and/or to its full extent.

The Data Controller informs you that by using the website and by giving your consent to the use of certain cookies, you consent to the sharing of your personal data with third parties for the sole purpose of providing advertising, analytics, data management and processing, subject to all other terms and conditions of this Policy. Data Controller cooperates with third parties under an obligation of confidentiality.

Please note that you may withdraw your consent at any time, without prejudice to the lawfulness of the processing carried out on the basis of your consent prior to its withdrawal.

The Service on the Data controller’s website may contain links to other websites that are not operated by the Data controller. This Policy does not apply to the privacy policies and other practices of third parties, including any third-party websites or services that may be accessed through a link on the Service.

The Data Controller therefore strongly recommends that you review the privacy policy of each website you visit to protect your personal data.

The Data Controller has no control over and assumes no responsibility for the content, privacy policies or practices of third party websites or services.

IV. Information for the Company’s contractual partners

1. The purpose of the processing of personal data:

The purpose of data processing is the conclusion and performance of contracts with the Company’s clients, customers, suppliers, contractual partners and other third parties, and the maintenance of business relations.

The purpose of pre-contractual processing is to take steps at the request of the customer prior to the conclusion of the contract (including making an offer) pursuant to Article 6(1)(b) of the GDPR.

Following the conclusion of the contract, the purpose of the processing is the performance of the contract or the fulfilment of a legal obligation to which the data controller is subject, the legal basis being the performance of a contract or the fulfilment of a legal obligation pursuant to Article 6(1)(b) and (c) of the GDPR.

If the Data Controller wishes to use your personal data for any purpose other than those listed above, it will ask for your additional consent and will use your data only after you have given your consent and only for the purposes for which you have given your consent, unless the Data Controller is otherwise required by law.

2. Legal basis for data processing:

The legal basis for the processing of personal data of natural persons contracting with the Company and of natural person representatives of legal persons is the performance of the contract (Article 6(1)(b) GDPR). In this case, processing is also lawful if it is necessary to take steps at the request of the data subject prior to the conclusion of the contract. Before the data processing starts, the data subject must be informed that the processing is based on the performance of a contract, but the information may also be provided in the contract.

The Company processes the personal data contained in the tax and accounting documents related to the contracts for the purposes of fulfilling its legal obligations (accounting, taxation) (Article 6 (1) c GDPR).

The legal basis for the processing of data related to contracts is also the legitimate interest of the Company in the event of non-performance of the contracting partner to recover the performance and enforce its claims (Article 6 (1) f GDPR).

The Company and the contracting partner have a legitimate interest in the smooth performance of the contract, which requires regular contact and the possibility of continuous communication.

3. Scope of personal data processed by the Data Controller

The following data of the contracted natural person:

  • name
  • name at birth
  • date of birth
  • mother’s maiden name
  • address
  • tax identification number
  • VAT number
  • business license number
  • identity card number
  • address of registered office, place of business
  • phone number
  • e-mail address
  • website address
  • bank account number

When entering into a contract with a legal person client, the scope of the personal data processed in the case of representatives, contact persons, third parties:

  • name of the natural person
  • address of the natural person
  • phone number
  • e-mail address

4. Duration of data processing:

The period of storage of personal data is 1 year from the date of the last contact in case no contract has been concluded, and 5 years from the date of performance or termination of the contract in case of conclusion of a contract.

The period of storage of the data processed to fulfil tax and accounting obligations is 8 years after the termination of the contract.

5. The recipients of personal data:

The recipients of your personal data are employees performing tasks related to the servicing of partners, suppliers, customers, employees performing administrative, accounting and tax tasks. Your personal data may only be accessed by authorised employees of the Company.

Personal data may be transferred to the competent authorities or courts for the purposes for which they are processed.

The recipients of the personal data contained in documents for the fulfilment of tax and accounting obligations are the Company’s employees and data processors performing tax and accounting functions. The data will be transferred for processing to the person providing archiving and accounting services, who is currently SZULTZER Adótanácsadó és Könyvvizsgáló Korlátolt Felelősségű Társaság (registered office: 1116 Budapest, Szabadharcosok útja 4.).

The address data will be transferred to Magyar Posta and courier companies as data processors in the event of postal delivery.

V. Information for persons contacting the Data Controller for other reasons

If a natural person contacts our Company by e-mail, telephone, post or other means for a purpose other than those specified above, the Data Controller shall process the personal data of the data subject in connection with the enquiry, request for information or complaint.

Purpose of processing: answering queries, providing information, handling complaints

Legal basis for processing: consent of the data subject (Article 6(1)(a) GDPR)

The data subject’s full name, email address, telephone number, postal address and contact details may be processed for the purposes of responding to enquiries, providing information or dealing with complaints.

The above data will be deleted by our Company within 30 days after the purpose of the data processing ceases (after the inquiry has been answered or the complaint has been resolved). The data will only be processed by our Company’s employees who respond to information, requests or complaints, and will not be forwarded.

Please note that the provision of data is voluntary, the provision of data is not based on a legal or contractual obligation, it is not a prerequisite for the conclusion of a contract, however, the processing of personal data collected by the Company may be essential for answering the question / request / handling the complaint, so the failure to provide data may result in the Data Controller being unable to answer your request / question and handle your complaint.

Please note that you may withdraw your consent at any time, without prejudice to the lawfulness of the processing carried out on the basis of your consent prior to its withdrawal.

VI. Additional general information

1. Data processors

The Data Controller uses the services of the following data processors to process your personal data:

In relation to the operation of the website:

  • Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA);
  • AMAZON WEB SERVICES EMEA SÀRL (38 Avenue John F. Kennedy, L-1855 Luxembourg);
  • Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland);

In relation to training organised by the data controller and job applicants:

  • Moodle open source learning management system

2. Security and privacy incident management

The Data Controller will handle your personal data with care and will take all organisational and technical measures to ensure the security of your data in accordance with applicable law.

Accordingly, your personal data is protected from unauthorized access, alteration, disclosure, destruction or deletion, as well as accidental destruction and/or damage, or loss of accessibility due to technological change.

The Data Controller takes the following precautions to protect your personal data.

The Data Controller will transmit your personal data in encrypted form and store it on a secure server, with access restricted to authorised employees.

The Data Controller also has malware detection systems, provides cybersecurity-related training for certain employees and provides basic “cyber hygiene” training for all employees.

The Data Controller shall ensure that hardware, software, information technology systems and services are regularly reviewed and tested to identify vulnerabilities in the systems supporting the processing and that access is limited on a per data set basis to the attributes necessary to perform the operation.

In the event of a personal data breach, the Data Controller will, where required by law, inform you as soon as it becomes aware of the personal data breach. The Data Controller also keeps a record of all data protection incidents, all facts relating to the incident, their consequences and all measures taken to remedy them and, where required by law, reports to the Data Protection Authority.

3. Data transfers to third countries or international organisations

The Data Controller does not transfer data to third countries or international organisations. In the event of a transfer of personal data to a third country or an international organisation, the Data Controller will ensure that the safeguards set out in Chapter V of the GDPR are respected.

4. Your rights as a data subject

Right of access:

You shall have the right to obtain from the data controller feedback as to whether or not your personal data are being processed and, if such processing is ongoing, the right to access the personal data in accordance with Article 15 of the GDPR.

Right to rectification:

You have the right to have inaccurate personal data relating to you corrected by the Data Controller without undue delay upon your request, in accordance with Article 16 of the GDPR.

Right to erasure (“right to be forgotten”):

You have the right to have your personal data erased by the Data Controller without undue delay upon your request and the Data Controller is obliged to erase your personal data without undue delay if one of the grounds set out in Article 17 of the GDPR applies, namely:

  1. the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  2. you withdraw the consent on which the processing is based and there is no other legal basis for the processing;
  3. you object to the processing of your data based on legitimate interests and there is no overriding legitimate ground for the processing, or you object to the processing in connection with the sending of newsletters or invitations to events;
  4. the personal data have been unlawfully processed;
  5. personal data must be erased to comply with a legal obligation under Union or Member State law to which the data controller is subject

Right to restriction of processing:

You shall have the right to obtain, at your request, the restriction of processing by the data controller where the conditions set out in Article 18 of the GDPR are met, i.e. if one of the following is true:

  1. you contest the accuracy of the personal data, in which case the restriction applies for the period of time necessary to allow the data controller to verify the accuracy of the personal data;
  2. the data processing is unlawful and you oppose the erasure of the data and instead request the restriction of their use;
  3. the Data controller no longer needs the personal data for the purposes of processing, but you require them for the establishment, exercise or defence of legal claims; or
  4. You have objected to the data processing; in this case, the restriction applies for the period until it is established whether the controller’s legitimate grounds prevail over your legitimate grounds.

Right to data portability:

You shall have the right to obtain the personal data concerning you that you have provided to the Data controller in a structured, commonly used, machine-readable format and the right to transmit those data to another data controller without hindrance from the data controller to whom the personal data have been provided, if the data processing is based on consent or a contract and the processing is automated.
If you have any questions regarding the exercise of your rights as a data subject, please contact 
[email protected] or [email protected]. Upon your request, the Data Controller will act in accordance with applicable law.

Please note that if you do not authorise us to collect or process the required personal data or withdraw your consent to us processing it for the necessary purposes, you may not be able to access or use the Services for which we have requested your data.

5. Information on automated decision-making

No automated decision-making is carried out by the Data Controller.

6. Complaints, Data Protection Officer

If you have any questions or complaints about the way we handle the data we hold about you, please contact our complaints manager:

NIX Tech Kft., H-1138 Budapest, Föveny utca 4-6. 5. em., e-mail address: [email protected].
Your complaints will be handled in accordance with the relevant legislation.

The Company has also appointed a Data Protection Officer. Data subjects have the right to contact the Data Protection Officer in all matters concerning the processing of their personal data and the exercise of their rights. You can reach our Data Protection Officer via email at [email protected].

7. Right to legal remedy

If you experience unlawful processing, notify the data controller so that the lawful situation can be rectified within a short period of time.

If, in your opinion, the lawful situation cannot be restored, you have the right to lodge a complaint with the following authority, without prejudice to other administrative or judicial remedies:

National Authority for Data Protection and Freedom of Information

Postal address: H-1363 Budapest, Pf. 9.

Address: H-1055 Budapest, Falk Miksa utca 9-11.

Phone number: +36 (1) 391-1400

Fax number: +36 (1) 391-1410

E-mail address: [email protected]

URL: https://naih.hu

You, as the data subject, are also entitled to institute legal proceedings against the processing complained of before the competent court in the place where the Company has its registered office or where you, as the data subject, reside, in which case the court shall be acting out of turn.