The purpose of the present Policy is to establish the principles of data protection and controlling used by Graphisoft SE Private European Company Limited By Shares during the management of archicad-talk.graphisoft.com website (hereinafter: „Website”)and the company’s policies in data protection and controlling that the company as data controller accepts as bounding.
During the establishment of the present Policy the company particularly considered the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation or ”GDPR”), Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (“Privacy Act”) and Act V of 2013 on the Civil Code (“Civil Code”).
means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data controller or Controller:
the person determined by Section 3, who alone or jointly with others, determines the purposes and means of the control of personal data.
Personal data or data:
any data or information, based on which a natural person User can be identified, directly or indirectly.
the service provider who processes personal data on behalf of the Data controller.
a natural person, who requests an offer on the Website or subscribes to the newsletter, and therefore gives their personal data specified by Section 8.
3. The identity and activity of the Data Controller
Data controller is Graphisoft SE Private European Company Limited By Shares (registered seat: 1031 Budapest (Graphisoft park), Záhony u. 7.; company registration number: 01-20-000001).
Controller operates the Website with the purpose of sharing information between the participants of the forum operated by the Website regarding GRAPHISOFT Products.
4. The principles and the method of the data control, relevant laws
Controller performs the data control in accordance with the requirements of good faith, transparency and fair dealing, and in cooperation with the Users. Controller only controls the data determined by law or provided by the Users with the purposes set forth in the present Policy. The scope of the controlled Personal data is proportionate to the purpose of the controlling and cannot extend beyond it.
In every situation, when Controller wishes to use Personal data for a purpose different from the original purpose of the collection of data, Controller informs the User, obtains his or her consent, and provides the User with the possibility of forbidding the usage.
Controller does not inspect the provided Personal data. The person providing the data is exclusively responsible for the accuracy of the provided data.
Controller does not transfer the controlled Personal data to third parties other than the Processors listed in the present Policy.
Controller in certain cases (e.g. in case of official legal, police requests, legal procedure, violation of copyright, property or other rights or reasonable grounds to these, the infringement of Collector’s interests, the endangerment of the service providing etc.) makes the affected User’s Personal data available to third persons.
Controller notifies the affected User and all the third parties to which the data was transferred with the purpose of data control about the correction, restriction and erasure of the controlled personal data. The notification may be omitted if, taking into consideration the purpose of the Controlling, the legitimate interest of the User is not infringed.
Having regard to the relevant provisions of the GDPR, Controller is not required to appoint a data protection officer.
5. Legal base of the data controlling
Taking into account the characteristics of the Data controller’s activity, the legal grounds of the Controlling is in all cases the explicit consent of the User based on appropriate information. The Users voluntarily contact the Data controller, and voluntarily receive the services of the Controller. The Controller controls data without the consent of the Users, only if the law explicitly authorizes the controlling.
The User shall have the right to withdraw his or her consent at any time. The withdrawal of the consent shall not affect the lawfulness of data control based on consent before its withdrawal.
Controller collects the IP address of the User without the User’s explicit consent on accessing the websites connected to the provision of the services. The legal ground for the collection is the legitimate interest of Controller and the assurance of lawful provision of the services (e.g. in order to detect unlawful use).
Transfer of data to the Processors listed in the present Policy may be concluded without the explicit consent of the User. Transfer of data to third parties, in the absence of provisions of laws providing the contrary, shall only be concluded based on a final and binding decision of the authorities, or the particular preliminary consent of the User.
When the User provides the e-mail address and other Personal data (e.g. username, e-mail address) during the first contact the User assumes responsibility for that provided e-mail address and Personal data is only used by the User to receive the service. Taking into account the assumed responsibility, all of the liability in connection with the initiation of contact on the provided e-mail address, and/or with the provided Personal data is taken by the User registering the e-mail address and providing the data.
6. Objective of the processing
Controller shall only control personal data for the purpose which it was requested for and in order to exercise rights and discharge obligations. The data control corresponds the purpose of the control in every stage. The collection and control of data shall be concluded fairly and lawfully. The personal data shall only be controlled to the extent and in the period of time necessary to achieve the purpose.
The purpose of the control is mainly the operation of the Website, and the provision of the services of Controller.
According to the above mentioned the purpose of the controlling is:
7.Source of the data
- To identify the User and to communicate with the User;
- To comply with the obligations of Controller, or to exercise the rights of Controller;
- The protection of rights of Users.
Controller only controls personal data provided by the Users and does not collect data from any other sources. The provision of the data takes place during the registration of the User. The User during the registration provides his or her user name and e-mail and may upload a photo or may provide the following data:
8. The scope of the data controlled
- Social Media websites and contacts: (Skype, Facebook, Twitter, YouTube)
- ARCHICAD version used by the user
- ARCHICAD user since
- Operating System
Controller shall only control the personal data provided by the User, in addition, Controller controls technical data, including the IP address according to Section 10.
9. Description of the process of controlling
Controller only controls data according to the provision of data of the User. Therefore the source of the data is the User, who provides the data during the first communication. The User provides the data individually, Controller does not give any mandatory guidance, and does not have any requirements in connection with the content. The user specifically gives consent to the control of the data provided.
10. Controlling of technical data and cookies
The system of Controller automatically records the IP-address of the computer of the User, the start date of the visit and in certain cases, depending on the settings of the computer, the type of the web browser and the operating system. The data collected this way shall not be connected to the other personal data. The controlling of the data serves statistical purposes only.
The cookies enable the Website to recognise the previous visitors. The cookies help the Controller as the operator of the Website in optimising the Website and in constructing the services of the Website according to the habits of the visitors. The cookies are furthermore applicable to
- remember the settings, therefore the User does not have to record them again if he or she enters a new page,
- remember the data previously entered, therefore they do not have to be entered again,
- analyse the use of the website in order to operate according to the expectations of the User to the greatest extent possible, by the developments using the information collected and to facilitate the search for information by the User, and
- monitor the efficiency of our advertisements.
The User may adjust his or her browser to accept or to decline all cookies or to notify the User whenever a cookie arrives to the computer. These settings can usually be found under the “Options” or “Settings” of the browser. By declining the application of the cookies the User takes note that without the cookies the operation of the Website is not complete.
The detailed information that can be found on www.aboutcookies.org
in English also provides help regarding the cookie-related settings of the different browsers.
11. The transfer of data
Controller only transfers data to third persons if the User, being aware of the scope of data to be transferred and recipient of the transfer, gave consent, or the transfer is authorised by law.
Controller has the right and is obligated to transfer all the available and lawfully stored personal data to the competent authority if Controller is bound by the law or by a final and binding decision of the authority. For these kinds of transfer of data and its consequences the controller cannot be held liable.
Controller documents the transfers in all cases, and keeps record of the transfers.
Controller has the right to engage another processor for carrying out its activity. The processors do not make decisions individually, and are only authorized to operate according to the provisions of the concluded contract and the instructions of Controller. Controller monitors the activities of the processors. The processors may only engage sub-processors with the consent of Controller.
Controller lists the engaged processors in the present Policy.
Processors engaged by Controller:
The 2 Administrators and the 4 Global Moderators of the ARCHICAD-Talk.
13. Security and disclosure of personal data
Controller ensures the security of the personal data, implements the necessary technical and organisational measures and develops the procedural rules that are necessary for the implementation of the relevant laws and rules of protection of data and confidentiality. Controller protects the data with adequate measures against unauthorised access, alteration, transfer, public disclosure, erasure or destruction, the accidental destruction and damage, and unavailability resulting from the change of the applied technology.
Controller among the tasks relating to information technology protection ensures in particular:
14. The duration of data control
- The protection against unauthorized access, including the protection of software and hardware devices and the physical protection (access control, securing the network);
- Measures taken to enable the restoration of data files, including the regular backups and the separate and secure handling of the copies (mirroring, backups);
- The protection of the data files against viruses (anti-virus service)
- Physical protection of the data files and the storage devices including the protection against fire, water, lightning, and other natural disasters and the restoration of the data damaged in those disasters (archiving, fire protection).
Controller deletes the personal data if
a) the controlling is unlawful
b) the User requests the erasure (except for controlling based on the law);
c) the data is incomplete or incorrect, and cannot be lawfully corrected, given that the erasure is not prohibited by the law;
d) the purpose of the controlling has ceased, or the statutory deadline of the storage of the data has passed;
e) it was ordered by the court or the Hungarian National Authority for Data Protection and Freedom of Information
Erasure of the registration and of the User’s Personal data may be requested by the User at the firstname.lastname@example.org
The erasure may be denied (i) in order to exercise the right to the freedom of expression and the right to be informed, or (ii) if the controlling of the personal data is authorized by the law; and (iii) in order to submit, enforce or protect legal claims.
As Controller provides continuous service for the User, the connection between the parties is not subject to any deadlines. According to the above mentioned, in default of the request of the User, Controller controls the data until the connection between Controller and the User exists, and until Controller may provide services for the User.
Personal data will be deleted by Controller if it is obvious that the data will not be used in the future, therefore the purpose of the controlling ceased.
Instead of the erasure, along with providing information to the User, Controller blocks the data, on the request of the User, or if according to the information available, presumably the erasure would violate the legitimate interests of the User. The data blocked via this method can only be controlled until the purpose of the controlling that precluded the erasure of the personal data exists. Controller marks the personal data if the User debates its correctness, but the incorrectness or inaccuracy of the personal data cannot be ascertained beyond doubt.
In case of controlling based on the law, the provisions of the law are applicable to the erasure of the data.
In case of erasure Controller makes the data unidentifiable. If the legislation requires, Controller destructs the data carrier on which the personal data is stored.
15. Rights of the User and exercising the rights
Controller informs the User about the Controlling at the time of the collection of data. Besides that the User has the right to request information about the controlling at any time.
Upon the request of the User Controller informs the User about the User’s data controlled by Controller and by the Processors mandated by Controller, about the source of the data, the purpose, the legal grounds and period of the Controlling, the name, address and controlling related activity of the Processor, and about the circumstances and effect of the personal data breach along with the steps taken for the prevention. Furthermore in case of the transfer of the Personal data of the User Controller also provides information about legal grounds and recipient of the transfer. Controller is obliged to provide the information as soon as possible, but in any event not later than 25 days from the filing of the request. On the request of the User the information must be provided in writing. The information is free of charge if the requester has not filed a request for information in the current year. In any other case a reimbursement may be determined. The paid reimbursement must be refunded if the data was controlled unlawfully or the request led to the correction of the data.
The User may request his incorrectly stated data to be corrected by Controller. If the data to be corrected is the basis of regular reporting, Controller informs the recipient of the reporting if necessary, and raises the attention of the User, that the correction has to be initiated with other controllers as well.
The User, except for in cases of controlling provided by the law, may request the erasure of his or her Personal data. Controller informs the User about the erasure.
The User may object to the controlling of his or her personal data according to the Privacy Act.
The User may file the request for information, correction and erasure in writing in a letter addressed to the seat or premises of Controller, or in an e-mail sent to the address of Controller: email@example.com
The User may request the restriction of the Controlling of the Personal data of the User, if he or she debates the correctness of the controlled Personal data. In this case the period of the restriction is limited to the period of time that enables the Controller to inspect the correctness of the Personal data. Controller marks the piece of controlled Personal data, if the User debates its correctness or accuracy, but the incorrectness or inaccuracy of the debated Personal data cannot be ascertained undoubtedly.
The User may also request the restriction of the controlling of User’s Personal data from Controller if the controlling is unlawful, but the User objects to the erasure of the Personal data, and requests the restriction instead of the erasure.
Furthermore the User may request the restriction of the controlling of User’s Personal data from Controller if the purpose of the controlling is achieved, but it is necessary for the User that the Personal data stays controlled by Controller in order to submit, enforce or protect legal claims.
The User shall have the right to receive the Personal data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
If Controller does not execute the request for correction, erasure or block of the User, Controller informs User in writing in 25 days after the reception of the request about the reasons of the denial of the request for correction, block or erasure. In case of the denial of the request for correction, block or erasure, Controller informs the User about the judicial remedies and the possibility of turning to the Hungarian National Authority for Data Protection and Freedom of Information.
The User may make the above mentioned necessary declarations in connection with the exercise of the User’s rights by the contact information of Controller stated in section 2.
The User may submit a complaint directly to the Hungarian National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; phone number: +36-1-391-1400; e-mail: firstname.lastname@example.org
; website: www.naih.hu
) as well. The User in case of the infringement of his or her rights has the right of access to a court according to section 22 subsection 1 of the Privacy Act. The municipal court has jurisdiction to decide the cases. The User, as per his or her own decision, may pursue an action before the court of the domicile or the place of residence. On the request of the User Data controller informs the User about the possibility and the tools of legal remedies.
Data controller reserves the right to modify the present Policy with a unilateral decision at any time.
The User with the next entering to the Website accepts the provisions in force at a given time of the Policy. Requesting the consent of the Users individually is not necessary.