Privacy Policy
-
Introduction
Thank you for your interest in Deltaray and our Services, including, but not limited to our software applications, APIs, and website (collectively, the “Service” or “Services”). If you provide Deltaray with personal data via our websites, the following Privacy Policy is to inform you how Deltaray processes your personal data which is subject to the EU General Data Protection Regulation (Regulation (EU) 2016⁄679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC – hereinafter referred to as „GDPR”) This Privacy Policy shall be valid for all websites (“Website”) and all software and all services operated by Deltaray.
Deltaray respects your privacy and is committed to protecting your personal data. This Privacy Policy will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you. If you disagree with the content of this Privacy Policy, please don’t use this site or our Services.
Due to changes in the relevant legal regulations, our Privacy Policy may have to be updated or amended, of which we will notify you. If your consent is inevitably required for any such update or amendment, we will ask for your consent to data processing again.
-
Purpose of this Privacy Policy
This Privacy Policy aims to give you information on how we collect and process any of your personal data that we receive, including any data you may provide through this website when you register, use our Service, sign up to our newsletter, purchase or enquire about a product or service, register for our events and webinars, contribute in our open-source community, apply for a job opening, or take part in a competition or that we may collect as part of a service we offer you under a separate contract.
This Website and our Service are not intended for children, and we do not knowingly collect data relating to children.
It is important that you read this Privacy Policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Policy supplements the other notices and is not intended to override them.
Within the meaning of the relevant legal regulations, our data processing activities comply with the data protection principles set forth in GDPR, according to which personal data shall be
- processed lawfully, fairly, and, in a transparent manner in relation to the data subject (‘lawfulness, fairness, and transparency);
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR, subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
We, as data controllers, shall be responsible for, and be able to demonstrate compliance with the above-mentioned requirements (‘accountability’).
-
The data controller and its contact details
Personal data are collected on our Services by Deltaray Research Ltd., which is registered under the Hungarian (EU) law EU VAT: HU32550762 and business registration number: 01-09-430113 kept by the Hungarian National Tax and Customs Administration. Please find our contact details further below in this Privacy Policy.
In the event of any further restructuring of our corporate background, we will keep you updated!
-
Consent to our data processing
By registering to our Services or filling in a contact form on our Website, You agree and accept that we gather, process, store, and/or use your Personal Data submitted in accordance with the rules set forth below in this Privacy Policy, except those cases where your consent is not requested due to the legal grounds described in this Privacy Policy.
By giving your consent to us, you also retain the right to have your personal data rectified, to be forgotten, and/or to be erased.
- Collected personal information
As do most pages on the Internet, we collect various information from you when you use our Service. Please note that by using our Website, you are granting us permission to use, transfer, store, etc. your Personal Data under the following terms and purposes until revocation.
We collect all Personal Data that you directly provide on our Website, and we also collect Personal Data from you as a User of our Service. However, by using or visiting our Website, some Personal Data is automatically collected.
-
Personal Data we collect about you
Personal Data or personal information means any information about an individual from which that person can be directly or indirectly identified. It does not include data where the identity of the data subject has been removed (anonymous data).
We may collect, use, store, and transfer different kinds of personal data about you which we have grouped as follows:
Identity Data includes first name, last name, username or similar identifier (e-mail), Google or GitHub login data
Contact Data includes billing address, delivery address, and email address.
Financial Data includes bank account and payment details.
Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
Technical Data includes internet protocol (IP) address, your login data, browser type, and version, time zone setting, and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses.
Usage Data includes information about how you use our website, products, and Services.
Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We also collect, use, and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We do not collect any Special Categories of Personal Data about you. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data).
-
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
-
On which legal grounds do we process your personal data?
Personal data are processed for different purposes and on different legal grounds, about which, please, find further details below:
Name of categories (groups) | Purpose of Data Processing | Legal Ground | Set of the Personal Data Processed | Duration of Data Processing |
---|---|---|---|---|
Identity Data | Registration on our Website | The data subject’s consent | First name, last name, username or similar identifier (e-mail), Google and GitHub login data | Until the registration is canceled, i.e. until consent is withdrawn |
Contact Data | To provide information, enforce legal claims, and manage consumer rights in relation to orders, purchases, and the performance of a contract | Conclusion of the contract | Billing address, delivery address, and email address | General limitation period of 5 yrs + 1 year following the last purchase |
Invoice data | To issue invoices (e-invoicing) | Data processing ordered by law | Credentials, name, billing address, e-mail address | A period set by law, but no longer than 10 years |
Financial Data | To store the order history | Data processing ordered by law | Includes bank account, credit or debit card, and payment details | A period set by law, but no longer than 10 years |
Transaction Data | To store the order history | Conclusion of contract and data processing ordered by law | Includes together the Invoice Data, Financial Data, Contact Data, and the purchased products and services details | A period set by law, but no longer than 10 years |
Marketing and Communications Data | To keep contact, to set marketing and communication preferences | The data subject’s consent | Contact details, your preferences in receiving marketing from us and our third parties, your communication preferences, behavioral profile, other derived data | Until the withdrawal of consent |
Profile Data | To process user requests and handle complaints, record orders, maintain/upgrade the quality level of the service, adjust/increase service level | Conclusion of the contract and our legitimate interest | Username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses | 1 year as regards data on handling complaints; a general limitation period of 5 years + 1 year in respect of order details |
Technical Data | To protect our IT system | Our legitimate interest in IT security | Includes internet protocol (IP) address, your login data, browser type, and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website. | 5 years |
Usage Data | To protect our IT system | Our legitimate interest in IT security | Includes information about how you use our website, products, and services. | 5 years |
-
Data processing
All data recorded on our servers are processed by us as data controllers. It means that we define the intended purpose of personal data and the tools of data processing, and we are responsible for the compliance of processing.
In most cases, your data are processed for our own purposes. In such cases, your data are transferred to our business partners so that you are provided with a payment facility, delivery, and all other conditions underlying the fulfillment of your order. Your data are also transferred to our own data processors, who process your personal data in line with our clear instructions. Based on your consent, your data may also be transferred to social media and advertising sites that will provide you with customized advertisements based on your interests.
Our data processors:
Name | Contact Details | Data Processing Activity |
---|---|---|
Hetzner Online GmbH | Industriestr. 25 91710 Gunzenhausen, Deutschland; [email protected] | Web- and cloud hosting service, backup |
Cloudflare, Inc. | 101 Townsend St. San Francisco, CA 94107; [email protected] | Trust and web safety services |
MailerLite Limited | Ground Floor, 71 Lower Baggot Street, Dublin 2, D02 P593, Ireland; https://www.mailerlite.com/support | E-mail marketing |
Stripe Payments Europe Limited | 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland; [email protected] | Payment services |
Zoho Corporation B.V. | Beneluxlaan 4B 3527 HT UTRECHT The Netherlands; [email protected] | Ticketing system |
Trampoline Software SRL. | Rue de Marsannay-la-Côte Mazy 16 5032 Gembloux Belgium; [email protected] | contact forms |
Microsoft Ireland Operations Limited | One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.; https://www.microsoft.com/hu-hu/concern/privacy | Azure - Authentication Service |
Zapier, Inc. | 548 Market St. #62411, San Francisco, CA 94104-5401; [email protected] | Database automatization |
Billingo Technologies Zrt. | 1133 Budapest, Árbóc utca 6., Hungary; [email protected] | Invoicing services, generating and sending invoices |
Brevo (Sendinblue SAS) | 106 Boulevard Haussmann, 75008 Paris, France [email protected] | E-mail marketing, transactional mails |
Mixpanel | Mixpanel, Inc. One Front Street, 28th Floor San Francisco, CA 9411, USA [email protected] | User behaviour analytics |
Use of Google Analytics
Our Services uses Google Analytics, a web analytics service provided by Google Inc ("Google"). Google Analytics uses so-called "cookies", text files that are saved on the user's computer to help analyze the use of the website they have visited. The information generated by the cookie about the website used by the user is usually transmitted to and stored by Google on servers in the United States. By activating the IP anonymization on the website, Google will previously shorten the IP address of the user within the Member States of the European Union or in other states party to the Agreement on the European Economic Area. The full IP address will be transmitted to a Google server in the US and shortened there only in exceptional cases. Google will use this information to evaluate how visitors use our Services, to compile reports on website activity for us, and to provide us with additional services relating to website and service use. Google Analytics does not associate the IP address transmitted by the browser of the website visitor with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this, you may not be able to use the full functionality of our Services. You may also prevent Google from collecting and processing information about your use of the website (including your IP address) using cookies by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=hu. We also use Google Analytics to analyze the traffic on our websites for system development purposes. In this case, no personal data is collected. Such data will be shared with other Google services for development purposes.
In case a processor is involved, pursuant to Article 28 of GDPR, processing by such a processor shall be governed by a written contract, of which we shall notify you.
Your personal data are stored on servers within the borders of the EEA (European Economic Area, i.e. the EU plus Iceland, Norway, and Lichtenstein) or in the US under the DPA Principles complies with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF as set forth by the U.S. Department of Commerce.
Our data processors in the US are certified by the U.S. Department of Commerce and adhere to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program and to view the list of the certified partners, please visit https://www.dataprivacyframework.gov/.
We will notify you of any possible international data transfer and, where necessary, will ask for your express consent thereto.
-
Use of cookies (Cookie information)
We use cookies to personalize content and advertising, to provide social features, and to analyze our website traffic. In addition, we share your website usage data with our social media, advertising, and analytics partners, who may combine the data with other data you have provided to them or collected from other services you use.
Cookies are small text files that a website can use to make your user experience more effective. By law, we may store cookies on your device only if it is strictly necessary for our Services to work. We need your permission to use any other type of cookie. This Service uses a variety of cookies. Some of the cookies that appear on our website are placed by our third-party service providers.
We do not use or allow cookies on the Website that result in third parties collecting data without the user's consent.
We only use cookies that clearly identify what data is processed through the cookie, for what purpose and to which third party, if any, data is collected.
Cookies that store data recorded by the user/website visitor, authentication session cookies, user-centric cookies, multimedia player session cookies, load balancing session cookies, and session cookies for user interface customization (collectively, session cookies) require prior information to the data subject but do not require the data subject's consent. In the case of other cookies, the prior consent of the data subject must be obtained.
Uses “session cookie” (https://www.webopedia.com/TERM/S/session_cookie.html) to track the ID of the current session initiated by the user and a JWT token. The JWT token encapsulates the ID and login name of the user and is used solely for authentication and authorization purposes by the backend. Session cookies are kept in memory and automatically erased upon closing the browser window.
-
Third-Party Cookies
In some special cases, we also use cookies provided by trusted third parties. The following subsection details which third-party cookies you might encounter on this site.
This site uses Google Analytics, which is one of the most widespread and trusted analytics solutions on the web to help us understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit, so we can continue to produce engaging content. For more information on Google Analytics cookies, see the official Google Analytics page.
We also use social media buttons and/or plugins on this site that allow you to connect with your social network in various ways. For these to work, the following social media sites, including LinkedIn, Twitter, and Facebook, will set cookies through our site, which may be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies.
Readers of our blog posts can provide comments via the embedded Disqus service, which uses its own Cookies. (Disqus cookie policy: https://help.disqus.com/user-profile/use-of-cookies)
-
Transfer of personal data to authorities
In case of an official court order or investigation of an authority, we may disclose the personal data stored by ourselves and requested by the authority or court on grounds of point c) of Article 6 (1) of GDPR, provided the authority or court duly refers to the legal basis of such data transfer. On condition that the exact purpose and set of data are referred to in the relevant request, the data controller will only disclose personal data in a number and to an extent to any court or authority that is absolutely indispensable. Prior to rendering any data to a court or authority, we will first examine whether all the conditions of such an act are in place, and if they are, we will satisfy the relevant request.
-
Security of personal data
We select and operate the IT devices used in processing personal data in a way that (i) they are accessible for the authorized (availability); (ii) the authenticity and authentication thereof are ensured (authenticity); (iii) their being unreplaced is verifiable (integrity); (iv) they are protected against unauthorized access (confidentiality).
We implement appropriate technical and organizational measures to protect the security of personal data that ensures a level of security appropriate to the risk arising in relation to personal data storage and, in the course of processing, preserves (i) confidentiality: prevents unauthorized access to or use of personal data; (ii) integrity: protects the accuracy and completeness of the information and the method of processing; (iii) availability: ensures that the authorized user, when in need, can really access the requested information and the underlying devices supporting this act are in place.
The IT system and network of data controllers are protected against computer-aided fraud, spying, sabotage, vandalism, fire, and flood, as well as different types of computer viruses, computer hacking, and attacks leading to service denial. The data controller ensures security by using server-level and application-level protection.
In case of a personal data breach, we take all the measures required by the GDPR, cooperate with you, and declare to have an appropriate policy in place for the management of such breaches.
-
Legal remedies
To be able to exercise the below rights, please, contact us via our contact form. You have the right
(i) to obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data (right to access within the meaning of Article 15 of GDPR),
(ii) to obtain the rectification of inaccurate or the completion of incomplete personal data (right to rectification within the meaning of Article 16 of GDPR),
(iii) to obtain from the controller the erasure of personal data concerning you without undue delay and, where your personal data have been made public, to request the controller to inform controllers that are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data (right to erasure within the meaning of Article 17 of GDPR)
(iv) to obtain from the controller restriction of processing (right to restriction of processing within the meaning of Article 18 of GDPR, Privacy Act);
(v) to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data has been provided (right to data portability within the meaning of Article 20 of GDPR),
(vi) to object to the processing of the personal data concerning you (right to object within the meaning of Article 21 of GDPR),
(vii) to withdraw your consent at any time, which, however, shall not affect the lawfulness of processing based on consent before its withdrawal (right to withdraw consent within the meaning of Section (3) of Article 7 of GDPR),
(viii) to lodge a complaint with a supervisory authority if you consider that the processing of your personal data infringes the relevant Regulation (right to lodge a complaint with a supervisory authority within the meaning of Article 77 of GDPR).
You may unsubscribe from our newsletter service by clicking on the link at the bottom of each newsletter, or you have the right to withdraw consent to marketing at any time by [email protected].
All your requests on how to exercise your rights in relation to data processing will be handled without delay, but no later than within one month. In exceptional cases, in particular your request proves to be complex, we reserve the right to extend this period by two more months. We will certainly notify you of any such extension and our reasons therefor. Within the meaning of your right to access, you may request copies of your personal data processed. The first copy will be provided free of charge, whereas we may charge you for all further copies.
This Privacy Policy is governed by the relevant Hungarian and EU law. You have the right to lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (1055 Budapest, Falk Miksa utca 9-11, postal address: 1363 Budapest, PO Box.: 9., tel: +36 (1) 391-1400, email: [email protected], website: www.naih.hu) on our processing activity and to initiate proceedings for judicial remedy before court against us. Proceedings for judicial remedy may be initiated before a court as per your temporary or permanent address. If we cause you damage by unlawfully processing your personal data or infringing the data security requirements, we shall be held liable to pay you compensation.
Deltaray Research Ltd.
Last Modified: 2024-09-28