Microsec Ltd. (registered seat: H-1031 Budapest, Záhony str. 7. Building D, Hungary, as the developer and owner of the PassBy[ME] product hereinafter referred to as Microsec), as data controller, considers itself bound by this legal statement. Microsec undertakes that its data management complies with the requirements specified in this Privacy Policy and the applicable law.
This Privacy Policy with respect to the website www.passbyme.com and the authentication service rendered by Microsec is available on the www.passbyme.com website.
Microsec reserves the right to modify this Privacy Policy any time and to issue a corresponding statement of the modifications on www.passbyme.com.
Users having any issues which this legal statement does not answer unambiguously are required to write to us so that our colleague could get back to them shortly. As committed Microsec is to maintain the highest standard with respect to its services, it cannot be held liable for any damages subsequent to the use of its system.
Microsec is committed to the protection of the personal data of its partners and the users. Microsec attaches high priority to the recognition of the rights of its customers and to the processing of their data. Microsec considers the personal data as confidential and makes every effort to implement the necessary safety, technical and organizational measures to ensure their protection.
In this Privacy Policy Microsec describes its data controlling principles and presents the requirement it had specified and which Microsec as data controller abides by. Microsec confirms that its data controlling principles are in compliance with the applicable law and regulation in terms of personal data protection.
applicable law: shall mean the law of Hungary;
blocking the data: making impossible terminally or temporarily the transmission, recognition, disclosure by transmission, alteration, modification, deletion, erasure, alignment or combination and use;
consent: shall mean any freely given specific and informed indication of his or her wishes by which the data subject signifies his or her agreement to personal data relating to him or her being processed fully or operation-specifically;
data controller: in general, data controller means the natural or legal person, public authority, agency or any other body which determines the purposes of the processing of personal data (including the instruments used for this purpose) and makes and executes the decisions on data processing or have them executed by an assigned data processor, under this Privacy Policy the data controller shall mean the Microsec Ltd, as the developer of the PassBy[ME] except otherwise set in this Privacy Policy;
data control: shall mean any operation or set of operations such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction or preventing the further use of such data. The taking of photos, sound and video recordings and the recording of physical characteristics that can be used for the identification of a person (e.g. fingerprint or handprint, DNA sample, iris scan) are regarded as data handling as well;
data processor: data processor shall mean a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
data subject: shall mean any natural person directly or indirectly identifiable by reference to specific personal data;
data transmission; the disclosure of the data by transmission to specified a third party;
destruction of data: the total physical destruction of the data or the data storage media containing the data;
erasure of data; making the data unidentifiable to the effect that it cannot be retrieved;
personal data: the any information relating to an identified or identifiable natural person (hereinafter referred to as data subject) and any reference drawn from such information related to the data subject. Personal data shall be treated as such in the course of data processing as long as its connection to the data subject can be restored. A person is considered identifiable especially if he/she is directly or indirectly identifiable by his/her name, identity code or a number of physical, physiological, mental economical, cultural or social identifying factors;
objection: a statement of the data subject in which he/she expresses his/her disapproval of the processing of his/her personal data and requests the termination of the data processing and the destruction of the processed data;
processing of data: the execution of the technical works relating to data control, independent of the methods and instruments used for the execution of such operations and the location of the works;
publishing the data: making the data available to the general public;
third country: third country shall mean all countries which are not members of the European Economic Area.
third party: third party shall mean a natural or legal person, public authority, agency or body other than the data subject, the data controller, or the data processor;
All other terms used in this Privacy Policy but not defined herein specifically shall bear the meaning set in the PassBy[ME] Terms of Use.
Personal data can be controlled if (i) the data subject consents to it; (ii) it is required by the provisions of the law or the regulations of the local government, pursuant to and in the extent of a statutory authorization.
The consent of the legal representative of an incompetent person or a minor with partial capacity is not required for their consent to be valid because this statement is generally concluded in large numbers and does not require special consideration (under the Article 2:14 § (2) of the Act V of 2013 on the Civil Code).
Personal data must be controlled for a specified purpose of exercising one's right or fulfilling one's obligations. Data control must comply with this purpose at all stages.
Data controller is entitled to control only the personal data essential and appropriate for the execution of the purpose of data control and to the extent and period necessary for it.
Personal data can only be controlled with the specific consent of the data subject, based on sufficient information.
The data subject must be informed in a transparent, detailed and understandable way of all the facts relating to the control of his/her personal data, and especially of the purpose and legal grounds of the data control, the person entitled to process these data, the period of data control and the people who can access their data. This information must include the rights and the available legal remedies of the data subject with respect to the data control.
The controlled personal data must comply with the following requirements: (i) recording and controlling processes shall be carried in a fair and lawful way; (ii) the data are accurate, complete and up-to-date, if necessary; (iii) data storage allows the identification of the data subject only to the period necessary for the storage of the data.
Personal data may only be transmitted and different data controls may only be aligned if the data subject consents to it or if it is permitted by law and the principles of data control are invariably complied with, regarding each part of the controlled personal data.
Personal data may only be transmitted from the country to a data processor or data controller from residing in a third country – irrespective of the data storage media or the method of transmission, if the data subject explicitly consents to it or if it is permitted by law and if the adequate standard of protection is ensured in the third country for the control and processing of transmitted personal data. The transmission to countries of the European Economic Area shall be considered equal to transmissions within the area of Hungary.
The servers of the website of PassBy[ME] service are placed to a location in control of the Microsec Ltd.
Microsec chooses and operates the technical instruments applied throughout its services for the purpose of data control that the controlled data remains (i) available to the entitled entities (availability); (ii) authentic and verifiable (authenticity of data control); (iii) data integrity (iv) protected against unauthorized access (confidentiality of data).
The technical, organizational and structural measurements implemented by Microsec to ensure the safety of data control provide an adequate standard of protection against the threats arising in relation to the data control.
In course of its data control, Microsec retains (i) secrecy by means of protection the information from any unauthorized access; (ii) integrity by means of protecting the accuracy and totality of the information and its processing method; (iii) availability by means of enabling the authorized users to access the required information if needed and provides them all the instruments necessary for this purpose.
The system and network is protected against computer assisted frauds, spying, sabotage, acts of vandalism, fire and flood as well as viruses, computer break-ins and attacks resulting in refusal of operation. The operator provides maximum safety through system-level as well as application level protective proceedings.
Microsec warns that the electronic messages transmitted on the internet irrespective of the protocols (e-mail, web, ftp, etc.) are vulnerable to threats of the network which result in dishonorable conduct, the contesting of the agreement, disclosure or modification of information. Microsec makes its best effort in its power to protect the data from these threats. Microsec monitors the systems in order to record all anomaly in the security and to collect all evidence in case of each security event. This monitoring of the system also enables it to control the effectiveness of the implemented safety measures.
The control of personal data of the data subject within the scope of the services is based on the free consent of the data subject.
The www.passbyme.com website controlled and maintained by Microsec is free to visit without providing any personal information. Microsec may place a little data package, a so called “cookie” on the visitor computer in accordance with the Cookie Policy posted in the www.passbyme.com website to enable its customized services in order to preserve the settings saved on the visitor’s browser. Visitor may delete these cookies from its computer or adjust the settings of the browser to disable the receipt of cookies. The source code of the website of PassBy[ME] may contain links from or links to an external server which server might support the independent auditing of the attendance of the websites and the web analytical data (for example: Google Analytics). Microsec who is operating/controlling these external servers cannot access to personal data, since Microsec only discloses the aggregate data to them. Further information on the control of these data is obtainable from the external service provider whose contact details are available under the website.
In the course of the visit to the www.passbyme.com website, Microsec may register the visitor’s IP address, during the time of the visit for technical reasons and for the purpose of compiling users statistics.
In the course of the PassBy[ME] service provided by Microsec, the personal data of the users are usually not stored. However, in the course of the PassBy[ME] service the following data supplied on the user interface of the Client or stored by the Client may be transmitted to the PassBy[ME] service for the purpose of activation of the service, transaction safety (fraud prevention) or for tracking the service of the user: name of the mobile device, username, e-mail and (optionally) cell phone number. These personal data are stored by Microsec during the terms of PassBy[ME] service.
Microsec enables anyone to subscribe to its PassBy[ME] newsletter service by supplying an e-mail address. Within the scope of the PassBy[ME] newsletter service, Microsec informs the users subscribed to this newsletter service on the latest information concerning the PassBy[ME] services, and news. The content of these newsletters may vary according to the data provided by the users. Microsec also enables to unsubscribe from the newsletter services. The PassBy[ME] newsletter may contain business information, sometimes offers from other companies associated with the same shareholder as Microsec or from the partners of Microsec.
Microsec may be contacted by e-mail or by call giving the name, and e-mail address. Contacts are available on the www.passbyme.com website.
PassBy[ME] support service is also available by telephone or e-mail on the contacts given on the www.passbyme.com website. The support service may record and file all incoming telephone calls. PassBy[ME] support service may ask for the consent of the users to record their name, e-mail address. PassBy[ME] support service stores the subsequently recorded data for a maximum five (5) years.
Any data control process not detailed herein shall be described in the course of the recording of the data.
Microsec may be required to disclose information, transmit or disclose data or submit documents by court, public prosecutor or authorities where such data control shall be carried out in accordance with the respective legal requirement. Microsec transmits personal data to the extent and in the amount essential to the fulfillment of the request of the authority – if the lawful request of the authority includes the exact purpose and the scope of required data.
Name: Microsec Ltd.
Address: H-1031 Budapest, Záhony str. 7. Building D, Hungary
E-mail: info[at]passbyme[dot]com
Trade registration number: CG. 01-10-047218
VAT number: 23584497-2-41
EU VAT: HU23584497
Registered data control code: NAIH-80066/2014.
The data subject is entitled to require information on the control of its personal data as well as the correction or erasure of its data, with the exceptions regulated by law, in the way specified at the registration or by contacting the customer service.
Upon the request of the data subject, Microsec as data controller shall inform the data subject of the data controlled by Microsec, the purpose of the legal ground, period of the data control, the name, address (seat) of the data processor and of its activity with respect to the data processing, of the purpose of data transmissions and the entities obtaining these data. Microsec shall provide this information in a written form without delay and free of charge, at least thirty (30) days from the receipt of the corresponding request. Microsec may charge the requesting party with a fee set by Microsec if the requesting party applies for data request with respect to the same field of data in the same calendar year.
Microsec erases the personal data if its control is against the law, if the data subject requests it, if the purpose of data control ceases to exist, if the deadline of the data storage stipulated by law has expired, or if the court or the data protection authority ordered it to be erased.
Microsec notifies of the correction or erasure of the data the data subject and all the concerned parties whom the data had previously been transmitted. Such notification may be omitted if it does not infringe the rights of the data subject with respect to the purpose of the data control.
The data subject may object against the control of his/her personal data if (i) the control (transmission) of the personal data is only used to serve the right or legal interest of the data controller or the party receiving the data, except the cases when the data control is required by law; (ii) the use or transmission of the data serves direct marketing purposes, public opinion surveys or scientific researches; (iii) the law enables the data subject to practice his/her right to express his/her objections.
Microsec shall suspend the data control and examine the objection without delay, within fifteen (15) days from the receipt of such request and notifies the data subject from the result of the examination in writing. If the objection is deemed to be substantiated, the data controller ceases the data control, including any further data recordings and data transmissions, blocks the data and notifies of the objection and of the measurements implemented, every party whom the data affected by the objection had been transmitted to and who are required to implement measurements for the fulfillment of the rights of obligation.
Should the data subject disagree with the decisions of the Microsec concerned, he/she may apply to a court against it within thirty (30) days from the declaration of such objection.
Microsec is not entitled to erase the data of the data subject if the data control is required by law. Nevertheless, the data can not be transmitted to a third party if the data controller agrees with the objection or the court ruled the objection to be valid.
The data subject may apply to court against the data controller in case of the infringement of his/her rights. This appeal shall be given priority in court.
Microsec shall be held liable for the damages caused by unlawful control of the data of the data subject or the infringement of the requirements of data control. The data controller is exempt of the liability if the damage was caused by a ‘force major’ outside the scope of its data control.
Damage shall not be compensated for to the extent that it originates from the intentional or grossly negligent activity attributable to the aggrieved person.
Complaints with respect to the data control processes carried out by the Microsec may be addressed to the court or to the data protection authority below:
Name: Hungarian National Authority for Data Protection and Freedom of Information
Seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
Mail address: 1530 Budapest, Pf.: 5.
Telephone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat@naih.hu