Legal Notice

Legal Notice

1.Purpose

Information on data processing related to the www.capsys.hu and the www.capsys-europe.com/ websites controlled by Capsys Ltd.

Capsys Ltd., in its capacity as the right holder of the www.capsys.hu and the  www.capsys-europe.com websites, acts as data controller in respect of the data processing related to the respective websites. When you visit the website – and in other cases, depending on the activities that you perform on the website (e.g. contact) – your personal data will be processed through short text files, known as cookies, related to the functioning of the website. Below you find the information related to the processing of your personal data.

2.Data processing

2.1.Data Controller's data
  • company name:               CAPSYS Informatics Limited Liability Company
  • registered office:            H-1037 Budapest, Montevideo utca 7, 2nd floor, Hungary
  • company registration number:              01 09 672943
  • telephone number:       +36 1 436 7230
  • e-mail:                                 capsys@capsys.hu

Hereinafter: Data Controller or Capsys Ltd.

2.2.Principal laws applied in the course of the data processing

Principal laws related to the operation of the website and applied in the course of the data processing:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data;
  • Act V of 2013 on the Civil Code; Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: Info Act; Data Protection Act);
  • Act VI of 1998 on the ratification of the Strasbourg Convention of 28 January 1981 on the Protection of Individuals with regard to Automatic Processing of Personal Data and Regulation

3.Range of data involved in the data processing

3.1 Session ID, cookies

When the user visits the website, the start and end dates of the visit by the user and, in certain cases – depending on the settings of the user's computer – the type the browser, operating system and IP address, are automatically recorded. These data are used for the automatic generation of statistical data. The data are not connected with personal data.

When you log in, the website sends a session ID, i.e. a code for identifying your computer, and while you browse the website, files containing text or numeric identifiers (cookies) are also placed on your computer.

For the purpose of operating the website, we use two forms of cookies, i.e. the temporary (session) cookies and the persistent cookies, which are stored longer. Both the temporary and the persistent cookies

serve the purpose of making the respective browser, and thereby the respective IT device (e.g. desktop, laptop) identifiable. Thus the data processed in the course of this include the cookie used for the identification and the activity performed on the website, related to the respective ID (e.g. time of opening, leaving/closing the website, the transactions performed on the website, the website opened from here). Please note that neither the session ID, nor the other applied cookies are suitable for personal identification by the Data Controller, since those identify the browser and the device used rather than the user (i.e. the person visiting the website).

First-party cookies applied on the www.capsys-europe.com website:

  • name: PHPSESSID
  • content: slgaiccl9itjiqfriiac1e07d3
  • name:_ga

·      content: GA1.2.534167035.1528293480

  • name:_gid

·      content: GA1.2.379875390.1528293480

Cookie used on the www.capsys.hu website:

  • name: PHPSESSID
  • content: 1kkmioe78pm14v04taqhhb1sh3
3.2.Third-party codes used on the website

On our websites we use the third-party codes of Google – as external service provider – and these applications also contain cookies. Please note that the service provider may store anonymous data related to the visiting of the site (for the purpose of statistics), as well as data related to the settings of the browser that you use and to the activity performed on the site (e.g. the content viewed on the website by the user of the respective browser and the time of viewing).  The aforementioned codes are not suitable for personal identification by the service provider and the operator of the website, since they do not contain the personal data of the visitor, they only identify the browser that you use.

The website also runs third-party codes for remarketing purposes. Remarketing is a method of advertising, which facilitates the unique identification of the visitors of our website – or more precisely, the browser that they use – also through the cookies mentioned earlier. The remarketing codes facilitate the tracking of the activity of the user of a specific device related to the respective website and on other websites (e.g. sites opened, viewing/opening/scrolling the menus on the sites, the route between the individual websites, the initial site from which he came to the respective website, the website opened from there) and the time of the prior last visit to the website. That is, if the browser returns a previously stored cookie, the service providers handling it can connect the user's current visit with the former ones, but only in respect of their own content.

The cookies used for remarketing purposes do not permit the service provider to identify the person, since it identifies the software and device used, rather than the user.

Our website runs the codes of the following external service providers: Google LLC. and a Facebook Inc.

You have the right to disable or personalise the cookies used by Google. For more information on the data processing by Google, see:

You have the right to disable or personalise  the cookies used by Facebook. For more information on the data processing by Facebook, see:

Furthermore, you have the right to disable the cookies in your browser at any time; however, in this case you may not be able to access certain parts of the services on the website and certain functions may not work properly. In the most often used browsers it is possible to delete the cookies from your computer and it is also possible to disable them, e.g.

  • Edge: Settings / Advanced / Privacy and services /Enable cookies;
  • Chrome: Settings / Advanced / Content settings / Cookies/ See all cookies and site data /Remove all

4.Legal basis and purpose of the data processing

The basis of the data processing is your consent (Article 6(1)a) of GDPR), which you can provide by clicking ‘Accept’ displayed in the highlighted  banner on the site. This also implies your consent to the processing of personal data by applying cookies.

4.1.Purpose of the data processing

In the case of the session ID, the cookie contains the identifier of the session, which is essential for the visitor to use the various functions, such as remembering previous logins or the text entered.

We use other cookies to:

  • ensure the optimal functioning of the website;
  • customise user experience;
  • identify you as user (or more precisely, the browser that you use);
  • prepare statistics for diagnostic and load balancing purposes. The cookies listed above are necessary for the proper functioning of the website.

In the case of cookies used for statistical purposes, the Data Controller primarily obtains information  on the number of visitors and the time spent by them on the website. The programme recognises the visitor's IP address, and thus it can track whether he is a returning or a new visitor.

The cookie information collected on the website helps us better understand the way you interact with the website, analyse the information and thereby foster the enhancement and improvement of the website services. The Data Controller processes all data and facts related to the users confidentially and uses them solely for the improvement of its services.

In the case of codes (cookies) used for remarketing, the purpose of the data processing is to monitor the way visitors interact with the respective website and other websites, their circle of interest and preferences, in order to facilitate the generation of personalised advertising messages for them (the latter may be related not only to the partners of the Data Controller, but also to the external service provider that applies the code, as well as to his other business partners).

5.Duration of the data processing

First-party cookies applied on the www.capsys-europe.com website:

  • name: PHPSESSID
  • expiry: deleted at the end of the session by closing the browser
  • name:_ga
  • expiry: 2  years, after which it is deleted
  • name:_gid
  • expiry: 1 day, after which it is deleted

Cookie used on the www.capsys.hu website:

  • name: PHPSESSID
  • expiry: deleted at the end of the session by closing the browser

If you disable (delete) the cookies in the browser that you use, the data processing through those cookies will end then. In the most often used browsers it is possible to delete the cookies from your computer and it is also possible to disable them, e.g.

  • Edge: Settings / Advanced setting / Privacy and services /Enable cookies;
  • Chrome:  Settings / Advanced / Content settings / Cookies/ See all cookies and site data / Remove all

6.Transfer and transmission of the processed personal data

6.1.www.capsys.hu

The Data Processor operates the  www.capsys.hu website on its own, without relying on any external service providers; accordingly no transfer or transmission of personal data takes place in connection with this.

6.2.Google

In the case of the cookies applied by Google, the following company is involved as external service provider:

  • company name: Google LLC.
  • address:1600 Amphitheatre Parkway Mountain View, CA 94043 United States

·      contact, phone: +1-650-253-0000

Google LLC. has joined the Privacy Shield Agreement concluded between the United States of America and the Commission of the European Union, and thus in the case of the data transmitted to it, the same level of data protection as in the EU should be presumed, and as such no further conditions apply.

You have the right to disable or personalise the cookies used by Google.  For more information on the data processing by Google, see:

For more information on the cookies place  by Google on your computer see:

  • https://policies.google.com/technologies/types

6.3.Transmission of data to third (non-EU) countries

In relation to the operation of the website, the Data Controller performs no data transmission outside the European Union. The data, specified in the foregoing, related to the cookies applied by Google, as external service provider, may also be  transferred to Google's servers (including its overseas servers, as the case may be); however, pursuant to the Privacy Shield Agreement, the same protection level should be presumed in respect of Google LLC. as in the case of the data protection in the European Union, and thus no further conditions apply to the data transmission.

7.Protection of the processed personal data

When developing the technical and procedural rules for the data processing operations, the Data Controller pays special attention to providing proper physical and IT protection for your data. The primary objective of the applied measures is to avoid and prevent unauthorised access to and unauthorised modification, transmission, disclosure, deletion or corruption of the processed data. The Data Controller selects the tools and measures applied during the data processing accordingly. Furthermore, the Data Controller ensures that the processed data can be accessed only by the authorised persons and that the authenticity and constancy of the data are guaranteed.

8.Rights of the data subject related to data processing

In relation to the data processing pursued by the Data Controller in respect of your personal data, you have the right to:

  • receive proper and transparent information, and within that to receive feedback whether your personal data are being processed;
  • request that your inaccurate personal data should be corrected;
  • request that your processed personal data should be erased, if the data processing is based solely on your consent;
  • request that the processing of your personal data should be restricted;
  • object to the processing of your personal data, or to withdraw your former consent at any time;
  • receive your personal data provided by you to the Data Controller in a structured, commonly used and machine-readable format, and to transmit those data to another data controller. You are entitled to this right, if the processing is based on your consent or on a contract and the processing is carried out by automated means. The exercise of the right must not prejudice the rights and freedom of others.
  • turn to the supervisory authority if the data processing is presumed to be injurious.
8.1Content of the data subject's individual rights
  1. right of access to personal data: the data subject has the right to obtain from the Data Controller confirmation as to whether or not his personal data are being processed, and if so, to access the following information:
    • categories of the processed personal data,
    • purpose of the data processing,
    • the recipients to whom the personal data have been or will be disclosed,
    • envisaged period for which the personal data will be stored, or  the criteria used to determine that period,
    • information on the source of the data, where the personal data were collected not from the data subject,
    • the right to lodge a complaint with the supervisory authority,
    • where the data processing includes automated decision-making or profiling, information about the logic involved, as well as the envisaged consequences thereof for you.
  2. right to rectify personal data: the data subject has the right to request the Data Controller that it should, without undue delay, rectify any inaccurate personal data concerning him, or complete the incomplete personal data, including by means of providing a supplementary declaration.
  3. right to erase personal data: the data subject has to right to request the Data Controller that it should, without undue delay, erase the personal data related to him, and the Data Controller is obliged to erase the personal data related to the data subject without undue delay, if:
    • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    • the data subject withdraws his consent and there is no other legal ground for the processing;
  • the data subject objects to the data processing, and there is no overriding legitimate reason for the data processing; or
  • the personal data were processed unlawfully; or
  • the personal data are to be erased to fulfil the legal obligation applicable to the Data Controller; or
  • the personal data have been collected in relation to offering information society services (e.g. some sort of online marketing, internet lottery).

There may be important reasons and interests that may permit the processing of the data subject's data even if he objected to this (e.g. for exercising the right of freedom speech and the right information or for submitting, enforcing and defending legal claims).

  1. right to restrict processing: the data subject has the right to request the Data Controller that it should restrict the data processing, if:
    • the accuracy of the personal data is contested by the data subject (in this case the restriction will last until such time as the Data Controller verifies the accuracy of the personal data); or
    • the data processing is unlawful and the data subject requests that the use of those should be restricted rather than erased; or
    • the Data Controller no longer needs the personal data for data processing purposes, but the data subject needs them for the purpose of submitting, enforcing or defending legal claims; or
    • the data subject objected to the data processing (in this case the restriction lasts until such time as it is established whether the legitimate arguments of the Data Controller take priority over the data subject's legitimate arguments);

During the period of restriction – with the exception of the cases related to important public interest or to the protection of personal rights – no data processing operation may be performed other than storage.

  1. right to data portability: the data subject has the right to receive his personal data provided by him to the Data Controller in a structured, commonly used and machine-readable format, to transmit those data to another data controller. The data subject is entitled to this right, if the processing is based on his consent or on a contract and the processing is carried out by automated means. The exercise of the right must not prejudice the rights and freedom of others.
  2. right to object: if the legal basis of the data processing is a legitimate interest that the Data Controller wishes to enforce, the data subject has the right to object to the processing of his personal data at any time due to reasons related to his personal situation. In such case, the Data Controller may not process the personal data any longer, unless the Data Controller proves that the data processing is justified by coercive legitimate interests, which take priority over the data subject's interest, rights and freedom, or which relate to the submission, enforcement or defending of legal claims.

9.Rights to legal remedies

If you believe that your rights in relation to the processing of your personal data by the Data Controller were prejudiced, and we failed to respond to your related requests and comments, or we responded with undue delay or in improper manner, you have the right to file a complaint with the competent supervisory authority.

Data of the competent supervisory authority:

  • Name: Hungarian National Authority for Data Protection and Freedom of Information (NAIH)
  • address: H-1125 Budapest, Szilágyi Erzsébet fasor 22c,
  • e-mail: ugyfelszolgalat@naih.hu

·      telephone: +36 1 391 1400

Furthermore, you have the right to seek remedy at the court of justice having competence based on your permanent residence or place of abode, if you believe that the Data Controller processes your personal data in a way that breaches the law or the provisions of the European Union's mandatory legislative act.

Annex 9 to the Data Protection Policy of Capsys Ltd.

We recommend that if you plan to seek remedy at the supervisory authority or at court, you should first obtain information from the Data Controller, since the information related to your questions and requests requiring remedy are available at the data controller.

Our company is committed to implementing the principles of lawful, transparent and fair data processing; accordingly, in the case of presumed breaches we take urgent measures to clarify the issues, and we will notify you on the findings and the measures taken to remedy the injurious situation, within 1 month from contacting us, at the latest.