Privacy Policy

This Privacy Policy contains the Privacy Policy of the Compliance Assessment Service Documentation Page and the Privacy Policy of the Compliance Assessment Service itself

1. Responsible Party

The responsible party in terms of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is: Precognox Information Technology Limited Liability Company

• Headquarters / Mailing address: H-7400 Kaposvár, Fő utca 65.
• Phone number: +36 82 222-193
• Email: info@precognox.com

2. Data Protection Officer

If you have any request about your data, contact us using the following email address: info@precognox.com.

3. Your rights as a data subject

You can exercise the following rights at any time in accordance with the EU General Data Protection Regulation (GDPR) using the contact details provided:

• Information about your data stored by us and its processing (Art. 15 GDPR),
• Correction of inaccurate personal data (Art. 16 GDPR),
• Deletion of your data stored by us (Art. 17 GDPR),
• Restriction of data processing if we are not yet permitted to delete your data due to legal obligations (Art. 18 GDPR),
• Objection to the processing of your data by us (Art. 21 GDPR), and
• Data portability, provided that you have consented to data processing or have concluded a contract with us (Art. 20 GDPR).
• If you have given us your consent, you can revoke it at any time with effect for the future.

You can contact a supervisory authority at any time with a complaint, e.g., the competent supervisory authority of the state in which you reside or the authority responsible for us as the responsible body.

The competent supervisory authority is the National Authority for Data Protection and Freedom of Information (NAIH): https://www.naih.hu

4. Processing activities

4.1. Collection of general information when visiting website

4.1.1. Nature and purpose of processing

When you access our website, i.e. if you do not register or otherwise submit information, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider, your IP address, and similar information.

They are processed in particular for the following purposes:

• Ensuring problem-free connection to the website
• Ensuring smooth use of the website
• Ensuring and evaluating system security and stability, in particular for the detection of misuse
• For the technically error-free display and optimization of the website
• We do not use your data to draw conclusions about your person. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.

4.1.2. Legal basis and legitimate interest

Processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website and ensuring system security and misuse detection.

4.1.3. Recipients

The recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website.

4.1.4. Storage period

Data is stored in server log files in a form that allows the identification of the persons concerned for a maximum of three months, unless a security-related event occurs (e.g., a DDoS attack).

In the event of such an incident, server log files will be stored until the security-related incident has been resolved and fully investigated.

4.1.5. Provision mandatory or necessary

The provision of the aforementioned personal data is neither legally nor contractually mandatory. However, without the IP address, the service and functionality of our website cannot be guaranteed. In addition, individual services may be unavailable or restricted.

4.1.6. Objection

Please read the information below about your right to object under Article 21 of the GDPR.

4.2. Collection of Personal data when using our service

4.2.1. Nature and purpose of processing

When entering into and performing a contract to use our service, we process personal data of your organization's contact persons for account setup and administration, user management, customer support, security, and billing/contract communications.

The categories of data typically processed are:

• Identification and contact details: name, business email address, business telephone number, (optionally) job title/role.
• Account data: username, roles/permissions, password hash (never plaintext), authentication/MFA data, account preferences.
• Security/audit data: timestamps, login and activity logs, IP addresses associated with account access (used for security/audit).
• Communications: support requests, emails or messages exchanged with us regarding the service.

We do not draw conclusions about you as a person beyond the purposes above and do not use this data for unrelated purposes.

4.2.2. Legal basis

Processing is carried out pursuant to:

• Art. 6(1)(b) GDPR (performance of a contract) - to create and manage accounts, provide the service, and handle support.
• Art. 6(1)(f) GDPR (legitimate interests) -to secure our systems, prevent misuse/fraud, and improve service stability (balanced against your interests and rights).
• Art. 6(1)(c) GDPR (legal obligation) - where retention of certain records is required for accounting/tax or compliance purposes.

4.2.3. Recipients

Access to personal data is limited to personnel who need it to perform their tasks ('need-to-know'). We also use carefully selected processors for hosting, storage, CRM/helpdesk, authentication/notification delivery (email/SMS), and (where applicable) billing. These processors act on our instructions under data processing agreements. An up-to-date list of processors is available upon request.

4.2.4. Storage period

We retain personal data for the duration of the contract and active account. After termination, we delete or anonymize personal data within 90 days, unless a longer retention is required by law. In particular, accounting documents are retained for 8 years in accordance with Act C of 2000 on Accounting, and employment records relevant for pension rights are retained for up to 50 years in line with applicable labour and social security laws.

Security/audit logs: retained for 3 months to investigate incidents and ensure service integrity.

Support communications: retained for 3 months after ticket closure to document support history and improve service quality.

4.2.5. Provision mandatory or necessary

Providing the above personal data is necessary to conclude and perform the contract and to create user accounts. Without it, we cannot provide the service or support functionality. Where specific fields are optional, this will be indicated at the point of collection.

4.2.6. Objection

Where processing is based on legitimate interests (Art. 6(1)(f) GDPR), you have the right to object at any time on grounds relating to your particular situation (see Article 21 GDPR). If you object, we will stop processing unless we demonstrate compelling legitimate grounds or the processing is necessary for the establishment, exercise, or defense of legal claims. Processing necessary for contract performance or legal obligations cannot be objected to but you may request account deletion subject to legal retention requirements.

4.2.7. Source of data

We obtain personal data directly from you or your employer (e.g., when creating an account or during onboarding). Where appropriate, we may verify or supplement business contact details from publicly available sources (e.g., your company website or professional directories).

4.2.8. Automated decision-making

We do not use personal data in automated decision-making or profiling that produces legal effects or similarly significantly affects you (Article 22 GDPR).

5. Information about your right to object under Article 21 GDPR

5.1. Right to object in individual cases

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(f) GDPR (data processing based on a balancing of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

5.2. Recipient of an objection

Email: info@precognox.com

6. Changes to our privacy policy

We reserve the right to amend this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your next visit.

7. Questions about data protection

If you have any questions about data protection, please send an email to the person responsible mentioned above.

8. Copyright information

This privacy policy was created with the help of activeMind AG - the experts for external data protection officers (version #2024-10-25).