bauapp logo

privacypolicy

  1. Home
  3. privacypolicy

DATA PROTECTION POLICYbauapp logo,digitális építőipar, építőipar szoftver, építőipar mobil alkalmazás, építőipar android, építőipar iphone, építőipar ios, proptech, contech, építés irányítás, építőipari mobilalkalmazás

 

 

BAUAPP

DATA PROTECTION POLICY

 

V2.0

July 1, 2021

DECLARATION

Regarding the drafting and entry into force of the data protection policy

BauApp Kft. (registered seat: Lévay József u. 2., 3529 Miskolc, Hungary, tax number: 26159991-2-05), hello@bauapp.com, phone: +36 1 413 0505) and BauApp BauApp spółka z ograniczoną odpowiedzialnością oddział w Polsce (Grzybowska 62, 00-855 Warsaw, Poland, tax number: PL1080023801) hereinafter as BauApp Related Companies or referred to as BauApp has drafted and falls within the scope of the following data protection policy. BauApp undertakes to comply with this policy, the provisions of the applicable national legislation as well as the requirements prescribed by the legal acts of the European Union during any data processing activity carried out in connection with its activity, in particular, the following legislation:

  • REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation):
  • Act CVIII of 2001 on certain issues of electronic commerce services and information society services (in particular Section 13/A;
  • Act C of 2003 on electronic communications (in particular Section 155)
  • Act XC of 2005 on the freedom of electronic information.
  • REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
  • Act XLVII of 2008 on the Prohibition of Unfair Business-to-Consumer Commercial Practices;
  • Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (in particular Section 6);
  • Act CXII of 2011 on the right of informational self-determination and on freedom of information (hereinafter: Privacy Act);
  • Opinion 16/2011 on EASA/IAB best practice recommendation on online behavioural advertising;
  • Recommendation of the Hungarian National Authority for Data Protection and Freedom of Information on the data protection requirements of the provision of prior information;
  • Section 169 (2) of Act C of 2000 on Accounting.

BauApp software and Bauapp websites shall be governed by this data protection policy.

The data protection policy is available at: https://www.bauapp.com/gdpr.

BauApp reserves the right to amend this policy any time. Any amendment to this policy shall take effect once it has been published at the above address. BauApp is committed to protect the personal data of its clients and partners, and deems it of the utmost importance to respect its clients’ right of self-determination. BauApp keeps personal data confidential and takes all safety, technical and organisational measures necessary to ensure the safety of such data.

BauApp sets out its data protection practices below:

During the processing of personal data, BauApp applies two methods depending on whether the personal data are received and processed by BauApp as a data controller or data processor.

  • Regarding data received by BauApp as a Data Controller, the rules of procedure are set out in Chapter 2.
  • Regarding data received as Data Processor, the rules of procedure as set out by Chapter 6.
  1. data and contact details of BauApp

Name: BauApp Kft.

Registered seat: Lévay József u. 2., 3529 Miskolc, Hungary

E-mail:    hello@bauapp.com

Phone: +36 1 533 3073

 

Name: BauApp spółka z ograniczoną odpowiedzialnością oddział w Polsce

Registered seat: Grzybowska 62, 00-855 Warsaw, Poland

E-mail:    klient@bauapp.com

Phone: +48 32 224 74 61

The purpose of the data Protection policy

The purpose of this Data Processing Policy is to specify the scope of the personal data processed by Data Controller and Data Processor, the method of data processing, ensure the privacy of natural persons in accordance with the effective legislation and compliance with the requirements of data protection and data security, and to prevent unauthorised access to or use of personal data, modification or unauthorised disclosure of personal data.

BauApp declares that its data Controlling or Processing activities comply with the following principles.

  1. Lawfulness, fairness and transparency: Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject
  2. Purpose limitation: Personal data may only be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89 (1), not be considered to be incompatible with the initial purposes;
  3. Data minimisation: Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  4. Accuracy: Personal data shall be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
  5. Storage limitation: Personal data shall be kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject;
  6. Integrity and confidentiality: Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures;
  7. Accountability: Data controller shall be responsible for, and be able to demonstrate compliance with the above.

Definitions

“Bauapp websites”:  BauApp and BauApp software deploys several websites where data subjects and Subscribers can access information related to BauApp or access BauApp software. These websites have several domains and subdomains including also: www.bauapp.com, www.bauapp.net, www.bauapp.pl, www.bauapp.hu, www.dtls.hu. All these domains and their subdomains shall be referred to hereafter as “Bauapp websites”;

“Consent of the Data Subject”: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

“controller”: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

“newsletters”: BauApp uses several communication channels to existing or prospective or former data subjects or Subscribers permitted by law and this policy. These communication channels include also newsletters, emails, phone calls, text messages, social media messages. All these communication channels shall be referred to hereafter as “newsletters”;

“personal data”: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

“personal data breach”:  a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

“processing”: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

“processor”: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

“recipient“: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.  However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

  1. Data controlling

Legal basis for processing Data processing carried out by BauApp is based on  [GDPR, Article 6 (1) a)] a consent that is freely given. Controlling is carried out upon the freely given, clear, informed and unambiguous consent of the data subject that contains the explicit consent of the data subjects to control their data provided during the usage of the BauApp Software, that is, the BauApp iOS and Android mobile application, computer application, developer application, server application, and other software solutions as well as the usage of any solution included in BauApp Software including mobile and web applications, and during visiting or using Bauapp websites (for entire or specific processes).

Scope of users (visitor, registered visitor, subscriber): With particular attention to Article 1(1)-(2) REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the Data Subjects are the visitors of Bauapp websites, registered users of BauApp Software and subscribers making a contract with BauApp. Registered users include natural persons who registered online or via another method to BauApp Software and gave their own data and those registered in the BauApp Software by a subscriber or listed in the recipients of newsletters. During the operation of Bauapp websites, BauApp Software and the newsletter, BauApp (as Data Controller) processes the data of the visitors and registered users (as Data Subjects).

Regarding technical data, Data Subjects consent to be bound by the provisions of this Data Protection Policy by visiting and/or enter Bauapp websites to collect information or log in to and/or use BauApp Software. Regarding any other data , Data Subjects accept the provisions of the Data Protection Policy, based on the consent provided during the registration and contract process and – in accordance with Article 6 (1) a) and Article 7 of the GDPR – give their consent to controller to process their data in compliance with the GDPR and their own data controlling policy with regard to the fact that pursuant to Article 7 (3) of the GDPR, Data Subject may withdraw his or her consent at any time, by sending a written notification to Controller.

Data Subject shall provide correct and valid data to Controller (Data Subject shall compensate for damages arising out of the provision of incorrect data). Consequences arising out of the provision of incorrect or incomplete data shall be borne exclusively by Data Subject. Controller does not check the data or their veracity.

Scope of the data controlled: name, user ID, e-mail address, phone number, the address of the website visited, the IP address of the user, the hardware and software version of user’s mobile device, GPS and other location data of user’s mobile device and data related to the operational system and the browser of user’s personal computer. During the visit to Bauapp websites or the usage of BauApp Software, BauApp records visitors’ data to check the operation of the service, to provide tailor-made services, to prevent abuse and to transfer the data to related BauApp companies. Legal basis for the processing: the consent of the Data Subjects and Section 13./A (3) of Eker (Act CVIII of 2001 on certain issues of electronic commerce services and information society services).

Purpose of data controlling The purpose of data controlling related to visiting the website, using the BauApp Software and registering is to provide high quality service regarding content and IT aspects, identify users and reference data, ensure safe storage of the data and back-up data, log the operation of the BauApp Software, ensure operative monitoring and retraceability to guarantee high service quality, cyber security, analyse system errors, display personalized content and statistical reports and ensure high standards of customer relationship management. In addition to customer relationship management, the purpose of data controlling related to the service agreements concluded with customers is to fulfil contractual obligations during service provision and issue invoice in compliance with the accounting rules.

Data Subjects explicitly give their consent to Controller to control their data provided or directly uploaded into the BauApp Software or sent via other communication channels for the purposes specified herein, in line with the applicable legislative framework and with view to the principle of purpose limitation. Data processing is carried out by Controller using its own IT systems and during the operation of the BauApp Software, Controller uses third-party services for hosting, storage and other cloud-based IT services, such as BI statement services, report generating software, tracking of error recording, mobile application developing and operating services, data-archiving services, system monitoring services, test system services and e-mail services (data processor). IT systems listed above operated by BauApp or used via third-party service providers are hereinafter referred to BauApp Integrated IT system. BauApp stores the data on its Integrated IT system, the third-party service providers of which thus became data processors.

Data Subjects give their consent to BauApp to use its partners and subsidiaries – who are regarded as data processors of BauApp – in particular, among others the following companies:  BauApp Kft. (registered seat: Lévay József u. 2., 3529 Miskolc, Hungary, tax number: 26159991-2-05), hello@bauapp.com, phone: +36 1 413 0505) and BauApp spółka z ograniczoną odpowiedzialnością oddział w Polsce (Grzybowska 62, 00-855 Warszawa, Polska, tax number: PL1080023801), DTLS Kft. DTLS Kft. (Lévay József u. 2., 3529 Miskolc, Hungary, tax number: 28973816-2-05). The companies listed above are hereinafter referred to as BauApp Related Companies.

By accepting this data protection policy, Data Subject explicitly consents to the processing of any data provided (e.g.: via e-mail) that goes beyond the scope of personal data, that is, sensitive data. The acceptance of this policy shall be considered by Data Subject to be in writing. Controller declares that the data provided by the Data Subjects are processed only for the specific purpose and it may not use such data for purposes other than indicated. Upon the request of an authority, or legal obligation, Controller shall disclose the data to the relevant body (e.g.: authority), by accepting this data processing policy, Data Subjects give their explicit consent to such disclosure, consequently, Controller is not obliged to ask for further consent from Data Subjects. Data Subjects shall not submit any request to Controller for that purpose. Controller may not be held liable regarding the data provided. In all cases where Controller wishes to use the data provided for purposes other than the original purpose of the data collection, Controller shall inform Data Subject and ask his or her prior, explicit consent and provide opportunity to the Data Subject to prohibit processing.

Declaration of Consent of the Data subject 

(I.) Regarding technical data, Visitor to Bauapp websites, when visiting the website, automatically

(II.) Regarding technical and other data based on consent, registered user of BauApp Software, once the registration is finalized and/or when Data Subject enters and/or uses the BauApp Software,

(III.) Regarding technical and other data provided in relation to the conclusion of an agreement, contracting partner (Subscriber) of BauApp, when the product order is sent or the agreement related to the order is signed,

gives his or her consent

to the processing of his or her data in accordance with the provision of this Policy.  In case data processing is carried out by Controller pursuant to the provisions of this Policy, Data Subject may not enforce any claim for damages, compensation, general damages for infringement of personal right or other claims against Controller.

Newsletter:

Data Subject may subscribe or be subscribed by another Data Subjects to receive newsletters from BauApp.

If Data Subject does not wish to receive newsletters sent by BauApp, he or she may unsubscribe from the newsletter by provided unsubscribe technical methods.

Data submitted during the registration

Personal data Purpose of data processing
Last name and first name –          First communication

–          Unique identifier necessary for the usage of the BauApp Software
E-mail address –          First communication

–          keeping contact;

–          Unique identifier necessary for the usage of the BauApp Software

–          To ensure the logical operation of the BauApp regarding the data and the processes;

–          To use the BauApp Software and have access to selected content and applications;

–          To generate reports and statistics for the BauApp Software and send notifications;

–          Other communication purposes of BauApp.
 

Phone number

 –          First communication

–          keeping contact;

–          To use the BauApp Software, identification, data communication and data transfer;

 

Data accessible following registration

The Bauapp websites and the BauApp Software stores data related to users entering the website using their registered username/e-mail address and password, that can be connected with the personal data of the user who entered the website, consequently, Controller processes the data detailed below as personal data.

Personal data Purpose of data processing
 Username –          Unique identifier necessary for the usage of the BauApp Software

–          To ensure the logical operation of the BauApp regarding the data and the processes;

–          To use the BauApp Software and have access to selected content and applications;

–          To generate reports and statistics for the BauApp Software and send notifications;

–          To use the BauApp Software, identification, data communication and data transfer;
 Password –          To use the BauApp Software, unique identification;
 IP address – Data required for the smooth operation of BauApp Software and Bauapp websites
GPS and other locational data –          Data required for the smooth operation of BauApp Software

–          To ensure the logical operation of the BauApp regarding the data and the processes;

–          To use the BauApp Software and have access to selected content and applications;

–          To generate reports and statistics for the BauApp Software and send notifications;
Hardware and software version of a mobile device –          Data required for the smooth operation of BauApp Software

Data provided during the preparation and conclusion of the agreement (order/confirmation of order)

Personal data Purpose of data processing
Signatory, contact person (etc.)

Last name and first name

 Required for contact, purchase and the issuance of the invoice in accordance with the relevant requirements.
E-mail address Keeping contact
Phone number Keeping contact, efficient arrangement of issues related to invoicing or shipping.

Technical data

Data generated during the usage of Bauapp websites and the BauApp Software, which is recorded by BauApp Integrated IT system as a result of the IT processes. These data are, among others, the data of visit, the IP address of Data Subject, the type of the browser, the address of the website previously visited. (The IP address is a series of numbers based on which the computers of the users using the internet can be clearly identified. Thanks to the IP addresses, the user using the relevant computer can even be located geographically. The addresses of the websites, the date and the time, as such, are not suitable for identifying the Data Subject, but if they are connected with other data (e.g.: data provided during the registration), they can be used to draw consequences about the user.) Data recorded automatically are logged automatically when logging in or out without a specific declaration or action of the Data Subject. The sets of data processed electronically in various registries are not connected and these data may not be assigned directly to the Data Subjects – unless it is permitted by the law. Only Controller and the Data Subjects have access to the data and the data are stored in the BauApp Integrated IT system with the involvement of the necessary data processors. The data of the Data Subject who registers are stored in the same database with his or her technical data according to the purposes of the processing. Data Subject gives his or her consent to the above when registering at the website and accepting this policy.

Personal data Purpose of data processing
 IP address  Data used to improve service quality.
The time spent browsing Bauapp websites.  Data used to improve service quality.
Type of the browser Data used to improve service quality.
Type of the operation system Data used to improve service quality.
  1. Handling cookies

 

Cookies are alphanumeric data sets with various content sent by the webserver and stored on the user’s computer for a pre-defined validity period. Cookies are used to collect certain data of the visitors and track internet usage.

Thus, with the help of cookies , the interests, internet usage patterns and browsing history of the Data Subject can be accurately determined. Since cookies function as label files, that can identify visitors returning to the website the username and the password can also be stored by the usage of cookies.

If during the site visit the browser of the user sends back the cookies previously saved on the hard drive, the service provider that sent the cookie can connect the current visit with the previous ones, but as cookies are linked to the domains, it is only possible regarding the content of the relevant website. Cookies are not in themselves suitable for identifying the user, they can only identify the visitor’s computer.

Based on their validity period and origin, there are various types of cookies:

“session cookies protected with a password”

“secure cookies”

“Necessary cookies”

“Functionality cookies”

“cookies responsible for managing site statistics”

Type of cookie Legal basis for the processing: Duration of processing

 
Session cookies

 

 Paragraph (3) Section 13/A of Act CVIII of 2001 on certain issues of electronic commerce services and information society services. The period until the end of the relevant visitor session.

 

 
Permanent or saved cookies

 

 Paragraph (3) Section 13/A of Act CVIII of 2001 on certain issues of electronic commerce services and information society services. Until the data subject is erased

Informing the data subjects about their rights related to processing: Data subjects may erase cookies in the Tools/Settings menu of their given browser by choosing Data Protection settings.

Legal basis for the processing: Consent from the Data Subject is not required if the data are used for the sole purpose of carrying out the transmission over an electronic communication network or necessary for BauApp in order to provide an information society service explicitly requested by the Data Subject.

  1. Duration of processing, the deadline for the erasure of the data:

Personal data mandatorily provided during the registration process is controlled from the date of the registration until the erasure of the data. Logged data are stored for 6 years from the date of logging. Controller shall inform Data Subject about the erasure of any personal data electronically, in accordance with Article 19 of the GDPR

If the e-mail address provided by the Data Subject is included in the data to be erased based on the request of the Data Subject, Controller shall erase the e-mail address once the notification has been sent.

Regarding the mandatory data to be stored in line with the legal requirements, BauApp is not able to comply with the request, in particular in case of accounting documents, contracts, orders, client instructions, invoices as pursuant to Section 169 (2) of Act C of 2000 on Accounting, these data shall be stored for 8 years. Accounting documents supporting the preparations of the accounts either directly or indirectly (including the general accounts, the analytic and detailed registries) shall be retained for at least 8 years, in a legible format and traceable manner and according to the reference numbers of the accounting records.

Possible data controllers entitled to have access to the data, the recipients of personal data: Personal data may be controlled by the employees of BauApp or BauApp Related Companies in line with the principles specified above.

Informing the data subjects about their rights related to processing:

  • Data subject is entitled to request from the Controller erasure of personal data or restriction of processing concerning the data subject
  • and to object to processing.
  • Data Subject is entitled to withdraw his or her consent at any time.

Access to, erasure, modification of the personal data, or restriction of procession, data portability or objection to processing can be requested by Data Subject in the following manner:

– by regular mail sent to the registered address of the company

– via e-mail to hello@bauapp.com.

 

  1. The legal basis
  • Paragraph (1), Article 6 of the GDPR, Section 5 (1) of the Privacy Act,
  • Section 13/A (3) of Act CVIII of 2001 on certain issues of electronic commerce services and information society services (in particular Section 13/A; (hereinafter: Eker):
  • For service provision purposes, BauApp may process personal data that are technically, strictly necessary to provide the services. In case of equivalent conditions, BauApp shall choose and apply in each case the technical tools used in connection with information society services to ensure that personal data are processed only if it is strictly necessary for the provision of the service and to comply with the purposes of this legislation and only to the extend and for the period necessary.

For invoices issued in accordance with the account legislation, Article 6 (1) c).

 

  1. Data processing

As part of BauApp services BauApp performs exclusively data processing activities as a representative of Subscriber based on a subscribtion, order form or  license agreement to the extent it is necessary for the provision of BauApp service. When using the BauApp Software, Subscriber becomes Data Controller regarding the data recorded in the BauApp Software by Subscriber and its Users. During the usage of the BauApp Software, Subscriber can register natural persons or legal entities as employees, agents or other parties related to Subscriber or record personal data of these Data Subjects in another manner in the database of BauApp Software. Subscriber can record these data on the management platform of the BauApp Software, or on a software platform specifically developed for the relevant Subscriber, or directly requesting it from a BauApp employee. Subscriber can also record data automatically in the BauApp Software using the integration channel connecting the BauApp Software and the its own IT system. In such cases, the Subscriber is the exclusive Controller and BauApp only has a data processor role. The data processing activity of BauApp is provided on the condition that Subscriber provides comprehensive information to the each of its registered Users and other Data Subjects regarding the subject, content and scope of the processing and the Users and other Data Subjects have given their consent to data processing in accordance with the legislative requirements both regarding form and content. This information and consent are the full responsibility of Subscriber. BauApp is not able or obliged to check the provision of this information and whether the consent is given. Subscriber takes note of the fact and acknowledges that BauApp shall not be held liable for any damage arising out of the failure to comply with this obligation to provide information and request consent or incomplete implementation of the obligation, and in the event of any damage, Subscriber shall release BauApp from any sanctions or liability to pay a compensation.

6.1 Data processing agreement (Article 28 of the GDPR)

In relation to the cooperation between BauApp and the Subscriber, and in view of the aforesaid provisions of the Data Protection Policy, GTC and the orders, BauApp (acting as the data processor, referred to in this section 6.1 as the “Processor”) and the Subscriber (acting as the data controller, referred to in this section 6.1 as the “Controller”) hereby enter into this data processing agreement (the “Agreement”):

  1. The Controller hereby retains the Processor for the purpose of processing of: (i) any data which might be included in any documents and files that the Controller uploads to the BauApp software, especially identification details and contact details; (ii) the following data of the BauApp software users, authorized by the Controller: first name, last name, company name, e-mail address, IP address and GPS location.
  2. The scope of data processing performed by the Processor on behalf of the Controller includes: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  3. The Processor will be processing personal data upon the Controller’s request. This Agreement shall be regarded as a request for data processing.
  4. The Processor hereby represents that:
    1. it is able to implement appropriate technical and organizational measures in order to ensure an adequate level of security which matches the risk related to personal data processing, so that such processing is compliant with GDPR and protects the rights of data subjects;
    2. it will ensure that the individuals authorized to process personal data keep all such information confidential or are bound by a relevant statutory non-disclosure obligation;
    3. taking into account the nature of data processing, it will (as far as possible) assist the Controller – through adequate technical and organizational measures – in meeting the obligation to address the requests of data subjects, related to the exercise of their rights;
    4. taking into account the nature of data processing and the available information, it will assist the Controller in meeting the obligations specified in articles 32-36 of GDPR;
    5. in case any sub-processing agreement is executed, the sub-processor will be bound by the same personal data protection obligations as specified in this Agreement, especially the obligation to ensure sufficient implementation of appropriate technical and organizational measures, so that processing is compliant with applicable laws;
    6. it has designated its Data Protection Officer: Zsolt Pecsenye, e-mail: zsolt.pecsenye@bauapp.com.
  5. The Controller expresses its general consent for the Processor to use the services of another data processor (sub-processing). In particular, the Controller hereby agrees for the sub-processing of the personal data covered by this Data Protection Policy and BauApp Related Companies. The Processor will notify the Controller regarding new data (sub)processors.
  6. The Controller expresses its consent for the personal data to be transferred outside EEA to sub-processors with which the Processor cooperates, listed in this Data Protection Policy.
  7. The Controller shall be entitled to conduct inspections as to whether the measures adopted by the Processor with respect to the personal data meet the requirements specified in the Agreement, exclusively upon the conditions and within the time limits pre-agreed between the Controller and the Processor. The Controller may ask the Processor to provide relevant clarifications as regards the manner of personal data processing. All costs related to the aforesaid inspections shall be covered by the Controller. If the Processor incurs any costs, the Controller shall reimburse them within 7 days of receipt of the Processor’s written request, to the bank account indicated in such request.
  8. The Processor shall exercise due diligence while processing the personal data.
  9. The Processor undertakes to grant personal data processing authorizations to all individuals who will be processing the personal data for the purpose of performing this Agreement.
  10. The Processor undertakes to ensure that the individuals authorized to process the personal data in order to perform this Agreement keep it confidential during and after their employment with the Processor.
  11. In case of a personal data breach, the Processor shall promptly, yet no later than 36 hours after identification of the breach, report it to the Controller. When filing such notification, the Processor shall provide the Controller with information about:
    1. the nature of the personal data breach, including the categories and approximate number of data subjects concerned;
    2. the likely consequences of the personal data breach;
    3. the measures taken or proposed to be taken by the Controller to address the personal data breach, including measures to mitigate its possible adverse effects.
  12. After the completion of the services related to processing, the Processor shall promptly, yet no later than 14 days after such completion all personal data to the Controller or remove the personal data.
  13. The Processor’s total liability towards the Controller in relation to this Agreement, especially with respect to penalties, compensation, reimbursement of costs, etc., shall be limited to 8% of the annual net value of subscription fees due to the Processor from the Controller for the current billing cycle. The limitation specified above shall not apply to the Processor’s liability which cannot be precluded under applicable laws.
  14. The Agreement has been made for a definite term corresponding to the period of the Controller’s use of the BauApp software.

Legal basis for data processing: the data processing agreement made between Data Controller and BauApp, indicated in clause 6.1. Subscriber as data controller determines the legal basis for data processing. Subscriber represents that the relevant personal data will be processed on the legal basis for the data processing according to the Article 6 of the GDPR.

Controlling period: Retention period of personal data is determined by Data Controller, not by BauApp, the Data processor.

Requesting erasure or modification of the data:

With view to the fact that based on the individual agreements concluded with the Subscribers, BauApp is a data processor, Data Subjects may not request rectification or erasure of the data directly from BauApp, since the data are processed based on the agreement made between BauApp and Subscriber.

Data Subjects have the right to obtain from the Subscriber (controller) the rectification of incorrect personal data or the erasure of the personal data concerning him or her without undue delay and the Subscriber (controller) shall have the obligation to erase personal data concerning the Data Subject without undue delay.

Data Subject may exercise this right by submitting his or her request to the Subscriber who shall erase or rectify the data by using the BauApp Software.

Subscriber (controller) may contact BauApp (processor) regarding these issues via the contact person indicated in the individual agreement or using the mailing address of BauApp specified above.

  1. Processing of external service providers

The following data processors can provide detailed information regarding the processing of the data by the servers of external service providers. In the BauApp Integrated IT system  and during the operation and development of the BauApp Software, BauApp uses third-party services for server hosting, storage and other cloud-based IT services, such as BI statement services, report generating software, tracking of error recording, mobile application developing and operating services, data-archiving services, system monitoring services, test system services and e-mail services.

These data processors are listed below:

Hosting service provider

Activity performed by data processor: Hosting services

Name of data processor: Magyar Telekom Nyrt.

Address: 1519 Budapest, Pf.:434

Contact: www.telekom.hu/uzleti

The existence of processing, the scope of the data processed: All data provided by the Data Subject.

The scope of the Data Subjects: All Data Subjects using the BauApp Software.

Purpose of data processing: Storing the business data necessary for the operation of the BauApp Software.

Duration of processing, the deadline for the erasure of the data: Data controlling shall last until the termination of the agreement between data processor and the storage service provider or the request of the Data Subject submitted to Controller to erase the data.

Legal basis for data processing: Article 6 (1) f) of the GDPR and Section 13/A (3) of Act CVIII of 2001 on certain issues of electronic commerce services and information society services.

BI dashboard service provider

Activity performed by data processor: statistical reports, reports, generating dashboards.

Name and contact details of data processor: Sisense

Address: 8th Floor, The Gridiron Building, One Pancras Square, London, N1C 4AG

Contact: https://www.sisense.com/privacy-policy/

 

The existence of processing, the scope of the data processed: Statistical data included in business specifications, that may include personal data suitable for identification.

The scope of the Data Subjects: All Data Subjects using the BauApp Software BI Dashboard.

Purpose of data processing: To provide access to and ensure smooth operation of the BauApp Software, generate reports, statistical reports and present the appropriate content.

Duration of processing, the deadline for the erasure of the data: Data controlling shall last until the termination of the agreement between data processor and the BI dashboard service provider or the request of the Data Subject submitted to Controller to erase the data.

Legal basis for data processing: Article 6 (1) f) of the GDPR and Section 13/A (3) of Act CVIII of 2001 on certain issues of electronic commerce services and information society services.

E-mail service provider

Activity performed by data processor: e-mail communication for customer service purposes and sharing files

Name and contact details of data processor: Google Ireland Limited

Address: Gordon House Barrow Street Dublin 4 Ireland

Website: https://cloud.google.com

The existence of processing, the scope of the data processed: All data provided by the Data Subject.

The scope of the Data Subjects: All Data Subjects using the BauApp Software.

Purpose of data processing: Performing activities related to sales and customer service, direct communication with the Subscriber and other communication related to providing support to Subscriber.

Duration of processing, the deadline for the erasure of the data: Data controlling shall last until the termination of the agreement between data processor and the e-mail service provider or the request of the Data Subject submitted to Controller to erase the data.

Legal basis for data processing: Article 6 (1) f) of the GDPR and Section 13/A (3) of Act CVIII of 2001 on certain issues of electronic commerce services and information society services.

  1. Handling complaints

The existence of processing, the scope of the data processed and the purpose of data processing:

Personal data Purpose of data processing
Last name and first name Identification, keeping contact.
E-mail address Keeping contact
Phone number Keeping contact

 

The scope of the Data Subjects: Users raising objections or making complaints.

Duration of processing, the deadline for the erasure of the data: Copies of the records or transcript of the complaint as well as the reply shall be kept for 5 years in accordance with Section 17/A (7) of Act CLV of 1997 on Consumer Protection.

Possible data controllers entitled to have access to the data, the recipients of personal data: Personal data may be controlled by sales and marketing employees of the controller in line with the principles specified above.

Informing the data subjects about their rights related to processing:

  • Data subject is entitled to request from the Controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject
  • and to object to processing.
  • Data Subject is entitled to withdraw his or her consent at any time.

Access to, erasure, modification of the personal data, restriction of procession or data portability can be requested by Data Subject in the following manner:

– by regular mail sent to the registered address of the company

– via e-mail to hello@bauapp.com.

Legal basis for the processing: the consent of the Data Subject, Article 6 (1) c), Section 5 (1) of the Privacy Act and Section 17/A (7) of Act CLV of 1997 on Consumer Protection.

We would like to inform you that

  • the provision of the personal data is based on a contractual obligation.
  • the processing of the personal data is a precondition for the conclusion of the agreement
  • you are obliged to provide personal data so that we can handle your complaint.
  • The consequence of any failure to provide the relevant data is that we will not be able to handle the complaint submitted to our company.

Customer relations and other data processing

Data Subject may contact the processor at the contact details indicated on the website (phone, e-mail, social networking sites etc.) in case of any questions or problems during the usage of our processing services. Processor shall erase the incoming e-mails, messages, and any data provided on the phone or via Facebook etc, along with the name and e-mail address and other freely given personal data of the Data Subject submitting the enquiry for up to 5 years following the processing activity.

We provide information about processing activities not detailed herein when the relevant data are recorded.

BauApp shall provide information, disclose or provide data or documents if it is specifically requested by an authority or other bodies in accordance with the relevant legislation.

In such cases, BauApp provides personal data to the requesting party – if the specific purpose and the scope of the data are given – to the extent and that is strictly necessary for the achievement of the relevant purpose.

Rights of the Data Subjects

Right of access

You have the right to obtain from the controller confirmation as to whether or not personal data are being processed, and, where that is the case, access to the personal data and the information included in the regulation.

Right to rectification

of inaccurate personal data Taking into account the purposes of the processing, You have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure

You have the right to obtain from the controller the erasure of your personal data without undue delay and the controller shall have the obligation to erase personal data without undue delay where the relevant grounds apply:

Right to be forgotten

Where the controller has made the personal data public and is obliged to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that You have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

Right to restriction of processin

You have the right to obtain from the controller restriction of processing where one of the following applies:

  • You contest the accuracy of the personal data; the restriction shall apply for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and You oppose the erasure of the personal data and request the restriction of their use instead;
  • the controller no longer needs the personal data for the purposes of the processing, but You require them for the establishment, exercise or defence of legal claims;
  • You have objected to processing; in such case restriction shall apply for a period until it is verified whether the legitimate grounds of the controller override those of the data subject.

Right to object

You have the right to object, on grounds relating to Your particular situation, at any time to processing of Your personal data based on a legitimate interest or official authority, including profiling based on those provisions.

Objection in case of direct marketing purposes

Where personal data are processed for direct marketing purposes, You have the right to object at any time to processing of personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. If You object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or has similar, significant effects.

The paragraph above shall not apply if the decision:

  • Is necessary for entering into, or performance of, a contract between You and a data controller;
  • is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard Your rights and freedoms and legitimate interests; or
  • is based on Your explicit consent.

Deadline for taking the necessary measures

The controller shall provide information on action taken on the request above without undue delay and in any event within 1 month of receipt of the request.

That period may be extended by 2 further months where necessary. The controller shall inform You of the extension of the deadline within 1 month of receipt of the request, together with the reasons for the delay.

If the controller does not take action on Your request, the controller shall inform You without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

 

  1. Data Security

 

Taking into account the state of the art and technology, the cost of implementation and the nature, the current technological capabilities of BauApp, the scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

 

  1. encryption of personal data;
  2. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  3. the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
  4. a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

 

Currently known technical limitations of the BauApp Software in the area of data erasure and modification

In accordance with the provisions of GDPR, BauApp is committed to take into account data protection options and the possibility to erase or subsequently modify personal data in its future developments. However, due to several years of development and considering the current technology there are some limitations and restrictions in BauApp regarding the subsequent erasure or modification of personal data. In accordance with the provisions of GDPR, BauApp is also committed to reduce or resolve these restrictions within an economically rational period. Restrictions applicable within the scope of this Policy are listed below: If upon or regardless of the request of Data Subject, Subscriber or Controller requests erasure and/or modification of any data that is beyond the capacity of the current technological parameters of the BauApp Software, BauApp is able and willing to take the necessary measures related to the relevant request, exclusively based on an agency agreement and agency fee mutually agreed by Subscriber and BauApp according to the timing set out by such agreement.

 

  1. Communication of a personal data breach to the data subject

When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.

The communication to the data subject shall describe in clear and plain language the nature of the personal data breach and communicate the name and contact details of the data protection officer or other contact point where more information can be obtained; describe the likely consequences of the personal data breach; describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

The communication to the data subject shall not be required if any of the following conditions are met:

  • the controller has implemented appropriate technical and organisational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption;
  • the controller has taken subsequent measures which ensure that the high risk to the rights and freedoms of data subjects is no longer likely to materialise;
  • it would involve disproportionate effort. In such a case, there shall instead be a public communication or similar measure whereby the data subjects are informed in an equally effective manner.

If the controller has not already communicated the personal data breach to the data subject, the supervisory authority, having considered the likelihood of the personal data breach resulting in a high risk, may require it to do so.

Notification of a personal data breach to the supervisory authority

In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.

Making a complaint

Complaints may be submitted to the Hungarian National Authority for Data Protection and Freedom of Information in case of infringement of controller.

Hungarian National Authority for Data Protection and Freedom of Information

1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Mailing address: 1530 Budapest, Postafiók: 5.

Phone number:+36 -1-391-1400

E-mail: ugyfelszolgalat@naih.hu

 

 

 

 

 

Menu