Data Controller Identification
Data Controller:
Name: Skubi Research Kft
Registration number: 01-09-428731
Address: 1054 Budapest, Honvéd utca 8. 1. em. 2. ajtó
Email: atti@skubi.io
Representative: Attila Miklya, managing director
We inform you that you have the opportunity to subscribe to our newsletter service, through which you can be informed about Skubi's products, services, events, and other interesting news. Our newsletter is sent monthly, and beyond your email address and name, we do not process any other data. You have the opportunity to unsubscribe from the newsletter at any stage of data processing, which can be done at this email address: atti@skubi.io, or by clicking on the unsubscribe link found in the newsletter.
Whether you register on our Site or interact with us as current or potential users (customers), counterparties, suppliers, or as individuals associated with them (e.g., members of bodies, proxies, employees, associates, etc.), we process personal data in various forms of communication, including emails and telephone calls. This processing extends to individuals mentioned in our commercial agreements as signatories or contact persons. Therefore, we may process your personal data if you fall within these categories.
For individuals entering into commercial agreements with us, the processing of personal data is necessary for the conclusion and performance of such agreements (Article 6(1)(b) of the GDPR), and our legitimate interest in being able to establish, exercise, or defend potential legal claims related to these agreements (Article 6(1)(f) of the GDPR). For associates of our users, counterparties, suppliers, etc., the legal basis for processing is our legitimate interest in facilitating day-to-day business contacts, concluding and performing agreements (Article 6(1)(f) of the GDPR), and the possibility of establishing, exercising, or defending potential legal claims in connection with these agreements (Article 6(1)(f) of the GDPR).
Additionally, the collection of personal data through a contact form enables us to communicate and provide services to clients effectively. The purpose of processing data collected via the contact form is to facilitate communication and service provision. The legal basis for this processing is the data subject's consent (Article 6(1)(a) of the GDPR) and, depending on the context, may also include the necessity for the performance of a contract (Article 6(1)(b) of the GDPR) or our legitimate interests in conducting and managing our business to provide you with the best service/product and a secure experience (Article 6(1)(f) of the GDPR). The scope of data processed includes information provided through the contact form, such as names, email addresses, telephone numbers, and any additional information provided by the data subject for communication or service provision purposes.
Purpose of data processing: sending newsletters to subscribers
Scope of processed data: company name, email address, telephone number
Legal basis for data processing: consent of the data subject according to Article 6(1)(a) of the GDPR
Data storage period: until the declaration of unsubscribing by the subject
Method of data storage: electronically
Enforcement of Data Subject's Rights
Right to information:
The data subject may request information about the processing of their personal data and may request the correction or deletion of their personal data, except for data processing mandated by law, through the company's provided contacts.
The company must forward any received requests or objections to the organizational unit responsible for data processing within three days of receipt.
The leader of the organizational unit responsible for data processing must respond to the data subject's request related to the processing of their personal data in writing, in a comprehensible form, within a maximum of 25 days - or 15 days in case of exercising the right to object.
If the assessment of the case regarding the exercise of the data subject's rights is not clear, the leader of the data processing organizational unit may request a position from the data protection officer, who will fulfill this within three days.
The information provided includes the details specified in Article 15(1) of the GDPR, provided that the law does not deny the data subject's right to be informed. The company takes appropriate measures to ensure that all information regarding the processing of personal data, as mentioned in Articles 13 and 14 of the GDPR, and any information according to Articles 15-22 and 34 of the GDPR, are provided in a concise, transparent, understandable, and easily accessible form, clearly and simply expressed. This information must be provided in writing or by other means, including electronically if requested. Oral information can also be given if the data subject's identity is otherwise verified.
The provision of information is generally free of charge, but the company may charge a fee in cases specified in Article 12(5)(a) of the GDPR.
The company may reject requests only for reasons specified in Article 12(5)(b) of the GDPR, with such rejection being provided in writing, with justification, and appropriate information.
Right to rectification and erasure ("right to be forgotten"):
The leader of the data processing organizational unit will correct any inaccurate data - provided the necessary data and official documents are available - and will act towards deleting personal data if the reasons specified in Article 17 of the GDPR are met.
The data subject has the right to have the company delete their personal data without undue delay upon request, and the company is obliged to delete the personal data without undue delay, especially if one of the following reasons applies:
The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
The data subject withdraws consent on which the processing is based, and there is no other legal ground for the processing;
The data subject objects to the processing, and there are no overriding legitimate grounds for the processing, or the data subject objects to processing for direct marketing purposes;
The personal data have been unlawfully processed;
The personal data have been collected in relation to the offer of information society services to children under 16;
If the data controller has made the personal data public and is obliged to erase the personal data, taking into account available technology and the cost of implementation, reasonable steps must be taken, including technical measures, to inform other data controllers processing the personal data that the data subject has requested the erasure by such data controllers of any links to, or copy or replication of, those personal data.
Right to object to data processing:
The data subject has the right to object at any time to the processing of personal data by the company by making a statement to this effect, especially if the processing or transfer of personal data is solely necessary for compliance with a legal obligation to which the data controller is subject, or for the performance of a task carried out in the public interest, or in the exercise of official authority vested in the data controller, or for the purposes of the legitimate interests pursued by the data controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, particularly where the data subject is a child.
Upon receiving an objection, the data controller suspends data processing for a maximum of 5 days to examine the validity of the objection and makes a decision, which is communicated to the data subject according to Article 19 of the GDPR.
If the objection is found to be justified, the data controller ceases data processing, including further data collection and transfer, locks the data, and notifies all recipients to whom the personal data was transferred about the objection and the actions taken based on it.
If the data subject disagrees with the decision of the data controller, or if the data controller fails to meet the deadline for response, the data subject may turn to the court within 30 days of the notification of the decision or the last day of the deadline.
If the recipient does not receive the necessary data due to the data subject's objection, they may turn to the court against the data controller within 15 days of the notification to obtain the data.
The data controller may also sue the data subject if the notification is missed.
If the recipient requests clarification about the failure of data transfer from the data controller, the data controller must provide this clarification within 8 days of receiving the request. If clarification is requested, the recipient may turn to the court against the data controller within 15 days of receiving the clarification or from the end of the deadline.
The data controller must not delete the data subject's data if data processing is mandated by law. However, the data cannot be transferred to the recipient if the data controller agrees with the objection or if the court has established the legality of the objection.
If the assessment of the case regarding the exercise of the data subjec's rights is not clear, the leader of the data processing organizational unit may request a position from the data protection officer, who will fulfill this within three days.
Right to restriction of processing:
The data subject has the right to request the company to restrict processing if:
The accuracy of the personal data is contested by the data subject, for a period enabling the company to verify the accuracy of the personal data; or
The processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; or
The company no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims; or
The data subject has objected to processing pending the verification whether the legitimate grounds of the company override those of the data subject.
Restriction of processing means that, apart from storage, the company shall not process the restricted personal data, except with the data subject's consent or for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State. The company shall inform the data subject before lifting the restriction of processing.
Right to data portability:
The data processing activities recorded in this data protection notice by the company do not involve processing that would necessitate the provision of data portability.
Automated individual decision-making, including profiling:
The data controller does not engage in automated decision-making in its data processing activities.
Right to compensation and liability:
The data controller shall compensate any damage caused to another person by unlawful processing of the data subject's data or by breaching data security requirements, as well as pay damage for distress caused by the data controller or its data processor. The data controller is exempt from liability for the damage caused and the obligation to pay damages if it proves that the damage or the violation of the data subject's personal rights was caused by an unavoidable cause outside the scope of data processing. Similarly, compensation shall not be paid if the damage was caused by the intentional or grossly negligent conduct of the aggrieved party.
Right to remedy:
The data subject has the right to lodge a complaint with the company's data protection officer (Attila Miklya, atti@skubi.io) directly, or, at their discretion, with the National Authority for Data Protection and Freedom of Information (1055 Budapest, Falk Miksa utca 9-11; postal address: 1363 Budapest, Pf. 9), or with the court competent according to the data subject's place of residence or place of stay. To exercise their right to judicial remedy, the data subject may bring action against the data controller or, in connection with data processing operations falling within the scope of the data processor's activity, against the data processor, if they believe that the data controller or the data processor commissioned by it or acting on its instructions processes their personal data in violation of the requirements of the law or of a binding act of the European Union. The court shall give priority to such cases.