Privacy policy

This privacy policy applies to you if you are browsing the site or you own a Nold Open device.

Introduction

Welcome on the website operated by the Nold Technologies Kft.!

Firstly, we would like to inform you that the Nold Technologies Kft. operates the websites www.nold.io, shop.nold.io, cloud.nold.io, as well as the application named Nold Open. Providing some of your personal data is necessary to benefit from the additional services available on these websites and also on the application concerned, in order to provide them for you on the highest possible standards.

The purpose of this Policy (hereinafter referred to as Policy) is to specify the principles, objectives and other facts of data processing according to the relevant legislation which defines the reason, the duration and the way of processing your personal data, and the enforcement rights and remedies you have related to the above.

The security and the rightful process of your personal data is extremely important to us, therefore we ask you to read the present Policy closely and carefully. If you have any questions or comments regarding this Policy do not hesitate to contact us on the following e-mail address: help@nold.io or in the chat available on the website www.nold.io. Our colleagues will be happy to help you.

Concepts and definitions to be used in this Policy

The following is a brief summary of the most important definitions in this Policy.

1. Data process: data process shall mean performing technical tasks in connection with data processing operations, irrespective of the method and means used for executing the operations, as well as the place of execution, provided that the technical task is performed on the data. Data processing is currently only executed by the Controller.
2. Data processing: data processing shall mean any operation or the totality of operations performed on the data, irrespective of the procedure applied; in particular, collecting, recording, registering, classifying, storing, modifying, using, querying, transferring, disclosing, synchronising or connecting, blocking, deleting and destructing the data, as well as preventing their further use, taking photos, making audio or visual recordings.
3. Controller: shall mean Nold Technologies Korlátolt Felelősségű Társaság who has the exclusive right to make and implements such decisions in connection with the Data Subject’s personal data. The Controller’s data:
   • Seat and mailing address: H-2142 Nagytarcsa, Szent Imre herceg utca 19.
   • Company registration No.: 13-09-174198 (registered by the Budapest-Capital Environs Regional Court)
   • Tax ID No.: 25145256-2-13
   • E-mail: help@nold.io
4. Application: shall mean the application Nold Open which is downloadable for iOS and Android systems.
5. GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
6. Grt.: Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities.
7. Authority: Hungarian National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; e-mail: ugyfelszolgalat@naih.hu; website: http://naih.hu; phone: +36 (1) 391-1400).
8. Website: The Controller’s websites (nold.io, shop.nold.io, cloud.nold.io), which definition also includes the Application.
9. Personal Data: Personal data provided by the Data Subject. Personal data shall mean every data relating to the Data Subject, all personal data which may be provided during such services shall be deemed as personal data.
10. Personal Computer: shall mean any - electronic communications terminal equipment according to Article 188 section 21 in the act C of 2003 on electronic communications - IT devices available to the Data Subject, such as cell phones, PC, tablet which can receive cookies.
11. Cookie: a file series, which may be created on the PC of the Data Subject by the host of the website, stores information about the Data Subject, and the relation between the Data Subject and his/her web server. The purpose of the usage of cookies is to identify the Data Subject’s PC, to provide simplified browsing and monitoring, furthermore to analyse and evaluate the use habits of the Website’s visitors, and to improve the user-experience.
12. Service: means the services available on the Website, which are the followings:
    • to purchase the control device on the website shop.nold.io;
    • to use the service available on the website cloud.nold.io or on the Application in order to control remotely the electronic lock which is concerned by the control device;
    • to use the newsletter service.
13. Data Subject: any natural person using the services available via the Website.

Principles of data processing

The following is a brief summary about the principles of data processing which the Controller entirely vindicates during the whole duration of data processing in accordance with the article 5 of the GDPR.

14. Lawfulness, fairness and transparency: The Controller records and processes personal data during providing services partially through the Website. The personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject. The Controller keeps the effective text of the Policy (and also its previous versions) available and known, constantly, without charges and obligations, and on the Website (downloadable in pdf-format).
15. Purpose limitation: Personal data may be processed only for specified and explicit purposes indicated in the Policy. If the Controller wants to process the personal data for purposes other than the above, the Controller shall inform the Data Subject previously via e-mail.
16. Storage limitation: The Controller shall ensure the system of storaging of the personal data that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. In respect of the processing which based on the Data Subject’s consent in accordance with the subsection a) of section (1) of the article 6 of GDPR, the Data Controller shall be entitled to process these personal data concerned until the Data Subject exercise the right of erasure.
17. Data minimisation: In order to provide the highest possible Services, the Controller shall be process only the most necessary personal data. In all cases this data is necessary for the use of the Services. The Controller shall act in accordance with the Policy, if it asks for further data from the Data Subject in addition to the Policy.
18. Accuracy: The purpose of the Controller is to process timely data in order to provide the highest possible Services because, for instance, the Data Subject does not receive any information from a newsletter sent to an inactive e-mail address. Data Subject shall help to keep the data up-to-date by notifying or correcting the changes in his/her data.
19. Principle of data security: The Controller provides priority to the security of the provided personal data, and in order to that it takes any necessary, technical and organisational steps and procedure adjusted to the current development of technology. Controller stores the data in an automated system. The Controller in order to avoid privacy incidents:
    • prevent unauthorized access, input, correction and deletion to personal data with passwords and encryption procedures
    • ensure that personal data processed in the Controller’s record shall not be connected to the Data Subject,
    • ensure the restoration of data in case of data loss
    • The servers of the Website are operated by the Amazon Web Services, which is provide a safety and developed cloud system for the data processing in the light of the current development of technology;
    • The data collecting and processing shall be carried out only on https protocol, which provides a safety encrypting and authentication system;
    • The Controller has PCI DSS certification in respect of the operating of the Website.

Data – processing objectives, progress of data processing

We hereby summarise the cases (objectives) below, when the processing of the Data Subject’s personal data actually happens. Certain objectives shall only be happened on certain websites or on the application (shop.nold.io, cloud.nold.io, nold.io, Application) which are shown separately below.

Processing objective which is only applies in respect of the shop.nold.io:

20. Purchasing: The Data Subject may order the control device produced and marketed by the Controller on the website shop.nold.io. The Data Subject shall provide certain personal data which are necessary for the performance of the purchasing contract concluded between the Data Subject and the Controller by the ordering, of the one part, as well as certain personal data are necessary for compliance with the legal obligation of invoicing of the other part. The personal data which are needed to provide in respect of this present objective are the followings:
    • First name
    • Last name
    • address
    • tax number
    • e-mail address
    • phone number.
    The personal data stated above are processed on the basis of the b) point of the section (1) of the article 6 of GDPR, that is to say on the basis of a contractual relationship. The e-mail address and also the phone number is necessary in the light of this purpose to ensure the contacts between the contractual parties. In accordance with the point c) of the section (1) of the article 6 of GDPR, the legal obligation of the invoicing – which based on the points d) and e) of the section 169. of the Act CXXVII of 2007 on the value added tax – grants the legal basis of the processing in respect of the First name, last name and address, as well as the tax number.

Processing objective which is only applies in respect of the nold.io:

21. Contacting: The Data Subject has the possibility to intends to contact with the Controller on the website concerned (https://www.nold.io/hu/about-us) under the “About us” link. In this case the Data Subject shall provide his name and e-mail address as his/her personal data. In case of contacting the legal basis of processing the personal data indicated above is the Data Subject’s given consent in accordance with the point a) of the section (1) of the article 6 of GDPR. The consent shall be given during the provision of the personal data stated above.

Processing objective which is only applies in respect of the cloud.nold.io/Application:

22. Registration and customer relationship-management: In order to use the services available on the website cloud.nold.io or on the Application the Data Subject shall only be entitled to register via the Application, but after the registration he/she may use the services also on the website cloud.nold.io. Without the filling of the registration form and the provision of the personal data determined below the services shall not be available for use. The personal data which are needed to provide in respect of this present objective are the followings:
    • First name
    • Last name
    • Password
    • E-mail address.
    The personal data stated above are processed on the basis of the b) point of the section (1) of the article 6 of GDPR, that is to say on the basis of a contractual relationship. The e-mail address and also the phone number is necessary in the light of this purpose to ensure the contacts in connection with the contractual relationship concluded by the registration.

Processing objective which shall be applied in respect of all elements of the Website-definition:

23. Database managed to sending newsletters: When using services the Data Subject has the opportunity to subscribe for the newsletter services (which contains the Controller’s promotions, advertisement, programme guide) of the Website. Sign up may be withdrawn anytime without any restriction, explanation and charges by the Data Subject, with clicking on the “Unsubscribe from the newsletter” button or via e-mail to info@nold.io.
    Personal data which can be provided during subscription: e-mail address.
    In this respect the legal basis of processing the personal data is the Data Subject’s given consent in accordance with the point a) of the section (1) of the article 6 of GDPR. The consent shall be given during the provision of the personal data stated above.
24. Sweepstakes, raffle (database management relating to sweepstakes): the Data Subject has the opportunity to participate in sweepstakes organized by the Controller via the Website. Personal data is stored by the Controller after the completion of the sweepstakes but only until the Data Subject’s request for deletion.
    Personal data to be provided during sweepstakes via the Website: Age, first name, last name, e-mail address, phone number.
    In this respect the legal basis of processing the personal data is the Data Subject’s given consent in accordance with the point a) of the section (1) of the article 6 of GDPR. The consent shall be given during the provision of the personal data stated above.
25. Attendance measurement: Our website uses Google Analytics and Facebook Pixel, as web analysis services of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and the Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). These programs uses small text files saved on your computer which make it possible to analyse your use of the website. These record information, for instance, on your operating system, browser, IP address, the website accessed previously by you (referrer URL), and the date and time you visited our website. The information generated through these text files on your use of our website is transmitted to a Google and Facebook server. These companies will use this information to analyse your use of our website in order to assemble reports on website activity for the website operator and to provide further services associated with website use and internet use.

Recording technical data (cookies)

26. While using the Website, your computer’s data which was generated during the use of the Website will be also recorded (cookies), and which was recorded, blogged (without any statement or action of the Data Subject) during the visit and leaving of the Website. This data should be used for producing records and statistics in connection with the visitors and the usage of the Website, furthermore the comprehensive development of the Website. The Controller shall not connect these data with the Data Subject’s personal data (except the cases by law), and only the Controller and his/her co-workers have access to them. Data Subject can delete the cookies from his/her computer anytime (with the help of the browser’s menu item for this), and he/she can set up the restriction of the cookies in the browser (typically with using of the “Help” button). The Data Subject acknowledges that without using cookies, the using of the website will not be complete.

Transfers of personal data

27. The Controller shall use its best endeavoursto conclude contract only with processors who provides sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of the GDPR and ensure the protection of the rights of the Data Subject.
28. The Controller informs hereby the Data Subject that certain personal data shall be transferred to the KBOSS.hu Kereskedelmi és Szolgáltató Kft. (seat: H-1031 Budapest, Záhony utca 7.) as processor in order to issue the invoices in connection with the services available on the Website. In this respect the Controller shall be entitled to transfer the following personal data: First name, last name, address, tax number.
29. The Controller shall be entitled to transfer personal data determined in this present paragraph for The Rocket Science Group LLC. (seat: 675 Ponce de Leon Avenue NE, Suite 5000 Atlanta, GA 30308 USA) as processor to manage the newsletter service via the “MailChimp” system. For this purpose the Controller transfer the following personal data: E-mail address. The Controller hereby declares that this transferring shall be deemed it conforms to the GDPR, because the Council stated in an adequacy decision that the USA as a third country ensures an adequate level of protection (2016/1260 implementing decision).
30. The chat-service available on the Website is provided by the Crisp IM (seat: 149 Rue Pierre Semard, 29200 Brest), as a provider of electronic communication services, which is acknowledged by the Data Subject by the acceptance of this present Policy. The Data Subject shall not be obliged to provide personal data in connection with the use of the chat-service.
31. The Controller shall transport the control device purchased on the website shop.nold.io by external service provider. For the purpose of the prompt and appropriate delivery the Controller shall be entitled to transfer certain personal data for DHL Express Magyarország Kft. (seat: 1185 Budapest, BUD Nemzetközi Repülőtér 302. ép.), or for GLS General Logistics Systems Hungary Kft. (seat: 2351 Alsónémedi, GLS Európa utca 2.) as delivery service provider. These third parties shall be deemed as a processor in this case. The personal data which shall be transferred are the followings: First name, last name, delivery address and phone number. The support services and customer relationship-management service available on the Website provided and operated by the Help Scout Inc. (seat: 131 Tremont Street, 3rd floor, Boston, MA 02111, USA) via the HelpScout system. The Data Subject shall not be obliged to provide personal data in connection with the use of the chat-service. The Controller hereby declares that this transferring shall be deemed it conforms to the GDPR, because the Council stated in an adequacy decision that the USA as a third country ensures an adequate level of protection (2016/1260 implementing decision).

Enforcement and legal redress

The following is a summary about the rights of the Data Subject which may be validated against the Controller.

32. Communication with the Controller: The communication between the Controller and the Data Subject happens via telephone or e-mail. The Controller’s e-mail address: info@nold.io, postal address: H-2142 Nagytarcsa, Szent Imre herceg utca 19.
    • Any e-mail, in connection with data processing shall be only examined and answered by the Controller, if it has been sent from the registered e-mail address of the Data Subject (expect the Data Subject submits in the e-mail that his/her registered e-mail address has changed, and the Data Subject can be identified easily).
    • The Controller notifies the Data Subject via e-mail about all the actions he/she made (especially correction, blocking or deletion of personal data), in connection with his/her personal data within 8 (eight) days after the action.
    • The Controller shall take appropriate measures in order to process to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language.
33. Request for information: The Data Subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
    • the purposes of the processing;
    • the categories of personal data concerned;
    • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
    • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
    • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the Data Subject or to object to such processing;
    • the right to lodge a complaint with a supervisory authority;
    The Controller shall provide information on action taken on a request to the Data Subject without undue delay and in any event within 25 days of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The Controller shall inform the Data Subject of any such extension within 25 days of receipt of the request, together with the reasons for the delay. Where the Data Subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the Data Subject. If the Controller does not take action on the request of the Data Subject, the Controller shall inform the Data Subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
34. Notification of changes in data: Data Subject is entitled to notify the Controller about the changes in his/her data without undue delay (according to the above via e-mail or by post) in writing.
35. Right to erasure: The Data Subject shall have the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay and the Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
    • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    • the Data Subject withdraws consent and where there is no other legal ground for the processing;
    • the personal data have been unlawfully processed;
    • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject.
36. Right to restriction of processing: The Data Subject shall have the right to obtain from the Controller restriction of processing where one of the following applies:
    • the accuracy of the personal data is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of the personal data;
    • the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;
    • the Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims;
    • the Data Subject has objected to processing, in this case the processing is pending the verification whether the legitimate grounds of the Controller override those of the Data Subject.
37. Right to data portability: The Data Subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Controller to which the Personal data have been provided. This right shall only be exercised in respect the personal datas processed on the basis of the Data Subject’s consent or in order to perform the concluded contract.
38. Proceeding of the Authority: The Data Subject is entitled to request an investigation from the Authority on the grounds or the risk of infringement in connection with data processing. The investigation of the Authority is free of charge, the Authority shall advance the funds of the No one shall suffer prejudice on the account of notifying the Authority. Having submitted a notification to the Authority may not entail any discrimination against the notifier. The Authority may reveal the person of the notifier only if the inquiry cannot be carried out otherwise. If so requested by the notifier, the Authority may not disclose his identity even if the inquiry cannot be carried out otherwise.
39. Judicial remedy: In the event of any infringement of his/her rights, the Data Subject may turn to court action against the Controller, the case falls within the jurisdiction of the General Court. The law suit can be commenced – according to the Data Subject’s decision – before the competent court of the Data Subject’s domicile or residence. The competence of the court can be verifiable on the birosag.hu website with the use of the “Court Search” application. The court shall hear such cases in priority proceedings.
40. Compensation and restitution: If the Controller cause damage to the Data Subject or someone else as a result of unlawful processing or by any breach of data security requirements he/she shall pay for such damages.
    • If the Controller, by unlawful data processing or by breaching data security rules, violates the personal rights of the Data Subject, the latter may demand restitution from the Controller.
    • If the Controller violates the rights of the personality of the Data Subject, the Data Subject has the right to demand compensation from the Controller.

The Controller shall be released from liability for damages and from paying restitution if he/she demonstrates that the damage or the violation of personal rights were brought about by reasons beyond his/her data processing activity. No compensation shall be paid and no restitution shall be demanded where the damage or the violation of rights was caused by intentional or serious negligent of the Data Subject.

Miscellaneous

41. The consent of the legal representatives (parents) is required to provide personal data by the Data Subjects that are under the age of 16.
42. Controller reserves the right to modify this Policy unilaterally anytime.
43. This Policy shall be governed by the Hungarian law. In the case of matters not regulated in this Policy shall be governed by the provisions of the Privacy Act and other relevant Hungarian legislation.

Budapest, 2nd of May 2018.

---

• file_download 02/05/2018 (PDF file)