Effective from 1. January 2023.

Last Updated: 16. May 2023.

For our company, the EverIT Kft., the lawfulness of the processing of personal data and the protection of personal data are of primary importance. The purpose of this notice is to provide information on our data processing activity in accordance with relevant law in force such as the provisions of Regulation 2016/679 of the European Parliament and of the Council (EU) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter referred to as Infotv.).

If you have any further questions about this notice or the processing of your personal data already provided, please contact us at any time at one of the following contact details.

 

1. Data Controller

The controller of the processing described in this Privacy Notice is:

EverIT Kft. (seat: 1137 Budapest, Katona József utca 17. III.em. 2., company registry number: 01-09-901986, Court of Registry: Fővárosi Törvényszék Cégbírósága, tax number: 14396434-2-41)

(hereinafter referred to: „we”, or „our company”)

Our contact details for queries relating to data processing:

postal address: 1137 Budapest, Katona József utca 17. III.em. 2.

e-mail address: info@muna.digital

phone: +36 20 568 6583

web: https://muna.digital

2. Some basic definitions in connection with the data protection to help you understand this privacy notice

Personal data: means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law

Processor: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Third party: means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data

Data subject: the subject of processing

Consent of the data subject: means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her

Personal data breach: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed

3. Our data processing activities

3.1. Newsletter, marketing offer

On our website, you have the possibility to voluntarily subscribe to a newsletter about the Company and our application.

By downloading a trial or making a purchase of any of our apps from our website or the Google Marketplace interface, you agree to our privacy notice at the time of download and automatically subscribe to receive marketing materials related to the app.

What is the purpose of the data processing?

Our Company aims to inform its partners from time to time about our Company’s activities, business offers and news concerning the Company. Those interested in our news and offers may therefore register to receive such messages. The purpose of processing the personal data required for this purpose is to ensure the communication of newsletters and offers.

Which personal data do we process for the present purpose?

required data: surname, first name, e-mail address, information relating to licenses.

optional: telephone number, company name, position

If you do not provide any of the required information, we will not be able to accept your newsletter subscription.

On which legal title do we process these personal data?

If the voluntary subscription to the newsletter is made by filling in the form on our website, the data subject has given his or her voluntary consent based on this notice (Article 6(1)(a) GDPR). Without consent, we cannot accept the subscription and thus cannot send our newsletters to the data subject.

If the newsletter subscription is automatic, the legal basis for processing is our legitimate interest pursuant to Article 6 (1) (f) GDPR. In these cases, the user has downloaded one of our apps, started a trial or made a purchase from us on our website or on the Atlassian Marketplace interface. In these cases, we have a legitimate interest in contacting the data subject with additional product offers to increase our sales.

For how long do we process these personal data?

Regarding voluntary subscriptions made through our website: you can unsubscribe from the newsletter at any time by sending us an e-mail.

If you have subscribed to our newsletters via the Atlassian Marketplace interface, you will have the option to unsubscribe each time you receive a notification email from MailChimp. The data of those subscribed to the newsletter will be deleted after a period of inactivity of 1 year.

Furthermore, we will delete your personal data processed in connection with your newsletter subscription from our database at any time if

• you request it, or

• withdraw your consent to data processing, or

• unsubscribe from the newsletter.

You may unsubscribe from our newsletter at any time, free of charge, without justification and without any limitation:

• by clicking on the “Unsubscribe” link in the footer of the newsletter;

• by sending an e-mail declaration to info@muna.digital;

• by post to EverIT Kft. at the address: 1137 Budapest, Katona József utca 17.

3.2. Product support services

We also provide product support services for our Users.

3.2.1. JIRA-based requests and requests by e-mail

We use an external service provider’s system, JIRA Service Management (“JIRA”), to handle requests from our users. For requests related to consulting, license sales, training, we use the JIRA Cloud application, i.e. the application is hosted through a SaaS service operated by Atlassian. The data of the enquirers/reporters is only accessible by authorised colleagues of EverIT Kft. and will not be transmitted to third parties.

Which personal data do we process for the above purpose?

name, e-mail address, licence details, screen shots, data necessary to reproduce the error, other personal data provided by the reporting party (including in particular the reporting party’s signature, telephone number or other contact details of the person concerned and the circumstances of the matter with which the reporting party has contacted us).

3.3. Cookies

What are cookies and what is the purpose of their use?

We use cookies on the website at https://muna.digital

A cookie is a file (small data packet consisting of letters and numbers) that is placed on your computing device (computer, smartphone, tablet, etc.) when you visit the site. This allows the website to recognise the user’s browser, for example to determine whether the user has visited the website before.

The cookie itself does not contain or collect personal data, it is only used to help identify users. This helps them to provide a more convenient, user-friendly service.

The primary purpose of cookies is to enable the website to function properly, in particular to track the data that is collected about visits to the website and to detect possible abuse of the website.

In particular, the cookies needed to operate:

• cookies that store data recorded by users (“user-input cookies”)

• authentication session cookies (“authentication cookies”).

• user centric security session cookies (user centric security cookies)

• multimedia player session cookies (“multimedia player session cookie”)

• load balancing session cookies

• user interface customization session cookies

In addition, some cookies allow us to analyse usage trends, improve and enhance website features and to obtain aggregate traffic data on overall website usage.

• Google Analytics/Adwords – Hogyan használja a Google a cookie­­-kat? – Adatvédelmi és Általános Szerződési Feltételek – Google

We may use your cookie data to compile and analyse statistics about your use of the website and to provide non-identifiable statistical information (e.g. number of visitors, most viewed topics or content) to third parties or to disclose it in aggregate and anonymously.

The data collected by cookies cannot, in principle, be used to identify the user and will only be combined with other potentially identifiable data if the user explicitly consents to the use of cookies to identify him or her.

Cookies are stored in the browser’s memory and typically include the following:

• Name of the sending server

• The cookie’s lifetime

• The value – usually a randomly generated unique number

The server of the website sending the cookie uses this number to identify the user when they return or move from page to page. Only the sending server can read and use this value. Cookies play a central role in the customisability of the internet and behavioural advertising is usually cookie-based.

How can you turn off cookies?

You can also delete cookies from your device or set your browser to block cookies. It is also possible to disable all cookies, but this will significantly degrade your web browsing experience if you use services that use cookies.

You can find out how to set cookies for different browsers here:

Browser	Setting of cookies (link)
Google – Chrome	https://support.google.com/chrome/answer/95647?hl=en
Firefox	https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
Safari	https://support.apple.com/kb/PH5042?locale=en_US
Microsoft Edge	https://support.microsoft.com/en-us/help/4468242/microsoft-edge-browsing-data-and-privacy-microsoft-privacy
Internet Explorer	https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies

To find out what cookies our Company uses, please click here, the Cookie Policy is available on our website

We also use the services of Google Analytics in connection with the Website. The cookies managed by Google Analytics help us to measure website traffic and other web analytics data. The information collected by cookies is transmitted to and stored on external servers operated by Google. Google will use this information primarily for the purpose of tracking website activity and compiling analytics about website activity for us. Google may transfer this information to third parties where required to do so by law. Google may also transfer this information to third parties which it uses to process the data. Google Analytics can provide detailed information on the processing of data by Google Analytics (http://www.google.com/analytics ).

You can disable Google’s use of cookies by going to the Advertising settings (for more information: http://www.google.hu/policies/privacy/ads/). Users can also opt-out of cookies from third-party service providers by visiting the unsubscribe page of the Network Advertising Initiative (http://www.networkadvertising.org/choices/).

The processing of data by the aforementioned third-party service providers is governed by the privacy policies of those service providers and our company assumes no responsibility for such processing.

4. Who may have access to your personal data?

Personal data will be processed confidentially and will not be disclosed to third parties, except as provided below.

The personal data we process may be accessed by our employees who need to know it in order to perform their job duties, and by our data processors and their employees in connection with the tasks they perform. These persons are also required to treat the personal data they receive as confidential.

Our data processors and their tasks:

Data Processors	Operations performed by the processor
Service 2009 Kft. seat: 2151 Fót, Móricz Zsigmond út 28. B.ép.fsz. 3. Email: istvan.erdosi@service2009.hu Tel.: 06-20-285-73-82	Activity: financial, accounting tasks
The Rocket Science Group LLC d/b/a MailChimp seat: 675 Ponce de Leon Ave NE, Suite 5000, Atlanta GA 30308 USA Email: privacy@mailchimp.com Tel.: +1 678 999 0141	To send our system messages, eDMs, newsletters related to the operation of our services, we use MailChimp, an online newsletter sending service operated by The Rocket Science Group LLC d/b/a MailChimp. Please note that some of MailChimp’s servers are located outside the European Union, but your email address is still protected to the same level as in Europe, as MailChimp in the United States is subject to the European Court of Justice’s decision under GDPR 40. MailChimp is subject to the Standard Contractual Clauses (“SCC”), a code of conduct approved by the Court of Justice of the European Union under Article 40 of the GDPR, which ensures that, in the event of a transfer of data to a third country outside the European Union, a controller or processor outside the EU who acts in accordance with the SCC ensures a level of protection of personal data equivalent to that of the European Union and in compliance with the provisions of the GDPR. More information on the SCC is available here: – https://ec.europa.eu/info/law/law-topic/dataprotection/international-dimension-data-protection/standard-contractual-clauses-scc_hu You can find out more about MailChimp’s data processing in accordance with the SCC here: – https://mailchimp.com/legal/data-processing-addendum/
Atlassian B.V. c/o Atlassian, Inc. address: 350 Bush Street San Francisco, CA 94104 USA Email: eudatarep@atlassian.com	Fulfilling customer service requests when using the JIRA cloud application, our data processing partner is Atlassian B.V. c/o Atlassian, Inc: Atlassian’s privacy policy can be found here: – https://www.atlassian.com/legal/privacy-policy Atlassian may not use the data detailed above for any purpose outside the performance of its duties or make any independent decisions regarding the personal data. Atlassian has also subjected itself to the provisions of the SCC. The Atlassian SCC-compliant Data Privacy Notice can be downloaded at the following link: – https://www.atlassian.com/legal/data-processing-addendum

For all our contracted partners, contact details are stored in HubSpot CRM, Jira Project Management and Google Workspace document management systems.

We disclose personal data to courts, prosecutors and other authorities in the context of our statutory obligations, to the extent and in the manner required by law.

In the event of a legal claim against you, your personal data may also be disclosed to the extent necessary for the enforcement of the claim by our respective legal cooperation partners and our claims management partners.

5. Data security

The Secret Manage for Google Sheets™ use and transfer to any other app of information received from Google APIs will adhere to  Google API Services User Data Policy, including the Limited Use requirements.

We are committed to taking the necessary data security measures. As part of this, we adopt and implement, regularly review the technical and organisational measures and procedures to ensure that the personal data we process is secure and we will do our utmost to prevent the destruction, unauthorised use or alteration of the data, to ensure that the personal data we process is not accessible, disclosed, transmitted, modified or deleted by unauthorised persons. We remind all those to whom we transfer personal data to comply with data security requirements, and we require our employees involved in data processing activities to do the same.

In the context of the above, information technology solutions will be designed and selected to ensure that those who have access to the data have exclusive access to the data and that the data remain authentic and unaltered. This includes password-protected access systems, activity logging, regular backups.

We monitor the technological developments at any time, and apply the available technical, technological, organizational solutions that meet the level of protection justified by our data processing.

Based on the above, personal data is stored in the cloud we rent, on rented servers and on the hard drive of our Company’s computers. Access to each system is controlled by rights management – personal data is accessible to those whose work requires knowledge of the data.

Our IT systems are tested on a recurring and regular basis to establish and maintain data and IT security.

Our office workstations are password protected. The use of foreign data media is not permitted by default.

Our systems are protected against malicious software.

Data is backed up daily. Only a restricted group of authorised users has access to the backups.

6. Management of personal data breach

All cases are classified as personal data breach when an unauthorized person has access to personal data or the data is destroyed, lost, altered, e.g. the database is destroyed or the media on which the data was stored get lost.

In the event of personal data breach, we assess its effects and risks (what kind of data are affected, in what quantity, can they be restored, etc.) and take immediate action for remedy.

We will notify a data breach to the competent supervisory authority without undue delay and no later than 72 hours after we become aware of it, unless the data breach is unlikely to pose a risk to the rights and freedoms of natural persons.

7. Your rights

Withdraw of consent: If the processing is based on your consent, you have the right to withdraw your consent at any time without giving any reason. After withdrawal of consent, your personal data will no longer be processed. Withdrawal of consent does not affect the lawfulness of the processing that preceded it.

Right of access: You shall have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information:

the purposes and the legal ground of the processing, your personal data processed by us and their categories, the recipients or categories of recipients (including the processors) to whom the personal data have been or will be disclosed (where personal data are transferred to a third country, you shall have the right to be informed of the appropriate safeguards relating to the transfer), the legal ground of the data transfer, period for which the personal data will be stored, the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing, the right to lodge a complaint with the Hungarian Data Protection Authority, the source of the data, the circumstances and effects of the possible data breach and the measures implemented for their prevention

Simultaneously we shall also provide a copy of the personal data undergoing processing.

Our Company will respond to your request within the time period specified in point 8 by sending a reply letter to the contact details provided in the request. If you have sent your request by electronic means, we will also send you our reply by electronic means.

If you request a copy of the personal data we process, the first copy will be free of charge, and we may charge a reasonable fee based on our administrative costs for each additional copy. The amount of this charge will be communicated to you in advance.

Right to rectification and supplementation: If you become aware that any of your personal data is incorrect, inaccurate or incomplete, please provide us with the correct or additional information as soon as possible so that we can make the correction or completion.

Right to erasure („Right to be forgotten”): You have the right to request the deletion of your personal data. Please note that we may refuse to erase your data in particular if we need or may need the data to comply with a legal obligation or to pursue a claim.

In the case of processing based on legitimate interest, objection to processing shall entail the deletion of the data, unless there are overriding reasons why the deletion cannot be complied with.

Furthermore, erasure takes place if

1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

2. the personal data have been unlawfully processed;

3. the personal data have to be erased for compliance with a legal obligation out of EU law or national law.

Right to restriction of processing: You shall have the right to obtain from us restriction of processing where one of the following applies (i) the accuracy of the personal data is contested by you, in which case the restriction applies for the period enabling us to verify the accuracy of the personal data; (ii) the processing is unlawful and you opposes the erasure of the personal data and requests the restriction of their use instead; (iii) we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; (iv) you has objected to processing, in which case the restriction applies until it is established whether our legitimate grounds prevail over your legitimate grounds.

Where processing has been restricted, such personal data shall, except for storage, only be processed with your consent or for the establishment, exercise, or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.

In case of restriction of processing you shall be informed by us before the restriction of processing is lifted.

Right to object: Regarding data processing based on our legitimate interest, you may object to our data processing if you feel that the data processing is prejudicial to you.

In the event of an objection, personal data will be deleted unless there is an overriding reason to keep it. Such an overriding reason may be if we wish to pursue a claim against you.

Right to data portability: In the case of processing based on your consent or a contractual legal basis, you may request that the personal data you have provided to us that we process electronically is transferred to you or to another person designated by you in a commonly known and easily usable electronic format.

8. Submission of requests and answering them

If you wish to exercise any of the above rights, please send your request in writing by post to our address or by e-mail to our e-mail adress as determined in Section I of this notice. In the letter, please also include your identification details and postal address. If we have any doubts about your identity or if the information provided is not sufficient to identify you, we are entitled to ask you for additional identification data.

Your request will be fulfilled within 1 month. If necessary, we are entitled to extend this period by a further 2 months and will send you a reasoned decision.

Valid requests will be granted free of charge. However, if the request is manifestly unfounded or excessive, in particular because of its repetitive nature, we are entitled to charge a reasonable fee or even refuse to act on the request.

We will inform all those to whom we have disclosed the data concerned of the rectification, erasure or restriction of the data, unless this proves impossible or involves a disproportionate effort. Upon your request, we will inform you of the recipients to whom we have communicated or informed as described above.

9. Damages and restitutions

Should we cause any damage to you or to a third person through unlawful or unsecure processing of your personal data, you or the person suffered damage is entitled to require damages from us.

If, in this regard, we infringe your privacy, you are entitled to claim restitution.

Please note that we shall be exempt from liability if the damage is proven to be caused by an unavoidable external cause outside the scope of the data processing or if the damage comes from your deliberate or grossly negligent behaviour.

10. Remedies

10.1 Contacting the controller

If you consider that we are processing your personal data unlawfully, please advise us, as the controller, of your observations or claims first, at any of our contact details listed in paragraph I so that we can process and handle your remarks as quickly and efficiently as possible.

10.2 Submitting a complaint at the data protection authority

In the event of unlawful processing, you also have the right to turn to the National Authority for Data Protection and Freedom of Information (NAIH) and initiate their proceedings.

Contact details of the authority:

website: http://www.naih.hu/

address: 1055 Budapest, Falk Miksa utca 9-11.

postal address: 1363 Budapest, Pf.: 9.

e-mail: ugyfelszolgalat@naih.hu

10.3 Going to court

Please note that you are entitled to lodge a claim at court. You may file the lawsuit at the county court having jurisdiction based on our seat.