Privacy Policy

LIGHTBRIDGE Technologies KFT

H-1123 BUDAPEST, Alkotás u. 39/A

Budapest, 2024/05/27

Table of contents

I. INTRODUCTION OF DATA CONTROLLER 3

II. PRELIMINARY OBSERVATIONS 3

III. THE CHARACTERISTICS OF EACH DATA PROCESSING PURPOSE 4

1. Management of cookies on the website 4

2. Communication 5

3. Data processing related to the performance of contracts and data processing of the contact person 6

IV. THE DATA PROCESSORS ENGAGED BY THE CONTROLLER 8

V. THE RIGHTS OF THE DATA SUBJECT 8

PROCEDURES FOR ENFORCING THE RIGHTS OF DATA SUBJECTS 11

VI. THE RIGHT TO LODGE A COMPLAINT AND TO AN EFFECTIVE JUDICIAL REMEDY 11

I. INTRODUCTION OF DATA CONTROLLER

In order to ensure the legality of its internal data protection processes and the rights of the data subjects, LIGHTBRIDGE Technologies Kft. (hereinafter: Data Controller) formulates the following privacy notice. 

The personal data of the data subjects are managed in accordance with the requirements of all effective laws, but primarily in accordance with the requirements of the following laws:

• Act CXII of 2011 on the right of informational self-determination and the freedom of information (hereinafter: Information Act),
• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: GDPR).

The Data Controller keeps personal data confidential and uses technical and organizational measures relating to the storage of processing of said data in order to ensure its safety.

*****

II. PRELIMINARY OBSERVATIONS

Definitions

The conceptual framework of this privacy notice is identical to that described in Article 4 of the GDPR, and in some points supplemented by the interpretative provisions of Section 3 of the Information Act.

When the privacy notice mentions data or data processing/controlling it refers to personal data and the processing/controlling of personal data.

The source of personal data

The source of the personal data for the processing purposes set out in this privacy notice is primarily the data subject. If, for a particular purpose, the Data Controller obtains personal data from other sources, it will provide specific information in relation to that purpose.

Recipients of the personal data provided

Personal data shall only be processed by employees of the Data Controller whose job duties include the processing of personal data. 

A list of the data processors used by the Data Controller is included in Chapter IV.

If, for a particular purpose, there may be other recipients of personal data, the Data Controller will provide specific information in relation to that purpose.

Automated decision making and profiling

None of the processing purposes set out in this privacy notice involves automated decision-making and profiling as defined in Article 22 of the GDPR.

*****

III. THE CHARACTERISTICS OF EACH DATA PROCESSING PURPOSE

1. Management of cookies on the website

The Data Controller uses cookies on its website at […] (hereinafter referred to as the “website”) to maintain and improve the services of the website and to enhance the user experience.

What is a cookie?

Cookies are small files installed on the user’s device that process small text-based identification and collect data. The cookie consists of a unique numerical value and is primarily used to distinguish between computers and other devices visiting the website. Cookies have multiple functionalities, among other things they collect information, store user settings and enable the website’s owner to monitor user behavior in order to enhance the user experience.

Why do we use cookies?

We use cookies on the website in order 

• to ensure the proper and high quality operation of the website,
• to measure the number of visits,
• to provide web analytics and analysing how visitors use the website (including the use of the cookie manager and promotional interfaces),
• to monitor and improve the quality of the services provided by the website,
• to improve the user experience,
• to facilitate the management of our sites,
• to identify malicious visitors who attack our website.

What cookies does the website use?

Detailed information about the cookies used by the website is provided through the website’s cookie manager.

The information collected by the cookies is not sold or rented by the website to third parties, except to the extent necessary to provide the services for which the data subject has previously and voluntarily provided this information.

What is the legal basis of the data processing carried out by cookies?

We use cookies that are essential for the use of the website on the basis of our legitimate interest under Article 6(1)(f) of the GDPR, and the legal basis for the use of additional cookies is the consent of the data subject, which the data subject can give through the cookie manager.

How to check and turn off cookies

All modern browsers allow the user to manage the settings of cookies. Most browsers accept cookies by default but this setting can be changed in order to prevent automatic enabling of cookies, giving the user the option to choose whether they want to enable them or not.

Because the purpose of using some cookies is to ensure the website’s usability and enable its functions, it is possible that preventing the loading of cookies or deleting them may cause the users to be unable to fully use the website, or it may work differently than intended.

You can find information about default cookie settings of the most popular browsers at the following links:

Google Chrome: 

https://support.google.com/accounts/answer/61416?hl=en&sjid=5634005259817486459-EU

Firefox:

https://support.mozilla.org/hu/kb/sutik-informacio-amelyet-weboldalak-tarolnak-szami

Microsoft Edge:

https://support.microsoft.com/en-gb/windows/microsoft-edge-browsing-data-and-privacy-bb8174ba-9d73-dcf2-9b4a-c582b4e640dd

Opera:

https://help.opera.com/en/latest/web-preferences/#cookies

Safari:

https://support.apple.com/en-gb/guide/safari/sfri11471/mac

*****

1. Communication

The Data Controller communicates with its partners, clients and with any data subject (hereinafter: data subject) primarily via electronic means. Anyone can contact the Data Controller by sending a direct email or using the contact option on the website (myownsignal.com/contact) whether it’s a request for information, a technical question, or any other subject. 

During communication with the data subject – in any matter – the Data Controller processes the data in accordance with the information provided in this notice.

The purpose of data processing

Purpose of data processing: communication, response to enquiries from the data subjects. The Data Controller uses all the data provided by the data subject during the contact process solely for the purpose of communication and the administration of the matters included in the message. 

The Data Controller will contact any data subject only in connection with the performance of a contract already in force or on other legitimate grounds, in compliance with the data protection rules.

Processed personal data

Name, email address, alternatively phone number or postal address, as well as any other information provided by the data subject during the communication with the Data Controller.

Legal basis of data processing

The legal basis for the processing of personal data is point (b) of Article 6(1) of the GDPR, as the data processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. The Data Controller regards communication with potential partners and with already existing partners is required for either a future contract (agreement) or an already completed contract.

In addition, point (f) of Article 6(1) of the GDPR (legitimate interest) also provides the Data Controller a legal basis for data processing. It is a legitimate interest of the Data Controller, in case it is contacted in a matter, to process the personal data that are necessary for responding and resolving the given issue.

Time period of processing personal data

In the event of any kind of contract (agreement) is concluded between the Data Controller and the data subject, the Data Controller will process the personal data obtained in the course of the communication in relation to the contract in question, in accordance with the provision set forth in point 3 below.

If no contract is concluded between the Data Controller and the data subject following the pre-contractual processing, or if the communication is not related to a contract and the communication cannot have any future legal effect, the Data Controller will process the personal data obtained during the communication until the communication is finally terminated.

Consequences of failure to provide personal data

Providing personal data is a condition for replying to the message and thus for communication between the data subject and the Data Controller.

*****

1. Data processing related to the performance of contracts and data processing of the contact person

In the course of its activities, the Data Controller enters into contracts with other entities, which may be natural persons or legal entities. 

In case the Data Controller enters a contract with a natural person, a self-employed contractor, the Data Controller processes personal data necessary to identify the contractor and to keep in touch with them and other personal data related to the performance of the contract.

In case the Data Controller enters into a contract with a legal entity, it is necessary to process the data of the contact person of the partner in order to keep in touch with each other during the performance of the contract and in order to maintain and deepen the cooperation between the entities.

The purpose of data processing

The purpose of data processing is the conclusion and performance of the contract concluded by the Data Controller and the contracting partner, including keeping the contact with each other in connection with performance of the contract, and through this the establishment and maintenance of a business relationship.

Processed personal data

Given the fact that the self-employed contractor is a natural person, the source of the personal data in the case of the conclusion of a contract with a self-employed contractor or any other natural person is the data subject, so the Data Controller will provide final information on the exact scope of the personal data processed at the time of the conclusion of the contract.

In general, when contracting with a natural person, self-employed contractor, the following data are processed by the Data Controller:

1. name, (identification) 
2. mother’s name, (identification)
3. place and date of birth, (identification)
4. address, (contact)
5. in the case of self-employed contractors, place of business, (contact)
6. telephone number, (contact)
7. e-mail, (contact)
8. in the case of payment by transfer: bank account number, account holding bank,
9. if the payment is made after the deduction of taxes, the social security number,
10. in the case of a contract for pecuniary interest and in the case of contracting with a self-employed contractor, the tax identification number,
11. in the case of contracting with a self-employed contractor, also the registration number,
12. and any other data strictly necessary for the performance of the contract.

When contracting with a legal entity, the name of the representative, as well as the name, phone number, e-mail address and position of the contact person are processed by the Data Controller.

Legal basis of data processing

Natural person: point (b) of Article 6(1) of the GDPR: performance of a contract.

Where the contact person does not have a direct contractual relationship with the Data Controller, i.e. the data subject is an employee or other agent of the contracting partner, the legal basis for the data processing is the legitimate interest of the Data Controller pursuant to point (f) of Article 6(1) of the GDPR.

It is in the legitimate interest of the Data Controller to establish and maintain a business relationship with the company represented by the data subject, in order to perform the contract as efficiently as possible. The contact is therefore necessary for the establishment of economic cooperation and the performance of the contract(s) concluded between the entities. The Data Controller will not process the personal data of the data subject for any other purposes without a legal basis.

The source of personal data

In case the Data Controller enters into a contract with a natural person, a self-employed contractor,

the source of personal data is the data subject. As the data subject is the source of all personal data, the Data Controller will notify him/her of any change in the scope of processed data when recording them.

In case of a contract with a legal entity, the source of the contact details is the contracting party.

Time period of processing personal data

The Data Controller shall process the personal data of the data subjects until the expiry of the general limitation period set out in the Hungarian Civil Code following the performance of the contract, provided that the contract, if it constitutes an accounting document directly and indirectly supporting the accounting, shall be kept by the Data Controller for at least 8 years in a legible form, retrievable by reference to accounting records, in accordance with Article 169 (2) of Act C of 2000 on Accounting.

The Data Controller will no longer process the contact details for the contact purposes set out in this statement if it is informed that the contact person has ceased to be employed by the contracting partner.

Consequences of failure to provide personal data

Providing personal data is mandatory as it is required for the conclusion and performance of the contract.

*****

IV. THE DATA PROCESSORS ENGAGED BY THE CONTROLLER

The Data Controller uses the services of the following service providers:

• […] (székhely) – the website’s hosting provider.
• […] (székhely) – the Data controller’s email hosting provider.

The data processors may process the personal data of the data subject only for the purpose specified by the Data Controller and determined in the contract, in accordance with the instructions of the Data Controller, they have no independent decision-making right regarding data processing. The data processors have undertaken to maintain confidentiality and provided contractual guarantee for the protection of personal data obtained during the performance of their duties.

*****

V. THE RIGHTS OF THE DATA SUBJECT

Right to be informed

The data subject has the right to be informed with regard to the data processing, which right is observed by the Data controller by providing this privacy notice.

Data processing based on consent

In case the legal basis of any data processing is the consent of the data subject, they have to right to withdraw their consent to the data processing at any time. However, it is important to note that withdrawing the consent involves only the data whose processing has no other legal basis. In case there are no other legal bases, we delete the personal data finally and irrevocably after the consent is revoked.

The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Right of access by the data subject

The data subject shall have the right to obtain from the Data controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

1. the purposes of the processing;
2. the categories of personal data concerned;
3. the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
4. where possible, the planned period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
5. the data subject is informed about their right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
6. the right to lodge a complaint with a supervisory authority;
7. where the personal data are not collected directly from the data subject, any available information as to their source;
8. the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Right to rectification

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

If a request is made to rectify (modify) personal data then the data subject needs to prove the authenticity of the data to be modified. Additionally, the data subject must verify that the person requesting rectification is authorised to do so. This is the only way for the data controller to verify the authenticity of the new data before modifying it.

Please report any changes in your personal data to the Data controller as soon as possible, facilitating the legality of data processing and the enforcement of your rights.

Right to erasure (‘right to be forgotten’)

The data subject shall have the right to obtain from the Data controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
2. the data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing;
3. the data subject objects to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing of personal data for direct marketing purposes;
4. the personal data have been unlawfully processed;
5. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
6. the personal data have been collected in relation to the offer of information society services.

Right to restriction of processing

The data subject shall have the right to obtain from the Data controller restriction of processing where one of the following applies:

1. the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
3. the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
4. the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.

Right to object

If the legal basis for processing personal data is the legitimate interest of the Data controller (point (f) of Article 6(1) of the GDPR), or the processing is necessary for the performance of a task carried out in the exercise of official authority vested in the controller (point (e) of Article 6(1) of the GDPR), the data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, including profiling based on the relevant provisions.

If the personal data of the data subject are processed for direct marketing purposes (i.e.: sending marketing e-mails), the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. If the data subject objects to the processing of their personal data for direct marketing purposes then such data can no longer be processed for that purpose.

Balancing test of legitimate interest

If the basis of processing personal data is in the legal interest of the data controller or third person as described in Article 6. Paragraph (1) Point f) of GDPR law, then according to (47) Preamble Article, and Article 5, Paragraph (2), the Data controller carries out a ’Balancing test of legitimate interest’ which can be obtained at [email protected] email address. 

Right to data portability

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the Data controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

1. the processing is based on consent of the data subject or on a contract according to Article 6 Paragraph (1) Point b) of the GDPR; and
2. the processing is carried out by automated means.

PROCEDURES FOR ENFORCING THE RIGHTS OF DATA SUBJECTS

The above rights can be exercised by data subject by sending an electronic mail to this e-mail address: [email protected]or regular mail to the seat of the Data controller or in person at the seat of the Data controller. The data subject shall be informed about the measure taken in response to the request within 30 days. If we are unable to fulfill the request, we inform the data subject about the reasons of the rejection and the administrative and judicial redress rights of the data subject.

The rights of the deceased may be enforced within five (5) years by an authorized person who possesses administrative provisions, or a statement towards the data processor included in a public document or full probative private document. If multiple such statements exist at the same data processor, then the statement made the latest will prevail. If the subject has made no such legal statement, then a close relative – as defined in Act V of 2013 on the Civil Code – is still able to enforce certain rights of the deceased within five (5) years of death. These rights are defined in Article 16 (right to rectification) and Article 21 (right to object), as well as – if the data processing was unlawful during the life of the subject, or the purpose of data processing has ceased with the death of the subject – Articles 17 (right to erasure) and 18 (right to restriction of processing) of the GDPR. The close relative who exercises their right first will be entitled to enforce rights of the subject as set forth in this Paragraph.

VI. THE RIGHT TO LODGE A COMPLAINT AND TO AN EFFECTIVE JUDICIAL REMEDY

In order to exercise their right to judicial remedy, the data subjects may seek legal action against comthe Data controller if the data subject considers that the Data controller or a data processor acting on behalf of or under the instructions of the Data controller is processing the personal data in breach of the provisions of laws on the processing of personal data or of binding legal acts of the European Union. According to Article 79 (2) of the GDPR proceedings against the data controller shall be brought before the courts of the Member State where the data controller has an establishment, i.e., before the Budapest-Capital Regional Court (Hungary). The court shall deal with the case as a matter of priority. Alternatively, such proceedings may be brought before the courts of the Member State where the data subject has habitual residence. 

Without prejudice to judicial remedy, according to Article 77 (1) of the GDPR every data subject shall have the right to lodge a complaint with the supervisory authority, in particular in the Member State of data subject’s habitual residence, place of work or place of the alleged infringement (i.e. in Hungary), alleging that the processing of personal data by the Data Controller has resulted in a violation of rights or an imminent threat thereof, or that the Data Controller is restricting the exercise of rights related to the processing of personal data or is refusing to exercise such rights. 

The claim can be filed at the Hungarian supervisory authority at one of the below addresses:

National Authority for Data Protection and Freedom of Information (NAIH) 

Mailing address: Po.box.: 9, Budapest, H-1363  

Address: 9-11. Falk Miksa utca, Budapest, H-1055

E-mail: [email protected]

URL: http://naih.hu