DEXON Privacy Statement

Privacy Notice for Clients

Via the operation of the following website: (hereinafter the “Website”), DEXON Systems Kft. (hereinafter the “Provider”) processes the data supplied by the Website visitors, anyone registering on the Website, or any other persons supplying their personal data in any other way (hereinafter collectively the “Data Subjects”). With regards to such data processing activities taking place, the Provider hereby informs all Data Subjects about the personal data processed by the Provider on the Website, the principles and practices followed during such data processing operations, as well as the methods and options available for the Data Subjects to exercise their related rights. By using the Website, the Data Subject accepts the terms and conditions herein, and provides his/her consent to the data processing operations specified below.

1. The Provider, acting as Data Controller

Company name: DEXON Systems Kft
Legal seat, mailing address: 2040, Budaörs, Baross u. 165
Phone: + 3623422804
GDPR related E-mail contact:
Tax ID: 10459216-2-13
Company registry number: 13-09-114621

Web hosting provider:
Company name: tá Szolgáltató Kft.
Address: 1132 Budapest, Victor Hugo u. 18-22.
Phone: +36 1 789 2789

2. Data protection laws

The Data Controller acts in full compliance with all governing laws, during its data processing activities. The data processing principles specified herein are in full compliance with the following laws:
Act LXVI of 1992 - on the official registration of the citizens’ personal data and address
Act CXIX of 1995 - on the processing of name and address data for the purposes of research and direct marketing (“DM Act”)
Act CVIII of 2001 - on certain issues of electronic commerce services and information society services
Act XLVIII of 2008 - on the basic requirements and certain conditions of commercial advertising activities (“Grt.”)
Act CXII of 2011 - on informational self-determination and the freedom of information.

3. Definitions

3.1 Personal Data

Any information relating to an identified or (directly or indirectly) identifiable natural person (hereinafter the “Data Subject”), in particular the Data Subject’s name, identification number, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, and any conclusions that can be drawn from such data, in relation to the Data Subject.

3.2 The Data Subject’s Consent

Any freely given, specific, informed and unambiguous indication of the Data Subject's wishes, by which he/she signifies agreement to the processing of personal data relating to him/her being processed fully, or to the extent of specific operations.

3.3 The Data Subject’s Objection

A declaration made by the Data Subject objecting to the processing of his/her personal data, and requesting the termination of data processing, or a deletion of the data processed.

3.4 Data Controller

A natural or legal person, or organisation without legal personality, which alone or jointly with others determines the purposes and means of the processing of data, makes and executes decisions concerning data processing (including the means used), or have it executed by a Data Processor.

3.5 Data Processing

Any operation or set of operations, which is performed on personal data, or on sets of personal data, irrespective of the procedure applied, in particular the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, taking photos, making audio or visual recordings, as well as registering physical characteristics suitable for personal identification (such as fingerprints or palm prints, DNA samples, or iris scans).

3.6 Data Transfer

Ensuring access to the data for a third party.

3.7 Disclosure

Ensuring open access to the data.

3.8 Data Deletion

Making data unrecognisable in a way that it can never again be restored.

3.9 Blocking of Data

Marking data with a special ID tag, to indefinitely or definitely restrict its further processing.

3.10 Data Destruction

Complete physical destruction of the data carrier recording the data.

3.11 Data Process

Performing technical tasks in connection with data processing operations, irrespective of the method and means used for executing the operations, or the place of execution, provided that the technical task is performed on the data.

3.12 Data Processor

Any natural or legal person, or organisation without legal personality, processing the data on the grounds of a contract with the Data Controller, including contracts concluded pursuant to legislative provisions.

3.13 Third Party

Any natural or legal person, or organisation without legal personality other than the Data Subject, the Data Controller, or the Data Processor.

3.14 Third Country

Any state that is not a European Economic Area member state.

3.15 Cookie

A text file stored on our computer by the website visited via the web browser used. Its function is to make internet browsing more comfortable and tailor made, as it allows Users to store their personal data and passwords. Cookies also enable the execution of targeted / tailor made advertising campaigns.

4. The principles of data processing

Personal data may be processed if:
1. the Data Subject has given his/her consent, or
2. when processing is necessary by law, or by a local authority decree (based on an authorization conferred by law, concerning specific data defined therein) for public interest purposes (hereinafter referred to as “mandatory processing”).

Personal data may be processed only for specified and explicit purposes, where it is necessary for the exercising of certain rights and fulfilment of obligations. The purpose of processing must be satisfied in all stages of data processing operations, the recording of personal data shall be done under the principles of lawfulness and fairness.
The personal data processed must be essential for the purpose for which it was recorded, and it must be suitable to achieve that purpose. Personal data may only be processed to the extent and for the duration necessary to achieve its purpose.
The accuracy and completeness, and (if deemed necessary by the aim of processing) the up-to-date nature of the data must be provided for throughout the processing operation, and shall be kept in a way to permit identification of the Data Subject for no longer than is necessary for the purposes for which the data was recorded.

Special data may only be processed when the Data Subject has given his/her informed consent.
Personal data may be transmitted by a Data Controller to a Data Controller or Data Processor operating in a third country only if the Data Subject has given his/her explicit consent. Transfer of data to EEA member states shall be considered as if the transmission took place within the territory of Hungary.
Prior to the start of data processing, the Data Subject shall be informed about the fact whether the data processing is based on personal consent, or mandatory by the law. Prior to the start of data processing, the Data Subjects shall be clearly informed about all circumstances of the processing of their data, in full details, in particular about the purposes and legal basis of the data processing, the name of the entitled Data Controller and Data Processor, the duration of data processing, and whom may have access to the data.
Such information shall cover the Data Subject’s rights and legal remedy available, in relation to the data processing.

5. The legal basis for the data processing

The data processing is carried out based on the voluntary consent provided by the Users registering on the website. As part of registration, the Users have to complete a data form including their personal data, and accept the contents of this Privacy Notice.

5.1 Data of the visitors to the website

Purpose of the data processing: to ensure a proper operation of the Website, monitoring of the same, and the prevention, or later analysis of security incidents.

Legal basis for the data processing: section 13/A (3) of Act CVIII of 2001 on certain issues of
electronic commerce services and information society services.

Scope of the data processed: date and exact timing of the visit to the Website, address of the Website visited, the previously visited website, the visitor’s IP-address, and the data of the web browser and operating system used.
Data deletion date: 2 years after the User’s visit.

5.2 Data collection by external organisations on the Website

No external organisations collect or process personal data based on a mandate provided by the Data Controller.
The web analytics organisation mandated by DEXON Systems Kft. is Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043), which company is solely entitled to process data, after all personal references have been removed. The relevant privacy principles can be found at the following website: ( .
5.3 Liaising with the customers

The Company treats all contacts made through the website as an official contact made.
Purpose of the data processing: liaising with the customers.
Legal basis for the data processing: the Data Subject’s voluntary consent provided.
Scope of data processed: company name, name, e-mail address, name, phone number, job title. Registration number:
Data deletion date: 2 years after last contact is made.

5.5 Registering for the special events held by DEXON Systems Kft.

Purpose of the data processing: organising special events.
Legal basis for the data processing: the Data Subject’s voluntary consent provided.
Scope of data processed: company name, country, e-mail address, name, phone number, job title.
Registration number:
Data deletion date: 2 years after the last contact made.

5.6 Subscribing to the Newsletter

Purpose of the data processing: information supply, liaising with the customers, and sending advertising type messages.
Legal basis for the data processing: the Data Subject’s voluntary consent provided.
Scope of data processed: e-mail address, name.
Data deletion date: 2 years after the last related action taken.

5.7 Job applications

Purpose of the data processing: recruitment, liaising with the applicants.
Legal basis for the data processing: the Data Subject’s voluntary consent provided.
Scope of the data processed: name, e-mail address, birth year, language skills, qualifications, job history.
Data deletion date: 1 year after receipt of the job application.

6. Deletion of personal data

DEXON Systems Kft. will delete the personal data when it is unlawfully processed, the original purpose set for the data processing is no longer valid, the mandatory retention period expired, or when ordered so by the relevant court or by the Data Protection Commissioner.
Users are entitled to request the deletion of their personal data by sending an e-mail to the following e-mail address: . The Company will delete the relevant data within 15 business days upon receipt of a lawful deletion request from the Data Subject, or will otherwise contact the Data Subject.

7. The application of cookies on the Website of DEXON Systems Kft.

The definition of cookies

Cookies are tiny word files, which are able to store information related to the visit of certain websites for a particular duration and purpose. When a website is repeatedly visited, the website is able to recognise such text file, thereby identifying a previous visitor.
The primary function of cookies is to make web browsing more comfortable, and tailor made for Users, as they allow Users to store their personal data and settings. Cookies also enable the execution of targeted, tailor made advertising campaigns.
Cookie types
The cookies used on the Website fall into 4 different categories, in accordance with the classification applied by the International Chamber of Commerce ( , which are as follows: strictly necessary cookies, performance cookies, functionality cookies, and web analytics cookies or advertising cookies.

8. Scope of persons having access to the data, data transfer, and data processing

Primarily the Provider, and the Provider’s internal staff has the right to access the data, with that the data is not published, or disclosed to any third party. Within the scope of the purposes set for the data processing, the Provider is entitled to involve a Data Processor (e.g. a system operator, or bookkeeper).

Purpose of the data transfer: to send Newsletters, promotional materials, text messages, to provide tailor made services, to provide help desk services.

Legal seat: The Rocket Science Group, LLC., 675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308 USA
Activities: Newsletters
Scope of data transmitted: User name and e-mail address

Scope of data transmitted: IP-address, User name, e-mail address, arranging for payments to be made through the Website, and arranging for the execution of the same via the involvement of a sub-Data Processor, Facebook advertising and remarketing, Web analytics tagmanager, Linkedin, Twitter, Googleblog.

In addition to the above, personal data related to the Data Subjects can only be transferred to third parties in cases mandatory by the law, or based upon the Data Subject’s consent provided.

9. Data security measures

The personal data is stored on dedicated servers, installed in the server room of DEXON Systems Ltd., in the territory of Hungary, with 24/7 security provided, and in the Provider’s own server room.

10. Any amendments to this Privacy Notice

DEXON Systems Kft. retains the right to unilaterally amend this Privacy Notice, subject to a prior notification of the Users. When the services are used by the User first time following any such amendments coming into force, the User automatically accepts the amended version of this Privacy Notice.

11. The Users’ rights in relation to the processing of their personal data

The Data Subject shall have the right to obtain confirmation as to whether or not personal data concerning him/her are being processed, and shall have the right to rectify his/her personal data, or a right to erasure (except for mandatory data processing). The Data Subject shall have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him/her are being processed, the purposes of data processing, the legal basis and duration of data processing, the name and address (legal seat) of the Data Processor, and its data processing related activities, and the recipients to whom the personal data have been, or will be disclosed. The Data Controller shall provide the relevant information in writing as soon as practicable, within a period of 30 days, in an easy to comprehend manner. The information shall be provided free-of-charge. Any request for such information supply shall be submitted by the Data Subjects via e-mail, to the following e-mail address:, and the Data Subject will receive a reply within 8 business days.

12. Legal remedy

The Data Subject shall have the right to object the processing of data relating to him/her:

a. if the processing or transfer of personal data is carried out solely for the purpose of discharging the Data Controller’s legal obligation, or for enforcing the rights or legitimate interests of the Data Controller, the recipient, or a third party, unless processing is mandatory;

b. if personal data is used or disclosed for the purposes of direct marketing, public opinion polling or scientific research; and

c. in all other cases prescribed by the law.

When an objection is raised, the Data Controller shall investigate the cause of objection within the shortest possible time, within a 15-day deadline, and adopt a decision as to the merits, and shall notify the Data Subject in writing of its decision. If, according to the findings of the Data Controller, the Data Subject’s objection is justified, the Data Controller shall terminate all data processing operations (including any further data collection or transmission), block the data involved, and notify all recipients to whom any of these data had previously been transferred about the objection, and the ensuing measures, upon which these recipients shall also take measures regarding the enforcement of the objection.
If the Data Subject disagrees with the decision made by the Data Controller, or if the Data Controller fails to meet the 15-day deadline to complete its investigation of the objection, the Data Subject shall have the right to file for litigation within 30 days of the date of delivery of the decision, or from the expiry date of the time limit.

13. The Data Controller’s warranty

The Data Controller agrees to be bound by the provisions herein, and warrants that the data processing activities pursued in relation to its services rendered are carried out in full compliance with the requirements set forth in this Privacy Notice.