Privacy Policy

SUMMARY OF THE PRIVACY POLICY

This document is a short summary of the Privacy Policy (hereinafter referred to as the „Policy”). More detailed information on data processing is available in the full version of the Policy accessible below. Please note that only the full version of the Policy is considered as complete and adequate information. The purpose of this summary is to give a better understanding of the Policy.

Purpose of data processingAdministering registration on the Site and providing access to the Software, tutorials, Tools (and any other documentation the Data Controllers may provide) offered on the SiteSending newsletters
Data controller
  • NNG
  • Partner
  • NNG
  • Partner
Scope of processed data

Data to be provided by User in the request form:

  • User’s first and last name;
  • User’s email address;
  • Company;
  • User’s position;
  • User’s phone number.

Login credentials received from the Data Controllers:

  • login name;
  • password.

Data related to the Tools:

  • Tools downloaded by the User;
  • data related to the access permissions .
  • User’s first and last name;
  • User’s email address;
  • data related to User Activity.

Data processed with automated processing:

  • User’s interaction with the delivered newsletters (i.e. whether the email was opened, how many times the addressee clicked on it, whether the addressee read the entire email) and bounce rate of the emails;
  • OS and OS version of Device;
  • type and version of email client of User;
  • IP address and geolocation data of Device (i.e. country/region information).
Legal basis
  • User’s consent.
  • User’s consent.
Duration of data processing
  • Until the User’s request for deletion.
  • The User’s personal data will be deleted 2 years after the User’s last activity (e.g. downloading a Tool), should the Data Controllers notice that the User has not been active on the Site for at least 2 years.
  • Until the User’s request for deletion.
  • The User’s personal data will be deleted 2 years after the User’s last activity (e.g. opening a newsletter), should the Data Controllers notice that the User has not been active on the Site for at least 2 years.
  • Data processor
  • Google LLC
  • Google LLC
  • MailChimp

Privacy Policy

Definitions

Cookie means a small text file, which is placed on your hard disk by a web server, and is used by the Site as set forth in section 5 below.

Device means PCs, notebooks, and tablet PCs.

General Data Protection Regulation or GDPR means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

NNG means NNG Software Developing and Commercial Limited Liability Company. Registered office: H-1037 Budapest, Szépvölgyi út 35-37, Hungary Court of registration: Budapest-Capital Regional Court (Fővárosi Törvényszék) Company registration number: Cg.01-09-891838 Tax number: 13357845-2-44 Email address:
info@naviextras.com

Website: www.nng.com

Partner means NNG North-America, Inc. Partner is a subsidiary of NNG. Registered office: 20502 NE 72nd Ave, Battle Ground, WA 98604-5223, USA Court of registration: State of Washington Unified Business ID: 602 565 482 Tax number: 20-2059252 (EIN number) Email address: uxatlas-support@nng.com

Profiling means automated processing of personal data, as listed in point 4.2.2 in order to provide the User with personalized newsletters.

Site means uxatlas.nng.com and its subdomains.

Software means the software that can be downloaded from the Site.

Tool means information related to the Software that can be downloaded from the Site.

User or "you" means a registered visitor of the Site.

User Activity means location and behaviour data (language selection on the Site), onsite browsing history, and usage patterns (frequency/patterns of logging-in).

Availability and updating of this document

The Data Controllers reserve the right to amend this document unilaterally at any time. We suggest visiting the Site from time to time for the latest information.

Data controller(s)

The data provided on the Site is processed by NNG and Partner as joint controllers (hereinafter referred to as “Data Controllers”). The Data Controllers have concluded an agreement on joint controlling and determined the purposes and means of processing with special regard to their respective responsibilities for compliance with the obligations under the GDPR. The provided data is accessible to the following persons:

  • NNG’s employees involved in the data processing (including IT specialists performing a variety of IT tasks related to the operation and maintenance of NNG’s computer system) as part of their role within NNG in connection with performing their duties associated with the purpose of this Policy.
  • Partner’s employees involved in the data processing (including IT specialists performing a variety of IT tasks related to the operation and maintenance of Partner’s computer system) as part of their role within Partner in connection with performing their duties associated with the purpose of this Policy.

Purpose of data processing and scope of processed data

  • Administering registration on the Site and providing access to the tutorials, Tools (and any other documentation the Data Controllers may provide) offered on the Site
    • Purposes of data Processing
      • Administering registration on the Site and User account maintenance
      • Providing access to the tutorials and Tools offered on the Site

      If the User wishes to download a Tool, he/she shall complete a request form on the Site and send it to the Data Controllers. Once such request is sent, the User will receive his/her special login credentials to the email address provided in the request form. The login credentials consist of a login name and password, the password can be changed any time. By using these login credentials, the User can enter into his/her account on the Site and download the Tools to which he/she is entitled to. Please note that the availability of certain Tools may vary depending on the entitlement linked to the login credentials.

    • Scope of the User’s processed personal data
      Data to be provided by User in the request form:
      • User’s first and last name;
      • User’s email address;
      • Company;
      • User’s position;
      • User’s phone number.

      Login credentials received from the Data Controllers:

      • login name;
      • password.

      Data related to the Tools:

      • Tools downloaded by the User;
      • data related to the access permissions .
    • Legal basis of data processing
      The data is processed in compliance with GDPR and all relevant local laws.The legal basis of data processing is the User’s express consent given pursuant to point a) of Article 6(1) of the GDPR.
    • Duration of data processing
      User's personal data specified in point 4.1.2 is processed until the User cancels his/her account on the Site or until the User is active on the Site. User’s personal data will be deleted 2 years after the User’s last activity (e.g. downloading a Tool), should the Data Controllers notice that the User has not been active on the Site for at least 2 years.Notwithstanding the above, The Data Controllers shall immediately delete the User’s personal data if he/she specifically requests the deletion thereof or withdraws his/her consent and there is no valid legal ground for data processing. If the User withdraws his/her consent, this does not affect the lawfulness of data processing based on his/her consent and conducted before such withdrawal.
  • Processing of User's personal data for receiving newsletters
    • Purpose of data processing
      The Data Controllers may send newsletters via email to inform the User about new Tools or other marketing activities. In order to provide the User with personalized newsletters and increase his/her user experience and satisfaction, the Data Controllers use Profiling techniques with the involvement of MailChimp, as data processor, to receive information of the User’s Device and the geographical region the User’s Device is located.
    • Scope of the processed personal data of the User
      • User’s name;
      • User’s email address;
      • data related to User Activity.

      Data processed for Profiling purposes:

      • User’s interaction with the delivered email (i.e. whether the email was opened, how many times the addressee clicked on it, whether the addressee read the entire email);
      • Bounce rate of the newsletters sent to the User;
      • OS and OS version of Device;
      • type and version of email client of User;
      • IP address and geolocation data (i.e. country/region information).
    • Legal basis of data processing
      The data is processed in compliance with GDPR, and all relevant local laws.The legal basis of data processing is
      • the User’s express consent given pursuant to point a) in Article 6(1) of the GDPR and
      • sections 6(1) and (2) of Act XLVIII of 2008 on the basic requirements of and certain restrictions on commercial advertising activities (“Advertising Act”).

      The User can subscribe to the Data Controllers’ newsletter on the Site by ticking the appropriate checkbox. The User may withdraw his/her consent at any time by sending an email to any of the Data Controllers from the email account regarding which he/she does not wish to receive newsletters in the future, or by sending a mail to the postal address (the registered office) of any of the Data Controllers specified in section 1. The User may also unsubscribe (opt-out) at any time by following the instructions in the newsletter. Please note that unsubscribing from the newsletter does not affect the lawfulness of data processing based on your consent and conducted before such withdrawal and unsubscribing from newsletter is not equal with cancelling your account.

    • Duration of data processing and subscription to the newsletter
      User's personal data specified in point 4.2.2 is processed for the period until he/she cancels his/her account on the Site.User’s personal data will be deleted 2 years after the User’s last activity (e.g. opening a newsletter), should The Data Controllers notice that the User has not been active on the Site for at least 2 years. Notwithstanding the above, the Data Controllers shall immediately delete the User’s personal data if he/she specifically requests the deletion thereof or withdraws his/her consent and there is no valid legal ground for data processing. If the User withdraws his/her consent, this does not affect the lawfulness of data processing based on his/her consent and conducted before such withdrawal. Please note that the Data Controllers may at any time decide to stop sending newsletters without prior notice, or further liability or obligation of any kind.

Cookies

The Data Controllers hereby inform you that if you download certain parts of the Site, small data files (hereinafter referred to as “Cookies”) will be automatically sent by the web server to your device. In certain cases, these data files may be considered as personal data under the Hungarian law on privacy. These data files are necessary for the proper operation of the Site, and are used to collect anonymous information on the User’s visits to the Site. You can control the use of Cookies by setting your browser, however, if you choose to disable Cookies, some Website features or services may not function properly. You can accept or refuse Cookies on a case-by-case basis, or refuse all Cookies by adjusting your browser settings. To find out how to do this and learn more on Cookies, please visit:https://www.youronlinechoices.eu/. If you choose to refuse all Cookies, access to some of the website's pages will be limited.

Types of CookiePurpose of CookiesCookie retention period
Google AnalyticsThe Site uses the Google Analytics tool to collect and analyse information on the User’s access to and use of the Site. We use the information to compile reports and improve the Site. The data is collected in an anonymous form, including the number of Users to the Site, where Users have come to the Site from, and the pages they visited within the Site. The collected data cannot be tracked back to the User. For further information on Google’s privacy policy,click here.Google Analytics Cookies are created as soon as the User visits a website on which a valid Google Analytics tracking code is installed. The Cookies will be held on the User's device for a maximum period of 2 years from the above date. For further information, please click here.
SessionSession Cookies allow the User to be recognized within the Site, so the User will not be prompted to give the information he/she has already provided.The information is saved until the end of the current session. A session means the time period during which the User is visiting the Site. After that, the collected information will no longer be available.
PersistentPersistent Cookies remember the language settings applied by the User.The Cookie is automatically deleted after 1 year.
Facebook pixelThe Facebook pixel is a code, which helps to track User’s behaviour and conversions. It enables Facebook to report the number of actions Facebook ads drive and allow Facebook to learn which of the visitors who have seen our ads are more likely to take a certain action, e.g. make a purchase, on our Site, and optimize the delivery of ads to trigger more of such actions.The Cookie is held in the User's browser for a maximum period of 180 days.

Links

Please note that there might be links on the Site that lead to other websites. Their respective data protection rules apply to the use of such external websites, therefore after you click on their link or the provided button, the Data Controllers will no longer have any influence over the collection, storage, or processing of any personal data transmitted by your click.

Data security

The Data Controllers observe all applicable regulations regarding the security of personal data, therefore both the Data Controllers and their authorized data processor(s) implement appropriate technical and organizational measures to protect personal data, and establish adequate procedural rules to enforce the provisions of the Privacy Act concerning confidentiality and the security of data processing.

Data processor(s)

In order to fulfil its purposes as a data controller the Data Controllers cooperate with the data processors listed below. The Data Controllers reserve the right to change the data processors at any time.

Name of the data processorData processing activity carried out on behalf of the Data Controllers and
list of the personal data the data processor has access to

Google LLC (‘Google’)Company name: Google LLC Address: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA Website: https://www.google.com/about/

Contact: https://www.google.com/contact/

Google provides cloud computing services to the Data Controllers. Google has access to all personal data of the Users listed in the present Document.

MailChimpCompany name: The Rocket Science Group LLC d/b/a MailChimp Address:675 Ponce De Leon Ave NE, Suite 5000 Atlanta, Georgia 30308 USA Website: https://mailchimp.com/

Contact: https://mailchimp.com/contact/

MailChimp carries out data processing activity for the following purpose(s):

Sending newsletters

MailChimp provides the Data Controllers with an online system (“System”), through which the Data Controllers can manage the sending of newsletter to Users. The data processor does not have access to the content uploaded by the Data Controllers to the System. The System is used for the following purposes:

  • Storing the User’s personal data described in section 4.2.2 above;
  • Sending newsletters to Users;

Data processed with automated processing techniques

  • Analysing Users’ interaction with the delivered newsletter (in particular whether the newsletter was opened, how many times the addressee clicked on it, whether the addressee have read the entire newsletter);
  • Analysing the bounce rate (e.g., cases in which the email address is invalid or the newsletter is listed as spam)
  • Collecting data of User’s Device and its geolocation (OS and OS version of Device; type and version of email client of User; IP address and geolocation data (i.e. country/region information).

The User data listed in section 4.2.2 is stored both in the System and in the Data Controllers’ servers.

Rights and enforcement

  • Any personal information which you supply to the Data Controllers must be true, complete and accurate in all respects.
  • You may exercise the following rights in relation to the Data Controllers’ data processing activities:
    • request information on the processing of your personal data;
    • request the rectification of your personal data;
    • request the deletion of your personal data or restriction of the processing of your personal data;
    • object to the Data Controllers’ data processing;
    • request data portability.
  • You are entitled to request information on data related to you and processing carried out by the Data Controllers thereof, especially information as to what personal data relating to you is stored; the sources from which they were obtained; the purpose, grounds, and duration of processing; if your personal data is made available to others, the legal basis and the recipients; and any data protection incident in relation to your personal data by sending an email or mail to the email or postal address (registered office) specified in section 1.
  • If your personal data is inaccurate, you may request the Data Controllers to rectify such data, provided that the correct data is at the Data Controllers’ disposal.
  • Your personal data shall be deleted upon your request in accordance with applicable laws. Your request for data deletion may be submitted to any of the the Data Controllers by using the email or postal addresses (registered office) specified in section 1. The Data Controllers shall delete all stored personal data in compliance with this Policy. Please be informed that your data will not be deleted if the processing thereof is required by law or other exceptions apply under applicable law.
  • You have the right to obtain restriction of processing from the Data Controllers in the following cases:
    • you think that your processed personal data is not accurate, for a period enabling the Data Controllers to verify the accuracy of your personal data;
    • the processing is unlawful and you oppose the erasure of your personal data, you are entitled to request restriction of their use instead;
    • the Data Controllers no longer need your personal data for the purposes of processing, but you require the Data Controllers to continue the processing for the establishment, exercise or defence of your legal claims;
    • you have objected to processing, for a period pending the verification whether the legitimate grounds of the Data Controllers override those of yours.

    Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the EU or of a Member State.

  • At any time, you have the right to object to processing your personal data subject to certain conditions under applicable laws. In this case, the Data Controllers will no longer process your personal data unless if the Data Controllers demonstrate compelling legitimate grounds for the processing which override your interests, rights and data protection related freedoms or if the processing is necessary for the establishment, exercise or defence of legal claims.
  • You are also entitled to request a structured, commonly used and machine-readable formatted copy of your personal data that the Data Controllers are processing subject to conditions set out in Article 20 of the GDPR. You have the right to transmit your personal data to another controller or, where it is technically feasible, you can request the Data Controllers to transfer your personal data directly to another controller as specified in Article 20 of the GDPR.
  • The Data Controllers complete your request without undue delay, within one month as from the receipt of the request. This period may be extended by two further months where necessary. If the Data Controllers does not take action on your request, they shall inform you without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
  • You may lodge a complaint about the processing of your personal data to the National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság – NAIH; address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/C.; postal address: 1530 Budapest, Pf. 5).
  • Independently from lodging a complaint to NAIH, you may turn to court pursuant to the provisions set forth in the GDPR if your rights are infringed. Upon your decision, the procedure may be launched before the tribunal in whose jurisdiction you are domiciled or you have a temporary address. Prior to initiating a legal procedure, it may be useful to discuss the complaint with the Data Controllers.
  • Your detailed rights and remedies are set out in Articles 15-21 and 77-82 of the GDPR.

Contacting the Data Controllers

We value your opinion. If you have any comments or questions, or wish to obtain more information on data processing at the Data Controllers, please use the Contact us menu on this Site or write to the Data Controllers’ official address. We will handle the submitted information confidentially. Our representative will contact you within a reasonable time. This Policy was posted and is effective as of 20. December 2018.