Privacy Policy
Date of acceptance: 2024-08-03
Name: CSE Business Kft
Registered seat: 1096 Budapest, Haller Utca 23-25 A2/202
Mailing address, complaint management: 1096 Budapest, Haller Utca 23-25 A2/202
E-mail: contact@csebusiness.com
Phone number: +36307739745
Website: https://pki.csebusiness.com
Name: GoDaddy.com LLC
Mailing address: 2155 E GoDaddy Way, Tempe, Arizona 85284, USA
E-mail: privacy@godaddy.com
Phone number:
We will process your data if you contact us via email, contact form, or phone for inquiries about a product. Prior contact is not necessary; you can order from the website at any time without it.
Data processed: The data you provide upon contacting us.
For orders, involving PKI certificates and LEI Codes, additional data may be required, including:
For certificates requiring organization validation, or when the PKI Certificate Issuer will request, further data might be requested, which may include (depending on the country):
Also, personal or other details visible in different documents (legal representative proof, company documents) are processed in the same way.
Period of the data processing
For completed orders: Compliance with legal obligations and performance of a contract. [Data processing pursuant to Article 6(1)(b) and (c) of the GDPR]
Activities of data processors for storing personal data
Name of the data processor: GoDaddy.com LLC
Phone number of the data processor:
E-mail of the data processor: privacy@godaddy.com
Registered seat of the data processor: 2155 E GoDaddy Way, Tempe, Arizona 85284, USA
Website of the data processor: www.godaddy.com
Data processed: The data you provide upon contacting us or filling out the order form.
Period of the data processing Duration of data processing related to contact information: 12 months
The Data Processor stores personal data based on a contract with the Data Controller and is not entitled to access it.
Certainly, I'll extend the information for Microsoft and add the CRM system provider as an additional data processor. Here's the updated section:
Microsoft's Role: Data Processor
Services: Microsoft 365 services - Exchange Online, SharePoint Online, Teams
- Providing cloud-based productivity and collaboration tools
- Storing and processing emails, documents, and other business data
- Facilitating communication and teamwork
- Archiving documents and personal data on SharePoint
- Contact information provided during initial contact
- All additional personal and organizational data required for orders and PKI certificates
- Email communications containing personal and order-related data
- Documents stored on SharePoint, including those with personal and organizational information
The Microsoft services we use comply with EU GDPR regulations. We use EEA (European Economic Area) Microsoft 365 licenses, ensuring data is stored and processed on European servers following EU data protection requirements.
Microsoft complies with GDPR and implements strong security measures to protect your data. For more information on Microsoft's data practices, please visit their Privacy Statement at https://privacy.microsoft.com/en-us/privacystatement
[Details to be filled by the company]
Role: Accounting services provider
Types of data processed: Personal data, organization data, and financial information related to orders and invoicing
Role: PKI Certificate Issuer
Types of data processed: Personal data, organization data, and data related to PKI certificates
Purpose: Verification and issuance of PKI certificates
Role: CRM System and Invoicing Provider
Types of data processed:
- Customer contact information
- Order details
- Invoicing information
- Communication history
- Personal and organizational data related to PKI certificates
Purpose: Customer relationship management, order processing, and invoice generation
We store the data provided for PKI certificates and related orders in exchanged emails, on SharePoint, and in our CRM system. This data is also uploaded to the PKI Certificate Issuer (DigiCert) for further verification. Invoices and related financial information are processed and stored in our CRM system with integrated invoicing features.
We can only delete personal data in cases where an order was not placed. If an order is placed, we cannot delete the processed data prior to 8 years, in compliance with Hungarian law regarding the retention of invoices and related accounting documents. This applies to data stored in emails, SharePoint, and our CRM system.
If the Data Controller intends to carry out any further data processing activities, it will provide prior information on the actual circumstances of the data processing (legal background and legal basis of the data processing, the scope of the processed data, the period of the data processing).
To exercise your rights, you must be identified, and the Data Controller must communicate with you. For identification, you'll need to provide personal data (only data already processed by the Data Controller). Your data processing complaints will be available in your email account within the period specified in this Privacy Notice.
If you're a customer and wish to identify yourself for complaint handling or guarantee management, please provide your order ID for identification. This allows us to identify you as our customer.
The Data Controller will respond to data processing complaints within 30 days.
You have the right to withdraw your consent to data processing at any time, in which case the data provided will be erased from our system. However, please note that in the case of an order that has yet to be fulfilled, the withdrawal of consent may result in us not being able to complete the delivery of your order. In addition, if the purchase has already been completed, based on the accounting regulations, we cannot erase the date related to invoicing from our systems, and if there is any remainder amount unpaid by you to us, we can process your data even in the event of the withdrawal of your consent based on the legitimate interest in debt collection.
You have the right to obtain from the Data Controller confirmation as to whether your personal data are being processed, and where that is the case, you have the right to:
a gain access to the processed personal data, and
a receive information from the Data Controller on the following: the purposes of data processing;
the categories of your personal data processed;
information on the recipients or categories of recipients to whom the personal data have been or will be disclosed;
the envisaged period of the processing of personal data or, if that is not possible, the criteria used to determine that period;
the existence of your right to request from the Data Controller rectification or erasure of personal data or restriction ofprocessing of personal data concerning you or to object to such processing;
the right to lodge a complaint with a supervisory authority;
where the personal data are not collected from the data subject, any available information as to their source;
the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
Exercising these rights may aim to establish and verify the lawfulness of data processing; therefore, in case of multiple requests for information, the Data Controller may charge a fair fee in exchange for providing the information.
The Data Controller ensures access to personal data by emailing you the processed personal data and information after your identification. If you have registered, we provide access so that you can view and check your personal data by logging into your user account.
Please indicate in your request that you ask for access to personal data or information on data processing.
You have the right to obtain from the Data Controller the rectification of inaccurate personal data concerning you without delay.
You have the right to obtain from the controller restriction of processing where one of the following applies:
the accuracy of the personal data is contested by you for a period enabling the Data Controller to verify the accuracy of the personal data, and if the accurate data can be immediately established, then no restriction will take place;
the data processing is unlawful, and you oppose the erasure of the personal data for any reason (for example, because the data are necessary for the possible assertion of a claim) and request the restriction of their use instead;
the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims, or
if you have objected to the data processing but the legitimate interest of the Data Controller may also serve as grounds for it, the data processing must be restricted until it can be established whether the legitimate grounds of the Data Controller override the legitimate grounds referred to by you.
Where processing has been restricted, such personal data shall, except storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
You will be informed by the Data Controller before the restriction of processing is lifted (at least 3 business days before the restriction is lifted).
You have the right to obtain from the Data Controller the erasure of personal data concerning you without undue delay where one of the following grounds applies:
the personal data are no longer necessary to the purposes for which they were collected or otherwise processed by the Data Controller;
you withdraw your consent on which the processing is based, and there is no other legal ground for the processing;
you object to the processing based on legitimate interest, and there are no overriding legitimate grounds (that is, legitimate interest) for the processing,
the personal data have been unlawfully processed by the Data Controller, which was established based on the complaint,
the personal data must be erased to comply with a legal obligation in Union or Member State law to which the Data Controller is subject.
Where the Data Controller, based on any lawful ground, has made the personal data public and is obliged to erase the personal data due to any of the above grounds, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other data controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The erasure shall not apply to the extent that processing is necessary:
for exercising the right of freedom of expression and information;
or compliance with a legal obligation that requires processing by Union or Member State law to which the Data Controller is subject (data processing in the framework of invoicing is one of those cases, as the retaining of the invoice is prescribed by law), or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
for the establishment, exercise, or defense of legal claims (e.g., if the Data Controller has any claims against you that have not been fulfilled yet or there is undergoing a complaint management process).
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal dataconcerning you based on legitimate interests. In such case, the Data Controller shall no longer process the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
If the data processing is carried out in an automated way or if the data management is based on your voluntary consent, you havethe right to ask the Data Controller for the data you provided to the Data Controller, which the Data Controller will send in xml, JSON or csv format at your disposal, and, if this is technically feasible, you can request that the Data Controller forward the data in this form to another data controller.
You have the right not to be subject to a decision that is based solely on automated processing (including profiling and, which produces legal effects concerning you or similarly significantly affects you. In these cases, the Data Controller shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express their point of view and to contest the decision.
is necessary for the conclusion and performance of the contract between you and the Data Controller;
is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
is based on your explicit consent.
Pursuant to the Privacy Act, the Data Controller must report its certain data processing activities to the data protection registration system. This reporting obligation was terminated on 25 May 2018.
The Data Controller declares that it has taken appropriate security measures to protect personal data against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, accidental destruction and damage, and inaccessibility due to changes in the technology used.
The Data Controller will do everything within its organizational and technical capabilities to ensure that its Data Processors also take appropriate data security measures when working with your personal data.
If, in your opinion, the Data Controller has violated a legal provision relating to data processing or has not fulfilled any of your requests, then to terminate alleged unlawful data processing, you can initiate the investigative procedure of the HungarianNational Authority for Data Protection and Freedom of Information (mailing address: H-1363 Budapest, Pf. 9., e-mail: ugyfelszolgalat@naih.hu, phone numbers: +36 (30) 683-5969 +36 (30) 549-6838;
+36 (1) 391 1400).
We would also like to inform you that you may file a civil lawsuit against the Data Controller in court if the legal provisions on data processing are violated or if the Data Controller has not fulfilled any of your requests.
The Data Controller reserves the right to modify this data management information without affecting the purpose and legal basis ofdata processing. By using the website after the amendment enters into force, you accept the amended Privacy Notice.
If the Data Controller wishes to carry out further data processing concerning the collected data for a purpose other than that of their collection, it will inform you, before commencing any further data processing, of the purpose of the data processing and the information on the following:
the envisaged period of the processing of personal data or, if that is not possible, the criteria used to determine that period;
the existence of your right to request from the Data Controller access to, rectification or erasure of personal data orrestriction of processing of personal data concerning you, or to object to such processing in the case of data processing onthe grounds of legitimate interest, or to request ensuring data portability in the case of data processing on the grounds ofconsent or contractual relationship;
in the case of data processing on the grounds of consent, that you may withdraw your consent at any time, the right to complain with a supervisory authority;
whether the provision of personal data is based on legislation or a contractual obligation or is a prerequisite for concluding a contract, as well as whether you are obliged to provide personal data, and what possible consequences the failure to provide data may have;
the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
The data processing may only be commenced thereafter, and, in the case of data processing on the grounds of consent, your consent will also be required to the data processing in addition to the provision of the above information.