Privacy Policy

1. Introduction

In this data management notice, you can learn how ViVeTech Plc. collects and uses personal data, as well as gain information about your rights related to your personal data.

ViVeTech Plc. processes personal data for various purposes. We collect this data directly from the individual, for example, when they visit our website, provide their contact details to receive marketing materials, or apply for a job at our company. We may also process personal data when we provide professional services to your employer or service provider. Additionally, we may obtain your personal data from publicly available sources (such as LinkedIn).

This privacy notice covers all of the above-mentioned cases.

Detailed information is available below on the specific purposes for which we process personal data:

- Viewing our website
- Using our social media pages
- Email communication
- Voicemail communication
- Investors
- Suppliers
- Visitors to our offices (internal security cameras)

If you have any questions regarding the processing of your personal data or would like to contact the company's data protection officer, please reach out to us at info@ViVeTech.com.

2. What data is covered?

In this Privacy Notice, we consider "personal data" to be any information that is related to a person and makes the individual identifiable, either directly or indirectly. Examples include name, identification number, location data, or online identifiers. Additionally, personal data includes one or more factors related to the physical, physiological, genetic, mental, economic, cultural, or social identity of a natural person.

We also categorize special categories of personal data, which can reveal or infer specific details about a person, including:

- Racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Trade union membership
- Genetic data
- Biometric data
- Physical or mental health condition
- Information about sexual life or sexual orientation
- Furthermore, personal data related to criminal responsibility or offenses should also be included.

We strive to ensure that the personal data we process remains accurate and complete. Therefore, it is important for us to be informed about any changes to your contact or other details. If changes occur, please contact our colleagues, who will make the necessary modifications in our records. You can also contact us at info@vivlabergo.com .

3. Your rights in relation to personal data

The data controller (ViVeTech Plc.) is required to respond to data subject requests without undue delay, but no later than within 30 days. This deadline may be extended if necessary, provided the data subject is informed of the extension within 30 days and the delay is adequately justified (e.g., due to the complexity of the issues or the large number of requests).

3.1. Your rights to transparent information

The data subject has the right to receive transparent information regarding:
- The main elements of data processing activities (e.g., the types of data processed, the legal basis and purpose of processing, retention period, and any data transfers).
- Contact details of the data controller (e.g., data controllers, data protection officer if applicable, recipients).
- How the data subject can exercise their rights.

3.2. To access the personal data

Under the right of access (GDPR Article 15), the data subject is entitled to receive confirmation from the data controller as to whether their personal data is being processed, and if so, they have the right to access the data being processed and obtain a copy. When responding to a request for access, the data controller must:

- Inform the data subject if their personal data is being processed.
- Provide a copy of the personal data being processed (except where this adversely affects the rights and freedoms of others).
- Provide information about:
- The purposes of the data processing.- The categories of personal data concerned.
- The recipients or categories of recipients of the data.
- The planned retention period for the data.
- The criteria used for data retention.
- The data subject's right to request correction, deletion, or restriction of processing, and to object to processing.
- The right to lodge a complaint with a supervisory authority.
- If the data was not collected from the data subject, provide all available information on the source.
- Whether automated decision-making is involved, including profiling, and at least the logic behind such decisions, as well as the potential consequences.

3.3. Right of rectification

The data subject has the right to request the data controller to correct their personal data. The right to rectification is useful for both individuals and small businesses (SMEs), as it ensures the quality of the processed data. The data controller must inform all relevant parties with whom the data has been shared about the rectification, unless this proves impossible or requires disproportionate effort.

3.4. Request the erasure of your personal data

The data subject has the right to request the deletion of their personal data. The data controller must erase personal data if:

- The data is no longer necessary for the purposes for which it was collected or otherwise processed.
- It was collected in relation to services offered to children (if the child has reached the legal age).The data has been processed unlawfully (e.g., without proper legal basis).
- The data subject withdraws their consent or objects to the processing of their data, and there is no other valid legal basis for processing.
- The erasure is required to comply with a legal obligation under EU or member state law.

However, the right to erasure has certain limitations, including: the right to freedom of expression, the right to access information, the performance of legal obligations under EU or national law, the establishment, exercise, or defense of legal claims, etc. The data controller must notify all relevant parties with whom the data has been shared about the erasure, unless this proves impossible or requires disproportionate effort.

3.5. Request the restriction of the processing of your personal data

The data subject has the right to request the data controller to restrict the processing of their personal data if any of the following conditions apply:

- The accuracy of the personal data is disputed.
- The processing is unlawful, and the data subject requests the restriction of processing instead of deletion.
- The data subject requires the data for the establishment, exercise, or defense of legal claims.
- The restriction is necessary for the period until it is determined whether the legitimate interests of the data controller override the rights and freedoms of the data subject.

The data controller must inform all relevant parties with whom the data has been shared about the restriction, unless this proves impossible or requires disproportionate effort. Additionally, the data controller is obliged to inform the data subject in advance when the restriction is lifted.

3.6. Request portability of your personal data

The right to data portability allows data subjects to easily transfer their personal data to another service or provider if they choose to switch services.

3.7. Object to the processing of your personal data

The data subject has the right to object to the processing of their personal data if the processing is based on:

- Public interest or legitimate interest.
- Direct marketing purposes.
- The provision of information society services.
- Scientific or historical research purposes, or statistical purposes.

If the data subject objects to the processing of their personal data, the data controller may no longer process the data unless they can demonstrate that the legitimate interests of the data controller outweigh the rights and freedoms of the data subject.

3.8. Right to apply to the courts

In the event of a violation of their rights, the data subject has the right to take legal action against the data controller. The court will handle the matter as a priority.

3.9. Data protection authority procedure

Complaints can be filed with the „National Authority for Data Protection and Freedom of Information” (Nemzeti Adatvédelmi és Információszabadság Hatóság - NAIH) at the following contact details:    

Name: Nemzeti Adatvédelmi és Információszabadság Hatóság    
Headquarters: 1055 Budapest, Falk Miksa utca 9-11.     
Mailing Address: 1363 Budapest, Pf.: 9.    
Phone: 0613911400    
Fax: 0613911410    
E-mail: ugyfelszolgalat@naih.hu     
Website: http://www.naih.hu

4. Security and information

We ensure the confidentiality and security of information acquired during our business activities. Access to any personal data is restricted, and we aim to prevent the loss, misuse, or unauthorized disclosure of personal data through policies and procedures.

5. Purpose of data processing

5.1. Visiting our website

When visiting our website, we collect the following categories of personal data from you.

5.1.1. Voluntarily Provided Information

Contact Information: Name, email address, phone number.

5.1.2. Purpose of Data Processing

- To establish contact with potential partners and clients of ViVeTech Plc., maintain relationships, and manage feedback and inquiries.
- Information sharing:
ViVeTech Plc. may share marketing-related information about the company's products and services with partners as part of the information-sharing process. If the individual does not wish to receive marketing-related information, they can disable the information sharing by contacting the designated contact points indicated in the notification on the portal.

5.1.3. Data processors and service providers related to our website

A data processor (or Service Provider) is a natural or legal person who processes the data at the request of the Data Controller. To facilitate the more efficient processing of data, we may use services from various providers.

ViVeTech Plc. utilizes the following data processors and services in relation to the portals:

The portal uses the Google Analytics web analytics service, which is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called "cookies" — text files stored on your computer that allow for the analysis of your use of the website. The information generated by the cookie about your use of the website is generally transferred to and stored on Google's servers in the USA.

Google Analytics cookies are stored based on GDPR Article 6(1)(f). The website operator has a legitimate interest in analyzing usage behavior to optimize both the website's content and advertisements.

The portal uses services from Cloudflare, Inc., located at 101 Townsend St., San Francisco, California 94107, USA.

Cloudflare cookies are stored based on GDPR Article 6(1)(f). The website operator has a legitimate interest in analyzing usage behavior to optimize both the website's content and advertisements.
‍
‍IP Address Anonymization

‍We have activated the IP anonymization feature on our website. With this, Google shortens your IP address within the European Union member states or other countries that are part of the Agreement on the European Economic Area before transferring it to the USA. The full IP address is only transferred to Google's servers in the USA and shortened in exceptional cases. On behalf of the operator of this website, Google evaluates your use of the website based on this information, generates reports about activities on the website, and provides services related to website usage and internet usage to the website operator. Within Google Analytics, the IP address transmitted by the browser is not linked to other data by Google.

‍Browser add-ons

‍You can prevent the storage of cookies by adjusting the settings of your browser software. Please note that in this case, you may not be able to fully use all the features of the website. Furthermore, you can prevent the collection of data created by the cookie related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser plug-in available at the following link:
https://tools.google.com/dlpage/gaoptout

‍Refusing data collection

‍By clicking the following link: Google Analytics Opt-Out, you can prevent the collection of data by Google Analytics. This sets an opt-out cookie, which prevents the collection of your data during future visits to the website.

For further information about the handling of user data by Google Analytics, please refer to Google's privacy statement:
https://support.google.com/analytics/answer/6004245?hl=hu

‍Outsourced data processing
‍
‍In accordance with the agreement with Google for processing order data, we fully implement the strict requirements of data protection authorities when using Google Analytics.

Demographic Data in Google Analytics

This website uses the "demographic features" function of Google Analytics, which enables the generation of reports containing insights into the age, gender, and interests of the website's visitors. These data are derived from Google's targeted advertising based on interests and visitor data from third-party providers. These data cannot be linked to specific individuals. You can disable this feature at any time by modifying the advertisement settings in your Google account or by preventing data collection via Google Analytics as described in the "Data Collection Opt-Out" section.

Cloudflare Service Cookies

To optimize the security and performance of the website, we use the services of Cloudflare. Cloudflare uses various technical cookies aimed at filtering traffic, protecting against attacks, and improving caching performance. These cookies allow our services to operate continuously and securely while not storing personally identifiable information. Cookies used by Cloudflare include, for example, __cf_bm and __cfuvid, which help filter malicious traffic and identify legitimate users.

The data processing policies of the service providers used can be accessed through the contact information of the data processors listed above.

5.1.4. Legal basis for data processing

Data processing related to the portals is always based on the consent of the data subject or the legitimate interest of ViVeTech Plc. The legal basis for data processing is thus:
- Article 6(1)(a) of the GDPR, consent of the data subject; and
- Article 6(1)(f) of the GDPR, the legitimate interest of ViVeTech Plc.

5.1.5. Duration of Data Processing

ViVeTech Plc. processes the data:
- until the withdrawal of the consent of the data subject;
- as long as the legitimate interest related to the relevant purposes exists; oruntil notification of changes to the contact details.

5.2. When using our social media sites

ViVeTech Plc. uses various social media platforms. Thanks to our social media pages, relevant information about our company is easily accessible to investors and other interested parties. These platforms are also used to promote our services and the ViVeTech brand.

ViVeTech Plc. is only responsible for the content displayed on the social media platforms, but the management of the social media platforms (such as creating user statistics and placing cookies) is not our responsibility. When using social media platforms, data subjects are required to follow the legal and privacy notices issued by the social media platform provider. These providers collect personal data about users, such as statistical and analytical data related to social media usage habits, which may originate from the pages they visited, content they "liked" or viewed, their posts, etc. If you wish to access this data or exercise any other rights related to data processing, please contact the respective social media provider. Some social media providers offer us access to aggregated data related to the ViVeTech Plc. pages. Such data includes, for example, the number of "likes" on our shared content, the number of posts, the number of visitors to our pages, the number of photos downloaded, or the number of clicks on links.

5.3. E-mail communication

5.3.1. Purpose of data processing

To maintain the security of our IT infrastructure—such as our email system—we use various tools. These include:
- Systems that examine emails sent to ViVeTech Plc. or its employees, searching for suspicious attachments and URLs to prevent virus attacks.
- Endpoint threat detection tools to detect malicious attacks.
- Tools that block certain content or websites.

5.3.2. Legal basis for processing personal data in the case of email communications

Our legitimate interest is to analyze email traffic in order to protect our IT infrastructure and prevent unauthorized access and data leakage.

5.4. Investors

5.4.1. Scope of personal data concerned

Insider list: name, mother’s name, place of birth, date of birth, phone number, email.
Investor mailing list: name, email address.

5.4.2. Purpose of data processing

Compliance with legal requirements. In the case of the investor mailing list, it is for communication and providing information to investors.

5.4.3. Legal basis for processing personal data

Laws and the data subject’s consent. In the case of the investor mailing list, the consent of the data subject.

5.4.4. Duration of data processing

For the duration of the insider status. In the case of the investor mailing list, until the withdrawal of consent.

5.4.5. Categories of Recipients – Data Transfer

By default, there is no data transfer. In the case of an investigation or procedure involving insiders, the data controller, ViVeTech Plc., will provide the processed data to supervisory authorities (e.g., the Budapest Stock Exchange [BÉT], the Hungarian National Bank [MNB]).

5.4.6. Consequences of not providing data

Violation of the law.

5.5. Suppliers

5.5.1. Scope of personal data concerned

Contact details: name, employer name, telephone number, e-mail address and other contact details.
Financial details: information on payment (bank account number, name of account holder).

5.5.2. Purpose of data processing

We process personal data about our suppliers (including our subcontractors, service providers and individuals associated with our contractors) for the purposes of our relationship and contract with them and the services they provide.

We will also use your data in the course of any potential conflict of interest investigation and to check for any restrictions on auditor independence where a particular supplier is selected. In all cases, we also conduct auditor independence and other background checks required by law or regulation prior to engaging new suppliers, which may include adverse media, bribery and corruption investigations, and other financial crime checks.

5.5.3. Legal basis for processing personal data

- Contract performance.
- Compliance with legal and/or regulatory obligations.
- Managing payments and fees and charges, and collecting and ensuring repayment of amounts owed.
- To become aware of or challenge any potential conflict of interest.
- Protecting against our company unwittingly becoming a party to or assisting in a criminal offence or engaging in other illegal or fraudulent activity.

5.6. How do we use personal data when you visit our offices?

5.6.1. Scope of personal data concerned

Videotaping of people entering the building (fszt.) and going up to the 2nd floor. The recordings are stored digitally on the secure NAS server of ViVeTech Plc.

5.6.2. Purpose of data processing

Protecting property, proving or deterring offences or crimes, with the cameras themselves.

The recordings (only of the entrance camera) can be viewed remotely by the owner of the building (Landlord) in order to filter out any misuse of the alarm system or false alarms. That is, an external data processor will be involved in this case.

The external data processor is KYM Irodaházépítő és Üzemeltető Kft. (1122 Budapest Városmajor utca 11., company registration number 01-09-066930.

The recordings are not intended to monitor employees and their activities.

5.6.3. Legal basis for processing personal data

Legitimate interest of the controller [Article 6(1)(f) GDPR] which in this case is the protection of property.

5.6.4. Duration of data processing

10 days, after which the recordings are deleted.

5.6.5. Categories of recipients - data transmission

The said external data processor (Contractor) has access to the video recordings.In the event of a crime or offence being committed or suspected, the recordings may be passed to the investigating authorities.

5.6.6. Consequences of failure to provide data

Legitimate interest of the controller [Article 6(1)(f) GDPR] which in this case is the protection of property.

6. Support service providers

We transfer or disclose the personal information we collect to third parties that we engage to support our internal, ancillary processes. We use service providers 
- to support our accounting, finance and billing functions, 
- to provide IT functions, such as cloud services,
- labour and payroll services.

In all cases, in accordance with our policies, we use third party services that can provide an appropriate level of privacy, security and confidentiality and comply with all legal requirements.  

7. Other disclosures

In certain jurisdictions, our company is legally required to report certain activities to the relevant regulatory authorities and to the police and other law enforcement authorities in the event of suspected criminal activity, but we are not always required by current law to provide prior or full notice of disclosure to the affected party(ies).

8. Retention

Under our Privacy Policy, we will retain your personal data only for as long as is strictly necessary for the purposes described in the section "Purposes of Data Processing". Retention periods may vary from jurisdiction to jurisdiction, and will be determined in accordance with the regulatory and professional requirements for retention.

9. Tracking changes to the privacy notice

We will update this Privacy Notice from time to time to ensure that it always faithfully reflects changes in our business practices and services. When we publish changes to this Privacy Notice, we will always update the "last updated" date at the end of the notice. If we make significant changes to the way we collect, use and share your personal information, we will notify you promptly by publishing the Privacy Notice on our website. To this end, we recommend that you visit the website from time to time to keep up to date with any changes to the Privacy Notice.

February 2025