JUREMY PRIVACY POLICY

Last updated: 1st January 2022

With this privacy policy, Juremy (“Juremy”, “we”, “us”), provided by Juremy Information Technology Services Limited Liability Company (H-1036 Budapest, Bécsi str. 85.; EU VAT No. HU27549663) will explain how we process your personal data and how we ensure that data processing is conducted responsibly and in accordance with applicable legislation, in particular with the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter: GDPR which is applicable within the EU/EEA.

1. GENERAL

1.1 At Juremy we respect the integrity of our customers and others and have adopted this policy in order to provide strong protection for the personal data we process. Taking great care to protect and respect your privacy, we strive to maintain a high level of security in all processing of personal data. For that reason, Juremy has taken necessary and appropriate technical and organisational measures in order to protect your personal data from improper access, use, change and deletion.

2. DEFINITIONS

2.1 ‘Personal Data’ is any information which can directly or indirectly be linked to an identified or identifiable natural person. Such data may for example be name, picture, social security number, email and home address, IP-address, information regarding skills, education or previous experience. Although a single piece of data may not be enough to identify you as an individual, a piece of data can amount to personal data if it, in combination with other data, can be linked to you.

2.2 The ‘Controller’ is the natural or legal person, public authority, agency or other body which determines the purposes and means of the processing of personal data, i.e. why and how personal data is processed.

2.3 ‘Personal data processing’ means, in essence, any operation taken with personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2.4. The ‘Services’ mean the services available on the Juremy.com website which is continuously improved from time to time, and as defined in detail in the General Terms.

2.5. ‘Website’ means the website https://juremy.com operated by us.

3. FOR WHAT PURPOSES ARE PERSONAL DATA PROCESSED?

3.1. Juremy is the controller for the processing performed by us or on our behalf. This means that we determine why and how we process your personal data. If you have any questions concerning how your personal data is processed, please contact us using the contact details listed below.

3.2. We collect and process your Personal data in order to be able to deliver and making available our services and products to you, to provide relevant customer service and support and to keep you informed of our services and products. We also collect and process your Personal data to be able to fulfil our obligations under EU- and national legislation, including for instance the Bookkeeping Act and other administrative obligations. Occasionally, we may also collect and process the Personal data to notify you about important changes to our Website, new services as well as special offers and events we think you will find valuable.

We precise the purpose of data processing at the individual data processing descriptions under section 5 below.

4.1 We process your Personal data in accordance with applicable law. Some of our processing is necessary for compliance with a legal obligation, for instance where the Book-keeping Act requires that Personal data is retained for a certain amount of time. In other cases we need to process your Personal data to be able to fulfil our contractual obligations to you. Further we may process the Personal data based on a balanced legitimate interest, for instance for communicating information, incident and problem management of the services, product development and enhancement, crime prevention (fraud detection and prevention), general corporate operation. We may also process the Personal data for marketing and general communicating purposes relying on your given consent, which consent can be withdrawn at any time.

4.2 In the event that we will process your Personal data for any purpose other than those mentioned above, we will inform you in advance. For example, if we are to process your Personal data for any purpose that, according to applicable law, requires your consent, we will obtain your consent before such processing commences.

We precise the legal basis of data processing at the individual data processing descriptions under section 5.

5. WHAT PERSONAL DATA IS PROCESSED WHEN YOU USE THE SERVICES?

5.1. Data collected when you use the Services

When you use Juremy.com, we collect information about your use. This information includes information about how you behave on the Website, and how you use the Services. The information can be divided into the following categories:

Technical information about your device

We use server logs and other tools to register information about your device, connection to our services and cross-device usage. This information includes the operating system and web browser version (as reported by the web browser’s User Agent string), and the source IP address of the browser requests.

Information about the use of your account and the Services; user behaviour

We also register certain information about how you use our Services. We register when you log in or out of your account and any purchases of goods and services through your account. We store information about your visits to the Website where the Services are provided and your behaviour when you use the Services. This behaviour may include how you navigate the Website and the specific queries of the searches performed on Juremy.

Legal basis for processing personal data:

Legitimate interest

Article6(1)(f) GDPR: processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

The GDPR (Recital 47) refers to a ‘relevant and appropriate relationship’ with respect to the processing of Personal Data under the Legitimate Interest provision, which we interpret and apply as a ‘business to business’ relationship.

5.2. Personal data you choose to provide

When you visit our website Juremy.com, you may provide us with Personal data you knowingly choose to disclose that is collected on an individual basis. When you create an account, use your account, and otherwise carry out activities within the framework of your account; you actively provide information about yourself. This information includes name, telephone number, username, mailing address and email address that you provide to us. We never store plain-text passwords. See detailed usage breakdown below.

You can find below the different purposes of our data processing and the legal basis thereof:

5.2.1. Subscription to our Newsletter

When you subscribe to our newsletter on the Website, you provide us with personal data which is necessary for the provision of our newsletter service, i.e. your name and email address. We use these personal data in order to keep you informed of our services and products, and to notify you about important changes to our Website, new services as well as special offers and events we think you will find valuable.

Legal basis for processing personal data:

Consent

Article 6(1)(a) GDPR : the data subject has given consent to the processing of their personal data for one or more specific purposes.

Juremy will obtain legal consent to process the following categories of data: for processing the personal data of newsletter subscribers (direct marketing). For subscribers, Juremy’s privacy policy is clearly visible at point of sign-up and on an ongoing basis on our website. Email sign-up includes a ‘double opt-in’ process where subscribers are asked to confirm consent when they receive their first email from Juremy. Consent can be withdrawn at any time and each mailing communication contains a link to unsubscribe.

Purpose: Juremy processes subscriber’s personal data in order to send people the newsletter(s) or publications they have signed up to receive.

5.2.2. Registration of an account

When you create an account on our Website, you will provide us with information about yourself and, if applicable, your firm or company. Such user information will comprise your name, email address, invoicing address, telephone number, username, chosen password (only stored hashed), needed in order to identify you as a user, to conclude a contract and in order for us to carry out payment transactions.

If your organisation has ordered an account for you as contact person, we will be provided with personal data such as your name, telephone number and personal email address.

Legal basis for processing personal data:

Contractual

Article 6(1)(b) GDPR: “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”

Where Juremy has a contract in place, Juremy will rely on the contractual legal basis to process the personal data of the parties to the contract.

Purpose: Juremy processes personal data for the preparation, administration and performance of a contract concluded with you as the data subject.

5.2.3. E-mail inquiries about our services

Visitors of juremy.com have the possibility to provide contact information for the purpose of receiving detailed information about our services and an individual subscription offer. This contact information includes name, email address, phone number, company name.

Legal basis for processing personal data:

Consent

Article 6(1)(a) GDPR : the data subject has given consent to the processing of their personal data for one or more specific purposes.

You may also provide us with information when contacting our customer service and support or when providing additional comments on how you find our Website is servicing your needs and interests.

If you choose to correspond with us through email, we may retain the content of your email messages together with your name, email address and our responses.

Legal basis for processing personal data:

In case of users who already have a contractual relationship with Juremy, the legal basis of the data processing is contractual according to Article 6(1)(b) GDPR, while in case of users who do not have a registered account with Juremy the lawful basis of the data processing in this case is legitimate interest of the controller in order to be able to record and answer users’ inquiries and the replies provided to these inquiries.

5.2.4. Processing of personal data of contracting parties

Subscribers who use our Services on the basis of an individual agreement, provide their contact details and other personal data, or those of their employees or subcontractors who are representing them for the purpose of the fulfillment of the agreement. Juremy processes the following data in this regard: company name, company address, name of the company representative, phone number, email address.

Legal basis for processing personal data:

Contractual: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Purpose: We process personal data in order to enter into a contractual relationship with our partners, to be able to keep contact and communicate with the other party and to be able to fulfil our obligations and exercise our rights pursuant to the agreement concluded.

5.2.5. Payment of the subscription fee and invoicing

The provision of billing data such as tax ID number, billing name and billing address are preconditions of entering into a contract with the controller.

Legal basis for processing personal data:

Contractual: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Legal obligation:

Article 6(1)(c) GDPR provides for the processing of personal that is “necessary for compliance with a legal obligation to which the controller is subject”.

Purpose: Where the processing is necessary to comply with the law (not including contractual obligations) we will rely on the ‘Legal obligation’ basis. At Juremy the lawful basis ‘Legal obligation’ will only be used where we are compelled to process personal data under the law, such as for tax purposes on the basis of the Law on Accounting.

5.2.6. Use of cookies and other technologies

We use cookies and local storage to provide the necessary functionalities of the website and to analyze data regarding users for the purpose of product development. Cookies are small files placed on your computer or device by Juremy.com. The cookie contains a unique ID assigned to your device, which is connected with a username when logged in for the purpose of identifying the number of searches performed by a certain user. The cookie helps to recall your registration information or preferences from a previous visit, when you return. None of these data shall be disclosed to third parties.

5.3 For how long is the data stored?

5.3.1 In our Services

We process your personal data for as long as your account is active or as needed to fulfil the processing purposes described in this Privacy Policy. When your personal data is no longer relevant for the purposes for which it has been collected, or you withdraw your consent where applicable, we will delete it, including any logs or other backup information.

If you chose to terminate, or close your account, it is placed in quarantine for 7 days. We apply this quarantine period to prevent fraudulent access and other unlawful acts where accounts are deliberately or mistakenly deleted by parties other than the account holder.

After the quarantine period, we will delete or anonymize your personal data from our systems. However, there are two exceptions.

For accounting reasons, we are required by law to keep for a period of 8 years certain information regarding payment transactions and invoicing. For security reasons, we retain information which you have personally provided to us as well as login history so that we can investigate and prevent fraud or abuse. We may block access to accounts if we have reason to suspect fraud or abuse of our Terms of Use. In the event that we have blocked an account, we reserve the right to store information from the account over a longer period of time (2 years) to prevent recurring violations or breaches of the Terms of Use.

5.3.2 In our E-mail Communication System

Your personal data will be kept as long as we have your consent to communicate with you. You can at any time opt out of our e-mail information newsletter.

Inquiries from non-registered users sent to our contact email address and the replies given are stored for a period of 1 year.

6. DISCLOSING OF PERSONAL DATA, DATA PROCESSORS

6.1.In cases and for purposes defined in the present privacy policy, your personal data are provided to our contractual partners to perform the required services, such as accounting and tax consultants or others who perform their services on our behalf in compliance with a Processing Contract. When these contractual partners are acting as subcontractors according to our instructions and our behalf, they are processors, while in case if they determine the purposes and means of processing in their own discretion, they are individual data controllers acting pursuant to their own privacy policies, and section 7 of the present policy shall apply to their processing.

6.2 We may disclose your Personal data if required to do so by law or subpoena or, to courts, supervising authorities and other similar authorities and institutions, if we believe that such action is necessary to:

(a) conform to the law or comply with legal process served on us;

(b) protect and defend our rights and property, the Website, the users of the Website; or

(c) act under circumstances to protect the safety of users of the Website, us, or third parties.

6.3. Companies that process personal data on our behalf (our Processors) will always enter into a data processing agreement with us in order to ensure that a high level of protection of your personal data is maintained by our partners. In relation to non-EU/EEA partners, adequate safeguards are taken as described below.

6.5 Juremy will not disclose your Personal data to any extent other than described in this Section 6.

6.6 A complete list of recipients of your personal data:

6.6.1. Data storage

In those cases where collected personal data are stored on a computer of an external subcontractor acting as processor, they are bound by specific contractual clauses and by the confidentiality obligations deriving from the general data protection regulation (GDPR).

6.6.2. Newsletter service provider

We use an external service provider for the purpose of sending newsletters to subscribers, who is acting as processor. The service used:

6.6.3. Communication, management system

For the purposes of communication via email with users, storing contact data of users, we use the services of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).

6.6.4. Invoicing

Our service provider for issuing invoices to our contractual partners:

Billingo Technologies Zrt. (1133 Budapest, Árbóc str. 6. I. floor., Hungary).

6.6.5. System messages

For the purpose of sending transactional emails to registered users with technical updates related to the use of their accounts, we use the services of Mailgun Technologies, Inc. 548 Market St. #43099 San Francisco, CA 94104, email: [email protected]

Transfer of information to a non-EU/EEA country

If we transfer your personal data to recipients in a country outside of the EU/EEA we enter into agreements and take other measures in accordance with applicable law requirements. In case of transfer of Personal Data to third parties operating outside the EEA (European Economic Area), we transfer Personal Data only in case if: i) Personal Data is transferred to third countries, specific sectors (such as the EU-US Privacy Shield), or international organisations which are recognised by the EU Commission to have an adequate level of protection, or ii) appropriate safeguards as specified under Article 46 of the GDPR are introduced.

The following of our subcontractors transfer personal data outside the EEA:

The Rocket Science Group, LLC

The compliance with applicable law requirements is provided by the active membership of the processor in the Privacy Shield, according to the terms available at: https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active#participation

Mailgun Technologies, Inc.

The compliance with applicable law requirements is provided by the active membership of the processor in the Privacy Shield, according to the terms available at: https://www.privacyshield.gov/participant?id=a2zt0000000PCbmAAG&status=Active

Cloudflare, Inc.

Cloudflare remains certified under both the EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks respectively as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EEA, the UK, and Switzerland to the United States, respectively (“Privacy Shields”). We commit to periodically review and verify the accuracy of our policies and our compliance with the Privacy Shields. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0&status=Active

7. OTHER WEBSITES LINKED TO OUR WEBSITE

7.1 We are not responsible for the practices employed by websites linked to or from our Website nor the information or content contained therein.

7.2 Please remember that when you use a link to go from our Website to another website, our Privacy Policy is no longer in effect. Your interaction and browsing on any other website, including websites which have a link on our Website, is subject to that website’s own rules and policies. Please read over those rules and policies before proceeding.

7.3. For individual users, subscription is possible by using a reseller’s service who is responsible for the organization of the transaction, and acts as individual data controller.

Name of reseller: Paddle.com Market Limited (15 Briery Close, Great Oakley, Corby Northamptonshire, NN18 8JG, United Kingdom).

Paddle transfers the following personal data to us in order to be able to identify users: registration email address, country of residence.

Paddle is the data controller for its own processing, and is obliged to ensure that the processing is in accordance with this Privacy Policy and applicable law requirements. You can find Paddle’s privacy policy here: https://paddle.com/privacy/

8. YOUR RIGHTS IN ACCORDANCE WITH APPLICABLE DATA PROTECTION LEGISLATION

As a data subject, you have the right to decide about the purpose for which your personal data is used to the extent defined by GDPR. You may apply the rights below electronically via email at [email protected] , or in writing at the address of our registered office.

Under the applicable law, you have the following rights relating to the processing of your personal data:

Right of access – you have the right to request a confirmation from us as to what personal data we process, and you have the right to obtain the information about such processing as stated in Article 15 of GDPR.

Right to rectification and amendment – if you find out that your personal data processed by us is inaccurate, you have the right to claim the rectification or amendment of such data;

Right to erasure – if the terms of Article 17 of GDPR are fulfilled, you have the right to obtain the erasure of your personal data, especially if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, or if the personal data have been processed unlawfully;

Right to data portability – if the processing is based on consent or a contract and is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. If technically feasible, we may, upon your request, transmit your personal data to another controller;

Right to restriction of processing – under Article 18 of GDPR, you have the right to obtain from the controller restriction of processing, especially if you contest the accuracy of the personal data – we will restrict the processing to the period of the verification of the data accuracy – or if you raise an objection – we will restrict the processing until it is verified whether our legitimate grounds override those of you as the data subject. During the period of such restriction, your personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of our legal claims, for the protection of the rights of another natural or legal person or for reasons of important public interest.

Right to object – if personal data are processed for purposes of our legitimate interests or the legitimate interests of third parties and if your interests or fundamental rights and freedoms requiring personal data protection override our legitimate interests or the legitimate interests of third parties, you have the right to object to such processing. If this is the case, we will no longer process the personal data, unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, you have the right to object at any time;

Right to complain with the National Authority for Data Protection – if you believe that the processing of your personal data constitutes violation of the applicable legislation, you can file a complaint with one of the competent supervisory authorities. In Hungary, the supervisory authority is the National Authority for Data Protection and Freedom of Information, hereinafter referred to as “NAIH”; address: H-1125 Szilágyi Erzsébet fasor 22/C Budapest, Hungary; postal address: H-1530 Budapest, Pf. 5.; phone: +36-1-391-1400).

9. HOW DO WE PROTECT YOUR PERSONAL DATA?

9.1 How Do We Secure Personal data Transmissions?

9.1. The Personal data you may enter on our Website is transmitted securely via Secure Sockets Layer (SSL) encryption. Our pages utilizing this technology will have URLs that start with HTTPS instead of HTTP. We request that you do not send sensitive Personal data to us by e-mail but instead use relevant secure transmissions. Please contact [email protected] if you have any questions or concerns.

9.2. We maintain routines and measures to ensure that no unauthorized persons gain access to your personal data and that all processing of personal data takes place in accordance with applicable law. These measures include risk assessments, implementation of organizational and physical measures, as well as routines for handling of data and follow up requests regarding access to, rectification, block and deletion of personal data.

10. CONTACT DETAILS

10.1. The controller responsible for processing your information is Juremy Information Technology Services Limited Liability Company (H-1036 Budapest, Bécsi str. 85.). If you have questions about how we process your Personal data or want information, please feel free to contact us via the following contact details:

[email protected]

Phone: +36(21)262-0882