Privacy Statement

Effective date: 17 October 2022

Who are We?

We are Starschema Kft. (1138 Budapest, Váci út 99. 9-10. Floor registered at the Metropolitan Court of Registration under no. Cg. 01-09-286064) (hereinafter “STS”, “We” or “Us”), the affiliate of HCL Technologies Ltd, having other subsidiaries and affiliated entities. STS is the Data Controller of your personal data as described in this Privacy Statement, unless otherwise specified.

STS is committed to protecting your personal data and respecting your privacy and your rights, and this statement is intended to provide you with information on how your personal data is processed.

What does this Privacy Statement cover?

This Privacy Statement applies to any personal data We may process about you that may be collected directly from you when you interact with Us or from third parties, such as when you:

Visit our public-facing STS branded website and other online services including social media pages;
Send or receive communications from/to us, including emails, phone calls, texts or faxes;
Use our products and services (for example, as an employee of one of our customers who provided you with access to our products or services) to the extent that We are acting as a controller of your personal data. You should be aware that processing of personal data is required for receiving certain products or services;
Access downloadable applications from mobile devices with respect to which this Privacy Statement is linked
Register for, attend, or take part in activities such as events, webinars, training, campaigns, or contests;
Visit our offices

For further information on what cookies We use on our STS branded websites please visit our cookie policy at https://starschema.com/cookies.

This Privacy Statement will be available via link on all sites and services which it covers. Our websites and services may contain links to other websites, applications and services not owned by STS and We do not control the content or privacy practices of those sites. The information practices of other services, or of social media platforms that host our branded social media pages, are governed by their privacy statements, which you should review to better understand their privacy practices.

Our websites and offerings are directed to people in their business or professional capacities. They are not intended for children under 16 years of age. We do not knowingly solicit information online from, or market online to, children under 16 years of age. If you are a parent or guardian and believe your child has provided Us with personal data without your consent, please contact Us as indicated below and We will take steps to delete their personal data from our systems.

This Privacy Statement does not apply to the extent We process personal data in the role of a data processor or service provider, including personal data processed on behalf of our customers.

What personal data do We process?

For the purposes of this Statement, ‘Personal Data’ means any information about you from which you can be identified, whether derived from that information on its own or when combined with other information, that We or another party may hold about you.

Types of data: Depending on the nature of your interaction with us, this information may include business contact details (such as name, title, company, email address or telephone number), the content of your communication, information about how you use our website and our products or services, your feedback, interests in our products and services, and any publicly available information relevant from a business-to-business perspective. In addition, this may include information about your computer and about your visits to and usage of this site, such as your Internet Protocol (IP) address, your computer’s operating system and browser type, and information collected via cookies.

Data	Legal basis	Why We process your data
See types of data set out above	Legitimate interest	Providing, developing, and improving our products, websites and services and assessing and improving user experience
See types of data set out above	Legitimate interest	To prevent fraud or criminal activity and to safeguard the security of our interest including our websites and services
See types of data set out above	Legitimate interest	Identifying and assessing customer interest and opportunities
See types of data set out above	Legitimate interest	Providing reference materials (whitepapers, vision documents etc.) and managing corporate event registration and attendance
See types of data set out above	Legitimate interest	To the extent permitted by applicable laws and regulations, conducting marketing activities, including sending or displaying product and services-related materials, managing user and event registrations
See types of data set out above	Legitimate interest	Recording phone and/or video calls and chats for training, quality assurance and administrative purposes
See types of data set out above	Legitimate interest	Registering office visitors
See types of data set out above	For taking steps at your request prior to entering into a contract and/or for performance of a contract	To provide and deliver our products and services, including managing our licenses, registrations, subscriptions, user access, capacity, billing/payments, support, purchases, etc.
See types of data set out above	For taking steps at your request prior to entering into a contract and/or for performance of a contract	To provide you with requested materials, information, when you interact with Us, answer your queries
See types of data set out above	For taking steps at your request prior to entering into a contract and/or for performance of a contract	Managing contests or promotions
See types of data set out above	For taking steps at your request prior to entering into a contract and/or for performance of a contract	Managing billing and payments
See types of data set out above	Compliance with Legal Obligations	To comply with legal obligations to which We are subject, such as keeping records for tax, employment, social security and immigration law purposes, or providing information to a public body or law enforcement or government agencies
See types of data set out above	Consent	Where consent is required to: Send you marketing communications (unless you have objected to or opted out of such communications) Call or send you communications to discuss your products or services or provide you with offers and trials To customise individuals’ online experience and improve the performance, usability and effectiveness of STS’s online presence Collecting and processing information from your mobile device

This may also include collecting personal data about you from a third party who is authorized to act on your behalf or from third party services that you use to interact with our services. We may also collect your personal data from other sources such as public databases, joint marketing partners, and social media platforms, to the extent permitted by applicable laws.

If you provide Us with any personal data relating to other individuals, you represent that you have the authority to do so and, where required, you have obtained any necessary consent. You acknowledge that this personal data may be used in accordance with this Privacy Statement.

When using a Mobile App published by STS, in addition to contact information, We or Our service providers (such as mobile operating system and platform providers) may also collect information relating to your device, including your device model, operating system, browser type, unique device identifier, IP address, mobile phone number, mobile network carrier, location, and the way you are using the Mobile App. The information collected will depend on the functionality of the specific Mobile App you are using. If any other information is collected relating to your use of a Mobile App, such information will be specified in the Mobile App.

Why do We process your personal data?

We process your personal data for specified and lawful purposes only and in accordance with the applicable data protection laws.

Your personal data will be processed by STS for the purposes listed in the above table.

How long do We retain your personal data?

We retain your personal data for as long as it is necessary to fulfil the purposes for which it was collected, or longer if required to fulfil our legal and contractual obligations. After expiration of the retention period, your personal data will be deleted. If We are unable to completely delete the personal data from our systems, We will ensure that there are appropriate measures in place to secure the information and protect it from further use.

What are your rights and how can you exercise them?

Depending on your relationship with STS and in line with data protection laws applicable in Hungary, you may have several rights in relation to your Personal Data such as access, rectification, erasure, restriction of processing, objection, withdrawal of consent, not to be subject to decisions based on automated processing, opt out of marketing communications, etc. Please note, these rights are subject to exemptions and may not apply in all circumstances. If you wish to exercise these rights, STS will provide you with the requested information or will action your request within one month after receipt of your verified request, subject to any extensions that may be required and communicated to you.

You can use the following channels to exercise your rights or request more information about your rights:

If you have any request, comments or inquiries, you may contact STS via [email protected]
You may opt out of marketing communications by clicking on the “unsubscribe” link located on the bottom of all STS marketing emails, or by replying ‘STOP’ if you receive any STS SMS communications. Please note that you may continue to receive transactional or other business communications that are associated with our business relationship with you.

With whom do We share your personal data?

We may transfer or share your Personal Data with third parties such as our service providers and vendors, business partners, professional and corporate advisors, public or government authorities including law enforcement, network providers, third party websites, and our affiliates or subsidiaries.

STS may also transfer your personal data to any of its global affiliated entities or subsidiaries within the HCL Group. Unless you are otherwise notified, any transfers of your personal data from within the European Economic Area (EEA) to third parties outside the EEA will be based on an adequacy decision or as governed by the standard contractual clauses (a copy of which can be obtained through the contact information included below). Any other non-EEA related transfers of your personal data will take place in accordance with the appropriate international data transfer mechanisms and standards.

When required, STS may disclose your Personal Data to external law enforcement bodies or regulatory authorities, in order to comply with legal obligations. We may also disclose your personal data where mandated by law and as further required when We believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

If We are involved in a merger, reorganization, dissolution or other fundamental corporate change, We may need to share your information with a third party, in compliance with applicable laws.

How do We safeguard your personal data?

We use a range of security measures to protect your personal data from unauthorized or unlawful access, loss, disclosure, or alteration, including technical, organizational and physical measures. We have sufficient controls, policies, procedures and guidance to ensure security of personal data is maintained at all stages of its processing lifecycle. The current security measures are as follows:

Personal data is stored on separate password-protected systems.
Access to systems storing personal data is strictly limited to essential personnel with a need to know.
Standard intrusion detection measures are in place to detect and avert malicious access.
Systems storing personal data are segregated from other systems and have been inspected against data leakage.

How can you contact Us if you have any questions?

If you have any questions about this Privacy Statement, you can contact us at [email protected]

How will We update this Privacy Statement?

We may amend this Privacy Statement from time to time. If We materially change our Privacy Statement, We will update the “Effective Date” at the top of the Privacy Statement and We may provide notice prior to the update taking effect by posting a notice on our website or, where required by law, by providing you with notice of such updates.

Notification of a personal data breach to the data subject

When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, STS will communicate the personal data breach to the data subject without undue delay after taken notice of such personal data breach.

Notification of a personal data breach to the supervisory authority

In the case of a personal data breach, STS will without undue delay but, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.

Complaints

We want to address any concerns you may have in relation to the management of your personal data, therefore, please contact us in the first instance. You have a right to lodge a complaint with a data protection supervisory authority in particular in the jurisdiction of your habitual residence, place of work or place of the alleged infringement.

Complaints relating to STS’s use of personal data may be sent by email - with the details of your complaint to [email protected]. We will look into and respond to any complaints we receive within 30 days.

You also have the right to file a complaint with the National Authority for Data Protection and Freedom of Information or seek remedy at court if you are of the view that your rights relating to personal data have been violated. For further information on your rights and how to complain to the Authority, please refer to http://naih.hu/panaszuegyintezes-rendje.html .

Name: Nemzeti Adatvédelmi és Információszabadság Hatóság

Address: 1055 Budapest, Falk Miksa utca 9-11. / 1363 Budapest, Pf. 9.

Phone: (+36-1) 391-1400

Fax: (+36-1) 391-1410

E-mail: [email protected]

In the event of a breach of your rights relating to personal data, or if you disagree with STS's decision, within 30 days of the receipt of the decision, you may initiate a claim against the Data Controller directly at the ordinary courts having competence to such cases on the basis of STS’s seat (registered address) or other applicable laws. The court will have to act in an expedited procedure in such cases.