1. The data controller and its activities

This Privacy Policy applies to the management of the personal data of the representatives and employees (hereinafter: „Data Subject”; Data Controller and Data Subject hereinafter together: “Parties”) of the clients of CX-Ray Kft. (registered seat: 1095 Budapest, Gát utca 21., földszint 1., Hungary; registration number issued by the Metropolitan Court of Registration: 01-09-994631; tax number: 24186889-2-43; e-mail address:, data protection officer: Péter Hári,, Tel: +36309513997; hereinafter: “Data Controller”) who have been contracted to use the HR technology services and are affected by the advertising and promoting activities of the Data Controller.

The Data Controller relies on the following data processors:

Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107) hosting service

Amazon Web Services EMEA SARL (AWS Europe) Inc. (38 Avenue John F. Kennedy L-1855 Luxembourg) hosting service

Intercom (55 Second Street, Suite 400, San Francisco, CA 94105) provision and processing of statistical data

Mailgun Technologies, Inc. (535 Mission St., San Francisco, CA 94105) management and relaying of automated e-mails

Hotjar Ltd. (St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe) generating site visit statistics

Landingi sp. z o.o (Gliwice, Witkiewicza Street no. 6) management of landing pages, including registration done there

Active Campaign, Inc. (1 N Dearborn St., Chicago, IL 60602) sending newsletters, email advertisement and  processes facilitating customer data management

Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) advertisement

Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) advertisement

The Data Controller does not conduct automated decision making or profiling when managing the data.

Terms not defined in this Privacy Policy shall have the meaning defined in the General Terms and Conditions (hereinafter: “GTC”) applicable to the activities of the Data Controller. Pursuant to the GTC, the User is responsible for informing the Respondents regarding the use of their personal data and responses.

The Data Controller has reported its data management to the data protection register maintained with the National Authority for Data Protection and Freedom of Information. The register ID is NAIH_144063/2018

  1. Principles of data management

The Data Controller shall act in accordance with the requirements of good faith and integrity and applicable law, in cooperation with the Data Subject. The Data Controller shall handle only the data specified by law or provided by the Data Subject for the purposes specified below.

  1. The purpose and legal basis of the data management

The Data Controller manages personal data in order to carry out its activities. The data management within the scope of this Privacy Policy may serve the following purposes:

  • identifying, initiating and maintaining contact with the Data Subject;
  • presenting and providing the products, services to be sold to the Data Subject, ensuring the use of the Website (in particular the registration;
  • exercising the rights and fulfilling the obligations arising from the legal relationship between the Parties (in particular order management, billing, payment);
  • managing receivables;
  • fulfilment of legal obligations;
  • advertising, sending newsletters, promoting sweepstakes with the consent of the Data Subject.

The legal basis of the management of data is primarily the consent of the Data Subject, in compliance with Article 6 1. (a) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: “GDPR”). The Data Subject gives its consent by providing its data and accepting this Privacy Policy.

The Parties declare that they refer to Article 6 1. (b) of the GDPR as the legal basis for the managing of data relating to the exercise of rights and fulfilment of obligations between them.

In order to collect the receivables of the Data Controller from the Data Subject, the Data Controller may transfer the data of the Data Subject necessary for claim management to a company registered in Hungary which conducts debt management commercially. The legal basis for this data management is Article 6 1. (f) of the GDPR, that being the enforcement of the legitimate interest of the Data Controller.

  1. The voluntary nature of data provision

The provision and transfer of personal information is voluntary and is necessary for the use of the services. In the event of failure to provide the data, the Data Subject will not be able to use the Services or will not be able to use them in their full scope. 

  1. The scope of managed data

The Data Controller shall only handle the data provided by the Data Subject and the data generated during the performance of the legal relationship between the Data Controller and the Data Subject.

The data managed are: last name, first name, email address, phone number, login password, company name, company industry, company address, company tax number. In addition to the above, the Data Controller manages technical data, including the IP address.

  1. Time period of data storage

Given that the Data Controller provides its services continuously, there is no definite time period of the data management. Personal data will be processed up to the end of the general statute of limitations of the contractual relationship between the Parties and for a mandatory time period determined by law, whichever is longer.

The Data Controller is entitled to manage personal data provided for the purpose of advertising, sending newsletters, promoting sweepstakes until the withdrawal of the consent. In the event of termination of such data management, the data shall be deleted only if the data are no longer managed or the Data Subject has requested the deletion of data in addition to such termination of data management.

In the event of the recovery of a claim, the data management will continue until the claim is recovered or the recovery becomes impossible.

  1. Technical data and the management of cookies

The system of the Data Controller automatically records the IP address of the computer of the User, the time of the beginning of the visit, and in some cases, depending on the configuration of the computer, the type of browser and operating system. The data recorded in this way cannot be linked to any other personal data. Data management is for statistical purposes only.

Cookies allow the Website to recognize previous visitors. Cookies help the Data Controller, as the operator of the Website, to optimize the Website in order to tailor the services of the Website to the habits of the Users. Cookies are also suitable for

  • remembering the settings so that the User does not have to re-record them when entering a new page,
  • remembering previously entered data, so they do not have to be typed again,
  • analysing the use of the Website to ensure that, as a result of improvements made using the information obtained in this manner, it operates to the best of the expectations of the Users, and that the User can easily find the information it is seeking, and
  • monitor the effectiveness of our advertisements.

If the Data Controller displays various content on the Website using external web services, it may result in the storage of some cookies that are not managed by the Data Controller, thus has no control over the data collected by these Websites or external domains. These cookies are described in the policies for that service.

The Data Controller also uses cookies to display advertisements to the Data Subjects through Google and Facebook. The data management is concluded without human intervention.

The User may configure his web search engine to accept all cookies, reject all cookies, or to receive notification when a cookie is received on his/her device.

  1. Rights of the Data Subject

The Data Subject may request from the Data Controller access to, rectification, deletion or restriction of the management of its personal data, object to the management of such personal data and request the disclosure of personal data concerning it in machine-readable form.

If the data management is based on consent, the Data subject shall have the right to withdraw its consent at any time.

The Data subject may file a complaint to the National Authority for Data Protection and Freedom of Information (seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/c., Hungary; postal address: 1530 Budapest, Pf.: 5.; e-mail:; website: The Data Subject shall have the right to take legal action before a court in case of violation of its rights.

Date of last modification: 2020.12.16.