Privacy Policy

I. Preamble

XAPT Szoftver Tanácsadó Kft. (hereinafter referred to as “XAPT” or “we” or “our”) and each of its subsidiaries are strongly committed to protecting personal data. This privacy notice is pursuant to regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR); and Act CXII of 2011 on the Right of Information Self-Determination and Freedom of Information. The privacy notice applies to the processing of personal data in relation to XAPT’s and websites.

II. Data Controller

Name of the controller: XAPT Szoftver Tanácsadó Kft.

Registered seat and mailing address: 1118 Budapest, Rétköz utca 5.

Incorporation number: 01-09-688936

Authorised representative: dr. Schvarcz Zoltán, managing director

E-mail address:

III. Data Processing Principles

XAPT ensures that the personal data is

IV. Purposes and Legal Basis of the Processing

IV. I. Purposes for Processing

The purposes (and specific legal bases) for XAPT’s processing may be:

IV. II. Legal Basis of the Processing

The legal basis for XAPT’s processing may be:

V. Categories of Personal Data

XAPT generally processes the following categories of personal data:

VI. Recipients of the Personal Data

XAPT and each of its subsidiaries may receive personal data as necessary for the processing purposes described above. Depending on the categories of personal data and the purposes for which the personal data has been collected, different internal departments within XAPT may receive your personal data. Moreover, other departments within XAPT may have access to certain personal data on a need to know basis.

Certain third party service providers will receive personal data to process such data under appropriate instructions (“Processors”) as necessary for the processing purposes described here, such as Cloud service providers, Website Analytics service providers, or other service providers who support XAPT in maintaining our relationship with the data subjects. The Processors are subject to contractual obligations to implement appropriate technical and organizational security measures to safeguard the personal data, and to process the personal data only as instructed.

XAPT uses the services of the following data processors:

XAPT may transfer – in compliance with applicable data protection law – personal data to law enforcement agencies, governmental authorities, judicial authorities, legal counsel, external consultants, or business partners. In case of a corporate merger or acquisition, personal data may be transferred to the third parties involved in the merger or acquisition. XAPT will not disclose personal data to third parties for advertising or marketing purposes or for any other purposes without the data subjects’ prior consent.

VII. International Data Transfers

In the event that XAPT transfers personal data outside the European Economic Area, XAPT ensures that personal data is protected in a manner which is consistent with the GDPR. XAPT transfers personal data to external recipients outside the European Economic Area only if the recipient has (i) entered into EU Standard Contractual Clauses with XAPT or (ii) implemented Binding Corporate Rules in its organization. Data subjects may request further information about the safeguards implemented in relation to specific transfers by contacting

VIII. Duration of the Processing

XAPT will not retain personal information longer than necessary to fulfil the purposes for which it is processed, including the security of our processing complying with legal and regulatory obligations (e.g. audit, accounting and statutory retention terms), handling disputes, and for the establishment, exercise or defence of legal claims in the countries where we do business (i.e. Hungary, United States, Canada, Australia).

XAPT typically erases contracts, communications and business letters containing personal data, or redacts personal data from such documents, 5 (five) years after their termination or creation, as such data may be subject to statutory retention requirements, which often require retention of up to 5 (five) years.

IX. Rights of the Data Subject

Pursuant to the GDPR, data subjects have the right to (i) request access to their personal data; request rectification of their personal data; (iii) request erasure of their personal data; (iv) request restriction of processing of their personal data; (v) request data portability; and/or (vi) object to the processing of their personal data.

If the processing is based on consent, in accordance to point (a) of Article 6(1) or point (a) of Article 9(2) of the GDPR, the data subject is entitled to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Data subject rights may be exercised by a written request through the contact details set forth in Section 2. of this privacy notice. XAPT shall comply with a request for the exercise of the rights of the data subject within one month of receipt. The date of receipt of the request is not included in the deadline. XAPT may, if necessary, extend this time limit by a further two months, taking into account the complexity of the request and the number of requests received. XAPT shall inform the data subject of the extension of the time limit, indicating the reasons for the delay, within one month of receipt of the request.

If the data subject considers that XAPT has breached applicable data protection requirements, the data subject may lodge a complaint with the data protection regulatory authority responsible for enforcement of data protection law in the country where the data subject normally resides or works, or in the place where the alleged infringement occurred.

The data subject may lodge a complaint in Hungary with the National Data Protection and Freedom of Information Authority (address: 1055 Budapest, Falk Miksa utca 9-11., postal address: 1363 Budapest, Pf. 9, e-mail:, website:, or may go to court, and the court shall hear such cases as a matter of priority. In this case, the data subject may bring the action before the regional court having territorial jurisdiction over his domicile (permanent address) or place of residence (temporary address), or the seat of XAPT, according to his choice.

X. Data Security

XAPT has implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, alteration or destruction. Only authorised persons are provided access to personal data; such individuals have agreed to maintain the confidentiality of this information.

Although XAPT uses appropriate security measures once XAPT has received the data subject’s personal data, the transmission of data over the internet (including by e-mail) is never completely secure. XAPT endeavours to protect personal data but cannot guarantee the security of data transmitted to or by us.

XI. Imprint 

Information as per Section 4 of Act CVIII of 2001 on electronic commerce services and on certain issues related to the information society services.

Name of the service provider: XAPT Szoftver Tanácsadó Korlátolt Felelősségű Társaság

Registered seat: 1118 Budapest, Rétköz utca 5.
E-mail address:
Company register court: Fővárosi Törvényszék Cégbírósága
Company registration number: 01-09-688936
VAT ID: 12491643-2-43
Web hosting provider: SiteGround (registered seat: 901 N Pitt St Ste 325, Alexandria, VA 22314-1459)