We are delighted that you have shown interest in www.inlock.io. This is the website of Income Locker OÜ:
registered seat: Harju maakond, Tallinn, Kesklinna linnaosa, Ahtri tänav-12-200, 10151, Estonia,
Company Registration Number: 14486259, developers and owners of the www.inlock.io platform, hereinafter referred to as Inlock.
Data protection is a particularly high priority for us. The use of our website is possible without any disclosure of personal data. However, if you wish to use services via our website, the processing of personal data may become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we will request consent from you.
Users having any issues not answered unambiguously by this legal statement are requested to write to us for a prompt reply.
a.) applicable law: shall mean the law of Hungary;
b.) blocking the data: making impossible, terminally or temporarily, the transmission, recognition, disclosure by transmission, alteration, modification, deletion, erasure, alignment or combination and use;
c.) Data Protection Officers are responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements;
d.) consent: shall mean any freely given specific and informed indication of his or her wishes by which the data subject signifies his or her agreement to personal data relating to him or her being processed fully or operation-specifically;
e.) data controller: in general, data controller refers to the natural person
f.) data control: shall mean any operation or set of operations such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, the taking of photos, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction or preventing the further use of such data;
g.) data processor: data processor shall mean a natural or legal person, agency or any other body which processes personal data on behalf of the controller;
h.) data subject: shall mean any natural person directly or indirectly identifiable by reference to specific personal data;
i.) data transmission: the disclosure of data by transmission to a specified third party;
destruction of data: the total physical destruction of the data or the data storage media containing the data; erasure of data: making the data unidentifiable with the effect that it cannot be retrieved;
j.) personal data: Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
k.) objection: a statement of the data subject in which he/she expresses his/her disapproval of the processing of his/her personal data and requests the termination of the data processing and the destruction of the processed data;
l.) processing of data: the execution of the technical works relating to data control, independent of the methods and instruments used for the execution of such operations and the location of the works;
I. The data controller contacts are:
Controller for the purposes of the GDPR, other data protection laws applicable in member states of the European Union and other provisions related to data protection is:
Name: INCOME LOCKER OÜ. (registers seat: Harju maakond, Tallinn, Kesklinna linnaosa, Ahtri tänav-12-200, 10151, Estonia, Company register number: 14486259)
E-mail: [email protected]
The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable.
III. Collection of general data and information
Inlock’s website collects a range of general data and information when an individual or an automated system calls up the website. This data and information are stored in the server log files. The data collected may include:
(1) the browser types and versions used,
(2) the operating system used by the accessing system,
(3) the website from which an accessing system reaches our website (so-called referrers),
(4) the sub-websites,
(5) the date and time of access to the Website,
(6) an Internet protocol address (IP address),
(7) the Internet service provider of the accessing system, and
(8) any other similar data and information that may be used in the event of attacks on our information
When using these general data and information, Inlock does not draw any conclusions about any natural person. Rather, this information is needed to:
(1) provide our products and services, including this website, and improve them over time,
(2) deliver the content of our website correctly,
(3) optimize the content of our website as well as its advertising,
(4) ensure the long-term viability of our information technology systems and website technology,
(5) personalize and manage our relationship with users, such as introducing users to products or
services that may be of interest,
(6) investigate, respond to, and manage inquiries or events, and
(7) provide law enforcement authorities with the information necessary for criminal prosecution in
case of a cyber-attack.
Therefore, Inlock analyses anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
IV. Legal basis for the processing
Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. If Inlock is subject to a legal obligation by which processing of personal data is required, such as for the fulfilment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, or other information would have to be passed on to a third party. Then the processing would be based on Art. 6(1) lit. d GDPR. Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the above-mentioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by Inlock or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).
V. Registration on the Website
Users have the possibility to register on the Inlock’s website using personal data. Which personal data are transmitted to the controller is determined by the respective input mask used for the registration. The personal data entered by the data subject are collected and stored exclusively for internal use by the controller, and for his own purposes. The controller may request transfer to one or more processors that also use personal data for an internal purpose which is attributable to the controller.
By registering on the website, the IP address, date, and time of the registration are also stored. The storage of this data is necessary to secure Inlock as controller. This data is not passed on to third parties unless there is a statutory obligation to pass on the data, or if the transfer serves the aim of criminal prosecution.
Inlock provides information upon request to a natural person as to what personal data are stored. We also correct or erase personal data on request, insofar as there are no statutory storage obligations. The Data Protection Officer (as indicated in paragraph I.c) is available in such cases as the contact person.
VI. Subscription to our newsletter
On the Inlock website, users are given the opportunity to subscribe to our newsletter. The input mask used for this purpose determines what personal data are transmitted, as well as when the newsletter is ordered from the controller.
Inlock informs its customers and business partners regularly by means of a news-letter about enterprise offers. This newsletter may only be received if you have a valid e-mail address and you register for the newsletter. A confirmation e-mail will be sent to the e-mail address registered by you for the first time dispatch of the news-letter, for legal reasons, in the double opt-in procedure. This confirmation e-mail is used to prove whether the owner of the e-mail address as the data subject is authorized to receive the newsletter.
During the registration for the newsletter, we also store the IP address of the computer system assigned by the Internet service provider (ISP) and used by the data subject at the time of the registration, as well as the date and time of the registration. The collection of this data is necessary in order to understand the (possible) misuse of the e-mail address of a data subject at a later date, and it therefore serves the aim of the legal protection of the controller.
The personal data collected as part of a registration for the newsletter will only be used to send our newsletter. In addition, subscribers to the newsletter may be informed by e-mail, as long as this is necessary for the operation of the newsletter service or a registration in question, as this could be the case in the event of modifications to the newsletter offer, or in the event of a change in technical circumstances. There will be no transfer of personal data collected by the newsletter service to third parties. The subscription to our newsletter may be terminated by you at any time. The consent to the storage of personal data, which you have given for sending the newsletter, may be revoked at any time. For the purpose of revocation of consent, a corresponding link is found in each newsletter.
The Inlock newsletter contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such e-mails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, Inlock may see if and when an e-mail was opened by you, and which links in the e-mail were called up by data subjects.
Such personal data collected in the tracking pixels contained in the newsletters are stored and analyzed by Inlock in order to optimize the shipping of the newsletter, as well as to adapt the content of future newsletters even better to the interests of the data subject. These personal data will not be passed on to third parties. You are at any time entitled to revoke the respective separate declaration of consent issued by means of the double opt-in procedure. After a revocation, these personal data will be deleted by the controller. Inlock automatically regards a withdrawal from the receipt of the newsletter as a revocation.
VIII. Contact possibility via the website
Inlock’s website contains information that enables quick electronic contact, as well as direct communication with us, including an e-mail address. If you contact Inlock by e-mail or via a contact form, the personal data transmitted are automatically stored. Such personal data, transmitted on a voluntary basis by a data subject to the data controller, are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.
IX. Routine erasure and blocking of personal data
Inlock processes and stores the personal data of data subjects only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which Inlock may be subject to.
If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
X. Rights of the data subject
a) Right of confirmation
You have the right to obtain from Inlock confirmation as to whether or not personal data concerning you are being processed. If you wish to avail yourself of this right of confirmation, you may, at any time, contact the Data Protection Officer (see paragraph I.c).
b) Right of access
You have the right to obtain from Inlock free information about your personal data stored at any time and a copy of this information (including the purpose of processing, categories of personal data concerned, storage period, and more).
Furthermore, you have a right to obtain information as to whether personal data are transferred to a third country or to an international organization. If this is the case, you have the right to be informed of the appropriate safeguards relating to the transfer.
If you wish to avail yourself of this right of access, you may at any time contact the Data Protection Officer (see paragraph I.c).
c) Right to rectification
You have the right to obtain from Inlock without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement. If you wish to exercise this right to rectification, you may contact the Data Protection Officer (see paragraph I.c).
d) Right to erasure (Right to be forgotten)
You have the right to obtain from Inlock the erasure of personal data concerning you with undue delay, and Inlock has the obligation to erase personal data without undue delay, as long as the processing is no longer necessary. You may at any time contact the Data Protection Officer. The Data Protection Officer shall ensure that the erasure request is complied with immediately.
e) Right of restriction of processing
You have the right to obtain from Inlock restriction of processing if the processing is unlawful, if you contest the accuracy of your personal data or your personal data is no longer needed by Inlock.
If you wish to request the restriction of the processing of personal data stored by Inlock, you may at any time contact the Data Protection Officer (see paragraph I.c).
f) Right to data portability
You have the right to receive from Inlock the personal data concerning you, in a structured, commonly used and machine-readable format. You have the right to transmit those data to another controller without hindrance from Inlock, as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
g) Automated individual decision-making, including profiling
Each data subject shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her, as long as the decision: (1) is not necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) is not authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is not based on the data subject’s explicit consent.
If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) it is based on the data subject’s explicit consent, Inlock shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision.
If the data subject wishes to exercise the rights concerning automated individual decision- making, he or she may at any time directly contact our Data Protection Officer.
XI. Data protection provisions about the application and use of Twitter
On its website Inlock has integrated components of Twitter. Twitter is a multilingual, publicly-accessible microblogging service on which users may publish and spread tweets, i.e. short messages limited to 140 characters. These short messages are available for everyone, including those who are not logged on to Twitter. The tweets are also displayed to so-called followers of the respective user. Followers are other Twitter users who follow a user’s tweets. Furthermore, Twitter allows you to address a wide audience via hashtags, links or retweets.
The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, UNITED STATES.
Twitter receives information via the Twitter component that the data subject has visited our website, provided that the data subject is logged in on Twitter at the time of the call-up to our website. This occurs regardless of whether the person clicks on the Twitter component or not. If such a transmission of information to Twitter is not desirable for the data subject, that he may prevent this by logging off from their Twitter account before a call-up to our website is made.
The applicable data protection provisions of Twitter may be accessed under https://twit- ter.com/privacy?lang=en.
XII. Data protection provisions about the application and use of Facebook
XIII. Data protection provisions about the application and use of Linkedin
On this website, we have integrated the component of LinkedIn Corporation. LinkedIn is a web-based social network that enables users with existing business contacts to connect and to make new business contacts.
XIV. Data protection provisions about the application and use of Google Analytics
On this website, we have integrated the component of Google Analytics (with the anonymizer function). Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so- called referrer), which sub-pages were visited, or how often and for what duration a sub- page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising.
The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
Further information and the applicable data protection provisions of Google may be retrieved under: https://www.google.com/intl/en/policies/privacy/ and under: http://www.google.com/analytics/terms/us.html.
Google Analytics is further explained under the following Link https://www.google.com/analytics/.
XV. Period for which the personal data will be stored
The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract.
XVI. Existence of automated decision-making
We may analyze your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively.
If you wish to exercise your rights stated in paragraph XI. concerning automated individual decision-making, you may at any time directly contact our Data Protection Officer.
Personal data can be controlled if the data subject consents to it. The data controller is entitled to control only the personal data essential and appropriate for the execution of the purpose of data control and to the extent and period necessary for it. Personal data can only be controlled with the specific consent of the data subject, based on sufficient information.
The data subject must be informed in a transparent, detailed and understandable way of all the facts relating to the control of his/her personal data, and especially of the purpose and legal grounds of the data control, the person entitled to process these data, the period of data control and the people who can access their data. This information must include the rights and the available legal remedies of the data subject with respect to the data control.
The controlled personal data must comply with the following requirements:
(i) recording and controlling processes shall be carried in a fair and lawful way;
(ii) the data are accurate, complete and up-to-date, if necessary;
(iii) data storage allows the identification of the data subject only to the period necessary for the
storage of the data.
XVIII. Data storage and safety
The system and network are protected against computer-assisted frauds, spying, sabotage, acts of vandalism, fire and flood as well as viruses, computer break-ins and attacks resulting in refusal of operation. The operator provides maximum safety through system-level as well as application-level protective proceedings.
Inlock cautions that electronic messages transmitted on the internet irrespective of the protocols employed (e-mail, web, ftp, etc.) are vulnerable to threats to the network which may result in dishonorable conduct, the contesting of the agreement, disclosure or modification of information. Inlock makes its best efforts within its power to protect the data from these threats.
XIX. Other legal provisions
The data subject is entitled to request information on the control of its personal data as well as the correction or erasure of such data, with the exceptions regulated by law, in the way specified at the registration or by contacting customer service.
Upon the request of the data subject, Inlock as data controller shall inform the data subject of the data controlled by Inlock, the purpose of the legal ground, period of the data control, the name, address (seat) of the data processor and of its activity with respect to the data processing, of the purpose of data transmissions and the entities obtaining these data.
Should the data subject disagree with the decisions of Inlock, he/she may apply to a court challenging it within 30 days from the declaration of such an objection.