Commsignia Central Online Tool Privacy Policy

This Privacy Policy (hereinafter referred to as the „Policy”) was posted on and is effective as of March 20, 2025 for the Commsignia Central Online tool.


1. Definitions


Cookie means a small text file, which is placed on your hard disk by a web server, and is used by the Site as set forth in section 2 below.

Communication means any comment, feedback, information or document provided by User to Commsignia via any channel.

General Data Protection Regulation or GDPR means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Commsignia means Commsignia Ltd.

Registered office: Irinyi József utca 4-20., 1117 Budapest, Hungary

Company registration number: 17-09-010377

Tax number: HU23874664

Email address: [email protected]

Website: www.commsignia.com

Company means the business entity the User represents when requesting access (by registration) or accessing the Site and the Tool.

Privacy Act means Act CXII of 2011 on the right of informational self-determination and on freedom of information.

Product means hardware, software products and connected services marketed and sold by Commsignia, whether manufactured by Commsignia or a third party.

Site means https://central.trial.commsignia.io/  and its subdomains.

Tool means Commsignia’s Central Online tool as made available by Commsignia to Users, including all functionality and documentation.

User or “you” means a registered or not registered visitor of the Site, accessing and using the Commsignia Central Online tool.

User Activity means location and behavior data e.g. language selection on the Site, onsite browsing history, feature usage (frequency, workflows), and all messages, drawings, locations, intersections and connected information and data supplied by the User during usage of the Tool.


2. Privacy Policy


2.1. Purpose of this document

This Policy sets out the terms and conditions of how the User’s (hereinafter referred to as the “User” or “you”) personal data is processed. Please read these terms and conditions carefully. The purpose of providing trial version of Commsignia Central is to utilize feedback (and other received Communication) to improve the product, offers, strategy, marketing and/or overall operations of Commsignia and its company group. To this end, you can provide Communication to Commsignia, to help achieving this goal.

2.2. Availability and updating of this document

Commsignia reserves the right to amend this Policy unilaterally at any time. We suggest visiting the Site from time to time for the latest information, however, you will also be informed of this Policy being amended in case of significant changes (e.g. legal basis of processing, scope of processed data, person of data processor) of the Policy.

2.3. Data controller

2.3.1. The User’s personal data provided or generated on the Site is processed by Commsignia as data controller.

2.3.2. The provided or generated personal data of the User is accessible to the following persons within Commsignia:

Commsignia’s employees involved in the data processing (including IT specialists performing a variety of IT tasks related to the operation and maintenance of Commsignia’s computer system and the Tool, support staff, sales and account specialists who are in contact with the User) as part of their role within Commsignia in connection with performing their duties associated with the purpose of this Policy.

2.4. Data processing activities

2.4.1. Processing of User’s personal data for providing access to the Tool and fulfilling obligations and exercising rights based the legal relationship between Commsignia and the User and administering registration on the Site and for any other channel Commsignia may provide)

2.4.1.1. Purposes of data processing

  • a. Provision of information to the User.
  • b. Communication (notification and statements addressed to User) as necessary to provide services related to the Tool.
  • c. Administering User registration on the Site and account maintenance.

User registration is required for the access and use of the Tool.

2.4.1.2. Scope of the User’s processed personal data:

  • User’s name;
  • User’s country;
  • User’s state;
  • User’s email address;
  • User’s hashed password;
  • User Activity*
  • Company data, which the user represents


2.4.1.3. Legal basis of data processing

The data is processed in compliance with GDPR and all relevant local laws.

The legal basis of data processing is the necessity for the performance of a contract (regarding access to and use of the Site and the Tool) to which the User is party and in order to take steps at the request of the User prior to entering into such a contract pursuant to point b) of Article 6(1) of the GDPR.

2.4.1.4. Duration of data processing

User’s personal data specified in point 2.4.1.2 is processed for the period until registration is deleted, or rejected.

User Activity data will not automatically be deleted by Data Controller upon the deletion of the registration. Unless User otherwise indicates (e.g. clicking the necessary statement when deleting registration) all User Activity will be irreversibly anonymized (any references to User removed) and stored and used by Data Controller indefinitely.

Notwithstanding the above, Commsignia shall immediately delete your personal data if you specifically request the deletion thereof and there is no valid legal ground for data processing.

2.4.2. Processing of User’s personal data for sending advertisements, newsletters, direct marketing messages and other similar messages and letters to the User

2.4.2.1. Purposes of data processing

The purpose of processing is to inform the User about news, offers, marketing and sales material and updates related to Commsignia’s hardware and software products, services, events, company, company group and technology.

This includes, but is not limited to, newsletters, advertisements, direct marketing messages, promotional content, sales offers, and other communications aimed at engaging the User with relevant updates, opportunities and information.

2.4.2.2. Scope of the User’s processed personal data:

  • User’s name;
  • User’s country;
  • User’s state;
  • User’s email address;
  • Company data, which the user represents


2.4.2.3. Legal basis of data processing

The data is processed in compliance with GDPR and all relevant local laws.

The legal basis of data processing is the User’s express consent given pursuant to point a) of Article 6(1) of the GDPR.

2.4.2.4. Duration of data processing

For the purpose set forth in point 2.4.2.1., User’s personal data specified in point 2.4.2.2. is processed until the registration of the User is deleted, or rejected or the consent to process personal data for the purpose set forth in 2.4.2.1. is withdrawn (whichever occurs first).

Notwithstanding the above, Commsignia shall immediately delete your personal data if you specifically request the deletion thereof or withdraw your consent and there is no valid legal ground for data processing. If the User withdraws their consent, this does not affect the lawfulness of data processing based on their consent and conducted before such withdrawal.

2.4.3. Processing of User’s personal data for requesting and receiving feedback, or other similar Communication from the User and to analyze the User Activity by using pendo.io service provider

2.4.3.1. Purposes of data processing

The purpose of processing is to send emails containing forms that allow the User to provide feedback or similar Communication, or otherwise requesting and/or receiving feedback or similar Communication from the User, and to utilize such feedback (and other received information) to improve the Tool, the Site and (other) products, services, offers, strategy, marketing and/or overall operations of Commsignia, and to better understand user preferences and needs.

2.4.3.2. Scope of the User’s processed personal data:

  • User’s email address;
  • Other personal data that the User – at its own discretion – may share as part of its Feedback or similar Communication
  • Processing User Activity through pendo.io service provider


2.4.3.3. Legal basis of data processing

The data is processed in compliance with GDPR and all relevant local laws.

The legal basis of data processing is the User’s express consent given pursuant to point a) of Article 6(1) of the GDPR.

2.4.3.4. Duration of data processing

For the purpose set forth in point 2.4.3.1., User’s personal data specified in point 2.4.3.2. is processed until the registration of the User is deleted, or rejected or the consent to process personal data for the purpose set forth in 2.4.3.1. is withdrawn (whichever occurs first). Those parts of the feedback and other information received from the User that does not constitute personal data (under applicable law, such as the GDPR) will be retained and used indefinitely by Commsignia for the same purpose as set forth in point 2.4.3.1.

Notwithstanding the above, Commsignia shall immediately delete your personal data if you specifically request the deletion thereof or withdraw your consent and there is no valid legal ground for data processing. If the User withdraws their consent, this does not affect the lawfulness of data processing based on their consent and conducted before such withdrawal.

2.5. Data processor

In order to fulfill its purposes as a data controller Commsignia cooperates with the data processors listed below. Commsignia reserves the right to change the data processors at any time.

Name of the data processorData processing activity carried out on behalf of Commsignia and list of the personal data the data processor has access to
Amazon Web Services, Inc
Company name: Amazon Web Services Inc
Address: 410 Terry Avenue North, Seattle, WA 98109-5210, ATTN: AWS Legal
Website: aws.amazon.com
Contact: aws.amazon.com/contact-us
By mail: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109-5210, ATTN: AWS Legal		Amazon Web Services provides the platform for V2X Studio and therefore it processes all Data on behalf and based on the instructions of Commsignia.
More information regarding GDPR compliance: aws.amazon.com/compliance/gdpr-center
Google Cloud EMEA Limited
Company name: Google Cloud EMEA Limited
Address: 70 Sir John Rogerson’s Quay, Dublin 2, Ireland
Website: workspace.google.com
Contact: support.google.com/policies/contact/general_privacy_form
By mail: 70 Sir John Rogerson’s Quay, Dublin 2, Ireland		Users can register to use the Tool by providing Commsignia with the necessary information using Google Form.
More information regarding GDPR compliance: cloud.google.com/privacy/gdpr
Pendo.io, Inc.
Company name: Pendo.io, Inc.,
Address: Pendo.io, Inc. 301 Hillsborough St., Suite 1900, Raleigh, NC 27603
Website: https://www.pendo.io/
Contact: [email protected]
Commsignia, Inc.		Pendo.io analyzes the User Activity therefore it processes User Activity data on behalf and based on the instructions of Commsignia.
More information regarding GDPR compliance: https://www.pendo.io/legal/privacy-policy/
Company name: Commsignia, Inc.
Address: 5201 Great America Parkway, Suite 320, Santa Clara, CA 95054, United States of America
 
Website: www.commsignia.com
Contact: [email protected]
By mail: 5201 Great America Parkway, Suite 320, Santa Clara, CA 95054, United States of America		To the extent the data processing is related to the North American market, Commsignia, Inc. may be involved in the conducting of the interviews and the processing of the content of the Communication.

2.6. Cookies

2.6.1. Commsignia hereby informs you that if you download certain parts of the Site, small data files (“Cookies”) will be automatically sent by the web server to your electronic device. In certain cases, these data files may be considered as personal data under the applicable data protection laws. These data files are necessary for the proper operation of the Site, and are used to collect information on the User’s visits to the Site.

2.6.2. The User can accept or refuse Cookies by adjusting their browser settings. To find out how to do this and learn more on Cookies, please visit: https://www.youronlinechoices.eu/. If the User chooses to refuse all Cookies, access to some of the Site pages features may be limited.

Type of CookiePurpose of CookiesLegal basis of data processingCookie retention period
SessionSession Cookies allow the User to be recognized within the Site and store whether the User has accepted the Cookie policy.User’s consent.The information is saved until the end of the current session. After that, the collected information will no longer be available.

2.7. Data security

Commsignia observes all applicable regulations regarding the security of personal data, therefore both Commsignia and its authorized data processors implement appropriate technical and organizational measures to protect personal data, and establish adequate procedural rules to enforce the provisions of the GDPR and all relevant local laws concerning confidentiality and the security of data processing.

2.8. Measures to ensure data security

2.8.1. Data Controller is obliged to ensure data security, it must take technical and organizational measures and establish procedural rules which ensure that the recorded, stored and processed data are protected, and which prevent their destruction, unauthorized use or unauthorized alteration. Data Controller also draws the attention of third parties – which the data subject’s data have been transferred to – to the fact that they have to comply with the data security requirements.

2.8.2. Data Controller shall ensure that the processed data cannot be accessed, disclosed, transmitted, modified or deleted by unauthorized persons. Data Controller shall make its best efforts to ensure that the data cannot be damaged or destroyed. The above obligation is also prescribed by Data Controller for the employees participating in its data processing activities and for the data processors acting on its behalf.

2.8.3. The Data Controller stores personal data in its own systems and the systems of the data processors in the course of the processing of the data, and the employees of the Data Controller access and download the data on a case-by-case basis, if data processing is needed.

2.8.4. In order to prevent unauthorized access to the data, Data Controller ensures the protection of personal data and prevents unauthorized access to them on its tools as follows: the access to the server and to the computers is protected by passwords and a firewall and antivirus software is applied.

2.9 Communication of a personal data breach to the data subject

2.9.1. In the following, the regulation of some general issues shall be presented. Thus, the procedure used to ensure the security of the data, the action to be taken in the event of a personal data breach, as well as the rights of the data subject and the means of redress.

2.9.2. Personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed.

2.9.3. If the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, Data Controller shall communicate the personal data breach to the data subject without undue delay in clear and plain language.

2.9.4. The communication to the data subject shall not be required if any of the following conditions are met:

  • Data Controller has implemented appropriate technical and organizational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorized to access it, such as encryption;
  • Data Controller has taken subsequent measures which ensure that the high risk to the rights and freedoms of the data subject is no longer likely to materialize;
  • it would involve disproportionate effort. In such a case, there shall instead be a public communication or similar measure whereby the data subjects are informed in an equally effective manner.


2.10 Rights of the data subjects

In addition to the rights defined above, the data subjects may exercise the following rights in relation to the data processing set forth in the present Policy:

2.10.1. Right to get information and to have access to personal data being processed:

The data subject has the right to obtain confirmation from Data Controller as to whether or not personal data concerning him or her are being processed, and, if that is the case, to have access to the personal data and the following information:

  1. the purposes of the data processing;
  2. the categories of personal data concerned; 
  3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
  4. if possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  5. the data subject’s right to request the personal data’s rectification from Data Controller, erasure or the restriction of their processing if these personal data are related to the data subject or the data subject’s right to object to such data processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. if the personal data are not collected from the data subject, any available information as to their source;
  8. the existence of automated decision-making, including profiling, and at least in these cases meaningful information about the logic involved, as well as the significance and the envisaged consequences of such data processing for the data subject.

If personal data are transferred to a third country or to an international organization, the data subject has the right to be informed of the appropriate safeguards relating to the data transfer.

Data Controller shall provide the data subject with a copy of his or her personal data undergoing the data processing. For any further copies requested by the data subject, Data Controller may charge a reasonable fee based on administrative costs. If the data subject submits the request by electronic means, the information shall be provided in a commonly used electronic form, unless otherwise requested by the data subject.

The right to obtain a copy referred to in the previous paragraph shall not adversely affect the rights and freedoms of others.

The rights mentioned above can be exercised through the Data Controller’s contact details indicated above.

2.10.2. Right to rectification:

Based on the data subject’s request, Data Controller shall without undue delay rectify any inaccurate personal data related to the data subject. Taking into account the purposes of the data processing, the data subject has the right to have his or her incomplete personal data completed, including by providing a supplementary statement.

2.10.3. Right to erasure („Right to be forgotten”):

The data subject has the right to obtain the erasure of personal data concerning him or her from the Data Controller without undue delay if any of the following reasons exists:

  1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  2. the data subject withdraws his or her consent on which the data processing is based, and if there is no other legal ground for the data processing;
  3. the data subject objects to the data processing and there are no overriding legitimate grounds for the data processing, or if the personal data are processed for direct marketing purposes;
  4. the personal data have been unlawfully processed;
  5. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which Data Controller is subject;
  6. the personal data have been collected in relation to the offer of information society services.

Erasure of data cannot be initiated if data processing is necessary:

  1. for exercising the right of freedom of expression and information;
  2. for compliance with a legal obligation which requires processing by Union or Member State law to which Data Controller is subject or for the performance of a task carried out in the public interest;
  3. for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, for medical diagnosis, for the provision of health or social care or treatment or for the management of health or social care systems and services, on the basis of Union or Member State law or pursuant to contract with a health professional and if those data are processed by or under the responsibility of a professional subject to the obligation of professional secrecy under Union or Member State law or rules established by national competent bodies or by another person also subject to an obligation of secrecy under Union or Member State law or rules established by national competent bodies;
  4. for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular as for professional secrecy;
  5. for reasons of public interest in the area of public health and if those data are processed by or under the responsibility of a professional subject to the obligation of professional secrecy under Union or Member State law or rules established by national competent bodies or by another person also subject to an obligation of secrecy under Union or Member State law or rules established by national competent bodies;
  6. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, if the right of erasure would make such data processing impossible or the right of erasure would such data processing seriously jeopardize[3]; or
  7. for the establishment, exercise or defense of legal claims.

2.10.4. Right to restrict data processing:

The data subject has the right to obtain the restriction of data processing from Data Controller if one of the following conditions applies:

  1. the accuracy of the personal data is contested by the data subject, in this case restriction is related to a period enabling Data Controller to verify the accuracy of the personal data;
  2. the data processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  3. Data Controller no longer needs the personal data for the purposes of the data processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;
  4. the data subject has objected to data processing based on public interest or legitimate interest, in this case restriction is related to a period in the course of which it can be verified whether the legitimate grounds of Data Controller override those of the data subject.

If processing has been restricted according to the above, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

A data subject who has obtained restriction of data processing according to the above shall be informed by Data Controller before the restriction of data processing is lifted.

2.10.5. Right to data portability:

The data subject has the right to receive the personal data concerning him or her, which he or she has provided to Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another data controller without hindrance from Data Controller to which the personal data have been provided, if the data processing is based on consent or on a contract and the processing is carried out by automated means.

In exercising his or her right to data portability defined above, the data subject has the right to have the personal data transmitted directly from one controller to another, if it is technically feasible.

The exercise of the right referred to data portability shall be without prejudice to the right to erasure („right to be forgotten”). That right shall not apply to data processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in Data Controller.

The right to data portability shall not adversely affect the rights and freedoms of others.

2.10.6. Right to object:

The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, if the legal ground of data processing is to perform a task carried out in the public interest or in the exercise of official authority vested in Data Controller, or the data processing is necessary for the purposes of the legitimate interests pursued by Data Controller or by a third party, including profiling based on these provisions. Data Controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the data processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

If personal data are processed for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. If the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

If personal data are processed for scientific or historical research purposes or statistical purposes, the data subject, on grounds relating to his or her particular situation, has the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

2.10.7. Right to withdraw the given consent:

If the data processing of Data Controller is based on the data subject’s consent, the data subject has the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of data processing based on consent before its withdrawal.

2.10.8. Procedure in the event of a request submitted by the data subject concerning the exercise of the above rights:

Data Controller shall provide information to the data subject on action taken on the data subject’s request related to the rights defined in the present Policy without undue delay and in any event within one month of receipt of the request. This period may be extended by two further months where necessary, taking into account the complexity and number of the requests.

Data Controller shall inform the data subject of any such extension within one month of receipt of the request, with the reasons for the delay. If the data subject makes the request by electronic means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.

If Data Controller does not act on data subject’s request, Data Controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

Any information and communication requested by data subject shall be provided by Data Controller free of charge, unless requests from the data subject are manifestly unfounded or excessive, in particular because of their repetitive character. In this case, Data Controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication requested or refuse to act on the request.

Data Controller shall communicate any rectification or erasure of personal data or restriction of data processing carried out by Data Controller to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. Data Controller shall inform the data subject about those recipients if the data subject requests it.

2.11. Personal data related to children and third parties

Persons under the age of 16 may not provide their personal data unless consent is given by the holder of parental responsibility. By making the personal data available to Data Controller, the parent, as a data subject, declares and guarantees that he or she will act in accordance with the above, and his or her capacity to act is not limited in connection with the provision of these information.

If you are not legally entitled to make any personal data available on your own, you must obtain the consent of the third parties concerned (e.g. legal representative, guardian, other person acting as representative of the consumer) or provide another legal ground for making the data available. In this context, you must consider whether the consent of a third party is required in connection with the provision of the personal data in question. It can happen that Data Controller does not get into personal contact with you, so you are obliged to ensure compliance with the present section and Data Controller is not liable in this aspect. Regardless of this, Data Controller is always entitled to check whether the appropriate legal ground for the processing of any personal data is available. For example, if you are acting on behalf of a third party, such as a consumer, we are entitled to request your authorization and / or the data subject’s appropriate consent to the data processing in question.

Data Controller makes its best effort to delete any personal data which has been made available to Data Controller without authorization. Data Controller ensures that if it becomes aware of the non-authorized availability of any personal data, this personal data shall not be transferred to another person or used by Data Controller. Please, let Data Controller know immediately by any of the contacts indicated in the Contact Details section if you become aware of the fact that a third party has unauthorizedly provided any personal data to Data Controller.

3. Contact Details

Any questions or requests related to our data processing and to your personal data stored in the system should be sent to the [email protected] e-mail address, or in writing to the address of 4-20 Irinyi József utca, Budapest 1117, Hungary or contact us by phone at +36 70 883 9700. Please note that – in your own interest – concerning the data processing related to your personal data we are only able to provide information or take any action if you have credibly proven your identity.

4. Judicial remedy

Data Controller can be contacted with any questions or remarks related to data processing by any of the contact details indicated in the present Policy.

Investigation can be initiated at the Hungarian National Authority for Data Protection and Freedom of Information [postal address: 1530 Budapest, Pf.: 5., phone: +36 (1) 391-1400, email: [email protected], website: naih.hu], referring that there is an infringement or imminent threat of an infringement related to the processing of a personal data.

If the data subject’s rights have been violated, the data subject may also take action against Data Controller at the competent court. The court is acting immediately in this case (these actions have priority). Data Controller is obliged to prove that the data processing complies with the provisions of the law. The trial falls into the jurisdiction of the Regional Courts of Hungary. At the discretion of the data subject, the action may be brought before the regional courts having jurisdiction based on the place of residence or the place of stay of the data subject.