Privacy Policy
(Effective: July 1, 2025)
1. GENERAL PROVISIONS
1.1. The Service Provider
Name: NewPush Europe Kft.
Address: 2600 Vác, Thomas Edison utca 27.
Phone: +36307564514
Company registration number: 17-09-013203
Tax number: 23885884-2-13
EU VAT number: HU23885884
Website: mikrovps.net
Customer service e-mail: support@mikrovps.net
2. GENERAL LEGAL REGULATIONS AND GUIDELINES FOR DATA PROCESSING
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR)
- Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (Info Act)
- Act V of 2013 on the Civil Code (Ptk.)
- Section 78 (3) of Act CL of 2017 on the Rules of Taxation (retention period for documents) and Section 169 (e) of Act CXXVII of 2007 on Value Added Tax (mandatory elements of an invoice).
- Act CXXVII of 2007 on Value Added Tax (VAT Act)
- Act C of 2000 on Accounting (Accounting Act)
- Act CXIX of 1995 on the Processing of Name and Address Data for the Purpose of Research and Direct Marketing (DM Act)
- Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (E-commerce Act)
- Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (Grt.)
- Domain Registration Regulations ( https://www.domain.hu/domainregisztracios-szabalyzat/)
3. DEFINITIONS
-
Personal Data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Typical personal data include, in particular: name, address, place and date of birth, mother's name.
-
Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
-
Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
-
Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
-
Recipient: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
4. PRINCIPLES
- Lawfulness, fairness and transparency: We process your personal data lawfully, fairly and in a transparent manner in relation to you. This means that the processing is always based on an appropriate legal basis and you are fully informed about how and why we process your data.
- Purpose limitation: We collect your personal data for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Data minimisation: We only collect and process personal data that is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Accuracy: We take every reasonable step to ensure that personal data that we process are accurate and, where necessary, kept up to date. Inaccurate data are erased or rectified without delay.
- Storage limitation: We keep your personal data for no longer than is necessary for the purposes for which the personal data are processed. After that period, the data will be erased or anonymised.
- Integrity and confidentiality (Data Security): We ensure the security of your personal data by using appropriate technical and organisational measures to protect it against unauthorised or unlawful processing and against accidental loss, destruction or damage.
- Accountability: As a controller, we are responsible for, and must be able to demonstrate, compliance with the principles mentioned above. We continuously review and improve our data processing practices.
5. PURPOSES, LEGAL BASES AND DURATION OF DATA PROCESSING
| Processing Operation | Purpose of Processing | Legal Basis for Processing | Categories of Data Concerned | Data Retention Period | Data Transfer |
|---|---|---|---|---|---|
| Newsletter Subscription | We may send newsletters about our promotions, new features, and other information to those who subscribe or consent to it. Newsletters are considered advertising as they contain our company name and address. You can subscribe to the newsletter by providing your name and email address, as well as when ordering a service, with separate confirmation (opt-in). | Consent (Article 6(1)(a) of the GDPR) | Name, email address, time and IP address of subscription (opt-in) and unsubscription (opt-out) | Until consent is withdrawn | AC PM, LLC |
| Facebook Page | For online communication and information purposes, we maintain a Facebook page where it is possible to comment, express opinions, rate, and submit content. We access personal data with the consent of the data subject. We do not use this data, and it does not leave the Facebook system through us. | Consent (Article 6(1)(a) of the GDPR) | Name, comment, public social media profile data | Until consent is withdrawn | Facebook, Inc. |
| Contact Form | To facilitate online communication, opening a support ticket. | Consent (Article 6(1)(a) of the GDPR) | Name, email address | Until consent is withdrawn | Google Inc., AC PM, LLC, Freshworks Inc., |
| Domain Application | The provider is obliged to transfer personal data to the registering organisation in the case of a domain registration. In certain cases, it is also necessary to transmit the number of an identity card or other identification document. In such cases, the copy of the data handled by us is deleted immediately after transmission. | Legitimate Interest (Article 6(1)(f) of the GDPR) | Applicant's name, legal status, identity card number, tax number, email address, phone number, address (country, postal code, city, street, house number), signature. Administrative contact's name, legal status, identity card number, tax number, email address, phone number, address (country, postal code, city, street, house number). Witnesses' names, addresses, signatures. | ISZT Nonprofit Kft. GoDaddy.com, LLC CentralNic Group PLC Netim Microware Tucows, Inc | |
| Service Order, Contract Conclusion | The provision of data is necessary. If you do not provide the personal data, you cannot order a hosting service. | Legal Obligation (Article 6(1)(b) of the GDPR: for the performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract) | Customer's name, company name, tax number (for corporate customers), address (postal code, city, street, house number), person acting on behalf of the company, correspondence name and address (postal code, city, street, house number). Customer's contact person's name, phone number, email address. | Until the end of the 5th year following the performance or termination of the contract | No data transfer according to Articles 44-49 of the GDPR |
| Billing | Maintaining billing records and issuing invoices is a statutory obligation. | Legal Obligation (Article 6(1)(c) of the GDPR: compliance with a legal obligation: Section 159(1) of the VAT Act) | Name, address, email address, and in the case of a company/organisation, tax number, name of the contact person | For the period prescribed by law, current year + 8 years | Ambrits Informatikai Tanácsadó Bt. SimplePay Zrt. PayPal (Europe) Stripe, Inc Horváth és Tsa Univerzal Kft. |
| Subscriber Opinion | Displaying an opinion from a subscriber. | Consent (Article 6(1)(a) of the GDPR) | Name, company name, domain name, content of the opinion | Until consent is withdrawn | No data transfer according to Articles 44-49 of the GDPR |
| Business Partner Data | In the course of business/professional relationships, we process the personal data of partners' managers, employees, and contact persons based on legitimate interest. | Legitimate Interest (Article 6(1)(f) of the GDPR) | Name, e-mail address, phone number | Until consent is withdrawn | No data transfer according to Articles 44-49 of the GDPR |
| Server Log Files | For troubleshooting and intrusion prevention/tracking purposes. | Legitimate Interest (Article 6(1)(f) of the GDPR) | IP address, requested website address and subpage (in case of website viewing), email address (in case of email download, sending/receiving), FTP/SSH login IP address, and the time and duration of these. | Maximum 3 months | No data transfer according to Articles 44-49 of the GDPR |
| Contact by Phone | Identification, fault recording. | Consent (Article 6(1)(a) of the GDPR) | Phone number, conversation recording | Until consent is withdrawn | No data transfer according to Articles 44-49 of the GDPR |
5.1. Cookies
-
A cookie is a package of information consisting of letters and numbers that websites usually send to your browser with the aim of saving certain settings, facilitating the use of the website and helping to collect some relevant statistical information about visitors. Cookies do not contain personal information and are not suitable for identifying individual users. Cookies often contain a unique identifier – a secret, randomly generated string of numbers – which is stored on your device. Some cookies expire after closing the website, while others are stored on your computer for a longer period. You can prevent all cookie-related activities and delete data files placed during previous visits; your browser's guide will instruct you on the exact method, which can be found on the following pages:
- Manage cookies and site data in Chrome
- Information about cookies for Firefox
- Manage cookies in Internet Explorer
- Manage cookies in Edge
- Some browsers also allow you to automatically delete browsing data every time you close them. You can read about this here.
- If you have previously received a cookie from Facebook – either because you have an account or because you have visited facebook.com – your browser sends data related to this cookie when you visit a site with a "Like" button or other social plugin (like this website). More information can be found here.
-
When you first visit the mikrovps.net website, a clearly visible cookie consent banner appears at the bottom of the page. This banner informs you that the website uses cookies to ensure the best user experience and refers to the Privacy Policy for more information. Two main options are available on the banner:
-
Accept all: By clicking this button, you give your express and active consent to the use of all cookies (including functional, analytical and marketing cookies) as detailed in the Privacy Policy. This action is recorded, and the website will operate according to your preferences.
-
Show preferences: By clicking this button, you get more detailed control over the cookies. This option allows you to individually select which cookie categories (e.g., analytics, marketing) you consent to and which you reject. With this granular setting, you can precisely control what types of cookies are placed on your device.
-
-
List of cookies used on the site
| Name | Domain | Purpose | Type | Expiry |
|---|---|---|---|---|
| __cfduid | *.mikrovps.net | Cloudflare CDN/WAF for identifying trusted web traffic | Functional | 1 year |
| NEXT_CURRENCY | *.mikrovps.net | Stores the user's selected currency preference. | Functional | 1 year |
| NEXT_LOCALE | *.mikrovps.net | Stores the user's selected language preference. | Functional | 1 year |
| NEXT_statusIncidentBarDismissed | *.mikrovps.net | Stores whether the user has dismissed the status incident notification bar. | Functional | 7 days |
| WHMCS* | my.mikrovps.hu | Client/visitor session identification | Functional | Session (temporary) End of visit |
| ga | *.mikrovps.net | Analysis of website traffic and user behaviour | Analytical | 2 years |
| _gac_<wpid> | *.mikrovps.net | Measuring advertising performance | Marketing | 90 days |
| _gid | *.mikrovps.net | Measuring unique visitors on the website | Analytical | 24 hours |
| _gcl_dc | *.mikrovps.net | Identifying and tracking clicks from ads | Analytical, Marketing | 90 days |
| _gcl_au | *.mikrovps.net | Measuring user interactions related to ads | Analytical, Marketing | 90 days |
| _dc_gtm_<property-id> | *.mikrovps.net | Controlling the operation of analytics and marketing tags | Analytical | 1 minute |
6. RIGHTS RELATED TO DATA PROCESSING
6.1. Withdrawal of Consent
- Consent can be withdrawn at any time, in the same simple way it was given.
- The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
- You can withdraw your consent for newsletters by clicking the unsubscribe link at the end of the newsletter or by disabling it in the Client Portal (opt-out).
- In the case of the Facebook page, you can withdraw consent by unliking the page.
- For other data processing operations based on consent, please send a short message to the email address privacy@newpush.com.
6.2. Right of Access
- Visitors, clients, and partners of the MikroVPS website are entitled to request feedback on whether their personal data is being processed and, if so, are entitled to access the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- We will provide a copy of the personal data undergoing processing.
- The right to obtain a copy shall not adversely affect the rights and freedoms of others.
6.3. Right to Rectification
- Through our Client Portal, our Clients have the opportunity to update and keep their data current.
6.4. Right to Erasure (‘Right to be Forgotten’)
- We are obliged to erase personal data concerning our Client, principal, or website visitor without undue delay upon request, or even without request, if
- the personal data are no longer necessary in relation to the purposes for which we collected or otherwise processed them;
- the principal/client/visitor withdraws consent on which the processing is based, and where there is no other legal ground for the processing;
- the principal/client/visitor objects to the processing and there are no overriding legitimate grounds for the processing;
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- the personal data have been collected in relation to the offer of information society services.
- If we have made the personal data public and are obliged to erase it, taking account of available technology and the cost of implementation, we shall take reasonable steps to inform controllers processing the personal data that our client/principal/website visitor has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
- We do not have to erase personal data if processing is necessary for the establishment, exercise, or defense of legal claims. If a request for erasure of such data is received, we will consider it and respond in writing with the decision.
- We must inform all recipients to whom the personal data have been disclosed of any erasure, unless this proves impossible or involves disproportionate effort. We will inform our Client/principal/user of these recipients if requested.
6.5. Right to Data Portability
- Where personal data are processed by automated means, and if the legal basis for processing is consent or a contractual basis, our Client/principal/website visitor is entitled to receive the personal data concerning him or her, which he or she has provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller, where technically feasible.
6.6. Right to Object
- Our client/principal may object to the processing of his/her personal data on grounds relating to his/her particular situation at any time, where the legal basis for processing is legitimate interest. In this case, we may no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of our client/principal or for the establishment, exercise or defense of legal claims.
7. DATA TRANSFER, DATA PROCESSING
The Provider uses external data processors to perform certain tasks.
- Purpose of data transfer: Receiving and sending emails
- Data processor: Google Inc.,
- Headquarters: Mountain View, California, USA
- Privacy Policy: policies.google.com/privacy
- Scope of data transferred: email content
- Purpose of data transfer: Sending emails
- Data processor: AC PM, LLC,
- Headquarters: Chicago, Illinois, USA
- Privacy Policy: postmarkapp.com/privacy-policy
- Scope of data transferred: email content
- Purpose of data transfer: Handling support tickets
- Data processor: Freshworks Inc.,
- Headquarters: San Mateo, California, USA
- Privacy Policy: freshworks.com/privacy
- Scope of data transferred: email/ticket content
- Purpose of data transfer: Billing
- Data processor: Ambrits Informatikai Tanácsadó Bt.
- Headquarters: 9400 Sopron, Gáspárdy Sándor utca 1.
- Privacy Policy: cmfx.hu/adatkezelesi.php
- Scope of data transferred: billing data
- Purpose of data transfer: Credit card payment for customer support, transaction confirmation and fraud monitoring to protect users.
- Data processor: SimplePay Zrt.
- Headquarters: 1138 Budapest, Váci út 135-139. B. ép. 5. em.
- Privacy Policy: simple.hu/adatkezelesi-tajekoztato
- Scope of data transferred: username, last name, first name, country, phone number, e-mail address, billing data, invoice amount
- Purpose of data transfer: PayPal payment
- Data processor: PayPal (Europe)
- Headquarters: S.à r.l. et Cie, S.C.A
- Privacy Policy: paypal.com/ee/webapps/mpp/ua/privacy-full
- Scope of data transferred: billing data, invoice amount
- Purpose of data transfer: Stripe payment
- Data processor: Stripe, Inc
- Headquarters: Dublin, Ireland
- Privacy Policy: stripe.com/en-hu/privacy
- Scope of data transferred: billing data, invoice amount
- Purpose of data transfer: Accounting
- Data processor: Horváth és Tsa Univerzal Kft.
- Headquarters: 1213 Budapest, Csalitos u. 27.
- Privacy Policy:
- Scope of data transferred: billing data, invoice amount
- Purpose of data transfer: Domain registration
- Data processor: ISZT Nonprofit Kft.
- Headquarters: 1089 Budapest, Bláthy Ottó utca 9.
- Privacy Policy: iszt.hu/adatkezelesi-tajekoztato/
- Scope of data transferred: Personal data required for domain registration
- Purpose of data transfer: Domain registration
- Data processor: GoDaddy.com, LLC
- Headquarters: 2155 E. GoDaddy Way, Tempe, AZ 85284 USA,
- Privacy Policy: godaddy.com/en-ph/legal/agreements/privacy-policy
- Scope of data transferred: Personal data required for domain registration
- Purpose of data transfer: Domain registration
- Data processor: CentralNic Group PLC
- Headquarters: 4th Floor, Saddlers House, 44 Gutter Lane, London, EC2V 6BR, United Kingdom
- Privacy Policy: centralnicreseller.com/privacy-policy/
- Scope of data transferred: Personal data required for domain registration
- Purpose of data transfer: Domain registration
- Data processor: Netim
- Headquarters: 264 avenue Arthur Notebart, 59160 Lille, France
- Privacy Policy: netim.com/en/data-policy
- Scope of data transferred: Personal data required for domain registration
- Purpose of data transfer: Domain registration
- Data processor: Microware
- Headquarters: 1148 Budapest, Fogarasi út 3-5.
- Privacy Policy: microware.hu/wp-content/uploads/2022/04/adatkezelesi-szabalyzat_microware.pdf
- Scope of data transferred: Personal data required for domain registration
- Purpose of data transfer: Domain registration
- Data processor: Tucows, Inc
- Headquarters: Toronto, Ontario, Canada
- Privacy Policy: opensrs.com/privacy-policy/
- Scope of data transferred: Personal data required for domain registration
- Purpose of data transfer: Facebook page
- Data processor: Facebook Inc.
- Headquarters: Menlo Park, California, USA
- Privacy Policy: www.facebook.com/about/privacy/update
- Scope of data transferred: username, comment.
- Transfer to third countries The only third country to which data is transferred is the United States of America. On 10 July 2023, the European Commission adopted the adequacy decision for the EU-US Data Privacy Framework (DPF). This framework allows for the secure transfer of personal data from the EU to the US to companies that participate in the DPF programme and are on the DPF list.
8. AUTOMATED DATA PROCESSING AND PROFILING
- Automated data processing refers to data processing operations carried out by IT systems without human intervention. This may include the collection, storage, organisation, analysis and transfer of data. In the Provider's systems, automated data processing is mainly carried out in connection with the provision of services, invoicing, regular security checks and troubleshooting.
- Profiling is a specific form of automated data processing which uses personal data to evaluate, analyse or predict certain personal aspects of a natural person (e.g. economic situation, health, personal preferences, interests, reliability, behaviour, location or movement).
- The Provider does not currently carry out any automated profiling that would have legal or similarly significant effects on our clients. We primarily use automated processes to optimise our services, improve the user experience and prevent unauthorised access or misuse. For example, our systems may automatically monitor server load or record failed login attempts to detect security incidents.
- Should profiling take place in the future, we will inform all data subjects in advance and ensure that the rights provided for in the GDPR (e.g. right to object, right to human intervention) are respected.
9. GENERAL DATA SECURITY MEASURES
- Ensuring data security is a key priority for us. We apply a number of technical and organisational measures to protect data against unauthorised access, alteration, transmission, disclosure, erasure or destruction, as well as against accidental destruction and damage and against inaccessibility due to changes in the technology used. Our most important data security measures are as follows:
- Encryption:
- Data-in-transit encryption (SSL/TLS): All our websites and client portals use the HTTPS protocol, which means that the data traffic between your browser and our servers is encrypted, thus preventing unauthorised interception or modification of data.
- Data-at-rest encryption: Certain sensitive data, where necessary, are stored in encrypted form in our databases and file systems. This provides additional protection even in the event of physical access to the storage media.
- Access restrictions and authorisation management:
- Strict access rules: Access to data is strictly limited; only those staff whose work absolutely requires it have access. Access rights are granted on a "least privilege" basis.
- Identification and authentication: All access is via an identification and authentication process (username and strong password, two-factor authentication where appropriate).
- Logging: Access to data and data processing operations are continuously logged, which allows for the tracking and analysis of any incidents.
- Backups and disaster recovery:
- Regular backups: We make automated backups of all systems and databases at regular intervals. These backups are stored redundantly in physically separate locations.
- Disaster recovery plan: We have a detailed disaster recovery plan to ensure the rapid recovery of data and services in the event of a major hardware failure, natural disaster or other unforeseen event. The recovery processes are tested regularly.
- Regular security checks and updates:
- Software updates: All software and operating systems are regularly updated with the latest security patches to minimise the risk of attacks via known vulnerabilities.
- Vulnerability scans and penetration tests: We regularly have vulnerability scans and penetration tests carried out on our systems by external experts to identify and remedy potential security weaknesses.
- Intrusion detection systems: We use intrusion detection/prevention systems (IDS/IPS) to monitor network traffic and block suspicious activity.
- Staff training:
- Our staff receive regular training on data protection and data security to keep them up to date with best practices and the latest threats.
- The Provider continuously reviews and improves its data security measures to ensure the highest level of protection for your data. Should you have any further questions about our data processing or data security practices, please do not hesitate to contact us.
10. COMPLAINT HANDLING
10.1. Submitting a complaint to the Provider
- A complaint regarding the data processing by the Provider must be submitted in writing (by e-mail) to the Provider at the e-mail address privacy@newpush.com.
- The Provider will investigate the complaint within 8 days and inform the complainant of the outcome of the investigation within 15 days of receipt of the complaint and, where possible, remedy the error.
- In the event of a complaint being lodged in a manner other than that specified, the Provider shall not be liable for compliance with the response deadline.
10.2. Submitting a complaint to the Authority
-
In the event of the rejection of the complaint and a legal dispute arising from the complaint, the Subscriber is entitled to all the legal remedies provided for by law.
National Authority for Data Protection and Freedom of Information
Seat: 1055 Budapest, Falk Miksa utca 9-11.
Mailing address: 1363 Budapest, Pf. 9.
Phone: +36 (1) 391-1400
E-mail: ugyfelszolgalat@naih.hu
Website: www.naih.hu
Contact us today!
Our expert team is ready to help you.