ProMan Consulting Kft. (hereinafter referred to as “Controller“, headquarters 1221 Budapest, Tanító utca 15/1 a) as a (Data) Controller in the processing of personal data acts in accordance with the provisions of the regulation and the applicable laws (regulation No 2016/679 of the European Parliament and the Council of 27 April 2016) on the protection of individuals with regard to the processing of personal data and the free movement of such data.
ProMan Consulting Kft. respects your rights (hereinafter referred to as “Data Subject“) to protect your personal data. This information material summarizes, in a compact, simple way, what information we collect, how we can use it, and describes the tools we use, as well as the privacy and enforcement capabilities of the Data Subject.
Detailed rules are laid down in the aforementioned Regulation. For further information, we recommend that the Regulation is to be studied.
Purpose of processing
Personal data can only be processed for a specific purpose, to the extent necessary, to exercise a right and to fulfill obligations. At all stages of processing, the purpose of processing must be met, data entry and management must be fair and legitimate. Personal data can only be handled to the extent and for the duration required to achieve the goal. Controller’s internal instructions specified that only the recipients contributing to and needed to achieve the purpose of processing can manage the data.
Controller handles personal data with a voluntary consent in the following cases:
Controller handles personal data as a result of a statutory obligation in the following cases:
Controller handles personal to fulfil its contractual obligations in the following cases:
Controller handles personal data on the basis of legitimate interest in the following cases:
The scope of processed data, the duration of processing, and entitled third parties to access data
Referring to the above, the following data are collected and treated for the designated retention period by reference to the claimed legal basis.
DATA PROCESSED BY VOLUNTARY CONSENT
Name of data |
Retention time |
Browser cookies |
Until unsubscription |
Name |
Until unsubscription or until completion of interviews or until the cessation of the need for an interview |
Email address |
Until unsubscription or until completion of interviews or until the cessation of the need for an interview |
Telephone number |
Until unsubscription or until completion of interviews or until the cessation of the need for an interview |
Title |
Until unsubscription |
Place of residence |
Until unsubscription |
Birth date |
Until unsubscription |
User ID |
Until unsubscription |
Position |
Until unsubscription or until completion of interviews or until the cessation of the need for an interview |
Company name |
Until unsubscription or until completion of interviews or until the cessation of the need for an interview |
Company address |
Until unsubscription or until completion of interviews or until the cessation of the need for an interview |
DATA PROCESSED BY STATUTORY OBLIGATION
Name of data |
Retention time |
Name |
Retention time according to the legal regulations for the term of the contract or 8 years after the invoice has been issued (Under subsection (1) of section 169 of Act C. of 2000). |
Billing address |
Retention time according to the legal regulations for the term of the contract or 8 years after the invoice has been issued (Under subsection (1) of section 169 of Act C. of 2000). |
DATA PROCESSED BY CONTRACTUAL OBLIGATIONS
Name of data |
Retention time |
Name |
Retention time according to the legal regulations for the term of the contract or 8 years after the invoice has been issued (Under subsection (1) of section 169 of Act C. of 2000). |
Email address |
Retention time according to the legal regulations for the term of the contract or 8 years after the invoice has been issued (Under subsection (1) of section 169 of Act C. of 2000). |
Telephone number |
Retention time according to the legal regulations for the term of the contract or 8 years after the invoice has been issued (Under subsection (1) of section 169 of Act C. of 2000). |
Position |
Retention time according to the legal regulations for the term of the contract or 8 years after the invoice has been issued (Under subsection (1) of section 169 of Act C. of 2000). |
Company name |
Retention time according to the legal regulations for the term of the contract or 8 years after the invoice has been issued (Under subsection (1) of section 169 of Act C. of 2000). |
Birth date |
Retention time according to the legal regulations for the term of the contract or 8 years after the invoice has been issued (Under subsection (1) of section 169 of Act C. of 2000). |
City of residence |
Retention time according to the legal regulations for the term of the contract or 8 years after the invoice has been issued (Under subsection (1) of section 169 of Act C. of 2000). |
DATA PROCESSED BY LEGITIMATE INTEREST
Name of data |
Retention time |
Stored data |
Retention time according to the termination of legitimate interest or according to the related statutory provision (Under section 6:22 of the Hungarian Civil Code), which is 5 years. |
You may find information on the methods of withdrawing voluntary consent in this Statement’s section number 5.
When collecting personal data, the Controller complies with applicable legal regulations, restrictions, and ethical standards.
Controller:
For the processing of personal data by the Controller, the following Data Processor(s) will be used for the indicated activities:
Data Processor |
Company reg. numb. / VAT numb. |
Data processing activity |
Octonull Kft. |
01 09 198177 |
Invoice issuing |
Gold Medal Kft. |
01 09 996475 |
Accounting |
Magyar Posta Zrt. |
01 10 042463 |
Correspondence |
Bene Studio Kft. |
01 09 280532 |
Application development |
Google Ireland Ltd. |
IE6388047V |
Digital marketing, user analytics |
Facebook Ireland Ltd. |
IE9692928F |
Digital marketing |
The data controller also transmits the data to the following recipients in addition to the recipients specified in the internal policy(s):
Access
Data Subject has the right to receive feedback from Data Controller as to whether Data Subject’s personal data is being processed and, if such processing is in progress, has the right to have access to his or her personal data and the following information:
Modification, correction
Data Subject is entitled to request the Controller to correct any of his or her inaccurate personal data without undue delay. Taking into account the purpose of the data handling, Data Subject is entitled to request the supplementation of incomplete personal data, including by means of a supplementary statement.
Portability
Data Subject has the right to receive the personal data previously provided to Controller in a commonly used, machine-readable format and is entitled to transmit this data to another Controller without being obstructed by the Controller, who was given access to these personal data in the first place, if:
Deletion
(1) Data Subject has the right to terminate Data Subject’s personal data on Data Subject’s request without any undue delay by Controller and Controller is obliged to delete personal data relating to the subject without undue delay if one of the following reasons exists:
(2) If the Controller has disclosed personal data and is required to cancel it pursuant to paragraph 1, it shall take reasonable steps, including technical measures, to take into account the available technology and implementation costs in order to inform the Controllers handling the data, that Data Subject has requested from them to delete any referring links, duplications or copies of such personal data.
(3) Paragraphs (1) and (2) shall not apply where data processing is required:
Limitation
(1) Data Subject has the right to request Controller to limit the processing of data on request if one of the following is true:
(2) If the processing of data is restricted under paragraph 1, such personal data may only be used with the consent of the Data Subject concerned or with the submission, enforcement or protection of legal or other rights of the natural or legal person, or in an important public interest of the EU or a Member State.
(3) Controller shall inform Data Subject in advance the dissolution of limitation of the previously limited processing of data requested by Data Subject pursuant to paragraph (1).
Objection
Data Subject is entitled to object to the handling of Data Subject’s personal data for any reason relating to Data Subject’s own situation if the Controller carries out a task in the exercise of a public authority license or processing is necessary to enforce the legitimate interests of the Controller or a third party including profiling based on those provisions. In this case, Controller may not process personal data unless Controller proves that processing is justified by legitimate reasons of enforceability that prevail over the interests, rights and freedoms of the Data Subject, or for the submission, enforcement or protection of legal claims related.
If Data Subject’s personal data is handled for direct marketing, Data Subject is entitled to object at any time to the handling of personal data relating to that purpose, including profiling, if it relates to direct marketing.
If Data Subject objects the handling of personal data for direct business acquisition, personal data may no longer be processed for that purpose.
In the event of violation of Data Subjects personality rights and in the cases specified in the Regulation, Data Subject may request the assistance of the National Authority for Data Protection and Freedom of Information:
The Controller reserves the right to modify or update this “Information” at any time, without prior notice, and publish the updated version on its websites. Any modification applies only to personal data collected after the publication of the revised version.
Please check this “Information” regularly to review the changes or to know how the changes affect you.
Last update: November 18th, 2019.