Privacy policy

Preamble

 

ProMan Consulting Kft. (hereinafter referred to as “Controller“, headquarters 1221 Budapest, Tanító utca 15/1 a) as a (Data) Controller in the processing of personal data acts in accordance with the provisions of the regulation and the applicable laws (regulation No 2016/679 of the European Parliament and the Council of 27 April 2016) on the protection of individuals with regard to the processing of personal data and the free movement of such data.

ProMan Consulting Kft. respects your rights (hereinafter referred to as “Data Subject“) to protect your personal data. This information material summarizes, in a compact, simple way, what information we collect, how we can use it, and describes the tools we use, as well as the privacy and enforcement capabilities of the Data Subject.

Detailed rules are laid down in the aforementioned Regulation. For further information, we recommend that the Regulation is to be studied.

 

Definitions

  • Personal data – any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  • Processing – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • Controller – a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
  • Data Processor – a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
  • Recipient – a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
  • Third Party – a natural or legal person, public authority, agency or body other than the Data Subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
  • Consent – consent of the Data Subject means any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
  • Profiling – means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
  • Personal data breach – means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
  • Authority: National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság), naih.hu

 

1.        Designation and contact details of the Controller (service provider)

 

2.        Purpose of processing, scope of processed data, duration of processing, and scope of entitled third parties to access data

Purpose of processing

Personal data can only be processed for a specific purpose, to the extent necessary, to exercise a right and to fulfill obligations. At all stages of processing, the purpose of processing must be met, data entry and management must be fair and legitimate. Personal data can only be handled to the extent and for the duration required to achieve the goal. Controller’s internal instructions specified that only the recipients contributing to and needed to achieve the purpose of processing can manage the data.

Controller handles personal data with a voluntary consent in the following cases:

  • Registration
  • Website cookie operation
  • Organizing interviews between matched users (company representatives and freelancers)
  • Sharing contact information of matched users (company representatives and freelancers)

 

Controller handles personal data as a result of a statutory obligation in the following cases:

  • Issuing invoices
  • Contract administration

 

Controller handles personal to fulfil its contractual obligations in the following cases:

  • Keeping contact with the application users
  • User management
  • Contract renewal

 

Controller handles personal data on the basis of legitimate interest in the following cases:

  • Server maintenance
  • System development, maintenance

 

The scope of processed data, the duration of processing, and entitled third parties to access data

Referring to the above, the following data are collected and treated for the designated retention period by reference to the claimed legal basis.

 

DATA PROCESSED BY VOLUNTARY CONSENT

Name of data

Retention time

Browser cookies

Until unsubscription

Name

Until unsubscription or until completion of interviews or until the cessation of the need for an interview

Email address

Until unsubscription or until completion of interviews or until the cessation of the need for an interview

Telephone number

Until unsubscription or until completion of interviews or until the cessation of the need for an interview

Title

Until unsubscription

Place of residence

Until unsubscription

Birth date

Until unsubscription

User ID

Until unsubscription

Position

Until unsubscription or until completion of interviews or until the cessation of the need for an interview

Company name

Until unsubscription or until completion of interviews or until the cessation of the need for an interview

Company address

Until unsubscription or until completion of interviews or until the cessation of the need for an interview

 

DATA PROCESSED BY STATUTORY OBLIGATION

Name of data

Retention time

Name

Retention time according to the legal regulations for the term of the contract or 8 years after the invoice has been issued (Under subsection (1) of section 169 of Act C. of 2000).

Billing address

Retention time according to the legal regulations for the term of the contract or 8 years after the invoice has been issued (Under subsection (1) of section 169 of Act C. of 2000).

 

DATA PROCESSED BY CONTRACTUAL OBLIGATIONS

Name of data

Retention time

Name

Retention time according to the legal regulations for the term of the contract or 8 years after the invoice has been issued (Under subsection (1) of section 169 of Act C. of 2000).

Email address

Retention time according to the legal regulations for the term of the contract or 8 years after the invoice has been issued (Under subsection (1) of section 169 of Act C. of 2000).

Telephone number

Retention time according to the legal regulations for the term of the contract or 8 years after the invoice has been issued (Under subsection (1) of section 169 of Act C. of 2000).

Position

Retention time according to the legal regulations for the term of the contract or 8 years after the invoice has been issued (Under subsection (1) of section 169 of Act C. of 2000).

Company name

Retention time according to the legal regulations for the term of the contract or 8 years after the invoice has been issued (Under subsection (1) of section 169 of Act C. of 2000).

Birth date

Retention time according to the legal regulations for the term of the contract or 8 years after the invoice has been issued (Under subsection (1) of section 169 of Act C. of 2000).

City of residence

Retention time according to the legal regulations for the term of the contract or 8 years after the invoice has been issued (Under subsection (1) of section 169 of Act C. of 2000).

 

 

DATA PROCESSED BY LEGITIMATE INTEREST

Name of data

Retention time

Stored data

Retention time according to the termination of legitimate interest or according to the related statutory provision (Under section 6:22 of the Hungarian Civil Code), which is 5 years.

 

You may find information on the methods of withdrawing voluntary consent in this Statement’s section number 5.

 

 

3.        Collection, use, and transmission of personal data

When collecting personal data, the Controller complies with applicable legal regulations, restrictions, and ethical standards.

Controller:

  • Informs Data Subject of Controller’s processing practices as prescribed in a timely manner, before data is processed.
  • Collects, stores and uses personal data for a specific purpose only. The information collected is always relevant and appropriate to the given purpose.
  • Makes reasonable steps to ensure that Data Subject’s personal data is entire, accurate, up-to-date and reliable to Data Subject’s intended purpose.
  • Uses Data Subject’s personal data for promotional purposes only with Data Subject’s explicit consent and provides the opportunity to withdraw consent for, thus prohibit such communication.
  • Takes reasonable and prudent steps to protect Data Subject’s personal data, including cases when personal data is transmitted to third parties. Data transfers to third parties without Data Subject’s prior express consent will not happen.

For the processing of personal data by the Controller, the following Data Processor(s) will be used for the indicated activities:

 

 

Data Processor

Company reg. numb. / VAT numb.

Data processing activity

Octonull Kft.

01 09 198177

Invoice issuing

Gold Medal Kft.

01 09 996475

Accounting

Magyar Posta Zrt.

01 10 042463

Correspondence

Bene Studio Kft.

01 09 280532

Application development

Google Ireland Ltd.

IE6388047V

Digital marketing, user analytics

Facebook Ireland Ltd.

IE9692928F

Digital marketing

 

The data controller also transmits the data to the following recipients in addition to the recipients specified in the internal policy(s):

  • Employees of the Controller performing customer service,
  • Employees and processors of the Controller performing accounting and taxation activities.

 

4.        Access, modification, correction, and portability of personal data

Access

Data Subject has the right to receive feedback from Data Controller as to whether Data Subject’s personal data is being processed and, if such processing is in progress, has the right to have access to his or her personal data and the following information:

  1. purposes of processing;
  2. categories of personal data concerned;
  3. categories of recipients or recipients with whom or which personal data was communicated or will be communicated.

Modification, correction

Data Subject is entitled to request the Controller to correct any of his or her inaccurate personal data without undue delay. Taking into account the purpose of the data handling, Data Subject is entitled to request the supplementation of incomplete personal data, including by means of a supplementary statement.

 

Portability

Data Subject has the right to receive the personal data previously provided to Controller in a commonly used, machine-readable format and is entitled to transmit this data to another Controller without being obstructed by the Controller, who was given access to these personal data in the first place, if:

  1. processing is based on a voluntary contribution or on a contract where Data Subject is one of the parties; and
  2. processing is carried out in an automated manner.

 

5.        The deletion, limitation and right to object

Deletion

(1) Data Subject has the right to terminate Data Subject’s personal data on Data Subject’s request without any undue delay by Controller and Controller is obliged to delete personal data relating to the subject without undue delay if one of the following reasons exists:

  1. personal data is no longer required for the purpose from which they have been collected or otherwise handled;
  2. Data Subject withdraws the voluntary consent given to Controller through the contact opportunity provided by Controller and there is no other legal basis for processing;
  3. Data Subject has been concerned with data handling for reasons related to Data Subject’s own situation or Data Subject objects to data processing because of direct business information management, and there is no priority legitimate reason for data processing;
  4. personal data has been unlawfully handled;
  5. personal data is to be deleted in order to comply with legal obligations imposed on the Controller in the European Union or Member States’ law;
  6. the collection of personal data was directly related to the provision of information society services specifically to children.

(2) If the Controller has disclosed personal data and is required to cancel it pursuant to paragraph 1, it shall take reasonable steps, including technical measures, to take into account the available technology and implementation costs in order to inform the Controllers handling the data, that Data Subject has requested from them to delete any referring links, duplications or copies of such personal data.

(3) Paragraphs (1) and (2) shall not apply where data processing is required:

  1. to exercise the right to freedom of expression and information;
  2. to fulfill an obligation under EU or Member State law for the processing of personal data, which is applicable to the Controller, based on public interest or to carry out tasks in accordance with exercising public authority;
  3. based on public interest in the fields of workplace health or public health;
  4. for purposes of public interest archiving, for scientific and historical research purposes or for statistical purposes, where the law referred to in paragraph 1 is likely to render impossible or seriously jeopardize this data processing; or
  5. to file, enforce or protect legal claims.

 

Limitation

(1) Data Subject has the right to request Controller to limit the processing of data on request if one of the following is true:

  1. Data Subject dispute the accuracy of the personal data; in this case, the limitation concerns the period of time where Controller can verify the accuracy of personal data;
  2. data processing is unlawful, and Data Subject opposes the deletion of data and instead requests their use to be limited;
  3. Controller no longer needs personal data for data processing, but Data Subject requires them to submit, enforce, or protect legal claims; or
  4. Data Subject has objected to data handling for reasons related to Data Subject’s own situation; in this case, the restriction applies to the duration of determining whether the rightful reasons of Controller have priority over Data Subject’s legitimate grounds.

(2) If the processing of data is restricted under paragraph 1, such personal data may only be used with the consent of the Data Subject concerned or with the submission, enforcement or protection of legal or other rights of the natural or legal person, or in an important public interest of the EU or a Member State.

(3) Controller shall inform Data Subject in advance the dissolution of limitation of the previously limited processing of data requested by Data Subject pursuant to paragraph (1).

 

Objection

Data Subject is entitled to object to the handling of Data Subject’s personal data for any reason relating to Data Subject’s own situation if the Controller carries out a task in the exercise of a public authority license or processing is necessary to enforce the legitimate interests of the Controller or a third party including profiling based on those provisions. In this case, Controller may not process personal data unless Controller proves that processing is justified by legitimate reasons of enforceability that prevail over the interests, rights and freedoms of the Data Subject, or for the submission, enforcement or protection of legal claims related.

If Data Subject’s personal data is handled for direct marketing, Data Subject is entitled to object at any time to the handling of personal data relating to that purpose, including profiling, if it relates to direct marketing.

If Data Subject objects the handling of personal data for direct business acquisition, personal data may no longer be processed for that purpose.

 

6.        Data Subject’s Enforcement Opportunities

In the event of violation of Data Subjects personality rights and in the cases specified in the Regulation, Data Subject may request the assistance of the National Authority for Data Protection and Freedom of Information:

  • Name: Nemzeti Adatvédelmi és Információszabadság Hatóság (National Authority for Data Protection and Freedom of Information)
  • Postal address: 1530 Budapest, Pf.: 5.
  • Address: Szilágyi Erzsébet fasor 22 / c., 1125 Budapest, Hungary
  • Phone: +36 (1) 391-1400
  • Fax: +36 (1) 391-1410
  • Web: www.naih.hu 
  • E-mail: ugyfelszolgalat@naih.hu

 

7.        Changes in this Information material

The Controller reserves the right to modify or update this “Information” at any time, without prior notice, and publish the updated version on its websites. Any modification applies only to personal data collected after the publication of the revised version.

Please check this “Information” regularly to review the changes or to know how the changes affect you.

Last update: November 18th, 2019.