PRIVACY POLICY

1. PURPOSE OF THE PRIVACY POLICY

The purpose of this document is for Kontence Consulting Kft. (address: 1051 Budapest, Arany János utca 16. 2nd floor 1.), as data controller (hereinafter uniformly referred to as Data Controller), to describe the data protection rules, procedures, and protective measures applied and operated within the Data Controller’s organization concerning data qualifying as personal data.

In this document, the Data Controller also informs its clients, partners, and all natural and legal persons who are in any legally interpretable relationship with the Data Controller and whose interests arise during the processing of personal data, about the rules for processing personal data managed by it, the applied protective measures, procedures, and the method of data processing.

The Data Controller considers the rules, provisions, and obligations described in this Privacy Policy to be legally binding on itself and applies them in its operations, and declares that the data protection rules and procedures described and applied in this document comply with the current national and European Union data protection legislation. The Data Controller further declares that it considers the right to informational self-determination important, especially regarding personal data, and takes all available organizational, operational, regulatory, and technological measures within its scope to ensure compliance with these rights.

The currently effective version of the Privacy Policy is available at kontence.com/adatvedelem. The Data Controller may change the Privacy Policy at any time, subject to the obligation of publication and informing the Data Subjects.

2. DATA OF THE DATA CONTROLLER

Name: Kontence Consulting Kft.
Registered office: 1051 Budapest, Arany János utca 16. 2. 2nd floor 1.
Tax number: 27293836-2-41
Company registration number: 01 09 352450
Phone: +36 30 295 8384
E-mail: iroda@kontence.com

2.1 DATA PROTECTION OFFICER

The Data Controller does not perform activities that would necessitate the appointment of a data protection officer.

3. SCOPE OF PERSONAL DATA PROCESSED

3.1. TECHNICAL DATA

The Data Controller selects and operates the IT tools used during the provision of the service for the processing of personal data in such a way that the processed data:

  • is accessible to those authorized (availability);
  • its authenticity and authentication are ensured (authenticity of data processing);
  • its immutability can be verified (data integrity);
  • is protected against unauthorized access (data confidentiality).

The Data Controller protects the data with appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction.

The Data Controller ensures the security of data processing with technical, organizational, and institutional measures that provide a level of protection appropriate to the risks associated with data processing.

During data processing, the Data Controller maintains confidentiality: it protects information so that only authorized persons can access it; integrity: it protects the accuracy and completeness of the information and the processing method; availability: it ensures that when an authorized user needs it, they can indeed access the desired information and that the related tools are available.

3.2 COOKIES

3.2.1 PURPOSE OF COOKIES

A HTTP cookie (cookie) is a small data packet created by the server containing the visited website during internet browsing with the help of the client’s web browser, upon the first visit, if enabled in the browser. Cookies are stored on the user’s computer in a predefined location, which varies by browser type. During subsequent visits, the browser sends the stored cookie back to the web server, along with various information about the client. With the help of cookies, the server can identify the user, collect various information about them, and create analyses from this data. The main functions of cookies are:

  • the purposes of the processing;
  • remember visitors’ individual settings, which may be used, for example, when using online transactions, so they do not have to be re-entered;
  • facilitate, simplify, make the use of the given website more convenient and smoother;
  • make it unnecessary to re-enter already provided data;
  • generally improve the user experience.

By using cookies, the Data Controller performs data processing, the main purposes of which are:

  • user identification
  • identification of individual sessions
  • identification of devices used for access
  • storage of certain provided data
  • storage and transmission of tracking and location information
  • storage and transmission of data necessary for analytical measurements

3.2.2 SESSION COOKIES

The purpose of these cookies is to allow visitors to browse the kontence.com website fully and smoothly, use its functions, and the services available there. The validity period of these types of cookies lasts until the end of the session (browsing); upon closing the browser, these types of cookies are automatically deleted from the computer or other device used for browsing.

3.2.3. THIRD-PARTY ANALYTICAL COOKIES

The kontence.com website also uses third-party cookies, such as Google Analytics. By using the Google Analytics statistical service, the kontence.com website collects information about how visitors use the website. This data is used to develop the website and improve the user experience. These cookies also remain on the visitor’s computer or other browsing device, in its browser, until their expiration or until the visitor deletes them.

3.2.4. POSSIBILITY TO DISABLE COOKIES AND SET COOKIE-RELATED RULES

The Data Subject has the option to set rules regarding certain types of cookies, e.g., to prevent the use of cookies, to disable cookies, etc., through the appropriate settings of the browser used. Information on the options for selectively or generally disabling cookies can be found in the ‘Help’ menu of the respective browser. With these, cookies:

The ‘Help’ function found in the menu bar of most browsers provides information on how cookies can be managed in the browser:

  • disable cookies generally;
  • set the method of accepting cookies (automatic acceptance, prompt individually, etc.);
  • disable individually;
    delete individually or in groups;
  • perform other cookie-related operations.

4. GENERAL DATA PROCESSING PRINCIPLES, NAME OF DATA PROCESSING, USE, LEGAL BASIS, AND RETENTION PERIOD

The Data Controller’s data processing activities are based on voluntary consent and legal authorization. In cases of data processing based on voluntary consent, data subjects may withdraw their consent at any stage of the data processing.

In certain cases, the processing, storage, and transmission of a set of provided data are made mandatory by law, about which we inform our clients separately. We draw the attention of data providers to the Data Controller that if they do not provide their own personal data, it is the data provider’s obligation to obtain the consent of the data subject. The Data Controller’s data processing principles are in line with current data protection legislation, including, in particular, the following: Act CXII of 2011 – on the right to informational self-determination and freedom of information (Infotv.);

Regulation (EU) 2016/679 of the European Parliament and of the Council (27 April 2016) – on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR); Act V of 2013 – on the Civil Code (Ptk.); Act C of 2000 – on accounting (Számv. tv.); Act LIII of 2017 – on the prevention and combating of money laundering and terrorist financing (Pmt.); Act CCXXXVII of 2013 – on credit institutions and financial enterprises (Hpt.).

4.1 DATA RELATED TO ONLINE INQUIRIES

It is possible to contact the Data Controller via the website, during which the following personal data are requested:

  • Name (mandatory field)
  • Email address (mandatory field)
  • Phone number (mandatory field)

Purpose of data processing, planned use of processed data: The data will be used to write requests for proposals for the services indicated.

Legal basis for data processing: performance of a contract.
Retention period: duration of the business relationship, or request for deletion.

4.2 DATA RELATED TO INVOICING

The Data Controller enters into contracts with its clients for ordered services, during which it stores the following data:

  • Name
  • Company name
  • Address
  • Tax number
  • Email address

Purpose of data processing, planned use of processed data: invoicing.

Legal basis for data processing: legal requirement.

Retention period: current year + 5 years based on legal requirements.

4.3 HANDLING CONSUMER COMPLAINTS

If you submit a consumer complaint, data processing and the provision of data are essential for handling the matter.

  • Name
  • Email address
  • Phone number
  • Complaint

Purpose of data processing, planned use of processed data: handling consumer complaints.
Legal basis for data processing: voluntary consent.

Retention period: current year + 5 years based on the Consumer Protection Act

5. PHYSICAL STORAGE LOCATIONS OF DATA

Your personal data (i.e., data that can be linked to your person) may come into our possession in the following ways:

  • on the one hand, technical data related to the computer, browser program, internet address, and visited pages you use are automatically generated in our computer system in connection with maintaining the internet connection;
  • on the other hand, you may also provide your name, contact information, or other data if you wish to establish personal contact with us while using the website. Data technically recorded during system operation: data of the logged-in computer of the data subject, which the kontence.com system records as an automatic result of technical processes.

The automatically recorded data is automatically logged by the system upon entry and exit, without any separate declaration or action by the data subject.

This data cannot be linked to other personal user data, except in cases mandated by law. Only the kontence.com domain has access to this data.

6. DATA TRANSFER, DATA PROCESSING, SCOPE OF PERSONS WITH ACCESS TO DATA

The data is primarily accessible to the Data Controller and its internal staff, to the extent appropriate to the authorization rules, authorization system, and other internal regulations. The Data Controller performs certain data-related operations and tasks with third-party Data Processors. The Data Controller does not publish the data beyond those listed and does not transfer it to other third parties.

Hosting service:
Magyar Hosting Kft.,
Address: 5231 Fegyvernek, Dózsa Gy. út 32.
Phone: +36 70 610 0052
E-mail: info@fullhosting.hu
Scope of data subjects: IP addresses of website visitors.
Scope of data accessed: content of the website on the kontence.com domain, emails arriving at email addresses based on this domain.

Google Analytics:
Google Inc., Mountain View, California, USA
Scope of data accessed: anonymized, non-personally identifiable IP addresses of visitors to the kontence.com website.

7. RIGHTS OF THE DATA SUBJECT

The Data Subject may exercise the rights described below, among others, regarding their personal data processed by the Data Controller.

7.1. RIGHT OF ACCESS BY THE DATA SUBJECT

The Data Subject has the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

  • purposes of data processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
  • the envisaged period for which the personal data will be stored;
  • the existence of the right to request from the Data Controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • where the personal data are not collected from the data subject, any available information as to their source;
  • the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

The Data Controller shall provide a copy of the personal data undergoing processing to the Data Subject in one instance. For any further copies requested by the Data Subject, the Data Controller may charge a reasonable fee based on administrative costs. If the Data Subject makes the request by electronic means, the Data Controller shall provide the information in a commonly used electronic form, unless otherwise requested by the Data Subject, within a maximum of 30 days from the submission.

7.2. RIGHT TO RECTIFICATION

The Data Subject has the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning him or her, and has the right to have incomplete personal data completed, taking into account the purposes of the processing.

7.3. RIGHT TO ERASURE

The Data Subject has the right to obtain from the Data Controller the erasure of personal data concerning him or her without undue delay, and the Data Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • the Data Subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing;
  • the Data Subject objects to the processing, and there are no overriding legitimate grounds for the processing; the personal data have been unlawfully processed;
    the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject;
  • the personal data have been collected in relation to the offer of information society services.

Data erasure cannot be initiated if processing is necessary:

for exercising the right of freedom of expression and information;
for compliance with a legal obligation which requires processing by Union or Member State law to which the Data Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
for reasons of public interest in the area of public health;
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes;
for the establishment, exercise or defense of legal claims.

7.4. RIGHT TO RESTRICTION OF PROCESSING

The Data Subject has the right to obtain from the Data Controller restriction of processing where one of the following applies:

  • the accuracy of the personal data is contested by the Data Subject, for a period enabling the Data Controller to verify the accuracy of the personal data;
  • the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defense of legal claims; or
  • the Data Subject has objected to processing; in this case, the restriction applies for the period until it is verified whether the legitimate grounds of the Data Controller override those of the Data Subject.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the Data Subject’s consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

7.5. RIGHT TO DATA PORTABILITY

The Data Subject has the right to receive the personal data concerning him or her, which he or she has provided to a Data Controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another Data Controller.

7.6. RIGHT TO OBJECT

The Data Subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, including profiling based on those provisions. In such cases, the Data Controller shall no longer process the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defense of legal claims.

7.7. AUTOMATED INDIVIDUAL DECISION-MAKING, INCLUDING PROFILING

The Data Subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

7.8. RIGHT TO WITHDRAW CONSENT

The Data Subject has the right to withdraw his or her consent regarding personal data at any time.

7.9. LEGAL REMEDIES

In case of infringement of their rights, the Data Subject may request information, legal remedy, or lodge a complaint through the contact details provided in point 2.2, or with the Data Protection Officer specified in point 2.3. If these are unsuccessful, the Data Subject has the right to turn to the court or contact the National Authority for Data Protection and Freedom of Information.

7.10 CONTACT DETAILS OF THE NATIONAL AUTHORITY FOR DATA PROTECTION AND FREEDOM OF INFORMATION (NAIH)

Name: National Authority for Data Protection and Freedom of Information (NAIH)
Registered office: 1055 Budapest, Falk Miksa utca 9-11.
Mailing address: 1363 Budapest, Pf. 9
Tel: +36 (30) 683-5969
Tel: +36 (30) 549-6838
Tel: +36 (1) 391 1400
E-mail: ugyfelszolgalat@naih.hu
Website: www.naih.hu

8. OTHER PROVISIONS

In the event of an official request or a request from another organization based on other legal obligations, the Data Controller may be obliged or compelled to release data. In such cases, the Data Controller strives to release only as much and such type of personal data as is strictly necessary for the data release obligation.