I. Purpose of the Data Processing Information
The organization undertakes to ensure that the data processing related to its services complies with the provisions set forth in this information sheet and the applicable laws, and that the data processing policies and information comply with the provisions of the applicable Hungarian and European legislation, including, in particular, Act No. CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter referred to as the "Info Act"), Act No. V of 2013 on the Civil Code (hereinafter referred to as the "Civil Code"), and the data processing provisions take into account the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as the "Regulation").
II. Data of the Data Controller
The issuer of this information, also the Data Controller, is the legal entity specified in this chapter.
Company name: Kovács Katalin e.v.
Registered office: 8000, Székesfehérvár, Kelemen Béla utca 14/A. B42.
Registration office: 58554443
Tax number: 48262376-1-27
Statistical ID: 48262376-7022-231-07
Representative: Kovács Katalin
Email address: info@kovacskati.com
Telephone : +36202972477
(hereinafter referred to as: Data Controller).
Kovács Katalin e.v. has not appointed a data protection officer, considering that it does not conduct data processing activities that would necessitate such an appointment.
III. The activities of the Data Controller
The Data Controller is a business organization engaged in business consulting. Its primary objective is to enhance the operations of manufacturing companies operating in the Hungarian market through the development of their processes, teams, and employees.
To achieve this goal, the activities of the Data Controller include:
- Organizational development consulting,
- Business consulting,
IV. Purpose of the data processing
Based on the purpose of data processing, data processing may occur based on the Data Subject's consent, for the performance of a contract, or for legitimate interests, as well as for compliance with legal obligations.
- Data processing based on voluntary consent: The Data Controller processes data based on the voluntary, informed, and explicit consent of individuals (hereinafter referred to as "Data Subjects") who are executives and employees of companies using the services of the Data Controller or who come into contact with the Data Controller as customers, suppliers, or regulatory authorities.
- These data processing activities are always based on the express consent provided by the Data Subject in any form prior to the data processing. The Data Controller processes the provided data for the purpose of communication, performance, and enforcement of contracts, as well as for other purposes of legitimate interests.
- Data processing based on legal obligations: The Data Controller processes the data of natural persons who enter into business relations with the Data Controller as customers or suppliers based on the legal obligation to fulfill tax and accounting obligations prescribed by law (accounting, taxation). The processed data include, particularly based on Section 169 and 202 of Act CXXVII of 2017 on Value Added Tax: tax number, name, address, tax status; based on Section 167 of Act C of 2000 on Accounting: name, address, indication of the person or organization ordering the economic operation, the approver, the person confirming the execution of the disposal, and the signature of the auditor, depending on the organization.
- Information regarding website visits: Visitors do not need to provide personal identification data to browse the website. The Data Controller may collect non-personally identifiable information in a limited scope, made available by the browser during website visits. As the website is browsed, technical information is recorded by the browser operator (e.g., in log files containing the visitor's IP address, timestamp, and URL of the visited page). Such logged data includes the IP address, browser type and language, query date and time, and a package of information suitable for uniquely identifying the visitor's browser (commonly referred to as cookies). The system continuously logs this data but does not link it to other data provided by the visitor. Apart from the browser operator, only the Data Controller and Data Processors have access to this technical data, without using it for visitor identification.
The Data Controller solely utilizes the above information for the technical operation of the website, statistical purposes, better understanding visitor behavior, and improving its products, solutions, and services. The Data Controller does not collect personal data (such as name, email address) through cookies and does not sell the received data.
By visiting the website, the visitor acknowledges and consents to the collection of non-personally identifiable logged data, including the placement of cookies on the visitor's computer (device), enabling the unique identification of their browser.
V. The scope of processed data
The Data Controller processes the following data concerning individual Data Subjects:
For consulting and interim services provided to business organizations:
- Names of contact persons or employees designated for cooperation in the respective project
- Email addresses
- Phone numbers
- Job positions, previous job positions
For website visitors logging in and recipients of newsletters, as well as for event-related data processing:
- Name
- Phone number
- Email address
- Job position
- Other positions
VI. The duration of data processing
The Data Controller shall process the data of the Data Subjects for the following periods:
- In the case of contacts, until the termination of the legal relationship or the fulfillment of the deletion request,
- In the case of legal obligations, for 8 years following the termination of the legal relationship that provides the legal basis,
- In the case of newsletter sending and event organization, until unsubscribed.
The Data Subjects cannot request the deletion of their data until the completion of the service related to data processing or the termination of the contractual relationship. Upon completion, termination of the service relationship, or receipt of the deletion request, the Data Controller shall delete the Data Subject's data within 15 days.
VII. Data processors, other data controllers, access to data
In terms of recorded data, the data controller Kovács Katalin e.v. (Headquarters: 14/A Kelemen Béla Street, 8000 Székesfehérvár, registration number: 58554443, tax number: 48262376-1-27), as the service provider, has access to personal data.
In the course of its activities, the data is not transferred to other data controllers except in the case of requests from authorities, investigative authorities, administrative authorities, as well as court requests, and as part of the accounting process.
In providing accounting services, for the purpose of fulfilling legal obligations, accounting services are provided by Pigler Éva e.v. (headquarters: 819/7, Iszkaszentgyörgy, 8043, tax number: 65065969-1-27).
For the purpose of maintaining contact through the website, for legitimate interests, the website provider is: NetMasters Europe Kft.
You can find more information about the data protection guidelines of the website provider at the following link: netmasters.hu
In the case of data protection, you can send an inquiry to the following e-mail address:
E-mail: info@kovacskati.com
VIII. The technical details of data processing and information security
The business organization takes all organizational and technical measures necessary, taking into account the current data security risks, to prevent the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data being processed.
Additionally, it takes all reasonable steps to ensure the accuracy, completeness, and up-to-date status of the personal data it processes and/or manages.
The Data Controller ensures that all individuals involved in the processing of personal data are carefully selected, undertake confidentiality obligations (or are subject to appropriate legal confidentiality obligations), and are familiar with relevant data protection provisions.
IX. Information about the data subject's rights
Right to Information
The data subject has the right to receive information about the facts and details related to data processing before the commencement of data processing. (Article 13-14 of the Regulation)
Right of Access
The data subject is entitled to receive confirmation from the Data Controller as to whether their personal data is being processed, and if such processing is underway, they have the right to access their personal data and the related information specified in the Regulation. (Article 15 of the Regulation)
Right to Rectification
The data subject has the right to request the Data Controller to rectify without undue delay any inaccurate personal data concerning them. Taking into account the purposes of the data processing, the data subject is entitled to request the completion of incomplete personal data, including by means of providing a supplementary statement. (Article 16 of the Regulation)
The right to erasure
Data subjects have the right to request the Data Controller to erase their personal data without undue delay if specified conditions are met.
This right may be partial and requested separately for certain data processing activities.
Unsubscribing may take a few working days to process, but data related to the specific activity will be promptly deleted upon request.
Data deletion cannot be initiated:
- if data processing is necessary to fulfill a legal obligation, for official authority purposes, for statistical purposes in the public interest,
- or for the establishment, exercise, or defense of legal claims.
The right to restriction of processing
Data subjects have the right to request the Data Controller to restrict the processing of personal data if specified conditions are met.
Processing shall be restricted, if certain conditions apply, including:
- disputes about data accuracy
- unlawful processing
- no longer needing the data for processing purposes
- or objections to processing pending verification of legitimate grounds
When processing is restricted, personal data shall only be processed with consent or for specified legal purposes.
The right to data portability
Subject to the conditions set forth in the Regulation, data subjects have the right to receive their personal data provided to the Data Controller in a structured, commonly used, machine-readable format and have the right to transmit this data to another Data Controller.
The right to object
Data subjects have the right to object at any time, for reasons related to their particular situation, to the processing of their personal data based on Article 6(1)(e) (performance of a task carried out in the public interest or in the exercise of official authority) or (f) (legitimate interests pursued by the Data Controller or a third party), including profiling based on those provisions.
In such cases, the Data Controller shall not further process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.
Restrictions
The data subject has the right to request the restriction of data processing under the conditions specified by law. (Regulation Article 23)
Notification to the data subject of a personal data breach
If a personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Data Controller shall inform the data subject of the personal data breach without undue delay. (Regulation Article 34)
Right to lodge a complaint with a supervisory authority (right to administrative recourse)
The data subject has the right to lodge a complaint with the supervisory authority designated by the legislator for this purpose – particularly in the Member State of his habitual residence, place of work, or place of the alleged infringement – if the data subject considers that the processing of personal data concerning him or her infringes the Regulation. (Regulation Article 77)
Right to an effective judicial remedy against a supervisory authority
Any natural or legal person has the right to an effective judicial remedy against a legally binding decision of a supervisory authority concerning them, or if the supervisory authority does not deal with the complaint or inform the data subject within three months on the progress or outcome of the complaint. (Regulation Article 78)
XI. Submitting the Data Subject's Request, Measures Based on the Request
Data subjects may submit their requests
- in writing to the Data Controller's address
- or electronically by sending them to the email address info@kovacskati.com
The Data Controller shall inform the data subject without undue delay, but in any case within one month from the receipt of the request, about the measures taken regarding the exercise of their rights.
If the Data Controller rejects the request for fulfillment, the notification shall include the legal basis for the refusal and the data subject's options for redress.
The data subject may lodge a complaint regarding data processing with the supervisory authority appointed by the legislator or with the court of their habitual residence or place of stay. As of the date of publication of this Data Processing Information, the authority appointed by the legislator for data protection matters and for administrative remedies is:
Nemzeti Adatvédelmi és Információszabadság Hatóság
Address: 1530 Budapest, Pf.: 5.
Registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Telephone: +36 (1) 391-1400
E-mail: ugyfelszolgalat@naih.hu
XII.Possibility of modifying the data processing policy
The Data Controller reserves the right to unilaterally modify this Data Processing Statement with prior notification to users. Registered users accept the modified Data Processing Statement by using the service after the changes come into effect.