Preambulum

A ProMan Consulting Kft. (hereinafter "Data Controller"; seat: 1221 Budapest, Tanító u. 15/1a.) as a data controller shall act in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and the applicable laws.

A ProMan Consulting Kft. respects your (hereinafter "Contact") to the protection of personal data. This notice summarises in a concise and simple manner what information we collect, how we may use it, the tools we use and the data protection and data protection enforcement choices available to you.

Detailed rules are set out in the Regulation, and we recommend that you check the Regulation for further information.

1. Identification and contact details of the data controller (service provider)

Data Controller Name: ProMan Consulting Kft.

Head office: 1221 Budapest, Tanító u. 15/1a.

Postal address: 1221 Budapest, Tanító u. 15/1a.

Company registration number: 01-09-293715

Data Controller's representative: Zsolt Czimbalmos

E-mail address of the Data Controller's representative: adatvedelem@promanconsulting.hu

Contact by phone: +36 30 663 2069

Central e-mail address: info@promanconsulting.hu

Data Protection Officer: János Szendi Joó

Complaint handling location and contact details: 1118 Budapest, Kelenhegyi út 29/b.; adatvedelem@promanconsulting.hu

2. Purpose of data processing, scope of data processed, duration of data processing, persons entitled to access the data

Purpose of data processing

Personal data may be processed only for specified purposes, to the extent necessary for the exercise of rights and obligations. At all stages of processing, the purpose of the processing must be fulfilled and the collection and processing of data must be fair and lawful. Personal data shall be processed only to the extent and for the duration necessary to achieve the purpose. The controller has established internal instructions to ensure that only recipients who are necessary for the purposes of the processing contribute to the achievement of the purpose of the processing.

The Controller processes personal data for the purpose of preparing and performing a contract in the following cases:

  • Online system: to contact and provide information in case of enquiries or requests for information about the programme.
  • the recording of the Data Subject's data for the purposes of the programme/service provision

The Controller processes personal data on the basis of the Data Subject's explicit and voluntary consent in the following cases:

  • Send newsletter with offers, marketing materials

Set of data processed, duration of data processing, persons entitled to access the data

As stated above, we collect and process the following data on the basis of the legal basis indicated and for the retention period indicated.

Data processed based on contract preparation and completion:

  • Name, email address, company name

Retention period for the expiry of the contract

 

Data processed with voluntary consent:

  • Name, email address, company name

3. Collection, use and transfer of personal data

The Data Controller shall comply with applicable legal requirements, restrictions and ethical standards when collecting personal data.

Data Controller:

  • Inform the Data Subject of its data management practices in a timely manner, prior to the start of the processing, in the prescribed manner.
  • The Data Controller shall inform the Data Subject about the collection, storage and use of personal data. The information collected is always appropriate, relevant and adequate for the purpose for which it is collected.
  • It will take reasonable steps to ensure that the Personal Data of the Data Subject is complete, accurate, up to date and reliable to the extent necessary for that purpose.
  • We will only use your personal data for promotional purposes with your consent and will give you the opportunity to opt-out of such communications.
  • Take reasonable and prudent steps to ensure the protection of your Personal Data, including where you transfer it to third parties. No transfers to third parties will be made without the prior express consent of the Data Subject.

 

The Data Controller uses the following Data Processor(s) to process personal data for the activities indicated:

  • IT support (Microsoft) - M365

4. Access, modification, rectification, portability of personal data

Access

The data subject shall have the right to obtain from the Controller feedback as to whether or not his or her personal data are being processed and, if such processing is taking place, the right to access the personal data and the following information:

  1. the purposes of the processing;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipients to whom or which the personal data have been or will be disclosed.

Amendment, rectification

The data subject shall have the right to obtain, at his or her request and without undue delay, the rectification of inaccurate personal data relating to him or her by the Controller. Taking into account the purposes of the processing, the Data Subject shall have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.

Mobility

The data subject shall have the right to obtain the personal data concerning him or her which he or she has provided to a Data Controller in a structured, commonly used, machine-readable format and the right to transmit those data to another Data Controller without hindrance from the Data Controller to which he or she has provided the personal data, if:

  1. the processing is based on voluntary consent or on a contract to which the Data Subject is a party; and
  2. the processing is carried out by automated means.

5. Erasure, restriction of personal data, right to object

Deletion

(1) The Data Subject shall have the right to obtain from the Data Controller the erasure of personal data relating to him or her without undue delay, and the Data Controller shall be obliged to erase personal data relating to the Data Subject without undue delay, if one of the following grounds applies:

  1. the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  2. The data subject withdraws his or her voluntary consent to the basis of the processing via the adatvedelem@promanconsulting.hu facility provided by the Controller and there is no other legal basis for the processing;
  3. The data subject objects to the processing on grounds relating to his or her particular situation or on grounds of direct commercial processing and there are no overriding legitimate grounds for the processing;
  4. the personal data have been unlawfully processed;
  5. the personal data must be erased in order to comply with a legal obligation under Union or Member State law applicable to the Data Controller;
  6. personal data are collected in connection with the provision of information society services directly to children.

(2) If the Controller has disclosed the personal data and is obliged to delete it pursuant to paragraph (1), the Controller shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the controllers that have processed the data that the Data Subject has requested the deletion of the links to or copies or replicas of the personal data in question.

(3) Paragraphs (1) and (2) shall not apply where the processing is necessary:

  1. to exercise the right to freedom of expression and information;
  2. for the purposes of complying with an obligation under Union or Member State law that requires the controller to process personal data or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. On the basis of public interest in the field of occupational health or public health;
  4. For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, where the right referred to in paragraph 1 would be likely to render such processing impossible or seriously jeopardise it; or
  5. to bring, enforce or defend legal claims.

Restriction

(1) The data subject shall have the right to obtain from the controller, at his or her request, the restriction of processing if one of the following conditions is met:

  1. The data subject contests the accuracy of the personal data, in which case the restriction applies for the period of time that allows the Controller to verify the accuracy of the personal data;
  2. the processing is unlawful and the Data Subject objects to the erasure of the data and requests instead that the use of the data be restricted;
  3. the Controller no longer needs the personal data for the purposes of processing, but the Data Subject requires them for the establishment, exercise or defence of legal claims; or
  4. The Data Subject has objected to the processing on grounds relating to his or her particular situation; in this case, the restriction applies for the period until it is established whether the legitimate grounds of the Controller prevail over the legitimate grounds of the Data Subject.

(2) Where processing is restricted pursuant to paragraph (1), such personal data may be processed, except for storage, only with the consent of the Data Subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the Union or of a Member State.

(3) The Data Controller shall inform the Data Subject at whose request the processing has been restricted pursuant to paragraph (1) in advance of the lifting of the restriction.

Protest

The Data Subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data carried out for the purposes of a task carried out in the exercise of official authority vested in the Controller or in the legitimate interests of the Controller or of a third party, including profiling based on the aforementioned provisions. In such a case, the Controller may no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

 Where personal data are processed for direct marketing purposes, the Data Subject shall have the right to object at any time to the processing of personal data concerning him or her for such purposes, including profiling, where it is related to direct marketing.

If the Data Subject objects to the processing of personal data for direct marketing purposes, the personal data may no longer be processed for those purposes.

 

6. Automated decision-making and profiling

Neither of these occurs during the processing.

7. User's enforcement options

In case of violation of his/her personal rights and in the cases specified in the Regulation, the User may seek the assistance of the National Authority for Data Protection and Freedom of Information:

Name: National Authority for Data Protection and Freedom of Information
Postal address: 1363 Budapest. 1313 Budapest, 1363 Budapest, Hungary.
Address: 1055 Falk Miksa street 9-11

Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
Web: naih.hu
E-mail:              ugyfelszolgalat@naih.hu

8. Changes to the Prospectus

The Data Controller reserves the right to modify or update this "Notice" at any time without prior notice and to publish the updated version on its websites. Any modification shall apply only to personal data collected after the publication of the modified version.

Please check our Notice regularly to keep track of changes and to be informed of how changes affect you.

Last update: 2024.04.04