Data protection

Preambulum

ProMan Consulting Kft. (hereinafter referred to as "Data Controller"; registered office: H-1221 Budapest, Tanító str. 15/1a.) as the data controller shall act in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free flow of such data and the applicable laws.

ProMan Consulting Kft. respects your (hereinafter referred to as "Data Subject") rights to the protection of personal data. This notice summarises in a concise and simple manner what data we collect, how we may use it, the tools we use and the data protection and data protection enforcement options available to you.

Detailed rules are set out in the Regulation, and we recommend that you check the Regulation for further information.

Terms

  • Personal data - any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  • Data processing - any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • Data controller - a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or specific criteria for the designation of the controller may also be determined by Union or Member State law;
  • Data processor - a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
  • Recipient - the natural or legal person, public authority, agency or any other body to whom or with which personal data are disclosed, whether or not a third party. Public authorities that may have access to personal data in the context of an individual investigation in accordance with Union or Member State law are not considered recipients;
  • Third party - a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data;
  • Consent of the data subject - a freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she signifies, by a statement or by an act unambiguously expressing his or her consent, that he or she signifies his or her agreement to the processing of personal data concerning him or her;
  • Profiling - any form of automated processing of personal data in which personal data are used to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict characteristics associated with that person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
  • Data Breach - a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;
  • Authority: National Authority for Data Protection and Information Security, NAIH.

1. IDENTIFICATION AND CONTACT DETAILS OF THE DATA CONTROLLER (SERVICE PROVIDER)

Data Controller Name: ProMan Consulting Kft.
Head office: 1221 Budapest, Tanító u. 15/1a.
Postal address: 1221 Budapest, Tanító u. 15/1a.
Office address: 1118 Budapest, Kelenhegyi út 29/b.
Company registration number: 01-09-293715
Data Controller's representative: Zsolt Czimbalmos
E-mail address of the Data Controller's representative: czimbalmos.zsolt@promanconsulting.hu
Contact by phone: +36 20 333 0386
Central e-mail address: info@promanconsulting.hu
Data Protection Officer: János Szendi Joó
Contact details of the Data Protection Officer: szendijoo.janos@promanconsulting.hu
Complaint handling location and contact details: 1118 Budapest, Kelenhegyi út 29/b.; info@promanconsulting.hu

2. PURPOSE OF DATA PROCESSING, SCOPE OF DATA PROCESSED, DURATION OF DATA PROCESSING, PERSONS ENTITLED TO ACCESS THE DATA

Purpose of data processing

Personal data may be processed only for specified purposes, to the extent necessary for the exercise of rights and obligations. At all stages of processing, the purpose of the processing must be fulfilled and the collection and processing of data must be fair and lawful. Personal data shall be processed only to the extent and for the duration necessary to achieve the purpose. The controller has established internal instructions to ensure that only recipients who are necessary for the purposes of the processing contribute to the achievement of the purpose of the processing.

The controller processes personal data on the basis of a legal requirement in the following cases:

  • invoicing the order,
  • processing of order confirmations, processing of attendance sheets,
  • statistical reporting required by law for training courses.

The Controller processes personal data for the purposes of contract preparation and performance in the following cases:

  • Online system: to contact and provide information in case of service enquiries, requests for information.
  • Contacting a business
  • Identification of the data subject as customer
  • Recording of the order and the execution of the ordered service, sending notifications relating to the service,
  • recording the data of the Data Subject for the purpose of providing the service,

The Controller processes personal data for legitimate interests in the following cases:

  • data processing related to recruitment for the advertised position,
  • sending offers for marketing purposes (technical material, research data, consultations),
  • recording online training
  • IT support for the provision of the service.

The Controller processes personal data on the basis of the explicit and voluntary consent of the Data Subject in the following cases:

  • CVs processed for general job search purposes,
  • cookie processing.

Set of data processed, duration of data processing, persons entitled to access the data

As stated above, we collect and process the following data on the basis of the legal basis indicated and for the retention period indicated.

Data processed based on contract preparation and completion:

  • Name, Position in Partner company, email address, phone number
  • Contact/ contact details of the person participating in the programme: name, telephone number, e-mail address.

Data processed on the basis of legitimate interest:

  • Name, Position in the Partner company, email address, telephone number, data available on LinkedIn
  • Contact/ contact details of the person participating in the programme: name, telephone number, e-mail address.
  • Contact details provided when downloading professional material - Retention period 2 years from download
  • When recording online training, image, audio: Retention period 30 days
  • CVs - Retention period 3 months after the advertised position is filled

Data processed by legal requirement:

  • Billing name, billing address - Retention period in accordance with Section 169 (1) of Act C of 2000 on Accounting 8 years.
  • In the case of adult education, gender, postcode of address, year of birth, employment status, highest completed level of education of participants - Retention period according to the Act (Act LXXVII of 2013 on Adult Education, § 16) 5 years.

Data processed with voluntary consent:

    • CVs - Retention period until voluntary consent is withdrawn,
    • Cookies used by promanconsulting.hu cookies used by the site
    • Processing of photo/video recordings for marketing purposes
    • Organisational maturity questionnaire for analysis and feedback Name, email address and phone number - retention period until feedback (max. 2 months)  

COLLECTION, USE AND TRANSFER OF PERSONAL DATA

The Data Controller shall comply with applicable legal requirements, restrictions and ethical standards when collecting personal data.

Data Controller:

  • Inform the Data Subject of its data management practices in a timely manner, prior to the start of the processing, in the prescribed manner.
  • The Data Controller shall inform the Data Subject about the collection, storage and use of personal data. The information collected is always appropriate, relevant and adequate for the purpose for which it is collected.
  • It will take reasonable steps to ensure that the Personal Data of the Data Subject is complete, accurate, up to date and reliable to the extent necessary for that purpose.
  • We will only use your personal data for promotional purposes with your consent and will give you the opportunity to opt-out of such communications.
  • Take reasonable and prudent steps to ensure the protection of your Personal Data, including where you transfer it to third parties. No transfers to third parties will be made without the prior express consent of the Data Subject.

The Data Controller will use the following Processor(s) for the processing of personal data for the activities indicated (processor/processed activities):

  • Accountancy Office (Data Train Ltd. Cg. 01-09-076269) - Accounting of invoices
  • Online invoicing (Billingo Techonogies Zrt. Cg. 01-10-140802) - issue, send and store invoices
  • IT support (Microsoft) - M365
  • Website maintenance (Péter Bartal pe.) - WordPress site maintenance and development
  • Online marketing (Kristóf Fenyvesi pe.) - Online marketing campaign management
  • Professional Partner (ACM Agile Danışmanlık Anonim Şirketi - ACM Agile Consultancy Inc.) - Analysis of the professional organisational maturity questionnaire

4. ACCESS, MODIFICATION, RECTIFICATION, PORTABILITY OF PERSONAL DATA

Access

The data subject shall have the right to obtain from the Controller feedback as to whether or not his or her personal data are being processed and, if such processing is taking place, the right to access the personal data and the following information:

(a) the purposes of the processing;
(b) the categories of personal data concerned;
(c) the recipients or categories of recipients to whom or which the personal data have been or will be disclosed.

Amendment, rectification

The data subject shall have the right to obtain, at his or her request and without undue delay, the rectification of inaccurate personal data relating to him or her by the Controller. Taking into account the purposes of the processing, the Data Subject shall have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.

Mobility

The data subject shall have the right to obtain the personal data concerning him or her which he or she has provided to a Data Controller in a structured, commonly used, machine-readable format and the right to transmit those data to another Data Controller without hindrance from the Data Controller to which he or she has provided the personal data, if:

(a) the processing is based on voluntary consent or on a contract to which the Data Subject is a party; and
(b) the processing is carried out by automated means.

5. ERASURE, RESTRICTION OF PERSONAL DATA, RIGHT TO OBJECT

Deletion

(1) The Data Subject shall have the right to obtain from the Controller, upon his or her request, the erasure of personal data concerning him or her without undue delay, and the Controller shall be obliged to erase personal data concerning the Data Subject without undue delay, if one of the following grounds applies:

(a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
(b) the data subject withdraws his or her voluntary consent on the basis of which the processing was carried out via the adatvedelem@promanconsulting.hu facility provided by the Controller and there is no other legal basis for the processing; adatvedelem@promanconsulting.hu and there is no other legal basis for the processing;
c) the Data Subject objects to the processing on grounds relating to his or her particular situation or on grounds of direct commercial processing and there are no overriding legitimate grounds for the processing;
d) the personal data have been unlawfully processed;
(e) the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
(f) the personal data have been collected directly in connection with the provision of information society services to children.

(2) If the Controller has disclosed the personal data and is obliged to delete it pursuant to paragraph (1), the Controller shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the controllers that have processed the data that the Data Subject has requested the deletion of the links to or copies or replicas of the personal data in question.

(3) Paragraphs (1) and (2) shall not apply where the processing is necessary:

(a) for the exercise of the right to freedom of expression and information;
(b) for the purposes of complying with an obligation under Union or Member State law to which the controller is subject to which the processing of personal data is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
c) on grounds of public interest in the field of occupational health or public health;
(d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, where the right referred to in paragraph 1 would be likely to render such processing impossible or seriously jeopardise it; or
(e) for the establishment, exercise or defence of legal claims.

Restriction

(1) The data subject shall have the right to obtain from the controller, at his or her request, the restriction of processing if one of the following conditions is met:

(a) the data subject contests the accuracy of the personal data, in which case the restriction shall apply for the period of time necessary to allow the Controller to verify the accuracy of the personal data;
(b) the processing is unlawful and the Data Subject opposes the erasure of the data and requests instead the restriction of their use;
(c) the Controller no longer needs the personal data for the purposes of the processing but the Data Subject requires them for the establishment, exercise or defence of legal claims; or
(d) the Data Subject has objected to the processing on grounds relating to his or her particular situation, in which case the restriction shall apply for a period of time until it is determined whether the legitimate grounds of the Controller prevail over the legitimate grounds of the Data Subject.

(2) Where processing is subject to restriction pursuant to paragraph 1, such personal data may be processed, except for storage, only with the consent of the Data Subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the Union or of a Member State.

(3) The controller shall inform in advance a data subject whose processing has been restricted on the basis of paragraph 1 of the lifting of the restriction of processing at the request of the data subject.

Protest

The Data Subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data carried out for the purposes of a task carried out in the exercise of official authority vested in the Controller or in the legitimate interests of the Controller or of a third party, including profiling based on the aforementioned provisions. In such a case, the Controller may no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, the Data Subject shall have the right to object at any time to the processing of personal data concerning him or her for such purposes, including profiling, where it is related to direct marketing.

If the Data Subject objects to the processing of personal data for direct marketing purposes, the personal data may no longer be processed for those purposes.

6. USER'S MEANS OF REDRESS

In case of violation of his/her personal rights and in the cases specified in the Regulation, the User may seek the assistance of the National Authority for Data Protection and Freedom of Information:

Name: Nemzeti Adatvédelmi és Információszabadság Hatóság
Postal address: H-1363 Budapest. Pf. 9.
Address: H-1055 Falk Miksa utca 9-11
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
Web: naih.hu
E-mail: ugyfelszolgalat@naih.hu

7. CHANGES TO THE INFORMATION NOTICE

The Data Controller reserves the right to modify or update this "Notice" at any time without prior notice and to publish the updated version on its websites. Any modification shall apply only to personal data collected after the publication of the modified version.

Please check our Notice regularly to keep track of changes and to be informed of how changes affect you.

Last update: 18.09.2023.