Preambulum

A ProMan Consulting Kft. (hereinafter "Data Controller"; seat: 1221 Budapest, Tanító u. 15/1a.) as a data controller shall act in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and the applicable laws.

A ProMan Consulting Kft. respects your (hereinafter "Contact") to the protection of personal data. This notice summarises in a concise and simple manner what information we collect, how we may use it, the tools we use and the data protection and data protection enforcement choices available to you.

Detailed rules are set out in the Regulation, and we recommend that you check the Regulation for further information.

1. IDENTIFICATION AND CONTACT DETAILS OF THE DATA CONTROLLER (SERVICE PROVIDER)

Name of data controller: ProMan Consulting Kft.

Headquarters: 1221 Budapest, Tanító u. 15/1a.

Postal address: 1221 Budapest, Tanító u. 15/1a.

Company registration number: 01-09-293715

Representative of the data controller: Zsolt Czimbalmos

E-mail address of the Data Controller's representative: czimbalmos.zsolt@promanconsulting.hu

Contact by phone: +36 30 663 2069

Central e-mail address: info@promanconsulting.hu

Data Protection Officer: none

Complaints handling location and contact details: 1221 Budapest, Tanító u. 15/1a.; info@promanconsulting.hu

2. PURPOSE OF DATA PROCESSING, SCOPE OF DATA PROCESSED, DURATION OF DATA PROCESSING, PERSONS ENTITLED TO ACCESS THE DATA

2.1 Purpose of data processing

Personal data may be processed only for specified purposes, to the extent necessary for the exercise of rights and obligations. At all stages of processing, the purpose of the processing must be fulfilled and the collection and processing of data must be fair and lawful. Personal data shall be processed only to the extent and for the duration necessary to achieve the purpose. The controller has established internal instructions to ensure that only recipients who are necessary for the purposes of the processing contribute to the achievement of the purpose of the processing.

The Controller processes personal data on the basis of the Data Subject's explicit and voluntary consent in the following cases:

• • Project freelancing organisation
  • Project bodyleasing organisation

2.2 Scope of data processed, duration of data processing, persons entitled to access data

As stated above, we collect and process the following data on the basis of the legal basis indicated and for the retention period indicated.

2.3 Data processed with voluntary consent:

• • Name, contact details
  • CVs - Retention period until voluntary consent is withdrawn,

COLLECTION, USE AND TRANSFER OF PERSONAL DATA

The Data Controller shall comply with applicable legal requirements, restrictions and ethical standards when collecting personal data.

Data Controller:

• Inform the Data Subject of its data management practices in a timely manner, prior to the start of the processing, in the prescribed manner.
• The Data Controller shall inform the Data Subject about the collection, storage and use of personal data. The information collected is always appropriate, relevant and adequate for the purpose for which it is collected.
• It will take reasonable steps to ensure that the Personal Data of the Data Subject is complete, accurate, up to date and reliable to the extent necessary for that purpose.
• We will only use your personal data for promotional purposes with your consent and will give you the opportunity to opt-out of such communications.
• Take reasonable and prudent steps to ensure the protection of your Personal Data, including where you transfer it to third parties. No transfers to third parties will be made without the prior express consent of the Data Subject.

The Data Controller uses the following Data Processor(s) to process personal data for the activities indicated:

• • IT support - Google Ireland
  • IT support (Microsoft) - M365

4. ACCESS, MODIFICATION, RECTIFICATION, PORTABILITY OF PERSONAL DATA

4.1 Access

The data subject shall have the right to obtain from the Controller feedback as to whether or not his or her personal data are being processed and, if such processing is taking place, the right to access the personal data and the following information:

1. the purposes of the processing;
2. the categories of personal data concerned;
3. the recipients or categories of recipients to whom or which the personal data have been or will be disclosed.

4.2 Amendment, correction

The data subject shall have the right to obtain, at his or her request and without undue delay, the rectification of inaccurate personal data relating to him or her by the Controller. Taking into account the purposes of the processing, the Data Subject shall have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.

4.3 Portability

The data subject shall have the right to obtain the personal data concerning him or her which he or she has provided to a Data Controller in a structured, commonly used, machine-readable format and the right to transmit those data to another Data Controller without hindrance from the Data Controller to which he or she has provided the personal data, if:

1. the processing is based on voluntary consent or on a contract to which the Data Subject is a party; and
2. the processing is carried out by automated means.

5. ERASURE, RESTRICTION OF PERSONAL DATA, RIGHT TO OBJECT

5.1 Deletion

(1) The Data Subject shall have the right to obtain from the Data Controller the erasure of personal data relating to him or her without undue delay, and the Data Controller shall be obliged to erase personal data relating to the Data Subject without undue delay, if one of the following grounds applies:

1. the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
2. The data subject withdraws his or her voluntary consent to the basis of the processing via the adatvedelem@promanconsulting.hu facility provided by the Controller and there is no other legal basis for the processing;
3. The data subject objects to the processing on grounds relating to his or her particular situation or on grounds of direct commercial processing and there are no overriding legitimate grounds for the processing;
4. the personal data have been unlawfully processed;
5. the personal data must be erased in order to comply with a legal obligation under Union or Member State law applicable to the Data Controller;
6. personal data are collected in connection with the provision of information society services directly to children.

(2) If the Controller has disclosed the personal data and is obliged to delete it pursuant to paragraph (1), the Controller shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the controllers that have processed the data that the Data Subject has requested the deletion of the links to or copies or replicas of the personal data in question.

(3) Paragraphs (1) and (2) shall not apply where the processing is necessary:

1. to exercise the right to freedom of expression and information;
2. for the purposes of complying with an obligation under Union or Member State law that requires the controller to process personal data or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
3. On the basis of public interest in the field of occupational health or public health;
4. For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, where the right referred to in paragraph 1 would be likely to render such processing impossible or seriously jeopardise it; or
5. to bring, enforce or defend legal claims.

5.2 Limitation

(1) The data subject shall have the right to obtain from the controller, at his or her request, the restriction of processing if one of the following conditions is met:

1. The data subject contests the accuracy of the personal data, in which case the restriction applies for the period of time that allows the Controller to verify the accuracy of the personal data;
2. the processing is unlawful and the Data Subject objects to the erasure of the data and requests instead that the use of the data be restricted;
3. the Controller no longer needs the personal data for the purposes of processing, but the Data Subject requires them for the establishment, exercise or defence of legal claims; or
4. The Data Subject has objected to the processing on grounds relating to his or her particular situation; in this case, the restriction applies for the period until it is established whether the legitimate grounds of the Controller prevail over the legitimate grounds of the Data Subject.

(2) Where processing is restricted pursuant to paragraph (1), such personal data may be processed, except for storage, only with the consent of the Data Subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the Union or of a Member State.

(3) The Data Controller shall inform the Data Subject at whose request the processing has been restricted pursuant to paragraph (1) in advance of the lifting of the restriction.

5.3 Protest

The Data Subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data carried out for the purposes of a task carried out in the exercise of official authority vested in the Controller or in the legitimate interests of the Controller or of a third party, including profiling based on the aforementioned provisions. In such a case, the Controller may no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

 Where personal data are processed for direct marketing purposes, the Data Subject shall have the right to object at any time to the processing of personal data concerning him or her for such purposes, including profiling, where it is related to direct marketing.

If the Data Subject objects to the processing of personal data for direct marketing purposes, the personal data may no longer be processed for those purposes.

6. Automated decision-making and profiling

Neither of these occurs during the processing.

7. User's enforcement options

In case of violation of his/her personal rights and in the cases specified in the Regulation, the User may seek the assistance of the National Authority for Data Protection and Freedom of Information:

Name: National Authority for Data Protection and Freedom of Information
Postal address: 1363 Budapest. 1313 Budapest, 1363 Budapest, Hungary.
Address: 1055 Falk Miksa street 9-11

Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
Web: naih.hu
E-mail: ugyfelszolgalat@naih.hu

8. Changes to the Prospectus

The Data Controller reserves the right to modify or update this "Notice" at any time without prior notice and to publish the updated version on its websites. Any modification shall apply only to personal data collected after the publication of the modified version.

Please check our Notice regularly to keep track of changes and to be informed of how changes affect you.

Last update: 2024.03.18