GDPR – PRIVACY POLICY
1. General terms and conditions
(1) By using the evonit.hu and evonit.eu website (hereinafter referred to as the “Portal”), you agree to be bound by the provisions of this Privacy Policy.
With respect to this Policy, the Data Controller (also the Service Provider) shall:
Name: Evonit Consulting Kft. Korlátolt Felelősségű Társaság
- Headquarter:6500 Baja, Szegedi út 35.
- Company registration number: 03-09-129962
- Tax number: 25753798-2-03
- Person responsible for data management: Richard Erdelyi
- Contact: +36 70 328 5391 – richard.erdelyi@evonit.hu
(2) The purpose of this Privacy Notice is to define the scope of the personal data processed, the methods of data processing, to ensure compliance with the constitutional principles of data protection and data security, to prevent unauthorised access to data, alteration of data and unauthorised disclosure or use of data, in order to respect the privacy of the natural persons of the user.
(3) For the purpose set out in paragraph (2), we will treat your personal data confidentially and in accordance with the applicable legal requirements, ensure their security, take the technical and organisational measures and establish the procedural rules necessary to enforce the relevant legal provisions and other recommendations.
2. Legal background
Our data processing is primarily governed by the following laws and regulations:
- a Polgári Törvénykönyvről szóló 2013. évi V. törvény 2:43§ e.) pont („Ptk.”)
- az információs önrendelkezési jogról és az információszabadságról szóló 2011. évi CXII. tv. („Adatvédelmi tv.”);
- az Európai Parlament és a Tanács (EU) 2016/679 Rendelete („GDPR”)
3. Legal basis for data management
We process your personal data in accordance with the data protection legislation in force for the following purposes
- Based on Article 6(1)(a) of the GDPR: your voluntary consent based on appropriate information
- According to Article 6(1)(b) GDPR: processing is necessary for the performance of a contract to which the User, as data subject, is a party (performance of a contract)
- Article 6(1)(c) of the GDPR: processing is necessary for compliance with a legal obligation to which the controller is subject (such as the fulfilment of accounting obligations (fulfilment of a legal obligation)
- the Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activities. (hereinafter: Grtv.), according to which advertising may be communicated to a natural person as the recipient of advertising by means of direct solicitation (hereinafter: direct marketing), in particular by electronic mail or other equivalent means of individual communication, only if the recipient of the advertising has given his or her prior, clear and express consent.
4. The scope of the data processed, the purpose and duration of the managementData management related to the request for tenders
On the Portal, we provide the possibility to send a “request for proposal”.In the request for proposal form, you must provide the following personal data:
- Name
- Email address
- Text message that may contain personal data
Purpose of data management: to contact you; to send you a personalised offer. Legal basis for management: article 6(1)(a) GDPR -Your prior and voluntary consent
Duration of data management: until consent is withdrawn.
4.1 Use of cookies
What cookies do we use?
There are cookies that we must store, otherwise the Portal cannot function. These are the so-called technically necessary cookies. We are entitled to use these cookies without your permission.
- cookies that store information about you: these cookies are automatically deleted from your computer when you close your browser. These cookies are only used to identify your computer and do not store any personal information about you.
- user interface customisation cookies: used to store user preferences about the service through websites that are not linked to other permanent identifiers (e.g. cookies for preferred language, cookies for preferred display of results when queried).
There are cookies that we may use only with your prior consent. These are:
- Cookies to improve performance: collects information about how you use the Portal. We use Google Analytics cookies to better understand the behaviour and characteristics of our users: which subpages they visit, how often they visit and for how long. These cookies only identify your computer and the data collected is anonymous.
- Functional cookies: they allow the Portal to remember your previous preferences, thus providing you with a higher quality, personalised service. They may also contain personal data that you have provided to our site.
- Target cookies: allow us to show you targeted, relevant ads. These cookies also allow you to connect to social networking sites. They only identify your computer, the collected data is anonymous.
We use remarketing services to get your personalised ads to you:
- Google Adwords: is used to remember your recent searches, your previous interactions with each advertiser’s ads or search results, and your visits to advertisers’ websites. The AdWords conversion tracking feature uses cookies. To track ad sales and other conversions, cookies are saved on a user’s computer when they click on an ad.
Google Analytics: Google Analytics is Google’s analytics tool that helps website and app owners to get a more accurate picture of their visitors’ activities. The service may use cookies to collect information and report statistics about website use without individually identifying visitors to Google. In addition to generating reports on site use statistics, Google Analytics – together with some of the advertising cookies described above – may also be used to display more relevant ads in Google products (such as Google Search) and across the web.
Read more http://www.google.com/analytics
- Facebook Pixel, also known as Facebook képpont: The code in the Portal’s source code that is used to show personalised ads to visitors on Facebook.
Read more https://www.facebook.com/business/help/651294705016616
Legal basis for data management: your prior, voluntary consent
Duration of data management: until your consent is withdrawn.
Please note that the withdrawal of your consent does not affect the lawfulness of the data management that was carried out on the basis of your consent before its withdrawal..
4.2 Extensions (Facebook, Twitter, Instagram)
On the Portal, extensions are disabled by default. Extensions are only enabled when you click on the appropriate button. By enabling a plugin, you establish a connection with facebook.com; twitter.com; instagram.com and consent to the transfer of your data to the respective service provider.
If you click the appropriate button, your browser will send the relevant information directly to the social network and store it there.For more information about how we manage your data, please follow the links below:
https://www.facebook.com/policy.php
https://twitter.com/privacy
https://help.instagram.com/519522125107875
4.3 Log files
In order to use the services, the system automatically logs the following data:
- the dynamic IP address of your computer
- the type of browser and operating system you use, depending on your computer settings
- your website activity
- the date of the activity
Purpose of data management: This data is used for technical purposes, such as analysing and verifying the secure operation of servers, and for the purpose of compiling statistics on site usage and analysing user needs in order to improve the quality of our services..
The above data cannot be used to identify you and will not be linked to other personal data.
Duration of data storage: 20 days from the day it was created.
4.4 Data management for other purposes than mentioned above
We may process personal data relating to you for any purposes other than those set out above, in particular to improve the efficiency of your service or for market research purposes, only with your prior agreement and with the purpose for which the data is processed.
These data cannot be linked to your identification data and cannot be transferred to third parties without your consent.
We are obliged to delete this data if the purpose of the processing ends or if you so request.
5. Data processors’ details, contact details:
- In order to gather independent visitor and other web analytics data of the Portal, we use Google Analytics software and Google Inc. acts as the data processor for this data. Google Inc. Privacy Policy is available at http://www.google.com/intl/hu ALL/privacypolicy.html By using the Portal, you consent to the processing of your data by Google.
- The server provider, which is responsible for the storage, security and protection of the personal data we process under a hosting contract:
Name: RACKFOREST Kft.
Location: 1132 Budapest, Victor Hugo utca 18-22.
E-mail address: info@rackforest.com
We reserve the right to use additional processors to those listed above, provided that the names and addresses of the additional processors are disclosed in a manner accessible to users no later than the start of processing..
6. Persons entitled to access personal data:
Our own employees, contractors and other third parties who need to know the data processed in order to fulfill their employment obligations or to carry out a task which they are required to perform. We are committed to ensuring that those who have access to the data we process comply at all times with the requirements of this Privacy Notice and the applicable law.
7. Your rights in relation to data management
7.1 Right to request information
(1) At your request, we will inform you in writing, including by electronic means, without undue delay and at the latest within 25 days of your request, of the data processed by us or by a processor to whom we have delegated the processing of your personal data, the source of the data, the purposes, legal basis and duration of the processing, the name and address of the processor and the activities of the processor in relation to the processing, and, in the case of transfers of your personal data, the legal basis and the recipient of the transfer.(2) The information is free of charge. However, if the request is manifestly unfounded or excessive, in particular because of its repetitive nature, taking into account the administrative costs of providing the information or information requested or taking the requested action:
a) we may charge a reasonable fee, or
b) refuse to act on the request.
In all cases, we are responsible for proving that the request is manifestly unfounded or excessive..
7.2 Right to cancellation
(1) We are obliged to delete personal data if
a) processing is unlawful;
b) you withdraw your consent on which the processing is based or request the erasure of your data and there is no other legal basis for the processing;
c) it is incomplete or incorrect – and this condition cannot be lawfully corrected – except where cancellation is not excluded by law;
d) the purpose of the processing has ended or the time limit for the storage of the data set by law has expired;
e) the deletion of the data has been ordered by the court or the Authority.(2) Instead of deletion, we will block the personal data if the affected person requests it or if on the basis of the information available to us, we believe that deletion would harm your legitimate interests. Personal data blocked in this way may be processed only for as long as the processing purpose which precluded the deletion of the personal data is fulfilled.
7.3 Right to access
(1) You have the right to receive feedback from us as to whether your personal data is being processed and, if such processing is taking place, you have the right to access your personal data and the following information:
- the purpose of the data management.
- the categories of personal data involved
- the recipients to whom/which we have disclosed or will disclose your personal data, in particular to recipients in third countries or international organisations
- the duration of the storage of the personal data or, if that is not possible, the aspects of the determination of that duration
- your right to request us to rectify, erase or restrict the processing of your personal data, and have the right to oppose the processing of such personal data;
- the right to lodge a complaint with a supervisory authority;
- if the data has not been collected from you, any available information about its source
(2) We will provide you with a copy of the personal data processed. For additional copies requested by you, the controller will charge a reasonable fee based on the administrative costs. If you have submitted your request electronically, we will provide the information to you in a commonly used electronic format, unless you request otherwise.
7.4 The right to rectification
(1) At your request, we will correct inaccurate personal data about you without unreasonable delay.(2) If the information is incorrect or the additional information is not available, a supplementary declaration will be made to correct and complete the information..
7.5 Right to object
(1) You may object to the processing of your personal data if
- if the processing or transfer of the personal data is necessary for the fulfilment of our legal obligations or for the purposes of the legitimate interests pursued by us or by a third party, except in the case of mandatory processing;
- if the personal data are used or disclosed for direct marketing, public opinion polling or scientific research purposes; and
- other cases specified by law.
(2) By suspending the processing at the same time, we will examine the objection within the shortest possible time from the date of the request, but no later than 15 days, and inform you in writing of the outcome.
If the objection is justified, we are required to stop the processing, including further collection and transfer, and to block the data, and to notify the objection and any action taken in response to it to any person to whom we have previously disclosed the personal data to which the objection relates and who is required to take steps to exercise the right to object..
If you do not agree with our decision, or if you do not comply with the 15-day time limit, you can appeal against the decision to the courts within 30 days of the date of notification or the last day of the time limit..
7.6 Right to restriction of processing
(1) We restrict processing if one of the following conditions is met:
- You contest the accuracy of your personal data;
- the processing is unlawful and you object to the deletion of the data and instead request the restriction of their use;
- we no longer need the personal data for the purposes of processing, but you require it for the establishment, exercise or defence of legal claims; or
- You objected to the processing.
(2) If the processing is restricted, such personal data may be processed, except for storage, only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the Union or of a Member State.
7.7. Right to data portability
You have the right to receive the personal data we hold about you in a structured, commonly used, machine-readable, where technically feasible, format, where the processing is based on your consent or on a contract and the processing is carried out by automated means..If your request for correction, restriction or deletion cannot be fulfilled, we will inform you in writing within 25 days of receipt of the request of the refusal of the request, stating the factual and legal reasons for the refusal..
Your current rights set out in point 7 may be restricted by law in the interests of the external and internal security of the State, such as defence, national security, the prevention or prosecution of criminal offences, the security of law enforcement, the economic or financial interests of the State or of a local authority, the important economic or financial interests of the European Union, the prevention and detection of disciplinary or ethical offences in the exercise of the professions, infringements of labour law or of employment protection, including in all cases control and supervision, and the protection of the rights of the Data Subject or of others.
8. Legal options
You can seek redress in case of infringement:
a.) the National Authority for Data Protection and Freedom of Information
Location: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
Postal address: 1530 Budapest, Pf. 5.
Phone number: 06 -1- 391-1400
Telefax: 06-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
b.) the competent court in your place of residence or domicile.
Services
System Integration
EDI Services