I. Data Controller


Registered office: 9022 Győr, Bajcsy-Zsilinszky street 51 III/2

Tax identification number: 14179583-2-08

Telephone number: +36 96 999137



II. Availability of Responsible Person

We do not perform any activity that would require the appointment of a Responsible Person.


III. Purpose and legal bases of data processing

The purpose of this Directive is to allow website visitors and later partners to identify in a clear and unambiguous form what personal data we process and on which basis we do so. General comprehensibility is ensured by the listing of the legislation in a separate section at the end of this Directive.

  1. Contact form

The contact form of this website is designed to provide online contact options. Please enter your name and email address in the form. We process this information on the basis of consent.

  1. Facebook page

We also come into contact with the personal data (name, post) that we receive with the consent of the data subjects on our Facebook page, which is operated for reasons of online contacting, adding comments to messages, expressing opinions, making business ads and acquiring potential clients.

Sending private messages is not allowed; please contact us via another published form of availability.

  1. Contact by telephone

We can see your telephone number when calling a telephone number located on the website. You will probably introduce yourself too, so our employee will also know your name in this way.  We process this information based on consent to call you back when we cannot just answer the phone. If we do not establish a business relationship between our Company and you, we do not keep the telephone number and the related name.

  1. Availability of business and professional partners

We process the following personal data of the management, employees and contact persons of our partners on a legal basis in business/professional relationships: name, telephone number, email address.

  1. Cookies

Cookies are an information package consisting of characters and numbers that typically send websites to browsers in order to preserve certain settings, facilitate the use of the website, and allow us to collect some relevant statistical information on the visitors. Cookies do not contain personal data and are not suitable for identifying an individual user. Cookies often contain a unique identifier – one secret, randomly generated number series – which is stored by your browser. Some cookies will disappear after closing the website, but some will remain on your computer for a long time.

You can prevent all cookie-related activities and delete the data files placed during your previous visits. The exact steps for these operations can be found in your browser guide, which can be found on the following pages:

Managing cookies and data web space in Chrome,
Information on cookies for Firefox,
Managing cookies in Internet Explorer and in Edge.

Some browsers also allow automatic deletion of search data when they are closed.

When downloading individual parts of the website, the traffic analytics software we use (by Google Inc. (‘Google’) operated by Google Analytics) will automatically place small data files on your computer that may contain personal data in some cases. You will be notified of this the first time you visit the website and we will ask for your consent. Data files are needed for the operation of individual website’s features. The data collected during your previous visits will reach the Data Controller. Information on the exact names (_ga, _gat, _gid) and functions of these data files can be found here. Google Analytics stores the IP number obtained from the browser unnamed (anonymously) and is unable to associate it with the user. It keeps the data for 26 months, but they can start counting again if there is a new event associated with the user (for example, a new workflow is started).

To prevent Google Analytics from adding any website visit to analytics, use this add-on (available for all browsers).

Google also uses cookies (‘DSID’, ‘IDE’, ‘NID’) to link user activities to different devices if they previously signed in to their Google account. Everything is done in order to coordinate the display of advertising through all tools and to measure conversion events. If you do not want Google ads to appear coordinated on all your devices, you can turn off personalized ads by using Ad Settings.

If you previously received cookies from Facebook – either because you have an account or searched for – the browser will send the data associated with these cookies when you press ‘Like’ or visit another web space (like this website) that has a built-in social module. Detailed information on this topic can be found here.

We also use a conversion tracking pixel on our website because of your marketing goals, and we also ask for your consent during your first visit.  The data will get to Facebook. Detailed information on Facebook cookies can be found here.


IV. Withdrawal of consent

The processing of data (see above) based on consent is done during the following activities:

  • contacting by interested parties via the contact form of the website
  • contacting by ask for offer contact form of the website
  • operating Facebook
  • compiling traffic statistics
  • contacting by phone

The consent can be withdrawn at any time in the same, simple way as it was granted.

You can withdraw your consent by removing ‘Like’ in the case of Facebook, and by deleting a private message or post in their case.

In the case of other acts processed based on the consent, please contact us by a short message to our email address. Data processing before withdrawal of consent is considered legitimate.


V. Contract and legal contractual commitment

Recording invoicing data and issuing invoices is our statutory obligation. If a client does not provide us with the requested data, we are unable to carry out the accepted work under the contract.

Upon ordering our services, a written or oral contract is concluded between us and our clients. Our business initially concludes contracts with legal persons, but personal data such as contact person’s name, telephone number, email address, or legal representative’s name may also be included in our contracts.

The condition for the conclusion of a contract is to know these data and we need to know who the other party is and where we can find them.  Without knowledge of these data, we do not consider the contract to be concluded and we cannot perform the service.


VI. Legitimate interest definition

The contact details and names of our business partners, their management or contact persons are processed on the basis of legitimate interest. The term business partners means those people who we work with during workflows, e.g. a representative of a large authorization company that issues specific assignments, instructions, etc.

We have been obtaining these data for years through written correspondence, during personal meetings directly from the data subjects with their consent, and they could verify our confidential processing.

Nevertheless, an assessment test of the legal bases of personal data processing was performed and our partners can consult it on request. All of our partners have the right to object.


VII. Data storage period

Contact form (name, email address) – until the end of business relationship; also monthly review

Offer form (name, company name, phone number, email address, address) – until the end of business relationship; also monthly review

Facebook page (name, post) – until the page is deleted or the data subject ‘unlikes’ the page or the data subject deletes the post

Invoicing name and address – by law; the year of tax period + 5 years in the case of individual entrepreneurs

Business partners’ data (name, email address, telephone number) – during trade, until deletion request

Cookies coming from – until the validity of these cookies or until the user deletes them from their browser

GA traffic statistics – 26 months


VIII. Security measures

Our business, using appropriate security measures, ensures that we protect personal data against unauthorized access, improper disclosure and unauthorized change. Our computers can be access only after entering the correct passwords and are protected by an advanced antivirus program. Accessing Gmail and Facebook by our colleagues is done by double identification. Even in the case of our website, we do everything to prevent it from being cracked and use SSL encryption.

We have taken into account the current state of science and technology, the nature of the data processing, the scope, the circumstances, the objectives and, of course, the risks with varying probability and degree of threat to personal rights and freedoms when creating appropriate security measures.


IX. Recipients

Our business uses data processors to complete individual subtasks.

Győ Kft.
9024 Győr, Közép street 16.
+36 96 900000
(Accessing the full content of the website, forwarding emails received in our own domain email address.)

Receiving and sending emails: 
Győ Kft.
9024 Győr, Közép street 16.
+36 96 900000
(Accessing correspondence and all its data.)

Facebook page: 
Facebook Inc.
Menlo Park, California, USA
Data Protection Directive:
(Accessing user menu, posts)

Google Analytics:
Google Inc., Mountain View, California, USA
(Accessing anonymized IP address of the visitor to website, not associated with the person.)


X. Transfer to third countries

The only third country to which data transfer is being made is the United States of America. Declaration of conformity with the USA was issued on 12 July 2016 (, which is also observed by Google (, by Facebook ( The GDPR policy is covered by the clause in the Automattic agreement (


XI. Rights of the data subjects

  1. Right of access

Visitors to our website, clients and partners may request information on whether their personal data are processed and, if so, are authorized to access the following information:

  • the purpose of data processing;
  • the categories of personal data concerned;
  • the recipients who were or will be provided with the personal data, including recipients from third countries and international organizations;
  • the planned data storage period and, if this is not possible, the aspects defining this period;
  • the right of the data subject to request the Data Controller to rectify, erase or restrict the processing of their personal data, and the right to object to the processing of such data.

A copy of the personal data that is the subject of the data processing will be made available to you. We charge a reasonable price in the amount of administrative costs for additional copies. If the request was received in electronic form, we will provide the information in commonly-used electronic form (.doc, .pdf, .xls, .jpg, etc.), except if the data subject requests otherwise.

The right to obtain a copy shall not have an adverse effect on the rights and freedoms of others.

  1. Right to rectification

Website visitors, clients, partners are entitled to request the correction of their inaccurate personal data. Taking into account the purpose of data processing, it is possible to request the completion of incomplete personal data. We are required to inform every recipient to whom we have communicated the personal data about the rectification, unless it proves impossible or requires inappropriate effort. The data subject is informed of these recipients if they so request.

  1. Right to erasure

We are obligated to erase, without undue delay, on request or without request, the personal data of our clients, mandators, website visitors if:

  • the personal data are no longer needed for the purpose for which we collected or otherwise processed them;
  • the mandator/client/visitor withdraws their consent forming the legal basis for the processing, and the processing has no other legal basis;
  • the mandator/client/visitor objects to the data processing and there is no priority legal basis for data processing;
  • we processed the personal data unlawfully;
  • the personal data must be erased to meet legal obligations under EU or Member State legislation;
  • the personal data were collected in connection with a service offer of an information company.

Should we publish personal data that we are required to erase, taking into account the available technology and the cost of implementing the measures, we will take reasonable steps to inform data controllers processing the personal data that the data subject asks them to delete all references to these personal data, their copy or replicas.

We are not obliged to erase personal data if the processing is necessary for submitting, enforcing or defending a legal claim. If we receive a request to erase such data, we will consider it and provide our decision in writing.

We are required to inform every recipient to whom we have communicated the personal data about the erasure, unless it proves impossible or requires inappropriate effort. We can inform the clients/mandators/users of the recipients on request.

  1. Right to restriction of processing

The clients/mandators/website visitors are entitled to request a restriction of personal data processing if:

  • they question the accuracy of personal data, until clarification;
  • the data processing is unlawful and they require the restriction of processing instead of data erasure;
  • the personal data are no longer required for processing, but the user/client/mandator requires these to prove, enforce or defend legal claims;
  • the user/client/mandator objected to data processing based on a legal basis; in this case, the restriction shall apply until it is verified that the legitimate reasons of the data controller outweigh the legitimate reasons of the data subject.

Where the data processing is subject to a restriction, such personal data shall be processed, excluding their storage, only with the consent of the user/client/mandator or for the purposes of proving, enforcing or defending legal claims or for the purposes of protecting the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

We will inform the user/client/mandator of the cancellation of the restriction in advance.

We are required to inform every recipient who has been provided with the personal data about the restriction, unless it proves impossible or requires inappropriate effort. The client/mandator/user is informed of these recipients if they so request.

  1. Right to data portability

In the case of automated data processing, where the legal basis for the processing is the consent or performance of a contractual obligation, the client/mandator/website visitor is entitled to request the receipt and transfer to another data processor of their personal data provided by them in a divided, commonly accessible and machine-readable form if technically feasible.

The right to data portability cannot adversely affect the rights and freedoms of others.

  1. Right to object

The client/mandator has the right to object to the processing of their personal data at any time for reasons related to their particular situation if the legal basis is a legitimate interest. In this case, we may not process personal data further unless we demonstrate the necessary legitimate reasons for processing that outweigh the interests, rights and freedoms of the client/mandator or the reasons for proving, enforcing or defending legal claims.

  1. Automated individual decision-making, including profiling

Since we do not perform automated decision-making and profiling, we cannot provide this legal basis.


XII. In the case of a complaint

We take care of your personal data with the utmost care. However, if you feel that we did not take all the measures expected from us to protect your personal data or simply have a question, please contact us via email.

If our business violates the data protection policy, the data subjects can claim the enforceability of their rights before a court of competent jurisdiction. The consideration of the dispute is within the court’s authority.


XIII. Automated decision-making process

There is not an automated decision-making process in our business.


XIV. When defining the legal bases for the processing of personal data, we have taken this legislation into account

Distributing a bulletin containing advertising is only possible on the basis of the consent required by Regulation (EU) of the European Parliament and of the Council No. 2016/679, Article 6(1)(a) and also under the Act on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities No. XLVIII, Article 6(1)–(3).

Contact via the website, Facebook operation, traffic statistics and conversion tracking, cookies, and data processing from business-to-business contracts take into account Regulation (EU) of the European Parliament and of the Council No. 2016/679, Article 6(1)(a).

The processing of invoicing-related personal data is based on Regulation (EU) of the European Parliament and of the Council No. 2016/679, Article 6(1)(c) and the Taxation Act of 2017 CL, Article 78(3) (document storage period) and the Act CXXVII of 2007 on Value Added Tax,  Article 169(e) (compulsory particulars of accounting documents).


Other provisions

This Directive shall enter into force on 25 May 2018 and, once the new directives, opinions or partial rules are known, we shall re-evaluate the content thereof. If the scope of our business changes or we introduce new marketing tools, we will also adjust the content.