Privacy Statement

Evolution Consulting Ltd. (registered office: 3515 Miskolc Egyetemváros AFKI ép. 2. em.), company registration number: 05-09-014424, tax number: 14020991-2-05, telephone number: +36 46 505 403, e-mail: info@evolution-consulting.hu, independently represented by: Dr. Csaba Mester, data protection contact name and contact information: .-., available by post at the headquarters of the Data Controller, by e-mail at info@evolution-consulting.hu), as a data controller, hereby informs you summarily and briefly about the data management activities it carries out, as well as other relevant facts.

The Data Controller draws the attention of the interested parties to the fact that

  • does not carry out joint data management.
  • data subjects can exercise their rights (the right of access, the right of rectification, the right to erasure and the “right to be forgotten”, the right to block/restrict data, the right to object, the right to data portability, the right to withdraw consent, see the detailed descriptions of the rights at the end of the prospectus) by means of a statement sent to the e-mail address info@evolution-consulting.hu or to any other contact information of the Data Controller. They can also file a complaint with the authority (contact information: NAIH, www.naih.hu) and, if they believe that their rights have been violated, they can apply to the competent court based on their place of residence. The Data Controller draws the attention of the data subjects that their exercise of rights may have conditions and limitations in relation to individual data management, which factors the Data Controller is obliged to examine in the case of data subjects exercising their rights. In the event that the data subject cannot exercise a right in connection with the given data processing, the Data Controller shall inform the data subject in writing (including electronically) of the factual and/or legal reasons that preclude/limit the exercise of the right and keeps a record of these instances.
  • the Data Controller ensures within the scope of its tasks related to IT protection in particular:
    • denying access by unauthorized persons to the devices used for data management (hereinafter: data management system),
    • preventing unauthorized reading, copying, modification or removal of data carriers,
    • preventing the unauthorized entry of personal data into the data management system, as well as the unauthorized access, modification or erasure of the personal data stored therein,
    • preventing the use of data management systems by unauthorized persons via data communication equipments,
    • that persons authorized to use the data management system only have access to the personal data specified in the access permit,
    • that it can be checked and determined to which recipient the personal data has been transmitted or may be transmitted, or has been or may be made available to them via data communication equipments
    • that it can be subsequently verified and determined which personal data was entered into the data management system, at which time and by whom,
    • preventing unauthorized access, copying, modification or erasure of personal data during their transmission or during the transport of the data carrier,
    • that the data management system can be restored in the event of a malfunction,
    • that the data management system is functional, that a report is prepared on errors occurring during its operation, and that stored personal data cannot be changed even if the system operates incorrectly.
  • the more detailed explanations of each data processing, defined below in tabular format, can also be found on paper at the Data Controller’s registered office, and the Data Controller will also send them electronically to the data subject upon request.
  • profiling does not take place in relation to any data management.
  • data may be disclosed to a third party in relation to data management, which is set out in the detailed information of the given data management.
  • cookie policy has been defined separately.
  • The data controller carries out other data processing, about which the relevant information can be found in other prospectuses that are formally separate from this prospectus.

Data management upon contact

Purpose: contacting the data subject based on prior consent

Data subject(s): Any natural person who can be identified based on the contact form data

Source: data subject(s)

Scope of data hendled

Purpose

Legal basis

Storage duration

Name

Identification, form of address

Prior and voluntary consent (GDRP Article 6 point (1) a)

Until withdrawal of consent or cancellation request. In the absence of these, for a maximum of 3 years from the date of consent.

Telephone number

Actual contact

E-mail address

Area of interest

Designation of professional field for contact

Technical data: date of consent*

Subsequent verification

Data transfer: does not happen

Automated data management, profiling: does not happen

Summary table of data management related to data managed during continuous, regular contact with the data subject

Purpose: Maintaining contact with the data subject, answering and solving any questions, requests, etc. that may arise

Data subject(s): Every natural person, including a natural person acting on behalf of an organization, who is in constant or regular contact with the Data Controller in addition to a one-time request for information

Source: data subject(s)

Scope of data

Purpose

Legal basis

Storage duration

Data scope of name*

e-mail address / mailing address / telephone number*

content of a question or request

information

Identification, form of address

Identification, contact

Identification, contact

response, information

response, information

Consent (GDPR Article 6. point (1) a) or

 

Until withdrawal of consent or cancellation request. In the absence of these, for a maximum of 3 years from the date of consent.

Agreement, if the Data Controller and the data subject (as a natural person) have entered into an agreement with each other or

During the civil-law limitation period

the legitimate interest of the Data Controller, if the data subject is a representative or contact person in the agreement

Summary table of data management related to data handled during the request for quotation

Purpose:

Providing the data subject with a request for quotation

Data subject(s):

All natural persons who can be, or are identified with the data provided during the request for quotation

Source:

Data subject(s)

Scope of data

Purpose

Legal basis

Storage duration

Name*

Identification, form of address

 

Voluntary consent

In the registration system:

Until an erasure request or account termination

 

In the log file: during civil limitation period

Linked data: company name*

identification

E-mail address*

Contact, provide quotations

Telephone*

Contact

Subject of request for quotations*

Provide quotation 

Summary table of data management in connection with contract conclusion

Purpose:

Conclusion and fulfillment of a contract

Data subject(s):

All natural persons who have been designated as a representative or contact person in the contract

Source:

Data subject(s)

Scope of data

Purpose

Legal basis

Storage duration

Name of representative*

Identification

If the contracting party is a private individual, the legal basis for data management is the agreement, in the case of a representative or contact person, the legal basis for data management is the legitimate interest.

For 8 years based on accounting regulations

 

Contact person information in a separate register until modification or erasure

Representative’s contact information

Contact

Name of contact person*

Identification and form of address of the contact person

Contact person’s contact information*

Contacting the contact person

Signature of the representative*

Binding, subsequent proof

Summary table of data management related to data handled during issuing invoices

Purpose:

Full implementation of legal obligations related to issuing invoices

Data subject(s):

All natural persons, including sole proprietors, whose data can be/is identified on the basis of the invoice (or an accounting document equivalent thereto) issued by the Data Controller

Source:

Data subject(s)

Scope of data

Purpose

Legal basis

Storage duration

User account and data of the order*

Identification of the data subject and the service to be invoiced

Fulfillment of legal obligations according to Act CXXVII of 2007 and the decrees issued under the authority of this Act

Based on Section 169 of Act C of 2000, the business year plus 8 years

Data categories defined in Section 169-170 and 176 of Act CXXVII of 2007*

Technical data: date of invoicing*

Subsequent identification

Legitimate interest of the Data Controller, which is embodied in subsequent provability

Summary table of data management related to data processed during newsletter subscription and sending

Purpose:

Regular information to the recipient about the Data Controller’s latest promotions, events and news – essentially regular advertising

Data subject(s):

All natural persons who wish to be regularly informed about the Data Controller’s news, promotions and discounts, therefore subscribe to the newsletter service by entering their personal data

Source:

Data subject(s)

Scope of data

Purpose

Legal basis

Storage duration

E-mail address*

Identification, newsletter sending

Voluntary consent (GDPR Article 6. point (1) a), Act XLVIII Section 6. paragraph (2)

Until the data subject does not unsubscribe from the newsletter list, or

 

in the case of a consent confirmation request, the time limit for confirmation expires. If this is unsuccessful, the data will be deleted.

Name*

Identification

Technical data: date of subscription*

Subsequent verification

Technical data: date of acknowledgement of privacy policy 

Summary table of data management related to data provided on social media sites, especially facebook.com

Purpose:

Sharing, publishing and marketing the Data Controller’s content on social media

Data subject(s):

Natural persons who voluntarily follow, share, like or otherwise interact with the Data Controller’s social pages, especially the facebook.com social page or the content appearing on it

Source:

Data subject(s)

Scope of data

Purpose

Legal basis

Storage duration

Public name of the data subject

Identification of the data subject

Voluntary consent

Until erasure at the request of the data subject

Public photo of the data subject

Public e-mail address of the data subject

Contact

Message sent via the social media site by the data subject

Response

Evaluation or other action taken by the data subject

Evaluation or action

technical data: date of the action

Subsequent identifiability

Further information:

In connection with the facebook.com page, joint data management takes place with Facebook Ireland Limited. More information can be found on the social media page. 

Other information: data marked with * are required for data management.

Data Management Activity of Evolution Consulting Ltd.

Evolution Consulting Ltd. participates as Data Controller in the following activities:

Purpose:

HRmaster is a modularly structured integrated software system developed with modern web technology. It is possible to introduce the system as a whole or separately for each component, as well as to expand it in a customized way if necessary. The purpose of processing personal data is to provide and develop HR services for partners under contract with Evolution Consulting Ltd.

Data subject(s):

Employees of the data controller Partner (possibly persons in connection with them and recorded in Hrmaster)

Source:

Data controller Partner (typically the employer of the employee concerned)

Scope of data

Purpose

Legal basis

Storage duration

Personal data of the employees of the data management partners in a contractual relationship with Evolution Consulting Ltd. provided in connection with the employment last name, first name, birth name, title, place of birth, date of birth, mother’s name, citizenship, tax number, social security number), contact details (telephone number, permanent place of residence, e-mail address, fax), gender, marital status, salary, other data provided by the data management partner in connection with employment

The purpose of handling personal data is to provide and develop HR services for data management partners under contract with Evolution Consulting Ltd. Personal data is made available by HRMaster.

Statement of the data management partner (employer of the data subject) to Evolution Consulting Ltd., according to which the data subject acknowledges the transmission of his data to a third party

Until the termination of the contractual relationship with Evolution Consulting Ltd.

Data security:

Personal data is stored and processed on a server located in the data park of T-Systems Ltd. and Rack Forest Ltd. As a Data Controller, Evolution Consulting Kft. takes all administrative, computer and physical security measures in order to protect personal data from unauthorized access and loss. In the course of its activities, it ensures that the persons authorized to access the personal data concerned – if they are not otherwise under the scope of an appropriate confidentiality obligation based on legislation – undertake a confidentiality obligation with regard to the personal data they have become aware of.

Further information can be found in the relevant contract and data processing agreement.

Data subject rights

The relationships between the data subject’s rights and legal bases is presented in the following table, so that it is clear to the data subject what rights they can exercise in the case of the applied legal basis.

 

Right to prior information

Right of access

Right of dectification

Right of erasure

Limitaton

Data portability

Right to object

Withdrawal of consent

Consent

Agreement

Legal obligation

Vital interest

Public function, Public authority right.

Legitimate interest

Right of access by the data subject (Article 15 GDPR)

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer. The Controller shall provide a copy of the personal data undergoing processing.

Right to withdraw consent (Article 7 GDPR)

The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Right to rectification (Article 16 GDPR)

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.

Right to object (Article 21 GDPR)

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1).

The Controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject.

Right to restriction of processing (Article 18 GDPR)

The data subject shall have the right to obtain from the Controller restriction of processing if all the conditions specified in the GDPR are met, and in this case the Controller shall not perform any other operation with the data other than storage.

If the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.

Right to erasure (‘right to be forgotten’) (Article 17 GDPR)

The data subject shall have the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay if the data processing has no purpose, he or she has withdrawn their consent and there is no other legal basis, there is no overriding legal reason for the data processing in case of objection, or if the data were processed illegally in the first place, and the data must be deleted to fulfill a legal obligation. Where the Controller has made the personal data public and is obliged to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

Right to data portability (Article 20 GDPR)

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where legal conditions (automated data management and legal basis for consent or agreement) exist.

Where and how can the data subject request detailed information on data management and transmission, as well as where and how can they exercise their rights?

The Data Controller draws the attention of the data subjects that they can request for information and exercise their right of access, and other rights with a statement sent to the Data Controller’s post office (3515 Miskolc, Egyetemváros AFKI. ép. 2nd floor) or e-mail address (info@evolution-consulting.hu). The Data Controller examines and responds to the statments as soon as possible after receipt, and takes the necessary steps based on the provisions of the statement, the Internal Privacy Policy and legislation.

The authority’s contact information in case of a complaint (Article 77 GDPR):

Hungarian National Authority for Data Protection and Freedom of Information (NAIH)

Address: 1055 Budapest, Falk Miksa utca 9-11.
Mailing address: 1363 Budapest, Pf.: 9.
Telephone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
www: http://www.naih.hu
e-mail: ugyfelszolgalat@naih.hu

In the event of a violation of their rights, the data subject can also apply to the court competent for their place of residence and, among other things, demand damages 

Closed: November 18, 2022.
Dr. Csaba Mester
Evolution Consulting Ltd.

Evolution Consulting Kft.

    3515 Miskolc, Egyetemváros
    AFKI, 2. foor
      Support
        3515 Miskolc, Egyetemváros
        AFKI ép., 2. em.
          HRmaster rendszerrel
          kapcsolatos bejelentés
            advanced-floating-content-close-btn