Privacy Statement
Evolution Consulting Ltd. (registered office: 3515 Miskolc Egyetemváros AFKI ép. 2. em.), company registration number: 05-09-014424, tax number: 14020991-2-05, telephone number: +36 46 505 403, e-mail:
The Data Controller draws the attention of the interested parties to the fact that
- does not carry out joint data management.
- data subjects can exercise their rights (the right of access, the right of rectification, the right to erasure and the “right to be forgotten”, the right to block/restrict data, the right to object, the right to data portability, the right to withdraw consent, see the detailed descriptions of the rights at the end of the prospectus) by means of a statement sent to the e-mail address
info@evolution-consulting.hu or to any other contact information of the Data Controller. They can also file a complaint with the authority (contact information: NAIH, www.naih.hu) and, if they believe that their rights have been violated, they can apply to the competent court based on their place of residence. The Data Controller draws the attention of the data subjects that their exercise of rights may have conditions and limitations in relation to individual data management, which factors the Data Controller is obliged to examine in the case of data subjects exercising their rights. In the event that the data subject cannot exercise a right in connection with the given data processing, the Data Controller shall inform the data subject in writing (including electronically) of the factual and/or legal reasons that preclude/limit the exercise of the right and keeps a record of these instances.
- the Data Controller ensures within the scope of its tasks related to IT protection in particular:
- denying access by unauthorized persons to the devices used for data management (hereinafter: data management system),
- preventing unauthorized reading, copying, modification or removal of data carriers,
- preventing the unauthorized entry of personal data into the data management system, as well as the unauthorized access, modification or erasure of the personal data stored therein,
- preventing the use of data management systems by unauthorized persons via data communication equipments,
- that persons authorized to use the data management system only have access to the personal data specified in the access permit,
- that it can be checked and determined to which recipient the personal data has been transmitted or may be transmitted, or has been or may be made available to them via data communication equipments
- that it can be subsequently verified and determined which personal data was entered into the data management system, at which time and by whom,
- preventing unauthorized access, copying, modification or erasure of personal data during their transmission or during the transport of the data carrier,
- that the data management system can be restored in the event of a malfunction,
- that the data management system is functional, that a report is prepared on errors occurring during its operation, and that stored personal data cannot be changed even if the system operates incorrectly.
- the more detailed explanations of each data processing, defined below in tabular format, can also be found on paper at the Data Controller’s registered office, and the Data Controller will also send them electronically to the data subject upon request.
- profiling does not take place in relation to any data management.
- data may be disclosed to a third party in relation to data management, which is set out in the detailed information of the given data management.
- cookie policy has been defined separately.
- The data controller carries out other data processing, about which the relevant information can be found in other prospectuses that are formally separate from this prospectus.
Data management upon contact |
|||
Purpose: contacting the data subject based on prior consent |
|||
Data subject(s): Any natural person who can be identified based on the contact form data |
|||
Source: data subject(s) |
|||
Scope of data hendled |
Purpose |
Legal basis |
Storage duration |
Name |
Identification, form of address |
Prior and voluntary consent (GDRP Article 6 point (1) a) |
Until withdrawal of consent or cancellation request. In the absence of these, for a maximum of 3 years from the date of consent. |
Telephone number |
Actual contact |
||
E-mail address |
|||
Area of interest |
Designation of professional field for contact |
||
Technical data: date of consent* |
Subsequent verification |
||
Data transfer: does not happen |
|||
Automated data management, profiling: does not happen |
Summary table of data management related to data managed during continuous, regular contact with the data subject
Purpose: Maintaining contact with the data subject, answering and solving any questions, requests, etc. that may arise |
|||
Data subject(s): Every natural person, including a natural person acting on behalf of an organization, who is in constant or regular contact with the Data Controller in addition to a one-time request for information |
|||
Source: data subject(s) |
|||
Scope of data |
Purpose |
Legal basis |
Storage duration |
Data scope of name* e-mail address / mailing address / telephone number* content of a question or request information |
Identification, form of address Identification, contact Identification, contact response, information response, information |
Consent (GDPR Article 6. point (1) a) or
|
Until withdrawal of consent or cancellation request. In the absence of these, for a maximum of 3 years from the date of consent. |
Agreement, if the Data Controller and the data subject (as a natural person) have entered into an agreement with each other or |
During the civil-law limitation period |
||
the legitimate interest of the Data Controller, if the data subject is a representative or contact person in the agreement |
Summary table of data management related to data handled during the request for quotation
Purpose: |
Providing the data subject with a request for quotation |
||
Data subject(s): |
All natural persons who can be, or are identified with the data provided during the request for quotation |
||
Source: |
Data subject(s) |
||
Scope of data |
Purpose |
Legal basis |
Storage duration |
Name* |
Identification, form of address
|
Voluntary consent |
In the registration system: Until an erasure request or account termination
In the log file: during civil limitation period |
Linked data: company name* |
identification |
||
E-mail address* |
Contact, provide quotations |
||
Telephone* |
Contact |
||
Subject of request for quotations* |
Provide quotation |
Summary table of data management in connection with contract conclusion
Purpose: |
Conclusion and fulfillment of a contract |
||
Data subject(s): |
All natural persons who have been designated as a representative or contact person in the contract |
||
Source: |
Data subject(s) |
||
Scope of data |
Purpose |
Legal basis |
Storage duration |
Name of representative* |
Identification |
If the contracting party is a private individual, the legal basis for data management is the agreement, in the case of a representative or contact person, the legal basis for data management is the legitimate interest. |
For 8 years based on accounting regulations
Contact person information in a separate register until modification or erasure |
Representative’s contact information |
Contact |
||
Name of contact person* |
Identification and form of address of the contact person |
||
Contact person’s contact information* |
Contacting the contact person |
||
Signature of the representative* |
Binding, subsequent proof |
Summary table of data management related to data handled during issuing invoices
Purpose: |
Full implementation of legal obligations related to issuing invoices |
||
Data subject(s): |
All natural persons, including sole proprietors, whose data can be/is identified on the basis of the invoice (or an accounting document equivalent thereto) issued by the Data Controller |
||
Source: |
Data subject(s) |
||
Scope of data |
Purpose |
Legal basis |
Storage duration |
User account and data of the order* |
Identification of the data subject and the service to be invoiced |
Fulfillment of legal obligations according to Act CXXVII of 2007 and the decrees issued under the authority of this Act |
Based on Section 169 of Act C of 2000, the business year plus 8 years |
Data categories defined in Section 169-170 and 176 of Act CXXVII of 2007* |
|||
Technical data: date of invoicing* |
Subsequent identification |
Legitimate interest of the Data Controller, which is embodied in subsequent provability |
Summary table of data management related to data processed during newsletter subscription and sending
Purpose: |
Regular information to the recipient about the Data Controller’s latest promotions, events and news – essentially regular advertising |
||
Data subject(s): |
All natural persons who wish to be regularly informed about the Data Controller’s news, promotions and discounts, therefore subscribe to the newsletter service by entering their personal data |
||
Source: |
Data subject(s) |
||
Scope of data |
Purpose |
Legal basis |
Storage duration |
E-mail address* |
Identification, newsletter sending |
Voluntary consent (GDPR Article 6. point (1) a), Act XLVIII Section 6. paragraph (2) |
Until the data subject does not unsubscribe from the newsletter list, or
in the case of a consent confirmation request, the time limit for confirmation expires. If this is unsuccessful, the data will be deleted. |
Name* |
Identification |
||
Technical data: date of subscription* |
Subsequent verification |
||
Technical data: date of acknowledgement of privacy policy |
Summary table of data management related to data provided on social media sites, especially facebook.com
Purpose: |
Sharing, publishing and marketing the Data Controller’s content on social media |
||
Data subject(s): |
Natural persons who voluntarily follow, share, like or otherwise interact with the Data Controller’s social pages, especially the facebook.com social page or the content appearing on it |
||
Source: |
Data subject(s) |
||
Scope of data |
Purpose |
Legal basis |
Storage duration |
Public name of the data subject |
Identification of the data subject |
Voluntary consent |
Until erasure at the request of the data subject |
Public photo of the data subject |
|||
Public e-mail address of the data subject |
Contact |
||
Message sent via the social media site by the data subject |
Response |
||
Evaluation or other action taken by the data subject |
Evaluation or action |
||
technical data: date of the action |
Subsequent identifiability |
||
Further information: |
In connection with the facebook.com page, joint data management takes place with Facebook Ireland Limited. More information can be found on the social media page. |
Other information: data marked with * are required for data management.
Data Management Activity of Evolution Consulting Ltd.
Evolution Consulting Ltd. participates as Data Controller in the following activities:
Purpose:
HRmaster is a modularly structured integrated software system developed with modern web technology. It is possible to introduce the system as a whole or separately for each component, as well as to expand it in a customized way if necessary. The purpose of processing personal data is to provide and develop HR services for partners under contract with Evolution Consulting Ltd. |
|||
Data subject(s): |
Employees of the data controller Partner (possibly persons in connection with them and recorded in Hrmaster) |
||
Source: |
Data controller Partner (typically the employer of the employee concerned) |
||
Scope of data |
Purpose |
Legal basis |
Storage duration |
Personal data of the employees of the data management partners in a contractual relationship with Evolution Consulting Ltd. provided in connection with the employment last name, first name, birth name, title, place of birth, date of birth, mother’s name, citizenship, tax number, social security number), contact details (telephone number, permanent place of residence, e-mail address, fax), gender, marital status, salary, other data provided by the data management partner in connection with employment |
The purpose of handling personal data is to provide and develop HR services for data management partners under contract with Evolution Consulting Ltd. Personal data is made available by HRMaster. |
Statement of the data management partner (employer of the data subject) to Evolution Consulting Ltd., according to which the data subject acknowledges the transmission of his data to a third party |
Until the termination of the contractual relationship with Evolution Consulting Ltd. |
Data security: |
Personal data is stored and processed on a server located in the data park of T-Systems Ltd. and Rack Forest Ltd. As a Data Controller, Evolution Consulting Kft. takes all administrative, computer and physical security measures in order to protect personal data from unauthorized access and loss. In the course of its activities, it ensures that the persons authorized to access the personal data concerned – if they are not otherwise under the scope of an appropriate confidentiality obligation based on legislation – undertake a confidentiality obligation with regard to the personal data they have become aware of. Further information can be found in the relevant contract and data processing agreement. |
Data subject rights
The relationships between the data subject’s rights and legal bases is presented in the following table, so that it is clear to the data subject what rights they can exercise in the case of the applied legal basis.
|
Right to prior information |
Right of access |
Right of dectification |
Right of erasure |
Limitaton |
Data portability |
Right to object |
Withdrawal of consent |
Consent |
✔ |
✔ |
✔ |
✔ |
✔ |
✔ |
✖ |
✔ |
Agreement |
✔ |
✔ |
✔ |
✔ |
✔ |
✔ |
✖ |
✖ |
Legal obligation |
✔ |
✔ |
✔ |
✖ |
✔ |
✖ |
✖ |
✖ |
Vital interest |
✔ |
✔ |
✔ |
✔ |
✔ |
✖ |
✖ |
✖ |
Public function, Public authority right. |
✔ |
✔ |
✔ |
✖ |
✔ |
✖ |
✔ |
✖ |
Legitimate interest |
✔ |
✔ |
✔ |
✔ |
✔ |
✖ |
✔ |
✖ |
Right of access by the data subject (Article 15 GDPR)
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer. The Controller shall provide a copy of the personal data undergoing processing.
Right to withdraw consent (Article 7 GDPR)
The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Right to rectification (Article 16 GDPR)
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
Right to object (Article 21 GDPR)
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1).
The Controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject.
Right to restriction of processing (Article 18 GDPR)
The data subject shall have the right to obtain from the Controller restriction of processing if all the conditions specified in the GDPR are met, and in this case the Controller shall not perform any other operation with the data other than storage.
If the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.
Right to erasure (‘right to be forgotten’) (Article 17 GDPR)
The data subject shall have the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay if the data processing has no purpose, he or she has withdrawn their consent and there is no other legal basis, there is no overriding legal reason for the data processing in case of objection, or if the data were processed illegally in the first place, and the data must be deleted to fulfill a legal obligation. Where the Controller has made the personal data public and is obliged to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
Right to data portability (Article 20 GDPR)
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where legal conditions (automated data management and legal basis for consent or agreement) exist.
Where and how can the data subject request detailed information on data management and transmission, as well as where and how can they exercise their rights?
The Data Controller draws the attention of the data subjects that they can request for information and exercise their right of access, and other rights with a statement sent to the Data Controller’s post office (3515 Miskolc, Egyetemváros AFKI. ép. 2nd floor) or e-mail address (
The authority’s contact information in case of a complaint (Article 77 GDPR):
Hungarian National Authority for Data Protection and Freedom of Information (NAIH)
Address: 1055 Budapest, Falk Miksa utca 9-11.
Mailing address: 1363 Budapest, Pf.: 9.
Telephone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
www: http://www.naih.hu
e-mail:
In the event of a violation of their rights, the data subject can also apply to the court competent for their place of residence and, among other things, demand damages
Closed: November 18, 2022.
Dr. Csaba Mester
Evolution Consulting Ltd.
Evolution Consulting Kft.