We prioritize the protection of your personal data. This Privacy Notice outlines the types of personal data we process about you, the purposes for which we use this data, and the legal basis for our processing. Additionally, it explains your rights regarding your personal information.
Personal data of customers and enquirers is processed jointly by:
1.)
Data Controller: United Consult Plc.
Headquarters: 1117 Budapest, Dombóvári út 26.
Company Registration Number: 01-10-141235
Tax Number: 29139727-2-43
Contact of the Data Protection Officer: info@united-consult.hu
2.)
Data Controller: UC Hire Lab Plc.
Headquarters: 1037 Budapest, Hunor utca 62. Tt 7. door
Company Registration Number: 01-09-426018
Tax Number: 28793487-2-41
Contact of the Data Protection Officer: info@uchirelab.hu
3.)
Data Controller: UC Innovations Plc.
Headquarters: 7030 Paks-Dunakömlőd, Radnóti Street 9.
Company Registration Number: 17-09-004939
Tax Number: 13194318-2-17
4.)
Data Controller: UC Big Data Plc.
Headquarters: 1117 Budapest, Dombóvári Street 26.
Company Registration Number: 01-10-143058
Tax Number: 32684715-2-43
5.)
Data Controller: UC CRM Solutions Plc.
Headquarters: 1117 Budapest, Dombóvári Street 26.
Company Registration Number: 01-10-143062
Tax Number: 32685895-2-43
Personal Data: any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Such typical personal data include in particular: name, address, place and date of birth, mother’s name.
Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Controller: the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the Controller or the specific criteria for the designation of the Controller may also be determined by Union or Member State law.
Data Processor: a natural or legal person, public authority, agency or any other body that processes personal data on behalf of the Controller.
Recipient: the natural or legal person, public authority, agency or any other body to whom or with which the personal data is disclosed, whether or not a third party.
The Data Controller shall process personal data in accordance with the following principles, so that personal data are:
| Purpose of data processing | Making contact, maintaining contact |
| Legal basis for processing | Article 6(1)(b) GDPR: necessary for the performance of the contract or for taking steps at the request of the Data Subject prior to the conclusion of the contract |
| Categories of Affected Persons | Interested |
| Scope of personal data | Name, title, company name, telephone number, email address |
| Data retention time | Until the end of the 2nd year after contact |
| Data transmission | No transfer of data under Articles 44-49 of the GDPR |
| Addressees | The Data Controller uses Data Processor(s): – Salesforce system operator: SFDC Ireland Ltd. (headquarters: Block A, Nova Atria North, Sandyford Business District 18 Dublin, Ireland) – system administrator: Tpax Kft. (headquarters: 1107 Budapest, Zágrábi utca 1. 4. floor. 404., company registration number 01-09-277343) – website developer: Cantinart Kft. (registered office: 1136 Budapest, Hollán Ernő u. 19-21. V. floor 2.; company registration number: 01-09-963209) |
| Source of data | The source of personal data is the interested party |
| How to provide data, consequences | The data must be provided. If you do not provide the personal data, the Data Controller will not be able to contact you. |
| Purpose of data processing | Contact us by email |
| Legal basis for processing | Article 6(1)(b) GDPR: necessary for the performance of the contract or for taking steps at the request of the data subject prior to the conclusion of the contract |
| Categories of Affected Persons | Interested |
| Scope of personal data | Name, title, company name, telephone number, email address |
| Data retention time | Until the end of the 2nd year after contact |
| Data transmission | No transfer of data under Articles 44-49 of the GDPR |
| Addressees | The Data Controller uses the services of Data Processor(s): – mail system provider: Microsoft Magyarország Kft. (registered office: 1031 Budapest, Graphisoft Park 3., company registration number: 01-09-262313) – Salesforce system operator: SFDC Ireland Ltd. (registered office: Block A, Nova Atria North, Sandyford Business District 18 Dublin, Ireland) |
| Source of data | The source of personal data is the interested party |
| How to provide data, consequences | Providing this information is optional. If you do not provide the personal data, the Data Controller will not be able to contact you. |
| Purpose of data processing | Direct marketing enquiry |
| Legal basis for processing | Article 6(1)(a) GDPR: consent |
| Categories of Affected Persons | Any natural person |
| Scope of personal data | Name, phone number, email address |
| Data retention time | Until 30 days from the date of withdrawal of consent or unsubscription |
| Data transmission | No transfer of data under Articles 44-49 of the GDPR |
| Addressees | The Data Controller uses Data Processor(s): – The Salesforce system is operated by SFDC Ireland Ltd., Block A, Nova Atria North, Sandyford Business District 18 Dublin, Ireland – website developer: Cantinart Kft. (headquarters: 1136 Budapest, Hollán Ernő u. 19-21. building A. V. floor 2.; company registration number: 01-09-963209) |
| Source of data | The source of personal data is the subscriber to the newsletter |
| How to provide data, consequences | Providing data is voluntary. If you do not provide the personal data, the Data Controller will not be able to send you a newsletter. |
| Purpose of data processing | Issuing an invoice |
| Legal basis for data processing | Article 6(1)(c) GDPR: fulfilment of a legal obligation: section 159(1) of the VAT Act |
| Categories of Affected Persons | Client |
| Scope of personal data | Name, address, tax number (for business customers) |
| Data retention time | Pursuant to paragraphs (1) and (2) of § 169 of the Accounting Act 8 years |
| Data transmission | No transfer of data under Articles 44-49 of the GDPR |
| Addressees | The Data Controller uses Data Processor(s): – accounting: INTIA Kft. (registered office: 1037 Budapest, Hunor utca 62. wtér 7. door, company registration number: 01-09-700139) – invoicing software: rEVOLUTION SOFTWARE Ltd. (registered office: 133 Budapest, Váci út 76, 7th floor, company registration number: 01-09-167693) The Data Controller shall provide data to the National Tax and Customs Administration (NAV) in accordance with point 1 of Annex 10 of Act CXXVII of 2007 on Value Added Tax (VAT Act). |
| Source of data | Source of personal data is the customer |
| How to provide data, consequences | The data must be provided. If you do not provide the personal data, the Data Controller will not be able to fulfil its billing obligations. |
In the case of its contracted partners, the Data Controller communicates and maintains business relations through its contact person specified in the contract. In this process, the Controller processes the contact person’s personal data as follows:
| Purpose of data processing | For the purpose of implementing the contract between the Data Controller and the partner, to maintain communication and cooperation |
| Legal basis for processing | Article 6(1)(f) GDPR: legitimate interest |
| Categories of Affected Persons | Partner |
| Scope of personal data | Name, company name, position, telephone number, e-mail address |
| Data retention period | Until the end of the 5th year following the performance or termination of the contract |
| Data transmission | No transfer of data under Articles 44-49 of the GDPR |
| Addressees | The Data Controller uses Data Processor(s). The Data Controller records the personal data of the Partner’s contacts in a CRM system. The operator of the customer relationship management software: – The Salesforce system is operated by SFDC Ireland Ltd., Block A, Nova Atria North, Sandyford Business District 18 Dublin, Ireland |
| Source of data | Source of personal data is the Partner’s contact person |
| How to provide data, consequences | The data must be provided. If you do not provide the personal data, the Data Controller will not be able to reconcile with the Partner |
Personal data may be accessed by competent staff of the Data Controller to the extent necessary for the performance of their tasks.
The Data Controller shall take appropriate IT, technical and personnel measures to protect the personal data it processes against, inter alia, unauthorised access or unauthorised alteration.
The Website uses cookies.
A cookie is a file that is placed on your computer when you visit a website. A cookie is a packet of information that is sent by the server to the browser, and then each time a request is made, the browser sends it back to the server with the data content specified by the server. The purpose of this is to save the Internet settings of the website you are visiting, so that when you visit the same website again from the same device, the site will remember the parameters you have set.
The cookie has countless functions. Cookies are most often used to personalise ads, services and analyse website traffic.
Under current legislation, a cookie can only be stored on your device if it is absolutely necessary, i.e. it is essential for the functioning of the website, and is called a ‘necessary cookie’. For all other types of cookies, your consent is required. You can view and set the cookies currently used on the website in a pop-up window when you access the website.
Modern browsers allow you to change cookie settings. Some browsers automatically accept cookies by default, but you can change this setting to prevent automatic acceptance in the future. In the event of a change, the browser will offer you the option to change the cookie setting each time you change it.
Given that the purpose of cookies is to support and facilitate the usability and processes of the website, it cannot be guaranteed that you will be able to use all the features of the website to their full extent if you disable cookies. The website may then function differently than intended in the browser.
Google Chrome · Firefox · Microsoft Internet Explorer 11 · Microsoft Internet Explorer 10 · Microsoft Internet Explorer 9 · Microsoft Internet Explorer 8 · Microsoft Edge · Safari
The Data Controller is available with a company profile on the following social media sites.
The operator of the social networking site is considered as an independent Data Controller and information on data management is available at the following links:
| Community page: | Name of data controller: | Contact details of the Privacy Notice: |
| Meta Platforms Ireland Ltd. (Merrion Road, Dublin 4 D04 X2K5, Ireland) | https://www.facebook.com/privacy/explanation | |
| Meta Platforms Ireland Ltd. (Merrion Road, Dublin 4 D04 X2K5, Ireland) | https://privacycenter.instagram.com/policy/? entry_point=ig_help_center_data_policy_redirect | |
| LinkedIn Ireland Unlimited Company (based in Wilton Plaza Wilton Place, Dublin 2 Ireland) | https://www.linkedin.com/legal/privacy-policy |
The Data Controller does not record and process personal data about the user of the given social networking site in its internal database and system.
| Data subjects’ rights in relation to data processing | Content of the Data Subject’s right to data processing |
| Right to information /Articles 13-14 GDPR/ | You have the right to be informed of the fact and purposes of the processing at the time of obtaining your personal data. The Controller shall also provide you with such additional information as is necessary to ensure fair and transparent processing, taking into account the specific circumstances and context in which the personal data are processed. You shall also be informed of the fact of profiling and its consequences. |
| Right of access /Article 15 GDPR/ | You have the right to request information as to whether your personal data is being processed and, if such processing is taking place, you have the right to be informed that the Data Controller: – which of your personal data – on what legal basis – for what purpose – for how long – to whom, when, on the basis of what law, to which of your personal data, to which of your personal data you have given access or to whom you have transferred your personal data – from what source your personal data originate (if not provided by you to the Data Controller) – whether automated decision-making is used and its logic, including profiling. |
| Right to rectification /Article 16 GDPR/ | At your request, you have the right to have inaccurate personal data concerning you corrected or incomplete personal data completed. You may therefore request the Controller to amend any of your personal data (for example, you may change your e-mail address or other contact details at any time). |
| Right to erasure (‘right to be forgotten’) /Article 17 GDPR/ | You have the right to have your personal data erased by the Controller at your request if one of the following grounds applies: – your personal data are no longer necessary for the purposes for which they were collected or otherwise processed – you withdraw your consent to the processing pursuant to Article 6(1)(a) or Article 9(2)(a) and there is no other legal basis for the processing – you have exercised your right to obtain the erasure of your personal data in accordance with Article 21. you object to the processing on the basis of Article 21(1) and there is no overriding legitimate ground for the processing, or you object to the processing on the basis of Article 21(2) – your personal data have been unlawfully processed – your personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject – your personal data have been collected in connection with the provision of information society services referred to in Article 8(1). |
| Right to restriction /Article 18 GDPR/ | You have the right to have the Data Controller restrict processing at your request if one of the following grounds applies: – you contest the accuracy of your personal data (in which case the restriction is for the period of time necessary to allow the Controller to verify the accuracy of the personal data) – the processing is unlawful and you oppose the erasure of the data and instead request the restriction of their use – the Controller no longer needs the personal data for the purposes of the processing but you require them for the establishment, exercise or defence of a legal claim you are no longer a data subject and you have a legitimate interest in the processing of your personal data under Article 21. You have objected to the processing in accordance with Article 21(1) (in which case the restriction shall apply for the period until it is established whether the legitimate grounds of the Controller override your legitimate grounds). |
| Right to data portability /Article 20 GDPR/ | You have the right to receive personal data concerning you which you have provided to a Data Controller in a structured, commonly used, machine-readable format and the right to transmit such data to another Data Controller without hindrance from the Data Controller to which you have provided the personal data, if: – the processing is in accordance with Article 6. processing is based on consent within the meaning of Article 6(1)(a) or Article 9(2)(a) or on a contract within the meaning of Article 6(1)(b), and – processing is carried out by automated means. You have the right to request, where technically feasible, the direct transfer of your personal data between Controllers. |
| Right to object /Article 21 GDPR/ | You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1)(e) or (f), including profiling based on those provisions. In this case, the Controller may no longer process your personal data, unless the Controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such purposes, including profiling, where it is related to direct marketing. |
| Right to withdraw consent /Article 7(3) GDPR/ | You have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of the processing based on consent prior to its withdrawal. You must be informed of this before consent is given. Withdrawal of consent shall be made possible in the same simple way as giving it. |
| Legal remedies | Content of the remedy |
| Right to lodge a complaint with a supervisory authority /Article 77 GDPR/ | If your right to the protection of your personal data is infringed, you may lodge a complaint with the following Authority: National Authority for Data Protection and Freedom of Information – headquarters: 1055 Budapest, Falk Miksa utca 9-11. – postal address: 1363 Budapest, Pf. 9. – telephone: +36 (1) 391-1400 – email: ugyfelszolgalat@naih.hu – website: www.naih.hu |
| The right to an effective judicial remedy against the Data Controller or the Data Processor (initiation of court proceedings) /Article 79 GDPR/ | You have the right to take legal action against the Data Controller or the Data Processor if you consider that the processing of your personal data is unlawful. The court will decide the case out of turn. In this case, you are free to decide whether to bring your action before the competent court in your place of residence or domicile. The courts can be contacted at: www.birosag.hu/torvenyszekek |
The Data Controller reserves the right to unilaterally amend this Privacy Notice. In particular, this Privacy Notice may be amended if necessary due to changes in legislation, data protection authority practices, business needs or other circumstances. At the Data Subject’s request, the Controller shall send him or her a copy of the current version of the Privacy Notice in the form agreed with him or her.
Budapest, 6 January, 2025
United Consult Plc.