DATA PROTECTION AND DATA MANAGEMENT INFORMATION

Solesco Zrt.

Effective: 20/12/2020

Solesco Zrt. (registered office: 1133, Budapest, Árbóc utca 6. 2nd floor, company registration number: 01-10-141159, tax number: 28973146-2-41 representative: Lamos Zsolt, e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it., phone: +36-30-546-7998, hereinafter: the Company) provides the following information in connection with its data processing activities in accordance with Regulation 2016/679 of the General Data Protection Regulation of the European Parliament and of the Council (hereinafter: GDPR).

1. Our data management activities:

• The Company acts as a data controller with regard to its personal data related to the following activities: receiving customer requests for quotations, making offers, concluding contracts,
• maintaining a customer relationship,
• establishing, maintaining and recruiting employment relationships

2. Scope of personal data managed by the Company:

During the Company's data management, the name, address, mother's name, place of birth, time, identity card number, telephone number, e-mail address (TAJ number, tax number, driving license number in case of employees), contact person's name in case of non-natural persons , phone number, email address.

3. The purpose of the Company's data management activities:

The Company handles the personal data it manages for the following purposes:

• for concluding and fulfilling the contracts necessary for the performance of its activities, for the enforcement of claims and rights arising from the contract, for keeping in touch, for invoicing,
• sending regular information letters related to your business,
• business strategy, marketing strategy, registration of partner data for business events,
• keeping the registers required by law related to the employees, preparing declarations and reports, fulfilling the rights and obligations arising from the employment relationship,
• recruitment and selection of future employees,
• enforcing the legitimate interests of the Data Controller.

 The Company may process Personal Data in order to achieve any of the data management purposes described above. The Company will not use the personal data provided for purposes other than those described in these sections.

4. Legal basis of the Company's data management activities:

• Consent of the data subject: voluntary consent of the user to the processing, based on appropriate information, in accordance with Article 6 (1) (a) of the GDPR;
• Contract performance: according to Article 6 (1) (b) of the GDPR, data processing is necessary for the performance of a contract in which the Data Subject is one of the parties;
• Fulfillment of a legal obligation: according to Article 6 (1) (c) of the GDPR, data processing is necessary to fulfill a legal obligation to the controller (such as accounting, bookkeeping, employment law reporting obligation);
• Legitimate interest: according to Article 6 (1) (f) of the GDPR, data processing is necessary for the legitimate interests of the controller or of a third party.

5. Information on the data processor:

The personal data managed by the Company, and the performance of labor and payroll accounting tasks of the employees are handled by Agmamas Kft. . The IT operations of the Company are performed by Adept Consulting Kft. as a data processor.

The transfer of data to the data processor may be carried out without the separate consent of the Data Subject. The release of personal data to third parties or authorities, unless otherwise provided by law, is only possible on the basis of an official decision or with the prior express consent of the Data Subject.

6. Data transmission:

In compliance with its legal obligations, the Company forwards the buyer and seller data, invoice items and invoice details on its invoices to the National Tax and Customs Administration (NAV).

The Company does not transfer personal data to a third country that is not a party to the GDPR, within the meaning of the GDPR, only to the data processor named in this prospectus, only for the specified purpose.

7. Principles of data management at the Company (hereinafter: Data Controller):

The data controller handles personal data in accordance with the principles of good faith and fairness and transparency, as well as the provisions of applicable law and this prospectus.

The personal data necessary for the performance of the services provided by the Data Controller shall be used by the Data Controller with the consent of the Data Subject and only for the intended purpose.

 The Data Controller handles personal data only for the purposes specified in this prospectus and in the relevant legislation.

The scope of the personal data processed is proportionate to the purpose of the data management and may not extend beyond it.

The Data Controller does not process the personal data of the person under the age of 18.

The data controller does not check the personal data provided.

The person who provided the data is solely responsible for the adequacy of the personal data provided.

The Data Controller shall not transfer the personal data managed by it to third parties other than the data processor specified in this prospectus and the state organizations specified for the fulfillment of the legal reporting obligation.

In certain cases, the Data Controller - due to a formal court or police request, legal proceedings for copyright, property or other infringements or a reasonable suspicion thereof, violation of the Data Controller's interests, endangering the provision of services 3, etc. - make the available personal data of the Data Subject available to third parties.

The Data Controller shall ensure the security of personal data, take the technical and organizational measures and establish procedural rules that ensure that the recorded, stored and processed data are protected, and prevent their accidental loss, unauthorized destruction, unauthorized access, unauthorized use and unauthorized alteration or distribution.

In order to fulfill this obligation, the Data Controller invites all third parties to whom it transmits personal data. Subject to the relevant provisions of the GDPR, the Data Controller is not obliged to appoint a Data Protection Officer.

8. Access to personal data of our Company employees:

In order to provide the service, the Company provides its employees with the necessary access to their work only to the personal data managed by it.

All access is logged, only the IT operator has access to the data backup function.

Data backup operations are performed by the Data Controller through the Data Processor, so in the event of a possible data recovery, employees will not have access to the saved personal data.

Employees of the Company do not have access to servers containing live data.

9. Rights of the Data Subject in relation to the processing of his / her personal data:

9.1.Right to access:

The Data Subject may request that the Company inform it whether it handles the Data Subject's personal data and, if so, grant it access to the personal data it manages.

The Data Subject may request information on the handling of personal data at any time in writing, by registered mail or by registered letter with acknowledgment of receipt, or by e-mail sent to This email address is being protected from spambots. You need JavaScript enabled to view it..

A request for information sent by letter shall be considered authentic by the Company if the Data Subject can be clearly identified on the basis of the sent request.

A request for information sent by e-mail is considered authentic by the Company only if it is sent by the Data Subject from the e-mail address provided by the Company, however, this does not preclude the Company from identifying the Data Subject in any other way before providing the information.

The request for information may cover the data of the Data Subject managed by the Company, their source, the purpose, legal basis, duration of the data processing, the names and addresses of any Data Processors, and activities related to data management.

9.2.Right to rectification:

The Data Subject may request the correction, clarification or modification of the personal data managed by the Company. Taking into account the purpose of the data processing, the Data Subject may request that the incomplete personal data be supplemented. Once the request to change personal data has been fulfilled, the previous (deleted) data can no longer be restored.

9.3.Right to cancel:

• The Data Subject may request the deletion of personal data managed by the Company. Deletion can be denied

For the purpose of exercising the right to freedom of expression and information, or

• if the processing of personal data is authorized by law; and
• to submit, enforce or defend legal claims. In all cases, the Company shall inform the Data Subject of the refusal of the cancellation request, indicating the reason for the refusal of the cancellation.

Once the request for deletion of personal data has been fulfilled, the previous (deleted) data can no longer be recovered.

9.4.Right to restrict data management:

The Data Subject may request that the processing of his or her personal data be restricted by the data controller if the Data Subject disputes the accuracy of the personal data processed. In this case, the restriction applies to the period of time that allows the Company to verify the accuracy of the personal information. The Company shall mark the personal data processed by it if the Data Subject disputes its correctness or accuracy, but the inaccuracy or inaccuracy of the disputed personal data cannot be clearly established. The Data Subject may also request that the processing of his / her personal data be restricted by the Data Controller if the purpose of the data processing has been achieved, but the Data Subject requires their processing by the Data Controller in order to submit, enforce or protect legal claims.

9.5.Right to protest:

The Data Subject may object to the processing of his / her personal data,

• if the processing of Personal Data is necessary only for the fulfillment of a legal obligation to the Data Controller or to enforce the legitimate interest of the Data Controller or a third party;
• if the purpose of the Data Management is direct business acquisition, public opinion research or scientific research; obsession
• if the Data Management is carried out in order to perform a task in the public interest.

The Data Controller examines the lawfulness of the data subject's protest and, if the protest is substantiated, terminates the data processing and blocks the processed personal data, and notifies all those to whom the personal data affected by the protest have previously been transferred of the protest and the measures taken.

9.6.Right to withdraw consent:

The Data Subject has the right to withdraw his or her consent to the processing of personal data processed with his or her consent at any time. The withdrawal shall not affect the lawfulness of the data processing prior to the withdrawal of the consent. You can withdraw it by sending an e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it..

9.7.Right to data portability:

The Data Subject may request that the personal data provided by him or her be provided to the data controller, either on paper or in a structured, widely used machine-readable format (XML / XLS / CSV) and / or to another data controller upon the Data Subject's request. forward to the Data Controller.

10. Data security:

In order to protect the data, the Company has implemented and applied the following information security measures:

10.1. Physical security

The headquarters has an electronic access system and a reception service. A camera system is in place at the Company's headquarters and premises, providing security against unauthorized or violent intrusion, fire or natural disaster. We store paper-based personal data in a closed place to which only those with access rights can open it.

10.2. Data security in the IT infrastructure Personal data is stored on servers provided by the hosting provider, which can only be accessed by a very limited number of personal and employee staff under strict authorization management rules. We systematically and regularly test and verify IT systems to establish and maintain data and IT security.

Office workstations are password protected, the use of foreign media is regulated and is only allowed under secure conditions, after inspection.

All of our systems and system components are protected against regular and ongoing malware.

In the design, development, testing, and operation of programs, applications, and devices, security functions are given priority and separation.

10.3. Data security in communication

With regard to messages and files transmitted electronically, we ensure the integrity of the data for both (communication) control and user data in order to meet the requirement of secure data exchange.

We use error detection and correction procedures to avoid data loss and damage. With regard to applications, passwords, permissions and other security-related parameters and data can only be transmitted encrypted.

Data prevention and repair procedures are used to prevent data loss and damage and to ensure non-repudiation.

In the case of the network used for data transmission, we ensure the prevention of illegal connection and eavesdropping in a manner appropriate to the level of security.

10.4. Data security during records management

We also comply with the data security requirements, which are set out in the records management regulations.

Records are handled according to written authorization levels, in accordance with the security standards applied to the confidentiality of each record.

We have detailed and strict rules for the destruction, storage and publication of documents.

11.Measures

In the event of a data protection incident Any data protection incidents that may arise will be reported to the supervisory authority in accordance with the law within 72 hours of becoming aware of the data protection incident, and we will also keep a record of the data protection incidents.

In cases specified by law, we also inform those concerned about the incident.

12. Duration of Data Management

We keep the data included in the contract concluded with the customers for 5 years after the performance of the contract.

In order to comply with the requirements of accounting and tax legislation, personal data in this area will be kept for seven years after the closed tax year.

Documentation related to the employment relationship will be kept for 4 years after the termination of the employment relationship.

We will keep the personal data you provide during the subscription to the newsletter for 3 years.

13. Enforcement possibilities You can contact the Company with any questions or remarks related to data management at the following contacts: e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it., phone: +36-30-546-7998.

With the complaint of the Data Subject concerning the data management carried out by the Company directly to the National Data Protection and Freedom of Information Authority (address: 1125 Budapest, Szilágyi Erzsébet fasor 22 / c .; phone: + 36-1-391-1400; e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it. website: www.naih.hu).

In case of violation of the rights of the Data Subject, he / she may go to court. The trial falls within the jurisdiction of the tribunal.

The action may, at the option of the person concerned, also be brought before the court of the place where the person concerned is domiciled or resident. Upon the request of the Data Controller, the User shall be informed of the possibility and means of legal remedy.

14. Definitions used in the prospectus:

14.1. "personal data":

any information relating to an identified or identifiable natural person ("data subject"); identifies a natural person who, directly or indirectly, in particular by an identifier such as name, number, location, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable;

14.2. "data handling":

any operation or set of operations on personal data or files, whether automated or non-automated, such as collecting, recording, organizing, segmenting, storing, transforming or altering, querying, inspecting, using, communicating, transmitting, distributing or otherwise making available , harmonization or interconnection, restriction, deletion or destruction;

14.3. "Data controller" means:

a natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law;

14.4. "Data processor" means:

a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;

14.5. "Data subject's consent" means:

a voluntary, specific and well-informed and clear statement of the will of the data subject, by which he or she indicates his or her consent to the processing of personal data concerning him or her by means of a statement or an act which unequivocally expresses the confirmation;

14.6. "Data protection incident" means:

a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise handled.

Budapest, December 20, 2020

Solesco Zrt.