Privacy Statement
Effix-Marketing Ltd. (hereinafter: Data Processor/Company; Registration number: 08 09 015713; Seat: 9400 Sopron, Malompatak u. 13.; representative: Péter Sándor Pakai, executive manager) as data processor, obliges itself to keep the rules described in this legal notice, moreover, it is committed to meet the requirements defined in this statement or in current legislation while processing data. It is a priority for the data processor to respect the informational self-determination of its business partners. It guarantees the confidentiality of personal data by technical, safety and organizational measures.
Further privacy policies in connection with data processing are constantly available on the following website: www.effix.hu
The Company reserves the right to modify this statement. It informs its partners and the public about possible changes in due time. Our colleagues are happy to answer any questions in connection with this statement.
The Company’s privacy principles are consistent with current privacy legislations, especially the following:
- European Parliament and Council (EU) Statute 2016/679 (27 April 2016) – about the protection of natural persons and personal data, the free flow of personal data and the repeal of Statute 95/46/EK (GDPR);
- Act CXII of 2011. “Privacy Act“
- Act V of 2013 on the Civil Code
- Act CVIII of 2001 on certain issues of electronic commerce services and information society services.
- Act C of 2003 on Electronic Communications
- Act XLVIII of 2008 on Essential Conditions of and Certain Limitations to Business Advertising Activity
- processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; (‘purpose limitation’);
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
- The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’).
- Has the right to know the purpose of the data management
- the categories of personal data concerned
- the recipients or categories of recipients to whom the personal data have been or will be communicated, including in particular third country recipients or international organizations
- where appropriate, the intended period for which the personal data will be stored or, if this is not possible, the criteria for determining this period
- He shall have the right to be informed of the right of the data subject to request the rectification, erasure or restriction of the processing of personal data concerning him or her and to object to the processing of such personal data; and whether to lodge a complaint with a supervisory authority
- He / she also has the right to be informed if the data is not collected directly from the data subject
- Furthermore, he / she has the right to be aware of the logic used in automated decision-making cases and of the importance of such data management and the expected consequences for the data subject.
- personal data are no longer needed for the purpose for which they were collected or otherwise processed
- the data subject shall withdraw his or her consent as the basis for the processing and there is no other legal basis for the processing
- the data subject is objecting to the processing under Article 21 (1) of the GDPR and there is no overriding legitimate reason for the processing, or the data subject has an objection under Article 21 (2)
- personal data have been unlawfully processed
- personal data must be deleted in order to comply with a legal obligation under Union or Member State law applicable to the controller
- personal data was collected in connection with the provision of information society services.
- the data subject disputes the accuracy of the personal data, in this case the limitation relates to the period allowing the controller to verify the accuracy of the personal data
- the data processing is unlawful, and the data subject opposes the deletion of the data, and asks instead to restrict their use
- the controller no longer needs the personal data for the purposes of data processing, but the data subject requires them to present, assert or defend a legal claim; or
- the data subject has objected to the processing in accordance with Article 21 (1); in this case, the restriction shall apply for a period until it is ascertained whether the data controller’s legitimate reasons take precedence over those of the data subject. For the duration of its assessment, but for no more than 5 days, the data manager shall suspend data processing, examine the merits of the protest and make a decision, which shall be communicated to the applicant
- the data subject consents to the data management;
- the processing of personal data is necessary for the enforcement of legal claims;
- it is necessary to process personal data in order to protect the rights of another natural or legal person; or
- law regulates data management in the public interest
- the legal basis for the processing was the data subject’s consent, or for the performance of a contract requiring the data subject to take action at the request of one of the parties or of the data subject prior to the conclusion of the contract [GDPR Art. (a) or (b) and Article 9 (2). (a)] and
- the data are managed in an automated way
- necessary for the conclusion or performance of a contract between the data subject and the controller;
- is made available by Union or national law applicable to the controller, which shall also lay down appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; or
- based on the explicit consent of the data subject.
- the direct cost of the medium in the case of paper copies;
- in the case of duplication on optical media, the direct cost of the medium;
- in the case of copies supplied by other electronic means, the direct cost of the media;
- in the case of postal delivery to the data requester, the postal service fee for a registered item sent by way of an additional receipt;
- the labour cost associated with completing the data request (the actual labour cost required to complete, retrieve, summarize and organize the data, make a copy of the data medium of the requested data, persons involved in the performance of a business shall be defined as the product of the amount of regular per-hour personal allowances.
1.) Privacy statement scope, concepts, definitions
This privacy statement is valid from 1 January 2020 until withdrawal.
Art. 4 GDPR Definitions for the purposes of this Regulation:
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
2.) Art. 5 GDPR Principles relating to processing of personal data
Personal data management related to the business activities of Effix-Marketing Kft. is based on voluntary consent. However, it may be the case that the management, storage, and transmission of a set of data provided is mandatory by law. We will inform those concerned separately.
Hereby, please note that it is the duty of the informant to obtain the consent of the data subject in the event that the informant does not provide his or her own personal data to the Company.
2.1 Personal data shall be:
2.2 Privacy Statement
It is available on the Controller’s website at all times. Acceptance of this prospectus constitutes a data management consent. The visitor confirms that he / she is familiar with the tick with the appropriate checkbox. Data processing may only take place if the data subject gives his or her voluntary, specific, informed and unambiguous consent to the processing of personal data relating to a natural person by means of a clear affirmative action, such as a written statement, including electronically.
The employee (s) of the Data Controller, or the employees of the companies involved in the data processing on behalf of the Data Controller, are obliged to keep the personal data known to them as business secrets.
In the course of their work, the employees of the Data Controller shall protect personal data from unauthorized access, familiarization, alterability, and destruction.
3.) Enforcing Data Subject’s rights
The data subject may request information on the processing of his / her personal data and request the rectification of his / her personal data; deleting your data at info@effix.hu; restrictions on data management; and has the right to data portability.
3.1 Right to information
The data subject has the right to request information from the Data Controller whether their personal data are being processed. In compliance with the requirements of the GDPR, the Company shall provide information in a concise, transparent, comprehensible and easily accessible form, in a clear and unambiguous manner.
3.2 Right to access
If the personal data of the data subject are being processed, he / she has the right to access the personal data and the following information:
3.3 Right to rectification
On the basis of the right of rectification, the data subject shall have the right to rectify any personal data relating to him or her without undue delay upon request. In view of the purpose of the processing, the data subject shall have the right to request that personal data which are incomplete be completed (including through a supplementary declaration)
Inaccurate data will be corrected by the Company at the request of the data subject without undue delay. As long as the Company verifies the accuracy of the personal data, the personal data in question may be restricted in accordance with section 3.5 of this Prospectus.
3.4 Right to erasure (‘right to be forgotten’)
The data subject shall have the right to have the personal data, relating to him / her, deleted without undue delay upon his / her request and the data controller shall have the right to delete the personal data relating to the data subject without undue delay if any of the following case:
3.5 Right to restriction of processing
The data subject shall have the right to request that the controller restrict the processing of data if any of the following applies:
If the protest is justified, the data is limited by the head of the department, meaning that only storage as data management can be implemented as long as
The controller shall inform in advance the data subject, at whose request the processing was restricted, before the restriction would be dissolved.
3.6 Right to data portability
The data subject shall have the right to receive personal data relating to him or her made available to the Company, in a structured, widely used, machine-readable format, and to transfer such data to another data controller without being hindered by that data controller who has made personal information available if:
3.7 Right to object
The data subject shall have the right to object at any time to the processing of his or her personal data based on Article 6 (1) (e) or (f), including profiling based on those provisions, for reasons related to his or her situation. In this case, the controller may not further process the personal data unless the controller demonstrates that the processing is justified by compelling legitimate reasons, which take precedence over the interests, rights and freedoms of the data subject, or which are necessary to assert, or defend legal claims related. The Managing Director of the Company shall be responsible for determining that the data processing is justified by compelling legitimate reasons. He / she shall inform the data subject of his /her point of view on the matter.
3.8 Automated individual decision-making, including profiling
The data subject shall have the right not to be subject to any decision based solely on automated data management, including profiling, which would have legal effects or be substantially affected by him.
The above paragraph shall not be applied where the decision:
3.9 Right to withdrawal
The data subject shall have the right to withdraw his or her consent at any time. This is without prejudice to the legality of consenting prior data management.
3.10 Rules of procedure
The Data Controller shall inform the data subject, without undue delay, within one month of receipt of the request, about the action taken on the request, under the right of information.
Regarding the complexity of the application and the number of applications, this time limit may be extended by a further two months, where justified. In such a case, the controller shall inform the data subject of the extension of the time limit, indicating the reasons for the delay, within one month of receipt of the request. The provision of information is, as a rule, free of charge, and the Data Controller will only charge for it in the cases specified in Articles 12 (5) and 15 (3) of the GDPR.
If the Data Subject’s request is clearly unfounded or excessive, the Company may charge a fee based on the following cost elements:
If the controller fails to take appropriate action on the data subject’s request without delay, he shall inform the data subject, not later than one month after receipt of the request, of the reasons for the non-action and of the right to lodge a complaint at a supervisory authority.
Unless it is proved impossible or requires a disproportionate effort, all previous recipients of the personal data will be informed by the Data Controller about any rectification, erasure, or restriction of data processing. At the request of the data subject, the controller shall inform those addressees. Notification may be dispensed with if this is not contrary to the legitimate interests of the data subject, having regard to the purpose of the processing.
3.11 Compensation and Grievance Fees
The Data Controller shall also indemnify for damages caused to others due to unlawful Processing of data, or breach of data security requirements, or damages for personal injury caused by him or her or its data processor. The controller shall be exempt from liability for damages and payment of damages if he proves that he is not liable in any way for the event giving rise to the damage.
3.12 Data protection authority procedure
The data subject may lodge a complaint to the supervisory authority regarding the data controller’s data processing procedure – the The National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság NAIH) in Hungary. (seat: 1055 Budapest, Falk Miksa utca 9-11 website: www.naih.hu)
3.13 Right to apply to the courts
The data subject may, if he or she so chooses, pursue his or her claim through the courts. The trial court shall have jurisdiction over the case. At the choice of the data subject, the lawsuit may be instituted before the court in the place where the data subject is domiciled or habitually resident.
4.) Data processing due to the business activities of the Data processor
4.1. Data processing due to the use of Data processor’s website www.effix.hu
4.1.1. Server logging of www.effix.hu
The webserver does not record user data when the website www.effix.hu is visited. The code of the website contains links coming from and indicating an external server. This external server is in contact with the user’s computer. We wish to inform our visitors that the suppliers of these links are capable of data collection after their server is directly connected. The user’s search engine may provide them with user data (e.g. IP address, operational system data, address of websites visited, time of visit, movement of the mouse).
An IP address is a series of numbers suitable for identifying users’ computers unequivocally when connected to the Internet. Even the geographical position of the user can be determined with the help of an IP address. The address of the visited website, dates, times of visits are not suitable for identifying users but when linked to further data (e.g. ones given during registration) they can help to draw conclusions about users.
Aim of data processing: | The service supplier records website visitors’ data in order to control the operation of services, to specify or complete visitors’ searches, to provide tailored services and to prevent misuse. |
Range of processed data: | Identification number, IP address of users’ computers, date of visit, time, visited website address, type of operation system and search engine. |
Legal basis of data processing: | Consent of affected data subject, and the E-Commerce Law 13/A. § (3). |
Duration of data storage: | 30 days |
Method of data storage: | Electronic |
4.1.2. Managing the cookies of external servers of www.effix.hu
An evaluation software runs on the website www.effix.hu records the data of visits. These are pieces of information that are generated automatically: IP address of visitors, data of sites opened, time of visit, name of search engine used.
Suppliers place so called cookies on the users’ computers in order to identify or track them. These cookies can be read during later Internet use. Cookies are alphanumeric information packages with various content sent by the web server. They are recorded and stored on users’ computers for a predetermined time period. The use of cookies enables the inquiry about certain user data and the tracking of Internet use. If a search engine sends a stored cookie back, the supplier belonging to the cookie may link the current visit of the user to earlier ones in the case of websites that use the given cookie.
Thus, cookies help to determine the interests of users, their internet usage customs, their website visiting history.
If a user’s search engine sends already saved cookies back to the hard drive while he/she is visiting the website, the supplier may link the current visit to earlier ones but since cookies are connected to domains, the supplier can do this with respect to his/her own content only. Cookies alone cannot identify users; they can only identify the visitor’s computer.
Google Analytics manages cookies when visiting www.effix.hu in order to operate their web analytics system. Further information about the data processing of www.google.com/analytics on: http://www.google.com/intl/hu/policies.
You can read a document about “how Google uses data when you visit the website or use an application of our partners” by clicking on the following link: http://www.google.com/intl/hu/policies/privacy/partners/
Google forwards information about website use (e.g. visitor’s IP address) generated by cookies to its US server and stores it there. Google does not link information generated by cookies to other data – as a result, it does not realize personal data processing according to valid privacy laws.
Users can delete cookies from their computers or they can block cookies in their search engines. You can manage cookies generally in the Setting menu of your search engine under Privacy Policy/Search History/Custom Settings by the label Cookies or Tracking.
The following external suppliers placed the following cookies on the website:
Cookie name | Comes from | Expiry | Description |
_ga | .effix.hu (Google analytics) | 2 years | _ga cookie is a cookie used by Google Analytics.
It is used to distinguish users. |
_gat | .effix.hu (GA) | 1 minute | It regulates the number of requests towards doubleclick.net. |
_gid | .effix.hu (GA) | 24 hours | It is used to distinguish users |
1P_JAR | .google.com | 1 week | A Google cookie, it is used for statistical data collection. |
DSID | .doubleclick.net | Session | See IDE |
IDE | .doubleclick.net | The main advertising cookie is called IDE; search engines store it under the domain doubleclick.net. | |
NID | .google.com | 6 months | Most Google users’ search engines store cookies in connection with settings, called “NID”. A NID cookie contains a unique identification number. Google uses it to store your preferences – e.g. preferred language, number of displayed search results (e.g. 10 or 20), Google secure search on or off – and other data. |
_icl_current_language | www.effix.hu (WPML) | 24 hours | A cookie used by WPML to store the current language code. |
_icl_visitor_lang_js | .effix.hu (WPML) | 24 hours | A cookie stored by WPML. Visitor’s language. |
wfvt_XXXXXXX | www.effix.hu (Wordfence) | 24 hours | A cookie used by Wordfence safety module. Tracking the sessions of visitors entered the webpage. |
wordfence_verifiedHuman | www.effix.hu (Wordfence) | 30 perc | A cookie used by Wordfence safety module. Blocking the robotic activities. |
Aim of data processing: | To analyse website visiting habits, to help visitors with contacting the Company |
Range of processed data: | Internet protocol (IP) address of visitors, time of visit, data of visited sites, name of search engine used |
Legal basis of data processing: | GDPR Article 6 Chapter (1) /a): consent of affected persons. |
Duration of data storage: | Maximum 2 years after data recording |
Method of data storage: | Electronic |
4.2. Event organization
The Company occassionally organizes events on various topics. In this context, the Company handles a number of data of the applicant.
4.2.1. Application for the event
Applications for events organized by the Company can be made by E-mail, electronically, by post or in person. In all cases, the following data treatments are implemented.
Aim of data processing: | Keeping in touch with the participants of the event, invoicing |
Range of processed data: | Name, company name, tax number, e-mail, telephone number, e-mail address for sending the electronic invoice, billing address and mailing address |
Legal basis of data processing: | GDPR Article 6 Chapter (1) /a): consent of affected persons, and GDPR Article 6 Chapter (1) /c):, and Act C of 2000 on Accounting / 167. § |
Duration of data storage: | Until the goal is achieved, within 3 months of the event, the data will be deleted. The accounting documents must be preserved by the Company up to 8 years according to the Act C of 2000 §169. Ellapsing 8+1 years all data well be deleted automatically. |
Method of data storage: | Elektronic and paper based |
4.2.2. Keeping attendance sheets
The Company keeps attendance sheets at the events organized by it, with the purpose to be able to prove that the person subjected has participated in the event. Accordingly, invoices may be issued, and the contract shall be so performed by the Company.
Aim of data processing: | Verification of performance of the contract |
Range of processed data: | Name, company name, signature |
Legal basis of data processing: | GDPR Article 6 Chapter (1) /b): the data management is necessary for the performance of the contract |
Duration of data storage: | Until the goal is achieved, the Company handles personal data until the expiration of any legal claims |
Method of data storage: | Elektronic and paper based |
4.2.3. Data transmission
The Company organizes certain events on a commission basis (eg with EU project funding). In the case of such events, the Company will forward the data on the application form and attendance form to the Customer / Project Monitoring Authority. In all cases, the Company informs the data subjects about the identity of the Customer. Pursuant to Article 14 of the GDPR, the Company’s principal undertakes to provide the information to the data subjects no later than one month after the receipt of the data. The legal basis for the data transfer in this case is the consent of the data subject – the data subject makes the consent with a separate invitation by applying for the event.
4.2.4. Follow-up
After the realization of the events, if required by the contract, the Company will send the documents of the event in electronic form to the E-mail address provided on the application form.
Aim of data processing: | Sending electronic documents in connection with the performance of the contract |
Range of processed data: | Name, E-mail address |
Legal basis of data processing: | GDPR Article 6 Chapter (1) /b the data management is necessary for the performance of the contract |
Duration of data storage: | Until the goal is achieved, within 3 months of the event, the data will be deleted. |
Method of data storage: | Elektronic |
4.3. Customer service
The Company manages the name, email address and phone number of the contact person of the contracting legal person in order to fulfil the contract (contracting, fulfilment, termination). The legal basis of data processing is the consent of affected persons – related contracts are content items of consent obligation in order to obtain given consent.
Aim of data processing: | Contact needed to meet the requirements of business partners. |
Range of processed data: | Contact person’s name, E-mail address, telephone number, address |
Legal basis of data processing: | GDPR Article 6 Chapter (1) /a): consent of affected persons. |
Duration of data storage: | Until aim is realized, or until the data subject expresses the wish his/her data to be deleted.. |
Method of data storage: | Electronic |
4.4. Electronic customer correspondence
If you wish to contact us in writing, you can access the data controller by using the contact form provided in this information leaflet or in the “Contact” menu item on the website. Using the contact form data, the system generates an e-mail, which is forwarded to the info@effixmarketing.eu mailbox.
Effix-Marketing Ltd will delete every email with the sender’s name, the date, the time and other personal data given in the message within maximum 5 years after data recording.
Aim of data processing: | Contact needed to meet the requirements of business partners. |
Range of processed data: | Contact person’s name, email address, telephone number, company address |
Legal basis of data processing: | GDPR Article 6 Chapter (1) /a): consent of affected persons. |
Duration of data storage: | Maximum 5 years after data recording or until the data subject expresses the wish his/her data to be deleted. |
Method of data storage: | Electronic |
4.6. Other data processing
We provide information about other types of data processing upon data recording. We inform our customers that the Court of Justice, the prosecutor, the investigative/offense/administrative authority, the National Authority for Data Protection and Freedom of Information and other authorities – based on legislative authorization – may ask or oblige the Data Processor to give information, to communicate data, to hand over data or to make documents available. In case the authority indicates the accurate aim and scope of data, Effix Marketing Ltd releases only data that are absolutely necessary to realize the aim described in the request.
5.) Data processors
The Company employs the following data processors for technical tasks exclusively during personal data processing:
Name of data processor: | Tárhely.eu Szolgáltató Kft. |
Address: | 1097 Budapest, Könyves Kálmán körút 12-14 |
Registration number: | 01-09-909968 |
Aim of data processing: | Webhosting provider |
Name of data processor: | JULAWELL Bt. , Juhászné Jakab Mária |
Address: | 9400 Sopron, Várkerület 31. |
MKVK membership number: | 001976 |
Aim of data processing: | Accounting, payroll administration |
Data processors carry out data processing in accordance with the instructions given by the Company, they make no substantive decisions about data processing, they process personal data they learn merely according to the Company’s orders, they are not allowed to process data for their own purposes, moreover, they must store and preserve personal data based on the Company’s orders.
Issues not defined in the current statement
GDPR and – if allowed by GDPR – rules defined in the Privacy Act are the governing rules in the case of issues not defined in this statement.