Data Processing and Privacy Policy
Effective from: January 1, 2024
1. Purpose of the Policy
Introduction
The purpose of this Data Processing and Privacy Policy (hereinafter: Policy) is to ensure the protection of the rights and legitimate interests of visitors and clients (hereinafter: Data Subjects) of the website https://alphaconsult.hu operated by the Data Controller during web-based data processing, and to promote data security during web-based and other data processing operations.
2. General Provisions
The Data Controller ensures the exercise of Data Subjects' rights as set forth in this Policy, respecting their rights during the data processing operations listed herein.
The Data Controller reserves the right to modify this Policy. Modifications may be made particularly when new data processing becomes necessary, due to changes in legislation, changes in regulatory practice, new security risks, or based on feedback from data subjects.
3. Scope of the Policy
3.1 Applicable Legislation
The following regulations apply to web-based data processing:
- Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Info Act)
- Act XLVIII of 2008 on the Basic Conditions and Certain Limitations of Economic Advertising Activity
- Act CVIII of 2001 on Certain Issues of Electronic Commerce Services
- Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR)
- Section 169 of Act C of 2000 on Accounting (retention of documents)
3.2 Material Scope
The material scope of this Policy extends to the following forms of web-based data processing:
- Contact inquiries
- Use of services
- Complaints and other legal claims
- Cookie management
- Accounting document management
3.3 Temporal Scope
The temporal scope of this Policy is from January 1, 2024 until withdrawal.
4. The Data Controller
Data Controller Information
| Name | ALPHA CONSULT Limited Liability Company |
| Registered Office | 1087 Budapest, Kerepesi út 29/C., Hungary |
| info@alphaconsult.hu | |
| Phone | +36 1 263-7786 |
| Registry Court | Budapest-Capital Regional Court as Court of Registration |
5. Purpose and Legal Basis of Data Processing
| Processing | Data Processed | Legal Basis | Retention |
|---|---|---|---|
| Contact | Name, email, phone, message | GDPR Art. 6(1)(a) consent | Until withdrawal |
| Service | Name, address, email, phone | GDPR Art. 6(1)(b) contract | Contract + 5 years |
| Invoicing | Name, address | GDPR Art. 6(1)(c) legal obl. | 8 years |
| Cookies | Technical data | GDPR Art. 6(1)(a) / (f) | Until deletion |
6. Principles of Data Processing
The Data Controller accepts and protects the data processing principles pursuant to Article 5 of the GDPR as binding:
- Lawfulness, fairness, and transparency - Personal data must be processed lawfully, fairly, and in a transparent manner in relation to the data subject.
- Purpose limitation - Personal data must be collected only for specified, explicit, and legitimate purposes.
- Data minimization - Data processing must be adequate, relevant, and limited to what is necessary.
- Accuracy - Personal data must be accurate and, where necessary, kept up to date.
- Storage limitation - Personal data must be kept in a form which permits identification of data subjects for no longer than is necessary.
- Integrity and confidentiality - Personal data must be processed in a manner that ensures appropriate security.
7. Data Subject Rights
Data subjects have the following rights in connection with the above data processing:
- Right to information - The data subject has the right to request information about data processing
- Right of access - The data subject has the right to access their personal data
- Right to rectification - The data subject may request rectification of inaccurate data
- Right to erasure - The data subject may request deletion of their data
- Right to restriction - The data subject may request restriction of data processing
- Right to object - The data subject may object to data processing
- Right to data portability - The data subject may request transfer of their data to another controller
- Right to lodge a complaint - The data subject may file a complaint with the supervisory authority
The Data Controller shall provide written information to the data subject within 30 days of submitting the request.
8. Supervisory Authority
Hungarian National Authority for Data Protection and Freedom of Information (NAIH)
| Address | 1055 Budapest, Falk Miksa utca 9-11., Hungary |
| Postal Address | 1363 Budapest, Pf.: 9. |
| Phone | +36 (1) 391-1400 |
| ugyfelszolgalat@naih.hu | |
| Website | https://naih.hu |
9. Data Security Measures
The Data Controller ensures the implementation of data security measures pursuant to the GDPR on the website and during the processing of personal data. The Data Controller takes all necessary measures to prevent the destruction, unauthorized use, or alteration of personal data.
Budapest, January 1, 2024