For visitors and registered users of the https://www.egroup.hu website.

Effective 8 April, 2021

Introductory Provisions

E-Group ICT Software Informatikai Zártkörűen Működő Részvénytársaság (11 Kacsa utca, Budapest 1027 Hungary.; Company registration number: 01-10-045390; Court of Registry: Court of Budapest-Capital Regional Court; official address: info@egroup.hu / https://egroup.hu/company/contact-us/ ), (hereinafter: “E-GROUP”, “service provider”, “data controller”) as a service provider and data controller handles the data of the persons registered on the website during the operation of the website in order to provide them with a suitable service.

By using the https://www.egroup.hu website (hereinafter: website), you agree to be bound by the provisions of this Privacy Policy.

As data controller, Service Provider acknowledges that the content of this Privacy Policy is obligatory and undertakes that all data management and data processing related to its activities comply with the requirements specified in this Privacy Policy and the applicable legislation. By publishing this Privacy Policy, Service Provider ensures that the natural persons using the Services become acquainted with the relevant data protection rules before using the Service.

Service Provider provides services to both natural and legal persons, unincorporated companies, individuals (including, for example, lawyers, patent attorneys, notaries, sole proprietors, sole proprietorships etc.). The service mostly involves the processing of personal data, which may not be separate from the processing of company data. As personal data is any information about the data subject (Section 3 (3) of the Privacy Act), the data of employees, senior executives and private owners of companies (e.g. name, email address, telephone number etc.) are also considered personal data.

Service Provider continuously publishes this Privacy Policy on the www.egroup.hu website, and reserves the right to modify this Privacy Policy at any time, in which case it publishes a notice of the relevant changes on the www.egroup.hu website.

Service Provider is committed to the protection of the personal data of its partners and users, and considers it crucial to respect the right of its customers to informational self-determination. We treat personal data confidentially, in accordance with the applicable legal regulations, ensure their security, take the technical and organizational measures and establish the procedural rules necessary to enforce the relevant legal provisions and other recommendations.

Service Provider describes the principles of data processing below, presents the expectations it has formulated and adheres to, and declares that its data processing principles are in accordance with the current data protection legislation in force, as contained in this Privacy Policy.

In order to avoid and prevent abuses, Service provider stores certain personal and transactional data about the affected user even after the termination of the contractual relationship (e.g. account suspension, exclusion). The data is stored only for the purpose and to the extent that it is possible to prevent the excluded user from opening a new account on Service provider’s website, for the benefit of other users of the platform, thus preserving and ensuring its secure operation.

1. Name and contact of service provider, data controller

Company name:

E-GROUP ICT SOFTWARE Informatikai Zártkörűen Működő Részvénytársaság

Address:

11 Kacsa utca, Budapest 1027

 EU VAT number:

HU3665908

Name and address of website:

www.egroup.hu

The Privacy Policy is available at:

www.egroup.hu

E-mail:

info@egroup.hu / https://egroup.hu/company/contact-us/

Telephone number

+36-1-371-2555

2. Definitions

GDPR (General Data Protection Regulation) is the new Data Protection Regulation of the European Union;

3. Privacy Policy

The data controller declares that he/she manages personal data in accordance with the provisions of the Privacy Policy and complies with the provisions of the relevant legislation, in particular with regard to the following:

4. Legal basis, purpose and scope of the processing of personal data

4.1. During Service Provider’s data control, personal data may be processed if at least one of the following criteria is met:

The processing of all personal data relating to a data subject is based on voluntary consent, a legitimate interest substantiated by a balancing test, the performance of a contract or the fulfillment of a legal obligation.

If those who provide data to the Service Provider do not provide their own personal data, they are always obliged to obtain the consent of the data subjects. Service Provider excludes all liability for non-consent.

4.2. Registration

The purpose of data processing is providing service and contact.

The legal basis for data processing for registration purposes is the consent of the data subject.

Those involved in data processing are registered users of the website.

Duration of data control. The data processingis carried out until the consent is withdrawn. The data subject may withdraw his or her consent to the data processing at any time by sending a letter to the contact e-mail address. Service Provider stores personal data – in cases not otherwise indicated in this Privacy Policy – until the existence of the customer relationship and the enforcement of civil law claims.

The data will be deleted when the consent to the data processing is revoked. The data subject may withdraw his or her consent to data processing at any time by sending a letter to the contact e-mail address.

The data controller and its employees have the right to access the data.

Data is stored electronically.

Modification or deletion of personal data can be initiated by e-mail, telephone or letter using the contact options provided above.

The provision of personal data is absolutely necessary for identification in the databases and for maintain communication.

4.3. Request for information

Service provider provides you with the opportunity for you to be able to send a request for information on the website.

To do this, you must provide the following information:

The purpose of data processing: making a personalized offer.

Legal basis for data processing: your voluntary consent under Article 6 (1) (a) of the GDPR, based on adequate information.

Duration of data processing: Until the consent is withdrawn.

Please note that the withdrawal of consent does not affect the lawfulness of the data processing carried out with your consent prior to the withdrawal.

4.4. Use of cookies

Technical cookie: the cookies listed below are essential for the operation of the website, the service provider is entitled to use them without your permission:

The cookies listed below may only be used with your prior consent:

We use remarketing services to deliver our personalized ads to you:

Legal basis for data processing: your voluntary consent under Article 6 (1) (a) of the GDPR, based on adequate information.

Duration of data processing: Until the consent is withdrawn.

Please note that the withdrawal of consent does not affect the lawfulness of the data processing carried out with your consent prior to the withdrawal.

4.5. Social media sites – extensions (facebook, instagram)

Extensions on the Website are disabled by default. Extensions will only be enabled if you click the button to enable them. By enabling the extension, you are connecting to facebook.com; instagram.com and agree to the transfer of your data to the given service provider.

When you click the appropriate button, your browser transmits the relevant information directly to that social network and stores it there. More information about data processing can be found at the following link: https://www.facebook.com/about/privacy https://help.instagram.com/519522125107875

4.6. Social media sites

In order to use the services, the system automatically logs the following data:

Legal basis for data processing: legitimate interest of the service provider under Article 6 (1) (f) of the GDPR.

Duration of Data processing: 90 days from creation.

4.7. Balance of interest test

With regard to data processing under Article 6 (1) (f) of the GDPR.

Purpose of data processing: On the one hand, the use of this data is for technical purposes, such as analyzing the secure operation of servers, retrospective control, recording security deviations, and on the other hand, we use this data to compile site usage statistics and analyze user needs for improving the quality of services.

Legitimate interest of the data controller: Service provider has a legitimate interest in the availability and secure operation of the Website.

Rights and freedoms of the data subject with regard to the protection of personal data: The data controller is not able to identify the data subject from the above data. The data stored in the log files is not linked to any other information that would allow the person behind the data to be identified. The processing of the data does not affect the privacy of the data subject, his or her data protection rights and freedoms are not endangered by this data processing.

As a result of the balancing test, it can be concluded that the interest of the data subject does not take absolute precedence over the legitimate interest of the service provider, the data processing does not restrict the privacy of the data subject.

4.8. Data processing different from the above purposes

We may only process personal data relating to you for any purpose other than those set out above, in particular to increase the efficiency of the service or to conduct market research, with the prior determination of the processing of your data and with your consent.

This data may not be linked to your identifying data and may not be passed on to third parties without your consent.

We are obliged to delete this data if the purpose of data processing has ceased or if you have so provided.

Only our own employees, agents and other contributors who are required to know the data processed in order to fulfill their duties or perform the task to be performed by them have the right to access the personal data. We are obliged to ensure that those entitled to access the data we process comply with the provisions of this Privacy Policy and the applicable legislation at all times.

5. Processing the personal data of minors

The processing of personal data relating to information society services offered directly to children is lawful if the child has reached the age of 16.

Pursuant to Articles 6 (1) (a) and 8 of the GDPR, the processing of personal data of a minor who has reached the age of 16 is lawful only if and to the extent that the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes.

In the case of a child under the age of 16, the processing of children’s personal data is only lawful if and to the extent that the consent has been given or authorized by the person exercising parental control over the child. Service Provider hereby declares that it is not in a position to verify the consent described above.

6. Important data processing information

The purpose of data processing is to enable Service provider and Data Controller service provider to provide appropriate additional services to the visitors of the Website and the persons registered on the website during the operation of the Website.

The data subjects of the data processing are the visitors and registered users of the Website.

Duration of data processing. The duration of data processing always depends on the specific user purpose, but the data must be deleted immediately if the original purpose has already been achieved. Personal data is provided by the service provider in cases not otherwise indicated in this Privacy Policy. it is stored until the existence of the customer relationship and the enforcement of civil law claims.

The data subject may request the data controller to access, rectify, delete or restrict the processing of personal data concerning him or her and to object to the processing of such personal data, as well as to ensure the exercise of the data subject’s right to data portability.

Right to rectification and erasure of data. The data subject shall have the right, at the request of the data controller, to correct or supplement inaccurate personal data concerning him or her without undue delay, and shall have the right to delete personal data concerning him or her, whether accurate or inaccurate, without undue delay. The data controller is obliged to delete the personal data of the data subject without undue delay, unless there is another legal basis for the processing. If there is no legal impediment to the deletion, your data will be deleted.

Withdrawal of consent to data processing. The data subject may withdraw his or her consent at any time, but this shall not affect the lawfulness of the processing carried out prior to the withdrawal.

Modification or deletion of personal data, withdrawal of consent to data processing can be initiated by e-mail, telephone or letter using the contact options provided above.

The data controller and its employees have the right to access the data.

Filing a complaint. The person concerned may exercise the right to file a complaint with the supervisory authority at the contact details of the authority given below.

If the person concerned wishes to have the benefits of registration, e.g. to use the services of the Website in this regard, it is necessary to provide the requested personal data. The data subject is not obliged to provide personal data, and there are no adverse consequences for the non-provision of data. However, it is not possible to use certain functions of the Website without registration.

You can give your consent to the data processing by intentionally and explicitly ticking the blank checkbox on the website dedicated to this purpose.

In order to get to know the users, make the service provider’s activity easier as well as personalize the newsletter other direct marketing inquiries and services, additional information can be provided based on the data subject’s consent (e.g. where you first heard about the service provider’s services, gender, date of birth, education, occupation, marital status, field of work, at which bank you manage your current account, type of internet connection, operating system, type of browser, regularly visited pages, regularly visited e-commerce pages and interests).

In addition to the above, the database contains whether the user requested an e-mail newsletter or not, and if so, what content was requested pertaining to the newsletter, whether he or she consented to being served by the Service Provider for direct marketing purposes (e.g. by phone, SMS, and by e-mail or post).

You, as a data subject and user may object to the processing of your personal data, In this regard, you are entitled to proceed in accordance with the data processing information detailed above and this privacy notice, as well as the legislation described in this privacy notice.

Most of the information provided can be modified on the Website. You can initiate the deletion of the data from the user’s own personal menu / user account.

7. Website visitor details

When visiting Service Provider’s Website, Service Provider may record the users’ IP address and the date of the visit for technical reasons, and for the purpose of compiling statistics on user habits.

The legal basis for the processing of data is the legitimate interest of the service provider.

IP addresses are recorded anonymously, for statistical purposes, they do not contain the personal data of the visitors of the Website, they cannot be linked to them.

Duration of the storage of data: IP data is stored by the server for one month.

8. Newsletter

As the operator of the Website, we declare that we fully comply with the relevant legal provisions regarding the information and descriptions published by us. We further declare that when subscribing to the newsletter, we are not in a position to verify the authenticity of the contact information or to establish that the information provided relates to an individual or business. We treat companies that contact us as customer partners.

The purpose of data processing is to send professional brochures, electronic messages containing advertisements, information, newsletters, from which the recipient can unsubscribe at any time without consequences. The recipient may unsubscribe without any consequences, even if their business has been terminated, left the business, or someone has provided us with the recipient’s contact information.

The legal basis for data processing is the consent of the user. We inform you that the user may in advance and expressly consent to being contacted by Service Provider with advertising offers, information and other items at the e-mail address provided during registration. As a result, the user may consent to Service Provider processing the necessary personal data for this purpose. We would like to inform you that if you want to receive a newsletter from us, you must provide the necessary information. If you do not provide data, we will not be able to send you a newsletter.

Duration of data processing. The data will be processed until the consent is revoked. The user may revoke his or her consent to data processing at any time by sending a letter to the contact e-mail address. Personal data – in cases not otherwise indicated in this Privacy Policy – is provided by Service Provider and it is stored until the existence of the customer relationship and the enforcement of civil law claims.

The data will be deleted when the consent to the data processing is revoked. The user may revoke his consent to data processing at any time by sending an e-mail to the contact e-mail address. Consent can also be revoked based on the link in the newsletters sent out.

The data controller and its employees have the right to access the data.

Data is stored electronically.

Modification or deletion of data can be initiated by e-mail, telephone or letter using the contact options provided above.

Scope of data processed

Specific purpose for data processing

Name

Identification, contact.

E-mail

Identification, contact.

Date of subscription

Technical information operation.

IP address

Technical information operation.

Please note that neither your username nor your email address is required to include personally identifiable information. For example, it is not necessary for the user name or e-mail address to contain the user’s real name. The user is completely free to decide what username or email address to enter, it is not necessary for them to contain information indicating the user’s personal identity. An e-mail address, which is used for contact, is absolutely necessary for the newsletter or professional information sent to the user to reach its destination.

9. Data processors

Name and contact details of data processors:

1) Hosting provider: Service Provider also acts as a hosting provider as follows:

Name / Company name:

E-Group ICT SOFTWARE Zrt.

Headquarters:

11 Kacsa utca, Budapest 1027

Telephone number:

+36-1-371-2555

E-mail:

info@egroup.hu

The data provided by the user is stored on a server operated by the hosting provider. The data can only be accessed by Service Provider’s employees and the employees operating the server, but they are all responsible for the secure handling of the data.

Name of the activity: hosting service, server service.

The purpose of data processing: to make the website available and to ensure its operation.

Scope of data processed: all personal data provided by the data subject

Duration of data processing and deadline for deletion of data. Data processing is until the end of the operation of the website or a contractual agreement between the operator of the website and the hosting provider. If necessary, the user concerned can also request the deletion of his or her data by contacting the hosting provider.

Legal basis for data processing: the consent of the user concerned and statutory data processing (Section 5 (1), Article 6 (1) (a) of the Information Act, and Section 13 / A (3) of Act CVIII of 2001 on certain issues of electronic commerce services and information society services.)

Our servers, on which our egroup.hu system runs, are protected by a firewall, they are located in a secure physical environment, at a hosting provider or properly locked.

In the event of a physical or technical incident, the server service provider ensures the availability and restoration of the website data by means of a regular backup. Our server operator does not have access to personal data.

 

2.)

Name / Company name:

Google Inc.

Headquarters

1600 Amphitheatre Parkway, Mountain View, US, CA 94043

Privacy Policy:

http://www.google.com/intl/hu ALL/privacypolicy.html

Contact name:

Google Számítástechnikai Szolgáltató Korlátolt Felelősségű Társaság

Headquarters of contact:

26-28 Árpád fejedelem útja, Budapest 1023)

E-mail:

googlekft@google.com

We use Google Analytics software to obtain independent traffic and other web analytics data from the Website. By using the Website, you consent to the processing of your data by Google.

We reserve the right to use additional data processors in addition to those listed above by publishing the names and addresses of the additional data processors in a way that is accessible to users at the beginning of data processing at the latest.

10. Data processing rights

10.1. Right to request information and access

As a user, you can request information from us about the following via the contact details provided:

Upon your request, we will send you information immediately, but within 30 days, to the e-mail contact you provided. The information is free of charge. We will provide you with a copy of the personal data that is the subject of data processing. For any additional copies you request, the data controller will charge a reasonable fee based on administrative costs. If you have submitted your application electronically, we will provide the information in a widely used electronic format, unless you request otherwise.

If the request is manifestly unfounded or particularly repetitive due to its excessive nature, we may charge a reasonable fee, taking into account the administrative costs involved in providing the requested information or action or taking the requested action, or refuse to act on the request. It is in all cases up to us to prove that the request is manifestly unfounded or excessive.

10.2. Right of rectification

You, as an affected user, may request us to change any of your details through the contact details provided. We will take action on your request immediately, but within a maximum of 30 days, and we will send you information by e-mail. If true or additional information is not available, the rectifications and additions will be made through an supplementary declaration.

10.3. Right to cancellation

We are required to delete your personal data if

10.4. Right to blocking

You, as the user concerned, may request that your data be blocked from us via the contact details provided or on the basis of the information available to you, it is presumed that the deletion would harm your legitimate interests. Personal data blocked in this way may only be processed for as long as the purpose of the data processing, which precluded the deletion of personal data, exists. At your request, we will do this immediately, but within a maximum of 30 days, and we will send information to the email contact you provided.

10.5. Right to object

You, as the user concerned, may object to the data processing via the contact details provided. We will investigate the objection as soon as possible after the submission of the application, but not later than within 15 days, we will make a decision on its merits and we will inform you about the decision by e-mail.

You may object to the processing of your personal data,

If the objection is justified, we are obliged to terminate the processing of data, including further data collection and transfer, and to block the data, as well as to notify all persons to whom we have previously transferred the personal data concert by the objection and who are obliged to take action to enforce the right to objection. If you do not agree with our decision, or if we miss the 15-day deadline, you can appeal against the decision to the court upon receipt of the notification of the decision or within 30 days from the last day of the deadline.

10.6. Right to restrict data processing

We restrict data processing if any of the following is true:

If the processing is subject to restrictions, such personal data may be processed, with the exception of storage, only with your consent or for the purpose of making, enforcing or protecting legal claims or protecting the rights of another natural or legal person or in the important public interest of the European Union or a Member State.

10.7. Right to data portability

You have the right to receive personal data about you provided to us in a structured, widely used, machine-readable format, if technically feasible, if the data processing is based on your consent or contract and the data processing is automated.

If your request for rectification, restriction or deletion cannot be complied with, we will inform you in writing within 25 days of receipt of the request of the rejection of the request and the reasons for the rejection.

Your rights under section 10 may be restricted by law for the external and internal security of the state, such as national defense, national security, the prevention or prosecution of criminal offenses, the security of law enforcement, and the economic or financial interests of the state or local government, or the significant economic or financial interests of the European Union, and to prevent and detect disciplinary and ethical violations related to the pursuit of occupations, breaches of employment law and health and safety obligations, including, in any case, inspection and supervision, and to protect the rights of the Data Subject or others.

10.8. Possibility of enforcement related to data processing

In case you of illegal data processing experienced by you, as the user concerned, notify Service Provider so that the legal status can be restored within a short time. We will do our best to solve the problem outlined.

10.8.1. Complaints management

Data collection, scope of data processed and purpose of data processing:

Personal data

The purpose of data processing

Surname and family name

Identification, contact

Telefonszám

Contact

E-mail

Contact

Other

Handling issues arising regarding the Services.

Data subjects: All data subjects who make a complaint using the service.

Duration of data processing, deadline for deleting data: Data are stored until the enforcement of civil law claims.

Identity of potential data controllers entitled to access the data, recipients of personal data: Personal data may be processed by the data controller’s employees, respecting the above principles.

Description of the data subject’s rights with regard to data processing: The data subject may request the data controller to access, rectify, delete or restrict the processing of personal data concerning him or her and may object to the processing of such personal data, and the data subject and has the right to data portability and withdrawal of consent at any time.

Access to, deletion, modification or restriction of the processing of personal data, portability of data, objection to data processing can be initiated by the data subject in the following ways:

Legal basis for data processing: data subject’s consent, Article 6 (1) (c), Privacy Act Section 5 (1) and Article 17 A. § (7) of Act CLV of 1997 on consumer protection.

We inform you that the provision of personal data is based on a contractual obligation (a) the processing of personal data is a precondition for concluding the contract; (b) is required to provide personal information so that we can handle your complaint; (c) failure to provide information has the consequence that we are unable to handle your complaint received by us.

10.8.2. Data breach notice

If the data breach is likely to pose a high risk to the rights and freedoms of natural persons, we will inform you regarding the data breach without undue delay as follows:

The information provided to the data subject shall clearly and intelligibly describe the nature of the data breach and the name and contact details of the data protection officer or other contact person who provides further information; the likely consequences of the data breach must be disclosed; the measures taken or planned by the data controller to remedy the data breach must be disclosed, including, where appropriate, measures taken to mitigate any adverse consequences arising from the data breach.

The data subject need not be informed if any of the following conditions are met:

If the data controller has not yet notified the data subject of the data breach, the supervisory authority may, after considering whether the data breach is likely to involve a high risk, order that the data subject be informed.

Report a data breach to the authority. The data breach shall be reported by the data controller without undue delay and, if possible, no later than 72 hours after becoming aware of the data breach to the competent supervisory authority under Article 55 of the GDPR (e.g. NAIH – Hungarian National Authority for Data Protection and Freedom of Information), unless the data breach is unlikely to incur risks to the rights and freedoms of natural persons. If the notification is not made within 72 hours, the reasons for the delay must be provided.

Possibility to make a complaint. If you consider that the legal situation cannot be restored, notify the authority or the court:

11. Legislation underlying data processing

In preparing this Privacy Policy, we have complied with the following legislation: