Update: 2019.02.05.
Profexec Ltd. Data Protection Statement Concerning the Processing of Personal Data.
1. General Information
Profexec Services Limited Liability Company provides project management services,
project management and information security consultancy, as well as Information and
Communication Technology (ICT) consultancy. In the course of performing these
activities, it may become necessary to involve subcontractors. The purpose of this policy
is to ensure that the existing and/or future business partners and subcontractors of
Profexec Services Limited Liability Company (hereinafter: data providers) are informed
about the rules concerning the processing of personal data required for the provision of
services and the transfer of such data to the clients, principals, or customers of Profexec
Services Limited Liability Company.
In accordance with the relevant legislation, we provide detailed information below
regarding the processing of personal data voluntarily provided to Profexec Services
Limited Liability Company, in particular concerning: – the identity of the data controller, –
the duration of data processing, – the purpose and legal basis of data processing, – the
persons authorized to process and transfer data, – who may have access to the data, –
and the rights and remedies available to the data provider concerning data processing.
The Data Protection Policy is available at: www.profexec.com/hu/adatkezeles
2. Rules of Data Processing
2.1 Data Controller
Company Name:
Profexec Services Limited Liability Company
Registered Office:
1133 Budapest, Váci út 76.
Company Registration Number:
13-09-159774
Tax Number:
24148500-2-13
The managing director of the company, or a person appointed by him/her, is authorized
to carry out data processing.
2.2 Purpose of Data Processing, Persons Authorized for Data Transfer
The purpose of data processing is to evaluate the professional competence of persons
wishing to participate in providing project management services, project management
and information security consultancy, and ICT consultancy services for contractual or
potential partners. If adequate professional competence is established, the personal
data of the data provider may, with their specific information, be transferred to the client
or business partner of the data controller in order to involve the appropriately qualified
data provider in the performance.
Beyond the above, personal data may only be transferred if required by law or based on
the consent of the data provider.
In the course of assessing professional competences, the data controller may process
the following personal data (including but not limited to): – name of the data provider or
representative, – place of residence, – mother’s maiden name, – educational
qualifications, – place and date of birth, – other professional and language skills,
professional references, – marital status, – and any other data relevant to professional
and other suitability for the activity.
When processing personal data provided by data providers and during data transfers,
we comply with the following legal regulations: – Act CXII of 2011 on the Right of
Informational Self-Determination and on Freedom of Information, – Act CVIII of 2001 on
Certain Issues of Electronic Commerce Services and Information Society Services, – Act
V of 2013 on the Civil Code.
2.3 Duration of Data Processing
Personal data provided by the data provider will be retained by the data controller until
the consent of the data provider is withdrawn, or until a legal condition requiring the
deletion of such personal data arises.
2.4 Information on Rights and Remedies
The data provider may access their personal data at any time, request information on
processing and data transfers, and may modify, correct, or delete their registered data
by sending a written request to or by mail to the registered office
of the data controller.
The data controller will provide the requested information free of charge within 25 days
of receiving the request submitted to .
In the event of unlawful data processing or transfer, the data provider may enforce their
rights before a court of law under the above-mentioned legislation, or they may contact
the National Authority for Data Protection and Freedom of Information (1125
Budapest, Szilágyi Erzsébet fasor 22/c.; www.naih.hu).
Profexec Services Limited Liability Company reserves the right to unilaterally amend this
Data Protection Policy with prior notice to the data provider, publishing the notification on
its website. The data provider accepts the amended Data Protection Policy by granting
explicit consent after receiving such notification, or—if the amendment does not
substantially affect data processing—by providing further data after the amendment.
Budapest, May 18, 2018
Related Data Protection Information and Legislative Extracts for Profexec Ltd.
1. Act CXII of 2011
1.1 On Informational Self-Determination and Freedom of Information
Section 2 (1) This Act applies to all data processing and data management carried out
within the territory of Hungary concerning personal data, public data, or data public due
to public interest.
(2) This Act applies to both automated and manual data processing.
Section 3 – For the purposes of this Act: – Data subject: any natural person identified or
identifiable, directly or indirectly, by personal data. – Personal data: any data relating to
the data subject (e.g., name, ID, physical, physiological, mental, economic, cultural, or
social identity), and any inference drawn from such data. – Special categories of data:
data relating to racial or ethnic origin, nationality, political opinion or party affiliation,
religious or other beliefs, trade union membership, sexual life, health, addictions, or
criminal records. – Consent: a voluntary and explicit declaration of will by the data
subject, based on appropriate information, by which they give unambiguous consent to
the processing of their personal data. – Objection: a declaration by the data subject
objecting to data processing, requesting termination or deletion of data. – Data
controller: a natural or legal person, or organization without legal personality, who
determines the purpose of data processing, makes and implements decisions regarding
data processing (including tools used), or has them carried out by a processor. – Data
processing: any operation performed on data, regardless of method, including
collection, recording, organization, storage, alteration, use, retrieval, transfer,
publication, alignment, restriction, deletion, or destruction. – Data transfer: making data
accessible to a specific third party. – Data set: all data managed within a single record.
(… further sections continue as per Hungarian law …)
1.2 Data Protection Register
Section 65 (1) For transparency, the Authority maintains an official data protection
register of data processing activities, except for the cases defined in paragraph (3). This
register includes: – purpose and legal basis of processing, – categories of data subjects, –
description and source of data, – duration of processing, – types of data transferred,
recipients, and legal basis for transfer (including third countries), – name, address, and
activities of data controllers and processors, – applied data processing technologies, –
internal data protection officer’s contact information (if applicable).
