Date of issue: May 12, 2025
CONTENTS
3. THE PURPOSE OF DATA PROCESSING, THE DATA SUBJECTS
4. THE LEGAL BASIS, NATURE, AND CONSEQUENCES OF DATA PROCESSING
5. THE SCOPE AND SOURCE OF PROCESSED DATA
6. THE DURATION OF DATA PROCESSING
7. PERSONS WITH ACCESS TO PERSONAL DATA, AND THE DATA PROCESSOR
8. DATA TRANSFER, AUTOMATED DECISION-MAKING
9. THE RIGHTS OF THE DATA SUBJECT
1. LEGAL SOURCES
eCon Engineering Kft. – as the data controller – processes personal data to send newsletters.
The operation of the newsletter system and the drafting of the provisions of this information notice have taken into account:
- Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: Infotv.)
- Regulation (EU) 2016/679 of the European Parliament and the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (hereinafter: “GDPR”).
2. THE DATA CONTROLLER
Data Controller: eCon Engineering Kft.
Registered Office: 1116 Budapest, Kondorosi út 3. 4. em.
Contact Information: info@econengineering.com
3. THE PURPOSE OF DATA PROCESSING, THE DATA SUBJECTS
The Data Controller promotes its business activities and provides regular information regarding the Data Controller’s operations (for example, including events organized by the Data Controller) to employees, business partners, and other third parties by sending newsletters. The data subjects are those individuals who have subscribed to the newsletter with their email address, i.e., have given consent to the data processing.
4. THE LEGAL BASIS, NATURE, AND CONSEQUENCES OF DATA PROCESSING
The data processing is carried out on the legal basis specified in Article 6(1)(a) of the GDPR, i.e., based on the consent of the data subject. The data subject is not obliged to provide their consent. There are no adverse consequences for the data subject if they do not provide consent to the data processing. The data subject may withdraw their consent at any time, without providing a reason. The withdrawal of consent takes place by clicking the “unsubscribe” button in the newsletter. In addition, consent can also be withdrawn by sending a message to the marketing@econengineering.com email address.
5. THE SCOPE AND SOURCE OF PROCESSED DATA
The data processed includes the data subject’s name and email address, the name of the company for which the data subject is an employee, in the case of students, the name of the university where the data subject is a student, and the data subject’s professional areas of interest. The personal data is provided to the Data Controller by the data subject themselves.
6. THE DURATION OF DATA PROCESSING
The Data Controller stores the personal data until the withdrawal of consent, so the duration of data processing is indefinite. The data subject can determine the duration of data processing through the possible withdrawal of their consent.
7. PERSONS WITH ACCESS TO PERSONAL DATA, AND THE DATA PROCESSOR
The following individuals have access to the personal data:
– The data processor acting during the data processing activity;
– Those employees of the Data Controller who have access rights to the Bitrix system that allows them to access the data.
The Data Controller uses the services of the following data processor during the data processing activity:
– Bitrix24 (Alaio Cloud Limited Frema House, office 102, No. 9 Constantinou Paparigopoulou Str. 3106, Limassol, Ciprus)
8. DATA TRANSFER, AUTOMATED DECISION-MAKING
There is no transfer of data to third countries.
Automated decision-making does not occur during the data processing activity.
9. THE RIGHTS OF THE DATA SUBJECT
The data subject is entitled to exercise the following rights:
The Right to Withdraw Consent
In the case of data processing based on the data subject’s consent (Article 6(1)(a) of the GDPR), the data subject has the right to withdraw their previously given consent at any time. It does not affect the lawfulness of the data processing carried out based on consent before its withdrawal.
The Data Subject’s Right of Access
The data subject has the right to obtain confirmation from the Data Controller as to whether or not personal data concerning them is being processed. If such processing takes place, the data subject has the right to access the personal data and the information related to the data processing.
Where personal data is transferred to a third country or an international organization, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.
Upon the data subject’s request, the Data Controller shall provide the data subject with a copy of the personal data undergoing processing. For any further copies requested by the data subject, the Data Controller may charge a reasonable fee based on administrative costs. If the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a widely used electronic form. The right to obtain a copy shall not adversely affect the rights and freedoms of others.
The Right to Rectification
The data subject has the right to have inaccurate personal data concerning them rectified by the Data Controller without undue delay. Taking into account the purposes of the processing, the data subject shall also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
The Right to Erasure (“The Right to be Forgotten”)
The data subject has the right to have personal data concerning them erased by the Data Controller without undue delay where one of the following grounds applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) the data subject withdraws the consent on which the processing is based, and there is no other legal ground for the processing;
c) the personal data have been unlawfully processed;
d) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject.
Where the Data Controller has made the personal data public and is obliged according to the above to erase the personal data, the Data Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The right to restriction of processing
The data subject has the right to obtain from the Data Controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the Data Controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the Data Controller no longer needs the personal data for processing purposes, but they are required by the data subject for the establishment, exercise or defence of legal claims.
Notification obligation regarding rectification or erasure of personal data or restriction of processing
The Data Controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with the above to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The Data Controller shall inform the data subject about those recipients if the data subject requests it.
The right to data portability
The data subject has the right to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Data Controller. The aforementioned right shall not adversely affect the rights and freedoms of others.
For submitting a request regarding the exercise of the data subject’s rights, we recommend contacting the Data Controller at the contact details provided in point 2.
The data subject has the right to lodge a complaint with a supervisory authority (Nemzeti Adatvédelmi és Információszabadság Hatóság – National Authority for Data Protection and Freedom of Information, 1055 Budapest, Falk Miksa utca 9-11., https://naih.hu, phone number: +36 (1) 391-1400, postal address: 1363 Budapest, Pf. 9., email: ugyfelszolgalat@naih.hu). If the data subject is a foreign citizen, they may also lodge a complaint with the supervisory authority of their place of residence.
In the event of a violation of the data subject’s rights, they may appeal to a court. The Data Controller informs the data subject that any person who has suffered material or non-material damage as a result of a breach of the law is entitled to compensation from the Data Controller for the damage suffered under the rules of civil law.
Please, contact us before turning to the supervisory authority or to a court!
