Date of issue: 23.01.2026.
CONTENTS
- Legal Sources
- The Data Controller
- The Purpose of Data Processing, the Data Subjects
- The Legal Basis, Nature and Consequences of Data Processing
- The Scope and Source of Processed Data
- The Duration of Data Processing
- Persons With Access to the Personal Data, and the Data Processor
- Data Transfer, Automated Decision-Making
- The Rights of the Data Subject
1. LEGAL SOURCES
eCon Engineering Kft. – as a Data Controller, processes personal data for the purposes of registration for events organised by it and for the production and use of images, video and audio recordings made at these events.
The following factors were taken into account during the data processing activities and drafting of this privacy notice:
- Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: Infotv.)
- Regulation (EU) 2016/679 of the European Parliament and the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (hereinafter: “GDPR”).
2. THE DATA CONTROLLER
Data Controller: eCon Engineering Kft.
Registered Office: 1116 Budapest, Kondorosi út 3. 3. 4. em.
Contact Information: info@econengineering.com
3. THE PURPOSE OF DATA PROCESSING, THE DATA SUBJECTS
The Data Controller regularly organizes various events and functions, for which the intention to participate can be indicated by registering on the Data Controller’s website, https://econengineering.com/. Such events and functions may include, for example, conferences, webinars, workshops, courses, and open days.
Beyond event registrations, the Data Controller also provides opportunities on its website for individuals to sign up for informational and promotional materials related to its products and services, and to register for the simulation competition organized by the Data Controller. During these registration processes, the Data Subject provides several personal data through the corresponding registration and contact forms available on the website.
Photographs and video recordings (including audio) (hereinafter: the “recording” or “recordings”) may be taken of participants at the events and functions. The Data Controller may use these recordings for marketing and promotional purposes. The aim of such marketing and promotional activities is to enhance the market presence of the Data Controller and thereby contribute to increasing its overall recognition. In the course of its promotional and marketing activities, the Data Controller may publish the recordings on the following platforms in order to promote its business activities:
- https://econengineering.com/ website,
- social media sites (Facebook, LinkedIn, Youtube, Instagram, Tiktok, Spotify),
- newsletters,
- flyers,
- informational materials,
- promotional videos,
- print and digital press products.
Following events and functions, the Data Subjects participating in such events may provide feedback to the Data Controller. Feedback is collected through questionnaires available in both online and paper-based formats. The questionnaires may be completed anonymously; however, at their own discretion, Data Subjects may provide their name, the name of their employer, or the name of the educational institution where they are employed or enrolled as a student. The purpose of the data processing related to these questionnaires is to allow the Data Controller to understand and evaluate feedback concerning the events. By providing personal data (such as name and company/institutional affiliation), the Data Controller gains more precise insights into the specific feedback of individuals. This information assists the Data Controller in planning future events and functions that align with demonstrated interests, and also addressing potential negative feedback during the organizational process to ensure a better participant experience in the future.
4. THE LEGAL BASIS, NATURE AND CONSEQUENCES OF DATA PROCESSING
The data processing is carried out on the legal basis specified in Article 6(1)(a) of the GDPR, i.e., based on the consent of the Data Subject. The Data Subject is not obliged to provide their consent. There are no adverse consequences for the Data Subject if they do not provide consent to the data processing, however, in certain cases, they will not be able to participate in the events and functions. The provision of personal data and consent to data processing primarily occurs by completing the registration form available on the Data Controller’s website at https://econengineering.com/.
Data Subjects may participate in events and functions without providing information related to food allergies. The provision of personal data concerning food allergies is always at the sole discretion of the Data Subject and based on their explicit consent. Data related food allergies and vehicle license plates is provided by the Data Subject in a separate declaration, not via the registration form on the website.
The Data Subject may withdraw their consent at any time, without providing a reason. Consent may be withdrawn by sending an email message to the Data Controller or by sending a letter to the Data Controller’s registered office.
Data Subjects are not obliged to provide their personal data on the questionnaires related to events and functions; these may be completed anonymously. The Data Subject shall suffer no disadvantage or adverse consequences of any kind if they choose not to provide their personal data on the questionnaire.
5. THE SCOPE AND SOURCE OF PROCESSED DATA
| PROCESSED DATA | PURPOSE OF DATA PROCESSING RELATED TO THE PROCESSED DATA |
| Name of the Data Subject | Contact with the Data Subject; collecting and evaluating feedback regarding events and functions |
| Job title/position of the Data Subject | Personalization of promotional materials related to the Data Controller’s products and services |
| Name of the organization employing the Data Subject and/or name of the educational institution attended by the Data Subject | Personalization of promotional materials related to the Data Controller’s products and services; collecting and evaluating feedback regarding events and functions |
| Email address of the Data Subject | Contact with the Data Subject |
| Phone number of the Data Subject | Contact with the Data Subject |
| Billing information of the Data Subject for paid events (name, address, tax number, if available) | Issuance of invoices with data content compliant with statutory requirements. |
| Vehicle license plate number | Provision of parking facilities for the Data Subject |
| Professional area of interest of the Date Subject | Personalization of promotional materials related to the Data Controller’s products and services; customization of event and course themes; and for professional events, ensuring the Data Subject connects with a Data Controller employee possessing relevant professional background |
| Food allergies | Provision of food suitable for consumption by the Data Subject during events and functions |
The scope of data processed regarding recordings made at events and functions, and the specific purposes of each data processing activity:
| PROCESSED DATA | PURPOSE OF DATA PROCESSING RELATED TO THE PROCESSED DATA |
| Photograph of the Data Subject | Promotional and marketing activities (see sections 3) |
| Audio recording of the Data Subject | Promotional and marketing activities (see sections 3) |
| Video recording of the Data Subject | Promotional and marketing activities (see sections 3) |
Personal data is provided to the Data Controller by the data subject themselves.
6. THE DURATION OF DATA PROCESSING
The Data Controller retains personal data (with the exception of data related to food allergies) until consent is withdrawn. Thus, the duration of data processing is indefinite, determined by the Data Subject through any potential withdrawal of consent.
Personal data related to the Data Subject’s food allergies and vehicle license plate number shall be deleted by the Data Controller no later than the fifth business day following the event or function (or the last day of a multi-day event).
7. PERSONS WITH ACCESS TO THE PERSONAL DATA, AND THE DATA PROCESSOR
The following individuals have access to the personal data (excludingr data related to food allergies):
- the data processor acting during the data processing activity;
- those employees of the Data Controller who have access rights to the Bitrix system that allows them to access the data.
During promotional and marketing activities, the Data Controller may utilize the platforms of the following service providers:
- Meta,
- LinkedIn,
- Google,
- Tiktok,
- Spotify,
- ByteDance,
- operators of other print and digital press products (e.g., Techmonitor, Gyártástrend, HVG, Autopro.hu, Műszaki Magazin, Portfolio.hu, Jövő Gyára, HEPA newsletter, MAJOSZ newsletter).
The aforementioned service providers may qualify as independent Data Controllers, in which case the provisions set forth in their respective privacy notices shall apply.
The Data Controller uses the services of the following data processor during the data processing activity:
- Bitrix24 (Alaio Cloud Limited Frema House, office 102, No. 9 Constantinou Paparigopoulou Str. 3106, Limassol, Cyprus)
The Data Controller does not record data related to the Data Subject’s food allergies in the Bitrix system, and data processors do not have access to it. Access to food allergies data is exclusively limited to those employees of the Data Controller who are responsible for organizing the respective event or function.
8. DATA TRANSFER, AUTOMATED DECISION-MAKING
There is no transfer of data to third countries.
Automated decision-making does not occur during the data processing activity.
9. THE RIGHTS OF THE DATA SUBJECT
The Data Subject is entitled to exercise the following rights:
The Right to Withdraw Consent
In the case of data processing based on the Data Subject’s consent (Article 6(1)(a) of the GDPR), the Data Subject has the right to withdraw their previously given consent at any time. It does not affect the lawfulness of the data processing carried out based on consent before its withdrawal. Withdrawal of consent does not require justification.
The Data Subject’s Right of Access
The Data Subject has the right to obtain confirmation from the Data Controller as to whether or not personal data concerning them is being processed. If such processing takes place, the Data Subject has the right to access the personal data and the information related to the data processing.
Where personal data is transferred to a third country or an international organization, the Data Subject shall have the right to be informed of the appropriate safeguards relating to the transfer.
Upon the Data Subject’s request, the Data Controller shall provide the Data Subject with a copy of the personal data undergoing processing. For any further copies requested by the Data Subject, the Data Controller may charge a reasonable fee based on administrative costs. If the Data Subject makes the request by electronic means, and unless otherwise requested by the Data Subject, the information shall be provided in a widely used electronic form. The right to obtain a copy shall not adversely affect the rights and freedoms of others.
The Right to Rectification
The Data Subject has the right to have inaccurate personal data concerning them rectified by the Data Controller without undue delay. Taking into account the purposes of the processing, the Data Subject shall also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
The Right to Erasure (“The Right to be Forgotten”)
The Data Subject has the right to have personal data concerning them erased by the Data Controller without undue delay where one of the following grounds applies:
(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b) the Data Subject withdraws the consent on which the processing is based, and there is no other legal ground for the processing;
c) the personal data have been unlawfully processed;
(d) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject.
Where the Data Controller has made the personal data public and is obliged according to the above to erase the personal data, the Data Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the Data Subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The Right to Restriction of Processing
The Data Subject has the right to obtain from the Data Controller restriction of processing where one of the following applies:
(a) the accuracy of the personal data is contested by the Data Subject, for a period enabling the Data Controller to verify the accuracy of the personal data;
(b) the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;
(c) the Data Controller no longer needs the personal data for processing purposes, but they are required by the Data Subject for the establishment, exercise or defence of legal claims.
Notification Obligation Regarding Rectification or Erasure of Personal Data or Restriction of Processing
The Data Controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with the above to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The Data Controller shall inform the Data Subject about those recipients if the Data Subject requests it.
The Right to Data Portability
The Data Subject has the right to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Data Controller. The aforementioned right shall not adversely affect the rights and freedoms of others.
For submitting a request regarding the exercise of the Data Subject’s rights, we recommend contacting the Data Controller at the contact details provided in section 2.
The Data Subject has the right to lodge a complaint with a supervisory authority (Nemzeti Adatvédelmi és Információszabadság Hatóság – National Authority for Data Protection and Freedom of Information, 1055 Budapest, Falk Miksa utca 9-11., https://naih.hu, phone number: +36 (1) 391-1400, postal address: 1363 Budapest, Pf. 9., email: ugyfelszolgalat@naih.hu). If the Data Subject is a foreign citizen, they may also lodge a complaint with the supervisory authority of their place of residence.
In the event of a violation of the Data Subject’s rights, they may appeal to a court. The Data Controller informs the Data Subject that any person who has suffered material or non-material damage as a result of a breach of the law is entitled to compensation from the Data Controller for the damage suffered under the rules of civil law.
Please, contact us before turning to the supervisory authority or to a court!
