Privacy Policy

Data management information - for the customer

The protection of personal data is extremely important to us, which is why in this Privacy Policy we describe what personal data we process about you, for what purpose and on what legal basis. The Data Protection Notice also contains your rights.

1. Data of Joint Controllers

Joint data management takes place during the processing of personal data of customers and interested parties:

1)

Data Controller: UNITED CONSULT Ltd.
Registered office: 1117 Budapest, Dombóvári út 26.
Company registration number: 01-10-141235
Tax ID: 29139727-2-43
Website:https://united-consult.hu/
Contact information of the Data Protection Officer: info@united-consult.hu

2)
Data Controller: UC Hire Lab Ltd.
Registered office: 1037 Budapest, Hunor Street 62. Tt 7. door
Company registration number: 01-09-426018
Tax ID: 28793487-2-41
Website:https://uchirelab.hu/
Contact information of the Data Protection Officer: info@uchirelab.hu

3)
Data Controller: UC Innovations Ltd.
Registered office: 7030 Paks-Dunakömlőd, Radnóti street 9.
Branch: 1117 Budapest, Dombóvári út 26.
Company registration number: 17-09-004939
Tax ID: 13194318-2-17
Website:https://united-consult.hu/
Email contact: info@united-consult.hu

4)
Data Controller: UC Big Data Ltd.
Registered office: 1117 Budapest, Dombóvári út 26.
Company registration number: 01-10-143058
Tax ID: 32684715-2-43
Website: https://united-consult.hu/bigdata
Email contact: info@united-consult.hu

5)
Data Controller: UC CRM Solutions Ltd.
Registered office: 1117 Budapest, Dombóvári út 26.
Company registration number: 01-10-143062
Tax ID: 32685895-2-43
Website: https://united-consult.hu/crmsolutions
Email contact: info@united-consult.hu

2. General legislation on which data processing is based

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (GDPR)
  • Act CXII of 2011 on the right to informational self-determination and freedom of information (Infotv.)
  • Act V of 2013 on the Civil Code (Ctk.)
  • Act CXXVII of 2007 on General Sales Tax (VAT Act)
  • Act C of 2000 on Accounting (Accounting TV.)
  • Act CXIX of 1995 on the Management of Name and Address Data for the Purposes of Research and Direct Marketing (DM Act)
  • Act CVIII of 2001 on certain issues relating to electronic commerce services and information society services (Eker tv.)
  • Act XLVIII of 2008 on the Basic Conditions and Certain Limits of Economic Advertising Activities (Grt.)

3. Concepts

Personal data:any information relating to an identified or identifiable natural person (“Data Subject”); identifiable is a natural person who can be identified, directly or indirectly, in particular on the basis of an identifier such as a name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person. Such typical personal data in particular: name, address, place and time of birth, mother's name.

Data management:the totality of any operation or operations performed on personal data or files in an automated or non-automated manner, including by collection, recording, organising, categorising, storing, transforming or altering, querying, viewing, using, communicating, transmitting, distributing or otherwise making available, coordinating or linking, restricting, erasure or destruction.

Data Controller:the natural or legal person, public authority, agency or any other body which determines, independently or jointly with others, the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the specific criteria for the designation of the Controller or the Controller may also be determined by Union or Member State law.

Data processor:the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the Controller.

Recipient:the natural or legal person, public authority, agency or any other body with whom the personal data is disclosed, whether third party or not.

4. Basic principles

When processing personal data, the Controller takes into account the following principles, such as personal data:

  1. its management must be carried out lawfully and fairly and in a manner that is transparent to the Data Subject (legality, due process and transparency)
  2. they are collected only for specific, clear and legitimate purposes and are not processed in a manner incompatible with those purposes; in accordance with Article 89 (1) GDPR, further processing for archiving purposes in the public interest, for scientific and historical research purposes or for statistical purposes shall not be considered incompatible with the original purpose (commitment to purpose)
  3. they must be adequate and relevant to the purposes of the processing and must be limited to what is necessary (data saving)
  4. be accurate and, where necessary, up to date; all reasonable measures must be taken to ensure that personal data inaccurate for the purposes of the processing are deleted or rectified without delay (accuracy)
  5. it must be stored in a form that allows the identification of Data Subjects only for the period necessary to achieve the purposes for which the personal data are processed; personal data may be stored for a longer period of time only if the processing of personal data is carried out for archiving purposes in the public interest in accordance with Article 89 (1) of the GDPR, for scientific and historical research purposes or for statistical purposes, in this Regulation the Data Subjects adequate technical and organisational arrangements for the protection of its freedoms subject to the implementation of the measures (limited storage)
  6. its processing must be carried out in such a way as to ensure, by appropriate technical or organisational measures, adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage to the data (integrity and confidentiality)
  7. the Controller is responsible for compliance with the above and must be able to demonstrate such compliance (Accountability)

5. Data management activity

a) contact (website)

Purpose of data management: Contact, contact

Legal basis for data processing: Article 6 (1) (b) GDPR: necessary for the performance of the contract or for taking steps at the request of the Data Subject prior to the conclusion of the contract

Categories of Data Subjects: Interested

Scope of personal data: Name, position, company name phone number, email address

Data retention period: Until the end of the 2nd year after contact

Data transfer: No data transfer pursuant to Articles 44 to 49 of the GDPR

Recipients: The Data Controller uses the Data Processor (s):

  • Salesforce is operated by SFDC Ireland Ltd. (registered office: Block A, Nova Atria North, Sandyford Business District 18 Dublin, Ireland)
  • administrator: Tpax Kft. (registered office: 1107 Budapest, Zágrábi utca 1. 4. em. 404., company registration number: 01-09-277343)
  • website developer: Cantinart Kft. (registered office: 1136 Budapest, Hollán Ernő u. 19-21. A. ep. V. em. 2.; company registration number: 01-09-963209)

Source of data: The source of the personal data is the interested party

Method of data provision, consequence: It is necessary to provide the data. If you do not provide the personal data, the Data Controller will not be able to contact you

b) contact (by email)

Purpose of data management: Contact by email

Legal basis for data processing: Article 6 (1) (b) GDPR: necessary to take steps at the request of the data subject prior to the performance of the contract or the conclusion of the contract

Categories of Data Subjects: Interested

Scope of personal data: Name, position, company name, telephone number, email address

Data retention period: Until the end of the 2nd year after contact

Data transfer: No data transfer pursuant to Articles 44 to 49 of the GDPR

Recipients: The Data Controller uses the Data Processor (s):

  • mail system provider: Microsoft Magyarország Kft. (registered office: 1031 Budapest, Graphisoft Park 3., company registration number: 01-09-262313)
  • Salesforce is operated by SFDC Ireland Ltd. (registered office: Block A, Nova Atria North, Sandyford Business District 18 Dublin, Ireland)

Source of data: The source of the personal data is the interested party

Method of data provision, consequence: It is necessary to provide the data. If you do not provide the personal data, the Data Controller will not be able to contact you

c) direct marketing request

Purpose of data processing: Direct marketing request

Legal basis for data processing: Art. 6 para. 1 lit. a) GDPR: consent

Categories of Data Subjects: Any natural person

Scope of personal data: Name, phone number, email address

Data retention period: Until the withdrawal of consent or 30 days from the date of unsubscribing

Data transfer: No data transfer pursuant to Articles 44 to 49 of the GDPR

Recipients: The Data Controller uses the Data Processor (s):

  • Salesforce is operated by SFDC Ireland Ltd. (registered office: Block A, Nova Atria North, Sandyford Business District 18 Dublin, Ireland)
  • website developer: Cantinart Kft. (registered office: 1136 Budapest, Hollán Ernő u. 19-21. A. ep. V. em. 2.; company registration number: 01-09-963209)

Source of data: The source of personal data is the subscriber to the newsletter

Method of providing data, consequence: The provision of data is voluntary. If you do not provide personal data, the Data Controller will not be able to send you a newsletter

d) contractual contact

The Data Controller communicates and maintains business relations in the case of its partners contracted with it through the contact person specified in the contract. During this process, the Data Controller processes the personal data of the contact person as follows:

Purpose of data management: To maintain communication and implement cooperation for the purpose of the contract between the Controller and the partner

Legal basis for data processing: Art. 6 (1) (f) GDPR: legitimate interest

Categories of Data Subjects: Partner

Scope of personal data: Name, company name, position, telephone number, email address

Data retention period: Until the end of the 5th year after the performance or termination of the contract

Data transfer: No data transfer pursuant to Articles 44 to 49 of the GDPR

Recipients: The Data Controller uses the Data Processor (s).

The Data Controller records the personal data of the Partner's contacts in a CRM system. Customer Relationship Software Operator:

  • Salesforce is operated by SFDC Ireland Ltd. (registered office: Block A, Nova Atria North, Sandyford Business District 18 Dublin, Ireland)

Source of data: The source of personal data is the contact person of the Partner

Method of data provision, consequence: The provision of data is mandatory. If you do not provide the personal data, the Data Controller will not be able to agree with the Partner

6. Access to data

Personal data may be accessed by the competent employees of the Data Controller to the extent necessary for the performance of their duties.

7. Data security measures

The Data Controller shall take appropriate IT, technical and personal measures to ensure that the personal data it processes are protected, inter alia, against unauthorised access or unauthorised alteration.

8. Website Data Management

The Website uses cookies.

A cookie is a file that is placed on your computer when you visit a website. A cookie is a packet of information that the server sends to the browser and then, at each request, the browser sends this back to the server with the data content specified by the server. The purpose of this is to save the Internet settings of the website you visit, so that if you visit the same website again from the same device, the page will already remember the settings you have set.

The cookie has countless functions. Cookies are most often used to personalize ads, services, analyze website traffic.

According to the current legislation, cookies can only be stored on your device if absolutely necessary, i.e. essential for the functioning of the website, these are called “necessary cookies”. All other types of cookies require your consent. You can view and set the cookies currently used on the website in the pop-up window (pop-up window) when you enter the website.

Modern browsers allow you to change cookie settings. Some browsers automatically accept cookies by default, but this setting can also be changed to prevent automatic acceptance in the future. In the event of a change, the browser will now offer you the option to set cookies each time.

Given that the purpose of cookies is to support and facilitate the usability and processes of the website, disabling cookies cannot guarantee that you will be able to fully use all the functions of the website. In this case, the website may work differently in the browser than intended. More detailed information about the cookie settings of the following browsers:

9. Social Media

The Data Controller is available with a company profile on the following social media sites.

The operator of the social network is considered a joint Data Controller together with the Data Controllers, information on data processing is available at the following links:

Social page: Facebook

Name and registered office of the data controller: Meta Platforms Ireland Ltd. (based at Merrion Road, Dublin 4 D04 X2K5, Ireland)

Availability of data management information: https://www.facebook.com/privacy/explanation


Social page: Instagram

Name and registered office of the data controller: Meta Platforms Ireland Ltd. (based at Merrion Road, Dublin 4 D04 X2K5, Ireland)

Availability of data management information: https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect


Social page: LinkedIn

Name and registered office of the data controller: LinkedIn Ireland Unlimited Company (based at Wilton Plaza Wilton Place, Dublin 2 Ireland)

Availability of data management information: https://www.linkedin.com/legal/privacy-policy

The Data Controller does not record or process personal data about the user of a given social network in its internal database and system.

10. Rights of the Data Subject and their content in relation to data processing

Data subject's right to data processing: Right to information /Art. 13-14 of the GDPR/

Content of the Data Subject's right to data processing:You have the right to receive information about the fact and purposes of data processing at the time of obtaining your personal data. The Controller also provides you with additional information that is necessary to ensure fair and transparent data processing, taking into account the specific circumstances and context of the processing of personal data. You must also be informed of the fact of profiling and its consequences.


Data subject's right to data processing:Right of access /Article 15 of the GDPR/

Content of the Data Subject's right to data processing:You have the right to request information as to whether your personal data is being processed and, if such processing is ongoing, you have the right to know that the Data Controller:

  • what personal data
  • on what legal basis
  • for what purpose of data processing
  • how long does it treat
  • to whom, when, under what law, to which personal data you have granted access or to whom you have transmitted your personal data
  • the source of your personal data (if you have not provided it to the Controller)
  • whether automated decision-making is used, as well as its logic, including profiling.

Data subject's right to data processing:Right to rectification/Article 16 of the GDPR/

Content of the Data Subject's right to data processing:You have the right to request the Controller to correct inaccurate personal data concerning you or to supplement incomplete personal data. So you can ask the Controller to change some of your personal data (for example, you can change your e-mail address or other contact information at any time).


Data subject's right to data processing: Right to erasure (“right to be forgotten”) /Article 17 of the GDPR/

Content of the Data Subject's right to data processing:You have the right to request the Controller to delete your personal data if one of the following reasons applies:

  • your personal data is no longer needed for the purpose for which it was collected or otherwise processed
  • You withdraw your consent on the basis of the processing pursuant to Article 6 (1) (a) or Article 9 (2) (a) and there is no other legal basis for the processing
  • You object to the processing pursuant to Article 21 (1) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 (2)
  • your personal data has been unlawfully processed
  • your personal data must be deleted in order to comply with a legal obligation under Union or Member State law applicable to the Controller
  • your personal data have been collected in connection with the provision of information society services referred to in Article 8 (1).


Data subject's right to data processing:Right to restriction /Article 18 of the GDPR/

Content of the Data Subject's right to data processing:You have the right to request the Controller to restrict processing if one of the following reasons applies:

  • You dispute the accuracy of your personal data (in this case, the limitation applies to the period of time that allows the Controller to verify the accuracy of the personal data)
  • the processing is unlawful and you object to the deletion of the data and instead request the restriction of their use
  • the Controller no longer needs the personal data for the purposes of data processing, but you require it for the establishment, exercise or protection of a legal claim

You have objected to the processing pursuant to Article 21 (1) (in this case, the limitation applies to the period until it is established whether the legitimate reasons of the Controller take precedence over your legitimate reasons).


Data subject's right to data processing: Right to data portability /Article 20 of the GDPR/

Content of the Data Subject's right to data processing:You have the right to receive the personal data concerning you that you have provided to a Data Controller in a structured, widely used, machine-readable format, and you have the right to transmit such data to another Data Controller without hindrance from the Data Controller to whom you have provided the personal data, if:

  • the processing is based on consent pursuant to point (a) of Article 6 (1) or point (a) of Article 9 (2) or on a contract pursuant to point (b) of Article 6 (1), and
  • data processing is carried out in an automated manner.

You have the right, if technically feasible, to request the direct transfer of your personal data between Data Controllers.


Data subject's right to data processing:Right to object /Article 21 of the GDPR/

Content of the Data Subject's right to data processing:You have the right to object at any time to the processing of your personal data based on points (e) or (f) of Article 6 (1), on grounds relating to your own situation, including profiling based on those provisions. In this case, the Controller may no longer process your personal data, unless the Controller proves that the processing is justified by compelling legitimate reasons which override your interests, rights and freedoms or which are related to the establishment, exercise or defence of legal claims.

If your personal data is processed for direct marketing, you have the right to object at any time to the processing of your personal data for this purpose, including profiling, insofar as it is related to direct marketing.


Data subject's right to data processing: Right to withdraw consent /Article 7 (3) of the GDPR/

Content of the Data Subject's right to data processing:You have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of data processing based on consent prior to withdrawal. You must be informed of this before giving your consent. Withdrawal of consent shall be as simple as giving it.


11. Data Subject's redress options and their content in relation to data processing

Remedy option: Right to complain to a supervisory authority /Article 77 of the GDPR/

Content of the remedy: In the event of a violation of your right to the protection of your personal data, you may lodge a complaint with the following Authority:

National Authority for Data Protection and Freedom of Information
registered office: 1055 Budapest, Falk Miksa street 9-11.
mailing address: 1363 Budapest, Pf. 9.
Telephone: +36 (1) 391-1400
e-mail: ugyfelszolgalat@naih.hu
website: www.naih.hu


Remedy option: Right to an effective judicial remedy against the Controller or the Data Processor (initiation of legal proceedings) /Article 79 of the GDPR/

Content of the remedy: You have the right to take legal action against the Controller or the Data Processor if you find that the processing of your personal data is unlawful. The court will act in the case out of line. In this case, you are free to decide whether to file your claim with the court competent for your place of residence or residence. Contact of the Tribunals: www.birosag.hu/torvenysekek


12. Updating of the Privacy Policy

The Data Controller reserves the right to unilaterally amend this Privacy Policy. This notice may be amended in particular if it is necessary due to a change in legislation, data protection authority practices, business needs or other circumstances. At the request of the Data Subject, the Data Controller shall send him a copy of the information in force at all times in the form agreed with him.

Budapest, 6 January 2025

services

Big Data

CRM Solutions

Software Development

Quality Engineering

Cybersecurity

Temporary staffing, recruitment

united consult

About

Events

Success stories

Industries

Blog

Resources

Career

Contact us

legal

Privacy policy

Cookie information

Impressum

Report abuse

Code of Ethics

Get in touch

Subscribe to our newsletter

Only valuable content, no spam. Join our IT community!

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

© 2026 United Consult Zrt.

ISO 27001 tanúsítvány logója, a Nemzetközi Szabványügyi Szervezet szimbóluma egy földgömbbel.