The purpose of this Privacy Policy of EN-CO Software Zrt. (hereinafter: Data Controller) is to inform Data Subjects clearly and in detail about all facts related to the processing of their personal data, and about their rights and legal remedies related to data processing, before data processing begins.
EN-CO Software Zrt. is committed to protecting the personal data of its clients and partners, and considers it extremely important to respect the right of informational self-determination of its clients. EN-CO Software Zrt. handles personal data confidentially and, taking into account the available technology and the cost of implementation, takes all reasonable security, technical, and organizational measures that guarantee the security of the data and are proportionate to the risks.
EN-CO Software Zrt. acknowledges the content of this legal notice as binding. It undertakes that all data processing related to its activities complies with the requirements set forth in this policy and in the effective national legislation, as well as in the legal acts of the European Union.
EN-CO Software Zrt. reserves the right to change this policy. Naturally, it will inform the Data Subjects of any changes in due time.
EN-CO Software Zrt. describes its data processing practices below.
Introduction of the Data Controller
Data Controller name: EN-CO Software Zrt.
Data Controller company registration number: 01-10-140987
Data Controller registered office: 1118 Budapest, Schweidel u. 5.
Data Controller electronic address: info@encosoft.hu
Data Controller representative: Márk Kaszó, board member
Data protection officer: Kinga Dékány
| Term | Meaning |
|---|---|
| Data Processing | Any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. |
| Data Controller | The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the Data Controller or the specific criteria for its nomination may be provided for by Union or Member State law. |
| Data Processor | A natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller. |
| Data Subject | The person who provides personal data on the EN-CO website. |
| Third Party | A natural or legal person, public authority, agency or body other than the Data Subject, Data Controller, data processor and persons who, under the direct authority of the Data Controller or data processor, are authorised to process personal data. |
| Personal Data | Any information relating to an identified or identifiable natural person, i.e., the Data Subject; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. |
| Data Breach | A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. |
EN-CO Software Zrt. processes the Data Subject's data in order to respond to their inquiries. Access to their data is limited to colleagues of EN-CO Software Zrt. dealing with client relationship management and those colleagues who provide a professional answer to their question.
If the Data Subject comes into contact with our company as an employee or contact person of one of our current or future partners, we process their personal data (name, job title (position), signature, company phone number, email address, postal address) based on Article 6 (1) (f) of the GDPR, so that the two organizations can maintain contact during business operations. The purpose of data processing is to ensure communication between the two organizations. The data will be processed for no longer than the duration of the contact person status, but if it has been included in a contract or other document that must be retained by law, it will be retained for the mandatory retention period prescribed by law for that document (8 years for contracts and other accounting documents).
In the case of individual entrepreneurs and private individual partners (subcontractors, agents, buyers, etc.), we process the name, subject of the contract, consideration, and bank account number in case of bank payment, based on the fulfillment of the contract as a legal obligation. The address (registered office) and tax number for fulfilling legal obligations relate to compliance with tax and accounting regulations, while contact details (phone number, email address) are necessary for communication with partners. The purpose of data processing is the fulfillment of contracts concluded with private individuals, the proper accounting of invoices, the fulfillment of tax obligations, and communication. Data processing takes place for the mandatory retention period prescribed by law for contracts and invoices as accounting documents (8 years), and in the case of contact details, for the duration of the business relationship.
If the Data Subject applies for a job advertisement published by us, or voluntarily sends us a CV or job application, we will process the personal data provided in the CV and application, as well as a copy of the CV, and if provided, the data from diplomas, certificates proving qualifications, and copies thereof. The purpose of processing CV data and related documents is to screen applicants and make a decision on establishing an employment relationship, while the purpose of processing provided contact details is to maintain contact with the applicant. The legal basis for data processing is the Data Subject's consent (GDPR Article 6 (1) (a)).
Please note that consent can be withdrawn at any time. Consent can be withdrawn by sending an email to dpo@encosoft.hu. The withdrawal of consent does not affect the lawfulness of data processing prior to withdrawal. If consent is withdrawn before the given application is processed, we will not be able to consider the application further. In case of a successful application, we will process the CV and related documents until the decision on establishing employment is communicated to the Data Subject. Upon entry, information will be provided on the processing of personal data during employment. In case of an unsuccessful application, in the absence of a specific, written request for withdrawal or deletion, we will process it for a maximum of 5 years and then delete it without separate notification.
During the recruitment process, a professional test and a personal interview may take place, during which we process the Data Subject's name, the test results, and the opinion formed during the interview as personal data. The purpose of data processing is to assess job suitability and personal security risks related to employment based on the test and personal impression. The legal basis for this is the Data Controller's legitimate interest in applying appropriate selection methods (GDPR Article 6 (1) (f)). Data processing takes place until the decision on establishing employment is communicated.
In order to handle inquiries, we need the following data:
In order to provide tailored service, the web application places a small data package, called a cookie, on the user's computer and reads it back during subsequent visits. If the browser sends back a previously saved cookie, the service provider handling the cookie can link the user's current visit to previous ones, but only in relation to its own content. Cookies collect information about visitors and their devices; remember visitors' individual settings, so they don't have to be re-typed; facilitate website use; provide a quality user experience. Detailed cookie information is available at the following link: www.encosoftware.hu/cookiepolicy
Before sending messages, we perform a reCAPTCHA verification, for which we use Google's reCAPTCHA service. This function operates through Google's servers. The reCAPTCHA function is processed by Google; we do not process personal data based on this and do not receive information about users or their behavior. reCAPTCHA verification is necessary to prevent robots designed for this purpose from filling out the form and sending mass spam messages to us through it. During the verification process, we do not gain access to personal data; the verification is performed automatically by Google's servers. The reCAPTCHA verification does not add anything to the content of the message.
You can find information about the relevant reCAPTCHA data processing policies here:
https://www.google.com/recaptcha/about/
The data and information provided in messages sent via the form are used only to answer the sender's questions and are not stored in a database. Messages sent in this way do not authorize us to send newsletters, offers, or notifications about download options, so we do not send such messages to the contact email address contained in the letter.
EN-CO Software Zrt. selects and operates the IT tools used during the provision of the service for personal data processing in such a way that the processed data:
EN-CO Software Zrt. protects data with appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction.
EN-CO Software Zrt. ensures the protection of data processing security with technical, organizational, and institutional measures that provide a level of protection appropriate to the risks associated with data processing.
EN-CO Software Zrt. maintains confidentiality during data processing: it protects information so that only authorized persons can access it; integrity: it protects the accuracy and completeness of the information and the processing method; availability: it ensures that when an authorized user needs it, they can indeed access the desired information, and the related tools are available.
EN-CO Software Zrt. processes all emails received with associated personal data for a maximum of 5 years in the absence of a specific, written request for deletion, and then deletes them without separate notification.
The Data Subject may request information about the processing of their personal data, and may request the rectification or - with the exception of mandatory data processing - deletion or withdrawal of their personal data, and may exercise their right to data portability and objection in the manner indicated at the time of data collection, or at the above contact details of the Data Controller.
EN-CO Software Zrt. takes appropriate measures to provide Data Subjects with all information concerning the processing of personal data referred to in Articles 13 and 14 of the GDPR and all communications under Articles 15 to 22 and 34 in a concise, transparent, intelligible, and easily accessible form, using clear and plain language.
The Data Subject shall have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; the envisaged period for which the personal data will be stored; the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data concerning the Data Subject or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the Data Subject, any available information as to their source; the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject. The Data Controller shall provide the information within one month of receipt of the request.
The Data Subject may request the rectification of inaccurate personal data concerning them processed by EN-CO Software Zrt. and the completion of incomplete data.
The Data Subject shall have the right to obtain from EN-CO Software Zrt. the erasure of personal data concerning him or her without undue delay where one of the following grounds applies:
Instead of deletion, the Data Controller will block the personal data if the Data Subject requests it, or if, based on the information available, it can be presumed that deletion would harm the Data Subject's legitimate interests. Personal data blocked in this way can only be processed for as long as the data processing purpose that prevented the deletion of the personal data exists.
The Data Subject shall have the right to obtain from EN-CO Software Zrt. restriction of processing where one of the following applies:
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the Data Subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
The Data Subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Data Controller.
The Data Subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on public interest or the exercise of official authority vested in the Data Controller, or processing necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, including profiling based on those provisions. In such a case, the Data Controller shall no longer process the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims.
The Data Controller declares that it does not perform profiling or automated decision-making concerning the Data Subject based on the data it processes.
The Data Subject shall have the right to withdraw his or her consent at any time, however, this does not affect and has no impact on the lawfulness of processing based on consent before its withdrawal.
In case of infringement of their rights, the Data Subject may turn to a court against the Data Controller. The court competent to hear the case is the regional court. The lawsuit may be initiated - at the Data Subject's choice - before the regional court of the Data Subject's place of residence or domicile.
The Data Subject may exercise their rights of enforcement based on the currently effective legislation, the effective Civil Code.
Please send any written inquiries regarding data processing to one of the following contact details:
Furthermore, any complaint regarding personal data can be directly lodged with the National Authority for Data Protection and Freedom of Information:
We inform our partners that courts, prosecutors, investigative authorities, misdemeanor authorities, administrative authorities, the National Authority for Data Protection and Freedom of Information, the Hungarian National Bank, and other bodies authorized by law may contact the Data Controller for information, data disclosure, transfer, or provision of documents.
EN-CO Software Zrt. will only disclose personal data to authorities - if the authority has specified the exact purpose and scope of the data - to the extent strictly necessary to achieve the purpose of the inquiry, or as required by law.
The Data Controller reserves the right to modify this privacy policy at any time by unilateral decision. The effective date of the data processing policy is the date of its issuance.
Date: 21.03.2022
Document version: 20220321.1