Privacy Policy

PRIVACY NOTICE

  1. GENERAL PROVISIONS
    MC Mentes Könyvelő és Tanácsadó Betéti Társaság (registered seat: 1064 Budapest, Podmaniczky utca 57. II. 14.; cg.: 01-06-798481, tax number: 32732234-1-42) as
    data controller („Data Controller”) processes personal data in connection with the Services set out in the GTC, in
    Duration of processing: the Data Controller shall store the personal data until the purpose of the processing has been fulfilled or, if a longer retention period is required by law, for the prescribed period.
    Data transfer: the Data Controller may transfer the personal data to the competent tax authority to the extent necessary for the performance of the Contract.
    accordance with the Regulation 2016/679 of the European Parliament and of the Council (“GDPR”) and the Act CXII of 2011 on the Right to Information Self-Determination and
    2.2
    Personal data processed for the purpose of f ulfilling the client due diligence obligation

    Freedom of Information. The Data Controller provides detailed information on the processing of Client’s personal data by means of this privacy notice (“Notice”).

    The Data Controller shall take all technical and organizational measures and establish the procedural rules necessary to ensure the security of the processed personal data. Access to the personal data processed by the Data Controller shall be limited to the employees of the Controller who are bound by confidentiality obligations and whose access is indispensable for the purposes of the processing.

    The Data Controller may entrust data processors to carry out certain processing operations, the list of the processors is set out in section 3 of this Notice.

     

  2. INFORMATION ON EACH PROCESSING ACTIVITY
    Purpose of processing: To fulfill the client due diligence obligation under Act LIII of 2017 (“Pmt”).
    Legal basis for processing: The processing is necessary for the fulfillment of a legal obligation to which the Data Controller is subject (Article 6 (1-c) of the GDPR).
    The scope of processing: The Data Controller is obliged to identify the Customer and to carry out identity verification in the cases specified in points a) and e-h) of Article 6 (1) of the Pmt., in particular when establishing a business relationship. The Data Controller shall record the data specified in Article 7 (2) of the Pmt. with regard to the identified Client, or in the case of simplified customer due diligence, the data specified in Article 15 (1) aa) of the Pmt. The Data Controller shall require the presentation of the documents specified in Article 7 (3-a) of the Pmt. in order to verify the identity of the Client. The Data Controller shall make a copy of the documents presented, except for the page of the address card that certifies the personal
    2.1
    D ata processing in connection with the conclusion a nd performance of the Contract under the GTC

    identification number. The data processing shall also cover the Client’s declaration pursuant to Article 9/A (1) of the Pmt.
    Purpose of processing: conclusion and performance of the Contract under the GTC, provision of the Services.
    Legal basis for processing: the data processing is necessary for the performance of a contract to which the data subject is a party or for taking steps at the request of the data subject prior to entering into a contract (Article 6 (1-b) of the GDPR).
    The scope of processing: the Client’s name, address, tax number, contact details as set out in the Contract, as well as any other data relating to the Client necessary for the provision of the Services (e.g.: invoices issued by the
    Duration of the processing: The Data Controller shall keep the data processed for 8 years after the termination of the business relationship.
    Data transfer: In the event of data, facts or circumstances indicating the financing of terrorism, money laundering or the origin of an object from a criminal offence, the Data Controller is obliged to submit a report to the Anti-Money Laundering and Counter-Terrorist Financing Office of the National Tax Authority pursuant to Articles 30-31 of the Pmt.
    Client, other data and documents generated by the Data Controller or transmitted to the Data Controller for the
    2.3
    D ata processing related to invoicing obligation

    performance of the Contract). Based on the Customer’s explicit consent, the Data Controller shall also use the Client’s personal data which are transferred by WOLT to the Service Provider (which are necessary for the provision of the Service, and the accuracy of which shall be guaranteed by the Customer.)

    Purpose of processing: To fulfill the obligations set out in Act V of 2000 (“Accounting Act”), to ensure the proper issue and preservation of accounting documents.
    Legal basis for processing: The processing is necessary for the fulfillment of a legal obligation pursuant to Articles 165 (1) and 169 (2) of the Accounting Act (in accordance with Article 6 (1-c) of the GDPR).
    The scope of processing: name, address, tax No., full content of the invoice/accounting document.
    Duration of the processing: The Data Controller is obliged to keep the accounting records for 8 years.
     

  3. DATA PROCESSORS
    The following data processors process personal data on behalf of the Data Controller:
    Data processor:Scope of activity:

    Rendszerszakik Bt.

    (székhely: 1048

    Budapest, Bőröndös utca 8. Ü5

    		  IT expert

    SBA Group Zrt.

    (székhely: 1108

    Budapest, Bányató utca 13.)

    		 IT expert
  4. THE RIGHTS OF THE DATA SUBJECTS
    Requests and declarations pursuant to this Section 4 may be sent to the Data Controller to the e-mail address ddiana@master-cons.hu or by post to its headquarters – 1064 Budapest, Podmaniczky utca 57. II. 14..
    The Data Controller shall fulfill the requests free of charge, however, if the request is clearly unfounded or excessive, the Data Controller may charge a reasonable fee or refuse to comply with the request.

    The Data Controller shall inform the data subject (the Client) of the action taken on the request without undue delay and at the latest within 1 month from the receipt of the request – this period may be extended by a further 2 months if necessary. The Data Controller shall inform the data subject about the extension of the time limit, stating the reasons for the delay, within 1 month from the receipt of the request.

    1. Right to information and access: the data subject has the right to obtain from the Data Controller information as to whether or not his personal data are being processed. If such processing is ongoing, he has the right to obtain access to the personal data and the following information:
    1. Right to erasure: The data subject shall have the right to obtain the erasure of personal data relating to him by the Controller if:
      • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
      • the data subject withdraws his consent and there is no other legal basis for the processing;
      • the data subject objects to the processing and there are no prevailing legal basis for the processing;
      • the personal data have been processed unlawfully;
      • the data must be deleted in order to comply with a legal obligation under EU/member state law applicable to the Data Controller

      The right of erasure does not apply in cases where the Data Controller is required by law to store the data further, nor in cases where the Data Controller is entitled to further processing of the data pursuant to Article 6 (1-c) of the GDPR.

       

    2. Right to blocking (restriction of processing): the data subject has the right to request that the processing of his or her personal data be restricted by the Data Controller if.
      • contests the accuracy of the personal data;
      • the data processing is unlawful and the data subject opposes the erasure of the data and requests instead the restriction of their use;
      • the Data Controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or
      • the data subject has objected to the processing.

       

    3. Right to data portability: the data subject shall have the right to receive the personal data concerning him that he has provided to the Data Controller in a structured, commonly used, machine-readable format and the right to have such data transmitted to another controller without hindrance by the Data Controller in connection with automated processing operations.
       
    4. Right to object: the data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data
  • the purposes of the processing, the categories of personal data concerned, the recipients of the data, the duration of the processing, the exercise of the data subject’s rights and remedies, the source of the data, the fact of profiling.

4.2 Right to rectification: the data subject has the right to request that the Data Controller amend or supplement the personal data recorded.
necessary for the performance of a task carried out in the

public interest or in the exercise of official authority vested in the controller, or necessary for the purposes of the legitimate interests pursued by the controller or a third party, including profiling based on the aforementioned provisions.

    1. Automated decision-making on individual matters, including profiling: the data subject has the right not to be subject to a decision based solely on automated processing,
      including profiling, which produces legal effects concerning him or similarly significantly affects him.

      The above entitlement does not apply if the decision:

      • is necessary for the conclusion or performance of a contract between the data subject and the controller;
      • is permitted by EU/member state law applicable to the controller which also lays down appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; or
      • is based on the explicit consent of the data subject.

       

    2. Right to remedy: If the data subject considers that the Data Controller has violated the applicable data protection regulations, he may contact the Data Controller using the contact details provided in this Notice, and may also submit a complaint to the National Authority for Data Protection and Freedom of Information (address: 1055 Budapest, Falk Miksa u. 9-11, postal address: 1363 Budapest, Pf. 9.; e-mail address: ugyfelszolgalat@naih.hu). The data subject also has the right to file a lawsuit, in which case the data subject may choose to bring the matter before the courts of the place of his residence, domicile or the registered seat of the Data Controller.

Budapest, 30 January 2025.

Request for quotation for consulting

Please fill out the form, submit it and I will contact you within 1 business day at one of the contact details you provided.