Privacy and Data Management Notice

Introduction

Absolvo Consulting Kft. (hereinafter referred to as the “Data Controller”), as the operator of the website accessible under the domain name www.absolvo.eu (hereinafter referred to as the “Website”), hereby publishes this Privacy and Data Management Notice regarding data management and protection performed within the framework of the Website, services related to the Website, and other services provided by the Data Controller.

Visitors to the Website, those interested in the Data Controller’s services, and users of those services (hereinafter referred to as the “User”) accept all terms and conditions set forth in this Privacy and Data Management Notice (hereinafter referred to as the “Notice”). Users are therefore requested to carefully read this Notice.

Users may provide information and data about themselves in two ways via the Website:

  1. Data explicitly provided, shared, or made available by Users in relation to inquiries about or use of the Data Controller’s services (see Section I).
  2. Data explicitly provided, shared, or made available by Users in relation to job applications to the Data Controller (see Section II).

I. Data Provided Explicitly by Users

1. Details of the Data Controller

  • Data Controller: Absolvo Consulting Kft.
  • Registered Office: H-1124 Budapest, Csörsz u. 45.
  • Representative: Lénárd Horgos, Managing Director
  • Email: info@absolvo.hu
  • Phone: +36 30 638 6689

2. Scope of Processed Data

a) Contact via the Website’s Contact Form

The Website offers a “Contact” form, accessible via the “Contact” menu or the footer of the homepage. Through this form, Users can initiate contact to request information, provide feedback, or inquire about the Website’s services or the Data Controller’s activities (hereinafter referred to as “Contact”).

The following personal and other data must be provided as mandatory fields:

  • Full name
  • Company name
  • Direct email address
  • Message
  • Source of information about Absolvo

The Website’s Contact Form automatically records the date and time of the User's message and the IP address used to send the message to ensure traceability. The Data Controller does not use IP addresses for identification or profiling purposes.

Only individuals aged 18 and older are permitted to provide data on the Website.

b) Contact via Email (info@absolvo.hu)

Users can also contact the Data Controller via its central email address (info@absolvo.hu), which is listed under the “Contact” menu on the Website. The Data Controller records and manages personal and other data from incoming emails to provide requested information, document feedback regarding its services or Website, and respond appropriately. Data that may be processed based on email correspondence includes, but is not limited to:

  • Name
  • Company name
  • Email address
  • Message content
  • Additional data contained in the User's electronic signature or attached documents

c) Contact via Telephone

Users may initiate contact by phone using the numbers listed in the Website’s “Contact” menu. The Data Controller only processes data if interaction continues beyond the initial conversation (e.g., follow-up calls or emails to share further information). Data required from the User in such cases includes:

  • Name
  • Company name
  • Direct email address
  • Direct phone number

d) Newsletter Subscription

Users can subscribe to the Data Controller’s business-focused newsletter through a dedicated form on the Website. The following personal and other data are required (* indicates mandatory fields):

  • Last name*
  • First name*
  • Company name (optional)
  • Direct email address*

The form automatically records the date, time, and IP address of the subscription to ensure traceability. IP addresses are not used for identification or profiling purposes. Only individuals aged 18 and older are permitted to subscribe.

e) Registration for Professional Events

Users, or their authorized representatives, can register for professional events via the Website or other designated platforms. The following data are required for registration (* indicates mandatory fields):

  • Last name*
  • First name*
  • Job title*
  • Company name*
  • Direct email address*
  • Notification phone number*
  • Billing name and address*

If registration is completed through a User’s representative, the representative is responsible for obtaining the necessary consents for data sharing and processing. The Data Controller does not verify the existence of such consents and excludes all liability in this regard.

f) Event Registration with Online Ticket Purchase

For certain paid events, the Data Controller provides Users with online ticket purchasing via a contracted partner or financial institution. The following data are required for registration and ticket purchase (* indicates mandatory fields):

  • Last name*
  • First name*
  • Company name*
  • Tax ID number*
  • Direct email address*
  • Direct phone number*
  • Billing name and address*

The system records the IP address and transaction date, time, and amount to ensure transaction security and traceability. IP addresses are not used for identification or profiling purposes.

g) Downloadable document

Users can access such labelled gated content through a dedicated form on the Website alongside subscribing to the Data Controller’s business-focused newsletter . The following personal and other data are required (* indicates mandatory fields):

  • Last name*
  • First name*
  • Company name (optional)
  • Direct email address*

The form automatically records the date, time, and IP address of the subscription to ensure traceability. IP addresses are not used for identification or profiling purposes. Only individuals aged 18 and older are permitted to subscribe.

5. Authorized Data Recipients and Data Processing

The Data Controller and its Data Processors are authorized to access the data in compliance with applicable laws.

The following Data Processors handle data processing on behalf of the Data Controller for the purposes listed below:

  • Web Hosting Services: Webflow, Inc. (398 11th Street, 2nd Floor, San Francisco, CA 94103)
  • Server Services and System Administration: Puzzle-Trade Kft. (2167 Vácduka, Deák utca 11.)
  • CRM System Owner: HubSpot, Inc. (Two Canal Park, Cambridge, MA 02141 USA)
  • CRM System Maintenance: Absolvo Consulting Kft. (H-1124 Budapest, Csörsz u. 45.)
  • Website Development: Duotone Collective Kft. (H-1066 Budapest, Mozsár u. 9. 4/52.)
  • Newsletter Distribution: HubSpot, Inc. (Two Canal Park, Cambridge, MA 02141 USA)
  • Website Traffic Analysis: Google Analytics – Google LLC; Headquarters: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
  • Event Management and Online Payment Solutions: Ticketninja – Szintézis-Net Kft. (9024 Győr, Vasvári Pál út 1/c)

The Data Controller reserves the right to involve additional Data Processors in the future and will inform Users by amending this Privacy Policy.

The Data Controller will only transfer personal data to third parties with the explicit consent of the User, unless otherwise required by law.

6. User Rights

a) Access to Data

Upon request, the Data Controller provides Users with information about whether their personal data is being processed. If data processing occurs, Users can access the data and receive the following information:

  • Purpose(s) of data processing.
  • Categories of personal data being processed.
  • Legal basis and recipient(s) in case of data transfer.
  • Planned duration of data storage.
  • User rights regarding data correction, deletion, processing restriction, and objection.
  • Possibility of filing a complaint with the supervisory authority.
  • Data source.
  • Relevant information about profiling.
  • Names, addresses, and activities of Data Processors.

The Data Controller provides one free copy of the data processed to the User. For additional copies, a reasonable fee may be charged based on administrative costs. If the request is submitted electronically, the information will be provided in a commonly used electronic format unless otherwise requested.

The Data Controller must fulfill the request without undue delay, no later than 25 days after submission. Requests can be submitted through the contact details in Section 1.

b) Data Correction

Users can request the correction of inaccurate personal data or the supplementation of incomplete data related to them. Corrections will be made without undue delay.

c) Data Deletion ("Right to be Forgotten") and Blocking

Users may request the deletion of their personal data without undue delay, and the Data Controller must comply if:

  • The data is no longer needed for its original purpose.
  • The User withdraws consent, and there is no other legal basis for processing.
  • The User objects to the processing.
  • The data has been processed unlawfully.
  • Deletion is required to comply with a legal obligation under EU or Member State law.
  • The data was collected in connection with offering information society services to children.

If the Data Controller has made the personal data public and is required to delete it, reasonable steps must be taken to inform other controllers processing the data to delete any links, copies, or replicas of the data.

Personal data will not be deleted if processing is necessary for:

  • Exercising the right to freedom of expression and information.
  • Compliance with a legal obligation.
  • Public health reasons.
  • Archiving in the public interest, scientific/historical research, or statistical purposes.
  • Establishing, exercising, or defending legal claims.

d) Restriction of Data Processing

Users may request that the Data Controller restrict processing instead of deleting data if:

  • The User disputes the accuracy of the data.
  • Processing is unlawful, and the User opposes deletion.
  • The Data Controller no longer needs the data, but the User requires it for legal claims.
  • The User objects to processing, pending verification of whether the Data Controller's legitimate grounds override the User's rights.

Restricted data will only be processed with User consent or for legal claims, protecting the rights of others, or significant public interest.

The Data Controller will notify the User before lifting any restriction.

e.) Notification Obligation

The Data Controller must inform all recipients of corrections, deletions, or restrictions unless this is impossible or involves disproportionate effort. Upon request, the User will be informed about these recipients.

f) Right to Object

The User has the right to object to the processing of their personal data in cases where the processing:

  • is necessary for performing a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
  • is necessary for the purposes of the legitimate interests pursued by the Data Controller or a third party;
  • is based on profiling.

If the User objects, the Data Controller must cease processing the personal data unless it demonstrates compelling legitimate grounds for the processing that override the User's interests, rights, and freedoms, or the processing is required for the establishment, exercise, or defense of legal claims.

When personal data is processed for direct marketing purposes, including profiling related to such marketing, the User has the right to object at any time. If the User objects, the personal data can no longer be processed for these purposes.

Measures Taken by the Data Controller in Relation to User Requests

The Data Controller shall inform the User without undue delay, and at the latest within one month of receiving the request, about actions taken regarding their requests for access, rectification, erasure, restriction, objection, or data portability. Considering the complexity and number of requests, this deadline may be extended by an additional two months. The Data Controller shall notify the User of such an extension within one month of receiving the request and explain the reasons for the delay.

If the User submits their request electronically, the response should be provided electronically, unless otherwise requested.

Should the Data Controller decide not to act on the User's request, they must inform the User without delay, and at the latest within one month of receiving the request, of the reasons for the refusal and the possibility of filing a complaint with a supervisory authority or seeking a judicial remedy.

The information, communications, and actions taken in response to the User’s requests shall be provided free of charge. However, if the User’s request is manifestly unfounded or excessive, particularly due to its repetitive nature, the Data Controller may either charge a reasonable fee to cover administrative costs or refuse to act on the request. The burden of proving that a request is manifestly unfounded or excessive lies with the Data Controller.

7. Management and Notification of Data Breaches

A data breach includes any event that results in the unlawful handling or processing of personal data managed, transmitted, stored, or processed by the Data Controller, such as unauthorized or accidental access, alteration, disclosure, deletion, loss, or destruction of personal data.

The Data Controller must notify the National Authority for Data Protection and Freedom of Information (NAIH) of a data breach without undue delay and, at the latest, within 72 hours of becoming aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons. If notification cannot be made within 72 hours, the reasons for the delay must be provided, and the required information may be submitted incrementally without further undue delay.

The notification to the NAIH must include:

  • The nature of the data breach, including the number and categories of affected data and individuals;
  • The name and contact details of the Data Controller;
  • The likely consequences of the data breach;
  • Measures taken or planned to address and mitigate the breach.

The Data Controller shall notify the affected individuals of the breach within 72 hours through the Data Controller’s website. The notification must include at least the information specified above.

The Data Controller maintains a register of data breaches for monitoring the implementation of measures and informing affected individuals. This register includes:

  • The scope of personal data affected;
  • The number and categories of affected individuals;
  • The date of the data breach;
  • The circumstances and impact of the breach;
  • Measures taken to address the breach.

Data in the register shall be retained for five years from the date of the breach.

8. Data Security

The Data Controller undertakes to ensure the security of data, implement technical and organizational measures, and establish procedural rules that guarantee the protection of collected, stored, and processed data, as well as prevent their destruction, unauthorized use, or unauthorized modification. The Data Controller also commits to requiring any third parties to whom data are transmitted or provided based on the Users’ consent to comply with data security requirements.

The Data Controller ensures that unauthorized individuals cannot access, disclose, transmit, modify, or delete the managed data. Only the Data Controller, its employees, or the Data Processor engaged by the Data Controller may access the data. The Data Controller does not transfer data to any third party not authorized to access it.

The Data Controller takes all possible measures to prevent the accidental damage or destruction of the data. This obligation is also required of all employees involved in data management activities.

The User acknowledges and accepts that providing personal data on the Website or other online platforms – despite the Data Controller employing modern security tools to prevent unauthorized access or breaches – cannot guarantee complete security on the Internet. The Data Controller is not responsible for unauthorized access or data breaches beyond its control or for any damages arising from such incidents. Furthermore, the User may provide personal data to third parties, who may use them unlawfully.

The Data Controller does not collect special categories of personal data under any circumstances, such as data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health status, sexual orientation, or criminal convictions.

9. Legal Remedies

The Data Controller strives to handle personal data in compliance with legal regulations. However, if a User feels this has not been achieved, they can contact the Data Controller via email at info@absolvo.hu or by post at Absolvo Consulting Kft., 1124 Budapest, Csörsz u. 45.

If a User believes their rights to personal data protection have been violated, they may seek legal remedies with the appropriate authorities under the applicable laws:

  • National Authority for Data Protection and Freedom of Information (Address: 1055 Budapest, Falk Miksa utca 9-11.; ugyfelszolglat@naih.hu; www.naih.hu)
  • Courts.

Complaints regarding electronic advertisements are handled by the National Media and Infocommunications Authority. Detailed regulations are available in Act CXII of 2011 on informational self-determination and freedom of information, and Act CVIII of 2001 on certain issues of electronic commerce and information society services.

II. Data explicitly provided, shared, or made available by Users in relation to job applications to the Data Controller

Data Controller is committed to protecting the privacy of your personal data. In accordance with the provisions of the GDPR and other applicable legislation, this statement explains how Data Controller processes the personal data (i.e. information about you as an individual) that you submit when you apply for a position with us and we assess your application, and that we process.

1. Collecting your personal data

It would be impossible to complete the recruitment process without processing certain personal data about you. In order to process your application for employment with Data Controller, you will be asked to provide information about you (including your name, email address, telephone number, your academic and professional qualifications and experience, etc.). You need to provide these directly to Data Controller or import information about yourself into Data Controller systems. In connection with your application, you may choose to provide other information about yourself, such as a photograph or additional biographical information. We will use and process all personal data provided in the course of the application process in the manner described in this Privacy Notice. To the extent the terms of use of other websites require consent to import their data, you agree you will obtain such consent prior to importing any information into Data Controller’s systems. Data Controller accepts no liability for the lawfulness of any data import.

By submitting your personal data to us, you acknowledge that:

  • You have read and understood this Privacy Notice and agree to the use of your personal data as set out herein.
  • Your personal data may be transferred and processed to third parties, for the purposes and in the manner specified in this Privacy Notice.
  • You are not required to provide any requested information to us, but your failure to do so may result in our not being able to continue your candidacy for the job for which you have applied.
  • All of your representations are true and correct to the best of your knowledge and belief, and you have not knowingly omitted any related information of an adverse nature. Providing any inaccurate information may make you ineligible for employment.
  • This Privacy Notice does not form part of any contract of employment offered to candidates hired by Data Controller

Data Controller may obtain information about your professional background by contacting the organisations or individuals you have referenced, the organisation or individual referring you, or other third parties, as part of processing your personal data for the purposes set out in this Privacy Notice. To the extent permitted by applicable legislation, Data Controller may also collect information about you from publicly available sources (e.g. online databases), in accordance with the principles of purpose limitation and data minimization. In no event will we collect or store information about you that is irrelevant to the assessment of your application.

2. Purpose and legal basis of processing

Data Controller may use your personal information for any or all of the following purposes:

  • assessing your application(s) for employment, evaluating you for open positions;
  • evaluating your suitability for employment (including for example providing your personal information to third parties to conduct background checks);
  • liaising in connection with your application;
  • if your application is unsuccessful, notifying you if a position relevant to you subsequently opens at Data Controller (provided that you explicitly consent to receiving such notifications, see below).

The legal basis for processing the personal data you provide in the course of submitting your application is Data Controller's legitimate interest in being able to decide on assessing your application and to select the most suitable candidate for the position.

If no employment relationship is established between Data Controller and you as a result of the recruitment process, Data Controller will, subject to your explicit consent, continue to process your personal data after the recruitment process has been completed so that we can notify you of other positions that may be relevant to you.

3. When and how we share personal data

We will only share your personal data with third parties if we are legally permitted to do so. To help provide, run and manage our internal IT systems we use services provided by third parties, who typically act as our data processors. Such services include, for example: information technology services, including the services of cloud-based software as a service providers, identity management, website hosting and management, data analysis, data backup, security, and storage services. The third-party providers may use their own subcontractors that have access to personal data (sub-processors). It is our policy to use only third party providers that provide adequate safeguards for the protection of personal data and process personal data transferred to them confidently to their sub-processors.

In addition to the above, Data Controller may, to the extent required by applicable law, also disclose your personal data to law enforcement, regulatory and other government agencies, and to professional bodies and other third parties, as required by and/or in accordance with applicable law or regulation.

4. Data security

We use generally accepted standards of technical and operational security to secure your personal data. Only authorized personnel and/or third-party service providers are permitted to access personal data, and these employees and third-party service providers are required to treat this information as confidential. Despite these precautions, we cannot guarantee that unauthorized persons will not obtain access to your personal data.

5. Data retention

We will retain your personal data for as long as is considered strictly necessary for the purpose(s) for which it was collected. Data retention periods were determined, on the one hand, with regard to the relevant mandatory retention periods required by law and, on the other hand, the statute of limitations applicable to pursuing legal claims, if any.

If, as a result of the assessment of your application, no employment relationship is established between Data Controller and you, Data Controller will process the data you provide for up to two years calculated from the date of assessment of your application, unless you have not requested the termination of processing your personal data.

6. Your rights

We take reasonable steps that are designed to keep your personal data accurate, complete, and up-to-date for the purposes for which it is collected and used. We also have implemented measures that are designed to help ensure that our processing of your personal data complies with this Privacy Notice and applicable law.

Subject to applicable law, including exceptions, you have the following rights with regard to the personal data that we collect about you:

  • right to request information about the personal data that we hold about you, including information about how we use your personal data and a copy of your personal data in a machine-readable format
  • right to request a copy of the personal data that we hold about you;
  • right to request that we amend your personal data if it is not correct or otherwise not complete, timely, and accurate for the purposes for which we are using it;
  • right to request deletion of your personal data;
  • right to request that we cease processing or restrict or limit the processing of your personal data;
  • right to withdraw your consent to our processing of your personal data where the basis of our processing is your consent. This right may not apply if there are other legal justifications to continue processing or we need to retain certain personal data where required or permitted under applicable law

7. Contacts and judicial remedy

If you have a question or comment or wish to make a complaint about our use of personal data, please send an email with the details of your complaint to info@absolvo.eu. We will individually look into and respond within 45 days to any complaints we receive.

Please note that applicable laws include exceptions to assertions of data protection rights that may prevent us from providing access to your personal data or otherwise fully complying with your request. If we believe exceptions apply, we will respond to your request to the extent we are able to do so, and we will provide an explanation of the basis for not complying wholly or partially with your request.

III. Links

The Data Controller is not responsible for the content, data protection, or information practices of external websites accessible via hyperlinks from the Website.

IV. Other Provisions

This Privacy Notice is governed by Hungarian law, particularly the provisions of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information, as well as Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC.

Created as of February 2025
Budapest

By

Absolvo Consulting Kft.
“Data Controller”