Privacy Statement

Purpose of Privacy Statement

Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Regulation 95/46 / EC (hereinafter "GDPR" or "Regulation") the compliance processes of EN-CO Software Zrt. and the rules for the processing of personal data in these processes

Personal Data

Under the Regulation, "any information relating to an identified or identifiable natural person" shall be considered as personal data. An individual may be identified, directly or indirectly, in particular by reference to one or more factors, such as name, location, online identification or physical, physiological, genetic, intellectual, economic, cultural or social identity of the natural person

GDPR compliance:

We guarantee the confidentiality, integrity and availability of the processed data and that only protected persons / systems have access to the protected data, whether in digital or paper-based data processing.

Your data protection rights:

  • a) Access rights

    The controller shall provide the data subject with a copy of the personal data subject to the processing free of charge.

  • b) Right to rectification;

    The data subject shall have the right to obtain from the controller the rectification of inaccurate personal data relating to him or her without undue delay.

  • c) Deletition and cancellation of data;

    The data subject shall have the right to delete the personal data concerning him or her without undue delay upon request, if:

    1. personal data are no longer needed for the purpose for which they were collected,
    2. the data subject withdraws his consent as the basis for the processing and there is no other legal basis for the processing,
    3. the data subject objects to the processing of his or her data and there is no overriding legitimate reason,
    4. personal data have been unlawfully processed.

    A request for cancellation should only concern data whose consent is based on the legal basis of the data subject (eg. account data) or data processed on the basis of a weighing of interests.

    The data subject may not exercise his or her right to delete or forget only if the data controller continues to process the data for the reasons described in the Regulation. For example, if further storage of data is required for the filing, validation, or defense of legal claims, the deletion request may be denied.

  • d) Restricting processing;

    The data subject shall have the right to limit the processing of data upon request, if:

    • the person concerned contests the accuracy of the personal data,
    • the data processing is unlawful and the data subject opposes the deletion of the data,
    • the controller no longer needs the personal data, but the data subject requires them for legal purposes.
  • e) The right to data portability;

    In the context of the right to data portability, the data subject may retrieve and pass on data previously transferred to the controller. The purpose of the authorization is to allow the transfer of personal data between different service providers without hindrance.

    It is clear from the law that the right to data portability can only be exercised if the personal data requested are processed by automated means, the data subject has given his or her prior consent to the processing or has been transferred in connection with the performance of a contract to which the contractor is a party.

Legal basis:

The processing of personal data is only lawful if and to the extent that at least one of the following is true:

  • a) the data subject has given his consent to the processing of his personal data for one or more specific purposes;
  • b) processing is necessary for the performance of a contract to which the data subject is party or in order to take action at the request of the data subject prior to the conclusion of the contract;
  • c) processing is necessary for compliance with a legal obligation to which the controller is subject;
  • d) processing is necessary for the protection of the vital interests of the data subject or another natural person;
  • e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • f) processing is necessary for the protection of the legitimate interests of the controller or of a third party, unless those interests override the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular if the data subject is a child.

Client/Partner information:

Natural persons shall have the right to be informed in a concise, transparent and easily accessible manner, in a clear and comprehensible manner, of the processing of their personal data, in particular:

  • the identity and contact details of the controller,
  • the contact details of the DPO,
  • the purpose for which the personal data are to be processed and the legal basis for the processing,
  • in the case of processing on grounds of "legitimate interest", the reasons for it,
  • the recipients of the personal data,
  • adequate safeguards for transfers outside the EU,
  • the intended duration of the data processing,
  • the right of the data subject to request from the controller access to, rectification, erasure or restriction of the processing of personal data concerning him or her, and his or her right to data protection,
  • the right to lodge a complaint to the supervisory authority,
  • whether the provision of the data is a prerequisite for the conclusion of the contract and the possible consequences of failure to provide the information
  • possible automated decision making, including profiling.

Cookie policy:

The website contains various cookies:

  • For cookies necessary for the operation of the website and provided by the first-party (the website's own engine), the user's consent is not required.
  • First-party tracking cookies require user consent.
  • Third-party cookies (cookies provided by others, such as Google Analytics) require user consent.

This website uses only first-party session cookies which does not require user's consent. These cookies are necessary for the operation of the website and do not collect either personal data or data can be used for marketing purpose.

Personal data handling is related to your inquire:

In order to be able to contact you and reply for your inquire we handle your personal data like name, e-mail address, phone number or any other data were given by you in your message. This data handling belongs to legal right of the company. In this case your data are handled in unlimited time or based on your request your data are deleted (unless these data must be kept because of legal obligation).

Data breach reporting:

A privacy incident is a security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access of your personal data. The privacy incident shall be reported to the data protection authority without undue delay and, if possible, no later than 72 hours after it is brought to the attention of the data protection authority, unless the privacy incident is likely to endanger the rights and freedoms of individuals.

Data Privacy Officer:

Our Data Privacy Officer is Annamária Győrfi


Data Protection Authority:

National Authority for Data Protection and Freedom of Information
Address: HU- 1125 Budapest, Szilágyi Erzsébet fasor 22c.
Phone: (06 1) 391 1400