Privacy and Cookie Policy

InnovaTeQ Solutions Ltd.
For visitors to the Data Controller’s website

Data Controller Information:

Name of Data Controller: InnovaTeQ Solutions Ltd.

Registered Office of Data Controller: 1162 Budapest, Asztag Street 9, 1st floor, door 7

Email Address of Data Controller: [email protected]

Phone Number of Data Controller: +36-70-373-69-42

Data Protection Officer: VFK Data Pro. Ltd.

Contact Information of Data Protection Officer: [email protected]

Introduction: The processing of personal data of visitors to the website is essential for the operation of the Data Controller. The subjects of such data processing activities are primarily visitors to the Data Controller’s website, clients of the Data Controller, their representatives and contacts, and in some cases, business partners of the Data Controller, their representatives and contacts. The purpose of this Data Protection Policy is to provide you, as the subject of the data processing operation, with information regarding the processing of your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (the “GDPR”) and Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (the “Infotv.”). The Data Controller treats the personal data of visitors to its website confidentially, in accordance with the applicable legal requirements, ensures their security, takes the necessary technical and organizational measures, and establishes the procedural rules necessary to enforce the relevant legal provisions and other recommendations. The current Data Protection Policy is always available here, published publicly on the website.

Main Laws Underlying Data Processing:

• Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter referred to as Info. Act),
• Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the Regulation or GDPR),
• Act V of 2013 on the Civil Code (hereinafter referred to as the Civil Code).

The Data Controller processes personal data in accordance with all applicable laws, but primarily in accordance with the provisions of the above laws.

General Data Protection Principles and Data Quality:

• Personal data may only be processed for a specific purpose, to exercise a right, or to fulfill an obligation. Data processing must comply with the purpose of data processing at all stages.
• Only personal data that is essential for achieving the purpose of data processing and suitable for achieving the purpose may be processed. Data processing may only take place to the extent and for the duration necessary to achieve the purpose.
• Personal data may only be processed in cases specified in Article 6 of the GDPR. Personal data retains its quality as personal data during processing as long as its connection with the data subject can be restored. The connection with the data subject can be restored if the data controller has the technical conditions necessary for restoration.
• In addition to the purpose of data processing, clear information must be provided about who will process and handle the data.
• Data storage must be implemented in a secure manner, proportionate to the purpose of data processing, and for the duration necessary to achieve the purpose of data processing.
• The data controller and the data processor are obliged to ensure the security of the data and to take the necessary technical and organizational measures and establish the procedural rules necessary to enforce the relevant legal provisions.

Requirements for Personal Data Processing:

a) Data must be obtained and processed fairly and lawfully. b) Data must be stored for specified and lawful purposes and not used in a manner incompatible with those purposes. c) Data must be proportionate to the purpose of storage and must meet that purpose, not exceeding it. d) Data must be accurate and, where necessary, kept up to date. e) The storage method of data must be such that it allows the identification of the data subject only for the duration necessary for the purpose of storage.

Rights of Data Subjects Regarding Data Processing:

Right to Preliminary Information (Article 13 of the GDPR):

The data subject has the right to be informed about the facts related to data processing before the start of data processing – this policy serves to ensure this right.

Right of Access (Article 15 of the GDPR):

The data subject has the right to request information from the Data Controller through the contact details provided above regarding whether their personal data is being processed, and if such data processing is in progress, they have the right to know:

• what personal data the Data Controller processes;
• on what legal basis;
• for what purpose;
• from what source;
• for how long;
• to whom, when, on what legal basis, and which personal data the Data Controller has provided access to or transferred;
• whether the Data Controller uses automated decision-making, including profiling, and its logic.

The Data Controller will fulfill the data subject’s request to exercise their rights within one month of receiving the request. The day of receipt of the request is not included in the deadline.

If necessary, considering the complexity of the request and the number of requests, the Data Controller may extend this deadline by an additional two months. The Data Controller will inform the data subject of the reasons for the delay within one month of receiving the request.

The Data Controller will provide a copy of the personal data subject to processing to the data subject free of charge upon their first request, and may charge a reasonable fee based on administrative costs for any additional copies.

To ensure the fulfillment of data security requirements and the protection of the data subject’s rights, the Data Controller is obliged to verify the identity of the data subject and the person wishing to exercise the right of access. Therefore, providing information, allowing access to data, or issuing copies is subject to the identification of the data subject.

Right to Rectification (Article 16 of the GDPR):

The data subject may request the Data Controller to modify any of their personal data through the contact details provided above. If the data subject can credibly prove the accuracy of the corrected data, the Data Controller will fulfill the request within one month and notify the data subject at the contact details provided.

Right to Erasure (“Right to be Forgotten”) (Article 17 of the GDPR):

The data subject may request the deletion of their data in connection with the data processing activities described in this policy, provided there is no legal obstacle to this. In such cases, the Data Controller will comply with the request without delay, otherwise, the Data Controller will inform the data subject of the reasons for refusing the deletion within one month.

Right to Restriction of Processing (Article 18 of the GDPR):

The data subject may request the Data Controller to restrict the processing of their personal data (by clearly marking the restricted nature of the data processing and ensuring separate processing from other data) if:

• they contest the accuracy of their personal data (in this case, the Data Controller will restrict the data processing for the period necessary to verify the accuracy of the personal data);
• the data processing is unlawful, and the data subject opposes the deletion of the data and requests the restriction of their use instead;
• the Data Controller no longer needs the personal data for the purpose of data processing, but the data subject requires them for the establishment, exercise, or defense of legal claims; or
• the data subject has objected to the data processing (in this case, the restriction applies for the period necessary to determine whether the Data Controller’s legitimate grounds override those of the data subject).

Right to Data Portability (Article 20 of the GDPR):

If the legal basis for data processing is voluntary consent or contractual basis, and the data processing is carried out by automated means, the data subject has the right to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used, and machine-readable format.

In exercising the right to data portability, the data subject has the right to request the direct transfer of personal data between data controllers, if technically feasible. The exercise of this right must not adversely affect the rights and freedoms of others (Article 20(4) of the GDPR).

Right to Object (Article 21 of the GDPR):

The data subject may object to the data processing at any time for reasons related to their particular situation, if they believe that the Data Controller is not processing their personal data appropriately in connection with the purpose specified in this data protection policy. In such cases, the Data Controller must demonstrate that the processing of personal data is justified by compelling legitimate grounds that override the interests, rights, and freedoms of the data subject, or that relate to the establishment, exercise, or defense of legal claims.

Information on Remedies:

If your rights related to the processing of personal data are violated, you have the following remedies:

• You can contact the Data Controller or the Data Protection Officer directly through the contact details provided above.
• You can file a complaint with the supervisory authority: National Authority for Data Protection and Freedom of Information (NAIH) (1363 Budapest, Pf.: 9.; postal or; email: [email protected]; phone: +3613911400; web: www.naih.hu)
• You can file a lawsuit against the Data Controller.
• You have the right to go to court in case of unlawful processing of your data. You can find information about the jurisdiction and contact details of the court at www.birosag.hu.

 

Cookies Used on the Website:

Cookies, also known as cookies, are files stored on your computer (or other internet-enabled devices) when you visit a particular website. A cookie generally contains the name of the website it came from, its own lifespan (i.e., how long it remains on your device), and its value, which is usually a randomly generated unique number. Based on their expiration, the Data Controller uses two types of cookies on its website: session cookies and convenience cookies.

Session cookies are temporary, meaning they remain on your device until you leave the website.

Convenience cookies stay on your device longer, possibly until you manually delete them.

Based on the above, some of the cookies used by the Data Controller are temporary and disappear when you close the browser, while there are convenience cookies that remain stored on your computer. If you regularly visit our website, your browser remembers the settings you previously used, so you do not need to accept the Data Controller’s cookie policy or set your filtering preferences according to your needs each time you visit.

Since we respect your right to the protection of personal data, you, as a visitor, decide whether to allow the use of certain types of cookies. You can make cookie settings when you first visit our website. If you want to change these settings later, you can do so by clicking on Cookie Settings.

Session Cookies

Session cookies are necessary for browsing the website and using its functions, including remembering actions performed by the visitor on a given page, function, or service. Without the use of “session cookies,” the smooth use of the website cannot be guaranteed. Their validity extends to the duration of the visit, and the “cookies” are automatically deleted at the end of the session or when the browser is closed.

Convenience Cookies

These cookies allow the Data Controller’s website to remember the mode of operation you chose (e.g., accepting the cookie policy and the sorting method of search results in the list). This is to ensure that you do not have to accept the cookie policy or set the sorting method for the content displayed on the site again and again during your next visit. Without the information stored in the preference cookies, our website may function less smoothly but still operate.

We do not record personal data in convenience cookies; we only store an identification number from which the site learns that the cookie policy has been previously accepted.

Setting and Disabling Cookies

Modern browsers allow you to change cookie settings. In addition to the above settings, browsers allow you to change cookie settings. Most browsers automatically accept cookies by default, but this can be changed to prevent automatic acceptance after setting.

If you want to learn more about changing your browser settings, review your browser’s instructions or help section.

You can find information about cookie settings for the most popular browsers at the following links:

• Google Chrome
• Firefox
• Microsoft Internet Explorer 11
• Microsoft Internet Explorer 10
• Microsoft Edge
• Safari 

Cookie Types	Duration of Data Processing	Legal Basis of Data Processing
Ensuring the secure operation of the Data Controller’s website, providing navigation functions.	Until the end of the session	Based on Article 6(1)(a) of the GDPR
Session cookies	For the duration of the relevant visitor session	Section 13/A(3) of Act CVIII of 2001 on certain issues of electronic commerce services and information society services (Elkertv.)
Persistent or saved cookies	Until deleted by the data subject	Section 13/A(3) of Act CVIII of 2001 on certain issues of electronic commerce services and information society services (Elkertv.)
Statistical, marketing cookies	1 month – 2 years	Section 13/A(3) of Act CVIII of 2001 on certain issues of electronic commerce services and information society services (Elkertv.)

Google Analytics:

The Data Controller’s website uses “Google Analytics,” a web analytics service provided by Google Inc. (hereinafter “Google”). Google Analytics uses cookies, which are text files stored on your computer, to help analyze how you use the Data Controller’s website. The information generated by the cookies about your use of the website is transmitted to and stored by Google on its servers. IP anonymization is active on the Data Controller’s website, so within the member states of the European Union or other parties to the Agreement on the European Economic Area, Google truncates/anonymizes the IP address before transmitting it. The IP address transmitted by your browser via Google Analytics will not be associated with any other data held by Google. You can prevent the storage of cookies by selecting the appropriate settings on your browser.

The validity of cookies used by Google Analytics can vary. Some cookies expire when you close the page in your internet browser, while others may have a shorter (1 minute) or significantly longer validity (e.g., 24 hours or 2 years). However, the content of these longer-term cookies can only be accessed by our website – and through it, the Google Analytics service – if you revisit our website from the same device and have not deleted these cookies in the meantime.

Please note that in this case, you may not be able to fully utilize all the functions provided by the Data Controller’s website. You can also prevent Google from collecting and processing data generated by cookies about your use of this website by downloading and installing the plug-in available at the following link: http://tools.google.com/dlpage/gaoptout

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

Personal Data Processed During Website Visits:

Voluntarily Provided Personal Data (Based on Article 6(1)(a) of the GDPR):

The Data Controller may collect the following data that you may voluntarily provide when visiting its website, for example, when you contact the Data Controller through the online contact form (or other contact details provided by the Data Controller), subscribe to its marketing mailing list, participate in its surveys or events, or consent to the creation of image or video recordings of you.

The Data Controller collects the following information about you as described above:

• Name,
• Contact details such as email address, phone number, possibly home address,
• Other information voluntarily provided by you that is relevant to customer surveys or similar research,
• Your image if you participate in an event,
• Your image if you have given explicit consent.

Your personal data will be deleted immediately upon your request – or earlier if required by law. In the absence of withdrawal of consent, the Data Controller retains the related personal data for 5 years (according to Section 6:22(1) of Act V of 2013 on the Civil Code) to enforce any civil claims of the Data Controller and to defend against any civil claims of the data subjects.

Purpose of Data Processing:

• The Data Controller may process your voluntarily provided data (contact details) for identification and communication purposes.
• The Data Controller may process your voluntarily provided personal data (your image) to present, develop, and promote its activities and services.
• The Data Controller may process your voluntarily provided personal data (contact details) to provide marketing and communication tools.
• The Data Controller may also process your voluntarily provided personal data for other purposes for which you have provided it to the Data Controller and have been informed of this purpose.

Data Transfer:

Voluntarily provided personal data is generally not transferred.

Applied Data Security Measures:

This section summarizes the general data security measures applied by the Data Controller. These measures include administrative, technological, physical, and technical procedures designed to protect personal data from unauthorized use, access, or disclosure, as well as from loss, destruction, or alteration.

Data security extends to physical and logical devices, their use and management, as well as security-related regulations and procedures. These measures ensure that unauthorized persons cannot access, disclose, transfer, modify, or delete the processed data.

Data Security Risk:

The accidental or unlawful destruction, unauthorized disclosure, or unauthorized access to personal data, as well as the loss or alteration of data, all pose data security risks.

Data Security Measures of the Data Controller:

The Data Controller pays special attention to the confidentiality, integrity, availability, and resilience of systems and procedures. By using and controlling the technologies it employs, the Data Controller does everything possible to avoid pseudonymization and encryption of personal data and to restore access and availability in the event of an incident.

The Data Controller operates its IT system and tools in such a way that personal data is only accessible to authorized persons (availability); its authenticity and authentication are ensured (data processing authenticity); its invariability is verifiable (data integrity); and it is protected against unauthorized access (data confidentiality).

Processing of Personal Data in the Context of Data Security:

Only the Data Controller’s authorized employees with appropriate access can access personal data in accordance with the relevant contractual provisions, applicable laws, and internal regulations.

The Data Controller only allows access to your data to the extent necessary for its employees involved in the performance of their job duties related to data processing/handling.

Dated: Budapest, February 2, 2025