- +36 30 123 4567
Company name: NPM Consulting Ltd. (hereinafter: Data Controller)
Postal address: 8000 Székesfehérvár, Királysor 30.
Email address: info@npmconsulting.eu
2. The legal background, legal basis, purpose, scope of personal data processed, and duration of data processing on the websites www.npmconsulting.eu and www.npmconsulting.hu
2.1. Information on the use of cookies
About cookies:
The Data Controller uses cookies when you visit the website. A cookie is a package of information consisting of letters and numbers that our website sends to your browser for the purpose of saving certain settings, facilitating the use of our website, and helping us collect some relevant statistical information about our visitors.
Legal background and legal basis for cookies: The legal basis for data processing in the electronic communications sector is Directive 2002/58/EC on the processing of personal data and the protection of privacy in the electronic communications sector Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Regulation), Act CXII of 2011 on the right to self-determination in relation to information and freedom of information (Infotv.) and Act CVIII of 2001 on certain issues relating to electronic commerce services and information society services. The legal basis for data processing is Article 6(1)(a) of the Regulation and your consent in accordance with Section 5(1)(a) of the Infotv. Cookies strictly necessary for operation: These cookies are essential for the use of the website and enable the use of its basic functions. Without them, many of the website's functions will not be available to you. The lifetime of this type of cookie is limited to the duration of the session.
Cookies that improve user experience: These cookies collect information about how you use the website, such as which pages you visit most often or what error messages you receive from the website. These cookies do not collect information that identifies you, i.e., they work with completely general, anonymous information. We use the data obtained from these cookies to improve the performance of the website. The lifetime of this type of cookie is limited to the duration of the session.
If you do not accept the use of cookies, certain features will not be available to you. For more information on deleting cookies, please visit the following links:
Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-
cookies#ie=ie-11]
Firefox: https://support.mozilla.org/hu/kb/sutik-informacio-amelyet-weboldalak-tarolnak-szami
Chrome: https://support.google.com/chrome/answer/95647?hl=en]
2.2. Certain data processing activities (information pursuant to Article 13 of the Regulation)
2.2.1. Data processing associated with establishing contact
Description of data processing: The Data Controller shall respond to questions and requests for information received by it in the manner requested by the person requesting the information (by telephone or e-mail).
Legal basis for data processing: The legal basis for data processing is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (27 April 2016) (Regulation) and Act CXII of 2011 on the right to self-determination in relation to information and freedom of information (Infotv.).
Legal basis for data processing: The legal basis for data processing is Article 6(1)(a) of the Regulation and your consent in accordance with Section 5(1)(a) of the Infotv.
Purpose of data processing: The purpose of data processing is to enable us to respond to your inquiry.
Scope of data processed: When contacting us, you will be asked to provide your name and contact details (email address or telephone number).
Duration of data processing: We store messages sent during the contact process for up to one month, but you can request the deletion of your personal data provided during the contact process at any time.
2.2.2. Data processing related to inquiries about any service sent via the website or directly by email
Description of data processing: The Data Controller offers the possibility of concluding short-term rental agreements for meeting rooms and long-term rental agreements for office space, as well as registered office service agreements.
Legal basis for data processing: The legal basis for data processing is provided by the provisions of the Regulation, the Infotv. and the Civil Code.
Legal basis for data processing: The legal basis for data processing is the performance of a contract in accordance with Article 6(1)(b) of the Regulation.
Purpose of data processing: The purpose of data processing is to record the user's meeting room booking, rental, and headquarters service requirements.
Scope of data processed: Name, email address, and telephone number of the contact person; billing name (company name) and address, tax number and telephone number in the case of a business entity; details of rental or registered office service requirements.
Duration of data processing: We store the data provided during registration until January 31 of the calendar year following the first year after registration, but you may request the deletion of your personal data at any time.
2.2.3. Data processing related to invoicing
Description of data processing: The Data Controller issues the receipts required by law for the sales it has made.
Legal basis for data processing: Data processing is governed by the provisions of the Regulation and the Infotv., as well as the provisions of Act C of 2000 on Accounting (Sztv.).
Legal basis for data processing: The legal basis for data processing is Article 6(1)(c) of the Regulation and Section 6(5)(a) of the Infotv. a) based on the legal obligation imposed on the Data Controller, as set out in the Sztv.
Purpose of data processing: Issuing invoices in accordance with legal regulations and fulfilling accounting document retention obligations. Pursuant to Section 169 (1) (2) of the Accounting Act, business associations must retain accounting documents that directly and indirectly support their bookkeeping records.
Scope of data processed: In order to issue an invoice, the billing name and address are required, as well as the tax number in the case of a business entity.
Duration of data processing: Issued invoices must be retained for 8 years from the date of issue, in accordance with Section 169(2) of the Accounting Act. Please note that the Data Controller is entitled to retain your personal data obtained during the issuance of invoices for 8 years pursuant to Article 6(1)(c) of the Regulation and Section 6(5)(a) of the Infotv. The Data Controller shall store the data until June 30 of the calendar year following the expiry of the eighth year from the performance of the contract.
2.2.4. Data processing related to fee payment
Description of data processing: The Data Controller manages the fulfillment of the contracting party's payment obligations with the assistance of the financial institution.
Legal basis for data processing: Data processing is governed by the provisions of the Civil Code, the Regulation, the Information Act, and Act C of 2000 on Accounting (Sztv.).
Legal basis for data processing: The legal basis for data processing is the performance of a contract in accordance with Article 6(1)(b) of the Regulation.
Purpose of data processing: To enable the Data Controller to obtain information about the contracting party's payment performance, thereby fulfilling its contractual obligations towards you.
Scope of data processed: During data processing, the name of the bank account holder and the bank account number are processed.
Recipient: The financial service provider named on the invoice issued by the Data Controller.
Duration of data processing: The Data Controller shall store the data until June 30 of the calendar year following the eighth year after the performance/expiration of the contract.
2.2.5. Data processing related to the lease agreement
Description of data processing: The Data Controller concludes a lease agreement in relation to the premises it leases.
Legal basis for data processing: Data processing is governed by the provisions of the Regulation and the Infotv.
Legal basis for data processing: The legal basis for data processing is the performance of a contract in accordance with Article 6(1)(b) of the Regulation.
Purpose of data processing: Filing the rental agreement and monitoring the obligations contained therein.
Scope of data processed: During data processing, the Data Controller processes the contracting party's contact and billing information.
Duration of data processing: The Data Controller shall process the data until June 30 of the calendar year following the fifth year after the performance/expiration of the contract.
2.2.6. Data processing related to the registered office service agreement
Description of data processing: The Data Controller enters into a contract for registered office services with business entities using registered office services.
Legal basis for data processing: Data processing is governed by the provisions of the Regulation and the Infotv.
Legal basis for data processing: The legal basis for data processing is the performance of a contract in accordance with Article 6(1)(b) of the Regulation.
Purpose of data processing: To file the registered office service contract that's been signed, to keep track of the obligations in it, including confirming that mail is received by the person authorized by the client who signed the registered office service contract and that the mail is forwarded by the Data Controller as the agent.
Scope of data processed: During data processing, the Data Controller processes the contracting party's contact and billing information.
Recipient: The postal service provider used by the Data Controller.
Duration of data processing: The Data Controller shall process the data until June 30 of the calendar year following the fifth year after the performance/expiration of the contract.
Legal basis for data processing: The legal basis for data processing is provided by the Regulation, the Infotv. and the provisions of this Privacy Policy.
Legal basis for data processing: The legal basis for data processing is Article 6(1)(a) of the Regulation and your consent in accordance with Section 5(1)(a) of the Infotv.
Purpose of data processing: Maintaining contact with users on social media platforms.
Data subjects: Followers of the Data Controller's profile on social media sites.
Scope of data processed: User name used on social media sites and information made public by the user.
Duration of data processing: You have the option to delete your data in accordance with the policies of each platform.
2.3. Further data processing
If the Data Controller wishes to carry out further data processing, it shall provide prior information on the essential circumstances of the data processing (legal background and legal basis of the data processing, purpose of the data processing, scope of the data processed, duration of the data processing).
We hereby inform you that the Data Controller is required to comply with written requests for data from the authorities based on legal authorization. In order to comply with the requirements of the Regulation and in accordance with Sections 15. (2)-(3) of the Infotv. (to which authority, what personal data, on what legal basis, when the Data Controller transferred the data), the content of which the Data Controller shall provide upon request, unless such information is excluded by law.
3. Other provisions
During registration, the user is obliged to provide true and complete information in response to the questions on the registration form, and to update the registration data accordingly in the event of any changes. In the event of false, incomplete, or inaccurate data provided by the user, the Data Controller has the right to partially or completely suspend or terminate the user's access.
The Data Controller reserves the right to immediately terminate the user's right to use and access the Website at any time, at its sole discretion, if the user violates the terms of the Privacy Policy or any applicable laws.
4. Information on the use of data processors and their activities related to data processing
4.1. Data processing activities aimed at storing personal data
Name of data processor: NetMasters Ltd.
The data processor's mailing address: 4200 Hajdúszoboszló, Diószegi Sámuel u. 5. The data processor's email address: szia@netmaster.hu The data processor's telephone number: +36 30 923 4646
NetMasters Kft. stores personal data on its servers on the basis of a written contract concluded with the Data Controller. It is not authorized to access personal data.
5. Data security measures
The Data Controller declares that it has taken appropriate security measures to protect personal data against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage, and against inaccessibility resulting from changes in the technology used.
6. Your rights during data processing
In this section, the Data Controller wishes to provide you with information on the processing of personal data in a concise, transparent, understandable, and easily accessible form, using clear and plain language. Upon request, verbal information may also be provided, provided that you have verified your identity as a data subject in another manner. The Data Controller shall facilitate the exercise of your rights as set out below in the Regulation. The Data Controller may not refuse to comply with a request to exercise your rights as a data subject, unless it can prove that you, as the data subject, cannot be identified.
The Data Controller shall inform you of the measures taken in response to your request without undue delay, but in any case within one month of receiving the request. If necessary, taking into account the complexity of the request and the number of requests, this period may be extended by a further two months. The Data Controller shall inform you of the extension of the deadline within one month of receipt of the request, indicating the reasons for the delay. If you submitted your request electronically, the Data Controller shall also provide the information electronically, unless you request otherwise.
If the Data Controller does not take action on your request, it shall inform you without delay, but no later than one month after receipt of the request, of the reasons for not taking action and that you may lodge a complaint with a supervisory authority and seek judicial remedy (see section 6.2 for more details).
The Data Controller shall provide the information and take the measures free of charge, However, if your request is clearly unfounded or excessive, in particular because of its repetitive nature, the Data Controller may charge a reasonable fee for providing the requested information or taking the requested action, or may refuse to take action on the request. If the Data Controller has reasonable doubts about the identity of the natural person submitting a request relating to the rights of the data subject below, it may request further information necessary to confirm the identity of the data subject.
6.1. During data processing, you have the right to:
Right to information and right of access: You may request information from the Data Controller about the processing of your personal data during the period of data processing. The Data Controller shall inform you in writing, in an easily understandable form, within the shortest possible time after the submission of the request, but within a maximum of 1 month, about the data processed, the purpose of the data processing, its legal basis, duration, and, if the data has been transferred – about who receives or has received the data and for what purpose, and you are entitled to receive feedback on the processing of your personal data in accordance with Article 15(1)(a) to (h) of the Regulation, but in the case of a request for a copy, the Data Controller is entitled to charge a reasonable administrative fee;
Right to rectification: You may request that the Data Controller rectify or supplement your personal data during the period of data processing. The Data Controller shall comply with your request without delay, but no later than within one month.
Right to erasure: You may request that the Data Controller erase your personal data without undue delay if
a) the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
b) you withdraw your consent and there is no other legal basis for the processing;
c) you object to the processing and there are no overriding legitimate grounds for the processing;
d) personal data has been unlawfully processed;
e) the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject.
The right to erasure does not apply if the Data Controller is required by law to continue storing the data, or if, in accordance with Article 6(1)(c) of the Regulation and Section 6(5) of the Infotv., the Data Controller is entitled to continue processing the personal data (e.g. in connection with invoicing). The Data Controller does not disclose your data, so if you wish to exercise your right to be forgotten, you must enforce it with regard to the data processors performing data processing activities;
Right to restriction of processing (blocking): You have the right to request that the Data Controller restrict data processing if
a) You contest the accuracy of the personal data, in which case the restriction applies for a period enabling the Controller to verify the accuracy of the personal data;
b) the processing is unlawful and you oppose the erasure of the data and request the restriction of their use instead;
c) the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise, or defense of legal claims; or
d) You have objected to the processing of your data, in which case the restriction applies for as long as it takes to determine whether the legitimate grounds of the Data Controller take precedence.
If data processing is restricted on any of the above grounds, such personal data may be processed, with the exception of storage, only with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.
Right to data portability: since the Data Controller does not perform automated data processing, your right to receive personal data concerning you in a structured, commonly used, machine-readable format or to transmit (transfer) such data to another data controller on the basis of your consent or in connection with a contract concluded with you does not apply;
Right to object: You may object to the processing of your personal data (i) if the processing or transfer of personal data is necessary for the performance of a task carried out in the public interest or for the purposes of the legitimate interests pursued by the controller, the recipient or a third party, except in cases of mandatory data processing and in the cases specified in Article 21(1) of the Regulation and Section 6(5) of the Infotv. Section 6(5) of the Infotv. (in the case of a substantiated compelling legitimate reason), or (ii) if the use or transfer of personal data is carried out without your consent for the purposes of direct marketing, public opinion polling or scientific research. The Data Controller shall examine the objection within the shortest possible time from the submission of the request, but within a maximum of 1 month, decide on its merits, and inform you of its decision in writing.
The Data Controller informs you that EU or Member State legislation applicable to it or to the data processor it uses may restrict the above rights, inter alia, for the purposes of preventing, investigating, detecting or prosecuting criminal offenses, or enforcing criminal sanctions, including threats to public security. investigating, detecting, or prosecuting criminal offenses, or enforcing criminal sanctions, including protecting against and preventing threats to public security; the protection of the data subject or the rights and freedoms of others; and the enforcement of civil law claims (Article 23 of the Regulation), in which case you will be informed of this circumstance upon request in accordance with the conditions set out above.
6.2. Legal remedies
If you believe that the Data Controller has violated any legal provision relating to data processing or has failed to comply with any of your requests, you may initiate an investigation by the National Authority for Data Protection and Freedom of Information in order to terminate the alleged unlawful data processing (mailing address: 1530 Budapest, Pf.: 5., e-mail: ugyfelszolgalat@naih.hu). We also inform you that in the event of a violation of the legal provisions on data processing, or if the Data Controller has not complied with any of your requests, you may take legal action against the Data Controller.
7. Changes to the Data Processing Policy
The Data Controller reserves the right to amend this data processing notice. By using the website after the amendment has come into effect, you accept the amended data processing notice. The Data Controller shall ensure that the previous version of the text is also available on the website in the event of an amendment.
Budapest, 2025.09.26.