PRIVACY POLICY
https://xpamac.com/

  1. Data Controller

Your personal data is managed by the Data Controller listed below, as outlined in this policy.

XPAMAC Zrt.
Address: 6726 Szeged, Jobb fasor 6-10.
Represented by: Péter Gábriel, CEO
Contact: email: [email protected]

(hereinafter: “Data Controller”)

  1. Individual Data Processing Activities

Data

Purpose of Processing

Retention Period

Legal Basis of Processing

Rights

Website form: name, phone number, email address

Responding to inquiries

Until the end of collaboration or withdrawal of consent

Consent provided by completing the form. Consent can be withdrawn at any time via our contact details in Section 1. Withdrawal does not affect the legality of data processing prior to withdrawal. [GDPR Article 6 (1)(a)]

4.1-4.6

Personal data provided in other inquiries: name, email address, any other personal data provided

Responding to inquiries

1 year

Consent given by sending the inquiry outside the contact form. Consent can be withdrawn at any time using the contact details in Section 1. Withdrawal does not affect prior processing legality. [GDPR Article 6 (1)(a)]

4.1-4.6

Contact information of business representatives: name, position, email address, phone number

Business communication

Until the business relationship is maintained or the contact changes

Legitimate interest in contract performance and communication. Processing may be objected to at any time using our contact details in Section 1. [GDPR Article 6 (1)(f)]

4.2, 4.3, 4.5, 4.7

Data provided on social media (LinkedIn, Facebook, Instagram, YouTube): profile data

Notifications for marketing or information purposes related to the company or financial intermediary activities

Until unfollowed (unsubscribed)

Consent provided by following. Consent may be withdrawn anytime by unsubscribing. Withdrawal does not affect prior processing legality. [GDPR Article 6 (1)(a)]

4.1-4.6

Messages, comments: profile name, picture, any personal data provided in the message

Response to messages

Until deleted by the user

Consent provided by sending the message. Consent can be withdrawn by deleting the message. Withdrawal does not affect prior processing legality. [GDPR Article 6 (1)(a)]

4.1-4.6

Social media (LinkedIn, Facebook, Instagram, YouTube) statistical data

Development of site and ads

Until ads are disabled in ad settings

Consent provided by ad settings. Consent may be withdrawn by modifying settings. Withdrawal does not affect prior processing legality. [GDPR Article 6 (1)(a)]

4.1-4.6

  1. Data Processors and Other Data Controllers

3.1. Data Processors

  • The Data Controller handles web editing.
  • Server service provided by BITADMIN KFT. (1151 Budapest, Fő út 82. fszt. 2.) (privacy policy).

3.2. Other Data Controllers

  • The Contact Form 7 plugin is used for application forms; it does not store data.
  • VN Consulting supports the operation of https://xpamac.com/ and contact forms (privacy policy) but does not have access to submitted data and does not process them.
  • Social media sites are managed by separate data controllers:
  1. Rights

You are entitled to the rights outlined in Sections 4.1-4.7. To exercise any of these, please contact us through any means listed in Section 1.

Identification
We must identify you before processing your request, requiring only a few personal details that we already have.

Response to Request
Following identification, we will respond via letter or email, as appropriate.

Processing Deadline
We will respond to your request within one (1) month from the date received. If necessary, based on request complexity or volume, this period may be extended by two (2) months, with notification within the initial one (1) month. You will be notified of any action taken or lack thereof and may lodge a complaint with the NAIH (Section 5.1) or pursue legal remedies (Section 5.2).

Service Fees
Information and action requested are free of charge, except in cases where the request is manifestly unfounded or excessive (especially due to repetition), in which case a fee may apply, or we may refuse the request.

4.1. Right to Withdraw Consent
You may withdraw your consent for data processing at any time. Withdrawal does not affect the legality of data processing based on prior consent.

4.2. Right to Access
You may request information on whether your data is being processed and, if so:

  • What is the purpose?
  • What data is being processed?
  • To whom is this data disclosed?
  • For how long is it stored?
  • What rights and remedies are available?
  • Who provided your data?
  • Are automated decisions made about you using your data?

4.3. Right to Rectification
You may request corrections or additions to any personal data recorded inaccurately or incompletely.

4.4. Right to Erasure (“Right to be Forgotten”)
You may request data deletion if:
a) The data is no longer needed for its original purpose;
b) Consent-based data processing;
c) Processing is deemed unlawful;
d) Successful objection to processing;
e) Data deletion is required by EU or Member State law.

Data cannot be deleted when:
a) Required for exercising freedom of expression and information;
b) Necessary for the Data Controller’s legal obligations;
c) Needed to present, exercise, or defend legal claims.

4.5. Right to Restriction of Processing
You may request restriction if any of the following apply:
a) Accuracy is contested; restriction applies for the period needed for verification;
b) Processing is unlawful, but you oppose deletion and request restriction;
c) Data is no longer needed but is required for legal claims;
d) You object to processing, pending verification of overriding legitimate grounds.

4.6. Right to Data Portability
You may receive your data in a machine-readable format or transfer it to another controller, provided processing is based on consent, contractual obligation, and is automated.

4.7. Right to Object
You may object to data processing based on the legitimate interests of the Data Controller or a third party. If upheld, data will be deleted unless compelling legitimate grounds exist for retention or for legal claims.

  1. Remedies

5.1. Complaint to NAIH
If you believe data processing violates the GDPR, you may file a complaint with the National Authority for Data Protection and Freedom of Information (NAIH).

NAIH
President: Dr. Attila Péterfalvi
Mailing Address: 1363 Budapest, Pf. 9.
Address: 1055 Budapest, Falk Miksa utca 9-11.
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
Web: http://naih.hu
Email: [email protected]

5.2. Right to Judicial Remedy
You may file a lawsuit if you believe data processing has infringed your GDPR rights. The claim is adjudicated by the competent court, which may also be initiated at the court of your residence.

5.3. Compensation and Damages
If unlawful processing causes harm or breaches personal rights, you may claim compensation or damages. The Data Controller is exempt if it proves that the harm was caused by unavoidable reasons outside its control.

  1. Data Security

We make every effort to ensure appropriate data security in light of current scientific and technological advancements, processing costs, and the nature of data handling risks. Personal data is treated confidentially and with maximum resilience, including restorability in the event of problems.

Last updated: October 2024