Data protection

INTRODUCTION

With the information below, we comply with our legal obligation as defined by REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL and Act CXII of 2011.

DATA PROCESSING DEFINITIONS

Personal datawe consider any information (name, address, IP address, etc.) from which a natural person (“data subject”) can be directly or indirectly identified.

Data Controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data. In this Notice, the following shall be considered Data Controller:

Sűdy and Partners Ltd. (1037 Budapest, Montevideo Street 4., company registration number: 01 09 711685, tax number: 10507065-2-41, Representative: Anna Pápai-Vonderviszt, data processing contact: gdpr@sudy.co.hu) (hereinafter referred to as: Company)

A data processor is a natural or legal person who processes personal data on behalf of the data controller. The use of a data processor does not require the prior consent of the data subject, but it is necessary to inform them. In this Notice, the following are considered data processors:

Crea Space Ltd. (20-22 Wenlock Road, London N1 7GU, United Kingdom) - Hosting service

User data is received on the website exclusively through contact forms, which the hosting provider immediately forwards to our company by email.

Google Inc. - Gmail (Mountain View, California, USA) - Receive and send emails

Access to the submitted letter and related data.

Meta Platforms Ireland Limited - Facebook (Merrion Road, Dublin 4, D04 X2K5, Ireland)

Access to the IP address, browser and operating system type, and activity within our website of a visitor registered and logged in to Facebook.

LinkedIn Ireland Unlimited Company (Gardner House, Wilton Plaza, Dublin 2, Ireland)

Access to the IP address, browser and operating system type, and activity within our website of a visitor registered and logged in to LinkedIn.

Google Inc. – Analytics and Ads (Mountain View, California, USA)

Access to the anonymized, non-personal IP address, browser and operating system type, and activity within our website of visitors to the website and those who click on the ad.

STORED PERSONAL DATA

Consent to the collection and storage of personal data: Our Company carries out data processing based on consent. Consent is considered if you, as the data subject, tick a relevant box when visiting our Company's website, make relevant technical settings when using information society services, and any other statement or action that clearly indicates the data subject's consent to the planned processing of his or her personal data in the given context. Silence, a pre-ticked box or inaction therefore does not constitute consent.

Types of personal data stored: Our company will be the controller of the personal data you provide. We only collect and store basic personal data about you, which does not include any special personal data (sensitive personal data). The data stored may include your name, workplace, telephone number, email address, job title, IP address.If you submit your CV to our Company through our website of your own free will, in addition to accepting the data processing information, we may collect the following personal data about you provided in your professional CV: name, age, contact details, education, work experience, references.

Lawful basis and purpose of processing personal data: Our company basically collects and stores the aforementioned personal data because our legitimate interests require it for the provision and advertising of our services, as well as for maintaining and building business relationships.

Necessity of personal data: Our company needs the personal data you provide so that we can contact you, provide our services without interruption, and introduce you to our clients during job placement.We use personal data for work, correspondence, and contact purposes, and we only disclose it to third parties with your specific consent.

Security of Personal Data: We have established appropriate security measures to prevent any unauthorized access, loss, use, theft, or damage to personal data, as well as accidental deletion, alteration, or disclosure of data. Our security includes physical security measures (such as storing paper files in locked rooms and drawers), electronic security technology (such as password protection, creating encrypted digital backups, and using high-level virus protection), and organizational measures (such as internal employee training, developing policies and procedures for information security, hacking, or disaster recovery). We limit access to personal data to employees who absolutely need this information to do their job. We have also established reporting procedures to detect and handle suspected hacking attacks on personal data, and if unauthorized access to data occurs, we will notify you and the appropriate supervisory authority of the breach when required by law.

How long do we store personal data? We store your data until you withdraw your consent; you can withdraw your consent at any time, in which case our Company will delete your CV and all personal data.

How can you inquire about your personal data? Upon request, our Company can provide you with all information related to the processing of your personal data in a concise, transparent, easily understandable and accessible form. You can send your request to the email address gdpr@sudy.co.hu or to our contact details on our website.

USE OF COOKIES

Our company informs you, as a visitor (user) to our website, about the use of cookies and requests your consent for this - with the exception of technically necessary session cookies.

Concepts

A cookie : is a piece of data that a website sends to a visitor's browser so that it can store it and later load its content on the same website. A cookie can be valid until the browser is closed, or for an unlimited period of time. In the future, the browser will send this data to the server with every HTTP(S) request. This will modify the data on the user's computer. The purpose of a cookie is to identify a user (e.g., that they have entered the site) and to be able to handle it accordingly in the future.

Strictly Necessary Cookies (2): Necessary cookies are essential for the website to function properly. These cookies anonymously ensure basic website functions and security features. Cookies expire in 1 or 2 years.

Analytical cookies (1): We use analytical cookies to understand how visitors interact with the website. This cookie helps provide information about the number of visitors, bounce rate, traffic source, etc. The cookie has an expiration date of 2 months.

Social media cookies (5): Content from video platforms and social media platforms is disabled by default. If social media cookies are accepted, manual consent is no longer required to access this content. The expiration date of these cookies is 6 months to 10 years, depending on the third-party provider.

Accepting or rejecting the use of cookies: Our company will only be able to read those cookies that you have accepted when visiting our website. You can accept all cookies offered or adjust them according to your preferences. You can also reset your browser settings to refuse all cookies or to indicate when a cookie is being sent.

What do we use cookies for? Our company may record and process the following data about the visitor and the device used for browsing when using the website: visitor IP address, browser type, operating system characteristics of the device used for browsing (set language), time of visit, visited (sub)page, function or service, click. Cookies allow us to track the use and traffic of the website in an aggregated and anonymous manner. This information helps our company to develop the website.

RIGHTS OF THE DATA SUBJECT

Our company, as a data controller, must facilitate the exercise of your rights as a data subject. You may exercise the following rights:

Right to prior information: You, as the data subject, have the right to be informed about the facts and information related to data processing before data processing begins.

Right of access: You, as the data subject, have the right to access your personal data that our Company stores about you. If we transfer your personal data to a third country or an international organization , you, as the data subject, have the right to be informed about the appropriate safeguards regarding the transfer in accordance with Article 46 of the Regulation. We will provide all information and each communication regarding the processing of your personal data in a concise, transparent, intelligible and easily accessible form, in clear and plain language, and free of charge.

Right to rectification: You, as the data subject, have the right to have our Company correct and complete the relevant inaccurate personal data without undue delay upon your request.

Right to erasure (to be forgotten): You, as the data subject, have the right to have your personal data erased by our Company without undue delay upon request, if our Company no longer needs to process them, or you withdraw your consent, or you object to the processing, or the processing is unlawful. Data that is subject to a statutory retention period or in which our Company has a legitimate interest cannot be erased. After a request for erasure of personal data has been fulfilled, the previous (erased) data can no longer be restored. If requested, our Company will endeavour to notify all data controllers who have become aware of or may have become aware of the User’s potentially disclosed data.

Right to restriction: In the event of restriction of data processing, personal data, with the exception of storage, may only be processed with the consent of the data subject, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for important public interests of the Union or a Member State.

Right to data portability: You, as the data subject, have the right to receive the personal data concerning you, which you have provided to our Company, in a structured, commonly used and machine-readable format, and have the right to transmit these data to another data controller without hindrance from our Company, if the data processing is based on consent or a contract; and the data processing is carried out by automated means.

Right to object: You may object to the processing of your personal data based on the relevant point of the GDPR. In this case, our Company may no longer process your personal data for this purpose.

Right to legal remedy : As a data subject, you may file a complaint regarding data processing directly with the National Authority for Data Protection and Freedom of Information (NAIH, 1125 Budapest, Szilágyi Erzsébet fasor 22/c., +36-1-391-1400, ugyfelszolgalat@naih.hu, www.naih.hu ). In the event of a violation of your rights, you may also file a lawsuit with the court. The court is competent to adjudicate the lawsuit. The lawsuit may also be initiated – at the choice of the data subject – before the court of the data subject’s place of residence or residence.

You may submit a request to exercise the above rights to the e-mail address gdpr@sudy.co.hu or by post to our current address. Our Company considers the request for information to be authentic if you can be clearly identified based on the request sent. We can only consider a request sent by e-mail to be authentic if you send it from the e-mail address stored with us, but this does not exclude our Company from identifying you in another way before providing the information. Our Company will examine it within the shortest possible time from its submission, but no later than 30 days - 15 days in case of objection - and will make a decision on its validity, which it will inform you about in writing. If necessary - taking into account the complexity of the request and the number of requests - this deadline may be extended by another 60 days. Our Company will inform you about the extension of the deadline, indicating the reasons for the delay, within 30 days of receipt of the request. If our Company does not comply with your request, we will state in our decision the factual and legal reasons for rejecting the request.

PRIVACY INCIDENT

Our company is committed to data security. Our company does everything possible to protect your personal data. Access to such data is limited, and we use physical and technological procedures to protect personal data from loss, misuse or unauthorized disclosure.

If a data breach occurs and the breach is likely to result in a high risk to the rights and freedoms of natural persons, our Company will inform the data subject about the data breach without undue delay. This notification will clearly and intelligibly describe the nature of the data breach, the name and contact details of the contact person providing the information, the likely consequences of the data breach, the measures taken or planned to remedy the data breach, including, where applicable, measures to mitigate any adverse consequences resulting from the data breach.

There is no obligation to provide information if any of the following conditions are met:

(a) the controller has implemented appropriate technical and organisational protection measures and these measures have been applied to the data affected by the data breach, in particular measures that render the data unintelligible to persons not authorised to access the personal data, such as the use of encryption;

b) the data controller has taken further measures following the data protection incident to ensure that the high risk to the rights and freedoms of the data subject is no longer likely to materialise;

(c) the provision of information would involve a disproportionate effort. In such cases, the data subjects shall be informed by means of publicly available information or a similar measure shall be taken which ensures that the data subjects are informed in a similarly effective manner.

MODIFICATION OF DATA MANAGEMENT AND COOKIE NOTICE

Our Company reserves the right to review this Policy from time to time and to amend it at any time if necessary. By using the website, you acknowledge that our Company has the right to change these guidelines without prior notice. When you visit our website, you will find the current policy. We recommend that you click on our policy every time you visit our website to be informed of any changes.

Date: May 25, 2018

Modified: May 24, 2024

Modified: April 8, 2025

Name	Borlabs Cookie
Provider	Owner of this website, Imprint
Purpose	Saves the visitors preferences selected in the Cookie Box of Borlabs Cookie.
Cookie name	borlabs-cookie
Cookie expiry	1 Year

Name	Google Tag Manager
Provider	Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Purpose	Cookie by Google used to control advanced script and event handling.
Privacy policy	https://policies.google.com/privacy?hl=en
Cookie name	_ga,_gat,_gid
Cookie expiry	2 Years

Accept	Google Analytics
Name	Google Analytics
Provider	Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Purpose	Cookie by Google used for website analytics. Generates statistical data on how the visitor uses the website.
Privacy policy	https://policies.google.com/privacy?hl=en
Cookie name	_ga,_gat,_gid
Cookie expiry	2 Months

Accept	Facebook
Name	Facebook
Provider	Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Purpose	Used to unblock Facebook content.
Privacy policy	https://www.facebook.com/privacy/explanation
Host(s)	.facebook.com

Accept	Google Maps
Name	Google Maps
Provider	Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Purpose	Used to unblock Google Maps content.
Privacy policy	https://policies.google.com/privacy?hl=en&gl=en
Host(s)	.google.com
Cookie name	NID
Cookie expiry	6 Month

Data protection

About

Services

Contact

Other

Accept	OpenStreetMap
Name	OpenStreetMap
Provider	Openstreetmap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge CB4 0WS, United Kingdom
Purpose	Used to unblock OpenStreetMap content.
Privacy policy	https://wiki.osmfoundation.org/wiki/Privacy_Policy
Host(s)	.openstreetmap.org
Cookie name	_osm_location, _osm_session, _osm_totp_token, _osm_welcome, _pk_id., _pk_ref., _pk_ses., qos_token
Cookie expiry	1-10 Years

Accept	Vimeo
Name	Vimeo
Provider	Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA
Purpose	Used to unblock Vimeo content.
Privacy policy	https://vimeo.com/privacy
Host(s)	player.vimeo.com
Cookie name	vuid
Cookie expiry	2 Years