en
en

Privacy Policy

1. Introduction
1.1. Purpose of the Privacy Policy

The purpose of this Privacy Policy (hereinafter: "Policy") is to transparently and in detail present how we handle personal data during the activities of Dávid Pálfalvi sole proprietor (hereinafter: "Data Controller"), and to provide information about data subject rights and how to exercise them.

1.2. Legal Compliance (GDPR, Act CXII of 2011)

Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR): defines uniform EU rules on the protection of personal data.

Act CXII of 2011 (Info Act): the fundamental law of Hungarian data protection regulation, which concerns the right to informational self-determination and freedom of information.

This Policy aims to comply with the requirements set out in the above legislation.

2. Data Controller Information
2.1. Data Controller Name and Contact Details

Name: Dávid Pálfalvi sole proprietor

Headquarters: Hungary, 3324, Felsőtárkány, Fagyöngy utca 4.

Registration number: 55888068

Tax number: 57275132-2-30

Representative: Dávid Pálfalvi

Email: david.palfalvi@innovectus.com

Phone number: +36 30 3083456

2.2. Availability of the Privacy Policy

This Policy is available electronically at https://innovectus.com/hu/gdpr-adatvedelmi-es-adatkezelesi-szabalyzat, and can also be viewed in printed form upon request in person.

3. Definitions
3.1. GDPR Basic Concepts

Personal data: any information relating to an identified or identifiable natural person ("data subject").

Data Controller: the natural or legal person which determines the purposes and means of the processing of personal data.

Data Processor: a natural or legal person which processes personal data on behalf of the Data Controller.

Consent: voluntary and explicit expression of the data subject's will, by which they consent to the processing of personal data relating to them.

Data Subject: any identified or identifiable natural person to whom the personal data relates.

3.2. Definition of Data Protection Incident

A data protection incident means any event that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

4. Data Processing Principles
4.1. Legal Bases and Principles

Lawfulness, fairness, and transparency: We process data only for specified and legitimate purposes.

Purpose limitation: Only for predetermined purposes, to the extent necessary to achieve the goal.

Data minimization: We collect and process only the personal data essential for achieving the purpose.

Accuracy: We ensure that the personal data processed is accurate and, where necessary, kept up to date.

Storage limitation: Personal data is stored only for as long as necessary to achieve the purpose.

Integrity and confidentiality: We apply appropriate technical and organizational measures to protect personal data.

4.2. Data Accuracy and Security

Both the Data Controller and the data subject are responsible for regular updating of data; the latter is obliged to report any changes in their personal data.

The Data Controller makes every effort to ensure that the recorded data is accurate and protects it from unauthorized access with appropriate security measures.

5. Data Processing Purposes and Legal Bases
5.1. Website Registration

Purpose: Creating a user account and providing related services.

Legal basis:

Consent (GDPR Article 6(1)(a)) in case the registration is voluntary and requested by the data subject.

Performance of a contract (GDPR Article 6(1)(b)) if registration is a prerequisite for providing the service.

Data processed: Name, email address, password (encrypted), registration date, IP address.

5.2. Order Processing

Purpose: Processing orders, fulfilling contracts, invoicing, and delivery.

Legal basis: Performance of a contract (GDPR Article 6(1)(b)).

Data processed: Name, shipping and billing address, contact details (phone number, email), order details.

5.3. Invoicing

Purpose: Compliance with applicable accounting legislation (e.g., Act C of 2000).

Legal basis: Compliance with a legal obligation (GDPR Article 6(1)(c)).

Data processed: Name/company name, address, tax number (for legal entities), other data necessary for invoicing.

5.4. Newsletter Sending

Purpose: Marketing communication, information about new products, promotions.

Legal basis: Consent (GDPR Article 6(1)(a)).

Data processed: Name, email address.

Note: You can unsubscribe from the newsletter at any time by clicking on the link at the bottom of the newsletter or by directly notifying the Data Controller.

5.5. Use of Cookies

Purpose: Ensuring proper website operation, improving user experience, analyzing visitor data, marketing purposes.

Legal basis:

Consent (GDPR Article 6(1)(a)) - for all cookies that are not essential for the basic operation of the website.

Legitimate interest or performance of a contract (GDPR Article 6(1)(f) or (b)) - for technical cookies essential for operation.

Further details: See the "Use of Cookies" section (Point 11) of this Policy.

5.6. Social Media Data Processing

Purpose: Communication, sharing information (Facebook, Instagram, etc.).

Legal basis: Voluntary decision, consent (GDPR Article 6(1)(a)).

Note: The data processing practices of social platforms should be viewed in the respective platform's privacy policy.

6. Scope of Processed Data
6.1. Types of Personal Data

Identification data: name, username, password (encrypted).

Contact details: email address, phone number, address.

Technical data: IP address, browser type, cookies, login time.

Billing data: billing name, address, tax number (for companies).

6.2. Data Storage Method and Duration

In electronic form on protected servers, with password and other security solutions.

In paper form (if any) at the headquarters or premises, in a secure location.

Storage period: until the fulfillment of legal obligations and the realization of the data processing purpose, or until the withdrawal of consent. After this, we delete or anonymize the data.

7. Rights of Data Subjects
7.1. Right to Information

The data subject has the right to request information about for what purpose, on what legal basis, from what source, for how long we process their personal data, and who can access it.

7.2. Right to Rectification

If the data subject believes that their processed personal data is inaccurate or incomplete, they may request its correction or completion.

7.3. Right to Erasure ("Right to be Forgotten")

The data subject may request the deletion of their personal data if the data is no longer needed for its original purpose, or if the data subject withdraws their consent, and there is no other legal basis for data processing.

7.4. Right to Data Portability

The data subject has the right to receive the data they have provided in a widely used, machine-readable format, and may request that this data be transferred to another data controller.

7.5. Right to Object

The data subject may object to the processing of their personal data at any time if the legal basis for data processing is the legitimate interest of the Data Controller.

The data subject has a separate right to object to the processing of personal data for direct marketing purposes.

8. Data Security
8.1. Protection of Electronic Data

Multi-level authorization system.

Regular security backups.

Virus protection and firewall usage.

8.2. Technical and Organizational Measures

Use of closed office network and secure Wi-Fi.

Storage of paper documents in locked cabinets.

Regular data protection training for employees and data processors.

9. Handling of Data Protection Incidents
9.1. Reporting Incidents to Authorities (72-hour rule)

In case of a data protection incident, the Data Controller will report it to the National Authority for Data Protection and Freedom of Information (NAIH) without undue delay and, if possible, no later than 72 hours after becoming aware of it, unless the incident is unlikely to pose a risk to the rights and freedoms of data subjects.

9.2. Informing Data Subjects in Case of High Risk

If the incident is likely to pose a high risk to the rights and freedoms of data subjects, the Data Controller will inform the data subjects without delay, describing the nature of the incident and the measures taken.

10. Data Processors and Third Parties
10.1. Hosting Provider

Name: HOSTINGER operations, UAB

Headquarters: Švitrigailos str. 34, Vilnius 03230 Lithuania

Contact: domains@hostinger.com, +37064503378

Data processing activity: operation of the web server, technical maintenance. Processes personal data only based on the instructions of the Data Controller.

11. Use of Cookies
11.1. Purpose and Types of Cookies

Session cookies: essential for the operation of the website, deleted when the browser is closed.

Functional cookies: enhance user convenience, such as remembering login details or selected language.

Analytical cookies (e.g., Google Analytics): serve statistical purposes, help understand user behavior, and improve website operation.

Marketing cookies: support the display of relevant advertisements and measure the effectiveness of advertisements.

11.2. Management of User Settings

Users can regulate cookie management in their browser settings, thus disabling or deleting them.

When modifying cookie settings, some website functions may not work properly.

When visiting the website for the first time, there is an opportunity to allow or reject non-essential (e.g., marketing) cookies through a pop-up window.

12. Data Protection Officer
12.1. Conditions for Appointment and Duties

Under Article 37 of the GDPR, the Data Controller is required to appoint a Data Protection Officer (DPO) if its main activity:

involves processing operations which, by their nature or scope, require regular and systematic monitoring, or

is based on processing large amounts of sensitive data.

The duties of the officer include:

continuous monitoring of compliance with the GDPR,

providing advice to the Data Controller and employees,

liaising with the supervisory authority (NAIH) and data subjects.

12.2. Legal Status and Contact Information

The Data Protection Officer reports directly to senior management and cannot be instructed in the performance of their duties.

Name: Dávid Pálfalvi

Contact: david.palfalvi@innovectus.com

If the designation of a DPO is not mandatory for the Data Controller, but one is appointed nevertheless, data subjects will be appropriately informed in this Policy.

13. Legal Remedies for Data Subjects
13.1. Filing a Complaint with the National Authority for Data Protection and Freedom of Information (NAIH)

If the data subject believes that the processing of their personal data violates applicable legislation, they may file a complaint with the National Authority for Data Protection and Freedom of Information:

Address: 1055 Budapest, Falk Miksa utca 9-11.

Phone: +36 (1) 391-1400

Email: ugyfelszolgalat@naih.hu

13.2. Possibility of Judicial Remedy

In case of infringement of their rights, the data subject may turn to court. The lawsuit can be initiated - at the data subject's choice - at the court of their place of residence or stay.

14. Legislation Underlying Data Processing
14.1. GDPR (EU Regulation 2016/679)

Regulation (EU) 2016/679 of the European Parliament and of the Council, aimed at protecting natural persons with regard to the processing of personal data and ensuring the free movement of data within the EU.

14.2. Act CXII of 2011 on the Right to Informational Self-Determination

The Hungarian data protection law that regulates the domestic principles and limitations of personal data processing.

14.3. Other Relevant Hungarian Legislation

  • Act C of 2000 on Accounting.

  • Act V of 2013 on the Civil Code (Ptk.).

  • Act XLVIII of 2008 on the Basic Conditions of Economic Advertising Activities.

15. Final Provisions
15.1. Scope of the Privacy Policy and Possibilities for Amendment

This Policy is effective from 01.03.2025.

The Data Controller is entitled to unilaterally amend the Policy, particularly due to legislative changes, introduction of new data processing activities, or consideration of recommendations from the supervisory authority.

Amendments will be published on the website, and after their entry into force, data subjects accept the new rules by continuing to use the services.

Dated: Budapest, 01.03.2025

Dávid Pálfalvi sole proprietor Dávid Pálfalvi

Innovate with Intellect.

Revolutionize workflows with cutting-edge AI solutions.

About Us

2024-2025 Innovectus - All rights reserved.

Services

Blog

Privacy Policy

Terms and Conditions