Privacy Policy

AdmiraVox Limited Liability Company

1022 Budapest, Szemlőhegy Street 8/a

Phone: +36 70 239 7689

Email: info@admiravox.com

Privacy Policy

Effective from December 22, 2024

1. Introduction

AdmiraVox Ltd. (hereinafter referred to as AdmiraVox, Commercial and Service Company), as the data controller, acknowledges the content of this legal notice as binding.

AdmiraVox is committed to ensuring that all data processing related to its activities complies with the requirements outlined in this policy and the applicable legal regulations.

AdmiraVox Ltd. operates the website https://admiravox.com/.

AdmiraVox Ltd. reserves the right to amend this notice at any time. Naturally, any changes will be communicated to its audience in due time.

AdmiraVox Ltd. is dedicated to protecting the personal data of its clients and partners, placing great importance on respecting their right to informational self-determination. The data controller treats personal data confidentially and takes all security, technical, and organizational measures necessary to guarantee data security.

In the following, AdmiraVox Ltd. outlines its data processing principles and the expectations it sets for itself as a data controller. These principles align with the applicable data protection regulations, including but not limited to:

  • Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information
  • Act V of 2013 on the Civil Code (Ptk.)
  • Act C of 2000 on Accounting (Accounting Act)
  • Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (Advertising Act)
  • Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (E-commerce Act)
  • Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as “GDPR”).

 

2. Definitions

 

Data Subject: Any identified or identifiable natural person based on specific personal data, either directly or indirectly.

Personal Data: Any data that can be associated with the data subject, particularly the name, identification number, or one or more attributes specific to their physical, physiological, mental, economic, cultural, or social identity, as well as any conclusions drawn from such data concerning the data subject.

Consent: The voluntary and explicit declaration of the data subject’s will, based on adequate information, by which they give unmistakable consent to the processing of their personal data—either in full or for specific operations.

Data Controller: The natural or legal person, or an organization without legal personality, who alone or jointly with others determines the purposes of data processing, makes decisions regarding data processing (including the tools used), and implements or has the data processing implemented by a data processor.

Data Processing: Any operation or set of operations performed on data, regardless of the procedure used, such as collection, recording, organization, storage, alteration, use, retrieval, transmission, disclosure, alignment or combination, blocking, erasure, or destruction, as well as the prevention of further use of the data, and the recording of physical characteristics suitable for identifying a person, including photographs, sound, or video recordings.

Data Transfer: Making data accessible to a specific third party.

Disclosure: Making data accessible to anyone.

Data Erasure: Rendering data unrecognizable in such a way that its restoration is no longer possible.

Data Processing Tasks: Performing technical tasks related to data processing operations, irrespective of the methods and tools used or the location of the application, provided that technical tasks are performed on the data.

Data Processor: A natural or legal person, or an organization without legal personality, who processes data on behalf of the data controller under a contract, including those based on legal regulations.

3. Company Information

Name: AdmiraVox Ltd.

Registered Address: 1022 Budapest, Szemlőhegy Street 8/a

Company Registration Number: 01-09-417098

Tax Number: 32304279-2-41

Phone Number: +36 70 239 7689

Email: info@admiravox.com

4. Scope of Personal Data, Purpose, Legal Basis, and Duration of Data Processing

We remind those providing data to AdmiraVox Ltd. that if they do not provide their own personal data, it is their responsibility to obtain the consent of the affected individual. Below are the details of our data processing activities.

4.1. Inquiries via the Website – https://admiravox.com

Purpose of Data Processing: To facilitate communication between the data subject and our company, promoting closer and more effective collaboration.

Legal Basis for Data Processing: Voluntary consent of the data subject – GDPR Article 6(1)(a).

Scope of Personal Data Processed: Name of the inquirer, email address, phone number, and any additional information provided by the data subject.

Duration of Data Processing: Until consent is withdrawn, or the purpose of the data processing is fulfilled.

Recipients of Personal Data: Except for data processors specified in Section 8, the data controller does not share personal data with third parties. Recorded data can only be accessed by the data controller’s employees and designated colleagues of the data processor(s).

Scope of Affected Individuals: Partners and individuals inquiring about the company’s services via the website.

4.2. Issuance of Invoices (for Natural Persons)

Purpose of Data Processing: To issue invoices to the payer and fulfill legal obligations. AdmiraVox Ltd. issues electronic invoices to the payer.

Legal Basis for Data Processing: Legal obligation under Act C of 2000, Section 166(1).

Scope of Personal Data Processed:

  • Name of the payer
  • Billing address
  • Invoice amount
  • Services invoiced
  • Email address

Duration of Data Processing: Until the period specified by the Accounting Act – Act C of 2000, Section 169(2).

Consequences of Not Providing Data: Provision of data is a prerequisite for concluding the contract.

Recipients of Personal Data: Except for data processors specified in Section 8, the data controller does not share personal data with third parties. Recorded data can only be accessed by the data controller’s employees and designated colleagues of the data processor(s).

Scope of Affected Individuals: Individuals to whom invoices are issued by the data controller.

4.3. Data Processing Related to IT Service Operation

Purpose of Data Processing: AdmiraVox Ltd.’s websites may use “cookies” (temporary markers) to enable faster access. Cookies are informational data active only during specific client sessions and are transferred from the website to the client’s computer to facilitate quicker identification. Clients can always request cookies to be disabled by modifying their browser settings. However, disabling cookies may slow or prevent access to certain parts of the site or functionalities.

Session cookies avoid reliance on other IT tools potentially harmful to client navigation confidentiality and do not enable the acquisition of personal data identifiers.

Users can delete cookies from their computers or disable their use in their browsers. Cookie management is typically available in browser Tools/Settings under Privacy settings, labeled as cookies or similar.

Legal Basis for Data Processing: Voluntary consent of the user, GDPR Article 6(1)(a). Consent is given when users accept the pop-up notification or continue browsing.

Data Processed to Enable User-Friendly Browsing:

  • Web pages visited and their opening sequence
  • IP address of the user’s device
  • Protocol
  • Time
  • Accessed files
  • Browser type

Duration of Data Processing: Until the session ends.

Recipients of Personal Data: Except for data processors specified in Section 8, the data controller does not share personal data with third parties. Recorded data can only be accessed by the data controller’s employees and designated colleagues of the data processor(s).

Scope of Affected Individuals: Visitors to the website, regardless of whether they use the available services.

5. Other Data Processing

For data processing not listed in this notice, information will be provided at the time of data collection. We inform our clients that certain authorities, public bodies, or courts may request personal data from our company. Our company will only disclose personal data to these entities to the extent necessary to fulfill the purpose of the request, provided the requesting body specifies the exact purpose and scope of the requested data, and if fulfilling the request is mandated by law.

6. Transfer of Personal Data to Third Countries or International Organizations

Our company does not directly transfer your personal data to third countries or international organizations.

7. Information on the Use of Data Processors

During data processing, the data controller transfers data to data processors contracted for the fulfillment of the agreement.

Categories of Recipients:

  • Accounting/bookkeeping service providers
  • Electronic invoicing service providers

8. The method of storing personal data and data processing security

Our company’s IT systems and other data storage locations are found at headquarters and on servers provided by the data processor. Our company selects and operates the IT tools used for personal data processing during service provision in a way that ensures the processed data:

  1. a) is accessible to authorized individuals (availability).
  2. b) has its authenticity and authentication ensured (data processing authenticity).
  3. c) its integrity can be verified (data integrity).
  4. d) is protected against unauthorized access (data confidentiality).

We pay particular attention to data security and take the necessary technical and organizational measures, as well as establish procedural rules, to implement the guarantees required by GDPR. We protect the data with appropriate measures, especially against unauthorized access, modification, transmission, disclosure, deletion, or destruction, as well as against accidental destruction, damage, and inaccessibility due to changes in the applied technology.

Our company’s and our partners’ IT systems and networks are protected against computer-assisted fraud, computer viruses, cyber intrusions, and denial-of-service attacks. The operator ensures security through server-level and application-level protective procedures. Daily data backups are in place. To prevent data protection incidents, our company takes all possible measures, and in the event of such an incident, we act promptly to minimize risks and eliminate damages.

9. Rights of the Data Subjects, Legal Remedies

The data subject may request information about the processing of their personal data, as well as request the rectification, erasure, or withdrawal of their personal data – except in cases of mandatory data processing – in accordance with the method specified at the time of data collection or through the contact details of the data controller mentioned above.

The rights of the data subjects and their legal remedies are defined and communicated to the data subjects in accordance with the Act CXII of 2011 and the EU Regulation 2016/679.

Right to Information, also known as the “Access Right”: According to Article 15 of the Act CXII of 2011 and the EU Regulation 2016/679, upon request from the data subject, the data controller shall provide information on:

  • the personal data processed and their categories,
  • the purpose of the data processing,
  • the legal basis for the data processing,
  • the duration of the data processing,
  • if applicable, the duration of storage or, if this is not possible, the criteria for determining this period,
  • if the data were not collected from the data subject, all available information regarding their source,
  • if applicable, the automated decision-making process, including profiling, and the logic involved, as well as understandable information about the significance and expected consequences of such data processing,
  • the data processor’s details, if a data processor has been used, details about any data protection incidents, their impact, and the corrective actions taken,
  • If personal data is transferred to third parties, the legal basis, purpose, and recipients of the data transfer.

The information is free of charge if the data subject has not requested similar information about the same data set during the current year. In other cases, a fee may be charged. Any previously paid fees will be refunded if the data was processed unlawfully or the request led to a correction.

The data controller is required to refuse to provide information under the following circumstances:

  • If, under a law, international agreement, or mandatory EU legal act, the data controller receives personal data with a restriction on the data subject’s rights as set out by the respective law or other limitations on the data processing.
  • For reasons related to national security, defense, crime prevention, prosecution, security of criminal execution, as well as for economic or financial interests of the state or local government, or if it concerns disciplinary and ethical violations related to professional activities.

The data controller is obliged to notify the National Authority for Data Protection and Freedom of Information by January 31 of the following year about any denied information requests.

Right to Rectification: The data subject has the right to request the data controller to correct inaccurate personal data without undue delay. The data subject may also request the completion of incomplete personal data, including by providing supplementary statements. If the personal data is found to be inaccurate and the correct personal data is available, the data controller must correct the data without the data subject’s request.

Right to Erasure, also known as the “Right to be Forgotten”: The data subject has the right to request the erasure of their personal data without undue delay. The data controller must erase personal data without undue delay if there is no legal obligation to process it further.

The data controller is required to erase personal data if:

  • The processing is unlawful,
  • The data is incomplete or inaccurate and cannot be lawfully rectified,
  • The purpose of the data processing has ceased, or the retention period has expired,
  • A court or authority has ordered the erasure,
  • The data is no longer necessary for the purposes for which it was collected or processed,
  • The data subject objects to the processing and there are no overriding legitimate grounds for the processing,
  • The data must be erased to comply with legal obligations.

If personal data was disclosed to the public and must be erased, the data controller must take reasonable steps to notify other controllers to remove links to or copies of the personal data, considering available technology and implementation costs.

Right to Data Portability: The data subject has the right to receive their personal data in a structured, commonly used, machine-readable format, and may transmit these data to another data controller without hindrance, if:

  • The processing is based on consent, and
  • The processing is carried out automatically.

The data controller does not process data in an automated manner, so this right is not applicable in this case.

Right to Object: The data subject may object to the processing of their personal data, including profiling, if:

  • The data is processed solely for the legitimate interests of the data controller or a third party, except for mandatory data processing,
  • The personal data is being used for direct marketing, public opinion polling, or scientific research purposes.
  • If the data is used for scientific, historical, or statistical purposes, the data subject may object on grounds related to their own situation, except when the processing is necessary for the performance of a task carried out in the public interest.

Judicial Enforcement of Rights: If the data subject’s rights are violated, they may bring an action before the courts. The court will handle the case as a matter of urgency. The data controller is required to prove that the data processing complies with the law.

Complaints:

The data subject can file a complaint with the National Authority for Data Protection and Freedom of Information Office if their informational self-determination rights have been violated:

National Authority for Data Protection and Freedom of Information Office

Address: 1055 Budapest, Falk Miksa utca 9-11

Phone: +36 (30) 683-5969, +36 (30) 549-6838, +36 (1) 391 1400

Fax: +36 (1) 391-1410

Website: https://www.naih.hu/

Email: ugyfelszolgalat@naih.hu