PRIVACY POLICY

This Privacy Policy sets out the data processing of UNICOMP Informatikai Kft. as the data controller - hereinafter: Data Controller - and the data processing of the www.unicomp.hu website operated by it, as well as the rules for the use of the records and databases maintained.

The privacy policy is available at the following page: www.unicomp.hu/adatkezeles

Amendments to the privacy policy shall enter into force upon publication on the website.

I. Details of the Data Controller

UNICOMP Informatikai Kft.

Registered office: 8000 Székesfehérvár, Palánkai utca 3.

Company registration number: 07-09-002136

Registering authority: Székesfehérvári Törvényszék Cégbírósága

Tax number: 10746820-2-07

Email: info@unicomp.hu

Data Protection Officer (DPO)

Name: Dóra Hajnalka

Email: ertekesites@unicomp.hu

Notification address: 8000 Székesfehérvár, Palánkai utca 3.

Phone number: +36 20 972 6943

According to Article 38 (3) of the GDPR, the data protection officer shall not receive any instructions regarding the exercise of those tasks. The data protection officer shall directly report to the highest management level of the controller. Based on Article 38 (6) of the GDPR, the data protection officer may fulfill other tasks and duties. The organization shall ensure that any such tasks and duties do not result in a conflict of interests.

From the perspective of conflict of interests, roles and tasks where the officer would have to make decisions regarding the purposes and means of data processing, as well as holding a senior management position within the organization, are to be highlighted. Making decisions affecting data processing and bearing responsibility for them is incompatible with the duties of the officer.

II. Processing of Personal Data

The Data Controller carries out the data processing of the enterprise based on the voluntary consent of the Data Subjects or statutory authorization.

The terms used in this Privacy Policy are detailed in Section VII of this policy, and the mandatory data processing principles applicable to the processing of personal data are described in Section VIII.

The Data Subject must be clearly and comprehensively informed about all facts related to the processing of their data, in particular the purpose and legal basis of data processing, the person entitled to process the data, the duration of data processing, and who can get to know the data. The information must also cover the data subject's rights and legal remedies related to data processing.

In the case of voluntary consent, the data subject may request information at any time about the scope of personal data processed about them and the manner of their use. In the case of voluntary consent, the Data Subject may withdraw their consent, except in cases where data processing continues based on a legal obligation. In such cases, the Data Controller provides information on the further processing of the data.

The Data Provider is obliged to provide all given data accurately and to the best of their knowledge.

If the Data Provider does not provide their own personal data, it is their obligation to obtain the consent of the Data Subject.

The Data Controller declares that it does not perform profiling in connection with the processing of personal data.

III. Data Processing Activities Performed by the Data Controller

1. Processing of data provided during contact

Processing of personal data provided personally, via email, phone, and on the www.unicomp.hu website

Scope of processed personal data: name, phone number, email address, message content

Please be informed that:

  • by contacting us, the Data Subject gives their consent for us to process their personal data and message provided during contact in accordance with this privacy policy.
  • The withdrawal of the Data Subject's consent to data processing does not affect the lawfulness of data processing based on consent before its withdrawal.
  • The Data Subject may withdraw their consent to data processing at any time.
  • The Data Subject has the right to request access to, rectification, or erasure of personal data concerning them or restriction of processing.

Scope of Data Subjects: persons sending a message via email or through the contact form on the website

Legal basis for processing: GDPR Article 6 (1) (a) "The data subject has given consent to the processing of his or her personal data for one or more specific purposes." GDPR Article 6 (1) (b) "processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract."

Duration of data processing: 6 months or until the data subject's request for deletion (GDPR Article 17 (1))

Method of data processing: electronically

2. Processing of data provided during ORDER/PURCHASE

Scope of processed personal data: Last name, first name, address (country, zip code, street, house number), phone number, email address and billing address, shipping address (country, zip code, street, house number)

Scope of Data Subjects: individuals contracting with the Data Controller and contact persons of business entities

Purpose of data processing: Identification of the contractual partner, conclusion of the contract, fulfillment of contractual obligations, fulfillment of billing obligations, retrieval and verification of data in case of potential legal disputes or enforcement of claims.

Legal basis for processing:

  • a) GDPR Article 6 (1) (b), according to which "processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;".
  • b) Following the performance of the contract, the legal basis for data processing is GDPR Article 6 (1) (f), according to which: "processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party"

Duration of data processing: The Data Controller stores the data specified above for a period of 5 years + 1 year from the performance of the contract or the failure of performance (until the limitation period of claims arising from the contract).

The Data Controller transfers the Data Subject's data to a third party in the following cases:

  • a) To the Data Controller's subcontractor for the purpose of fulfilling the contract based on GDPR Article 6 (1) (b)
  • b) The data transfer is necessary for compliance with a legal obligation to which the Data Controller is subject according to GDPR Article 6 (1) (c)

3. Data processing related to BILLING

Scope of processed personal data: In order to fulfill the obligations set out in Act CXXVII of 2007 and Act C of 2000 on Accounting, an invoice is issued containing the following personal data: name, address, tax number or tax identification number.

Purpose of data processing: Fulfilling obligations set out in Act CXXVII of 2007 and Act C of 2000 on Accounting.

Legal basis for processing: GDPR Article 6 (1) (c), according to which: "processing is necessary for compliance with a legal obligation to which the controller is subject"

Duration of data processing: 8 years. Pursuant to Section 169 of Act C of 2000, in order to fulfill accounting obligations: "The accounting document directly and indirectly supporting the bookkeeping records (including ledger accounts, analytical and detailed records) must be kept in a readable form for at least 8 years, in a way that is retrievable by reference to the accounting records."

Method of data processing: electronically

The Data Controller transfers the Data Subject's data to a third party in the following cases:

  • a) to the National Tax and Customs Administration (NAV) based on statutory obligation.
  • b) The data transfer is necessary for compliance with a legal obligation to which the Data Controller is subject (GDPR Article 6 (1) (c))
  • d) Within the scope of fulfilling contractual obligations and billing, the Data Controller transfers the personal data provided by the Data Subject during contracting to an accountant.

4. Hosting provider of the www.unicomp.hu website operated by the Data Controller

Hosting provider: Google. The address and contact details of the hosting provider are indicated on the website affected by the hosting service.

The hosting provider performs the following data processing activities:

  • Scope of processed data: All personal data provided by the data subject.
  • Scope of data subjects: All data subjects using the website.
  • Purpose of data processing: Making the website accessible and ensuring its proper operation.
  • Duration of data processing and deadline for data deletion: Data processing lasts until the termination of the agreement between the Data Controller and the hosting provider, or until the data subject's deletion request addressed to the hosting provider.
  • Legal basis for data processing: The User's consent according to GDPR Article 6 (1) (a) and Section 13/A (3) of Act CVIII of 2001 on certain issues of electronic commerce services and information society services.

5. Data processing related to the use of Google Ads

On the www.unicomp.hu website, the auditing is assisted by the Google Analytics server as an external service provider.

The data controller can provide detailed information about the handling of measurement data at https://marketingplatform.google.com/about/analytics/.

To provide a customized experience, external service providers place and read a small data package, a so-called cookie, on the user's computer. If the browser returns a previously saved cookie, the service provider managing it can connect the user's current visit with previous ones, but strictly regarding their own content.

The information generated by the cookies is usually transmitted to and stored on one of Google's servers in the USA. By activating IP anonymization on the website, Google truncates the User's IP address within the Member States of the European Union. The full IP address is transmitted to Google's server only in exceptional cases.

The user can delete cookies from their own computer or disable the use of cookies in their browser. Managing cookies is generally possible in the Tools/Settings menu of browsers under Privacy settings, named cookie or cookies.

The user can prevent Google from collecting and processing data relating to their use of the website generated by the cookies by downloading and installing the plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

6. Management of Cookies

On the www.unicomp.hu website, we use cookies to improve the quality of the service, enhance the user experience, and collect statistical data.

The detailed rules for the cookies used on the website, the scope of processed data, the purpose and duration of data processing, as well as the options for modifying settings, are contained in the separate Cookie Policy. View Cookie Policy

7. Processing of data provided during Newsletter subscription

Processing of personal data provided on the www.unicomp.hu website

Scope of processed personal data: name, email address

Scope of Data Subjects: persons subscribing to the newsletter on the website

Legal basis for processing: GDPR Article 6 (1) (a) "The data subject has given consent to the processing of his or her personal data for one or more specific purposes."

Duration of data processing: until the data subject's request for deletion (GDPR Article 17 (1))

Method of data processing: electronically

8. Other data processing activities

The Data Controller provides information on data processing not listed in this Policy when the data is collected. The court, the prosecutor, the investigating authority, the offense authority, the administrative authority, the National Authority for Data Protection and Freedom of Information, the Central Bank of Hungary, or other bodies authorized by law may contact the Data Controller to request information, disclose or transfer data, or make documents available. The Data Controller will disclose personal data to the authorities – provided the authority has specified the exact purpose and scope of the data – only to the extent strictly necessary to fulfill the purpose of the request.

9. Data Processors

Accountant

Scope of processed data: name, billing address, tax number or tax identification number.

Purpose of data processing: Fulfilling obligations set out in Act C of 2000 on Accounting.

Duration of data processing and deadline for data deletion: 8 years according to Section 169 of Act C of 2000 to fulfill accounting obligations.

Legal basis for data processing: Article 6 (1) (c) of Regulation (EU) 2016/679.

10. Processing of personal data sent via the Facebook social page

The Data Controller has a Facebook page, its address is: https://www.facebook.com/unicompkft

Scope of processed personal data: Name registered on the social site, public profile picture of the user, name, email address, phone number, and message content.

Scope of Data Subjects: Data subjects who registered on social media and liked the Data Controller's social media page, contacted them there, sent a message, or commented.

Purpose of data processing: Informing Data Subjects about the activities of the Data Controller and sharing the website on social media pages.

Legal basis for processing: GPDR Article 6 (1) (a) "The data subject has given consent to the processing of his or her personal data for one or more specific purposes."

IV. Method of storing personal data, security of data processing

Only the Data Controller has access to the data, only the Data Controller processes them, and uses them exclusively in the manner and for the purpose defined in this privacy policy.

The Data Controller selects and operates the IT tools used for processing personal data during the provision of the service in such a way that the processed data: a) is accessible to those authorized (availability); b) its authenticity and authentication are ensured (authenticity of data processing); c) its immutability can be verified (data integrity); d) is protected against unauthorized access (data confidentiality).

The Data Controller protects the data with appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction, damage, and becoming inaccessible due to changes in the applied technology.

During data processing, the Data Controller preserves confidentiality, integrity, and availability.

The IT system and network of the Data Controller and its partners are protected against computer-assisted fraud, espionage, sabotage, vandalism, fire and flood, as well as computer viruses, hacking, and denial-of-service attacks.

V. Rights of the Data Subjects

Personal data may only be processed for a specific purpose, to exercise a right, or fulfill an obligation. Data processing must comply with this purpose at all stages, and the collection and processing of data must be fair.

1. Right to information

The Data Subject may request information about the processing of their personal data, as well as request the rectification, or – except for mandatory data processing – deletion, withdrawal of their personal data, and may exercise their right to data portability and object in the manner indicated when the data was collected, or through the contact details of the Data Controller specified in this Privacy Policy.

2. Right of access

The Data Subject has the right to obtain confirmation from the Data Controller as to whether or not personal data concerning them are being processed, and, where that is the case, access to the personal data and the information listed in the regulation. The deadline for issuing the requested data is 30 days from the receipt of the request.

3. Right to rectification

The Data Subject has the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning them.

4. Right to erasure

The Data Subject has the right to obtain from the Data Controller the erasure of personal data concerning them without undue delay if the purpose of data processing is no longer justified, if consent is withdrawn, or if unlawful data processing occurred.

5. Right to restriction of processing

The Data Subject has the right to obtain from the Data Controller restriction of processing if they contest the accuracy of the data, the processing is unlawful but they oppose erasure, or they have objected to the processing.

6. Right to data portability

The Data Subject has the right to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.

7. Right to object

Where personal data are processed for direct marketing purposes, the Data Subject has the right to object at any time to processing of personal data concerning them for such marketing. In this case, the data may no longer be processed for such purposes.

8. Automated individual decision-making, including profiling

The Data Subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

9. Right to withdraw consent

The Data Subject has the right to withdraw their consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

VI. Informing the Data Subject about a personal data breach

Reporting a personal data breach to the supervisory authority

In the case of a personal data breach, the Data Controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the competent supervisory authority, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification is not made within 72 hours, it shall be accompanied by reasons for the delay.

The notification shall at least:

  • describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
  • communicate the name and contact details of the data protection officer or other contact point where more information can be obtained;
  • describe the likely consequences of the personal data breach;
  • describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

Where, and in so far as, it is not possible to provide the information at the same time, the information may be provided in phases without undue further delay.

The Data Controller shall document any personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken. That documentation shall enable the supervisory authority to verify compliance with this Article.

When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Data Controller shall communicate the personal data breach to the data subject without undue delay.

The communication to the data subject shall describe in clear and plain language the nature of the personal data breach and contain at least the information and measures referred to above.

The communication to the data subject shall not be required if any of the following conditions are met:

  • the controller has implemented appropriate technical and organisational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption;
  • the controller has taken subsequent measures which ensure that the high risk to the rights and freedoms of data subjects is no longer likely to materialise;
  • it would involve disproportionate effort. In such a case, there shall instead be a public communication or similar measure whereby the data subjects are informed in an equally effective manner.

If the controller has not already communicated the personal data breach to the data subject, the supervisory authority, having considered the likelihood of the personal data breach resulting in a high risk, may require it to do so or may decide that any of the conditions are met.

VII. Concepts related to personal data and their interpretation

personal data: any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

restriction of processing: the marking of stored personal data with the aim of limiting their processing in the future;

profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

filing system: any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;

controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;

processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

recipient: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not;

third party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

consent of the data subject: any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

objection of the data subject: a statement by the data subject objecting to the processing of their personal data and requesting the termination of data processing and the deletion of the processed data;

data transfer: making the data accessible to a specific third party;

disclosure: making the data accessible to anyone;

data erasure: making data unrecognizable in such a way that their recovery is no longer possible;

data marking: providing the data with an identification mark in order to distinguish it;

data blocking: providing the data with an identification mark to permanently or temporarily restrict its further processing;

data destruction: the complete physical destruction of the data carrier containing the data;

third country: any state that is not an EEA state.

VIII. Principles relating to processing of personal data

  • Personal data must be processed lawfully, fairly and in a transparent manner in relation to the data subject ('lawfulness, fairness and transparency');
  • Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes ('purpose limitation');
  • Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed ('data minimisation');
  • Accurate and, where necessary, kept up to date ('accuracy');
  • Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed ('storage limitation');
  • Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures ('integrity and confidentiality').
  • The controller shall be responsible for, and be able to demonstrate compliance with the above ('accountability').

The Data Controller declares that the processing of personal data is carried out in compliance with the basic principles set out in this section.

IX. Procedural rules

Transparent information, communication and modalities for the exercise of the rights of the data subject

If a request is received by the Data Controller from the data subject, the controller shall provide information on action taken on a request to the data subject without undue delay and in any event within 30 days of receipt of the request.

That period may be extended by two further months (60 days) where necessary, taking into account the complexity and number of the requests. The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay.

If the controller does not take action on the request of the data subject, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

Information and actions shall be provided free of charge. Where requests from a data subject are manifestly unfounded or excessive, the controller may charge a reasonable fee or refuse to act on the request.

Where the controller has reasonable doubts concerning the identity of the natural person making the request, the controller may request the provision of additional information.

If the applicant requests the data to be handed over on paper or electronic media, the Data Controller will provide a copy of the requested data in PDF format free of charge on an electronic medium. For any further copies requested, an administration fee of HUF 500 per CD-DVD will be charged.

The controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

Exercising the right to object:

The Data Controller shall examine the objection as soon as possible after the submission of the request, but no later than 15 days, make a decision regarding its merits, and inform the applicant of its decision in writing. If the Data Controller determines that the User's objection is justified, it will terminate data processing, block the data, and notify all those to whom the personal data affected by the objection was previously transmitted.

X. Legal remedies

If you have any objections or problems regarding your Data Processing, please contact us at the following details: UNICOMP Informatikai Korlátolt Felelősségű Társaság, Registered office: 8000 Székesfehérvár, Palánkai utca 3., Email: info@unicomp.hu

1. Right to compensation and liability

Any person who has suffered material or non-material damage as a result of an infringement of the GDPR shall have the right to receive compensation from the controller or processor for the damage suffered. A controller or processor shall be exempt from liability if it proves that it is not in any way responsible for the event giving rise to the damage.

2. Right to turn to court

If the data subject believes that their rights have been violated by the Data Controller, they have the right to turn to a court with jurisdiction and competence according to the Code of Civil Procedure (Pp.). The court will hear the case as a matter of priority.

3. Data protection authority procedure

Any complaints may be lodged with the National Authority for Data Protection and Freedom of Information (NAIH): Seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/C., Mailing address: 1530 Budapest, Pf.: 5., Phone: +36-1/391-1400, E-mail: ugyfelszolgalat@naih.hu, Website: http://www.naih.hu

4. Cooperation with authorities

If the Data Controller receives an official request from the authorized authorities, it will compulsorily hand over the specified personal data, but only the data strictly necessary to achieve the goal indicated by the requesting authority.

5. Legislation underlying data processing

Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), Act V of 2013 (Civil Code), Act CXXX of 2016 (Code of Civil Procedure), Act CVIII of 2001 (E-commerce Act), Act XLVIII of 2008 (Advertising Act).

Final provisions

This Policy serves to inform data subjects about the Data Controller's data processing practices, with the Data Controller reserving the right to modify this policy.

The Data Controller considers the content of this legal notice binding on itself and undertakes that all data processing related to its activities meets the expectations defined in this policy, applicable legislation, and legal acts of the European Union.

The Data Controller is committed to protecting the personal data of its clients and partners, treats personal data confidentially, and takes all security, technical, and organizational measures that guarantee the security of the data.

The Data Controller undertakes that if it changes its principles and practices regarding the processing of personal data in any way, it will notify the Data Subjects of these changes in advance. The changes must also be indicated on the Data Controller's website.

The Data Controller declares that it fulfills its data processing obligations in accordance with this policy from the date of acceptance of this Privacy Policy. The Data Controller informs the Data Subjects about the modification and publishes the modified Privacy Policy on its website.

Székesfehérvár, March 1, 2026 | UNICOMP Informatikai Korlátolt Felelősségű Társaság

Unicomp Logo
Széchenyi Terv LogoERFA Logo

Pages

Privacy PolicyImpressumCookie Policy|© 2026 Unicomp Ltd. All rights reserved.