I. The Data Controller

Andersen Adótanácsadó Zrt. (hereinafter referred to as Andersen) pays particular attention to proceed in the course of its operations in compliance with the General Data Protection Regulation of the European Union [1] (GDPR) and the related Hungarian sectoral acts, in particular with the Hungarian Data Protection Act [2].

Data controller:
Address: 1124 Budapest, Csörsz utca 43.
Company registration number: 01-10-047595
E-mail: info@hu.Andersen.com
Telephone: +36 1 920 6800
Website: https://hu.andersen.com/

Pursuant to Article 37 Section (1) of the GDPR, the Data controller is not obliged to designate a Data Protection Officer.

Data processors:

  • WPEngine Inc. (Storage services provider): Irongate House, 22-30 Duke’s Place, London, EC3A 7LP United Kingdom – in connection with server services.
  • Look and Feel Kft. (Webpage operator): 1021 Budapest, Kuruclesi út 57. – in connection with provision of IT services and website operation.
  • The Rocket Science Group LLC (MailChimp newsletter service provider): 675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308 USA – in connection with sending newsletters.

II. The purpose and the legal basis of data processing

The purpose of data processing is the distribution of weekly, biweekly or monthly electronic newsletters providing professional content and promoting the services of the Data Controller to subscribers of the e-mail newsletter.

Our legal ground for data processing related to newsletters and other informative materials is the data subject’s explicit, freely given and informed consent under Article 6 (1) a) of the GDPR. Please note that consent is voluntary, and refusal to give consent will not put you at a disadvantage. However, as certain personal data are strictly necessary for accessing some services, no newsletter can be sent if personal data is not supplied and consent is not granted.

Newsletter – The Data Controller shall process the following personal data in connection with the circulation of the newsletter:

  1. the first and last name of the subscriber (data essential to identify the client)
  2. e-mail address (data essential for reaching out to the client)
  3. company name (data essential to identify the client)
  4. telephone number (data essential for reaching out to the client)

Alumni Program and Newsletter – As for the Alumni program concerning the former employees of Andersen, the following personal data is processed:

  1. the first and last name of the subscriber (data essential to indentify the former employee)
  2. e-mail address, and telephone number (data essential for reaching out to the former employee)
  3. current and former employer; position, service period, referrals (data required for business relationship purposes).

We do not collect sensitive category data.

The data provided will be used only for the purposes specified in this Policy, and will not be disclosed to any unauthorized third parties or public. The Data controller shares personal data with third parties only if the Data Subject has given his or her prior consent or if it is required to fulfil legal obligation. Personal data is treated as confidential. The Data controller takes all safety, technical, and organizational measures necessary for guaranteeing the security of such data.

III. Term of data processing

We retain your personal data as part of the data processing discussed in the previous section for as long as strictly necessary for the purposes defined in section II., or until you withdraw your consent.

Private individuals are entitled to withdraw their consent any time. Each email addressed to individuals includes such a link that enables them to withdraw subscription simply by clicking on the link. In such a way, individuals are able to delete themselves from the mailing list. That is to say, in such cases, processing of their personal data ends with the day of when they unsubscribed.

IV. Rights of the Data Subject in relation to the processing of personal data

You may request access to and rectification or erasure of your personal data or, in certain cases, restriction of processing, and may object to the processing of personal data.

Right of access

The data subject shall have the right to obtain from the controller confirmation – using the contact details given in Clause I – as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: purposes for which the data are processed; the recipients to whom the personal data have been or will be disclosed; the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the source from which Andersen has obtained the personal data; furthermore the rights related to data processing.

Right to rectification

You shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.

Right to erasure (‘right to be forgotten’)

The data subject shall have the right to obtain from the controller the erasure of personal data, Andersen will erase the personal data concerned without undue delay if:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • you withdraw your consent on which the processing is based, and there is no other legal ground for the processing;
  • the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
  • the personal data have been unlawfully processed  or the personal data have to be erased for compliance with a legal obligation.

The Data Controller’s obligation to erase the personal data will not apply to the extent that processing is necessary for the establishment, exercise or defence of legal claims.

Right to restriction of processing

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

  • the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  • the data subject has objected to processing, pending the verification whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

Andersen will inform you before the restriction of processing is lifted.

Right to object

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Right to data portability

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent or a contract, or the processing is carried out by automated means.

Legal remedies

The data subject may initiate investigations via notification, claiming that by the processing of his or her personal data he or she has suffered the impairment of a right, at:

Adatvédelmi és Információszabadság Hatóság (the National Authority for Data Protection and Freedom of Information)
Mailing address: 1530 Budapest, Pf. 5.
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Telephone: +36 1 391 1400
Email: ugyfelszolgalat@naih.hu
Website: www.naih.hu

Without prejudice to your right to lodge a complaint, you have the right to judicial remedy. 

V. Miscellaneous

The present Privacy Policy shall enter into force on 8 July 2020.

The Data Controller reserves the right to change this Privacy Statement at any time, in particular for the purpose of continuous and complete compliance with the law.

[1] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

[2] Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information.