• F&M Solutions Kft.
    1044 Budapest, Ezred u. 7/II. B.
  • Adószám: 26792167-2-41
    VAT Nr.: HU-26792167



1. Purpose of the Privacy Policy

F&M Solutions Ltd. (address: 1044 Budapest, Ezred utca 7/II. B. hereinafter), as Data Controller, agrees to be bound by the content of this legal notice. It undertakes to ensure that all data processing related to its activities complies with the requirements set out in this policy and in the applicable national legislation and legal acts of the European Union.

The data protection guidelines arising in connection with the Data Controller’s data processing are continuously available at the www.fmsolutions.hu/adatkezelesi-tajekoztato address.

The Data Controller reserves the right to change this information. It will inform the data subjects about any changes at the www.fmsolutions.hu address.

The Data Controller is committed to protecting the personal data of its customers and partners, and considers it extremely important to respect the right of its clients to informational self-determination. The Data Controller handles personal data confidentially and takes all security, technical and organizational measures that guarantee the security of the data.


2. Contact details of the Data Controller

If you would like to contact our Company, you can contact the Data Controller at the contact details below.

Name:                                                                  F&M Solutions Ltd.

Address:                                                            1044 Budapest, Ezred utca 7/II. B.

Company registration number:            08-09-031155

VAT number:                                                   26792167-2-41

Responsible for data management:   Fejesné Zobolyák Hajnalka

Telephone number:                                     + 36 20 534 1539

Email:                                                                   info@fmsolutions.hu


3. Definition

“personal data” means any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

“controller” means the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

“processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller;

“recipient” means a natural or legal person, public authority, agency or any other body, to which personal data are disclosed, whether a third party or not. Public authorities which may have access to personal data in the context of a specific investigation in accordance with Union or Member State law shall not be considered recipients; the processing of those data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;

‘consent of the data subject’ means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

“personal data breach” (event) means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Principles governing the processing of personal data: Personal data must be processed lawfully, fairly and transparently in relation to the data subject (‘lawfulness, fairness and transparency’); collected for specified, explicit and legitimate purposes and not processed in a manner incompatible with those purposes; is not considered incompatible with the initial purpose for archiving purposes in the public interest in accordance with Article 89(1),  further processing for scientific or historical research purposes or statistical purposes (‘purpose limitation’); adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’); accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data which are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’); kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods only where the personal data will be processed for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1), subject to implementation of appropriate technical and organisational measures required by this Regulation to protect the rights and freedoms of data subjects (‘storage limitation’);

processed in such a way as to ensure appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

The Data Controller is responsible for compliance with the above and must be able to demonstrate such compliance (“accountability”).


4. Scope of processed personal data

4.1. Information collected when contacting us through our website

The Data Subject may indicate his intention to contact us or send a message through the website of the Data Controller. The Data Controller can identify and contact the Data Subject as its prospective client based on the following data.

Mandatory data:

  • Name of the person interested,
  • E-mail address of the person interested.

Optionally, you can specify:

  • subject matter of the request,
  • message.


4.2. Newsletters, advertising

Pursuant to Section 6 of Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Commercial Advertising Activities, the Data Subject may consent in advance and expressly to be contacted by the Data Controller with its advertising offers and other mailings at the contact details provided upon registration.

Furthermore, bearing in mind the provisions of this prospectus, the Data Subject may consent to the Data Controller processing his or her personal data necessary for sending advertising offers.

The Data Subject may unsubscribe from sending offers without restriction or justification. In this case, the Data Controller deletes the Data Subject’s personal data from its records and does not contact it with further advertisements or newsletters. The link enabling unsubscribing will be made available by the Data Controller on the page of advertisements or newsletters.


4.3. Technical data

The Data Controller selects and operates the IT tools used to provide the service for the processing of personal data in such a way that the data processed:

  • accessible to data processing rights holders (availability),
  • its authenticity and authentication is ensured (credibility of data processing),
  • its unchangedness can be demonstrated (data integrity),
  • be protected against unauthorized access (confidentiality of data).

The Data Controller protects the data with appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction.

The Data Controller shall ensure the protection of the security of data processing by technical, organizational and organizational measures that provide a level of protection appropriate to the risks arising in connection with data processing.

The Data Controller preserves confidentiality during data processing: it protects

  • information, so that only those who are entitled to access it can access it;
  • integrity: protects information and processing methods
  • accuracy and completeness;
  • availability: ensures that when the authorized user needs it, they can actually access the information they want and have the tools to do so.


4.4. Cookies

What cookies do
  • Collect information about visitors and their devices;
  • remember visitors’ individual settings, which can be used, e.g. when making online transactions, so that they do not have to be re-typed;
  • facilitate the use of the website;
  • provide a quality user experience.

In order to provide customized service, a small data package, a so-called cookie is placed on the user’s computer and read back during a later visit. If the browser returns a previously saved cookie, the service provider managing the cookie has the opportunity to link the user’s current visit with previous ones, but only for its own content.


Strictly necessary session cookies

The purpose of these cookies is to enable visitors to fully and smoothly browse the Data Controller’s website, use its functions and the services available there. The validity period of these types of cookies lasts until the end of the session (browsing), and by closing the browser, this type of cookies is automatically deleted from the computer or other device used for browsing.


Third party cookies (analytics)

The Data Controller also uses Google Analytics as a third party cookie on its website. By using Google Analytics for statistical purposes, the Data Controller collects information about how visitors use the websites. The data is used for the purpose of improving the website and user experience. These cookies also remain on the visitor’s computer or other browsing device, in its browser until they expire, or until the visitor deletes them.


5. Intended use and retention period of processed data

The Data Controller may transfer Data only on the basis of a contract, legal obligation or statutory requirement to a third party or organization named in the contract, law or official regulation.

The retention period of the data is 6 years in the case of invoices, 10 years in the case of documents prepared according to contracts, deletion is not possible within this period. After the mandatory “retention period”, the data will be scrapped and destroyed.

Personal data (i.e. data that can be associated with the Data Subject) may be transmitted to the Data Controller in the following ways: on the one hand, in connection with maintaining an Internet connection, through the computer, browser, internet address used by the Data Subject and the data automatically provided by the pages visited, and on the other hand, by providing data by the Data Subject with the intention of contacting you.


6. Purpose, method and legal basis of data processing

The data processing of the Data Controller’s activity is based on voluntary consent or legal authorization.

In the case of data processing based on voluntary consent, it may be withdrawn at any stage of data processing. In some cases, the management, storage and transmission of a certain set of data is required by law, about which we inform our customers separately.

We draw the attention of data providers to the Data Controller that if they do not provide their own personal data, it is the duty of the data provider to obtain the consent of the data subject.

Its data management principles are in line with the applicable legislation on data protection, in particular the following:

  • Act CXII of 2011 on Informational Self-Determination and Freedom of Information,
  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR);
  • Act V of 2013 on the Civil Code (Civil Code);
  • Act C of 2000 on Accounting (Act on Accounting);
  • Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing (AML);
  • Act CCXXXVII of 2013 on Credit Institutions and Financial Enterprises.


7. Physical storage locations of data

The Data Controller stores personal data in electronic form on a computer protected by an access password, and on a sheet of paper, in a lockable filing cabinet. Business card data, if the transferor is the owner, constitute consent to data storage. They can also be stored on a mobile phone protected by an access code.

Data technically recorded during the operation of the system: data of the computer of the data subject login generated during website visits and recorded by the Data Controller’s system as an automatic result of technical processes. The automatically recorded data is automatically logged by the system upon entry or exit without any separate statement or action by the data subject. This data may not be linked to other personal user data, except in cases required by law.

Only the person responsible for Data Management has access to the data. Responsible for hosting service:

Name:                           3 IN 1 HOSTING Bt.

Address:                      2310 Szigetszentmiklós, Brasov u. 4/A.

Telephone:                 06 21 200 0040


8. Rights and enforcement options of the Data Subject

8.1. Right of access

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the information listed in the Regulation.


8.2. Right to rectification

The Data Subject shall have the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of data processing, the Data Subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.


8.3. Right to erasure

The Data Subject shall have the right to obtain from the Data Controller the erasure of personal data concerning him or her without undue delay and the Data Controller shall have the obligation to erase personal data without undue delay under certain conditions.


8.4. Right to be forgotten

Where the controller has made the personal data public and is obliged to erase the personal data, the controller, taking into account available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the Data Subject has requested the erasure of any links to, or copy or replication of, those personal data.


8.5. Right to restriction of processing

The Data Subject shall have the right to obtain from the Data Controller restriction of processing where one of the following conditions is met:

The accuracy of the personal data is contested by the Data Subject, in which case the restriction applies for a period enabling the Data Controller to verify the accuracy of the personal data;

the processing is unlawful and the Data Subject opposes the erasure of the data and requests the restriction of their use instead;

the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims;

the Data Subject has objected to the processing; in this case, the restriction applies for the period until it is established whether the legitimate reasons of the Data Controller override those of the Data Subject.


8.6. Right to data portability

The Data Subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.


8.7. Right to object

In the case of data processing based on legitimate interest or official authority as legal basis, the Data Subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of his or her personal data, including profiling based on those provisions.


8.8. Objection in case of direct marketing

Where personal data are processed for direct marketing purposes, the Data Subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, including profiling to the extent that it is related to such direct marketing. If the Data Subject objects to the processing of personal data for direct marketing purposes, the personal data shall no longer be processed for such purposes.


9. What to do in case of a data protection event

In the event of an event likely to result in a high risk to the rights and freedoms of natural persons, the Data Controller shall inform the Data Subject without undue delay.

A detailed and comprehensible description of the nature of the personal data breach and the name and contact details of the contact person responsible for processing or providing further information shall be provided; Furthermore, the likely consequences of the data protection incident, the remedial measures taken or planned and the measures taken to mitigate any adverse consequences resulting from it shall be described.

If the Data Controller has taken appropriate technical and organizational protection measures and these measures have been applied to the data affected by the personal data breach, in particular, such as the use of encryption, which render the data unintelligible to persons not authorised to access the personal data; or the Data Controller has taken further measures following the personal data breach to ensure that the high risk to the rights and freedoms of the Data Subject is unlikely to materialise subsequently or that the provision of information would require disproportionate effort and that the Data Subjects can be effectively informed in a publicly disclosed manner, the Data Controller shall not be obliged to inform the Data Subject.


10. Possibility to lodge a complaint

The Data Subject may lodge a complaint against any infringement of the Data Controller with the National Authority for Data Protection and Freedom of Information:

Name:                            National Authority for Data Protection and Freedom of Information

Address:                       1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Mailing address:      1530 Budapest, Pf.: 5.

Telephone:                   0613911400

Fax:                                  0613911410

Email:                              ugyfelszolgalat@naih.hu

Home page:                 http://www.naih.hu