Request a Demo
Get started

Effective Group Zrt. (registered office: 1124 Budapest, Apor Vilmos tér 11-12. 1st floor, door 2.08., website: www.effectivegroup.hu, email: info@effectivegroup.hu, phone: (1) 202-2571, tax number: 23593653-2-43; hereinafter referred to as EG, service provider, data controller), as the data controller, acknowledges the contents of this legal notice as binding upon itself.

The purpose of this notice is to define the data protection and data processing principles applied by EG, and to outline the data protection and data management policy of the Company related to the processing of personal data connected to the websites www.assessin.net and www.assessin.eu.

EG undertakes to ensure that all data processing activities related to its operations comply with the expectations outlined in this notice and with the applicable laws and regulations.

EG is committed to protecting the personal data of its clients and partners, and places great importance on respecting its clients’ right to informational self-determination. EG treats all personal data as confidential and takes all necessary security, technical and organizational measures to ensure the security of such data.

Definitions

  • “Personal data”: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  • “Processing”: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • “Restriction of processing”: the marking of stored personal data with the aim of limiting their processing in the future;
  • “Controller”: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
  • “Processor”: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
  • “Third party”: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
  • “Data subject’s consent”: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
  • “Personal data breach”: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Scope of Personal Data, Purpose, Legal Basis and Duration of Data Processing

EG processes personal data based on voluntary consent, contractual obligations, or statutory requirements.

When personal data is collected directly from the data subject, EG provides the data subject with the following information at the time the data is obtained:

a) the identity and contact details of the data controller and, where applicable, the data controller’s representative;
b) the intended purpose of processing and the legal basis for processing;
c) if the personal data is not obtained from the data subject: the categories of personal data concerned;
d) where applicable, the recipients or categories of recipients of the personal data.

In addition to the above, the data subject is also informed of the following supplementary details:

a) the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
b) the right of the data subject to request access to, rectification or erasure of, or restriction of processing concerning their personal data from the controller, and to object to processing, as well as the right to data portability;
c) in the case of processing based on consent, the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal;
d) the right to lodge a complaint with a supervisory authority;
e) whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, and whether the data subject is obliged to provide the personal data, as well as the possible consequences of failure to provide such data.

The data subject has the right to obtain confirmation from the controller as to whether or not personal data concerning them is being processed, and, where that is the case, access to the personal data and the following information.

The data subject has the right to request the rectification of inaccurate personal data concerning them without undue delay. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

The data subject has the right to request the erasure of personal data concerning them without undue delay, and the controller is obliged to erase such personal data without undue delay under certain conditions.

The data subject has the right to obtain restriction of processing by the controller where one of the following applies:

a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead;
c) the controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise, or defense of legal claims;
d) the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.

The controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if requested.

The data subject has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format, and the right to transmit those data to another controller without hindrance, where the processing is based on consent or a contract and is carried out by automated means.

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

In the event of a personal data breach likely to result in a high risk to the rights and freedoms of natural persons within EG Zrt.’s systems, the data controller shall inform the data subject of the personal data breach without undue delay.

Providing an email address is voluntary but a prerequisite for obtaining trial access. The purpose of processing is exclusively to provide temporary access and – with the explicit consent of the data subject – to send information, offers, and updates related to the trial period.

Legal basis for processing:

  • the data subject’s voluntary consent (pursuant to Article 6(1)(a) of the GDPR),
  • in the case of direct marketing communications, solely based on separate consent by the data subject.

Scope of processed data:

  • name (if provided),
  • email address,
  • start and end dates of the trial period.

Duration of processing:

  • the email address will be retained for a maximum of 180 days following the end of the trial period,
  • if the data subject consents to receive marketing communications, the data will be processed for that purpose until consent is withdrawn.

No automated decision-making or profiling takes place in connection with the processing of email addresses.

Storage and Security of Personal Data

EG’s IT systems and other data storage locations are situated at its registered office and on the relevant servers.

EG selects and operates the IT tools used in the provision of its services in such a way that the processed data:

  • is accessible only to authorized persons,
  • is ensured to be authentic and verifiable,
  • remains unchanged and traceable, and
  • is protected against unauthorized access.

EG protects the data with appropriate measures, particularly against unauthorized access, alteration, transmission, public disclosure, deletion or destruction, as well as accidental destruction, damage, and unavailability resulting from changes in applied technology.

Taking into account the state of technological development, EG ensures the security of data processing through technical, organizational, and administrative measures that provide a level of protection appropriate to the risks associated with data processing.

However, we inform data subjects that electronic messages transmitted via the internet – regardless of protocol (email, web, FTP, etc.) – are vulnerable to network threats that may lead to unfair activity, contract disputes, or the disclosure or alteration of information. EG Zrt. takes all reasonable precautions to protect against such threats.

Our company does not use data processors.

Personal data managed by EG is primarily accessible to our authorized internal staff and is not transferred to third parties, except in cases of legitimate interest (e.g., debt collection), legal obligation, or with the prior express consent of the data subject.

Cookies

During visits to the websites www.assessin.net and www.assessin.eu, the Service Provider sends one or more cookies – small text files containing character strings – to the visitor’s computer, enabling the browser to be uniquely identified. These cookies are sent only when certain subpages are visited and record only the fact and time of the visit to those specific subpages; no other information is stored.

The use of such cookies allows third-party service providers, including Google, to record visits to the EG website.

If the user does not wish for Google or other providers to track data in the manner and for the purposes described above, they can install a blocking add-on in their browser.

The “Help” function in most browser menu bars provides information on:

  • how to disable cookies,
  • how to accept new cookies,
  • how to instruct the browser to set new cookies, or
  • how to disable other cookies entirely.

Contact

If you have any comments, questions, or problems related to our company, data processing, or use of our services, please contact us using the details provided on our website.

Miscellaneous

For data processing activities not listed in this privacy notice, information will be provided at the time the data is collected.

Our company reserves the right to unilaterally amend this privacy notice while notifying the affected parties.

Our company does not verify the personal data provided to it. The person who provides the data is solely responsible for its accuracy. By submitting an email address, the data subject assumes responsibility for ensuring that the address is used solely by them to access services.

We inform our clients that law enforcement authorities, the National Authority for Data Protection and Freedom of Information (NAIH), or other organizations authorized by law may request data or documentation from EG Zrt. for the purpose of disclosure, transfer, or inspection.

Procedural Rules

The data controller has 30 days to respond to requests for access to, deletion, or rectification of personal data. If the data controller does not fulfill such a request, it must provide a written justification within 30 days.

Data Protection Authority

Complaints may be submitted to the National Authority for Data Protection and Freedom of Information:

Nemzeti Adatvédelmi és Információszabadság Hatóság
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, P.O. Box 5.
Phone: +36 1 391 1400
Fax: +36 1 391 1410
Email: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu

2025 © Effective Group – All rights reserved.
assessin