I. Purpose of the Information Notice

The purpose of this Data Processing Information Notice (hereinafter: the “Notice”) is to transparently present how the Data Controller processes personal data provided on its website and during the use of the system created by it, in compliance with the applicable legal regulations. The Data Controller’s activities relating to personal data are primarily based on the following key legislation:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: GDPR),
  • Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: the Infotv.),
  • Act V of 2013 on the Civil Code (hereinafter: the Civil Code),
  • Act C of 2000 on Accounting,
  • Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing,
  • Act CLV of 1997 on Consumer Protection.
II. Identification of the Data Controller

Name and contact details of the Data Controller:

Data Controller: FindVault Limited Liability Company
Registered office: 2112 Veresegyház, Fészekrakó Street 8.
Tax number: 32904350-1-13
Company registration number: 13-09-242942
Registering authority: Company Court of the Budapest Surroundings Regional Court
Website: findvault.eu
E-mail: info@findvault.eu

The Data Controller has not appointed a Data Protection Officer, as this is not mandatory pursuant to Article 37(1) of the GDPR.

III. Definitions

In this Notice, in accordance with the applicable legislation, the following terms are used with the meanings set out below:

data subject/user: an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;

personal data: any information relating to an identified or identifiable data subject;

processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction;

data controller: the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by Union or Member State law, the data controller or the specific criteria for its designation may be provided for by Union or Member State law;

data processor: a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the data controller; the consent of the data subject is not required for the engagement of a data processor, but the data subject must be informed of the identity of the data processor;

recipient: a natural or legal person, public authority, agency, or another body, to which personal data are disclosed, whether a third party or not. Public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

third party: a natural or legal person, public authority, agency, or body other than the data subject, the data controller, the data processor, and persons who, under the direct authority of the data controller or processor, are authorised to process personal data;

consent of the data subject/user: any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

pseudonymisation: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements;

supervisory authority: an independent public authority established by a Member State pursuant to Article 51 of the GDPR; in Hungary, the National Authority for Data Protection and Freedom of Information;

data protection incident: unlawful processing or handling of personal data, in particular unauthorised access, alteration, transmission, disclosure, erasure, or destruction, as well as accidental destruction or damage.

Terms used in this Notice that are not separately defined in Section V shall be interpreted in accordance with the legislation listed in Section II.

IV. Legal Basis of Data Processing

The legal basis for data processing is pursuant to the following points of Article 6(1) of the GDPR:

  • consent of the data subject,
  • performance of a contract or steps taken prior to entering into a contract,
  • compliance with a legal obligation,
  • legitimate interests of the data controller (in particular, the secure operation and development of the system).

The Data Controller does not process personal data on any legal basis other than those specified above.

V. Categories of Personal Data Processed

Depending on the nature of the service, the Data Controller may process the following data:

  • first and last name,
  • e-mail address,
  • telephone number,
  • institutional data,
  • user identifiers,
  • technical data related to system usage (log files, IP address).

The Service Provider does not process special categories of personal data.

Cookie-related data processing:
The Data Controller uses technical cookies necessary for the operation of the website. Details of cookie management are set out in the Cookie Notice.

VI. Purpose of Data Processing

The purposes of processing personal data include in particular:

  • ensuring access to the Data Controller’s system,
  • managing user accounts,
  • communication and customer support,
  • system security and access control,
  • compliance with legal obligations.
VII. Data Storage and Data Security

The Data Controller applies appropriate technical and organisational measures to ensure data security, including protection against unauthorised access, alteration, or destruction.

VIII. Data Transfer and Data Processors

The Data Controller does not transfer personal data to third parties, except where required by law or through the use of data processors (e.g. hosting providers), and only to the extent strictly necessary.

IX. Rights of Data Subjects

The data subject is entitled to:

  • request access,
  • request rectification or erasure of data,
  • request restriction of processing,
  • object to data processing,
  • exercise the right to data portability,
  • withdraw consent.

Right of Access

The data subject has the right to obtain confirmation from the Data Controller as to whether or not personal data concerning him or her are being processed. Where such processing is taking place, the data subject has the right to access the personal data and the following information:

  • the purposes of the processing,
  • the categories of personal data concerned,
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations,
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period,
  • the existence of the right to request rectification or erasure of personal data or restriction of processing, or to object to such processing,
  • the right to lodge a complaint with a supervisory authority,
  • where the personal data are not collected from the data subject, any available information as to their source,
  • the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

The Data Controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the Data Controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, the information shall be provided in a commonly used electronic format.

Right to Rectification

The data subject has the right to obtain from the Data Controller, without undue delay, the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of a supplementary statement.

The Data Controller shall inform all recipients to whom the personal data have been disclosed of any rectification, unless this proves impossible or involves disproportionate effort. The Data Controller shall inform the data subject of those recipients upon request.

Right to Erasure (Right to Be Forgotten)

The data subject has the right to obtain from the Data Controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies:

  • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed,
  • the data subject withdraws consent and there is no other legal ground for the processing,
  • the data subject objects to the processing and there are no overriding legitimate grounds for the processing, or where the processing relates to direct marketing,
  • the personal data have been unlawfully processed,
  • the personal data must be erased for compliance with a legal obligation under Union or Member State law,
  • the personal data were collected in relation to the offer of information society services.

The above shall not apply where processing is necessary, inter alia:

  • for compliance with a legal obligation requiring processing under Union or Member State law or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller,
  • for the establishment, exercise, or defence of legal claims.

The Data Controller shall inform all recipients of the erasure unless this proves impossible or involves disproportionate effort, and shall inform the data subject of those recipients upon request.

Right to Restriction of Processing

The data subject has the right to obtain restriction of processing where one of the following applies:

  • the accuracy of the personal data is contested by the data subject, for a period enabling the Data Controller to verify the accuracy of the data,
  • the processing is unlawful and the data subject opposes erasure and requests restriction instead,
  • the Data Controller no longer needs the personal data, but they are required by the data subject for the establishment, exercise, or defence of legal claims,
  • the data subject has objected to processing, pending verification of whether the legitimate grounds of the Data Controller override those of the data subject.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise, or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.

The Data Controller shall inform the data subject prior to lifting the restriction of processing.

Right to Object

The data subject has the right to object at any time to the processing of personal data concerning him or her where the legal basis is not the Data Controller’s legitimate interest. In such cases, the Data Controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds overriding the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defence of legal claims.

Where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to such processing, including profiling related to direct marketing. If the data subject objects, the personal data shall no longer be processed for such purposes.

Right to Data Portability

The data subject has the right to receive the personal data concerning him or her, which he or she has provided to the Data Controller, in a structured, commonly used, and machine-readable format, and to transmit those data to another data controller.

Right to Withdraw Consent

The data subject has the right to withdraw consent at any time.

Requests may be submitted by data subjects to info@findvault.eu.

X. Remedies

If the data subject believes that the processing of personal data violates applicable laws, he or she may lodge a complaint with the National Authority for Data Protection and Freedom of Information.

Contact details of the Supervisory Authority:

National Authority for Data Protection and Freedom of Information (NAIH)
Registered office: 1055 Budapest, Falk Miksa Street 9–11.
Postal address: 1363 Budapest, P.O. Box 9
Telephone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
Website: http://naih.hu
E-mail: ugyfelszolgalat@naih.hu

XI. Amendment of the Notice

The Data Controller reserves the right to amend this Data Processing Information Notice. Amendments shall enter into force upon publication on the website.

Clients are hereby informed that courts, prosecutors, investigative authorities, authorities for minor offences, administrative authorities, the National Authority for Data Protection and Freedom of Information, the Hungarian National Bank, or other bodies authorised by law may contact the Data Controller for the purpose of providing information, disclosing or transferring data, or making documents available.

The Data Controller shall provide personal data to authorities only to the extent and in the scope strictly necessary to achieve the purpose of the request, provided that the authority has specified the exact purpose and the scope of the requested data.

Effective date: 1 February 2026