Data Controller: De Rossi Consulting Kft., company registration number: 07 09 031379

Data Processing Activities, Range of Personal Data Handled, Purpose of Data Processing: The data controllers process the personal data provided in electronic/postal mails for handling the issues as indicated by the data subjects. The data will not be used for any purposes other than those explicitly stated or without the data subject’s explicit consent.

Cookies: The website uses only essential cookies necessary for the operation of the website. No personal data of the users are stored or recorded by the website, and no third-party cookies are used.

Legal Basis for Data Processing: The legal basis for the processing of personal data is the explicit consent of the data subject as per GDPR Article 6(1)(a). Data subjects are informed that they have the right to withdraw their consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Data Transfer, Recipients: Personal data is not transferred to any third parties without the explicit consent of the data subject, except as required by law.

Retention Period of Data: Personal data is retained only for as long as necessary to fulfill the specified purposes. After the resolution of the matter, data will be securely deleted or anonymized.

Security Measures: Appropriate technical and organizational measures have been implemented to ensure a level of security appropriate to the risk, in accordance with GDPR Article 32.

Rights of the Data Subjects: In accordance with GDPR Articles 15 to 22, data subjects have the right to access, rectify, erase (“right to be forgotten”), restrict processing, object to processing, and the right to data portability. Data subjects also have the right to not be subject to a decision based solely on automated processing, including profiling.

Complaints Handling: Data subjects have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, place of work, or place of the alleged infringement if the data subject considers that the processing of personal data relating to them infringes the GDPR.