Privacy Statement

  1. Introduction

Evolution Consulting Ltd. (3531 Miskolc, Báthory István u. 12.) (hereafter referred to as Evolution Consulting Ltd., Service Provider, Data Controller) as a Data Manager agrees to the contents of this Privacy Statement and is committed to providing its services all data handling in this data management prospectus and in accordance with the applicable legislation.

Evolution Consulting Ltd.’s Privacy Statement provides a guarantee that your personal information will be treated confidentially and will take any security, organizational and technical measures that safeguard the security of your data.

The data management principles of Evolution Consulting Ltd. are contained in this Privacy Statement, which is in line with the current legislation on data protection, with particular reference to:

  • Regulation (EEC) No 2016/79 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data
  • Act CXII of 2011 on Information of Freedom
  • CVIII of 2001. Law on Electronic Commerce Services and the Information Society Services
  • Act XLVIII of 2008. Act on the Fundamental Terms and Limitations of Economic Advertising

This Privacy Statement is available on Evolution Consulting Ltd’s website at

Evolution Consulting Ltd. reserves the right to change this information at any time. In all cases, the affected persons are informed of the changes in due time.

If you have any questions about our privacy statement, please email us at

  1. Definitions

For the purposes of this Code, the definitions are contained in Article 4 of the Regulation. Accordingly, highlight the main concepts:

Affected: any natural person identified directly or indirectly by any personal data;

Personal data: any data that may be linked to any identified natural person (hereinafter referred to as “the data subject”), the deduction from the data to the person concerned. Personal data preserves this quality while handling it as long as its relationship can be restored with the affected person. A person may in particular be considered identifiable if he or she can be identified, directly or indirectly, by a name, identifier or one or more physical, physiological, mental, economic, cultural or social identity;

Contribution: a voluntary and decisive statement of the wishes of the person concerned, based on appropriate information and with which he or she gives his / her unambiguous consent to the handling of his or her personal data, covering all or part of operations;

Protest: the statement in question, which objects to the processing of personal data and calls for the elimination of data management and data deletion treated;


Data Administrator: a natural or legal person or an organization without legal personality who or which determines the purpose of the processing of data, makes and executes decisions on data management (including the equipment used), or executes it with a data processor entrusted to it;

Data management: regardless of the method used, any operation of the data or all the operations, such as collecting, capturing, recording, systematizing, storing, modifying, utilizing, transmitting, publishing, aligning, linking, blocking, deleting and destroying data, to prevent further use. Photographing or sound or picture record and the identity of the physical attributes (such as finger or palm prints, DNA samples and iris image.) are also considered as data management.

Transmission: where data is made available to a specific third party;

Disclosure: if the data is made available to anyone;

Data wiping: Making data unrecognizable so that recovery is no longer possible;

Data processing: performing technical tasks related to data management operations, irrespective of the method and means used to carry out operations and the place of application;

Data processor:  a natural or legal person or an organization without legal personality who is processing personal data on behalf of the data controller;

Third Person: is a natural or legal person or an organization without legal personality, which is not the same as the data subject, the data controller or the data processor;

Third country: any State other than an EEA State.

  1. The data management principles of Evolution-Consulting Ltd.

Personal data can be handled if

a) the person concerned agrees or

b) it is ordered by law or by a decree of the local government based on the authorization of the law, within the scope specified therein.

Handling personal data for a specific purpose, exercising the right and obligation can be achieved. At all stages of the data handling, it must meet this goal.

Only personal data can be handled to achieve the purpose of data management essential to achieving the goal, only to the extent and for the time necessary to attain it.

Personal data can only be handled with appropriate informed consent.

The person concerned must be informed in a clear and detailed manner about the handling of his / her data relating to all the facts, in particular the purpose and legal basis of data processing,

the person who is in charge of data handling, the duration of the data handling, and who to know the data. The information should cover the data handling concerned related rights and remedies.

Personal data processed must meet the following requirements:

(a) Recruitment and treatment is fair and lawful;

(b) accurate, complete and, if necessary, timely;

(c) their storage is capable of identifying the person concerned only for the time needed for storage.

It is forbidden to use a general and uniform personal identification mark without restriction.


  1. The purpose, legal basis, duration and scope of personal data management

 Data management services related to the services of Evolution Consulting Ltd. are based on a voluntary contribution, provided that the data communicator does not provide his or her personal data, the data supplier is obliged to obtain the consent of the person concerned.

4.1. Recruitment/headhunting

The Company conducts labor mediation activities. The database is built from two sources:

  • the database of job search portals with which he/she has a contractual relationship, in which database the data subject has already contributed to the transfer of his data to a third party
  • by clicking on the “Job offers” tab on, you can choose the position you like. During the subsequent registration, the candidate will provide the requested personal information, upload his CV. You can upload your data by transferring it from the LinkedIn database.

The Company saves CVs as a rule for later use in a password-protected, separate database, accessible only by a recruiting specialist. The CV and any personal data contained therein shall be treated by the Company on the basis of and in accordance with these Rules. For this purpose, information is provided by the Company or in the Data Protection Prospectus provided on the website.

The transfer of personal data to a third party is possible only with the consent of the person concerned.

Applicants applying for the job posting can be invited to a personal interview.

The purpose of data management is to find and recommend employment opportunities for those concerned.

Managed data range: name of the person, birth data, email address, phone number, skype address, address, qualification, language skills, work experience.

Legal basis for data handling: contribution by the person concerned

Deadline for data storage: 24 months for unsuccessful staffing. In the case of a successful workforce mediation, as stated in the Contribution Declaration, also for 24 months.

Data storage method: electronic, hrMaster system


4.2. Training

The purpose of the data management is to conclude an adult training contract, to fulfill the data obligation prescribed by the National Statistical Data Collection Program.

The legal basis for data handling is: the contribution of stakeholders, the CI 2001. Act on Adult Education, Government Decree 288/2009 (XII. 15.) on data collections and data collections of the National Statistical Data Collection Program, LXXVI. Act on Vocational Training, Act LXXXVI of 2003. Act on Vocational Training and Support for the Development of Training, and the CVIII Act of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services.

The range of data processed: name, birth name, sex, nationality, mother’s name, address, place of birth, date of birth, highest level of education, language knowledge, telephone number, e-mail address, employer’s name, position.

Rights of the data subjects: all parties concerned may request clarification, update of their personal data and, if they do not wish to use Evolution Consulting Kft.

About the cancellation of your personal information contact the In the event of violations of their rights, the data subjects are entitled to object to unauthorized data handling (Evolution Consulting Ltd. at e-mail) and are entitled to turn to court or to the National Privacy and Data Protection Authority in order to enforce their rights.

Duration of data management: 5 years from the start of data processing.


4.3. Sending newsletters

The Company operates a newsletters from the Sendinblue site.

You can subscribe to the newsletter in two ways: on the website, by clicking on the newsletter link and on a paper basis.

The purpose of the data management is to communicate via a marketing communication channel by sending newsletters to the subscribing e-mail addresses

Legal Basis for Data Processing: Contribution by Contributors

The range of data managed: name (first name and first name), email address, and phone number

Rights of the data subjects: all parties concerned may request clarification, update of their personal data and, if they do not wish the company to use their personal data

The duration of the data management: until the end of the newsletter service, but if the person concerned requests the deletion of the data (unsubscribe from the newsletter), immediately after the cancellation request


4.4. Data handling in the company’s webshop

The Company operates webshop from the surface of UNAS Online Kft.

Purchase in the webshop is possible after registration or via Facebook. When registering, you must enter the following information: name, phone number, e-mail address, billing address.

During the purchase, the buyer has the opportunity to volunteer to receive a newsletter, the data handler uses this information only to send a newsletter.

Purchase in the webshop operated by the Company is a contract, subject to the provisions of CVIII of 2001 on Electronic Commerce Services and Certain Issues of Information Society Services. Act 13/A of the Act and the 45/2014 on the detailed rules for contracts between the consumer and the business. (II.26.) Government Decree.

When shopping in the webshop, the title of the data processing is the contract.

When purchasing in the webshop, the Privacy Statement must be available with a link.

Personal Data Addresses or Categories of Recipients: The Company’s financial, administrative, employee, tax and accounting company employee for the purposes of performing tax and accounting obligations, employees of the site operator to perform the hosting service.

Managed data range: the affected name (surname and first name), e-mail address, phone number, billing address

Legal Basis for Data Processing: to create a contract for the provision of an information society service, to define, modify, monitor its performance, billing from it and to enforce its claims, you can manage the personal identification information and address for the customer in the webshop year CVIII. (1) of Act CXXXXIX of 1997 on Public Procurement, as well as the telephone number and the e-mail address of the Company.

For the purposes of invoicing, the Company may manage the natural identity data, address and the date, time and place of the use of the information society related service, the CVIII. (2) of Law 13/A.

Data storage deadline: up to the date of registration or until the consent of the party concerned is revoked (up to the date of its cancellation), 8 years after the date of purchase.

Data storage method: electronic


4.5. Contact the Company

The Company provides the opportunity for the visitor to contact the Company through the websites operated by the Company. By completing a form, the visitor can enter the relevant information for contacting you. By contacting the contact you can request the concerned bid, send a message and subscribe to a newsletter.

Purpose of data management: to facilitate contact with the Company

Managed data range: name, e-mail address, phone number, subject of contact, message text

Legal Basis for Data Processing: Contribution of the Party concerned.

deadline for data storage: up to the contact point (until the goal is reached)

data storage method: electronic 


4.6. hrMaster system

The Company takes part in the following activities as Data Processing:

The purpose of data management: hrMaster is an integrated software system developed with a modern web technology, which is built in a modular way. It is possible to introduce the system either individually or separately, as well as expand it individually if necessary.

The purpose of personal data management is to provide and develop services for the contracted partners of Evolution Consulting Kft. Evolution Consulting Ltd. handles the data of the data subjects primarily to the hrMaster system.

Legal basis for data handling:

  • the person concerned is a statement made by the employer, Evolution Consulting Ltd, to the contractual partner, that the person concerned acknowledges the transfer of his data to a third party;
  • Act CXII of 2011 on Information Freedom of Information and Freedom of Information.

Data covered: data of employees of enterprises with contractual relationships with Evolution Consulting Ltd. in relation to employment (surname, first name, birth name, title, place of birth, date of birth, mother’s name, nationality, tax identification number, TAJ number), contact details (phone number, permanent address, residence, e-mail address, fax), no, marital status, payment, ID number and validity, address card number, e-mail address, photographs, computer skills and other work given in the context.

Duration of data management: For information about the duration of the data handling, please let us know:

  • retention of data included in the Recruitment Selection module for 1 year or the date specified by the person concerned
  • in the other modules until the contractual relationship with Evolution Consulting Kft. is terminated

Data security: Personal data is stored and processed on a server located in the data park of T-Systems Zrt. And Rack Forest Kft. Evolution Consulting Ltd. takes all administrative, computer and physical security measures to protect personal information from unauthorized access or loss.

As a data processor, the Company guarantees, in particular with regard to expertise, reliability and resources, technical and organizational measures to ensure fulfillment of the requirements of the Regulation, including data security.

In the course of the Data Processor’s activities, it is ensured that persons authorized to access the personal data concerned, if they are not otherwise subject to a legally enforceable confidentiality obligation, have a confidentiality obligation with respect to the personal data they have access to.

The Company has adequate hardware and software tools to undertake technical and organizational measures to ensure the lawfulness of data management and the protection of the rights of the data subjects.

Our Company undertakes to provide the Client with Data Manager with all the information necessary to verify compliance with the legal provisions regarding the use of the data processor.


4.7. The cookie management of website

The purpose of the data management: the Evolution Consulting Kft. uses cookies on its website placed by a third party (eg Google Analytics).

The cookie itself is a small, simple data packet that collects information about visitors to the site.

Google Analytics is Google’s analytics tool that helps Evolution Consulting Ltd. as the owner of to get a more accurate picture of the activities of site visitors. These cookies provide detailed statistics to help Evolution Consulting Ltd optimize advertising campaigns.

It’s important that these cookies report on the statistics about how to use the site without individually identifying visitors to Google. Google Analytics shows how visitors clicked on the site, how much time they spend and how geographically they are located.

In addition to reporting from site usage statistics, Google Analytics can also be used to show more relevant ads to Evolution Consulting Ltd. in Google services (such as Google Search) and across the Internet, as well as to measure interactions associated with ads served by Google Analytics.

Sendinblue is an automated marketing software, a program that allows embedded functions to enable Evolution Consulting Kft. To create and automate different direct marketing campaigns.

The legal basis for data handling: data management is based on your consent [Article 6 (1) (a) GDPR].

Please note that your contribution can be revoked at any time without limitation or justification.

Data managed: Your IP address, your location, time, duration, and frequency of visits to

The duration of the data handling: we will handle the data until the withdrawal of your consent

Cookies can be deleted from your computer or disabled in your browser. Cookies can usually be accessed under the Privacy settings in cookies or cookies in the Tools / Preferences menu of browsers


  1. Storage and security of personal data

Evolution Consulting Ltd.’s computer systems and other data retention facilities at its headquarters, 3531 Miskolc, Báthory I. u. 12 in the server room and in the data park of T-Systems Zrt. And Rack Forest Kft. Evolution Consulting Ltd.’s IT tools. when it is selected, purchased and operated, ensures that the personal data processed is accessible only to the authorized persons, their origin can be verified and authenticated.

Evolution Consulting Kft. Provides technical, IT, organizational and organizational measures to safeguard the security of data management and the adequate level of protection of data management risks.

Evolution Consulting Ltd.’s IT system and network are protected against computer-aided fraud, espionage, sabotage, vandalism, fire and flood, as well as computer viruses, computer burglaries and denial-of-service attacks, and Evolution Consulting Kft. application-level security procedures.

Evolution Consulting Ltd. informs users that electronic messages, protocols (e-mail, web, ftp, etc.) transmitted over the Internet are vulnerable to network threats that may cause dishonest activity, controversy or disclosure or modification of information lead. To protect such threats, Evolution Consulting Ltd. will take all the precautionary measures it may have to take. The systems are monitored in order to record and provide evidence of any security disruption.


  1. Summary of the rights of those involved

Right of prior information: the person concerned has the right to be informed about facts and information related to data management prior to commencement of data processing.

(Article 13-14 of the Regulation)

Right of access to the subject: the person concerned has the right to receive feedback from the Data Controller as to whether his or her personal data is being processed and, if such processing is in progress, he has the right to access the personal data and the related information specified in the Regulation. (Article 15 of the Regulation).

Right to rectification: the data subject has the right to rectify any inaccurate personal data that he or she is entitled to, without undue delay. Taking into account the purpose of data management, the person concerned has the right to request the addition of incomplete personal data, including by means of a supplementary statement. (Article 16 of the Regulation).

Right of Cancellation (“Right of Discretion”): the data subject shall have the right, at his or her request, to delete personal data concerning him without undue delay, and the Data Controller shall be obliged to delete personal data relating to the data without undue delay if one of the reasons stated in the Order is valid. (Article 17 of the Regulation)

The right to restrict data handling: the data subject is entitled to request that the Data Controller restricts the processing of data if the specified conditions are met. (Article 18 of the Regulation)

The obligation to notify about correcting or deleting personal data or limiting the processing of data: the Data Handler informs all recipients of all corrections, cancellations or restrictions of data with whom or with which personal information has been communicated, unless this proves impossible or disproportionate effort need. At the request of the data subject, the Data Controller informs them.

(Article 19 of the Regulation)

Right to Data Access: Under the terms of this Decree, the data subject shall have the right to receive personal data made available to him by a Data Controller in a machine-readable, widely used machine-readable format, and shall be entitled to transfer such data to another Data Manager that this would be obstructed by the Data Controller that provided the personal information. (Article 20 of the Regulation)

Right to Objection: the person concerned is entitled to object to his / her personal data for the purposes of his / her own situation on the basis of Article 6 (1) (e) of the Regulation (data processing is necessary for the performance of a public interest or exercise of public authority exercised for the Data Controller) (f) (data processing is necessary to enforce the legitimate interests of the Data Controller or a third party.

(Article 21 of the Regulation)

Automated decision-making in individual cases, including profiling: the person concerned has the right not to include a decision based solely on automated data management, including profiling, which would have a bearing on him or would have a significant effect on him.

(Article 22 of the Regulation)

Restrictions: The law of the Union or of the Member States applicable to the Data Controller or Data Processor may limit legislative provisions in Articles 12 to 22 by means of legislative measures. Article 34 and Article 12-22. (Article 23 of the Regulation).

Informing the Information about the Data Protection Incident: If the privacy incident is likely to pose a high risk to the rights and freedoms of natural persons, the Data Controller informs the data subject of the privacy incident without undue delay.

(Article 34 of the Regulation)

Right to complain to a supervisory authority (right to an administrative remedy):

the person concerned is entitled to lodge a complaint with a supervisory authority, in particular in the Member State where he or she is habitually resident, in the workplace or in the alleged infringement, if the person concerned considers that his personal data are in violation of the Regulation. (Article 77 of the Regulation)

The right to an effective judicial remedy against a supervisory authority: any natural or legal person is entitled to an effective judicial remedy against a legally binding decision of the supervisory authority or, if the supervisory authority fails to address the complaint or informs the person concerned within three months the procedural developments or the outcome of the complaint submitted.

(Article 78 of the Regulation)

The right to an effective remedy against data controller or data processor: all parties concerned are entitled to an effective judicial remedy if they consider that their rights under this Regulation have been infringed as a result of the non-compliance of their personal data with this Regulation. (Article 79 of the Regulation)


  1. Remedies

You may request the information concerned to handle your personal data and may ask for personal information

as well as, with the exception of statutory data handling, as described in its data recording.

At the request of the person concerned, Evolution Consulting Ltd. as a data controller shall provide information about the data processed by the processor or the processor authorized by him, the purpose, legal basis, duration of the data processing, the data processor’s name, address (s) and data management activity, who are receiving or receiving the data for and for what purpose.

The data controller shall provide the information in writing and in a legible form within the shortest possible time, but no later than 30 days from the submission of the request. This information is free of charge if the requesting information has not yet been filed with the data controller for the same area in the current year. In other cases, Evolution Consulting Kft. Shall set a cost reimbursement

Evolution Consulting Ltd. will disclose personal information if:

(a) is unlawful,

(b) the party concerned requests,

(c) the purpose of data management has ceased,

(d) the statutory deadline for storage of data has expired,

(e) has been ordered by the court or by the National Data Protection and Information Authority.

Evolution Consulting Ltd. will inform the affected person of the correction and deletion and will notify anyone who has previously been transferring the data for data processing purposes. Notification may be omitted if it does not prejudice the legitimate interest of the data concerned for the purpose of data handling.

The person concerned may object to the handling of his or her personal data if:

(a) the processing of personal data (transmission) is solely the right of data controller or legitimate

necessary to enforce its interest, unless data management is prescribed by law;

(b) the use or transmission of personal data is done for direct business acquisition, polling or scientific research;

(c) the exercise of the right of protest is otherwise permitted by law.

Evolution Consulting Kft. – at the same time suspending the processing of data – the protest shall be examined within the shortest time but not later than 30 days from the submission of the application and shall inform the applicant in writing thereof. If the protest is warranted, the data controller will discontinue data processing, including further data collection and data transfer, and lock the data, and notify any protest or action taken against those who have been previously transferred to the personal data affected by the protest and who are obliged to take action in order to enforce the right to protest. If the data controller disagrees with the decision of the data controller, he or she may appeal to the court within 30 days of the communication.

Evolution Consulting Kft. Can not delete your data if data management is ordered by law. However, the data can not be transmitted to the data sender if the data controller agrees with the protest, and the court has found the right to protest. In case of breach of his or her rights, the data subject may turn to the court. The court proceeds out of court.

Evolution Consulting Ltd. will reimburse you for any damage that has been caused by your data being misused or the breach of the technical data protection requirements. However, Evolution Consulting Ltd. is exempt from liability and damages if the damage is caused by an unavoidable cause outside the scope of data management and if the damage is caused by the intentional or gross negligence of the injured party.

Contact details of the data controller:

Name: Evolution Consulting Kft.

Headquarters: 3531 Miskolc, Báthory I. u. 12th

Company Registration Number: 05-09-014424

Name of court of registration: Miskolc Court of Registration

Tax number: 14020991-2-05

Phone: + 36-46-506322


Data Management Registration Number:



Private employment agency registration number:

BOM / 01 / 2618-2 / 2017

Evolution Consulting Kft.

    3515 Miskolc, Egyetemváros
    AFKI, 2. foor
        3515 Miskolc, Egyetemváros
        AFKI ép., 2. em.
          HRmaster rendszerrel
          kapcsolatos bejelentés