PWS Solutions Logo
Privacy Policy - PWS Solutions

Privacy Policy

Information about our data processing activities when using PWS Solutions services

1. Data Controller Information and Contact Details

Data Controller Details

Name: Felczán Katalin e.v. (Sole Proprietor)

Tax Number: 91239978-1-24

Registration Number: 60710279

Registered Office: 5600 Békéscsaba, Pátkai Ervin utca 2, 4/12, Hungary

Contact Information

Phone: +36 70/319-40-21

Email: info@pws.hu

Website: https://pws.hu

2. Data Protection Officer

The Data Controller qualifies as a small and medium-sized enterprise, and its activities do not fall within the scope defined in Article 37(1) of the GDPR, therefore the appointment of a data protection officer is not mandatory. For data protection matters, please contact the Data Controller directly.

3. Legal Basis for Data Processing

Consent (GDPR Article 6(1)(a))

The data subject has given consent to the processing of his or her personal data for one or more specific purposes.

Contract Performance (GDPR Article 6(1)(b))

Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Legitimate Interest (GDPR Article 6(1)(f))

Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

4. Categories of Personal Data Processed

Identification Data

  • • First and last name
  • • Email address
  • • Phone number
  • • Postal address
  • • IP address
  • • Company name (if applicable)

Communication Data

  • • Message content
  • • Communication preferences
  • • Service-related requirements
  • • Project specifications
  • • Billing information

Technical Data

  • • Browser type and version
  • • Operating system
  • • Referring website (referrer)
  • • Pages visited
  • • Date and time of visit
  • • Data from cookies and similar technologies

5. Purposes and Legal Bases of Data Processing

Quote Request Handling

Purpose: Receiving customer inquiries, processing requests, preparing quotes

Legal Basis: Consent and contract preparation

Service Provision

Purpose: Delivering web development, hosting, and graphic design services

Legal Basis: Contract performance

Customer Relationship Management

Purpose: Ongoing communication, customer service, support provision

Legal Basis: Legitimate interest and consent

Billing and Accounting

Purpose: Fulfilling obligations under accounting law

Legal Basis: Legal obligation

Marketing Activities

Purpose: Sending newsletters, promoting services

Legal Basis: Consent

6. Data Retention Period

Purpose of Processing Retention Period
Quote request handling 2 years after last contact
Contractual relationship 5 years after contract expiration
Accounting documents 8 years (as per accounting law)
Marketing data processing Until consent withdrawal
Website usage data 2 years

7. Data Transfer and Processors

General Principles

The Data Controller does not transfer personal data of data subjects to third parties, except in cases specified in this policy or when required by law.

Data Processors

Hosting Provider

Website and data storage, backup creation

Email Service Provider

Electronic mail communication handling

Accountant

Billing and bookkeeping tasks

Analytics Providers

Website traffic analysis (Google Analytics)

8. Data Subject Rights

Right to Information

You have the right to request information about the processing of your data.

Right of Access

You have the right to access your data and request a copy of it.

Right to Rectification

You have the right to request correction or completion of inaccurate data.

Right to Erasure

Under certain conditions, you have the right to have your data deleted.

Right to Restriction

You have the right to request restriction of processing in certain cases.

Right to Data Portability

You have the right to receive your data in a structured, commonly used format.

Right to Object

You have the right to object to data processing under certain legal bases.

Withdrawal of Consent

You can withdraw your consent at any time for future processing.

How to Exercise Your Rights

You can exercise your rights through the following contact details:

Response deadline: 1 month from receipt of the request

9. Legal Remedies

Complaint to Supervisory Authority

If you believe that the processing of your personal data violates GDPR provisions, you may file a complaint with the supervisory authority:

National Authority for Data Protection and Freedom of Information (NAIH)

Address: 1055 Budapest, Falk Miksa utca 9-11., Hungary

Postal address: 1363 Budapest, Pf. 9., Hungary

Phone: +36 1 391-1400

Email: ugyfelszolgalat@naih.hu

Website: https://naih.hu

Court Proceedings

Independently of or following a complaint to the supervisory authority, if you have suffered damage, you may seek compensation or damages in court.

10. Cookie Management

Our website uses cookies to improve user experience and optimize website functionality.

Essential Cookies

Essential for basic website functionality. These are always active.

Functional Cookies

Language selection, remembering preferences. Can be disabled.

Analytics Cookies

Website usage analysis (Google Analytics). Can be disabled.

Cookie Settings Management

You can manage and delete cookies in your browser. Disabling cookies may cause some website functions to not work properly.

For detailed information: Cookie Policy

11. Data Security

Technical Measures

  • SSL encryption (HTTPS)
  • Regular security backups
  • Access control
  • Antivirus protection and firewall
  • Database encryption
  • Regular security updates

Organizational Measures

  • Data protection policies
  • Staff training
  • Access rights management
  • Incident response procedures
  • Confidentiality agreements
  • Documented procedures

Data Breach Management

In case of a data protection incident, we act in accordance with GDPR Articles 33 and 34: we notify the supervisory authority within 72 hours and, if necessary, inform the data subjects as well.

12. Profiling and Automated Decision-making

The Data Controller does not engage in automated decision-making, including profiling, which would have legal effects or similarly significantly affect the data subject.

Exceptions

Should we engage in such activities in the future, we would provide separate information to data subjects about the logic involved, as well as the significance and envisaged consequences of such data processing.

13. International Data Transfers

General Principle

The Data Controller strives to process personal data of data subjects exclusively within the European Union.

Possible Exceptions

For certain services (e.g., Google Analytics, cloud services), data transfer to third countries may occur.

In such cases, we ensure appropriate safeguards:

  • • Based on adequacy decisions
  • • Appropriate safeguards (e.g., standard contractual clauses)
  • • Exceptional situations (explicit consent of the data subject)

14. Data Subject Obligations

Data Accuracy

You are obliged to provide accurate and current data and inform us immediately of any changes to your data.

Information Obligation

You must notify the Data Controller if any changes occur in your data.

Lawful Use

Services must be used lawfully, without violating the rights of others.

Protection of Confidential Data

You must keep your access credentials (passwords) confidential.

15. Related Legislation

European Union Legislation

  • GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data
  • ePrivacy Directive: Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector

Hungarian Legislation

  • Infotv.: Act CXII of 2011 on Informational Self-Determination and Freedom of Information
  • Accounting Act: Act C of 2000 on Accounting
  • Civil Code: Act V of 2013 on the Civil Code
  • Electronic Commerce Services Act: Act CVIII of 2001

16. Website-specific Data Processing

Contact Forms

Data processed: name, email address, phone number, message content

Purpose: receiving inquiries, preparing quotes

Legal basis: consent and contract preparation

Newsletter Subscription

Data processed: email address, name (optional)

Purpose: sending marketing content

Legal basis: consent (with double opt-in procedure)

Website Traffic Measurement

Data processed: IP address, browser data, visited pages

Purpose: optimizing website performance

Legal basis: legitimate interest (anonymous statistics)

Customer Relationship Management

Data processed: complete customer profile, project data, communication history

Purpose: service provision, customer support

Legal basis: contract performance, legitimate interest

17. Processing of Special Categories of Data

General Rule

The Data Controller does not generally process special categories of data under GDPR Article 9 (racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, data concerning sexual life or sexual orientation).

Exceptional Cases

Should the processing of special categories of data become necessary (e.g., accessibility requirements), we will request separate explicit consent and apply enhanced protective measures.

18. Special Situations

Business-purpose Data Processing

Due to the nature of our services (web development, graphic design, hosting), we primarily process data of businesses, companies, and sole proprietors within business relationships.

Project-based Cooperation

Data processing is typically related to specific projects, for a defined period, for the purpose of providing specific services.

B2B Relationships

The majority of our clients are businesses, so data processing is primarily limited to business contact data (corporate email, corporate phone, contact person's name).

19. Records of Processing Activities

The Data Controller maintains records of processing activities in accordance with GDPR Article 30, which includes:

  • Name and contact details of the controller
  • Purposes of processing
  • Description of categories of data subjects
  • Description of categories of personal data
  • Categories of recipients
  • Erasure time limits
  • General description of technical and organizational security measures

20. Final Provisions

Entry into Force

This Privacy Policy enters into force on January 1, 2025.

Right to Modification

The Data Controller reserves the right to unilaterally modify this policy. We will inform data subjects of modifications through our website.

Language Versions

This policy is available in Hungarian, English, and German. In case of discrepancies, the Hungarian version shall prevail.

Contact

For data protection matters, please contact us at the following:

Email: info@pws.hu

Phone: +36 70/319-40-21

Back to Home