Consultation
Legal information

Privacy policy

For the visitors of the www.datamagic.hu website.
In effect from 16 September 2025

1. Introduction

In fulfilment of its obligations under REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “Regulation”), the Controller provides the following information.

This privacy notice provides information about the processing of personal data of visitors to the www.datamagic.hu website and of natural persons who contact the Controller through the website.

The processing of personal data of DataMagic Kft.'s contractual partners and employees is governed by a separate document.

This notice and its later amendments take effect upon publication.

2. Contact details of the Controller

  • Company name: DataMagic Pénzügyi Informatikai és Tanácsadó Korlátolt Felelősségű Társaság
  • Registered seat: 2310 Szigetszentmiklós, Üdülő sor 47.
  • Mailing address: 1075 Budapest, Károly körút 11. 3. em.
  • Company registration number: 13-09-118058
  • Tax number: 13372745-2-13
  • E-mail: info@datamagic.hu
  • Website: www.datamagic.hu

The Controller does not have a data protection officer, but the staff member responsible for data protection matters can be contacted directly:

  • E-mail address: GDPR@datamagic.hu
  • Address: 1075 Budapest, Károly körút 11. 3. em.

3. Definitions

  1. “personal data”: any information relating to an identified or identifiable natural person (“data subject”); a natural person is identifiable who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, a number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  2. “processing”: any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  3. “controller”: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
  4. “processor”: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
  5. “recipient”: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. Public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
  6. “consent of the data subject”: any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

4. Principles relating to processing of personal data

When planning and carrying out its data processing activities and performing individual processing operations, the Controller observes the following principles:

  1. Personal data must be processed lawfully, fairly and in a transparent manner in relation to the data subject (“lawfulness, fairness and transparency”).
  2. Personal data may be collected only for specified, explicit and legitimate purposes and may not be processed in a manner incompatible with those purposes. In accordance with Article 89(1) of the Regulation, further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes is not considered incompatible with the original purposes (“purpose limitation”).
  3. Only data that are indispensable for the purpose of processing may be processed (“data minimisation”).
  4. The processed personal data must be accurate and kept up to date, and every reasonable step must be taken to ensure that personal data that are inaccurate for the purposes of processing are erased or rectified without delay (“accuracy”).
  5. The Controller may process the personal data in its care only for as long as is necessary to fulfil the purpose of processing (“storage limitation”).
  6. It must be ensured that personal data are processed with appropriate technical and organisational measures, guaranteeing the security of the personal data and protection against unauthorised or unlawful processing and against accidental loss, destruction or damage (“integrity and confidentiality”).
  7. Under the data protection laws applicable to it, the Controller is responsible for compliance with the principles set out in paragraphs (1)–(6); it is also obliged to be able to demonstrate such compliance at all times (“accountability”).

5.1 Processing for the purpose of contact, quotation and information

1. The fact of data collection, the scope of data processed and the purpose of processing:

By filling out the contact form on the website, you have the opportunity to request information or a quote regarding the services and products offered by DataMagic Kft.

Scope of data processedPurpose of processingDuration of processing
Namecontact, quotation, provision of information, ensuring communicationfor 6 months following the contact, quote or information request; if a contract is concluded after the contact based on the quote sent, then for 5 years and 6 months following the termination of the contract
E-mail address
Message
User IP address
Date of entry

2. The scope of data subjects: Persons who contact DataMagic Kft. and request a quote or information.

3. Persons potentially authorised to access the data, recipients of the personal data: The personal data may be handled by the Controller's IT staff with admin rights; and may be accessed by the staff responsible for contact/information/quotation and, where a contracting phase is entered, the staff responsible for contracting, observing the above principles.

4. The source of the personal data: you provide the personal data.

5. Description of the data subjects' rights relating to processing:

  • The data subject may request from the controller access to, rectification, erasure or restriction of processing of the personal data concerning them, and
  • may object to the processing of such personal data, and
  • the data subject has the right to data portability and — where processing is based on consent — to withdraw consent at any time.

6. The data subject can initiate access to, erasure or modification of the personal data, restriction of their processing, data portability and objection to processing in the following ways:

  • by post to 1075 Budapest, Károly körút 11. 3rd floor.
  • by e-mail at GDPR@datamagic.hu.

7. Legal basis for the processing: Article 6(1)(f) of the Regulation, the Controller's legitimate interest in selling its products and services and, to that end, providing information, quotations and keeping in contact.

8. Please note that

  • providing the personal data requested on the contact form is mandatory so that we can contact you for the purpose of information and quotation,
  • failure to provide the above data has the consequence that you cannot request information or a quote and cannot contact us.

9. The Controller does not carry out profiling or automated decision-making with the data.

5.2 Applying for a job posting advertised on the Careers page

1. The fact of data collection, the scope of data processed and the purpose of processing:

You can apply for the open positions listed on the Careers page of the website and send your application materials to our Company by e-mail as set out in the job posting.

Scope of personal data processedPurpose of processingDuration of processing
Surname, First nameindispensable for your identificationin the absence of withdrawal of the application, your data are erased on the day after the given position is filled; if you change your mind during the recruitment process and withdraw your application, your data are erased on the day of withdrawal
E-mail addressnecessary for keeping in contact
Mobile numbernecessary for keeping in contact
Qualificationnecessary for evaluating your application
Experiencenecessary for evaluating your application
Cover letternecessary for assessing your personal skills and suitability for the role

2. The scope of data subjects: Persons who contact DataMagic Kft. and apply for a job posting.

3. Persons potentially authorised to access the data, recipients of the personal data: The personal data may be accessed only by the managing director of DataMagic Kft., the head of the department concerned by the application, the staff member responsible for HR tasks and the staff involved in the recruitment process, in accordance with the applicable rules. During recruitment, DataMagic Kft. may also use the following processors: job-advertising companies, e.g. Profession.hu

4. The source of the personal data: you provide the personal data.

5. Description of the data subjects' rights relating to processing:

  • The data subject may request from the controller access to, rectification, erasure or restriction of processing of the personal data concerning them, and
  • may object to the processing of such personal data, and
  • the data subject has the right to data portability and — where processing is based on consent — to withdraw consent at any time.

6. The data subject can initiate access to, erasure or modification of the personal data, restriction of their processing, data portability and objection to processing in the following ways:

  • by post to 1075 Budapest, Károly körút 11. 3rd floor.
  • by e-mail at GDPR@datamagic.hu.

7. Legal basis for the processing: Article 6(1)(f) of the Regulation, the Controller's legitimate interest.

8. Please note that

  • providing the requested personal data is mandatory so that we can contact you and assess your application,
  • failure to provide the above data has the consequence that we cannot contact you, cannot assess your skills and therefore cannot evaluate your application either.

9. The Controller does not carry out profiling or automated decision-making with the data.

5.3 Management of cookies

1. The fact of processing, the scope, purpose and duration of the data processed: During visits to the website the Controller uses the cookies indicated in the table below:

Cookie namePurposeProductDurationDomain
__eoiSecurityAdSense, AdSense for Search, Display & Video 360, Google Ad Manager, Google Ads6 monthsfrom partner domain
NIDSecurity, Analytics, Functionality, AdvertisingAdSense for Search, Google Ads6 monthsgoogle.com and local variants
DSIDSecurity, Functionality, AdvertisingAdSense, Campaign Manager, Google Ad Manager, Google Analytics, Display & Video 360, Search Ads 3602 weeksdoubleclick.net
test_cookieFunctionalityAdSense, Campaign Manager, Google Ad Manager, Google Analytics, Display & Video 360, Search Ads 36015 minutesdoubleclick.net
__gadsAdvertisingAdSense, Display & Video 360, Google Ad Manager, Google Ads13 monthsfrom partner domain
GED_PLAYLIST_ACTIVITYAdvertisingAdSense, Google Ad Manager, YouTubesessionfrom partner domain
ACLK_DATAAdvertisingAdSense, Google Ad Manager, YouTube5 minutesyoutube.com
pm_sessSecurity, FunctionalityCampaign Manager, Display & Video 360, Google Ads, Search Ads 36030 minutesdoubleclick.net, google.com
pm_sess_NNNSecurity, FunctionalityCampaign Manager, Display & Video 360, Google Ads, Search Ads 36030 minutesdoubleclick.net, google.com
aboutads_sess_NNNSecurity, FunctionalityCampaign Manager, Display & Video 360, Google Ads, Search Ads 36030 minutesdoubleclick.net, google.com
FPAUAnalytics, AdvertisingCampaign Manager, Display & Video 360, Google Ads, Search Ads 36090 daysfrom partner domain
ANID*AdvertisingCampaign Manager, Display & Video 360, Google Ads, Search Ads 36013 months EEA UK / 24 monthsgoogle.com and local variants
AID*Analytics, AdvertisingCampaign Manager, Display & Video 360, Google Ads, Search Ads 36013 months EEA UK / 540 daysgoogle.com/ads, googleadservices.com
ar_debugAnalytics, AdvertisingCampaign Manager, Display & Video 360, Google Ads, Google Analytics, Search Ads 36090 daysgoogleadservices.com, google-analytics.com, doubleclick.net
IDEAdvertisingCampaign Manager, Display & Video 360, Google Ad Manager, Google Analytics, Search Ads 36013 months EEA UK / 24 monthsdoubleclick.net
TAID*Analytics, AdvertisingCampaign Manager, Display & Video 360, Google Ads, Search Ads 36014 daysgoogle.com/ads, googleadservices.com
_gcl_auAnalytics, AdvertisingCampaign Manager, Display & Video 360, Google Ads, Search Ads 36090 daysfrom partner domain
RULAdvertisingDisplay & Video 360, Google Ads12 monthsdoubleclick.net
FPGCLAWAnalytics, AdvertisingGoogle Ads90 daysfrom partner domain
FPGCLGBAnalytics, AdvertisingGoogle Ads90 daysfrom partner domain
FPGSIDAnalytics, AdvertisingGoogle Ads90 daysfrom partner domain
_gcl_gbAnalytics, AdvertisingGoogle Ads90 daysfrom partner domain
_gac_gb_<wpid>Analytics, AdvertisingGoogle Ads90 daysfrom partner domain
_gcl_awAnalytics, AdvertisingGoogle Ads90 daysfrom partner domain
GCL_AW_PAnalytics, AdvertisingGoogle Ads90 daysfrom partner domain
_gcl_gsAnalytics, AdvertisingGoogle Ads90 daysfrom partner domain
_gcl_agAnalytics, AdvertisingGoogle Ads90 daysfrom partner domain
1P_JAR*AdvertisingGoogle Ads30 daysgoogle.com and local variants
ConversionAdvertisingGoogle Ads90 daysgoogleadservices.com/pagead/conversion/
YSCSecurityGoogle Ads, YouTubesessionyoutube.com
VISITOR_INFO1_LIVESecurity, AdvertisingGoogle Ads, YouTube180 daysyoutube.com
VISITOR_INFO1_LIVE__kSecurity, AdvertisingGoogle Ads, YouTube180 daysyoutube.com
VISITOR_INFO1_LIVE__defaultSecurity, AdvertisingGoogle Ads, YouTube180 daysyoutube.com
FPLCAnalyticsGoogle Analytics20 hoursfrom partner domain
_gaAnalyticsGoogle Analytics2 yearsfrom partner domain
_gac_<wpid>AdvertisingGoogle Analytics90 daysfrom partner domain
_gidAnalyticsGoogle Analytics24 hoursfrom partner domain
_gat[_<custom name>]AnalyticsGoogle Analytics1 minutefrom partner domain
__utmaAnalyticsGoogle Analytics2 yearsfrom partner domain
__utmbAnalyticsGoogle Analytics30 minutesfrom partner domain
__utmcAnalyticsGoogle Analyticssessionfrom partner domain
__utmtAnalyticsGoogle Analytics10 minutesfrom partner domain
__utmzAnalyticsGoogle Analytics6 monthsfrom partner domain
__utmvAnalyticsGoogle Analytics2 yearsfrom partner domain
AMP_TOKENFunctionalityGoogle Analyticsfrom 30 seconds to 1 yearfrom partner domain
FPIDAnalyticsGoogle Analytics2 yearsfrom partner domain
GA_OPT_OUTFunctionalityGoogle Analytics10 Nov 2030 (all cookies)from partner domain
_dc_gtm_<property-id>AnalyticsGoogle Analytics, Google Tag Manager1 minutefrom partner domain
_gaexpAnalyticsGoogle Analytics, OptimizeSet by customer; max 93 daysfrom partner domain
_gaexp_rcAnalyticsGoogle Analytics, Optimize10 secondsfrom partner domain
_opt_awcidAnalyticsGoogle Analytics, Optimize24 hoursfrom partner domain
_opt_awmidAnalyticsGoogle Analytics, Optimize24 hoursfrom partner domain
_opt_awgidAnalyticsGoogle Analytics, Optimize24 hoursfrom partner domain
_opt_awkidAnalyticsGoogle Analytics, Optimize24 hoursfrom partner domain
_opt_utmcAnalyticsGoogle Analytics, Optimize24 hoursfrom partner domain

2. The scope of data subjects: All data subjects visiting the website.

3. Duration of processing, deadline for erasure of the data: the duration of processing is indicated in the table in subsection 1 of point 5.4.

4. Legal basis for the processing: The legal basis for managing essential and functional cookies is Article 6(1)(f) of the Regulation, the Controller's legitimate interest. For advertising (marketing) cookies, it is your consent under Article 6(1)(a) of the Regulation.

5. Data subjects can delete cookies in the Tools/Settings menu of their browsers, usually under the Privacy settings.

6. The Controller does not carry out profiling or automated decision-making with the data.

7. How can you check and disable cookies?

Every modern browser allows the cookie settings to be changed. Most browsers accept cookies automatically by default, but these settings can usually be changed so that the browser can prevent automatic acceptance and offer the choice each time of whether to allow cookies.

You can find out about the cookie settings of the most popular browsers at the following links:

5.4 Cookie declaration and consent management

The automatically updated declaration below lists the cookies actually used on the website by category (based on a Cookiebot scan). You can modify or withdraw your consent at any time by clicking the Cookie settings link.

6. Right to lodge a complaint with a supervisory authority

You may lodge a complaint regarding the processing of your personal data with the competent supervisory authority:

  • Hungarian National Authority for Data Protection and Freedom of Information
  • Address: 1055 Budapest, Falk Miksa utca 9-11.
  • Postal address: 1363 Budapest, Pf.: 9.
  • Phone number: +36/1-391-1400
  • E-mail: ugyfelszolgalat@naih.hu
  • Website: www.naih.hu

7. Rights of the data subject

Access to your data: you can request information on the purpose for which and the way in which the Controller processes your data.

Rectification of data: you can request at any time that the Controller complete or correct your data (e.g. in case of a typo) and update your new data in its records (e.g. in case of changed contact details).

Erasure of data: you can request at any time that the Controller erase the personal data concerning you without undue delay, where

  • the Controller no longer needs the personal data for the purpose for which it collected or otherwise processed them,
  • the data subject withdraws consent and there is no other legal basis for the processing,
  • the data subject objects to the processing and there are no overriding legitimate grounds for the processing,
  • the personal data have been unlawfully processed,
  • the personal data must be erased to comply with a legal obligation to which the Controller is subject,
  • the personal data were collected in relation to the offer of information-society services.

Even in the above cases, the Controller does not erase the data if the processing is:

  1. necessary for exercising the right of freedom of expression and information;
  2. necessary for compliance with a legal obligation that requires processing of the personal data;
  3. necessary for archiving purposes in the public interest, scientific and historical research or statistical purposes and erasure would render impossible or seriously impair the processing;
  4. necessary on grounds of public interest in the area of public health;
  5. necessary for the establishment, exercise or defence of legal claims (e.g. the data are needed for use as evidence in court proceedings).

Restriction of processing: you can request restriction of processing if:

  • you believe your data appear inaccurately in the database (in which case the Controller investigates the matter and the restriction lasts until the end of the investigation); or
  • you believe your data are being processed unlawfully but you oppose their erasure; or
  • the Controller no longer needs to process your data but you request that they not be erased because you may need them for the later assertion of legal claims; or
  • you object to the processing (in which case the restriction lasts until the end of the investigation).

Please note that the Controller may lift the restriction and continue the processing if you expressly consent to this, or if it is necessary for the assertion of the Controller's legal claim or for an important public interest required by law — in such a case the Controller will inform you of this.

Objection to processing: you have this right only in the case of processing based on the legal basis of public interest or legitimate interest, or processing for direct marketing purposes. In this regard, please note that in the case of legitimate interest the Controller may process your personal data despite your objection if it demonstrates that it inevitably needs to, or that it is indispensable for the assertion of its legal claims — in such a case the Controller will inform you of this.

Right to data portability: you can request that the personal data concerning you that you provided to the Controller be received in a structured, commonly used, machine-readable electronic format, and you also have the right — at your express request — to have the Controller send these data directly to another controller on your behalf. You can request this only if the Controller processes the data in question by automated means.

The Controller is not obliged to release data that it created by derivation/inference from the data you provided (or as a result of your activity). Please note that the Controller can send your data directly to another controller on your behalf only if this is technically feasible in the specific case.

8. Handling of data-subject requests

Before fulfilling the data subject's request, the Controller may request additional data in order to identify the data subject.

The Controller responds to data subjects' requests relating to data processing without undue delay, but no later than within one month, and where it does not comply with any request of the data subject, it must give reasons. Where necessary, taking into account the complexity and number of requests, the above deadline may be extended by a further two months. The Controller informs the data subject of any such extension within one month of receipt of the request, indicating the reasons for the delay.

If the data subject submitted the request electronically, the Controller provides the information electronically where possible, unless the data subject requests otherwise. If the Controller does not take action on the data subject's request, it informs the data subject without delay, but no later than within one month of receipt of the request, of the reasons for not taking action.

9. Measures taken by the Controller to protect the data

The Controller undertakes to ensure the security of the personal data it processes. Taking into account the state of the art and the costs of implementation, as well as the nature, scope, context and purposes of processing and the risk of varying likelihood and severity for the rights and freedoms of natural persons, it takes the technical and organisational measures and establishes the procedural rules that ensure that the recorded, stored and processed data are protected, and prevents their destruction, unauthorised use and unauthorised alteration.

The Controller ensures that unauthorised persons cannot access, disclose, transmit, modify or delete the processed data. The processed data may be accessed only by the Controller, its employees and the processor(s) engaged by it, according to authorisation levels, and the Controller does not transfer them to any third party not authorised to access the data. The Controller's employees may access personal data assigned to defined job roles, in a defined manner, according to authorisation levels. Within its organisation the Controller has introduced a data protection policy and applies strict data protection rules.

To ensure the security of its IT systems, the Controller protects them with a firewall and, to prevent external and internal data loss, uses antivirus and virus-removal software and also applies physical protection. The Controller has established different access and confidentiality levels for the data, and the access rights associated with individual employees have been set accordingly, so that individual data are accessible only to authorised persons.

In effect from 16 September 2025