Data Protection Statement

1. Introduction

PANNON GESTOR Kft (‘we’) will only handle your personal information in compliance with relevant statutory requirements, will not normally hand it over to any third party, and will securely store it in our own database. We will inform the data subject of their personal data that we store, or erase the same at the data subject’s written request, submitted by email to or by post to 19 Hunyadi utca, Pécs 7625.

The purpose of this data processing statement (hereinafter: ‘the Data Processing Statement’) is to provide adequate and advance information on the handling and protection of the data subject’s personal data submitted to PANNON GESTOR Kft (registered office: 19 Hunyadi utca, Pécs 7625; postal address: 19 Hunyadi utca, Pécs 7625; email address:; hereinafter: ‘the Controller’) via the website (hereinafter: ‘the Website’).

Our data processing policy is available at

This statement provides you with important information regarding the protection of your personal data and your associated rights. By using this website, you agree and acknowledge that you have familiarised yourself with this statement, and have accepted its terms. If you do not accept these terms, you have the right to stop using the website and provide no personal data by ending your browsing session.

When drawing up these rules and principles, the Organisation gave particular consideration to the stipulations of the following statutory instruments: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and repealing Directive 95/46/EC (hereinafter: ‘the General Data Protection Regulation’ or ‘the Regulation’); Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: ‘the Information Act’); Act CXIX of 1995 on the Use of Name and Address Information Serving the Purposes of Research and Direct Marketing; Act VI of 1998 on the Protection of Individuals During the Machine Processing of Personal Data; the Convention announced on 28 January 1981 in Strasbourg; and Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities

The purpose of this statement is to ensure that the rights and basic liberties of all parties who use the services provided by the Controller are respected during the machine processing of their personal data, in particular as regards their right to privacy.

2. Definitions (as per Section 3 of Act CXII of 2011)

  1. Data subject means any natural person who is identified or identifiable (whether directly or indirectly) based on any specific piece of personal data.
  2. Personal data means any information relating to the data subject, especially the data subject’s name, identification number, or to one or more factors specific to their physical, physiological, mental, economic, cultural or social identity, as well as any inferences that can be made from the above regarding the data subject.
  3. Sensitive data means
    – personal data revealing nationality, racial or ethnic origin, political opinion or party affiliation, religious belief or other worldview, trade union membership or sexual activities; and
    – personal data relating to health and any addictions, as well as criminal personal data.
  4. Criminal personal data means personal data which can be connected to the data subject or which are related to criminal records, generated by organisations authorised to conduct criminal proceedings or to detect criminal offences, or by the prison service during or prior to criminal proceedings, in connection with a criminal offence or criminal proceedings.
  5. Data of public interest: means information or data other than personal data, recorded through any method or in any form, processed by, and pertaining to the activities of, or generated in the context of the performance of public duties by, an organisation or person performing state or local government duties as well as other public duties defined by law, irrespective of the method in which it is processed and regardless of its singular or collective nature; in particular, data concerning subject matter competence, territorial competence, organisational structure, professional activities and the evaluation of such activities, including their effectiveness, the type of data held and the laws governing its operation, as well as financial management and concluded contracts;
  6. Data accessible on public interest grounds means any data other than data of public interest, the disclosure, accessibility or availability of which is required by an act of parliament for the benefit of the general public.
  7. Consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes, by which they, by a statement or a clear affirmative action, signify agreement to the processing of their personal data, whether in whole or pertaining to specific steps of the data processing.
  8. Objection means a declaration made by the data subject by means of which they object to the processing of their personal data, and request that data processing should be ceased and the processed data should be erased.
  9. Controller means the natural or legal person or organisation without legal personality which, alone or jointly with others, determines the purposes of the processing of data, makes decisions concerning processing (including the means used therefor) and implements such decisions or has them implemented by a processor.
  10. Data processing means any operation or set of operations which is performed on the data, regardless of the procedure applied; in particular collection, entering, recording, organisation, storage, alteration, use, retrieval, data transfer, disclosure, synchronisation or combination, blocking, erasure and destruction, as well as the prevention of the further use of data; taking photos and making audio or visual recordings, as well as the recording of physical characteristics suitable for identification (such as fingerprints or palm prints, DNA samples and iris scans).
  11. Data transfer means making the data available to a specific third party.
  12. Disclosure means making the data available to anyone.
  13. Data erasure means making the data unrecognisable in such a way that restoration is no longer possible.
  14. Data tagging means assigning an identifier to the data for the purpose of making it distinguishable.
  15. Restriction of processing means the blocking of stored data by tagging them with the aim of limiting their processing in the future, whether temporarily or permanently.
  16. Data destruction means the complete physical destruction of the data storage medium that contains the data.
  17. Technical processing means performing the technical tasks associated with data processing, regardless of the method and means used to do the same, and of the place of application, provided that the technical processing is performed on the data.
  18. Processor means a natural or legal person, or an organisation without legal personality which performs data processing as per an agreement made with the Controller, including agreements made as mandated by a relevant statutory instrument.
  19. Data source means the organisation performing public duties that generated the data of public interest that must be published electronically, or during the operations of which such data were generated.
  20. Data publisher means the organisation performing public duties which publishes on a website the data sent to it by the data source, unless the data source itself publishes the same.
  21. Dataset means all the data processed in a single register.
  22. Third party means a natural or legal person or an organisation without legal personality other than the data subject, controller and processor.
  23. EEA State means any Member State of the European Union and any other State Party to the Agreement on the European Economic Area, as well as any other state not party to the Agreement on the European Economic Area whose nationals enjoy the same legal status as the nationals of State Parties to the Agreement on the European Economic Area on the basis of an international treaty between the European Union and its Member States and the state concerned.
  24. Third country means any state other than an EEA State.


3. Principles relating to the processing of data, and the legal basis and purpose of data processing

Under Act CXII of 2011 on the right of informational self-determination and on freedom of information (hereinafter: ‘the Information Act’), personal data may only be processed for specific purposes, to exercise particular rights and perform particular obligations, with the further restrictions that each stage of the data processing must be in compliance with the purpose of data processing, and that the data must be collected and processed with integrity and in full compliance with applicable law.

The personal data processed must be essential for the purpose of the data processing, and it must be suitable to achieve that same purpose. Personal data may only be processed to the extent and for the duration necessary to achieve this purpose.

The legal basis of the data processing is the voluntary consent of the data subject given on the basis of the information provided in this Data Processing Statement. By clicking ‘Accept’ on the Controller’s website, the data subject gives explicit consent to the data processing. The Controller will, in particular, record the data subject’s name and email address.

The Controller shall not transfer the personal data provided by the data subject to any third party, except as requested by a court of law, the public prosecutor’s office, investigating authority or authority dealing with a misdemeanour, in which case information, personal data and written documents may be given or transferred to the aforementioned. The Controller will only disclose personal data to any government bodies, organisations and authorities when approached by the same with a lawful request, including a precise definition of the purpose and scope of the data provision, and only to the extent that is essential for the purpose specified in the request. The Controller may also disclose the data subject’s personal data to government bodies, organisations and authorities if, after careful deliberation, the Controller considers the same necessary for the protection of its own interests.


4. Who will collect personal data? (Who is the Controller?)

Your data will be processed by PANNON GESTOR Kft (for contact information and further details, see the site info page). Imprint


5. What data will the Controller collect and process?

You can access the website of the Organisation and brose its contents without providing any personal data, but you must accept this Statement and the Cookie Policy.

Personal data means all information that relates to a natural person who is identified or identifiable, whether directly or indirectly, through an identification number or though one or more pieces of information relating to them. If the owner of the website collects your personal information, this must happen through secure data processing and in a transparent fashion.

The personal data relating to you includes all information that can be used to identify you, including your nationality, given and family names, postal address, email address, phone number(s) and all other personal data that are required to achieve the purposes specified in this statement. The owner will collect your personal data in compliance with the voluntary consent you give while browsing. In each case, the owner must specify the data needed to achieve the specified purposes. If you wish not to provide this information, you will not be able to access certain services and functions of the website. The purpose of collecting data that are not mandatory to provide is to learn more about users’ requirements and to refine objectives for the future development of services and the website. As such, these data are provided on a voluntary basis, and you are entitled to refuse to provide them.

PANNON GESTOR Kft will do everything its power to ensure that the personal data it processes are recorded accurately and only to the extent required for the declared purposes. In the course of these activities, the following personal data may be processed:

  • Family name, given name, company name (if applicable), contact person’s name
  • Telephone number
  • Home address, postal address, address of registered office
  • Email system information (IP address, resolution, system version number, statistics of pages visited on this website, behaviour pattern, browsing habits)


6. What is the purpose and duration of the data collection?

The Controller agrees not to use your personal data for any unlawful purpose or for any purpose other than those declared, and to only process the personal data to the necessary extent.

The purpose of collecting and using your data is to provide you with access to certain functions and services offered by the Controller on its website. Your personal data need to be kept up to date, correct and substantive to this end.

The purpose may also include the following broad categories of data usage:

a) You can subscribe to the newsletter via the website, and manage your subscriptions. For example, you may, at any time and free of charge, deny permission to be sent notifications of new content (by email or through your browser). You can opt out of direct marketing and information provision by clicking on the ‘unsubscribe’ link in the email you received. You can also subscribe to various themed channels of the newsletter system, manage your subscriptions or voluntarily modify them. (This functionality is currently not available on our website.)

b) To enable you to express your opinion or post a comment regarding the contents of the website.

(This functionality is currently not available on our website.)

The Controller will immediately erase the data at the data subject’s request or when it learns that the one-off purpose for which they had been collected has been achieved. Otherwise, the data will be stored for the longest period allowed by applicable law (currently, 60 days) and will be used to the extent required for the declared purposes. Information provided when registering on the website is exempted from this rule, which will be retained indefinitely or until the data subject withdraws their consent. Accounts can be deleted on the website.

(Registration is currently not available on our website.)


7. Who else can learn the personal data (through data transfer)?

The Controller is entitled to share your personal data with potential, future external partners engaged in marketing or other activities. Such partners may only use your personal data in compliance with the agreement made between the two parties (or under terms and conditions drawn up in writing, in advance).

The Controller is entitled to engage contributors (subcontractors) to process part or all of the personal data, to the extent necessary for the delivery of their contracted services. For example, provision of website hosting or other services related to using the website, direct marketing. All contributors must process personal data in accordance with the Controller’s instructions.


8. Data security

The Controller will do everything in its power to protect your personal data. Certain pieces of data will be encrypted for storage, as needed, while others will only be accessible even to the Controller after user identification.

Access to personal data will be strictly limited to the person performing the particular associated task or to those appointed by the Controller, and only to the extent required for the performance of their tasks. Each of these individuals will be under a non-disclosure and confidential data processing obligation. The current agreement always specifies the relevant tasks and the obligations of external individuals involved in the data processing.


9. The Processor, the Controller and the individuals and companies involved in data processing

The data will be processed by one or more authorised representatives of PANNON GESTOR Kft, and those appointed by the same. Other organisations are also entitled to process the personal data of natural persons.


10. Which companies are involved in the processing of data?

The following companies are involved in data processing relating to the activities of the Organisation:

  • Microsoft
  • (Door 3, Ground Floor, 8-10 Megye utca, Pécs 7621; telephone number: +36 20 9582-145
  • Google
  • Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, further contact details mailing system, cloud-based data and file storage, online document processing (data protection and data protection principles data protection and data protection principles of Google) and related standalone services: Google:
    • Gmail for business
    • Google Drive
    • Google Docs
    • Google Analytics (data protection principles)
    • Továbbá a Chrome böngésző
  • Microsoft (1031 Budapest, Graphisoft Park 3. (Záhony u.), Telefon: +36 1 437 2800, operációs rendszer, Windows 10 – Microsoft protection principles and further contact details)
  • The contract signed with the Controller may contain further Processor(s), whether natural persons or business entities.


11. The data owner’s rights and their enforcement

If you do not wish your personal data to be used for direct marketing, you can forbid this without specifying your reasons. You must notify the Controller to this effect in writing, whether via email or in a letter, by sending the same to the address specified in the site info.
site info.


12. Your options for legal redress

1. Under Article 77 of the Regulation, the data subject is entitled to file a complaint with the supervisory authority if the data subject considers that the processing of their personal data is in breach of the relevant requirements of the GDPR.

2. The data subject may exercise their right for redress through the following contact details:

National Authority for Data Protection and Freedom of Information

Address: 22/c Szilágyi Erzsébet fasor, Budapest 1125

Telephone: +36 1 391 1400

Fax: +36 1 391 1410



A supervisory authority that received the complaint must provide the client with updates on the process and the outcome of the procedure, including notifying the client that they have the right to seek legal redress in court as per Article 78 of the Regulation.

3. The right to effective legal redress in court against the supervisory authority

Any natural or legal person may seek effective legal redress in court against the legally binding decision of the supervisory authority that affects them directly. Doing so does not affect their rights to seek administrative or other forms of redress outside of court.

The proceedings against the supervisory authority must be launched at a court of the member state in which the headquarters of the supervisory authority in question are located.


13. Protection of the data of minors and individuals with diminished capacity

The contents of PANNON GESTOR Kft’s website are not intended for children. We do not collect or process the personal data of children without the informed consent of their parent or guarding (hereinafter together: ‘parent’) consent. Therefore the parents of a child may request that the data pertaining to the child in question be released or eraser. If, in the course of the data processing or technical processing it becomes obvious to the Controller that the data subject is underage, the Controller may use personal data in order to seek parental consent.

Minors who are incapable or have diminished capacity can only make declarations with the consent of their legal representative, except for the aspects of services where such declarations are for the purposes of routine registration of a kind that happens in large numbers, and which require no special deliberation.


14. Cookie policy

Please visit the following page for more information:

Cookie policy.


15. Links to other websites

The Controller enables the data subject to access the websites of other, third parties by using the relevant external links. The Foundation has no control whatsoever over these websites, and will not be liable for their content or processing of personal data. In order to protect your personal data, we recommend you read the data protection information and statements of the websites you access via PANNON GESTOR Kft’s website.


16. Relevant major statutory regulations

Each step of processing your personal data is performed in full compliance with the relevant legal regulations. Currently, these are as listed below:

Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (the Information Act)

Act V of 2023 on the Civil Code

GDPR or ‘the Regulation’: Regulation 2016/679 of the European Parliament and the Council

Act CVIII of 2001 on Certain Aspects of Electronic Commerce and on Information Society Services (the Electronic Commerce Act)


17. Data transfer

The personal and non-personal data you enter are transferred via various channels, each compliant with different technological standards. This may most commonly occur via Google Drive, encrypted email, email not encrypted by the other party, billing application with server settings and data storage mediums.


18. Changes to this statement

The Controller may unilaterally amend this Data Processing Statement. Whenever this happens, whether at the Controller’s discretion or in compliance with a legal requirement, the updated Statement will be published on the Controller’s website. Please make sure you familiarise yourself with the latest version on the website.

Last updated on 1 September 2023