Applicable legislation for matters not detailed in this Privacy Notice:REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation –
GDPR).
Name and Contact Details of the Data Controller:Name: Tisserand Controls Kft.
Registered address: Tavas utca 1. C. ép. A. lház. 3. em. 31. a., 1108 Budapest,
HungaryTax number: 28836768-2-42
Company REGD: 01-09-376153
Email address: office@tisserandcontrols.com
Information Regarding Cookies
The Website Uses Cookies
We use cookies to personalize content and advertisements, to provide social media features, and to analyze our website traffic. We also share information about your use of our website with our social media, advertising, and analytics partners, who may combine it with other information that you have provided to them or that they have collected from your use of their services.
Cookies are small text files that a website may use to enhance the user experience. Under applicable law, we may store cookies on your device only if they are strictly necessary for the operation of this website. For all other types of cookies, we require your consent.
This website uses different types of cookies. Some cookies are placed by third-party service providers that appear on our pages.
We do not use or allow the use of cookies that would enable third parties to collect data from users without their explicit consent.
The data controller only applies cookies that clearly indicate which data is processed through the cookie, for what purpose, and – if applicable – for which third party data is being collected.
The use of cookies that store data entered by the user/visitor, authentication session cookies, user-centric security cookies, multimedia player session cookies, load-balancing session cookies, and user interface customization session cookies must be clearly disclosed to the user in advance; however, no consent is required for such cookies. For all other types of cookies, prior user consent must be obtained.
Subject to the explicit consent of the Website visitor (data subject), we may use cookies, tracking codes, measurement codes, identifiers, and pixels to display advertisements to users/visitors via platforms such as Google. This includes the transmission of event data such as page views.
The data processing is carried out without human intervention.
Users can configure their web browser to accept all cookies, reject all cookies, or notify them when a cookie is being sent to their device. These settings are typically found in the “Options” or “Preferences” menu of web browsers. If cookies are disabled, users may experience reduced functionality on the Website.
For more detailed information on cookie settings in various browsers, please visit the English-language website
www.aboutcookies.org.
You can find more information about how to delete, block or allow cookies in your browser by visiting the following links:
•
Google Chrome: How to delete, block or allow cookies in Google Chrome (
https://support.google.com/chrome/answer/95647?co=GENIE.Platform=Desktop&hl=en)
•
Mozilla Firefox:
How to delete cookies in Firefox
•
Microsoft Edge:
Learn about tracking prevention and cookie settings in Microsoft Edge What Personal Data Do We Process and Why?
1. Server Logging
The purpose of our data processing during visits to our website is to monitor the proper functioning of services and to prevent abuse by reviewing visitor data. As the data controller, we process data generated and provided by the system—such as date and time, the IP address of the visitor (data subject), and information about their browser, including its name, version, and operating system—based on our legitimate economic interest in ensuring the secure operation of our services. The system also logs the referring URL from which the visitor arrived.
We retain this data until the obligation for deletion arises, or until the data subject exercises their right to object or request deletion, or until it is deleted by the hosting provider, but no longer than 12 months following the visit.
You may express your objection to the processing of your personal data by mail at the address:
Tisserand Controls Kft., Tavas utca 1. C. ép. A. lház. 3. em. 31. a., 1108 Budapest, Hungary, or via email at:
office@tisserandcontrols.com
As a data subject, you may request access to your personal data, request their rectification, erasure, or the restriction of their processing, and object to the processing of your personal data.
In addition to our authorized personnel, your personal data may also be processed by the following data processors:
•
Webflow Inc. (Registered office: 398 11th Street, Floor 2, San Francisco, CA 94103, USA) – The website is operated through the services of Webflow Inc., which relies on the infrastructure of Amazon Web Services (AWS).
Data transfer to third countries: Webflow Inc. is based in the United States of America; therefore, personal data is transferred to a third country. Webflow acts as a data processor. The transfer of personal data to the United States is carried out in accordance with appropriate safeguards approved by the European Commission, specifically under the EU–U.S. Data Privacy Framework. For more information:
https://webflow.com/legal/privacy
•
INTEGRITY Kft. (Registered office: 8000 Székesfehérvár, Gyetvai utca 6., Hungary) –Domain service provider.
2. Processing of Contact Person’s Data
When you contact us on behalf of a company—that is, not as a natural person—we process the personal data necessary for communication in order to maintain contact with our business partners and to facilitate the conclusion and performance of contracts.
The personal data of the employee of a non-natural person contracting partner is transmitted to our Company by the contracting partner to the extent necessary for contact purposes. In such cases, the contracting partner, as the employer of the data subject, collects and processes the personal data pursuant to Article 6(1)(b) of the GDPR, while our Company processes the data received from the partner under Article 6(1)(f) of the GDPR, based on the legitimate interest of our contracting partner, and only to the extent and for the duration necessary for this purpose. In relying on Article 6(1)(f) of the GDPR, our Company documents that the legitimate interest of the contracting partner prevails over the employee’s data protection rights in this specific case, as the processing constitutes a necessary and proportionate limitation related to the performance of the employee’s job duties.
We process the name, email address, phone number, job title, and authorization scope of our partners’ contact persons. As the data processing is based on the legitimate economic interest of our company, we are unable to fulfill our contractual obligations to our partner if the data processing is refused.
Where the data is included in a contract, we retain it for 5 years following the termination of the contract. In all other cases, we retain the data for 30 days following the end of the contact person’s status.You may express your objection to the processing of your personal data by mail at the address:
Tisserand Controls Kft., Tavas utca 1. C. ép. A. lház. 3. em. 31. a., 1108 Budapest, Hungary, or via email at:
office@tisserandcontrols.com
As a data subject, you may request access to your personal data, its rectification, erasure, or the restriction of its processing, and you may object to the processing of your personal data.
In addition to our authorized staff, your data is also processed by our engaged data processors:
•
Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) – Gmail email communication
Security of Data Processing
We protect your data, particularly against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as against accidental loss and damage. Together with our server operators, we implement technical, organizational, and administrative measures to ensure the security of the data, providing a level of protection appropriate to the risks associated with data processing.
What Do Data Subject Rights Mean?
We welcome your questions and requests regarding the processing of your personal data by post:
Tisserand Controls Kft., Tavas utca 1. C. ép. A. lház. 3. em. 31. a., 1108 Budapest, Hungary by email:
office@tisserandcontrols.com
Data subjects may exercise the following rights throughout the entire duration of the data processing
Access to personal data
The data subject has the right to obtain confirmation from the data controller as to whether or not personal data concerning them are being processed, and, where that is the case, to access the personal data and request an electronic copy of such data.
Right to rectification
The data subject may request the rectification of their personal data.
Right to erasure (right to be forgotten) (Article 17 GDPR)
The data subject has the right to obtain from the Controller the erasure of personal data concerning them without undue delay where the processing is no longer necessary, the data subject has withdrawn their consent and there is no other legal ground for the processing, the data subject objects and there is no overriding legitimate reason for the processing, or the data were processed unlawfully, or the data must be deleted for compliance with a legal obligation.
If the Controller has made the personal data public and is obliged to erase them, it shall take reasonable steps – including technical measures – taking into account available technology and the cost of implementation, to inform other controllers processing the data that the data subject has requested the erasure of any links to, or copies or replications of, those personal data.
It is important to note that the right to erasure and the “right to be forgotten” cannot be exercised where any of the exceptions set out in Article 17(3) of the GDPR apply.
This means that processing is necessary:
1. for exercising the right of freedom of expression and information;
2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
3. for reasons of public interest in the area of public health;
4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing;
5. or for the establishment, exercise or defence of legal claims.
Right to restriction of processing
The data subject may request the restriction of processing in certain cases, for example, while their claim is being assessed. This includes cases where the data subject objects to data processing based on legitimate interest, or challenges the accuracy of the processed data.
Right to object to the processing of personal data
The data subject may object to data processing based on legitimate interest. In such cases, processing must be stopped unless there are compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or if the processing is necessary for the establishment, exercise, or defense of legal claims..
Right to data portability
For data processing based on the data subject’s consent or the performance of a contract, the data subject has the right to data portability.This means the data subject has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format, and has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.The data subject may also request that the personal data be transmitted directly to another controller, where technically feasible. The exercise of this right must not adversely affect the rights and freedoms of others.
Automated decision-making, including profiling
The data subject has special rights in the case of automated decision-making, including profiling. The data subject has the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning them or similarly significantly affects them.
Procedure of the Data Controller
The data controller shall inform the data subject without undue delay, but no later than within one month from the receipt of the request, about the actions taken or the reasons for not taking action.If the request is complex, the deadline may be extended by an additional two months.
The provision of information and the action taken are free of charge, except in the case of clearly unfounded or excessive requests.
The first copy of the processed personal data is provided free of charge; for any additional copies, we charge a fee equal to our administrative costs.
Right to Lodge a Complaint:
In the event of a possible violation of their rights, the data subject may contact the data protection supervisory authority competent according to the Data Controller’s registered seat, and may initiate an investigation. The data subject may also turn to the courts in order to enforce their rights.
In Hungary, the supervisory authority is:
Hungarian National Authority for Data Protection and Freedom of Information (NAIH)Mailing address: H-1363 Budapest, Pf. 9.
Office address: H-1055 Budapest, Falk Miksa utca 9-11.
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
Email: ugyfelszolgalat@naih.hu
Website:
www.naih.hu
Supervisory Authorities within the European Union:
1. Austria – Österreichische Datenschutzbehörde
2. Belgium – Autorité de la protection des données / Gegevensbeschermingsautoriteit
3. Bulgaria – Комисия за защита на личните данни
4. Croatia – Agencija za zaštitu osobnih podataka
5. Cyprus – Γραφείο Επιτρόπου Δεδομένων Προσωπικού Χαρακτήρα
6. Czech Republic – Úřad pro ochranu osobních údajů
7. Denmark – Datatilsynet
8. European Union – European Data Protection Supervisor
9. Estonia – Andmekaitse Inspektsioon
10. Finland – Tietosuojavaltuutetun toimisto
11. France – Commission Nationale de l'Informatique et des Libertés (CNIL)
12. Germany – Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
13. Greece – Aρχή Προστασίας Δεδομένων
14. Ireland – An Coimisiún um Chosaint Sonraí
15. Italy – Garante per la protezione dei dati personali
16. Latvia – Datu valsts inspekcija
17. Lithuania – Valstybinė Duomenų Apsaugos Inspekcija
18. Luxembourg – Commission Nationale pour la Protection des Données
19. Hungary – NAIH
20. Malta – Office of the Information and Data Protection Commissioner
21. Netherlands – Autoriteit Persoonsgegevens
22. Poland – Urząd Ochrony Danych Osobowych
23. Portugal – Comissão Nacional de Proteção de Dados
24. Romania – Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal
25. Slovakia – Úrad Na Ochranu Osobných Údajov Slovenskej Republiky
26. Slovenia – Informacijski pooblaščenec
27. Spain – Agencia Española de Protección de Datos
28. Sweden – Integritetsskyddsmyndigheten
Supervisory Authorities of the European Economic Area (EEA):
29. Iceland – Persónuvernd
30. Liechtenstein – Datenschutzstelle Fürstentum Liechtenstein
31. Norway – Datatilsynet
Definitions
1.
"personal data": any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
2.
"processing": any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
3.
"controller": the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
4.
"processor": a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
5.
"recipient": a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
6.
"third party": a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
7.
"consent of the data subject": any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
8.
"personal data breach": a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Principles relating to the processing of personal data
Personal data must be:
1.
Processed lawfully, fairly, and in a transparent manner in relation to the data subject (“lawfulness, fairness and transparency”);
2.
Collected for specified, explicit, and legitimate purposes, and not further processed in a manner that is incompatible with those purposes. Further processing for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes shall not be considered incompatible with the initial purposes (“purpose limitation”);
3.
Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimisation”);
4.
Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (“accuracy”);
5.
Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. Personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, subject to implementation of appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (“storage limitation”);
6.
Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (“integrity and confidentiality”).
The controller shall be
responsible for and able to demonstrate compliance with the above principles (“accountability”).
Legal Basis for Data Processing
The processing of personal data shall be lawful only if and to the extent that at least one of the following applies:
1. the data subject has given consent to the processing of their personal data for one or more specific purposes;
2. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
3. processing is necessary for compliance with a legal obligation to which the controller is subject;
4. processing is necessary in order to protect the vital interests of the data subject or of another natural person;
5. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
6. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Dated: Budapest, 28 July 2025
