top of page



Date of last modification: 01. 11. 2020 




Penta Financial Group Zártkörűen Működő Részvénytársaság (hereinafter referred to as „Penta Financial Group” or „Controller”) processes information on its clients, their representatives, contact persons and other persons (jointly as “data subject(s)”) described in this privacy policy (“Policy”) via its website (“Website”) which are regarded as “personal data” in accordance with Art. 4 (1) of the General Data Protection Regulation (EU) Nr. 2016/679 (“GDPR”).

We note that this Policy solely provides information on the processing of the above referred personal data and on the data subjects' rights and remedies in relation to data processing carried out via the Website.

Contact data of the Controller:

Penta Financial Group Zártkörűen Működő Részvénytársaság

The Controller’s seat: 1024 Budapest, Ady Endre utca 19.

The Controller’s company registration number: 01-10-140358

The Controller’s e-mail address:

The Controller’s website:


Representative and contact details of the Data Controller: Solomon Zsuzsanna, managing director, see contact details above.


Which data are regarded as personal data?


Personal data is any information about an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.


Who can be regarded as data subject?


The Controller may, in particular, but not exclusively, process the data of the following natural persons:

  • parties inquiring about the Controller’s services and others affected by the Controller's data processing.



Below we describe the purposes for which we collect and use your personal data and how long we store the various personal data collected for each purpose. Please note that the following data processing does not always apply to everyone, so please read them carefully and if you have any questions, please feel free to contact us.


  2.1.Data processing related to inquiries, questions, quotations

  For what purpose do we process your data?
There are a number of ways for you to contact us, e.g., via the contact form on this website. Responding to inquiries received by the Controller by filling in the contact form on our website (for example: inquiries, quotation, general information, complaints, comments related to the Controller's services). In this context we process data provided by you exclusively for the purpose of communicating with you.

  On what legal basis we process your data?
On the one hand, the legal basis for processing data in order to handle inquiries sent to the Controller, answer any questions, is Art. 6 (1) b) of the GDPR. On the other hand, processing is necessary for the purposes of the legitimate interests pursued by the controller (Art. 6 (1) f) of the GDPR). The legitimate interest: managing our business and relationship with you or your company or organization, understanding and responding to inquiries.

  Are you obliged to provide your data?
You are not obliged to make the above requests, however, if you send a request to the Controller, the Controller will process your related data as described in this Policy and for the period specified therein, otherwise it would not be able to respond to the request.

  What data do we process?
Personal data affected by the request to the Controller (personal data contained in the message), contact details of the data subjects and the persons they represent (in particular: name, position, company, phone number, e-mail address), requests (complaints) submitted by the data subjects, content of the requests, steps taken in connection with the request management.

  How long do we retain your personal data?
We delete the data collected in this context after its storage is no longer necessary, or we limit its procession where it is subject to legal obligations to retain data. In this context, we store your data for 5 years from the time of recording (including, for example, the availability of the message you send via the contact form) (Art. 6:22. (1) of the Hungarian Civil Code – unless the Hungarian Civil Code provides otherwise, claims lapse in 5 years).

In the case of court or official proceedings, the processing of data lasts until the final decision is made, to the extent necessary, with regard to the given procedure and the situation of the parties, the given claim, as well as the personal data required by the legal dispute.

  With whom do we share your data?
The following partners/service providers act as a data processor, has access to the data provided:

  • address: 40 Namal Tel Aviv St., Tel Aviv, Israel; or  

  • 500 Terry A. Francois Boulevard, 6th Floor, San Francisco, CA, 94158.

For the purposes of GDPR (Article 27), you may contact WIX  EU representative at Wix Online Platforms Limited, 1 Grant’s Row, Dublin 2 D02HX96, Ireland.

e-mail address:

There will be no charge for responding to your privacy requests or for completing the request. When your request concerning the exercise of your data protection rights and remedies are manifestly unfounded or excessive (repeated) we may charge you an administrative fee to comply with the request, and – taking into account the administrative costs of providing the information or communication or taking the action requested – may refuse to act on the request.

The data protection rights and remedies of data subjects (including you if your personal data are processed by the Controller) are detailed in the relevant provisions of the GDPR (including in particular GDPR 15, 16, 17, 18, 19, 21, 77, 78, 79, 80 and 82). The following is a summary of the most important provisions and, accordingly, the Controller provides information to those concerned about their data protection rights and remedies.

The Controller shall provide information on action taken on a request under Art. 15 to 22 of the GDPR to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The Controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.

If the Controller does not take action on the request of the data subject, the Controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy. 

The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means (for more details, please see above).

In connection with the following, the Controller draws the attention of the data subjects to the possibility of exercising the right to object as follows ("Object") and that in relation to data processing based on a legitimate interest (Art. 6 (1) (f) of the GDPR), the data subject may request the Controller to present a balancing test.

The data protection rights, and remedies of data subjects are detailed below:

  • Right of access
    The data subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

    a) the purpose of the processing;
    b) the categories of personal data concerned;
    c) the recipients or categories of recipient to whom the personal data have been or will be disclosed by the Controller, in particular recipients in third countries;
    d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
    e) the existence of the right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

    f) the right to lodge a complaint with a supervisory authority; and
    g) where the personal data are not collected from the data subject, any available information as to their source.

The Controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the Controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.   

  • Right to rectification 
    You shall have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you and to have incomplete data completed, including by means of providing a supplementary statement.


  • Right to restriction of processing 
    You may obtain of Controller the restriction of processing of your personal data, if:
    - the accuracy of the personal data is contested by you, for a period enabling the Controller to verify the accuracy of the personal data,
    - the processing is unlawful, and you oppose the erasure of the personal data and requests the restriction of their use instead,
    - the Controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims,
    - you have objected to processing pending the verification whether the legitimate grounds of the Controller override those of yours.


  • Right to object
    You may at any time object to the processing of your personal data if the processing is based on a legitimate interest of the Controller. For the cases in which the Controller bases data processing on its legitimate interest, please see "On what legal basis do we process your data" section of this Policy.   
    If you object to the processing of personal data, the Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
    Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him for such marketing. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.


  • Right to erasure
    You shall have the right to obtain from the Controller the erasure of personal data concerning you where one of the following grounds applies:
    - the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,
    - you withdraw your consent on which the processing is based, and where there is no other legal ground for the processing,
    - you object to the processing and there are no overriding legitimate grounds for the processing,
    - the personal data have been unlawfully processed,
    - the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject.


  • Complaint and remedy
    You shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes GDPR. For the contact details of the competent supervisory (data protection) authorities within the EU, please see:  In Hungary, the competent supervisory authority is: Nemzeti Adatvédelmi és Információszabadság Hatóság (1055 Budapest, Falk Miksa utca 9-11; postal address: 1363 Budapest, Pf. 9.; telephone: +36-1-391-1400; fax: +36-1-391-1410; e-mail:; Website: ( You further have the right to an effective judicial remedy to enforce your rights. Such proceedings may be brought before the courts of the Member State where you have your habitual residence. In Hungary, such litigation falls within the jurisdiction of the competent tribunal. You may also choose to bring the case before the competent tribunal of your domicile or place of residence. Information on the jurisdiction and contact details of the court (tribunal) can be found at

    In the event of a change in the processing of personal data, we will update or amend or supplement this Policy as necessary. We reserve the right to change our practices and this Policy at any time, so please check the site frequently for any changes to this Policy.

bottom of page