Privacy Policy

Version 1.0 Effective Date: 01 Jan 2025
Last Updated: 20 Dec 2024

1. General Principles

1.1 FAVON Ltd. (“FAVON,” “we,” “our,” or “us”) attaches great importance to the protection of personal data and to compliance with applicable data protection laws, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”) and Act CXII of 2011 on Information Self-Determination and Freedom of Information (“Info tv.”).

1.2 This Privacy Policy describes the categories of personal data that we collect and process, the purposes and legal bases of such processing, and the rights of individuals whose data we process (“data subjects”). It applies to all processing carried out by FAVON in the context of our commercial, research and development, and administrative activities.

1.3 We process personal data only to the extent necessary for the defined purpose, in a lawful, fair, and transparent manner, ensuring that such data are accurate, up to date, and retained no longer than required. We are equally committed to maintaining the confidentiality, integrity, and availability of all personal data processed within our operations and to upholding transparency and accountability in every aspect of our data handling practices.

2. Controller and Contact Details

2.1 Data Controller:

FAVON Ltd.
Registered office: Bányalég street 47-59. 1225 Budapest, Hungary
Company registration number: 01 09 346158
VAT number: 27039126-2-43
EU VAT number: HU27039126
Email: [email protected]
Tel.: +36 23 345 416

2.2 Data Protection Contact:

E-mail: [email protected]

2.3 Supervisory Authority:

National Authority for Data Protection and Freedom of Information (NAIH)
Falk Miksa u. 9–11., H-1055 Budapest, Hungary
Tel.: +36 1 391 1400 | Email: [email protected] | Website: www.naih.hu

3. Definitions

For the purposes of this Privacy Policy, the definitions contained in Article 4 of the GDPR shall apply, including but not limited to:

• “personal data” means any information relating to an identified or identifiable natural person;
• “processing” means any operation or set of operations performed on personal data;
• “controller” means the entity determining the purposes and means of processing;
• “processor” means a natural or legal person which processes personal data on behalf of the controller.

4. Categories of Personal Data Processed

4.1 FAVON may process the following categories of personal data:

• Website and technical data: IP address, browser type, device identifiers, time and duration of visit, accessed pages, referrer URL, and error logs.
• Contact and communication data: name, business email address, phone number, company affiliation, job title, and the content of any inquiry.
• Customer and supplier data: contact details of business representatives, correspondence, order and delivery information, payment and invoicing data.
• Job applications: CVs, professional history, education, qualifications, references, and interview records.
• Marketing and event participation data: name, professional contact details, organization, communication preferences, and records of consent.
• Cookie and analytics data: technical identifiers and aggregated information derived from online interactions.

5. Purpose and Legal Basis of Processing

5.1 Processing of personal data is carried out only when there is a valid legal basis under Article 6(1) GDPR. FAVON relies on the following bases:

• Consent (Article 6(1)(a)) – where individuals have voluntarily provided data, e.g., through contact forms or newsletter subscription.
• Contract performance (Article 6(1)(b)) – to fulfill or prepare business relationships, including communication, supply, and invoicing.
• Legal obligation (Article 6(1)(c)) – to comply with statutory requirements, such as tax and accounting laws.
• Legitimate interest (Article 6(1)(f)) – to ensure secure and efficient business operations, maintain relationships with clients and suppliers, and improve services, provided such interests are not overridden by the fundamental rights and freedoms of the data subjects.

5.2 The specific purposes include, but are not limited to:

• responding to inquiries and correspondence;
• managing contractual relationships and transactions;
• maintaining records of business communication;
• operating and optimizing our website and IT systems;
• performing recruitment and HR administration;
• ensuring compliance with legal and regulatory obligations; and
• safeguarding the integrity and security of our infrastructure.

Clarification of Legitimate Interest: Our primary legitimate interests include: (a) Network and Information Security: Protecting our IT systems and data from unauthorized access or accidental loss; (b) Business Operations: Maintaining and enhancing relationships with existing and potential business partners; (c) Service Improvement: Analysing usage data to optimize and tailor the quality of our services and website experience.

5. Recipients and Categories of Recipients

6.1 Access to personal data is limited to FAVON employees whose roles require it.

6.2 Data may be disclosed to the following categories of recipients:

• IT and hosting service providers;
• professional advisers, auditors, and consultants;
• suppliers, subcontractors, and logistics partners;
• financial institutions and accounting service providers;
• authorities, regulatory bodies, or courts where required by law.

6.3 Each third party acts either as a processor under a data processing agreement compliant with Article 28 GDPR or as an independent controller where applicable.

7. Transfer of Data to Third Countries

7.1 Personal data are generally processed within the European Economic Area (EEA).

7.2 Should processing or storage outside the EEA become necessary, FAVON ensures appropriate safeguards in accordance with Chapter V of the GDPR, including:

• an adequacy decision by the European Commission, such as the EU-US Data Privacy Framework (for transfers to certified US entities);
• Standard Contractual Clauses (SCCs); or
• binding corporate rules or equivalent mechanisms.

7.3 Copies of relevant safeguards may be requested from [email protected].

8. Retention of Personal Data

8.1 Personal data are retained only for the duration necessary to fulfill the purpose of processing or as required by law.

8.2 Typical retention periods include:

• Technical and log data: 30 days
• General inquiries: 12 months
• Contractual and accounting data: 8 years (in line with the Hungarian Accounting Act)
• Job applications – 12 months, unless consent renewed
• Marketing and consent records: until withdrawal of consent
• Cookie data – according to browser and cookie settings

8.3 Upon expiry of retention periods, data are securely deleted or anonymized.

9. Cookies and Online Tracking

9.1 FAVON uses cookies and comparable technologies to ensure the proper functioning of its website and to improve user experience.

9.2 Cookies are classified as follows:

• Necessary cookies – essential for the operation and security of the website;
• Functional cookies – allow storage of user preferences;
• Performance cookies – collect aggregated information on website usage;
• Marketing cookies – support communication about our products and services.

9.3 The lawful basis for processing personal data using cookies is legitimate interest for strictly Necessary Cookies (essential for website security and functionality) and Consent (Article 6(1)(a) GDPR) for all Functional, Performance, and Marketing Cookies. We obtain this consent via a dedicated cookie control panel on our website.

9.4 Users may withdraw their consent or modify cookie settings at any time via the website’s cookie control panel or through browser configuration. The refusal of non-essential cookies will not affect the core functionality of the website.

10. Integration of Third-Party Services and External Links

10.1 Our website may integrate content or functions from external providers (“third-party services”), including but not limited to embedded map data (Google Maps), scheduling tools (Calendly), and links or buttons directing users to social-media platforms (e.g. LinkedIn and X.com).

10.2 When these services are displayed or activated, their providers may receive the user’s IP address and other technical data (such as browser type, operating system, and referring URL) required to deliver the content. Certain providers may also process this information for statistical or marketing purposes under their own responsibility.

10.3 FAVON strives to integrate such services in a privacy-conscious manner and configures social-media plug-ins so that data are transmitted only after the user actively selects the relevant icon or link.

10.4 We have no control over subsequent data processing performed by these third-party providers. For further information, users should consult the privacy notices of the respective providers:

• Google Maps – Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://policies.google.com/privacy | Opt-out: https://adssettings.google.com/authenticated
• Calendly – Calendly LLC, 115 E Main St., Suite A1B, Buchanan, GA 30113, USA. Privacy Policy: https://calendly.com/privacy
• LinkedIn – LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Privacy Policy: https://www.linkedin.com/legal/privacy-policy
• X (formerly Twitter) – X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Privacy Policy: https://twitter.com/privacy

10.5 Any data processing by these providers may involve transfer to third countries (e.g. the United States). In such cases, the legal basis for processing lies in the user’s consent given when interacting with the service or activating the plug-in.

11. Data Security

11.1 FAVON employs appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

11.2 These measures include:

• secure IT systems with controlled access;
• encryption of data in transmission;
• regular software updates and vulnerability monitoring;
• staff training and confidentiality obligations; and
• Periodic audits and ISO 9001-aligned process control

11.3 In the event of a personal data breach, FAVON will assess the incident promptly and, if necessary, notify the NAIH and affected individuals in accordance with Articles 33 and 34 GDPR.

12. Rights of Data Subjects

12.1 Under the GDPR, data subjects have the following rights:

• Right of access (Art. 15) – to obtain confirmation of processing and access to personal data;
• Right to rectification (Art. 16) – to correct inaccurate or incomplete data;
• Right to erasure (Art. 17) – to request deletion of personal data under specified conditions;
• Right to restriction (Art. 18) – to limit processing in certain cases;
• Right to data portability (Art. 20) – to receive data in a structured, commonly used format;
• Right to object (Art. 21) – to object to processing based on legitimate interests or for direct marketing purposes;
• Right to withdraw consent (Art. 7(3)) – without affecting prior lawful processing.

12.2 To exercise these rights, data subjects may contact FAVON by email at [email protected] or by post to the address stated above. Requests are handled free of charge within one month of receipt unless complex or excessive.

13. Complaints

13.1 Data subjects who believe that their personal data are processed in violation of applicable law may lodge a complaint with the competent supervisory authority:

National Authority for Data Protection and Freedom of Information (NAIH)
Falk Miksa u. 9–11., H-1055 Budapest
Tel.: +36 1 391 1400 | Email: [email protected] | Website: www.naih.hu

For cross-border cases, NAIH may coordinate with other EU data protection authorities under the GDPR’s cooperation mechanism.

13.2 Data subjects also retain the right to seek judicial remedy in accordance with Article 79 GDPR.

14. Data of Minors

14.1 FAVON’s services and activities are directed exclusively toward professional and business users. We do not intentionally collect or process personal data relating to individuals under eightteen (18) years of age.

14.2 Should personal data of a minor be inadvertently obtained, FAVON will take immediate steps to delete such data from all systems and to prevent further processing.

14.3 Parents or legal guardians who become aware that a minor has provided personal data to FAVON may contact [email protected] to request deletion or restriction of such data.

14.4  Any processing of personal data of minors will occur only with explicit, verifiable parental consent and solely to the extent permitted by applicable data-protection legislation.

15. FAVON as Data Processor

15.1 In the context of providing research, development, or manufacturing services under a Contract, FAVON may, from time to time, process personal data on behalf of the Customer (who acts as the Data Controller).

15.2 When acting as a Data Processor, FAVON shall process the personal data strictly in accordance with the documented instructions of the Customer and Article 28 of the GDPR.

15.3 Any such processing relationship, including the subject matter, duration, nature, purposes of processing, the categories of data subjects, and the obligations and rights of the Customer, shall be governed by a separate, specific Data Processing Agreement (DPA) which is incorporated into the relevant Master Service Agreement or Contract.

16. Amendments to this Privacy Policy

16.1 FAVON reserves the right to amend this Privacy Policy at any time in order to reflect changes in legislation, technology, or our organizational structure.

16.2 The latest version will be published on FAVON’s official website and becomes effective upon publication.