Adatkezelési tájékoztató

Privacy Policy


The Data Controller declares that the data processed by it shall be processed in accordance with the currently applicable legislation pursuant to the Fundamental Law of Hungary, Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information and the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”).

Respects the personal data of its employees, customers, contractors, other data subjects and visitors to and It shall treat all data and facts of which it becomes aware as confidential and process them only on the basis of the performance of the contract, legal requirements, its own legitimate interests not prejudicing the interests of the data subjects and the prior informed consent of the data subject.

Data processing principles

The Data Controller will process personal data in accordance with the following principles:

The processing is carried out lawfully and fairly and in a transparent manner for the data subject.

Data processing is subject to the principle of data minimisation, according to which data processing must be appropriate and relevant for the purpose for which it is carried out and limited to what is necessary.

Data processing must be accurate and, where necessary, kept up to date. In this context, it shall take all reasonable steps to ensure that inaccurate data are erased or rectified without undue delay.

Personal data will be stored for a limited period of time necessary to achieve its purpose.

Ensures protection against unauthorised or unlawful processing and accidental loss, destruction or damage of personal data.

Personal data will only be processed for the purposes and in the manner set out in this Statement, in order to exercise the rights and fulfil the obligations set out herein. The Data Controller declares that it will comply with these purposes at all stages of its processing.

The Data Controller processes only personal data which is necessary for the purpose of the processing, which is suitable for the purpose, to the extent and for the duration necessary for the purpose.

Ensure adequate security of personal data against unauthorised or unlawful processing, accidental loss, destruction or damage by applying appropriate technical or organisational measures.

Informing stakeholders

By publishing this Statement, the Data Controller takes appropriate measures to ensure that data subjects receive all the information relating to the processing of personal data in a concise, transparent, intelligible and easily accessible form, in clear and plain language.

Partners and processors assisting the Data Controller are bound by confidentiality obligations in relation to the personal data of the data subjects.

Interpretative provisions:

data security: a set of technical, personnel and organisational measures and procedures to protect data security criteria such as confidentiality, integrity and availability.
data processing: any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
restriction of data processing: the marking of stored personal data for the purpose of restricting their future processing;
data controller: a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;

The Data Controller under this Statement:

The Data Controller:


GeoLayer Korlátolt Felelősségű Társaság

Head office:

1182 Budapest, Hímesháza utca 11.

Company registration number:


Tax number:



email address:

Mobile phone number:

+36 20 415 1370

data processing: the performance of technical tasks related to data processing operations, irrespective of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;
data processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the Data Controller.

With regard to the personal data processed by the Data Controller, the data necessary for accounting and payroll processing is processed by an accounting firm based in Budapest, which has a contract with the Data Controller.

The website of the data controller is operated by the hosting provider C-Host Kft (registered office: 1115 Budapest, Halmi utca 29.; Asz: 23358005-2-43)

The Data Controller stores the personal data it processes in a cloud storage. The cloud service provider is The Data Controllers declare that the cloud service provider only performs data storage, does not perform any other processing of personal data and in this activity respects the personal data of the data subjects and the rights and freedoms of the data subjects. The cloud service provider’s privacy policy is available at

data destruction: the complete physical destruction of a data medium containing data;
data erasure: making data unrecognisable in such a way that it is no longer possible to recover it;
data transfer: where the data are made available to a specified third party;
data blocking: the marking of data with an identifier in order to limit its further processing permanently or for a limited period of time;
data security incident: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
confidentiality (secrecy): the characteristic of data that only a predefined set of users (authorised users) are allowed access to it, and that access by all others is illegal;
loss of confidentiality: loss of confidentiality is called disclosure, where confidential data becomes known and/or accessible to unauthorised persons;
security incident: any event that may have an adverse effect on the confidentiality, integrity or availability of an IT device or the data stored on it;
recipient: the natural or legal person, public authority, agency or any other body, whether or not a third party, to whom or with whom the personal data are disclosed. Public authorities that may have access to personal data in the context of an individual investigation in accordance with Union or Member State law are not recipients; the processing of those data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;
GDPR: General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016;
third party: a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data;
consent: a freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she signifies, by a statement or by an act expressing his or her unambiguous consent, that he or she signifies his or her agreement to the processing of personal data concerning him or her;
Info tv.: the 2011 Act CXII of 2011 on the Right to Information Self-Determination and Freedom of Information;
integrity: the criterion of existence, authenticity, integrity and intrinsic completeness of data, which ensures that the data, information or program can only be altered by those authorised to do so and cannot be altered without being detected.
personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
objection: a statement by the data subject objecting to the processing of his or her personal data and requesting the cessation of the processing or the deletion of the processed data;

I process your personal data for the following purposes:

Processing based on the performance of a contract [Article 6(1)(b) GDPR]

The Data Controller processes the data of natural persons for the following purposes in the performance of a contract:

Employee personal data:

name; name at birth; place and date of birth; mother’s name; education; address; telephone number; e-mail address; name and account number of financial institution; specimen signature

Personal data of customers and contractual partners:

name/designation; address/delivery address; contact name; telephone number; e-mail address; photograph

The purpose of the processing of the data is the conclusion of relevant written contracts, the performance of contracts and the provision of contact details.

The Data Controller stores some of the personal data provided on paper at its headquarters and in digital form on a digital server in the cloud. The personal data will be stored from the conclusion of the contract until the contractual relationship has been established or until the expiry of the contractual relationship. Personal data processed within this scope will not be transferred.

Data processing based on a legal requirement [Article 6(1)(c) GDPR]

The following personal data of employees are processed or, where necessary, may be processed on the basis of the Labour Code, the Act on Persons Entitled to Social Insurance Benefits and Private Pensions and the Coverage of These Services, the Act on Social Insurance Pensions, the Act on Personal Income Tax and the Act on the Tax Procedure and Judicial Enforcement:

name; name at birth; place and date of birth; mother’s name; social security number; tax identification number; address; personal data relating to tax relief; personal data relating to enforcement;

The purpose of employee data processing is to comply with the statutory obligation to pay contributions and pensions, to deduct the statutory tax advances and to prepare personal income tax returns in accordance with the employer’s requirements, as well as to comply with any mandatory enforcement.

The Data Controller stores some of the personal data provided on paper at its headquarters and in digital form on a digital server in the cloud. The retention period of the data contained in the employment records is determined by the applicable legislation. The Data Controller shall transmit these data to the accountant in charge of payroll accounting and to the public administration responsible for tax and contribution deductions and pension insurance.

The following personal data of customers and contractual partners are processed in accordance with the legal requirements on accounting, VAT and taxation:

name(s); address/place of residence; tax number

The data of customers and contractual partners are processed for the purpose of issuing invoices for purchases and deliveries.

The Data Controller stores part of the personal data provided on paper at its headquarters and in digital form on a cloud-based digital server and transfers it to the Data Processor in charge of accounting and payroll. Invoices are issued for orders using online invoicing software. The invoices issued, with the data content contained therein, are processed by the Data Controller until the invoice is kept for accounting purposes.

Consent-based processing [Article 6(1)(a) GDPR]

The personal data of employees who apply to the Data Controller for employment will be processed on the basis of their prior informed consent by means of this declaration:

name; name at birth; place and date of birth; mother’s name; education; address; telephone number; e-mail address;

The data is processed for the purposes of subsequent employment following selection. The Data Controller will store some of the personal data provided on paper at its headquarters and in digital form on a digital server in the cloud. The processing lasts from the moment the data is provided until the selection process. After the selection process is completed, the data of the candidate will be processed until the consent is withdrawn in order to fill future vacancies. The Controller will not transfer personal data processed in this context.

On the websites and of the Data Controller, the interested party can send a message to the Data Controller under the contact menu. In this context, the following personal data of the interested party will be processed:

name; telephone number; e-mail address

The Data Controller stores the personal data provided on the database interface and hard disk of the website, The personal data provided for the purpose of contacting you will be stored for the time necessary to achieve the purpose of the contact, but not longer than 1 year. The Controller will not transfer the personal data processed in this context.

Processing based on legitimate interest [Article 6(1)(f) GDPR]

The Data Controller is a company that operates and distributes UAS systems and takes high altitude images for road construction for its customers. The purpose of the recordings is not to photograph natural persons. However, in the course of taking the photographs, aerial photographs may be taken of natural persons in the technical area/route but not under contract. On average, the images are taken from an altitude of 70 to 120 metres and at a resolution of 20 to 45 megapixels, which are not sufficient to identify the person in the image. The contract performed for the Client does not, as a general rule, involve the processing of such data of natural persons. However, the Data Controller sets out in this statement the main provisions concerning the processing of the data of natural persons that may appear in the recordings.

The following personal data of the data subjects are processed by the Data Controller in the course of such recording:


The shots are taken in a technical area/route and aim at a complex survey of the technical area/route.

The Data Controller shall inform the persons entering the technical area/route that the area is being recorded and shall inform the data subjects that they have the possibility to object to the processing based on legitimate interest. The Data Controller shall carry out an interest assessment prior to the start of the processing, taking into account the risks presented by the processing.

The Data Controller shall take into account the risks to the rights and freedoms of the data subjects before starting the processing and shall establish that the technical area/route is unlikely to be accessed by natural persons not having a contractual relationship, that the purpose of the recordings is not to systematically monitor natural persons and that the recordings are made under technical conditions which are not suitable for the identification of the persons on the recordings, and therefore the risk and severity for the data subject of this type of conditional processing is minimal.

The Data Controller stores the personal data processed in this way in digital form on a cloud-based digital server and stores them for the duration of the contractual relationship with the customer, until the expiry of the contractual relationship or until the data subject’s express objection.

The Data Controller shall transmit the personal data processed in this context to the customer. The Customer becomes the data controller in this respect and shall establish and maintain its own data management policy for the data it processes. The Data Controller states that it does not carry out joint processing with the Customer, that it is not responsible for the Customer’s processing of the above data, but that they are mutually bound by their contractual relationship to notify each other of any data subject who has lodged a complaint with them in order to take the necessary measures.

Knowledge, use and transfer of data

Personal data stored about Data Subjects may be accessed only by the person who needs to know them in order to fulfil his or her obligations. The Controller shall record the name of the person who has access to the personal data or who is otherwise entitled to access the personal data, the reason for access and the time of access.

My processing activities may involve the use of personal data processed. Use is when personal data is used as evidence in legal or other official proceedings. A person whose right or legitimate interest is affected by the recording of his or her personal data may, within 3 (three) working days of the recording of the personal data, request that the data not be destroyed or erased by the Data Controller by providing evidence of his or her right or legitimate interest. If the Data Controller is required by a public authority or a court to provide and disclose the data, the Data Controller shall disclose the personal data if all the conditions for doing so are met. In the absence of such a request within thirty (30) days of the Data Subject’s request for non-destruction, the recorded image and/or sound recording and other personal data shall be destroyed or erased.

The Controller transfers certain personal data to its data processing partners. In each case, the Data Subjects’ specific consent is required where the transfer is to a country outside the European Economic Area.

Rights of data subjects and their enforcement

The Data Subject is informed in detail about his/her enforceable rights and the scope of the data processed about him/her from this Notice and the Privacy Notice.

The Data Subject has the right to request information about the processing of his/her data.

He/she has the right to receive feedback on whether or not the processing of data relating to him/her is still ongoing and, if so, to be informed of the purposes, legal basis, storage and storage period of the data processed concerning him/her. The right to be informed includes the right to rectification, erasure, restriction of processing and the right to lodge a complaint with a supervisory authority.

If the Data Subject becomes aware that the data stored about him/her are incomplete or inaccurate, he/she has the right to request that his/her data be rectified.

The Data Controller shall delete the data stored about the Data Subject upon your request. This obligation shall also apply without a request if

  1. the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  2. the data subject has withdrawn the consent on the basis of which the processing was carried out and there is no other legal basis for the processing;
  3. the Data Subject objects to processing based on legitimate interests and there are no overriding legitimate grounds for further processing;
  4. the Controller is unlawfully processing the personal data;
  5. must be erased in order to comply with an applicable legal obligation.

The Data Controller shall, upon request, restrict the processing of personal data until it examines the possibility of taking the necessary measures, if the inaccuracy, unlawfulness, or unnecessary nature of the personal data processed is established or if the Data Subject objects to the processing.

In the case of processing based on consent or contract, the Data Subject has the right to receive the data provided by him or her in machine-readable form (pdf, doc, excel, txt) in order to transmit it to another controller.

The Data Subject may object to the processing of his or her personal data based on legitimate interests at any time on grounds relating to his or her particular situation. In such a case, the Controller may no longer process the Data Subject’s data on such grounds, unless the processing is justified by compelling legitimate grounds which override the interests, rights and freedoms of the Data Subject or are related to the establishment, exercise or defence of legal claims.

The Data Controller shall, within the shortest possible time from the date of the request, but not later than 15 days.

  • examine the request,
  • decide whether the objection is well-founded; and
  • inform the Data Subject of its decision in writing.

Data security

In particular, the Data Controller shall take appropriate measures to protect the data against unauthorised access, alteration, disclosure, transmission, disclosure, deletion or destruction, accidental destruction or damage and inaccessibility resulting from changes in the technology used.

In doing so, it will comply with the IT security policies in force and will require its Processors to do the same.

In the event of a personal data breach, it will develop a data breach policy, which sets out how to report a data breach, who is responsible for dealing with it and the relevant time limits.

It keeps records of the data protection incidents that occur.

In case of violation of their rights, data subjects may lodge a complaint with the National Authority for Data Protection and Freedom of Information (headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/C, telephone: +36 (1) 391-1400, fax: +36 (1) 394-1410, e-mail: or they may also have recourse to the court of the place of decision making.

The Data Controller shall compensate any damage caused to another party by unlawful processing of the Data Subjects’ data or by breach of data security requirements. If the Data Controller infringes the Data Subject’s right to privacy by unlawfully processing the Data Subject’s data or by breaching data security requirements, the Data Subject may claim damages.

The Data Controller may use personal data and information lawfully recorded in the course of negotiations and/or litigation in order to avoid disputes that may arise between the two parties.

About and how we use cookies

The content published on the websites and is accessible to anyone without providing any personal data.

The following so-called “cookies” are used on the website operated by the Data Controller:

  • Necessary cookies ~ which are used for basic functionality;
  • Functional cookies ~ to remember user preferences

Independent measurement and auditing of website traffic and other web analytics data is facilitated by external service providers (for details, please visit:

Cookies record the unique network identifier (IP address) of the Data Subject using the website as personal data.

On the website, you may also find links or icons to other websites – e.g. Facebook, Instagram page links – that direct you to the relevant page. These websites also use cookies, information about which can be found on the relevant pages.

The Data Controller does not control third party websites and excludes any responsibility for the content of other external websites.

The Data Controller informs its users that the use of cookies on the website requires the prior informed consent of the user pursuant to Section 155 (4) of Act C of 2003 on Electronic Communications (“Eht.”).

The purpose of processing the data stored in cookies is to enhance the user experience and improve the online services of the website. The cookies used on the website do not store personally identifiable information.

If you do not wish to receive certain types of cookies, you can set your browser to prevent the setting of a unique identifier or to warn you when the website wishes to send a cookie.

To learn more about these features and to fine-tune your cookie settings, please refer to the instructions or help screen of your web browser, or use the following link to turn on and off online behavioural advertising from each service provider:

Effective: 4 January 2021.

PHP Code Snippets Powered By :