Privacy Notice in respect of our website

1. Purpose of the Privacy Notice

FlottaMan Zrt. (hereinafter: Company) as the data controller, agrees to be bound by the contents of this legal notice. It commits to ensure that all data processing performed in connection with its activities complies with the requirements specified in this policy, in the effective national legislation, and in the legal acts of the European Union.

The data protection guidelines related to the data processing performed by the Company are available at under the section Data Processing.

The Company reserves the right to modify this Notice at any time.

If you have any questions related to this Notice, please send them to our address at, and our colleague will be happy to respond.

The Company is committed to the protection of the personal data of its customers and partners, and finds it a priority to honour their rights to informational self-determination. Therefore, the Company processes all personal data confidentially, and takes all safety, technical and organizational measures to guarantee data security.

The data controller describes its data processing activities as follows

2. Data of the data controller

If you wish to contact our Company, you may do so by contacting the data controller at the following availabilities.

The data controller deletes all incoming e-mails and personal data within 8 years after the data collection.

Name: FlottaMan Autóparkkezelő Zrt.

Registered address: 1223 Budapest, Park utca 2. B épület.

Company registration number: 01-10-141118

Name of the court of registration: Metropolitan Court of Registration

Tax number: 25546585-2-43

Phone: +36 30 333 9494


2.1. Data protection officer

Name: Novák és Társai Ügyvédi Iroda (Lawyers’ Office) / Dr Tamás Novák

Phone: 061-224-7090

3. Scope of the processed personal data

3.1. Personal data to be provided during registration/contact

Data Mandatory data Degree of necessity
Name yes title, distinction between transactions
E-mail address yes form of contact
Phone number no brief summary of the topic and faster response
Message no information exchange

3.2. Technical data

The data controller selects and operates the information devices used for the processing of personal data during providing the services in a way to ensure that:

  • they shall be available to those authorised to access them (availability);
  • their authenticity and authentication shall be ensured (integrity of data processing);
  • their stability shall be verifiable (integrity of data);
  • they shall be protected against unauthorized access (data confidentiality).

The data controller has the appropriate measures in place to protect the data against unauthorized access, alteration, transmission, disclosure, erasure or destruction, as well as against accidental destruction and damage.

The data controller introduces technical, organizational and structural measures directed at the safety of data processing, which ensure the level of protection appropriate for the risks associated with the data processing.

During the data processing, the data controller shall maintain

  • confidentiality: protects information from access by unauthorised persons;
  • integrity: protects the accuracy and completeness of information and the method of processing;
  • availability: ensures access to the required information by the authorized user when he or she actually needs them, and makes the necessary tools available for this purpose.

3.3 Cookies

3.3.1. Purpose of cookies

  • collecting information about visitors and their devices;
  • observing the individual preferences of visitors, which (may) be used, for example at the time of online transactions, eliminating the need to type them again;
  • facilitating the use of the website;
  • providing high-quality user experience.

In order to ensure customized service, small data files, so-called cookies are placed on the user’s computer, which are read during subsequent visits. When the browser sends back a previously saved cookie, the service provider managing such cookie has the opportunity to link the user’s current visit to the former ones, but only in respect of its own content.

3.3.2. Strictly necessary, session cookies

The purpose of these cookies is to allow visitors to fully and smoothly browse the website of, and to use the functions and services available there. These types of cookies expire when the session (browsing) ends, and the, when the browser is closed, these cookies are automatically deleted from the computer or other device used for browsing.

3.3.3. Third party cookies (analytics) also uses Google Analytics cookies as third party cookies. By using Google Analytics statistics service we collect information on the visitors’ use of the website. This data is used for the purpose of developing the website, increasing the number of visitors to the website, and improving user experience. These types of cookies are also stored on the visitor’s computer or other device used for browsing until they expire, or until the visitor deletes them.

3.4. Data related to online administration

Data Mandatory data Degree of necessity
name yes essential for the flow of business
e-mail address yes essential for the flow of business
phone number no contact
message no information exchange

3.5. Data related to the newsletters

When sending newsletters, the Company always asks for the consent of individuals whose data it processes. In addition to such consent, it also offers the possibility of subscribing or unsubscribing to the newsletter. It ensures opt-out option (exiting opt-in voluntarily or automatically) for the visitors throughout the process related to sending newsletters.

3.6. Retention period and use of the processed data

Description of data processing Use Legal basis Retention period
name quotations, contract, preparing documentation voluntary consent 8 years
e-mail address quotations, contract, preparing documentation voluntary consent 8 years
phone number quotations, contract, preparing documentation voluntary consent 8 years

4. The purpose, method and legal basis of data processing

4.1. General data processing guidelines

The data processing activity performed by the data controller is based on voluntary consent or legal authorization. In case of data processing based on voluntary consent, the data subjects may withdraw their consent at any time during the data processing.

In some cases, the processing, storage and transfer of a certain scope of data are mandatory by law, about which we will inform our customers separately.

The attention of those providing data to data controllers is drawn to the fact that in case the provided personal data are other than their own ones, then it is their obligation to obtain the consent of the data subject.

The principles of data processing are in accordance with the effective data protection regulations, in particular the following:

  • Act CXII of 2011 – on the right of informational self-determination and the freedom of information (Freedom of Information Act);
  • Regulation (EU) 2016/679 of the European Parliament and of the Council (27 April 2016) – on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR);
  • Act V of 2013 – on the Civil Code (Civil Code);
  • Act C of 2000 – on accounting (Accounting Act);
  • Act LIII of 2017 – on the prevention and combating of money laundering and terrorist financing (Act on Money Laundering);
  • Act CCXXXVII of 2013 – on credit institutions and financial enterprises (Credit Institution Act).

5. Locations of physical data storage

Your personal data (that is, any data relating to you) may get within the scope of our data processing in the following ways: on the one hand, the technical data related to the computer, browser program, or Internet address you use for the Internet connection, or to the visited websites are automatically generated in our computer system, and on the other hand, you may provide your name, contact information and other data when you wish to contact us during the use of our website.

Data that is technically recorded during the operation of the system: the data of the data subject’s computer used for logging which are generated during voting, and which are recorded by the Company’s system as an automatic result of the technical processes. At the time of login or logout, the automatically recorded data are logged automatically by the system without a separate statement or act by the data subject. Such data may not be combined with other personal data of users – except in cases mandatory under law. Only the Company has access to the data.

6. Data transfer, data processing, scope of persons/entities with access to the data

Name Registered address/address Activity/occupation
ICT Megoldások Kft. 1072 Budapest, Dob u 52 web developer
CASH-FLOW Vagyonértékelő, Tanácsadó és Könyvvizsgáló Kft 2049 Diósd, Fenyősor u. 23 data processing
Novák és Társai Ügyvédi Iroda 1126 Budapest, Márvány u. 27 data protection officer
Gergely Tóth s.p. 1141 Budapest, Gödöllői u 177 marketing activities

7. Rights and legal remedies available for the data subject

The data subject may request personal information on the processing of his or her personal data, and may request the rectification of his or her personal data, or – with the exception of mandatory data processing – may request their erasure or withdrawal, and may exercise his or her rights to data portability and objection in a way indicated at the time the data was collected, or at the contact data of the data controller indicated above.

7.1. Right to be informed

The data controller takes the appropriate measures to ensure that the data subjects are provided with all information in connection with the processing of personal data referred to in Articles 13, 14, 15-22, and 34 of the GDPR, in a concise, transparent, intelligible and easily accessible form, formulated in a clear and understandable way.

7.2. Right to access by the data subject

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her is being processed, and, where that is the case, access to the personal data and the following information:

  • the purposes of data processing;
  • the categories of the personal data concerned;
  • the recipients or categories of recipients to whom or which your personal data was disclosed or will be disclosed, including in particular third country recipients or international organizations;
  • the period for which the personal data is planned to be stored;
  • the right to rectification and erasure, the right to restricting data processing, the right to protest;
  • the right to lodge a complaint with a supervisory authority;
  • information on data sources;
  • the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

The data controller will provide the requested information within no more than one month of the date of the request.

7.3. Right to rectification

The data subject has the right to request the Company to rectify his or her incorrect personal data, or to supplement any missing data.

7.4. Right to erasure

The data subject has the right to obtain from the Company the erasure of his or her personal data without undue delay, in case one of the following reasons exist.

  • the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
  • the data subject has withdrawn his or her consent on which the data processing is based, and there is no other legal ground for the processing;
  • the data subject objects to the data processing, and there is no priority legitimate reason for the data processing;
  • the personal data has been unlawfully processed;
  • the personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the data controller is subject;
  • the personal data has been collected in relation to the offer of information society services.

The erasure of data cannot be initiated if the data processing is required for: exercising the right of freedom of expression and information; compliance with a legal obligation which requires processing by Union or Member State law to which the data controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller; on the grounds of public interest in the area of public health, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, or for the establishment, exercise or defence of legal claims.

7.5. Right to restrict data processing

At the request of the data subject, the Company restricts data processing where one of the following applies:

  • if the accuracy of the personal data is contested by the data subject, restriction applies for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • the data controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or
  • the data subject has objected to data processing; in this case such restriction shall be valid for a period it is determined whether the legitimate grounds of the data controller override those of the data subject.

Where data processing has been restricted, such personal data shall, with the exception of storage, only be processed with the consent of the data subject, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.

7.6. Right to data portability

The data subject is entitled to receive the personal data related to him or her that was provided by him or her to the data controller in a structured, commonly used and machine-readable format and also has the right to transfer that data to another data controller.

7.7. Right to object

The data subject has the right to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him or her for: public interest or for exercising public authority vested in the data controller; or if processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling. If the data subject protested, the data controller may not continue to process the personal data, except where the data controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or are needed for the establishment, exercise or defence of legal claims.

7.8. Right to withdraw consent

The data subject is entitled to withdraw his or her consent at any time.

7.9. Right to effective judicial remedy

In case the rights of the data subject are violated, the data subject shall have the right to judicial remedy against an action of the data controller. Such court proceedings shall be conducted under priority.

7.10. Data protection authority procedure

Complaints may be submitted to the National Authority for Data Protection and Freedom of Information:

Name: National Authority for Data Protection and Freedom of Information

Registered address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C. Postal address: 1530 Budapest, P.O. Box: 5.

Telephone: 0613911400

Fax: 0613911410



8. Other provisions:

Information on data processing not listed in this Notice is provided at the time of recording the data.

Our customers are informed that a court, the prosecutor’s office, an investigation authority, a misdemeanour authority, an administrative authority, the National Office of Data Protection and the Freedom of Information, and any organisation authorised by the law may contact the data controller to provide and hand over information, data and documents.

The Company may disclose personal data to the authorities in the amount and to the extent that is absolutely necessary to achieve the purpose of the request – if the authority has indicated the exact purpose and scope of the data.