Home

About Us

References

Products and Services

Facilities

Contact Us

Contact Us

Home

About Us

References

Products and Services

Facilities

Contact Us

Contact Us

Privacy

policy

The processing of personal data of persons (natural persons, persons authorised to represent and sign on behalf of the contracting party or authorised to sign on behalf of the contracting party or persons authorised to sign on behalf of the contracting party, persons certifying performance of the contract, contact persons designated in the contract or persons otherwise involved in or assisting with the performance of the contract)

  1. Name of the controller

Name: Ganz-MaVag International Korlátolt Felelősségű Társaság
Seat: 1139 Budapest, Lomb utca 37-39.
Company registration number: Cg. 01-09-286246
Tax number: 25733350-2-41
E-mail: commercial@mavag.com
hereinafter referred to as: Data Controller

Contact details of the employee responsible for data protection:
E-mail: commercial @mavag.hu
Postal address: 1139 Budapest, Lomb utca 37-39.

  1. Name of data processor

Name:
Seat:
Company registration number:
Tax number:
E-mail:
hereinafter referred to as: Data Processor

Contact details of the Data Protection Officer:
E-mail: commercial@mavag.com

On the basis of the service contract between the Data Controller and the Data Processor, the Data Processor provides the Data Controller with a full range of IT services, including the hosting of personal data processed electronically and the operation of certain software for storing the data.

  1. The person concerned:

In the process of concluding a contract with the Data Controller, the contracting party shall include the persons authorised to represent and sign (natural persons, authorised representatives or persons authorised to register a company), the persons confirming performance, the contact persons indicated in the contract or persons otherwise participating or assisting in the performance of the contract.

  1. Information on data management

4.1.Purpose of data processing:The Data Controller processes personal data of persons (natural persons, persons authorised to represent and sign, or persons authorised to register a company) entitled to represent and sign during the contracting procedure, persons confirming performance, contact persons designated in the contract, or persons otherwise participating or assisting in the performance of the contract, in order to prepare, conclude and perform the contract.

4.2. Scope of data processed by  and its legal basis

Name of person: natural person contracting party
Personal data: name, identification data (mother's name, place and date of birth), contact details (permanent address, postal address, telephone number, e-mail address), billing information (tax identification number, bank account number), signature
Legal basis for processing: Article 6(1)(b) GDPR (performance of the contract)

Name of person: the person authorised to sign the contract on behalf of the party contracting with the Company
Personal data: name, the identification data (mother's name, date and place of birth, position) on the specimen signature or on the power of attorney, contact details (postal address, telephone number, e-mail address), signature
Legal basis for processing: Article 6(1)(f) GDPR (legitimate interest)

Name of person: any person designated by the contracting party as a confirmor, contact person or otherwise involved or assisting in the performance of the contract
Personal data: name, data necessary for identification (position), contact details (postal address, telephone number, e-mail address)
Legal basis for processing: Article 6(1)(f) GDPR (legitimate interest)

Name of person: the person authorised to sign the contract on behalf of the Company (employee)
Personal data: name, the identification data (mother's name, date and place of birth, position) on the specimen signature or on the power of attorney, contact details (postal address, telephone number, e-mail address), signature
Legal basis for processing: Article 6(1)(b) GDPR (performance of contract) and the provisions of the Mt. § 10 (1)

Name of person: a person (employee) designated by the Company as a confirmor, contact person or otherwise participating or assisting in the performance of the contract
Personal data: name, data necessary for identification (position), contact details (postal address, telephone number, e-mail address)
Legal basis for processing: Article 6(1)(b) GDPR (performance of contract) and the provisions of the Mt. § 10 (1)

4.3. Source of personal data: the data subject or the data subject's employer.

4.4. Duration of data processing: data processing is carried out with a different retention date for each batch of records, as set out in the instructions of the Group and the Data Controller on the Data Management Policy in force at the time. In the case of contracts for consideration, the mandatory retention period is 8 years in accordance with Article 169 (2)-(3) of Act C of 2000 on Accounting.

4.5. Method of data processing: paper and electronic.

4.6. Persons entitled to access the data: personal data recorded in section 4.2 may only be accessed by the employees of the Data Controller acting in the course of the contracting process and the performance of the contract.

  1. Information on data security measures

  • The Data Controller shall, with the assistance of the Processor, take the technical and organisational measures necessary to:

  1. ensure that IT systems operate in accordance with the Information Security Policy (ISP);

  2. ensure that authorised users have access to IT systems, their functions and the data they manage, according to their level of authorisation;

  3. ensure that data is backed up and archived.

  • The Data Controller shall comply with the procedural rules necessary to enforce the legal requirements for data processing set out in point 7. The Data Controller also expects the Processor to comply with this legislation on the basis of the processing contract concluded between them pursuant to Article 28(3) of the GDPR. 

  • The Data Controller shall, through the Data Processor, subject the electronically processed data files to virus scanning and other security filtering.

  • The Data Controller shall ensure the security of data processing by technical, organisational and organisational measures to provide a level of protection appropriate to the risks associated with the processing, by selecting the IT tools used and by operating them in such a way that the data processed:

  1. be accessible to authorised persons (availability);

  2. be authentic and verified (authenticity of processing);

  3. be verifiable (data integrity);

  4. be accessible only to the authorised person and protected against unauthorised access (confidentiality of data).

  1. Data subjects' rights and means of redress

Given that the Data Controller's intention - as described in point 4.1 - is not specifically to process your personal data (it only processes your data in connection with the contractual relationship, in an ancillary manner, i.e. it does not collect, record or manage them in a separate database), but to manage and record your contractual portfolio and legal relationships, in order to exercise your rights listed in point 6, and to serve your needs efficiently and promptly, we ask you to indicate

  • which contracting party (name, registered office) acted on behalf of the Data Controller in entering into and performing the contract with the Data Controller, and/or

  • the date (period) of the contract to which it relates.

6.1. Right to request information
The data subject may request information from the Controller, request the rectification of his or her personal data and request the restriction of processing. At the request of the data subject, the Controller shall provide information on the data processed, the purposes, legal basis and duration of the processing, the name and address (registered office) of the controller, the name and address (registered office) of the processors and their activities in relation to the processing, the contact details of the employee responsible for data protection, the persons who have received or are receiving the data subject's personal data and the data subject's rights in relation to the processing. The Controller shall provide the information in writing in an intelligible form within the shortest possible time from the date of the request, but not later than 1 month. If necessary, taking into account the complexity of the request and the number of requests, this time limit may be extended by a further two months. Where the request for information is unfounded or excessive, in particular because of its repetitive nature, the Controller may refuse to act on the request. The controller may refuse to comply with a request to exercise the rights of the data subject until the data subject can be identified beyond reasonable doubt.

6.2. Right of access
The data subject has the right to receive feedback from the Data Controller on whether his or her personal data is being processed. 
The right of access entitles the data subject to have access to personal data relating to ongoing processing and to the following information: 

  • the purpose of the processing, 

  • the categories of personal data concerned, 

  • the duration of the processing, 

  • who receives or has received the personal data of the data subject and for what purposes, 

  • the data subject's rights in relation to data processing, 

  • the right to lodge a complaint with a supervisory authority. 

At the request of the data subject, the Data Controller shall provide a copy of the personal data subject to processing, provided that it does not adversely affect the rights and freedoms of others. The Controller may charge a fee for additional copies requested by the data subject. 

  1. Right to modify, rectify and supplement data 

The data subject may request the amendment (rectification) of inaccurate personal data concerning him or her or the completion of incomplete personal data through the contact details provided in point 1. The controller shall notify the data subject of the rectification.

  1. Right to erasure ("right to be forgotten")

The data subject may request the erasure of his or her personal data if the purpose of the processing has ceased, if the data subject withdraws his or her consent, if the processing of the data is unlawful, if the specified period for storing the data has expired or if a court or public authority has ordered it. The controller shall notify the data subject of the erasure of personal data. The Controller shall not erase personal data where it is necessary for compliance with a legal obligation to which the Controller is subject or for the establishment, exercise or defence of legal claims.

  1. Right to restriction of processing

You may request the restriction of the processing of your personal data by the Controller at any of the Controller's contact details, provided that: 

  • the data subject contests the accuracy of the personal data (in which case the restriction applies for as long as the Data Controller verifies the accuracy of the data); 

  • the processing is unlawful, but the data subject opposes the erasure of the data and requests the restriction of their use; 

  • the purpose of the processing has ceased, but the data subject needs them for the establishment, exercise or defence of legal claims.

The restriction lasts as long as necessary for the reason indicated by the data subject. In this case, the personal data, except for storage, will only be processed with the consent of the data subject; or for the establishment, exercise or defence of legal claims; or for the protection of the rights of another natural or legal person; or for important public interests. The Controller shall inform the data subject in advance of the lifting of any restriction at the request of the data subject. 

  1. Right to object

If the Data Controller carries out the processing on the basis of Article 6(1)(f) of the GDPR, the data subject may object to the processing of his or her personal data via the contact details provided. In this case, the Controller shall no longer process the personal data and shall delete it. The Controller may further process the personal data of the data subject where the processing is justified by compelling legitimate grounds and where it is necessary for the establishment, exercise or defence of legal claims.

  1. Right to data portability

The data subject shall have the right to obtain the personal data concerning him or her which he or she has provided to the Controller in a structured, commonly used, machine-readable format, provided that the processing is based on consent in accordance with Article 6(1)(a) of the GDPR or on a contract in accordance with Article 6(1)(b) and that the Controller carries out the processing by automated means. The data subject also has the right to transmit this data to another controller. The Controller shall only transfer the personal data of the data subject to the controller which the data subject identifies in an identifiable manner. The Controller shall not be liable for the processing carried out by the recipient controller after the transfer.

  1. Right to legal redress 

In case of violation of your rights or if you disagree with the decision of the Data Controller, you may lodge a complaint with the National Authority for Data Protection and Freedom of Information: 

Name: National  Data Protection and Freedom of Information 
Seat: 1055 Budapest, Falk Miksa u. 9-11.
Postal address: 1363 Budapest, Pf. 9. 
Telephone: +36 (1) 391-1400 / +36 (30) 683-5969 / +36 (30) 549-6838
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat@naih.hu

In case of infringement of his/her rights or if he/she disagrees with the decision of the Data Controller, he/she may also directly apply to the court of the place of his/her residence or domicile for a remedy against the Data Controller. The court shall decide the case out of turn.

If you require further information on data processing in addition to that provided in the Privacy Notice, you can request information via the contact details of the Data Controller provided in point 1.

If the data subject has a comment or objection about the processing of his or her personal data or would like to request information about the processing of his or her data, he or she may contact the employee responsible for data protection at commercial@mavag.hu .

  1. Relevant legislation

  • Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or GDPR),

  • Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (Infotv.),

  • Act V of 2013 on the Civil Code.

Effective: 1st of January, 2025                              

Ganz-MaVag International Ltd.

Data Controller

Egyptian National Railways (ENR) – The Largest Project in Our History

Egyptian National Railways (ENR) – The Largest Project in Our History

1AC COACH

1AC COACH

2AC COACH

2AC COACH

2AC BUFFET COACH

2AC BUFFET COACH

3AC COACH

3AC COACH

connect for the future journeys

Let’s Talk

Home

About Us

Featured Projects

Products and Services

Facilities

Contact

Cookie Management

Privacy Policy

Copyright 2025 Ganz-MaVag International. All rights reserved.

connect for the future journeys

Let’s Talk

Home

About Us

Featured Projects

Products and Services

Facilities

Contact

Cookie Management

Privacy Policy

Copyright 2025 Ganz-MaVag International. All rights reserved.

con
nect
for the
future
jour
neys

Let’s Talk

Home

About Us

Featured Projects

Products and Services

Facilities

Contact

Cookie Management

Privacy Policy

Copyright 2025 Ganz-MaVag International. All rights reserved.

connect
for the future
journeys

Let’s Talk

Home

About Us

Featured Projects

Products and Services

Facilities

Contact

Cookie Management

Privacy Policy

Copyright 2025 Ganz-MaVag International. All rights reserved.