Last Updated: February 2025
Company Name: Talamone Group LLC (Americas) / HAWK SYSTEM SRO (Europe)
Americas Office: 1221 Brickell Ave, Suite 900, Miami, FL 33131, USA
Europe Office: Levice, Slovakia
Email: [email protected] (Americas) / [email protected] (Europe)
Websites: www.talamonegroup.com, www.hawk-system.com, talamonegridguardian.com
The controller acknowledges that it is bound by the contents of this legal notice. The purpose of this Privacy Policy is to inform customers and partners about the processing of their personal data.
The data controller shall process personal data only in accordance with the provisions of applicable law and in strict compliance with the provisions on data management and data protection, taking into account the principles of lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy and limited storage.
The data controller shall take all technical and organisational measures to ensure that the personal data of its partners are processed in a secure manner as required by Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).
The data controller is committed to protecting the personal data of its customers, and attaches the utmost importance to respecting the right of information self-determination of its partners. The Data Controller treats personal data confidentially and takes all security, technical and organisational measures to guarantee the security of the data.
The personal scope of this Privacy Policy extends to the controller and to the natural persons whose data are included in the processing covered by this Notice, as well as to persons whose rights or legitimate interests are affected by the processing.
The scope of this Notice covers all processing in the course of the controller's activities, except for so-called internal processing (e.g. relating to employees), which is described in the controller's internal Privacy Policy.
Personal data are processed by the controller only in the following cases:
The controller examines the lawfulness of data processing at all stages of its activities, and only processes data for which it can justify the purpose and legal basis.
The contractual partners of the controller may be both individuals and legal persons. The establishment of a contractual relationship is preceded by a request for a proposal, in person, by telephone, by e-mail, by using the contact form on the websites or via social networking sites.
The applicant provides his/her name, telephone number and e-mail address to which the controller sends its offer. If the offer is rejected, the personal data of the data subject will be deleted without delay and at the latest within 30 days.
Legal basis: Establishment of a contract (Article 6(1)(b) GDPR) and performance of contractual obligation.
The controller issues invoices for services provided. The personal data on invoices are stored for 8 years in compliance with accounting retention obligations.
The data controller manages contact details (name, e-mail address, telephone number) of suppliers, service providers and subcontractors. The legal basis for processing is the fulfilment of contractual obligations (Article 6(1)(b) GDPR) or consent of the contact person (Article 6(1)(a) GDPR).
On the websites, visitors have the possibility to contact the data controller by means of a contact form. The form requires the name and e-mail address of the interested party.
If, after the contact, the service is not ordered, the personal data will be deleted immediately, but within 30 days at the latest.
Legal basis: Concluding a contract (Article 6(1)(b) GDPR).
The data controller offers the possibility to subscribe to a newsletter by providing your name and e-mail address. By subscribing, the data subject consents to the processing of personal data for marketing purposes.
The data subject can unsubscribe at any time. Upon withdrawal of consent, data will be deleted without delay and within 30 days at the latest.
Legal basis: Explicit and written informed consent (Article 6(1)(a) GDPR).
Natural persons applying to the controller shall submit a curriculum vitae. The purpose is to fill advertised vacancies or for use in future vacancies.
If the candidate is not selected, the CV will be immediately destroyed unless the data subject has given consent for a longer retention period. As a general rule, CVs are kept for 3 months.
Legal basis: Consent of the data subject (Article 6(1)(a) GDPR).
The data controller's websites use cookies in their operation. The legal basis for the processing of personal data obtained from them is the consent of the visitor (Article 6(1)(a) GDPR).
| Cookie Name | Duration | Type |
|---|---|---|
| cookie_notice_accepted | 1 month | Strictly Necessary |
| _ga | 1 year 1 month 4 days | Statistics – Google Analytics |
| _ga_* | 1 year 1 month 4 days | Statistics – Google Analytics |
These cookies allow visitors to browse the websites and use their features fully. This type of cookie is valid until the end of the session and is automatically deleted when the browser is closed.
The controller's websites use Google Analytics as a third-party cookie for statistical purposes. The data is used to improve the websites and user experience.
Google Analytics collects users' IP addresses for security and geolocation purposes. In the context of Google Analytics, the IP address transmitted by the visitor's browser is not merged with other Google data.
You may refuse the use of cookies by selecting the appropriate settings on your browser. You can also prevent data collection by downloading and installing the browser plug-in at: http://www.google.com/policies/privacy/ads/
In your browser settings, you can accept or reject new cookies and delete existing cookies. You can also set your browser to notify you each time a new cookie is placed. More information is available in your browser's "help" function.
If you choose to disable some or all cookies, you may not be able to use all the features of the websites.
Where processing is carried out on behalf of the controller, the controller only uses processors that offer adequate guarantees of compliance with the requirements of the GDPR and implement appropriate technical and organisational measures to ensure the protection of the rights of data subjects.
The following data processors may have access to personal data:
The data controller operates social networking sites (including LinkedIn) to promote its activities and present its services.
LinkedIn Page: https://www.linkedin.com/company/talamonegroup/
On the social networking site, the controller processes personal data of followers on the basis of consent (Article 6(1)(a) GDPR). Consent is deemed to be given by the fact that the person likes, follows or comments on the page and its posts.
The social networking site may use the data for its own purposes, including profiling. The controller has no control over this processing. For more information, please visit the LinkedIn privacy policy.
The data controller undertakes to ensure the security of the data, to take technical and organisational measures and to maintain procedural rules to ensure that data recorded, stored or processed are protected and to prevent their destruction, unauthorised use or unauthorised alteration.
The controller shall ensure that processed data cannot be accessed, disclosed, transmitted, modified or deleted by unauthorised persons. Security measures include:
The data subjects acknowledge that data protection cannot be fully guaranteed on the Internet. In the event of unauthorised access despite the efforts of the controller, incident procedures as described in this notice will be followed.
| Data Type | Retention Period |
|---|---|
| Rejected quotation requests | 30 days |
| Contact form submissions (no contract) | 30 days |
| Invoice data | 8 years (legal requirement) |
| Contract-related data | 8 years after contract termination |
| Job applications (unsuccessful) | Immediately / up to 3 months with consent |
| Newsletter subscriptions | Until withdrawal of consent (within 30 days) |
| Complaint handling records | 3 years |
The data subject has the right to obtain confirmation as to whether personal data are being processed and, if so, access to the personal data and information about:
The data subject has the right to obtain the rectification of inaccurate personal data.
The data subject has the right to obtain the erasure of personal data if:
The data subject has the right to request restriction of processing if:
The data subject has the right to receive personal data in a structured, commonly used, machine-readable format and to transmit such data to another controller.
The data subject has the right to object, on grounds relating to his or her particular situation, at any time to the processing of personal data, as provided for in Article 21 of the GDPR.
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or significantly affects him or her. The controller does not use automated decision-making mechanisms that have a significant impact on data subjects' rights.
To exercise any of these rights, contact us at:
Email: [email protected] (Americas) or [email protected] (Europe)
The controller will respond to your request within 30 days.
A personal data breach is a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
In the event of a data breach (unless unlikely to pose a risk to rights and freedoms), the controller shall notify the relevant supervisory authority without undue delay and, if possible, within 72 hours.
If the breach is likely to result in a high risk to data subjects' rights and freedoms, the controller will inform affected individuals without delay, clearly describing the nature of the breach and recommended measures.
The controller maintains records of all data breaches, including causes, effects and remedial measures taken.
The data controller provides its services only to persons over the age of 18.
On the websites, in relation to cookie consent, the data subject must confirm they have reached the age of 16. Pursuant to Article 8(1) of the GDPR, persons under 16 require consent from their legal representative for the processing of personal data.
Special data that comes to the attention of the controller shall not be recorded. If such data has been entered without the controller's knowledge, it will be deleted immediately upon detection.
Your information may be transferred to and processed in countries other than your own, including the United States and European Union countries. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws, including Standard Contractual Clauses where required.
You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.
You may contact your local Data Protection Authority or:
National Authority for Data Protection and Freedom of Information (Hungary)
Address: 1055 Budapest, Falk Miksa u. 9-11, Hungary
Phone: +36 1 391 1400
Email: [email protected]
Website: www.naih.hu
You may contact the Federal Trade Commission (FTC) or your state's Attorney General office.
The controller reserves the right to change this policy at any time. Any changes will be communicated in due time and th