Amendments to the privacy notice will enter into force on publication on the above website.
The Data Controller principles of the Service Provider are in line with existing data protection legislation, in particular:
- évi CXII. törvény – az információs önrendelkezési jogról és az információszabadságról (a továbbiakban: Infotv.)
2001. évi CVIII. törvény – az elektronikus kereskedelmi szolgáltatások, valamint az információs társadalommal összefüggő szolgáltatások egyes kérdéseiről (főképp a 13/A. §-a)
2008. évi XLVII. törvény – a fogyasztókkal szembeni tisztességtelen kereskedelmi gyakorlat tilalmáról;
2008. évi XLVIII. törvény – a gazdasági reklámtevékenység alapvető feltételeiről és egyes korlátairól (különösen a 6.§-a)
2005. évi XC. törvény az elektronikus információszabadságról
2003. évi C. törvény az elektronikus hírközlésről (kifejezetten a 155.§-a)
16/2011. sz. vélemény a viselkedésalapú online reklám bevált gyakorlatára vonatkozó EASA/IAB-ajánlásról
- Concerned / User: any natural person identified, directly or indirectly, by any identifiable personal data;
- Personal Data: data relating to the data subject, in particular the name, identifying sign/mark/data, and/or the identity of one or more physical, physiological, mental, economic, cultural or social identities of the data subject, as well as the conclusion that can be deduced from the data;
- Special Data
a) personal data relating to racial origin, nationality, political opinion or party affiliation, religious or other views of the world, membership of an interest representation organization, personal data relating to sexual life,
b) personal data relating to the state of health, abnormal passion and criminal personal data;
- Contribution: voluntary and decisive disclosure of the will of the person concerned, based on appropriate information and by which he gives his / her unambiguous consent to the handling of his / her personal data, covering all or part of operations;
- Protest: a statement of the person concerned with which he or she is objecting to the handling of his / her personal data and requesting the termination of data processing and requires deleting of the data processed;
- Data Controller means a natural or legal person or an organization without legal personality who either independently or with others determines the purpose of data management, makes and executes decisions on data handling (including the equipment used), or performs or executes the data processing agent enforce;
- Data Management: irrespective of the method used, any operation of the data or all the operations, in particular collecting, capturing, recording, systematizing, storing, modifying, utilizing, querying, transmitting, publishing, aligning or interconnecting, blocking, deleting or destroying data , As well as preventing the further use of data, taking photographs, sound or images, and recording physical features (such as finger or palm print, DNA pattern, iris image) for identifying the person;
- Transfer of Data: making the data available to a specific third party;
- Disclosure: making the data available to anyone;
- Data Deletion: making data unrecognizable in such a way that their recovery is no longer possible;
- Data Designation: supplying the data with an identification mark to distinguish it;
- Data Encryption: for the purpose of limiting the continued handling of the data by means of an identification mark for a definite or fixed period of time;
- Dissemination: complete physical destruction of data-containing media;
- Processing of Data: carrying out technical tasks related to data management operations, irrespective of the method and device used to implement the operations and the place of application, provided that the technical task is carried out on the data;
- “Data Processor” means a natural or legal person or an organization without legal personality who, on the basis of a contract concluded with the data controller, including the conclusion of a contract by law, processes data;
- Data Controller: a public service body that has produced or has been subject to the public interest information to be published electronically;
- Information Provider: a public service body which, if the data controller does not publish the data, publishes the information provided by the data controller on the website;
- File: The sum of the data processed in one register;
- “Third Party” means a natural or legal person or an organization without a legal person who is not the same as the data subject, the data controller or the data processor;
- Economic Advertising means a means of communication, information or presentation that may be a commercially available movable property, including money, securities and financial assets, as well as natural resources that can be used as a way of doing things (hereinafter referred to as: products), services (Hereinafter referred to as “goods”), or for the purposes of this purpose, the name, designation, promotion of its activity or the promotion of goods or markings (hereinafter referred to as “advertising”).
- Personal data may only be handled for a specific purpose, for the exercise of the right and for the fulfillment of the obligation. At all stages of data management, the purpose of data management must be met, data entry and management must be fair and legitimate.
- Only personal data that is essential for achieving the purpose of data management can be handled to achieve this goal. Personal data can only be handled to the extent and for the duration necessary to achieve the goal.
- Personal data can be handled if
The person concerned agrees or
It is governed by a law or by a decree of the local government on the basis of the authority of the law, within the scope specified therein, for reasons of public interest.
- If, due to the inability to do so or for some other unavoidable cause, he or she is unable to give his / her consent, the personal data of the person concerned may, to the extent necessary for the protection of the vital interests of one’s own or another person and to prevent or prevent the direct threat to the life, physical integrity or the physical, they can be treated.
- The validity of the legal declaration of a minor who is 16 years of age is not consented to, or approved by, his / her legal representative.
- If the purpose of data-processing based on consent is to perform a contract in writing with the data controller, the contract must contain all the information that the data subject needs to know for the purpose of handling personal data, pursuant to this law, in particular the definition of the data to be processed, the duration of the processing, Its purpose, the transmission of the data, its addressees, and the fact that the data processor is using it. The contract must, in an unambiguous manner, contain the signature of the signatory to the processing of his / her data as specified in the contract.
- The consent of the person concerned shall be deemed to be given for the personal data that he or she has communicated to him or made available for disclosure.
- In case of doubt, it must be presumed that the party concerned has not given his consent.
Functional data management
- The Legal Basis for Data Management on the Website is the User’s Contribution, Infotv. (1) of Section 1, and the CVIII Act of 2001 on certain aspects of electronic commerce services and information society services. Act 13 / A. (3) of the Act.
- Scope of managed data: User name, password, wire and name, email address, phone number, billing address, delivery address, contact name, date of registration, IP address for registration.
- Possibility of modifying the data: The following information can be modified on the website: Password, wire and name, e-mail address, telephone number, billing address, delivery address, contact name.
- Deadline for deleting data: Deleting the registration immediately. Accountancy documents are kept by Service Provider for 8 years pursuant to Section 169 (2) of Act C of 2000 on Accounting.
- In addition, the deletion or modification of personal data may be initiated in the following ways: By e-mail email@example.com by e-mail.
- Other authorities may contact the Service Provider on the basis of the court, the prosecutor, the investigating authority, the offender authority, the administrative authority, the National Data Protection and Data Protection Authority or the authority of the law.
- The Service Provider for the above authorities – provided the authority has indicated the exact purpose and scope of the data – issues personal data only to and to the extent that it is indispensable for the purpose of the request or at the time of the request.
- The Service Provider shall provide the data provided by the persons concerned with the information necessary for the performance of the Service, information on the CXII 2011 Law on Information Self-Destruction and Freedom of Information. Act on the Protection of Individuals with regard to Automatic Processing of Personal Data in Strasbourg, dated 28 January 1981. The Service Provider shall only use the processed data in a form that is unsuitable for personal identification
- The purpose of data management: The Service Provider manages the User’s personal data for the purpose of providing the service (full use of the website, eg registration, purchase, newsletter sending), only to the extent and time required. At all stages of data management, this is the goal.
- The Service Provider also manages the personal data necessary for the provision of the service technically necessary.
- If the personal data has been collected with the consent of the User, the Service Provider shall record the recorded data in the absence of a different provision of the law
(A) with a view to fulfilling a legal obligation on him, or
(B) In order to enforce a legitimate interest of a service provider or a third party, if the enforcement of this interest is proportionate to the restriction of the right to the protection of personal data, it may be treated without further special consent and after withdrawal of the User’s consent.
- The Service Provider does not misuses in any way with the personal data it manages.
- Cookies that are typical for web stores are the so-called “password-protected session cookies”, “shopping cart cookies” and “security cookies”, which require no prior consent from the affected users.
- The range of data processed: unique identifier, dates, times.
- Date of deletion of data: The duration of the data processing in session cookies lasts until the site visit ends.
- The purpose of data management is to identify users, keep track of “shopping cart” and track visitors.
- Websites also contain links to external servers (other than the Service Provider), pages accessible on these links may place their own cookies or other files on your computer, collect data, or request personal information. For this reason, the Service Provider shall exclude all liability.
- Data storage takes place on the affected IT device. An affected person has the option to delete cookies in the Tools / Preferences menu of browsers under the Privacy menu item.
- By using the Service, the User agrees that the Service Provider will collect and manage its personal data, as described in this Privacy Statement, for the purpose of providing the service in full for the provision of the Service.
Newsletter, DM Activity
- Act XLVIII of 2008 on the Fundamental Terms and Limitations of Economic Advertising Activity. The User agrees in advance and expressly that he or she may contact the Service Provider’s promotional offers and other items at the time of registration (eg e-mail address or telephone number).
- In addition, the Customer, with due regard for the provisions of this Prospectus, agrees that the Service Provider will handle the personal data necessary for the transmission of promotional offers.
- The Service Provider will not send unsolicited advertising messages and, without limitation and reasoning, you can unsubscribe from sending bids free of charge. In this case, the Service Provider deletes all personal data of its own, as well as the advertising of its advertisements, and does not seek the User. You can unsubscribe from ads by clicking the link in the message.
- The legal basis for data handling is the voluntary contribution of the concerned person, Infotv. Section 5 (1) of the Act and the Act XLVIII of 2008 on the Fundamental Terms and Limitations of Economic Advertising Activity. (6) (5) of the Act.
- Scope of managed data: name, e-mail address, date and time.
- Deadline for the deletion of the data: until the consent statement is withdrawn, ie until the date of unsubscription.
- The aim of the data management is to send electronic messages containing the advertisement to the affected person, to provide information about the current information, products, actions, new features, etc.
- The legal basis for data handling is the consent of the person concerned to manage his / her personal data on Facebook.com.
- For information about the source, how to handle them, how to transfer it and how to transfer it, please visit http://www.facebook.com/about/privacy/.
- The purpose of data management is to share, share, or share some content elements, products, actions or web site on Facebook.com.
- The range of data you are treated is the name of Facebook.com and the public profile profile of the user.
- Data management is implemented on Facebook.com, so the terms and methods of data management and the deletion and modification of data are subject to the rules of the facebook.com community: (http://www.facebook.com/legal/terms?ref= Pf), (http://www.facebook.com/about/privacy/)
- The Service Provider shall take all necessary security steps, organizational and technical measures to prevent the highest level of personal data security and to prevent unauthorized alteration, destruction and use of personal data.
- The Service Provider shall take all necessary measures to ensure data integrity, that is, the accuracy, completeness and up-to-date status of the personal data it manages and / or processes. It also ensures that the unchanged data can be verified.
- The Service Provider protects the data by appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as the inadvertence of accidental destruction, damage, and the technique used.
- The Service Provider will do its utmost to preserve the credibility and confidentiality of the data being processed and to ensure that the data subjects and those entitled to it always have access.
- Therefore, the Service Provider reserves the right to inform customers and partners of any failure of its clients or partners in the system while at the same time limiting access to the Service Provider’s system or any of its functions until the security breach is resolved.
Information on data management
- The person concerned may apply to the Service Provider to provide information on the processing of his / her personal data, to request the rectification of his or her personal data, and to request the deletion or blocking of his or her personal data, except mandatory data handling.
- At the request of a User, the Service Provider shall provide information on the data it manages, their source, the purpose, legal basis, duration of the data processing, the name, address and data management of the data processor, and, in the case of transmission of the personal data of the person concerned, the legal basis and the addressee of the data transfer. The Service Provider shall provide the information in writing and in a legible form within the shortest possible time from the submission of the request, but within a maximum of 30 days. The information is free of charge.
- The Service Provider, if the personal data does not comply with the reality, and the personal data that is true to the reality is available to the data controller, corrects the personal data.
- Instead of deleting, the Service Provider locks out personal data if the User so requests or if, based on the information available to him, it is assumed that deletion would violate the legitimate interests of the User. Blocked personal data can only be handled as long as there is a data target that excludes the deletion of personal data.
- The Service Provider deletes personal data if its handling is unlawful, the User requests, the data is incomplete or incorrect – and this status can not be legally remedied – provided that the deletion is not excluded by law, the purpose of the data is terminated or the data storage Has expired, the court or the National Data Protection and Information Authority has ordered it.
- The Service Provider shall inform the person concerned of the correction, blocking, marking and deletion, as well as those who have previously been transferring the data for data processing. Notification may be omitted if it does not prejudice the legitimate interests of the data concerned for the purpose of data handling.
- For the deletion, locking and correction of personal data 30 days are available to the data controller. If the Service Provider fails to comply with the User’s request for rectification, blocking or deletion, he or she shall state the reasons for the rejection within 30 days.
- You may object to your personal data being handled if(A) the processing or transmission of personal data is solely necessary to fulfill the legal obligation of the Service Provider or to enforce the legitimate interest of the Provider, Data Provider or third party, unless data management is prescribed by law;(B) the use or transmission of personal data is done for direct business acquisition, polling or scientific research;
The Service Provider shall examine the protest within the shortest possible time but not later than 15 days from the submission of the request, and shall make a decision on the matter of its validity and shall inform the applicant in writing. If the Service Provider determines the validity of the protest of the person concerned, data handling, including further data collection and data transfer, will terminate and lock the data, and inform the protest and the measures taken on the basis of those who have previously transferred the personal data involved in the protest, And who are obliged to take action to enforce the right to protest.
If the User Service provider disagrees with the decision of the User, he or she may appeal to the court within 30 days from the date of its communication.
In the event of a violation of his or her rights, a Service Provider may sue the court. The court proceeds out of court. An appeal can be lodged with the National Data Protection and Freedom Authority:
Nemzeti Adatvédelmi és Információszabadság Hatóság
1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, Postafiók: 5.
Tel: +36 -1-391-1400