Country

Language

Cart

Your cart is empty

Privacy Policy

Introduction

During the operation of the website, the service provider / data controller processes the data of persons registered on the site in order to provide them with appropriate services.

The service provider intends to fully comply with the legal requirements regarding the processing of personal data, in particular those contained in Regulation (EU) 2016/679 of the European Parliament and of the Council.

This data processing notice has been prepared on the basis of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of personal data of natural persons and on the free movement of such data, taking into account the content of Act CXII of 2011 on the right to informational self-determination and freedom of information.

Before starting data processing, the data subject must be clearly and in detail informed about all facts related to the processing of his or her data, in particular the purpose and legal basis of data processing, the person authorized to manage and process the data, and the duration of data processing .

Data controller

Name/company name: István Tibor Mosonyi, Sole Proprietor
Headquarters: 1119 Budapest, Hadak Street 34.
Mailing address: 1119 Budapest, Hadak útja 34.
Tax number: 59365356-1-43

Registration number: 57385877

Phone: +36 20 352 3018
Email: info@larus-shop.com
Website address: larus-shop.com
Data protection information available: larus-shop.com/adatvedelmi-tajekoztato/

Hosting provider

Name/Company Name: Shopify Inc
Headquarters: 150 Elgin St, Suite 800, Ottawa, ON, K2P 1L4, Canada
Phone: +1 888 746 7439
Email: support@shopify.com

Website: shopify.com

The data you provide is stored on a server operated by the hosting provider. Only our employees and the employees operating the server have access to the data, but they are all responsible for the secure management of the data.

Name of the activity: hosting service, server service.

The purpose of data management is to ensure the operation of the website.

The data processed: personal data provided by the data subject

Duration of data processing and deadline for data deletion. Data processing is carried out until the end of the website's operation or according to the contractual agreement between the website operator and the hosting service provider. If necessary, the data subject may also request the deletion of his/her data by contacting the hosting service provider.

The legal basis for data processing is the consent of the person concerned or data processing based on law.

Data processing guidelines

The data controller declares that it processes personal data in accordance with the data processing information and complies with the provisions of the relevant laws, with particular attention to the following:

  • Personal data must be processed lawfully and fairly, and in a manner that is transparent to the data subject.
  • Personal data may only be collected for specified, explicit and legitimate purposes.
  • The purpose of processing personal data must be adequate and relevant and limited to what is necessary.
  • Personal data must be accurate and up-to-date. Inaccurate personal data must be deleted immediately.
  • Personal data shall be stored in a form which permits identification of data subjects only for the period necessary. Personal data may be stored for a longer period only if the storage is for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes.
  • Personal data must be processed in such a way that appropriate technical or organizational measures are used to ensure the appropriate security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage to the data.
  • The principles of data protection must apply to all information relating to an identified or identifiable natural person.

Important data management information

The purpose of data management is to enable the service provider/data controller to provide appropriate additional services to persons registered on the website during the operation of the website.

The legal basis for data processing is the consent of the person concerned.

The scope of data processing includes registered users of the website.

Duration of data processing and deletion of data. The duration of data processing always depends on the specific user purpose, but the data must be deleted immediately if the originally intended purpose has been achieved. The data subject may withdraw his/her consent to data processing at any time by sending a letter to the contact e-mail address. If there is no legal obstacle to deletion, in this case his/her data will be deleted.

The data controller and its employees are entitled to access the data.

The data subject may request from the controller access to, rectification, erasure or restriction of processing of personal data concerning him or her, and may object to the processing of such personal data, as well as the data subject's right to data portability.

The data subject may withdraw their consent to data processing at any time, but this does not affect the lawfulness of the data processing carried out on the basis of consent before the withdrawal.

The data subject may exercise the right to lodge a complaint with the supervisory authority.

If the data subject wishes to use the benefits of registration, i.e. to use the website's services in this regard, it is necessary to provide the requested personal data. The data subject is not obliged to provide personal data, and failure to provide data will not have any adverse consequences for him. However, the use of certain functions of the website is not possible without registration.

The data subject has the right to obtain from the controller, at his or her request, the rectification or completion of inaccurate personal data concerning him or her without undue delay.

The data subject has the right to obtain from the controller, upon request, the erasure of inaccurate personal data concerning him or her without undue delay, and the controller is obliged to erase the personal data concerning the data subject without undue delay, unless there is another legal basis for the processing.

Modification or deletion of personal data can be initiated by email, telephone or letter using the contact options provided above.

Data processed for the purpose of concluding and fulfilling contracts

In order to conclude and fulfill a contract, several data processing cases may be implemented. We inform you that data processing related to complaint handling and warranty administration will only be implemented if you exercise one of the aforementioned rights.

If you do not make purchases through the webshop, but are only a visitor to the webshop, then the provisions on data processing for marketing purposes may apply to you if you give us your consent for marketing purposes.

The data processing carried out for the purpose of concluding and fulfilling contracts is described in more detail:

Contact us

For example, if you contact us with a question about a product via email, contact form or telephone.

Prior contact is not mandatory, you can order from the webshop at any time without this.

Processed data : Data provided by you during contact.

Duration of data processing : We only process the data until the contact is completed.

Legal basis for data processing : Your voluntary consent, which you provide to the Data Controller by contacting us. [Data processing pursuant to Article 6(1)(a) of the Regulation]

Website registration

By storing the data provided during registration, the Data Controller can provide a more convenient service (e.g. the data subject does not have to provide their data again when making a new purchase). Registration is not a condition for concluding a contract.

Purpose of data processing: providing additional services and establishing contact.

Legal basis for registration data processing: Your voluntary consent, which you provide to the Data Controller upon registration [Data processing pursuant to Article 6(1)(a) of the Regulation].

The scope of data processing is: registered users of the website.

Duration of data processing: Data processing takes place until the consent is withdrawn. You can withdraw your consent to data processing at any time by sending a letter to the contact e-mail address.

Scope of processed data, specific purpose of data processing:

  • Name: Identification, contact, billing.
  • Company name: Identification, contact, billing.
  • Title: Identification, contact, billing.
  • Email : Identification, contact.
  • Telephone: Identification, contact.
  • Registration date: Technical information operation.
  • IP address: Technical information operation.

Those entitled to access the data are: the data controller and its employees.

Data storage method: electronic.

Providing personal data is absolutely necessary for identification in databases and for maintaining contact. The exact company name and address are required for invoicing, which is a legal obligation.

As a data subject, you may object to the processing of your personal data, in this regard you are entitled to proceed in accordance with the data processing information detailed above and this information, as well as the legal provisions described in the information.

Place an order

The purpose of data processing is to provide additional services, contact you, and send confirmation emails. We can only fulfill your order if you provide your contact and billing information, which is absolutely necessary for contact and billing.

If you have placed an order in the webshop, data processing and providing data is essential for the fulfillment of the contract.

The legal basis for data processing is your consent. In the case of invoicing, data processing is based on legal requirements.

The scope of data processing is: registered users of the website.

Duration of data processing: Data processing takes place until legal requirements or until consent is withdrawn. You can withdraw your consent to data processing at any time by sending a letter to the contact email address.

Scope of processed data, specific purpose of data processing:

  • Name: Identification, contact, billing.
  • Company name: Identification, contact, billing.
  • Title: Identification, contact, billing.
  • Email: Identification, contact.
  • Telephone: Identification, contact.
  • Ordered product details: Product identification.
  • Registration date: Technical information operation.
  • IP address: Technical information operation.

You may withdraw your consent to data processing at any time by sending a letter to the contact email address. Billing data may be deleted in accordance with legal requirements.

Those entitled to access the data are: the data controller and its employees.

Data storage method: electronic.

The data subject may object to the processing of his or her personal data, in this regard he or she is entitled to proceed in accordance with the data processing information detailed above and this information, as well as the legal provisions described in the information.

Invoice issuance

The data processing process is carried out in order to issue invoices in accordance with the law and to fulfill the obligation to retain accounting documents. Pursuant to Section 169 (1)-(2) of the Accounting Act, business companies must retain accounting documents that directly and indirectly support the accounting settlement.

Purpose of data processing: issuing and sending an electronic invoice as an email attachment.

Legal basis for data processing: mandatory data processing based on legislation. According to Section 159 (1) of Act CXXVII of 2007 on Value Added Tax, the issuance of an invoice is mandatory and it must be kept for 8 years according to Section 169 (2) of Act C of 2000 on Accounting [Data processing pursuant to Article 6 (1) c) of the Regulation].

The scope of data processing is: the service provider's customer partners.

Duration of data management: issued invoices must be kept for 8 years from the date of issue of the invoice, pursuant to Section 169 (2) of the Tax Act.

Scope of processed data, specific purpose of data processing:

  • Name: identification, contact, billing.
  • Company name: identification, contact, billing.
  • Address: identification, contact, billing.
  • Email: identification, contact.
  • Telephone: identification, contact.
  • Tax number/tax identification: identification of the buyer.
  • Account details: identification of the account.
  • Invoice date: technical information operation.

Data processing takes place until legal requirements or until consent is withdrawn. You can withdraw your consent to data processing at any time by sending a letter to the contact email address.

The data will be deleted when you withdraw your consent to data processing. You can withdraw your consent to data processing at any time by sending a letter to the contact email address. The deletion of billing data may be carried out in accordance with legal requirements.

The data controller and its employees are entitled to access the data .

Data storage method : electronic.

Modification or deletion of account information can be initiated by email, telephone or letter using the contact options provided above.

The data subject may object to the processing of his or her personal data, in this regard he or she is entitled to proceed in accordance with the data processing information detailed above and this information, as well as the legal provisions described in the information.

Data processing related to the transport of goods

The data processing process takes place in order to deliver the ordered product.

Processed data: name, address, email address, telephone number.

Duration of data processing: the Data Controller processes the data until the delivery of the ordered goods.

Legal basis for data processing: Performance of a contract [Data processing pursuant to Article 6(1)(b) of the Regulation].

Warranty administration

The data processing process is carried out in order to handle warranty complaints. If you have requested warranty processing, data processing and the provision of data is essential.

Data processed: customer name, phone number, email address, content of the complaint.

Duration of data processing : warranty complaints are kept for 5 years in accordance with the Consumer Protection Act.

The legal basis for data processing: whether you contact us in the event of warranty administration is your voluntary decision, however, if you contact us, we are obliged to keep the complaint for 5 years based on Section 17/A. (7) of Act CLV of 1997 on Consumer Protection [Data processing pursuant to Article 6 (1) c) of the Regulation]

Handling other consumer complaints

The data processing process is carried out in order to handle consumer complaints. If you have contacted us with a complaint, data processing and the provision of data is essential.

Data processed : customer name, phone number, email address, content of complaint.

Duration of data processing: We retain warranty complaints for 5 years in accordance with the Consumer Protection Act.

The legal basis for data processing is your voluntary decision whether to contact us with a complaint, however, if you contact us, we are obliged to keep the complaint for 5 years pursuant to Section 17/A. (7) of Act CLV of 1997 on Consumer Protection [Data processing pursuant to Article 6 (1) c) of the Regulation].

Data processed in connection with the verification of consent

During registration, ordering, or subscribing to the newsletter, the IT system stores the IT data related to the consent for later proof.

Processed data : time of consent and IP address of the data subject.

Duration of data processing : due to legal requirements, consent must be proven later, therefore the duration of data storage is limited to the limitation period following the termination of data processing.

Legal basis for data processing : Article 7(1) of the Regulation provides for this obligation. [Data processing pursuant to Article 6(1)(c) of the Regulation]

Data processing for marketing purposes

Data processing related to sending newsletters

Processed data: name, address, email address, telephone number.

Duration of data processing: until the data subject withdraws their consent.

Legal basis for data processing: your voluntary consent, which you provide to the Data Controller by subscribing to the newsletter [Data processing pursuant to Article 6(1)(a) of the Regulation]

Data processing related to sending and displaying personalized advertising

Processed data : name, address, email address, telephone number.

Duration of data processing : until your consent is withdrawn.

Legal basis for data processing: your voluntary, specific consent, which you provide to the Data Controller during data collection [Data processing pursuant to Article 6(1)(a) of the Regulation]

Remarketing

Data management as a remarketing activity is implemented using cookies.

Processed data: data processed by the cookies specified in the cookie policy.

Duration of data management : the data storage period of the given cookie, more information is available here:

Google general cookie information: https://www.google.com/policies/technologies/types/

Google Analytics information: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=hu

Facebook information: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

The legal basis for data processing is your voluntary consent, which you provide to the Data Controller by using the website [Data processing pursuant to Article 6(1)(a) of the Regulation].

On the use of a data processor and their activities related to data processing

Data processing activities related to the transport of goods

Name of the data processor: GLS General Logistics Systems Hungary Package-Logistics Ltd.

The data processor's registered office is: 2351 Alsónémedi, GLS Európa u. 2.

Telephone number of the data processor: +36-29/88 66 70

Data processor's email address: info@gls-hungary.com

The Data Processor assists in the delivery of the ordered goods based on a contract concluded with the Data Controller. In doing so, the Data Processor may process the customer's name, address and telephone number until the end of the calendar year following the posting of the postal item, after which it will be deleted immediately.

Name of the data processor: Lotte Kft.

The data processor's registered office is: 1222 Budapest, Nagytétényi út 112.

Data processor's telephone number: +36 30 694 6004

Data processor's email address: info@lottehungary.com

The Data Processor assists in the delivery of the ordered goods based on a contract concluded with the Data Controller. In doing so, the Data Processor may process the customer's name, address and telephone number until the end of the calendar year following the posting of the postal item, after which it will be deleted immediately.

Billing-related data processing

Name of the data processor: KBOSS.hu Kft. – Szamlazz.hu

The data processor's registered office is: 1031 Budapest, Záhony utca 7.

Data processor's telephone number: +36-30-354-4789

The data processor's e-mail address: info@szamlazz.hu

The Data Processor cooperates in the registration of accounting documents based on a contract concluded with the Data Controller. In the course of this, the Data Processor processes the name and address of the data subject to the extent necessary for the accounting registration, for a period in accordance with Section 169 (2) of the Personal Data Act, and then deletes it.

Data processing related to online payments

Name/Company Name: Shopify Inc
Headquarters: 150 Elgin St, Suite 800, Ottawa, ON, K2P 1L4, Canada
Phone: +1 888 746 7439
Email: support@shopify.com

Website: shopify.com

The Data Processor cooperates in the implementation of the Online Payment based on the contract concluded with the Data Controller. In the process, the Data Processor processes the billing name and address of the data subject, the order number and date within the civil law limitation period.

Send newsletter

As the operator of this website, we declare that we fully comply with the relevant legal provisions in the information and descriptions we publish. We also declare that when subscribing to a newsletter, we are not able to verify the authenticity of the contact details or determine whether the data provided relates to a private person or a company. We treat companies that contact us as customer partners.

The purpose of data processing is to send professional brochures, electronic messages containing advertising, information, and newsletters, from which you can unsubscribe at any time without consequences. You can also unsubscribe without any consequences if your business has ceased to exist in the meantime, you have left the business, or someone has provided us with your contact details.

The legal basis for data processing is your consent. We inform you that the user may give prior and express consent to the service provider contacting him/her with advertising offers, information and other mailings at the e-mail address provided upon registration. As a result, the user may consent to the service provider processing the personal data necessary for this purpose.

Please note that if you would like to receive a newsletter from us, you must provide the required data. If you do not provide this data, we will not be able to send you a newsletter.

Duration of data processing. Data processing takes place until the consent is withdrawn. You can withdraw your consent to data processing at any time by sending a letter to the contact e-mail address.

The data will be deleted when you withdraw your consent to data processing. You can withdraw your consent to data processing at any time by sending an email to the contact email address.

You can also withdraw your consent using the link in the newsletters you send.

The data controller and its employees are entitled to access the data.

Data storage method: electronic.

Modification or deletion of data can be initiated by e-mail, telephone or letter using the contact options provided above.

Scope of processed data, specific purpose of data processing:

  • Name: Identification, contact.
  • Email: Identification, contact.
  • Date of subscription: Technical information operation.
  • IP address: Technical information operation.

Please note that neither the username nor the email address need to contain any personally identifiable information. For example, it is not necessary for the username or email address to contain your name. You are free to decide whether to provide a username or email address that contains any personally identifiable information. The email address – which is used for contact purposes – is absolutely necessary for the newsletter or professional information sent to you to reach its destination.

Cookies

Cookies are placed on a user's computer by visited websites and contain information such as page settings or login status.

Cookies are small files created by websites you visit. They improve your user experience by saving your browsing data. Cookies help the website remember your preferences and offer you locally relevant content.

The service provider's website sends a small file (cookie) to the website visitor's computer in order to determine the fact and time of the visit. The service provider informs the website visitor about this.

Some cookies do not contain personal information and are not suitable for identifying an individual user, but some contain a unique identifier – a secret, randomly generated string of numbers – that is stored on your device, thereby ensuring your identification. The operating period of each cookie is included in the relevant description of each cookie.

The data subject has the option to delete cookies in the Tools/Settings menu of their browser, usually under the Privacy settings.

The duration of data management for session cookies lasts until the end of the visit to the websites.

The scope of data processing includes website visitors.

The purpose of data management is to provide additional services, identify and track visitors.

Legal basis for data processing. The user's consent is not required if the service provider absolutely needs to use cookies.

The scope of data: unique identification number, time, settings data.

The user has the option to delete cookies from browsers at any time in the Settings menu.

The data controller is entitled to view the data. The data controller does not process personal data using cookies.

Data storage method: electronic.

Social media

A social media site is a media tool where a message is disseminated through social users. Social media uses the internet and online presence to transform users from content consumers into content creators.

Social media is an interface of internet applications that feature user-generated content, such as Facebook, Google+, Twitter, Pinterest, Instagram, etc.

Social media appearances can include public speeches, lectures, presentations, and product or service presentations.

Information published on social media can take the form of forums, blog posts, images, videos, and audio materials, message boards, email messages, etc.

As stated above, the scope of processed data may include, in addition to personal data, the user's public profile picture.

Scope of data subjects: all registered users.

The purpose of data collection is to promote the website or a related website.

The legal basis for data processing is the data subject's voluntary consent to the processing of their personal data on social media sites.

Duration of data management: according to the regulations available on the given social media site.

Data deletion deadline: according to the regulations available on the given social media site.

Those entitled to access the data: according to the regulations available on the given social media site.

Rights related to data management: according to the regulations available on the given social media site.

Data storage method: electronic.

It is important to note that when a user uploads or submits any personal information, they are granting the social media operator worldwide permission to store and use such content. Therefore, it is very important to ensure that the user has full authority to disclose the information they are posting.

Google Analytics

Our website uses Google Analytics.

When using Google Analytics:

Google Analytics compiles reports for its customers on the habits of website users based on internal cookies.

On behalf of the website operator, Google uses this information to evaluate how users use the website. As a further service, it compiles reports on website activity for the website operator in order to provide further services.

The data is stored on Google's servers in an encrypted format to make it difficult and prevent data misuse.

Google Analytics can be disabled as follows. Quote from the page:

Website users who do not want Google Analytics JavaScript to report on their data can install the Google Analytics Opt-out Browser Add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sending information to Google Analytics. The browser add-on is available in most modern browsers. The Google Analytics Opt-out Browser Add-on does not prevent data from being sent to the website itself or to other web analytics services.

https://support.google.com/analytics/answer/6004245?hl=en

Google's privacy policy: https://policies.google.com/privacy?hl=hu

Detailed information on data use and protection can be found at the links above.

Data protection in detail: https://static.googleusercontent.com/media/www.google.com/en//intl/hu/policies/privacy/google_privacy_policy_hu.pdf

Data security

The data controller plans and implements data processing operations in such a way as to ensure the protection of the privacy of data subjects.

The data controller ensures the security of the data (protection with a password, antivirus), takes the technical and organizational measures and develops the procedural rules necessary to enforce the Info Act and other data and privacy protection rules.

The data controller protects the data with appropriate measures, in particular:

  • unauthorized access,
  • the change,
  • the transmission,
  • disclosure,
  • deletion or destruction,
  • accidental destruction and damage,
  • against inaccessibility resulting from changes in the technology used.

The data controller ensures through appropriate technical solutions that the data stored in the registers cannot be directly linked and assigned to the data subject.

In order to prevent unauthorized access to personal data, alteration and unauthorized disclosure or use of data, the data controller ensures:

  • the development and operation of the appropriate IT and technical environment,
  • the controlled selection and supervision of employees participating in the provision of services,
  • on the issuance of detailed operating, risk management and service procedures.

Based on the above, the service provider ensures that the data it processes:

  • be available to the entitled person,
  • its authenticity and authentication must be ensured,
  • its immutability must be verifiable,

The IT system of the Data Controller and its hosting provider protects, among other things:

  • computer fraud,
  • espionage,
  • computer viruses,
  • spam,
  • the hacks
  • and against other attacks.

The Data Controller will do everything within organizational and technical capabilities to ensure that its data processors also take appropriate data security measures when working with your personal data.

Your rights during data processing

Within the period of data processing, you have the following rights in accordance with the provisions of the Regulation:

  • the right to request information,
  • the right to withdraw consent,
  • access to personal data and information related to data processing,
  • right to rectification,
  • restriction of data processing,
  • right to erasure,
  • right to protest,
  • right to portability.

If you wish to exercise your rights, this will involve your identification, and the Data Controller will necessarily need to communicate with you. Therefore, for the purpose of identification, it will be necessary to provide personal data (but the identification may only be based on data that the Data Controller already processes about you), and your complaint regarding data processing will be available in the Data Controller's email account within the period specified in this information regarding complaints. If you were our customer and would like to identify yourself for the purpose of complaint management or warranty administration, please provide your order ID for identification. Using this, we can also identify you as a customer.

The Data Controller will respond to complaints related to data processing within 30 days at the latest.

The right to request information

You can request information from us via the contact details provided, including what data our company processes, on what legal basis, for what data processing purpose, from what source, and for how long.

Right to withdraw consent

You have the right to withdraw your consent to data processing at any time, in which case we will delete the data provided from our systems. However, please note that in the case of an order that has not yet been fulfilled, withdrawal may result in us not being able to deliver it to you. In addition, if the purchase has already been made, we cannot delete billing-related data from our systems based on accounting regulations, and if you have a debt to us, we may process your data based on the legitimate interest in collecting the debt even if you withdraw your consent.

Access to personal data

You have the right to receive feedback from the Data Controller as to whether your personal data is being processed and, if processing is in progress, you have the right to:

  • obtain access to the personal data processed and
  • The Data Controller shall inform you of the following information:
  • the purposes of data processing;
  • the categories of personal data processed about you;
  • information about the recipients or categories of recipients to whom the personal data have been or will be disclosed by the Data Controller;
  • the planned period for which the personal data will be stored or, if this is not possible, the criteria for determining this period;
  • your right to request from the Data Controller the rectification, erasure or restriction of processing of personal data concerning you, and to object to the processing of such personal data where processing is based on legitimate interest;
  • the right to lodge a complaint with the supervisory authority;
  • if the data was not collected from you, all available information about its source;
  • the fact of automated decision-making (if such a procedure is used), including profiling, and at least in these cases, understandable information about the logic involved and the significance and likely consequences of such processing for you.

The purpose of exercising the right may be to establish and verify the lawfulness of data processing, therefore, in the event of multiple requests for information, the Data Controller may charge a fair fee in exchange for providing the information.

The Data Controller ensures access to personal data by sending you the processed personal data and information by email after identifying you.

Please indicate in your request whether you are requesting access to personal data or information related to data processing.

Right to rectification

You have the right to request that the Data Controller correct inaccurate personal data concerning you without delay.

Right to restrict data processing

You have the right to request that the Data Controller restrict data processing if one of the following applies:

  • You dispute the accuracy of the personal data, in which case the restriction applies for a period of time that allows the Data Controller to verify the accuracy of the personal data; if the accuracy of the data can be determined immediately, the restriction will not apply;
  • the data processing is unlawful, but you oppose the deletion of the data for any reason (for example, because the data is important to you for the enforcement of a legal claim), therefore you do not request the deletion of the data, but instead request the restriction of its use;
  • the Data Controller no longer needs the personal data for the specified data processing purposes, but you require them for the establishment, exercise or defence of legal claims; or
  • You have objected to the data processing, but the legitimate interests of the Data Controller may also justify the data processing, in which case, until it is determined whether the legitimate interests of the Data Controller override your legitimate interests, the data processing must be restricted.

Where processing is subject to restrictions, such personal data may be processed, with the exception of storage, only with the consent of the data subject, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for important public interest reasons of the Union or of a Member State.

The data controller will inform you in advance (at least 3 working days before the restriction is lifted) about the lifting of the restriction on data processing.

Right to erasure – right to be forgotten

You have the right to have the Data Controller erase your personal data without undue delay if one of the following reasons applies:

  • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed by the Data Controller;
  • You withdraw your consent and there is no other legal basis for the processing;
  • You object to processing based on legitimate interest and there is no overriding legitimate reason (i.e. legitimate interest) for the processing,
  • the personal data was processed unlawfully by the Data Controller and this was established based on the complaint,
  • the personal data must be erased to comply with a legal obligation under Union or Member State law applicable to the Controller.

If the Data Controller has made personal data processed about you public for any legitimate reason and is obliged to erase them for any of the reasons indicated above, it is obliged to take reasonable steps, taking into account available technology and the cost of implementation, including technical measures, to inform other data controllers processing the data that you have requested the erasure of links to the personal data in question or of copies or replications of these personal data.

Erasure does not apply if data processing is necessary:

  • for the purpose of exercising the right to freedom of expression and information;
  • for the purpose of fulfilling an obligation under Union or Member State law to which the controller is subject to which the personal data must be processed (such as processing in the context of invoicing, as the retention of the invoice is required by law), or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • to submit, enforce or defend legal claims (e.g. if the Data Controller has a claim against you and has not yet fulfilled it, or a consumer or data processing complaint is in progress).

Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on legitimate interest. In such a case, the Controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such purposes, including profiling, insofar as it is related to direct marketing. If you object to the processing of your personal data for direct marketing purposes, your personal data will no longer be processed for such purposes.

Right to portability

If the data processing is carried out in an automated manner or if the data processing is based on your voluntary consent, you have the right to request from the Data Controller that you have requested the data provided to the Data Controller, which the Data Controller will make available to you in xml, JSON, or csv format, if this is technically feasible, you may request that the Data Controller transmit the data in this form to another data controller.

Automated decision-making

You have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you. In such cases, the Controller shall take suitable measures to safeguard the rights, freedoms and legitimate interests of the data subject, including at least the right to obtain human intervention on the part of the Controller, to express his or her point of view and to object to the decision.

The above does not apply if the decision:

  • Necessary for the conclusion or performance of a contract between you and the data controller;
  • is permitted by Union or Member State law applicable to the controller, which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  • based on your express consent.

The Data Controller will respond to requests regarding your rights as set out above without undue delay, but no later than within 30 days.

Legal enforcement options

In case of unlawful data processing that you have experienced, please notify our company, so that the legal situation can be restored within a short time. We will do everything in your interest to resolve the outlined problem.

If you believe that the Data Controller has violated any legal provision relating to data processing or has not fulfilled any of your requests, you may initiate an investigation procedure by the National Data Protection and Freedom of Information Authority in order to terminate the alleged unlawful data processing.

National Data Protection and Freedom of Information Authority

Postal address: 1374 Budapest, P.O. Box 9

Address: 1055 Budapest, Falk Miksa Street 9-11.
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat@naih.hu
URL https://naih.hu

Compensation and damages

If the data controller violates the data subject's personal rights by unlawfully processing the data subject's data or by violating data security requirements, the data subject may claim damages from the data controller.

The data controller is liable to the data subject for any damage caused by the data processor and the data controller is also obliged to pay the data subject any compensation due in the event of a personal rights infringement caused by the data processor. The data controller is exempt from liability for the damage caused and from the obligation to pay compensation if it proves that the damage or the infringement of the data subject's personal rights was caused by an unavoidable cause outside the scope of data processing.

No compensation for damage shall be required and no compensation for injury may be claimed if the damage or the infringement of personal rights resulted from the intentional or grossly negligent conduct of the injured party or the person concerned.

Modification of data processing information

The Data Controller reserves the right to amend this data management information in a way that does not affect the purpose and legal basis of the data management. By using the website after the amendment comes into force, you accept the amended data management information.

If the Data Controller intends to carry out further data processing in relation to the collected data for a purpose other than the purpose of their collection, it will inform you of the purpose of the data processing and the following information prior to further data processing:

  • the duration of storage of personal data or, if this is not possible, the criteria for determining the duration;
  • the right to request access to, rectification, erasure or restriction of processing of your personal data from the Data Controller, and to object to the processing of your personal data in the case of processing based on legitimate interest, and to request the right to data portability in the case of processing based on consent or a contractual relationship;
  • in the case of data processing based on consent, that you can withdraw your consent at any time,
  • the right to lodge a complaint with the supervisory authority;
  • whether the provision of personal data is based on a legal or contractual obligation or is a prerequisite for concluding a contract, and whether you are obliged to provide the personal data, as well as the possible consequences of failure to provide the data;
  • the fact of automated decision-making (if such a procedure is used), including profiling, and at least in these cases, understandable information about the logic involved and the significance and likely consequences of such processing for you.

Data processing can only begin after this, if the legal basis for data processing is consent, you must also consent to data processing in addition to being informed.

Legislation governing data processing

  • REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
  • Act CXII of 2011 on the right to informational self-determination and freedom of information.
  • Act LXVI of 1995 on public documents, public archives and the protection of private archival material.
  • Government Decree 335/2005. (XII. 29.) on the general requirements for document management of bodies performing public tasks.
  • Act CVIII of 2011 on certain issues of electronic commerce services and services related to the information society.
  • Act C of 2011 on electronic communications.