Privacy Policy

Privacy policy

Privacy Statement

Privacy Policy

  1. Purpose and scope of the Prospectus

1.1.The purpose of this Prospectus is to set out the data protection and management principles applied by the operator of csi-ko.eu (hereinafter the Contractor) and the Contractor's data protection and data management policy, which the Contractor, as data controller, recognizes as binding on him.

1.2 This Prospectus contains the principles for the handling of Personal Data provided by Users. These regulations / prospectus regulate the handling of personal data concerning the customer (hereinafter: the Customer) using the csi-ko.eu website (hereinafter: the Website), which became known to the Contractor during the use of the website.

1.3. The Contractor reserves the right to unilaterally amend these Regulations, the amendments shall enter into force upon their publication on the website.

1.3 The processing of the personal data of the Customer referred to above shall be carried out by the Contractor in compliance with the provisions of this Declaration, Regulation 2016/679 of the European Parliament and of the Council (“General Data Protection Regulation” or “GDPR”), 2011 CXII. (“Information Act”), Act V of 2013 on the Civil Code (“Civil Code”), as well as Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activities. in accordance with the provisions of the Act (“Grtv.”).

 

I.B. Concept definitions

1.1.B Data management: any operation or set of operations performed on personal data or data files, whether automated or non-automated, regardless of the procedure used, such as collection, recording, systematisation, segmentation, storage, transformation or alteration, retrieval, consultation, use, transmission of data , by distribution or otherwise making available, coordination or interconnection, restriction, deletion or destruction;

1.2.B Data Controller: who determines the purposes and means of Data Management - independently or together with others.

A data controller is the operator of the website, who primarily performs the service presented on the website and provides the Services available through the website in connection with this main activity.

1.3.B Personal data or data: any data or information on the basis of which a natural person User becomes identifiable, directly or indirectly.

Any information relating to an identified or identifiable natural person ("data subject"); identify a natural person who, directly or indirectly, in particular on the basis of an identifier such as name, number, location, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable

1.4. Website: csi-ko.eu website operated by the Data Controller,

1.5.B Service (s): services operated by the Data Controller and provided by the Data Controller, which are available on the website.

1.6.B User: the natural person who registers for the Services and provides the following III. listed in point.

1.7.B Data Processor: The Contractor shall use an external data processor entrusted with the personal data processed by him / her on the basis of his / her voluntary consent in order to operate and maintain his / her website, which handles personal data on behalf of the data controller.

External data processor: ISS International Software Solutions s.r.o.

1.8.B Information: this data management information of the Data Controller.

1.9.B Restrictions on data processing: marking of stored personal data in order to limit their future processing;

1.10.B Profiling: any form of automated processing of personal data in which personal data are evaluated for the purpose of assessing certain personal characteristics of a natural person, in particular his performance, economic situation, state of health, personal preferences, interests, reliability, behavior, location or used to analyze or predict motion-related characteristics;

1.11.B Aliasing: the processing of personal data in such a way that it is no longer possible to determine to which specific natural person the personal data relate without the use of additional information, provided that such additional information is stored separately and technical and organizational measures are taken. it is ensured that this personal data cannot be linked to identified or identifiable natural persons;

1.12.B Data subject's consent: a voluntary, specific and well-informed and clear statement of the data subject's intention to indicate his or her consent to the processing of personal data concerning him or her by means of a statement or an act which unequivocally expresses confirmation;

1.13.B Data Protection Incident: A security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored, or otherwise handled;

III. Scope of Personal Data handled

The scope of personal data managed by the Contractor, the purpose and duration of the data processing

3.1. The data managed by the Contractor include the data provided by the Client for the purpose of using the website, during registration, as well as for the purpose of using the services provided on the website (sending a newsletter):

  • Customer's name, username and password;
  • home address or registered office, other contact details (telephone number, e-mail address, possible contact person);

The provision of the data listed in this section to the Contractor is essential for the use of the website or for sending the services and newsletter offered on the website, the Contractor uses them only for the purpose of providing or performing the services offered on the website, except for the e-mail address provided during registration.

The Contractor handles the natural personal identification data necessary for the identification of the Customer and the address of the Customer only for the purpose of performing the newsletter service.

The Entrepreneur. you may also use the e-mail address provided by the Customer for the purpose of delivering electronic advertisements or other addressed content to the Customer, based on the Customer's express request, provided that the Customer requests the sending of newsletters or notifications during registration. With the request, the Customer's consent to the processing of the e-mail address for the purposes just defined shall be deemed given. The Customer has the opportunity to cancel the newsletters or notifications in the manner specified therein, the consent given by the cancellation to the management of the Customer's e-mail address for the purposes specified in this paragraph shall also be deemed revoked.

By accepting these Regulations, the Client gives his express consent to the processing of the data specified in this clause by the Contractor until the termination of the Client's registration.

3.2. Data provided by the Customer for the purpose of communication between the Customer and the Contractor, which is not a condition for the use of the website and the services offered on the website:

  • data provided during the Client's request for information, comments, exercise of the rights related to the data managed by the Contractor.

 

The data referred to in this section shall be managed by the Contractor in order to provide customer feedback and customer support, to improve its services and to ensure the exercise of the Customer's rights in relation to the data managed by the Contractor.

The Client may contact the Contractor with his questions, remarks and possible complaints at the contact details indicated in these Regulations. At the same time as the contact, the Customer authorizes the Contractor to handle the data provided by him.

3.3. During the contact with the website, the so-called traffic data, which is a technical condition for the use of the services offered on the website:

  • information about the Client's computer and Internet connection (for example, IP address, type of web browser)
  • traffic and other web analytics data (such as the date and length of the visit; number of subpages viewed, website traffic, and traffic from the website)

The Contractor shall submit the data referred to above to the Ektv. Pursuant to Section 13 / A (3) - (4), in addition to providing the services it offers, it manages surveys and statistics related to the website for the purpose of developing services tailored to the needs of individual clients. Statements related to website traffic are published only in a form that is not suitable for the unique identification of individual users.

3.4 .. If the User, at his / her own discretion, connects his / her Facebook account with the Contractor's account, the Data Controller may manage the following Personal Data of the User in addition to the above: facebook profile name, facebook profile URL, facebook profile ID, facebook profile picture, facebook e- email address, facebook address, gender, birthday, profile and website URL

3.5 .. Other personal data

3.1., 3.2. Of these Regulations. and 3.3. 3.4. In the event of a request for additional data outside the scope of the data referred to in point 1, the Contractor shall inform the Customer of all the facts related to the data management prior to the data collection.


  1. The scope of additional data managed by the Data Controller

4.1 The Data Controller may place a small data package (so-called "cookie") on the User's computer in order to provide customized service. The purpose of the cookie is to ensure the highest possible level of operation of the given page, to provide personalized services, and to increase the user experience. The User can delete the cookie from his / her own computer or set his / her browser to disable the use of cookies. By disabling the use of cookies, the User acknowledges that without a cookie the operation of the given page is not complete.

4.2 When providing personalized services, the Data Controller may manage the following Personal Data using cookies: demographic data and interest information, habits, preferences (based on browsing history).

4.3 Data to be technically recorded during the operation of the systems: the data of the User's login computer, which is generated during the use of the Service and which is recorded by the Data Management System as an automatic result of the technical processes. The data that is automatically recorded is automatically logged at the time of entry or exit without the User's separate statement or action.

  1. Transfer of the Client's personal data to third parties

The Contractor may transfer the Customer's data to its subcontractor or agent involved in the performance of the given service for the purpose of providing the services offered on the website to the extent necessary for the performance. The Contractor is entitled to transmit the data even if it is necessary in order to protect or ensure the rights and legitimate interests of the Contractor. In all other cases - except in cases of the obligation to provide data prescribed by law - the Customer's data may be transferred only on the basis of its separate consent. The Contractor shall keep a record of the data transmitted by him.

  1. Security of personal data processing

4.1. The servers serving the website were located at the headquarters of the data processor.

The Contractor. In order to protect the personal data processed by it, it uses various technologies, technical, organizational solutions and measures aimed at preventing and complying with unauthorized access, disclosure, use, destruction, alteration, accidental destruction and damage, and inaccessibility due to changes in the technology used. security requirements for the protection of personal data, taking into account the risks associated with the processing.

  1. Purpose and legal basis of the Data Management

5.1 The purpose of data processing by Data Controllers:

(a) online content delivery;

  1. b) identification of the User, contact with the User;
  2. c) identification of the User rights (services available to the User);
  3. d) facilitating the customization of the services used by the User and the advertisements, the use of the convenience functions;
  4. e) handling individual user requests;
  5. f) preparation of statistics and analyzes;
  6. g) direct business or marketing inquiries (eg newsletter, eDM, etc.) h) providing an interface (hosting) for publishing user-generated content (eg posts, chats, etc.);
  7. i) in the case of social services (comments related to columns, certain blogs), ensuring the identification of Users by each other, enabling their communication with each other;

(j) organizing and conducting prize draws in individual cases, notifying the winners and providing them with prizes;

  1. k) technical development of the IT system;
  2. l) protection of the rights of the Users;
  3. m) enforcing the legitimate interests of the Data Controller.

The Data Controller may process Personal Data in order to achieve any of the data management purposes described above,


  1. LEGAL BASIS FOR DATA MANAGEMENT

6.1. Consent of the data subject

  1. The lawfulness of the processing of personal data must be based on the data subject's consent or have some other legitimate basis laid down by law.
  2. In the case of processing on the basis of the data subject's consent, the data subject may give his or her consent to the processing of his or her personal data in the following form:
  3. a) in writing, in the form of a statement giving consent to the processing of personal data,

(b) by electronic means, by explicit conduct on the Company's website, by ticking a box or by making technical adjustments when using information society services, and by any other statement or action that, in that context, the data subject's consent to the processing of personal data clearly indicates the intended treatment.

(3) Silence, a pre-ticked box or inaction do not therefore constitute consent.

  1. The consent shall cover all data processing activities carried out for the same purpose or purposes.

(5) If the data processing serves several purposes at the same time, the consent shall be given for all data processing purposes. If the data subject's consent is given following an electronic request, the request shall be clear and concise and shall not unnecessarily impede the use of the service for which the consent is sought.

  1. The data subject shall have the right to withdraw his or her consent at any time. Withdrawal of consent shall not affect the lawfulness of the data processing prior to withdrawal. The data subject must be informed before consent is given. Withdrawal of consent should be as simple as giving it.

6.2. Performance of contract

  1. Data processing shall be lawful if it is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to the conclusion of the contract.

(2) The consent of the data subject to the processing of personal data not necessary for the performance of the contract shall not be a condition for the conclusion of the contract.

6.3. Fulfillment of a legal obligation to the controller or protection of the vital interests of the data subject or of another natural person

(1) The legal basis of data processing is determined by law in case of fulfillment of a legal obligation, so the consent of the data subject is not necessary for the processing of personal data.

(2) The data controller is obliged to inform the data subject about the purpose, legal basis and duration of the data processing, about the person of the data controller, as well as about his or her rights and legal remedies.

 

(3) In order to fulfill a legal obligation, the data controller shall be entitled to manage the data set necessary for the fulfillment of a legal obligation to which he or she is subject after the withdrawal of his or her consent.

6.4. Carrying out a task in the public interest or in the exercise of a public authority conferred on the controller, enforcing the legitimate interests of the controller or a third party.

  1. A legitimate interest of the controller, including the controller to whom personal data may be disclosed, or of a third party may provide a legal basis for the processing, provided that the interests, fundamental rights and freedoms of the data subject do not take precedence, taking into account his relationship with the controller. the reasonable expectations of the person concerned. Such a legitimate interest may exist, for example, where there is a relevant and appropriate relationship between the data subject and the controller, for example in cases where the data subject is a customer of the controller or is employed by him.
  2. In order to establish the existence of a legitimate interest, it shall in any case be carefully examined, inter alia, whether the data subject can reasonably expect, at the time and in the context of the collection of personal data, that the data may be processed for that purpose.
  3. The interests and fundamental rights of the data subject may take precedence over the interests of the controller if the personal data are processed in circumstances in which the data subjects do not expect further processing.


VII. Principles and method of data management

7.1 The Contractor handles the Personal Data in accordance with the principles of good faith and fairness and transparency, as well as the applicable legislation and the provisions of this Prospectus.

7.2 The Personal Data necessary for the use of the Services shall be used by the Contractor with the consent of the relevant User and only for the intended purpose.

7.3 The Contractor shall use the Personal Data only in this Prospectus or treated for the purpose specified in the relevant legislation. The scope of the Personal Data processed is proportionate to the purpose of the data management and may not extend beyond it. In all cases where the Data Controller intends to use the Personal Data for a purpose other than the purpose of the original data collection, it shall inform the User thereof and obtain its prior express consent, or provide him or her with an opportunity to prohibit the use.

7.4 The Contractor shall not verify the Personal Data provided. The person who provided it is solely responsible for the adequacy of the Personal Data provided.

7.5 The personal data of a person under the age of 16 may only be processed with the consent of an adult exercising parental supervision over him or her. The Data Controller is not in a position to check the consent of the consenting person or the content of his / her statement, so the User or the person exercising parental supervision over him / her guarantees that the consent complies with the law. In the absence of a consent statement, the Data Controller will not collect Personal Data relating to a data subject under the age of 16, except for the IP address used when using the Service, which will be recorded automatically due to the nature of the Internet services.

7.6 The Data Controller shall not transfer the Personal Data managed by it to third parties other than the Data Processor specified in this Prospectus. An exception to the provision contained in this section is the use of the data in a statistically aggregated form, which may not contain any other data suitable for the identification of the relevant User in any form, thus it does not qualify as Data Management or data transfer. In certain cases, the Data Controller - due to a formal court or police request, legal proceedings due to copyright, property or other infringements or their reasonable suspicion of harming the Data Controller's interests, endangering the provision of the Services, etc. - make the available Personal Data of the relevant User available to third parties.

7.7 The Data Management System may collect data on the activity of the Users, which may not be combined with other data provided by the Users during registration, or with data generated when using other websites or services.

7.8 The Data Controller shall inform about the correction or restriction of the Personal Data managed by it. will notify the affected User and all persons to whom the Personal Data has previously been transmitted for the purpose of Data Management. The notification may be omitted if it does not harm the legitimate interests of the data subject in view of the purpose of the Data Management.

7.9 The Data Controller shall ensure the security of the Personal Data, take the technical and organizational measures and establish the procedural rules that ensure that the recorded, stored and processed data are protected, and prevent their accidental loss, unauthorized destruction or unauthorized access. , unauthorized use and unauthorized alteration, distribution. To fulfill this obligation, the Data Controller invites all third parties to whom it transmits Personal Data.

7.10 Subject to the relevant provisions of the GDPR, the Data Controller is not obliged to appoint a Data Protection Officer.


VIII. Duration of Data Management

8.1. Automatically registered IP addresses are stored by the Data Controller for up to 7 days after they are recorded.

8.2 In the case of e-mails sent by the User, if the User does not have a registration anyway, the requested Data Controller shall delete the e-mail address on the 90th day after closing the case referred to in the request, unless in individual cases the Data Controller's legitimate interest in until such time as the Data Controller has a legitimate interest.

8.3 The processing of the Personal Data provided by the User will continue until the User unsubscribes from the Service - with the given user name - or otherwise requests the deletion of the Personal Data. In this case, the Personal Data will be deleted from the systems of the Data Controller. The Personal Data provided by the User - even if the User does not unsubscribe from the Service or by canceling his registration only terminates the access and the comments and uploaded contents stored in them remain - may be managed by the Data Controller until the User expressly does not request in writing the termination of their Data Management. The User's request to terminate the Data Management without unsubscribing from the Service entitles the User to use the Service.

does not affect, however, you may not be able to use some of the Services in the absence of Personal Information.

8.4 In case of illegal or misleading Personal Data or in case of a crime or attack on the system committed by the User, the Data Controller is entitled to delete his / her Personal Data immediately at the same time as the User's registration is terminated. for the duration of the procedure.

8.5 The data that is automatically and technically recorded during the operation of the system shall be stored in the system for a period of time justified from the point of view of ensuring the operation of the system. The Data Processor ensures that this automatically recorded data cannot be linked to other Personal Data, except in cases required by law. If the User has terminated his / her consent to the processing of his / her Personal Data or has unsubscribed from the Service, his / her personal data will not be identifiable from the technical data, excluding the investigating authorities or their experts.

8.6 If a court or authority finally orders the deletion of Personal Data, the deletion shall be carried out by the Data Controller. Instead of deleting, the Data Controller - in addition to informing the User - restricts the use of the Personal Data if the User so requests or if, on the basis of the information available to him, it can be assumed that the deletion would harm the User's legitimate interests. The Personal Data will not be deleted by the Data Controller as long as the purpose of the data management that precluded the deletion of the Personal Data exists.


  1. The rights of the User, the way of enforcing them

9.1. Briefly, the Company provides the following information about the rights of the person concerned:

The data subject has the right to:

  1. a) for information before the start of data processing,

(b) to receive feedback from the controller as to whether the processing of his or her personal data is in progress and, if such processing is in progress, the right to have access to the personal data and the following information,

  1. c) request the correction or deletion of your data, receive a notification from the data controller that this has happened,
  2. d) request a restriction on data processing, receive a notification from the data controller that this has happened,

 

  1. e) data portability,

(f) to object if his personal data are processed for purposes of the public interest or on the basis of a legitimate interest of the controller.

(g) be exempt from automatic decision-making, including profiling,

(h) to lodge a complaint with the supervisory authority. The data subject may exercise his / her right to complain at the following contact details: National Data Protection and Freedom of Information Authority, address: 1125 Budapest, Szilágyi Erzsébet fasor 22 / c., Phone: +36 (1) 391-1400, Fax: +36 (1) 391-1410 ., www: http: //www.naih.hu e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

(i) an effective judicial remedy against the supervisory authority,

  1. j) For effective judicial redress against the controller or processor
  2. k) To report a data protection incident.

9.2. In addition to the information referred to in paragraph 1, the controller shall provide the data subject with the following additional information at the time the personal data are obtained, in order to ensure fair and transparent data processing:

the. the period for which the personal data will be stored or, if that is not possible, the criteria for determining that period;

  1. the data subject's right to request from the controller access to, rectification, erasure or restriction of the processing of personal data concerning him or her and to object to the processing of such personal data and the data subject's right to data portability;
  2. in the case of data processing based on Article 6 (1) (a) or Article 9 (2) (a) of the Regulation, the right to withdraw the consent at any time, without prejudice to the lawfulness of the data processing carried out prior to the withdrawal;
  3. the right to lodge a complaint with the supervisory authority;
  4. whether the provision of personal data is based on a law or a contractual obligation or a precondition for concluding a contract, whether the data subject is obliged to provide the personal data and what the possible consequences of failure to provide the data may be;
  5. the fact of the automated decision-making referred to in Article 22 (1) and (4) of the Regulation, including profiling, and, at least in these cases, comprehensible information on the logic used and the significance of such processing and the expected outcome for the data subject; has consequences.

9.3.The data subject's right of access

  1. The data subject shall have the right to obtain feedback from the controller as to whether the processing of his or her personal data is in progress and, if such processing is in progress, to obtain access to the personal data and the following information:

the. the purposes of data management;

  1. the categories of personal data concerned;
  2. the recipients or categories of recipients to whom the personal data have been or will be communicated, including in particular recipients in third countries or international organizations;
  3. where applicable, the intended period for which the personal data will be stored or, if that is not possible, the criteria for determining that period;
  4. the data subject's right to request the controller to rectify, delete or restrict the processing of personal data concerning him or her and to object to the processing of such personal data;
  5. the right to lodge a complaint with a supervisory authority;
  6. if the data were not collected from the data subject, all available information on their source;
  7. the fact of the automated decision-making referred to in Article 22 (1) and (4) of the Regulation, including profiling, and at least in these cases the understandable logic used and the significance of such processing and the data subject's expected consequences.
  8. Where personal data are transferred to a third country or to an international organization, the data subject shall be entitled to be informed of the appropriate guarantees regarding the transfer in accordance with Article 46.

(3) The data controller shall make a copy of the personal data which are the subject of the data processing available to the data subject. For additional copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. If the data subject has submitted the request electronically, the information shall be provided in a widely used electronic format, unless the data subject requests otherwise.

9.4.The data subject's right to rectification and erasure

Right to rectification

  1. The data subject shall have the right, at his request, to have inaccurate personal data concerning him rectified without undue delay. Taking into account the purpose of the data processing, the data subject has the right to request that the incomplete personal data be supplemented, inter alia, by means of a supplementary declaration.

Right of cancellation ("right to forget")

  1. The data subject shall have the right, at the request of the controller, to delete personal data concerning him or her without undue delay and the controller shall delete personal data concerning him or her without undue delay if any of the following reasons exist:

the. personal data are no longer required for the purpose for which they were collected or otherwise processed;

  1. the data subject withdraws the consent on which the processing is based pursuant to Article 6 (1) (a) of the Regulation (consent to the processing of personal data) or Article 9 (2) (a) of the Regulation (granting of explicit consent) and the processing has no other legal basis;
  2. the data subject objects to the processing of his or her data pursuant to Article 21 (1) of the Regulation (right to object) and there is no overriding legitimate reason for the processing or the processing of personal data for the purpose of obtaining a business pursuant to Article 21 (2) of the Regulation protest) against data processing;
  3. personal data have been processed unlawfully;
  4. personal data must be deleted in order to fulfill a legal obligation under Union or Member State law applicable to the controller;
  5. personal data have been collected in connection with the provision of information society services referred to in Article 8 (1).
  6. Where the controller has disclosed personal data and is required to delete them at the request of the data subject, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the controllers that the data subject has requested them to delete the links to the personal data in question or a copy or duplicate of that personal data.
  7. Paragraphs 1 and 2 shall not apply if the processing is necessary:

the. for the purpose of exercising the right to freedom of expression and information;

  1. for the purpose of fulfilling an obligation under Union or Member State law applicable to the controller to process personal data or performing a task carried out in the public interest or in the exercise of official authority vested in the controller;
  2. in accordance with Article 9 (2) (h) and (i) of the Regulation and Article 9 (3) of the Regulation on grounds of public interest in the field of public health;
  3. in accordance with Article 89 (1) of the Regulation, for archiving purposes in the public interest, for scientific and historical research purposes or for statistical purposes, where the right referred to in paragraph 1 is likely to make such processing impossible or seriously jeopardize; obsession
  4. to file, enforce or defend legal claims.

9.5. Right to restrict data processing

  1. The data subject shall have the right, at the request of the controller, to restrict the processing if one of the following conditions is met:

the. the data subject disputes the accuracy of the personal data, in which case the restriction shall apply to the period of time that allows the controller to verify the accuracy of the personal data;

  1. the processing is unlawful and the data subject opposes the deletion of the data and instead requests that their use be restricted;
  2. the controller no longer needs the personal data for the purpose of data processing, but the data subject requests them in order to make, enforce or protect legal claims; obsession
  3. the data subject has objected to the processing pursuant to Article 21 (1) of the Regulation; in that case, the restriction shall apply for as long as it is established whether the legitimate reasons of the controller take precedence over the legitimate reasons of the data subject.
  4. Where the processing is restricted pursuant to paragraph 1, such personal data, with the exception of storage, shall be subject to the consent of the data subject or to the submission, enforcement or protection of legal claims or the protection of the rights of other natural or legal persons. , or in the overriding public interest of a Member State.
  5. The controller shall, at the request of the data subject at whose request the data processing has been restricted pursuant to paragraph 1, inform him or her in advance of the lifting of the restriction of the data processing.

9.6. Notification obligation related to the correction or deletion of personal data or restrictions on data processing

  1. The controller shall inform any recipient to whom or with whom the personal data have been communicated of the rectification, erasure or restriction of the processing, unless this proves impossible or requires a disproportionate effort.

 

  1. At the request of the data subject, the controller shall inform those addressees.

9.7.Right to data portability

  1. The data subject shall have the right to receive personal data concerning him or her made available to a controller in a structured, widely used machine-readable format and to transfer such data to another controller without prejudice to the the controller to whom you have made the personal data available if:

the. data processing on the basis of a consent pursuant to Article 6 (1) (a) of the Regulation (data subject's consent to the processing of personal data) or Article 9 (2) (a) of the Regulation (data subject's explicit consent to data processing), or Article 6 Is based on a contract within the meaning of paragraph 1 (b); and

  1. data management is automated.
  2. In exercising the right to data portability pursuant to paragraph 1, the data subject shall have the right, if technically feasible, to request the direct transfer of personal data between data controllers.
  3. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17 of the Regulation. That law shall not apply where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  4. The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.

9.7. Right to protest

(1) The data subject has the right to object at any time, for reasons relating to his or her situation, to the processing of his or her personal data in the exercise of a public interest or public authority or to the processing of data subjects or third parties (Article 6 (1) of the Regulation). (e) or (f), including profiling based on those provisions. In that case, the controller may not further process the personal data unless the controller demonstrates that the processing is justified by compelling legitimate reasons which take precedence over the interests, rights and freedoms of the data subject or which are necessary to bring, assert or defend legal claims. are related.

  1. Where personal data are processed for the purpose of direct business acquisition, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for that purpose, including profiling, in so far as it relates to direct business acquisition.
  2. If the data subject objects to the processing of personal data for the direct acquisition of business, the personal data may no longer be processed for that purpose.
  3. The right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject at the latest at the time of first contact and shall be displayed in a clear manner and separate from any other information.
  4. In connection with the use of information society services and by way of derogation from Directive 2002/58 / EC, the data subject may also exercise the right to object by automated means based on technical specifications.
  5. Where personal data are processed for scientific and historical research or statistical purposes in accordance with Article 89 (1) of the Regulation, the data subject shall have the right to object to the processing of personal data concerning him or her on grounds relating to his or her situation, except , if the data processing is necessary for the performance of a task performed in the public interest.

9.8. Right to exemption from automated decision-making

  1. The data subject shall have the right not to be covered by a decision based solely on automated data processing, including profiling, which would have legal effects on him or her or would be significantly affected.

(2) Paragraph 1 shall not apply if the decision:

the. necessary for the conclusion or performance of the contract between the data subject and the controller;

  1. is made possible by Union or Member State law applicable to the controller, which also lays down appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; obsession
  2. based on the express consent of the data subject.
  3. In the cases referred to in points (a) and (c) of paragraph 2, the controller shall take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, including at least the right of the data subject to request human intervention. express an objection to the decision.
  4. The decisions referred to in paragraph 2 may not be based on the specific categories of personal data referred to in Article 9 (1) of the Regulation, unless Article 9 (2) (a) or (g) applies and the data subject concerned. appropriate measures have been taken to protect the rights, freedoms and legitimate interests of

9.9 The data subject's right to complain and to seek redress

Right to complain to the supervisory authority.

  1. The data subject shall have the right to complain to the supervisory authority, in accordance with Article 77 of the Regulation, if he considers that the processing of personal data concerning him infringes this Regulation.
  2. The data subject may exercise his or her right to lodge a complaint at the following contact details:

National Data Protection and Freedom of Information Authority address: 1125 Budapest, Szilágyi Erzsébet fasor 22 / c Phone: +36 (1) 391-1400; Fax: +36 (1) 391-1410 www: http://www.naih.hu e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.


  1. The supervisory authority to which the complaint has been lodged shall keep the client informed of the progress of the proceedings and of the outcome thereof, including the right of the client to seek judicial redress under Article 78 of the Regulation.

Right to an effective judicial remedy against the supervisory authority

  1. Without prejudice to other administrative or non-judicial remedies, all natural and legal persons shall have the right to an effective judicial remedy against a legally binding decision of the supervisory authority.
  2. Without prejudice to other administrative or non-judicial remedies, any person concerned shall have the right to an effective judicial remedy if the competent supervisory authority does not deal with the complaint or does not inform the person concerned within three months of the complaint under Article 77 of the Regulation. procedural developments or their outcome.
  3. Proceedings against the supervisory authority shall be brought before a court of the Member State in which the supervisory authority has its seat.
  4. Where proceedings are instituted against a decision of a supervisory authority in respect of which the Board has previously issued an opinion or taken a decision under the consistency mechanism, the supervisory authority shall send that opinion or decision to the court.

9.10.Information about the data protection incident

  1. Where a data protection incident is likely to involve a high risk to the rights and freedoms of natural persons, the controller shall inform the data subject of the data protection incident without undue delay.
  2. The information provided to the data subject referred to in paragraph 1 shall clearly and intelligibly describe the nature of the data protection incident and shall include at least the

the name and contact details of the data protection officer or other contact person providing further information, the likely consequences of the data protection incident, the measures taken or planned by the controller to remedy the data protection incident, including, where appropriate, measures to mitigate any adverse consequences arising from the data protection incident.

  1. The data subject need not be informed as referred to in paragraph 1 if any of the following conditions is met:

the. the controller has implemented appropriate technical and organizational protection measures and these measures have been applied to the data affected by the data protection incident, in particular those measures, such as the use of encryption, which make it incomprehensible to persons not authorized to access personal data; data;

  1. the controller has taken further measures following the data protection incident to ensure that the high risk to the data subject's rights and freedoms referred to in paragraph 1 is no longer likely to materialize;
  2. information would require a disproportionate effort. In such cases, the data subject shall be informed through publicly available information or a similar measure shall be taken to ensure that the data subject is informed in an equally effective manner.
  3. If the controller has not yet notified the data subject of the data protection incident, the supervisory authority may, after considering whether the data protection incident is likely to involve a high risk, order the data subject to be informed or establish that one of the conditions referred to in paragraph 3 is met.
  4. PROCEDURE TO BE APPLIED IN THE EVENT OF THE APPLICANT CONCERNED
  5. The Company shall facilitate the exercise of the data subject's rights, and the data subject may not refuse to comply with the request to exercise the rights set out in this data protection notice, unless he or she proves that the data subject cannot be identified.
  6. The Enterprise shall, without undue delay, and in any event within one month of receipt of the request, inform the data subject of the action taken on the request. If necessary, taking into account the complexity of the application and the number of applications, this time limit may be extended by a further two months. The controller shall inform the data subject of the extension of the time limit, indicating the reasons for the delay, within one month of receiving the request.
  7. If the data subject has submitted the request by electronic means, the information shall, as far as possible, be provided by electronic means, unless the data subject requests otherwise.
  8. If the Undertaking fails to take action at the request of the data subject, it shall without delay, but no later than one month from the receipt of the request, inform the data subject of the reasons for non-action and that the data subject may lodge a complaint with the supervisory authority. right of appeal.

(5) The Company shall provide the following information and measures to the data subject free of charge: feedback on the processing of personal data, access to the processed data, correction, supplementation, deletion, restriction of data processing, data portability, protest against data processing, data protection incident information.

(6) If the data subject's request is clearly unfounded or - especially due to its repetitive nature - excessive, the data controller, taking into account the administrative costs of providing the requested information or action or taking the requested action: may charge a fee of HUF 5,000 or refuse the request. action on the basis of

(7) The burden of proving that the request is manifestly unfounded or excessive is on the controller.

(8) Without prejudice to Article 11 of the Regulation, if the controller has reasonable doubts about the application of Articles 15 to 21 of the Regulation. With regard to the identity of the natural person submitting the application in accordance with Article 1, he may request additional information necessary to confirm the identity of the person concerned.


  1. PROCEDURE FOR PERSONAL DATA BREACH

(1) A data protection incident is a breach of security within the meaning of the Regulation which results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise handled.

(2) The loss or theft of a device containing a personal data (laptop, mobile phone) shall be considered a data protection incident, as well as the loss or inaccessibility of the code used to decrypt the encrypted file by the data controller, infection by ransomware. makes the data managed by the data controller inaccessible until the payment of the ransom, the attack on the IT system, the publication of e-mails containing incorrectly sent personal data, the publication of the address list, etc.

(3) If a data protection incident is detected, the representative of the Company shall immediately conduct an investigation in order to identify the data protection incident and determine its possible consequences. The necessary measures must be taken to remedy the damage.

  1. The data protection incident shall be reported to the competent supervisory authority without undue delay and, if possible, no later than 72 hours after becoming aware of the data protection incident, unless the data protection incident is not likely to endanger the rights and freedoms of natural persons. viewed. If the notification is not made within 72 hours, the reasons for the delay must be provided.

(5) The data processor shall report the data protection incident to the data controller without undue delay after becoming aware of it.

  1. The notification referred to in paragraph 3 shall include at least:

the. the nature of the data protection incident, including, where possible, the categories and approximate number of data subjects and the categories and approximate number of data affected by the incident;

  1. the name and contact details of the Data Protection Officer or other contact person for further information;
  2. the likely consequences of the data protection incident must be described;
  3. describe the measures taken or planned by the controller to remedy the data protection incident, including, where appropriate, measures to mitigate any adverse consequences arising from the data protection incident.
  4. If and where it is not possible to communicate the information at the same time, it may be communicated at a later date without further undue delay.

(8) The data controller shall keep a record of data protection incidents, indicating the facts related to the data protection incident, its effects and the measures taken to remedy it. This register allows the supervisory authority to verify compliance with the requirements of Article 33 of the Regulation.

XII. Possibility of data transfer

12.1. The Data Controller is entitled and obliged to transfer all Personal Data at its disposal and duly stored by it to the competent authorities, which are obliged to transfer Personal Data by law or a final official obligation. The Data Controller cannot be held liable for such data transfer and the consequences thereof.

12.2 If the Data Controller transfers the operation or utilization of the content service and hosting service on the pages of the Services to a third party in whole or in part, it may transfer the Personal Data managed by it to all third parties without requesting the User's prior consent. to the new operator by stating that this data transfer may not place the User in a more unfavorable position than the data management rules specified in the text of this Prospectus in force at any time. In the case of data transfer in accordance with this section, the Data Controller shall provide the Users with an opportunity to protest against the data transfer before the data transfer. In case of protest, it is not possible to transfer the data of the given User according to this point.

12.3. The Data Controllers maintain a data transfer register in order to check the legality of the data transfer and to ensure that the User is informed.

XIII. DATA SECURITY PROVISIONS

13.1 The Company may process personal data only in accordance with the activities set out in these regulations, for the purpose of data processing.

13.2. The Company ensures the security of the data, in this regard it undertakes to take all the technical and organizational measures that are strictly necessary to enforce the data security legislation, data and confidentiality rules, and to establish the procedural rules necessary for the enforcement of the legislation specified above.

13.3 The Company shall protect the data by appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage, as well as becoming inaccessible due to changes in the technology used.

13.4 The technical and organizational measures to be implemented by the Company for data security purposes are set out in the Company's data protection regulations.

13.5 The Company shall take into account the current state of the art when defining and applying data security measures, and in the case of several possible data management solutions, it shall choose a solution ensuring a higher level of protection of personal data, unless this would be a disproportionate difficulty.

XIV. RULES RELATING TO DATA PROCESSING

14.1 The rights and obligations of the data processor in relation to the processing of personal data shall be determined by the data controller within the framework of law and separate laws on data management.

14.2. The Company declares that in the course of its data processing activities it does not have the competence to make a substantive decision on data management, may process personal data only in accordance with the data controller's instructions, may not process data for its own purposes, and is obliged to store and preserve personal data .

14.3. The Company is responsible for the legality of the instructions given to the data processor regarding the data management operations.

14.4. The obligation of the Enterprise is to provide the data subjects with the information about the person of the data processor and the place of the data processing.

14.5 The Company does not authorize the data processor to use an additional data processor.

14.6. The data processing contract must be in writing. Data processing cannot be entrusted to an organization that has an interest in the business using the personal data to be processed.

  1. Amendments to the Privacy Notice

15.1. The Data Controller1 reserves the right to amend this Prospectus at any time by unilateral decision.

15.2 By the next login, the User accepts the provisions of the Prospectus in force at any time, in addition, it is not necessary to seek the consent of each User.

XVI Enforcement Options

16.1 The employees of the Data Controllers can also be contacted with any questions or remarks related to data management at the e-mail address This email address is being protected from spambots. You need JavaScript enabled to view it..

16.2 With the User's complaint related to Data Management directly to the National Data Protection and Freedom of Information Authority (address: 1125 Budapest, Szilágyi Erzsébet fasor 22 / c .; phone: + 36-1-391-1400; e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.; website : www.naih.hu).

16.3 In case of violation of the User's rights, he may go to court. The trial falls within the jurisdiction of the tribunal. The action may, at the option of the person concerned, also be brought before the court of the place where the person concerned is domiciled or resident. Upon request, the Data Controllers will inform the User about the possibility and means of legal redress

Website: http://naih.hu

In the event of unlawful handling or processing of personal data (data protection incident), there is an obligation to notify the supervisory authority. The controller shall, without undue delay and, if possible, no later than 72 hours after becoming aware of the data protection incident, notify the supervisory authority, unless the data protection incident is not likely to jeopardize the rights and freedoms of natural persons.


XVII. Responsibility

17.1. The Contractor's responsibility for the handling of the Client's personal data - with the exceptions included in this chapter - shall be governed by the relevant legal provisions.

17.2. The Contractor shall take all expected and necessary measures to ensure the security of the data transmitted by the Customer, however, in view of the known risks inherent in the transmission of data via the Internet, the Contractor shall not be liable for any damages resulting from the transmission of data via the Internet.