Data processing information

Data controller

Name: Gyula Glonczi

Headquarters: 3013 Ecséd, Hársfa Street 68.

Mailing address, complaint handling: 3013 Ecséd, Hársfa utca 68.

E-mail: info@nasimania.hu

Phone number: +36 20 402 3573

Website: https://nasimania.hu/

Hosting provider

Name: Shopify Inc.

Mailing address: 150 Elgin Street, Suite 800, Ottawa, ON K2P 1L4, Canada

Email address: privacy@shopify.com

Website: https://shopify.com/

Name : Nethely Ltd.

Headquarters : 1115 Budapest, Halmi Street 29.

Availability : +36 1 800 1500 info@nethely.hu

Website : https://www.nethely.hu/

Description of data processing carried out during the operation of the webshop

This document contains all relevant data management information regarding the operation of the webshop, in accordance with the General Data Protection Regulation of the European Union 2016/679 (hereinafter: Regulation, GDPR) and Act CXII of 2011 (hereinafter: Infotv.).

Information about the use of cookies

What are cookies?

The Data Controller uses so-called cookies when visiting the website. A cookie is a package of information consisting of letters and numbers that our website sends to your browser in order to save certain settings, make our website easier to use and help us collect some relevant, statistical information about our visitors.

Some cookies do not contain personal information and are not suitable for identifying an individual user, but some contain a unique identifier - a secret, randomly generated string of numbers - that is stored on your device, thereby ensuring your identification. The operating period of each cookie is included in the relevant description of each cookie.

Legal background and legal basis of cookies:

We basically distinguish three types of cookies: cookies that are essential for the proper functioning of the Website, cookies for statistical purposes, and cookies for marketing purposes.

The legal basis for data processing is your consent pursuant to Article 6(1)(a) of the Regulation in the case of cookies for statistical and marketing purposes, and the legitimate interest necessary to ensure the operation of the Website pursuant to Article 6(1)(f) of the Regulation in the case of cookies necessary for operation.

The main characteristics of the cookies used by the website:

Cookies that are essential for operation:

If you do not accept the use of these cookies, certain features may not be available to you.

_ab Used to access the admin interface. Duration: 2 years.

_customer_account_shop_sessions Used in conjunction with the _secure_account_session_id cookie to track user sessions for new customer accounts. Duration: 30 days.

_secure_session_id Used to track the user's journey through the multi-step checkout process and to link order, payment, and shipping information. Duration: 24 hours.

_shopify_country For stores where pricing currency/country is set from GeoIP, this cookie stores the detected country. This cookie helps avoid GeoIP lookups after the first request. Duration: until session expires.

_shopify_m Used to manage customer privacy settings. Duration: 1 year.

_shopify_tm Used to manage customer privacy settings. Duration: 30 minutes.

_shopify_tw Used to manage customer privacy settings. Duration: 2 weeks.

_storefront_u It is used to facilitate updating customer account information. Duration: 1 minute.

_tracking_consent Used to store user preferences if the merchant has set privacy policies in the visitor's region. Duration: 1 year.

_cmp_a Used to manage customer privacy settings. Duration: 1 day.

c Used in connection with payment. Duration: 1 year.

cart Used in connection with a basket. Duration: 2 weeks.

cart_currency It is set after the payment is completed to ensure that new carts are in the same currency as the last payment. Duration: 2 weeks.

cart_sig A summary of the contents of a shopping cart. This is used to verify the integrity of the shopping cart and to ensure that certain shopping cart operations have been performed. Duration: 2 weeks.

cart_ts Used in connection with payment. Duration: 2 weeks.

cart_ver Used in connection with a basket. Duration: 2 weeks.

checkout Used in connection with payment. Duration: 4 weeks.

checkout_token Used in connection with payment. Duration: 1 year.

customer_account_locale Used in connection with new customer accounts Duration: 1 year.

dynamic_checkout_shown_on_cart Used in connection with payment. Duration: 30 minutes.

hide_shopify_pay_for_checkout Used in connection with payment. Duration: until the end of the session.

keep_alive Used in connection with customer localization. Duration: 2 weeks.

master_device_id Used when logging in as a merchant. Duration: 2 years.

previous_step Used in connection with payment. Duration: 1 year.

discount_code Used in connection with payment. Duration: until the end of the session.

remember_me Used in connection with payment. Duration: 1 year.

secure_customer_sig It is used to identify the user after they log in to the store as a customer, so they do not have to log in again. Duration: 1 year.

shopify_pay Used in connection with payment. Duration: 1 year.

shopify_pay_redirect Used in connection with payment. Duration: 1 hour, 3 weeks or 1 year, depending on the setting.

shop_pay_accelerated Used in connection with payment. Duration: 1 year.

source_name Combined with mobile apps to provide personalized checkout behavior when viewing a store from a compatible mobile app. Duration: Until session expires.

storefront_digest Stores a hash of the storefront password so merchants can preview their storefront while it is password protected. Duration: 2 years.

tracked_start_checkout Used in connection with payment. Duration: 1 year.

checkout_session_lookup Used in connection with payment. Duration: 3 weeks.

checkout_prefill Used in connection with payment. Duration: 5 minutes.

checkout_queue_token Used in connection with payment. Duration: 1 year.

checkout_queue_checkout_token Used in connection with payment. Duration: 1 year.

checkout_worker_session Used in connection with payment. Duration: 3 days.

checkout_session_token Used in connection with payment. Duration: 3 weeks.

checkout_session_token_< >  Used in connection with payment. Duration: 3 weeks.

cookie body It is used to ensure the proper functioning of our systems. Duration: 1 minute.

order Used in connection with the order status page. Duration: 3 weeks.

identity-state Used in connection with client authentication Duration: 24 hours.

identity-state-< > Used in connection with client authentication Duration: 24 hours.

identity_customer_account_number Used in connection with client authentication Duration: 12 weeks.

card_update_verification_id Used in connection with payment. Duration: 20 minutes.

customer_account_new_login Used in connection with client authentication Duration: 20 minutes.

customer_account_preview Used in connection with client authentication Duration: 7 days.

customer_payment_method Used in connection with payment. Duration: 1 hour.

customer_shop_pay_agreement Used in connection with payment. Duration: 20 minutes.

pay_update_intent_id Used in connection with payment. Duration: 20 minutes.

localization Used in connection with payment. Duration: 2 weeks.

profile_preview_token Used in connection with payment. Duration: 5 minutes.

login_with_shop_finalize Used in connection with client authentication Duration: 5 minutes.

preview_theme Duration: used in connection with the theme editor until session expires.

shopify-editor-unconfirmed-settings Used in connection with the theme editor Duration: 16 hours.

wpm-test-cookie It is used to ensure the proper functioning of our systems. Duration: until the end of the session.

Cookies for statistical purposes:

_landing_page Landing page tracking Duration: 2 weeks.

_orig_referrer Landing page tracking Duration: 2 weeks.

Marketing cookies:

Facebook pixel (Facebook cookie) The Facebook pixel is a piece of code that allows you to report on conversions on your website, create target audiences, and provide the website owner with detailed analytics about how visitors use your website. The Facebook pixel allows you to display personalized offers and ads to your website visitors on Facebook. You can read Facebook's privacy policy here: https://www.facebook.com/privacy/explanation

_s Shopify analytics. Duration: 30 minutes.

_shopify_d Shopify analytics. Duration: until session expires.

_shopify_fs Shopify analytics. Duration: 30 minutes.

_shopify_s Shopify analytics. Duration: 30 minutes.

_shopify_sa_p Shopify marketing and recommendations analysis. Duration: 30 minutes.

_shopify_sa_t Shopify marketing and recommendations analysis. Duration: 30 minutes.

_shopify_y Shopify analytics. Duration: 1 year.

_y Shopify analytics. Duration: 1 year.

_shopify_ga Shopify and Google Analytics. Duration: until session expires.

customer_auth_provider Shopify analytics. Duration: until session expires.

customer_auth_session_created_at Shopify analytics. Duration: until session expires.

unique_interaction_id Shopify analytics. Duration: 10 minutes.

You can find more information about deleting cookies at the following links:

• Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11
• Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
• Mozilla: https://support.mozilla.org/hu/kb/weboldalak-altal-ellyezett-sutik-torlese-szamito
• Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
• Chrome: https://support.google.com/chrome/answer/95647
• Edge: https://support.microsoft.com/hu-hu/help/4027947/microsoft-edge-delete-cookies

Google Consent Mode v2

The Data Controller has integrated Google Consent Mode v2 into its website and provides consent and rejection management based on the new version through its cookie panel. Based on Google Consent Mode v2, Google uses the previous two ( analytics_storage , In addition to the ad_storage flag, it uses two additional flags that will be used to store and read cookies for statistical and advertising purposes:

• ad_user_data: Any user data may be sent to Google for advertising purposes.
• ad_personalization: User data can be used for personalized advertising purposes, such as remarketing.

These two switches are used to determine whether the storage and reading of cookies for statistical and advertising purposes is permitted.

Data processed for the purpose of concluding and fulfilling contracts

In order to conclude and fulfill a contract, several data processing cases may be implemented. We inform you that data processing related to complaint handling and warranty administration will only be implemented if you exercise one of the aforementioned rights.

If you do not make a purchase through the webshop, but are only a visitor to the webshop, then the provisions on data processing for marketing purposes may apply to you if you give us your consent for marketing purposes.

Data processing carried out for the purpose of concluding and fulfilling contracts in more detail:

Contact us

For example, if you contact us via email, contact form, or phone with a question about a product. Prior contact is not mandatory, and you can order from the webshop at any time without doing so.

Managed data
The data you provide when contacting us.

Duration of data processing
We only process the data until the contact is completed.

Legal basis for data processing
Your voluntary consent, which you provide to the Data Controller by contacting us. [Data processing pursuant to Article 6(1)(a) of the Regulation]

Registration on the website

By storing the data provided during registration, the Data Controller can provide a more convenient service (e.g. the data subject does not have to enter their data again when making a new purchase). Registration is not a prerequisite for concluding a contract.

Managed data
During data processing, the Data Controller processes your name, address, telephone number, e-mail address, the characteristics of the purchased Goods and the date of purchase.

Duration of data processing
Until you withdraw your consent.

Legal basis for data processing
Your voluntary consent, which you provide to the Data Controller by registering [Data processing pursuant to Article 6(1)(a) of the Regulation]

Order processing

When processing orders, data processing activities are necessary to fulfill the contract.

Managed data
During data processing, the Data Controller processes your name, address, telephone number, e-mail address, the characteristics of the purchased Goods, the order number and the date of purchase.

If you have placed an order in the webshop, data processing and providing data is essential for the fulfillment of the contract.

Duration of data processing
We process the data for 5 years according to the civil law statute of limitations.

Legal basis for data processing
Performance of the contract. [Data processing pursuant to Article 6(1)(b) of the Regulation]

Issuance of the invoice

The data processing process is carried out in order to issue invoices in accordance with the law and to fulfill the obligation to retain accounting documents. Pursuant to Section 169 (1)-(2) of the Accounting Act, business companies must retain accounting documents that directly and indirectly support the accounting settlement.

Managed data
Name, address, email address, phone number.

Duration of data processing
Issued invoices must be kept for 8 years from the date of issue of the invoice, pursuant to Section 169 (2) of the Hungarian Revenue Act.

Legal basis for data processing
Pursuant to Section 159 (1) of Act CXXVII of 2007 on Value Added Tax, the issuance of an invoice is mandatory and it must be kept for 8 years pursuant to Section 169 (2) of Act C of 2000 on Accounting [Data processing pursuant to Article 6 (1) c) of the Regulation].

Data processing related to the transport of goods

The data processing process takes place in order to deliver the ordered product.

Managed data
Name, address, email address, phone number.

Duration of data processing
The Data Controller processes the data until the delivery of the ordered goods.

Legal basis for data processing
Performance of a contract [Data processing pursuant to Article 6(1)(b) of the Regulation].

Recipients and data processors of data processing related to the transport of goods

Name of the recipient: GLS General Logistics Systems Hungary Package Logistics Ltd.

Address of the recipient: 2351 Alsónémedi, GLS Európa u. 2.

Recipient's phone number: 06-29-88-67-00

Recipient's email address: info@gls-hungary.com

Recipient's website: https://gls-group.eu/HU/hu/home

The courier service assists in the delivery of the ordered goods based on a contract concluded with the Data Controller. The courier service processes the personal data received in accordance with the data processing information available on its website.

Name of the recipient: Hungarian Posta Private Limited Company

Address of the recipient: 1138 Budapest, Dunavirag Street 2-6.

Recipient's phone number: +36-1/767-8200

Recipient's email address: ugyfelszolgalat@posta.hu

Recipient's website: posta.hu

The courier service assists in the delivery of the ordered goods based on a contract concluded with the Data Controller. The courier service processes the personal data received in accordance with the data processing information available on its website.

Name of the recipient: DPD Hungary Ltd.

Address of the recipient: 1158 Budapest, Késmárk Street 14. Building B.

Recipient's phone number: +36-1/501-6200

Recipient's email address: dpd@dpd.hu

Recipient's website: https://www.dpd.com/hu/

The courier service assists in the delivery of the ordered goods based on a contract concluded with the Data Controller. The courier service processes the personal data received in accordance with the data processing information available on its website.

Name of the recipient: FoxPost Private Limited Company

Address of the recipient: 3200 Gyöngyös, Batsányi János Street 9.

Recipient's phone number: +36 1/999-0-369

Recipient's email address: info@foxpost.hu

Recipient's website: foxpost.hu

The courier service assists in the delivery of the ordered goods based on a contract concluded with the Data Controller. The courier service processes the personal data received in accordance with the data processing information available on its website.

Handling warranty and guarantee claims

Warranty and guarantee claims must be processed in accordance with the rules of Decree 19/2014 (IV. 29.) of the Ministry of National Economy, which also determines how your claim should be handled.

Managed data

When handling warranty and guarantee claims, we must act in accordance with the rules of Decree 19/2014 (IV. 29.) of the Ministry of National Economy.

According to the regulation, we are obliged to record a report on the warranty or guarantee claim reported to us, in which we record:

1. your name, address and declaration that you consent to the processing of your data recorded in the minutes as specified in the regulation,
2. the name and purchase price of the movable property sold under the contract between you and us,
3. the date of performance of the contract,
4. the date of the error report,
5. a description of the error,
6. the right you wish to assert based on your warranty or guarantee claim, and
7. the method of settling the warranty or guarantee claim or the reason for rejecting the claim or the right sought to be enforced based on it.

If we receive the purchased Goods from you, we must issue a receipt stating:

1. your name and address,
2. the data necessary to identify the thing,
3. the date of receipt of the item, and
4. the time when you can receive the repaired item.

Duration of data processing
The enterprise is obliged to keep the minutes of the consumer's warranty or guarantee claim for three years from the date of its recording and to present them to the inspection authority upon request.

Legal basis for data processing
The legal basis for data processing is compliance with legal obligations pursuant to Regulation 19/2014 (IV. 29.) of the Ministry of National Economy [Section 4 (1) and Section 6 (1)] [Data processing pursuant to Article 6 (1) c) of the Regulation].

Handling other consumer complaints

The data processing process is carried out in order to handle consumer complaints. If you have contacted us with a complaint, data processing and the provision of data is essential.

Managed data
Customer name, phone number, email address, content of complaint.

Duration of data processing
Consumer complaints are kept for 3 years in accordance with the Consumer Protection Act.

Legal basis for data processing
It is your voluntary decision whether to contact us with a complaint, however, if you contact us, we are obliged to keep the complaint for 3 years pursuant to Section 17/A. (7) of Act CLV of 1997 on Consumer Protection [Data processing pursuant to Article 6 (1) c) of the Regulation].

Data processed in connection with the verification of consent

During registration, ordering, or subscribing to the newsletter, the IT system stores the IT data related to the consent for later proof.

Managed data
Date of consent and IP address of the data subject.

Duration of data processing
Due to legal requirements, consent must be proven later, therefore the data storage period is limited to the limitation period following the termination of data management.

Legal basis for data processing
This obligation is laid down in Article 7(1) of the Regulation. [Data processing pursuant to Article 6(1)(c) of the Regulation]

Data processing for marketing purposes

Data processing related to sending newsletters

The data processing process is carried out for the purpose of sending newsletters.

Managed data
Name, address, email address, phone number.

Duration of data processing
Until the data subject withdraws their consent.

Legal basis for data processing
Your voluntary consent, which you provide to the Data Controller by subscribing to the newsletter [Data processing pursuant to Article 6(1)(a) of the Regulation]

Data processing related to sending and displaying personalized advertising

The data management process is carried out in order to send advertising content that is relevant to the interests of the data subject.

Managed data
Name, address, email address, phone number.

Duration of data processing
Until you withdraw your consent.

Legal basis for data processing
Your voluntary, specific consent, which you provide to the Data Controller during the data collection process [Data processing pursuant to Article 6(1)(a) of the Regulation]

Remarketing

Data management as a remarketing activity is implemented using cookies.

Managed data
Data processed by cookies as defined in the cookie policy.

Duration of data processing
The data storage period of a given cookie, more information is available here:

Google general cookie information:
https://www.google.com/policies/technologies/types/

Google Analytics information:
https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=en

Facebook information:
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

Legal basis for data processing
Your voluntary consent, which you provide to the Data Controller by using the website [Data processing pursuant to Article 6(1)(a) of the Regulation].

Prize draw

The data processing process takes place in order to conduct the prize draw.

Managed data
Name, email address, phone number.

Duration of data processing
The data will be deleted after the competition closes, except for the winner's data, which the Data Controller is obliged to retain for 8 years under the Accounting Act.

Legal basis for data processing
Your voluntary consent, which you provide to the Data Controller by using the website. [Data processing pursuant to Article 6(1)(a) of the Regulation]

Further data processing

If the Data Controller intends to carry out further data processing, it will provide prior information on the essential circumstances of the data processing (legal background and legal basis of data processing, purpose of data processing, scope of data processed, duration of data processing).

Recipients of personal data

Data processing for the storage of personal data

Name of the data processor: Shopify Inc.

Contact details of the data processor:

Phone number:

Email address: privacy@shopify.com

Headquarters: 150 Elgin Street, Suite 800, Ottawa, ON K2P 1L4, Canada

Website: https://www.shopify.com

Name : Nethely Ltd.

Headquarters : 1115 Budapest, Halmi Street 29.

Availability : +36 1 800 1500 info@nethely.hu

Website : https://www.nethely.hu/

The Data Processor stores personal data based on a contract concluded with the Data Controller. It is not authorized to view personal data.

Data processing activities related to sending newsletters

Name of the company operating the newsletter sending system: The Rocket Science Group LLC.

Headquarters of the company operating the newsletter sending system: 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA

Telephone number of the company operating the newsletter sending system:

Email address of the company operating the newsletter sending system: privacy@mailchimp.com

Website of the company operating the newsletter sending system: mailchimp.com

The Data Processor participates in sending newsletters based on a contract concluded with the Data Controller. In doing so, the Data Processor processes the name and e-mail address of the data subject to the extent necessary for sending the newsletter.

Name of the company operating the newsletter sending system: Shopify inc

Headquarters of the company operating the newsletter sending system: 150 Elgin Street, Suite 800, Ottawa, ON K2P 1L4, Canada

Telephone number of the company operating the newsletter sending system:

Email address of the company operating the newsletter sending system: privacy@shopify.com

Website of the company operating the newsletter sending system: https://www.shopify.com

The Data Processor participates in sending newsletters based on a contract concluded with the Data Controller. In doing so, the Data Processor processes the name and e-mail address of the data subject to the extent necessary for sending the newsletter.

Accounting-related data management

Name of the data processor: KVADA CONTROL Ltd.

The data processor's registered office is: 3013 Ecséd, Nyárfa út 40.

Data processor's telephone number: -

The data processor's e-mail address: kvada@t-online.hu

Data processor's website: -

The Data Processor participates in the accounting of accounting documents based on a written contract concluded with the Data Controller. In the course of this, the Data Processor processes the name and address of the data subject to the extent necessary for accounting records, for a period in accordance with Section 169 (2) of the Data Protection Act, and then deletes it immediately.

Billing-related data processing

Name of the data processor: Billingo Technologies Zrt. (online invoicing system)

The data processor's registered office is: 1133 Budapest, Árbóc utca 6, 1st floor.

Data processor's telephone number: +36-1/500-9491

Data processor's email address: hello@billingo.hu

The data processor's website: https://www.billingo.hu

The Data Processor cooperates in the registration of accounting documents based on a contract concluded with the Data Controller. In the course of this, the Data Processor processes the name and address of the data subject to the extent necessary for the accounting registration, for a period in accordance with Section 169 (2) of the Personal Data Act, and then deletes it.

Your rights during data processing

Within the period of data processing, you have the following rights in accordance with the provisions of the Regulation:

• the right to withdraw consent
• access to personal data and information about data processing
• right to rectification
• restriction of data processing,
• right to erasure
• right to protest
• right to portability.

If you wish to exercise your rights, this will involve your identification, and the Data Controller will necessarily have to communicate with you. Therefore, for the purpose of identification, it will be necessary to provide personal data (but identification may only be based on data that the Data Controller already processes about you), and your complaints regarding data processing will be available in the Data Controller's email account within the period specified in this information regarding complaints. If you were our customer and would like to identify yourself for the purpose of complaint management or warranty administration, please also provide your order ID for identification. Using this, we can also identify you as a customer.

The Data Controller will respond to complaints related to data processing within 30 days at the latest.

Right to withdraw consent

You have the right to withdraw your consent to data processing at any time, in which case we will delete the data you have provided from our systems. However, please note that in the case of an order that has not yet been fulfilled, withdrawal may result in us not being able to deliver it to you. In addition, if the purchase has already been made, we cannot delete billing-related data from our systems based on accounting regulations, and if you have a debt to us, we may process your data based on our legitimate interest in collecting the debt even if you withdraw your consent.

Access to personal data

You have the right to receive feedback from the Data Controller as to whether your personal data is being processed and, if processing is in progress, you have the right to:

• obtain access to the personal data processed and
• The Data Controller shall inform you of the following information:
  • the purposes of data processing;
  • the categories of personal data processed about you;
  • information about the recipients or categories of recipients to whom the personal data have been or will be disclosed by the Data Controller;
  • the planned period for which the personal data will be stored or, if this is not possible, the criteria for determining this period;
  • your right to request from the Data Controller the rectification, erasure or restriction of processing of personal data concerning you, and to object to the processing of such personal data where processing is based on legitimate interest;
  • the right to lodge a complaint with the supervisory authority;
  • if the data was not collected from you, all available information about its source;
  • the fact of automated decision-making (if such a procedure is applied), including profiling, and at least in these cases, understandable information about the logic involved and the significance and likely consequences of such processing for you.

The purpose of exercising the right may be to establish and verify the lawfulness of data processing, therefore, in the event of multiple requests for information, the Data Controller may charge a fair fee in exchange for providing the information.

The Data Controller provides access to personal data by sending you the processed personal data and information by email after you have been identified. If you have registered, we provide access by logging into your user account to view and check the personal data processed about you.

Please indicate in your request whether you are requesting access to personal data or information related to data processing.

Right to rectification

You have the right to request that the Data Controller correct inaccurate personal data concerning you without delay.

Right to restrict data processing

You have the right to request that the Data Controller restrict data processing if one of the following applies:

• You dispute the accuracy of the personal data, in which case the restriction applies for a period of time that allows the Data Controller to verify the accuracy of the personal data; if the accuracy of the data can be determined immediately, the restriction will not apply;

• the data processing is unlawful, but you oppose the deletion of the data for any reason (for example, because the data is important to you for the enforcement of a legal claim), therefore you do not request the deletion of the data, but instead request the restriction of its use;

• the Data Controller no longer needs the personal data for the specified data processing purposes, but you require them for the establishment, exercise or defence of legal claims; or

• You have objected to the data processing, but the legitimate interest of the Data Controller may also justify the data processing, in which case, until it is determined whether the legitimate grounds of the Data Controller override your legitimate grounds, the data processing must be restricted.

Where processing is subject to restrictions, such personal data may be processed, with the exception of storage, only with the consent of the data subject, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for important public interest reasons of the Union or of a Member State.

The data controller will inform you in advance (at least 3 working days before the restriction is lifted) about the lifting of the restriction on data processing.

Right to erasure - right to be forgotten

You have the right to have the Data Controller erase personal data concerning you without undue delay if one of the following reasons applies:

• the personal data are no longer necessary for the purposes for which they were collected or otherwise processed by the Data Controller;
• You withdraw your consent and there is no other legal basis for the processing;
• You object to processing based on legitimate interest and there is no overriding legitimate reason (i.e. legitimate interest) for the processing,
• the personal data was processed unlawfully by the Data Controller and this was established based on the complaint,
• the personal data must be erased to comply with a legal obligation under Union or Member State law applicable to the Controller.

If the Data Controller has made personal data processed about you public for any legitimate reason and is obliged to erase them for any of the reasons indicated above, it is obliged to take reasonable steps, taking into account available technology and the cost of implementation, including technical measures, to inform other data controllers processing the data that you have requested the erasure of links to the personal data in question or of copies or replications of these personal data.

Erasure does not apply if data processing is necessary:

• for the purpose of exercising the right to freedom of expression and information;
• for the purpose of fulfilling an obligation under Union or Member State law to which the controller is subject to which the personal data must be processed (such as processing in the context of invoicing, as the retention of the invoice is required by law), or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
• to submit, enforce or defend legal claims (e.g. if the Data Controller has a claim against you and has not yet fulfilled it, or a consumer or data processing complaint is in progress).

Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on legitimate interest. In such a case, the Controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such purposes, including profiling, insofar as it is related to direct marketing. If you object to the processing of your personal data for direct marketing purposes, your personal data will no longer be processed for such purposes.

Right to portability

If the data processing is carried out by automated means or if the data processing is based on your voluntary consent, you have the right to request from the Data Controller to receive the data you have provided to the Data Controller, which the Data Controller will make available to you in xml, JSON, or csv format, if this is technically feasible, you may request that the Data Controller transmit the data in this form to another data controller.

Automated decision-making

You have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you. In such cases, the Controller shall take suitable measures to safeguard the rights, freedoms and legitimate interests of the data subject, including at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to object to the decision.

The above does not apply if the decision:

• Necessary for the conclusion or performance of a contract between you and the Data Controller;
• is permitted by Union or Member State law applicable to the Controller, which also lays down suitable measures to protect your rights and freedoms and legitimate interests; or
• based on your express consent.

Logging into the data protection register

According to the provisions of the Infotv., the Data Controller had to report certain data processing operations to the data protection register. This reporting obligation ceased on May 25, 2018.

Data security measures

The Data Controller declares that it has taken appropriate security measures to protect personal data against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction and damage, as well as against inaccessibility resulting from changes in the technology used.

The Data Controller will do everything within its organizational and technical capabilities to ensure that its Data Processors also take appropriate data security measures when working with your personal data.

Legal remedies

If you believe that the Data Controller has violated any legal provision relating to data processing or has not fulfilled any of your requests, you may initiate an investigation procedure with the National Data Protection and Freedom of Information Authority in order to terminate the allegedly unlawful data processing (correspondence address: 1363 Budapest, Pf. 9., e-mail: ugyfelszolgalat@naih.hu, telephone numbers: +36 (30) 683-5969 +36 (30) 549-6838; +36 (1) 391 1400).

We also inform you that in the event of a violation of the legal provisions relating to data processing, or if the Data Controller has not fulfilled any of your requests, you may file a civil lawsuit against the Data Controller in court.

Modification of data processing information

The Data Controller reserves the right to amend this data management information in a way that does not affect the purpose and legal basis of the data management. By using the website after the amendment comes into force, you accept the amended data management information.

If the Data Controller intends to carry out further data processing in relation to the collected data for a purpose other than the purpose for which it was collected, it will inform you of the purpose of the data processing and the following information prior to further data processing:

• the duration of storage of personal data or, if this is not possible, the criteria for determining the duration;
• your right to request access to, rectification, erasure or restriction of processing of your personal data from the Data Controller, and to object to the processing of your personal data in the case of processing based on legitimate interest, and to request the right to data portability in the case of processing based on consent or a contractual relationship;
• in the case of data processing based on consent, that you can withdraw your consent at any time,
• the right to lodge a complaint with the supervisory authority;
• whether the provision of personal data is based on a legal or contractual obligation or is a prerequisite for entering into a contract, and whether you are obliged to provide the personal data, as well as the possible consequences of failure to provide the data;
• the fact of automated decision-making (if such a procedure is applied), including profiling, and at least in these cases, understandable information about the logic involved and the significance and likely consequences of such processing for you.

Data processing can only begin after this, if the legal basis for data processing is consent, you must also consent to data processing in addition to being informed.