Privacy Policy
Data Protection Notice
Download Data Protection Notice
Data Protection Notice
It is a strategic endeavor for ISONEM Hungary Ltd. – hereinafter referred to as the data controller – to ensure the protection of the personal data of the visitors, customers and clients of the web stores it operates – hereinafter referred to as the web stores – as well as its professional and business partners – hereinafter referred to as the data subjects – and the possibility of exercising their right to informational self-determination at all times.
Personal data is collected and processed when using the webshops and websites related to the webshops located on the access paths detailed below – hereinafter referred to as: website or websites – and during the professional and business relationship with the data controller. This data management notice – hereinafter referred to as: notice – sets out the rules for the use, management and storage of personal data provided by the data subjects and professional and business partners during the use of the websites and webshops and during the professional and business relationship with the data controller – hereinafter referred to as: data management.
The content of this notice applies to the following websites and web stores operated by the data controller:
https://isonemmagyarorszag.hu/
The data controller acknowledges the content of this information as binding on itself and undertakes to ensure that all data processing related to its activities complies with the requirements set out in this information and in the applicable national and European Union legislation and other legal acts.
Company name : ISONEM Hungary Ltd.
Registered office: 7666 Pogány, Zrínyi Street 6.
Representative: István Tóth, Managing Director
Company registration number : 02-09-088309
Registered by: Pécs Court of Appeals
Tax number: 32544080-2-02
Bank account number:
Account manager: Cib Bank Zrt. (HUF)
Phone number: +36 30 488 3059
Email address: info@isonemmagyarorszag.hu
The data controller has reviewed and interpreted the provisions of Article 37 of Regulation (EU) 2016/679 of the European Parliament and of the Council – hereinafter: GDPR – and the Guidelines of the Article 29 Data Protection Working Party No. 16/HU WP 243 rev.01 on data protection officers, revised on 5 April 2017, which detail the rules for the appointment of a data protection officer, and has decided not to employ a data protection officer.
Data subjects may contact the data controller with their complaints and questions related to data processing at any of the contact details indicated in point 1.
The data controller aims to ensure the right of data subjects to informational self-determination at all times and to strictly respect the privacy of data subjects.
Therefore, the data controller collects and processes the personal data of the data subjects confidentially, by lawful means and fairly in accordance with the currently applicable legal provisions. When placing an order in the web stores, the data subject accepts the General Terms and Conditions of the web store and the provisions of this information by checking the relevant checkbox, and thereby gives his/her voluntary consent to the processing of his/her data related to the purchase.
We inform you that you have the right to withdraw your consent to data processing at any time by contacting the data controller at the contact details indicated in point 1. However, the withdrawal of consent does not affect the lawfulness of the processing of data prior to withdrawal. We also inform you that in the event of withdrawal after the order has been placed, the data controller is entitled to continue processing the data in order to fulfil a legal obligation imposed on it (based on Article 6(1)(c) of Regulation (EU) 2016/679 of the European Parliament and of the Council) or on the basis of its legitimate interest in the performance of the contract (based on Article 6(1)(b) of Regulation (EU) 2016/679 of the European Parliament and of the Council).
The purpose of the contact form on the websites is to provide the possibility of online contact. When filling out the contact form, the data controller learns the data subject’s surname, first name and e-mail address as mandatory data, which is processed based on the data controller’s consent and on the basis of Article 6(1)(a) of Regulation (EU) 2016/679 of the European Parliament and of the Council. If no business relationship is established between the data controller and the sender, the data controller will delete the data it has learned and processed within 30 (thirty) calendar days.
In the absence of the mandatory data, the data controller cannot ensure contact.
When filling out the online contact form, the data subject must indicate by checking the checkbox that they have read and accepted the content of this information.
The data subject may also contact the data controller at the telephone number specified in point 1 of this notice. In this case, the data controller will learn the caller’s last name, first name and telephone number.
The service provider providing the telephone line and the company providing the telephone exchange service also have access to the caller’s telephone number.
The personal data of the caller are processed by the data controller based on the consent of the data controller pursuant to Article 6(1)(a) of Regulation (EU) 2016/679 of the European Parliament and of the Council for the purpose of calling the caller back and answering their questions. If no business relationship is established between the data controller and the caller, the data controller shall, taking into account the technological possibilities available to it, make every effort to delete the caller’s data within 30 (thirty) calendar days from the date of contact.
In the absence of the mandatory data, the data controller cannot ensure contact.
When receiving e-mails addressed to the data controller, the sender’s first and last name, e-mail address and – if provided by the sender – telephone number are also known to the data controller. The data controller processes these data based on the data subject’s consent and on the basis of Article 6(1)(a) of Regulation (EU) 2016/679 of the European Parliament and of the Council, in order to be able to respond to the sender of the e-mail. If no business relationship is established between the Data Controller and the sender, the Data Controller will delete the data it has learned and processed within 30 (thirty) calendar days.
In the absence of the mandatory data, the data controller cannot ensure contact.
The data subject may also contact the data controller in person at the registered office specified in point 1. In this case, the data controller will learn the data subject’s surname and first name, and, where applicable, telephone number and e-mail address. The data controller processes these data on the basis of consent pursuant to Article 6(1)(a) of Regulation (EU) 2016/679 of the European Parliament and of the Council, in order to respond to the data subject’s questions in person, by telephone, by e-mail (the method preferred by the data subject) and to provide a price quote at the data subject’s request. If no business relationship is established between the data controller and the data subject, the data controller will delete the data it has learned and processed within 30 (thirty) calendar days.
In the absence of the mandatory data (at least last name and first name, or a written document – for example, in the case of a request for a quote – at least one personal data item necessary for delivery), the data controller cannot ensure contact.
3.5 Data technically recorded during the operation of the website
– IP address.
– The start and end time of logging into the website, and depending on the settings of the data subject’s computer, the type of browser and operating system.
– Data relating to the activity of the data subjects on the website (for example, tracking the number of banner clicks).
This data is automatically logged by the system without any separate declaration from the data subjects. This information is not suitable for personal identification, the data controller does not link the data in the log file with other personal data, the data is used only to create site usage statistics, administer the services, analyze and satisfy user needs, which serve to improve the technical level of the services and the IT system. Only the data controller has access to the data.
3.6 Registration on the website
The data subject can shop in the web stores in a way that is more convenient for them, with or without registration, and both shopping methods are available to them.
3.6.1 Purchase with registration
During the purchase process, the data subject may decide to purchase the contents of the cart by registering. In this case, the data controller will learn the data subject’s username, password, first and last name, e-mail address, telephone number, shipping and billing name and address. The data controller uses these personal data for the purpose of concluding the sales contract, fulfilling the order, determining and modifying the content of the order, monitoring its fulfillment, for the purpose of later proving the order conditions, for the purpose of fulfilling its obligations arising from the contract pursuant to Article 6(1)(b) of Regulation (EU) 2016/679 of the European Parliament and of the Council, for the purpose of invoicing the fees arising from the order and for the purpose of enforcing claims related thereto, for the purpose of fulfilling a legal obligation pursuant to Article 6(1)(c) of Regulation (EU) 2016/679 of the European Parliament and of the Council.
The personal data provided during registration will be processed by the data controller until it is deleted at the request of the data subject. The request for deletion can be fulfilled if it does not conflict with the obligation to retain the invoice issued for the purchase.
If the personal data requested during registration is not provided, the data controller cannot fulfill its obligations arising from the conclusion of the contract or its legal obligations, and therefore cannot fulfill the order.
3.6.2 Purchase without registration
During the purchase process, the data subject may decide not to create a user account during the purchase and to complete the purchase without registration. In this case, the data controller will learn the data subject’s first and last name, e-mail address, telephone number, shipping and billing name and address. The data controller uses these personal data for the purpose of concluding the sales contract, fulfilling the order, determining and modifying the content of the order, monitoring its fulfillment, for the purpose of later proving the order conditions, for the purpose of fulfilling its obligations arising from the contract pursuant to Article 6(1)(b) of Regulation (EU) 2016/679 of the European Parliament and of the Council, for the purpose of invoicing the fees arising from the order and for the purpose of enforcing claims related thereto, for the purpose of fulfilling a legal obligation pursuant to Article 6(1)(c) of Regulation (EU) 2016/679 of the European Parliament and of the Council.
The personal data provided during registration will be processed by the data controller until it is deleted at the request of the data subject. The request for deletion can be fulfilled if it does not conflict with the obligation to retain the invoice issued for the purchase. If the personal data requested during registration is not provided, the data controller cannot fulfill the obligations arising from the conclusion of the contract or its legal obligations, and therefore cannot fulfill the order.
Failure to register also means that the data subject will not be able to retrieve previous orders.
The data subjects are provided with the possibility of registering for the newsletter on all websites managed by the data controller. The newsletter may contain advertising and periodic offers, which the data controller draws the data subject’s attention to before registration. When registering for the newsletter, the data subject provides his/her surname, first name and e-mail address, which the data controller processes based on consent, pursuant to Article 6(1)(c) of Regulation (EU) 2016/679 of the European Parliament and of the Council.
When registering for the newsletter, the data subject indicates by checking the appropriate checkbox that he/she has read and accepted the content of this information, and also whether he/she gives his/her consent to the data controller sending him/her advertising or periodic offers. After providing the personal data required for registration and checking the checkboxes, the data subject receives a confirmation link, by clicking on which he/she confirms that he/she manages the registered e-mail address.
If the last name, first name, e-mail address, and the checkboxes that form the basis for consent are not ticked, the data controller will not be able to process the data subject’s subscription request.
Consent to receive the newsletter can be withdrawn at any time by clicking on the “Unsubscribe” button at the bottom of the newsletter or by sending a short, written message to one of the contact details of the data controller specified in point 1. Data processing prior to the withdrawal of consent is considered lawful.
The data subjects shall pay the consideration for the ordered products based on the cash, cash on delivery or bank transfer invoice issued by the data controller. The data controller is obliged by law to issue the invoice. The legal basis for data processing is the fulfillment of the data controller’s legal obligation pursuant to Article 6(1)(c) of Regulation (EU) 2016/679 of the European Parliament and of the Council, Section 169(c) of Act CXXVII of 2007 on Value Added Tax, and Section 167(1)(aj) and Section 169(1) of Act C of 2000 on Accounting. When issuing the invoice, the data controller shall obtain the data subject’s surname, first name and billing address, and, if payment by bank transfer is chosen, the data subject’s bank account number.
In the absence of the last name, first name and billing address, the obligation to issue an invoice as required by law does not apply and thus the order cannot be fulfilled.
When ordering, the data subject can choose home delivery, which the data controller performs with the involvement of data processors. When choosing home delivery, the data controller learns the data subject’s delivery address, e-mail address and telephone number, which it processes with the aim of facilitating contact and coordination of delivery details during delivery, and to carry out the delivery in accordance with the needs of the data subject and the data controller.
The legal basis for the data processed during home delivery is the fulfillment of a contractual obligation arising from the sales contract concluded between the data controller and the data subject pursuant to Article 6(1)(b) of Regulation (EU) 2016/679 of the European Parliament and of the Council.
The data controller processes the personal data provided during home delivery for the purpose of fulfilling the contract until successful home delivery (i.e. the purpose of data processing) is achieved, pursuant to Article 6(1)(b) of Regulation (EU) 2016/679 of the European Parliament and of the Council.
During business cooperation, the data subject has the opportunity to use the help of customer service. Customer service means all operations of the data controller related to the data subject and the data subject’s order (such as: trade, marketing, technical consultation, logistics, accounting), so the data controller’s employees may also learn about the data subject’s personal data to the extent and for the period necessary to answer the data subject’s question, comment, or complaint. Customer service is part of the contract concluded with the data subject, a service provided by the data controller, for the performance of which the data controller processes the data subject’s personal data in order to perform the contract, based on Article 6(1)(b) of Regulation (EU) 2016/679 of the European Parliament and of the Council.
3.10 Business and professional partners
During long-term business and professional relationships, even going back several years, the data controller processes the personal data of its business and professional partners (e.g. suppliers, service providers) based on legitimate interest and Article 6(1)(f) of Regulation (EU) 2016/679 of the European Parliament and of the Council, such as: surname and first name, e-mail address and telephone number.
The data controller has carried out the balancing test required for the processing of personal data of natural person contacts of business and professional partners based on legitimate interest, which it provides access to upon request by the business or professional partner. The data controller ensures the right of objection for business and professional partners at any stage of data processing.
Cookies are information packages consisting of letters and numbers that are usually sent by websites to the user’s browser with the aim of saving certain settings, making the website easier to use, and helping the data controller collect some relevant, statistical information about visitors.
Cookies do not contain personal information and are not suitable for identifying an individual user. Cookies often contain a unique identifier – a secret, randomly generated string of numbers – that is stored on the website visitor’s device. Some cookies expire when the website is closed, while others are stored on the website visitor’s device for a longer period of time.
Users can prohibit all cookie-related activities and delete data files placed during their previous visits. The user’s browser will provide instructions on how to do this as follows.
Manage cookies and site data:
– automatic deletion of browsing data.
When downloading certain parts of the website, the data controller automatically places small data files, in some cases containing the visitor’s personal data, on the visitor’s computer using the Google Analytics visit analysis software operated by Google Inc. (“Google”) . According to the currently applicable legislation, the user will be notified of this when they first visit the site, and the data controller will request their consent for this. The data files are necessary for the operation of certain functions of the website, and the information will be sent to the operator. Users can obtain more information about the exact name (_ga, _gat, _gid) and function of these data files by clicking here . Google Analytics stores the IP number received through the browser in an anonymized form and cannot connect it to the user. The data is kept for 26 months, the beginning of which period restarts if a new event occurs in relation to the user.
3.11.1 Details about the cookies used by the website https://isonemmagyarorszag.hu/
The data controller operates a Facebook page in order to provide its followers with news about its activities from time to time, as an entrepreneur. Advertisements related to the data controller as an enterprise and the offers of the data controller’s partners also appear on the Facebook page. It is not possible to send messages via the Facebook page.
The personal data generated on the Facebook page (first and last name, possibly profile picture, comments) – similar to contacting you by phone or e-mail – is processed by the data controller with consent, pursuant to Article 6(1)(a) of Regulation (EU) 2016/679 of the European Parliament and of the Council, in order to maintain contact with your followers.
Consent can be withdrawn by pressing the „like” and „follow” buttons again when liking the page, or by deleting the comment.
We will provide information about data processing not listed in this information when collecting the data. We inform the data subjects that the authorities and other bodies authorized by law may contact the data controller for the purpose of providing information, communicating or transferring data, or making documents available. However, in this case, the data controller will only disclose personal data and only to the extent that is absolutely necessary to achieve the purpose of the request.
The data controller’s data processing is based on consent (as defined above) for the following operations:
– using contact forms on websites,
– contacting by phone, in person or via e-mail,
– registration on the website for the purpose of purchasing,
– newsletter subscription,
– preparation of attendance statistics,
– managing comments and likes on the Facebook page.
The consent given by the data subject can be withdrawn at any time in the same simple way as the consent was given. In the case of contact, the data controller asks the data subject to request the deletion of their data in a short message sent to the e-mail address info@isonemmagyarorszag.hu . Data processing prior to the withdrawal of consent is considered lawful.
The data controller is required by law to issue an invoice containing specific data for the service, so the management of billing data and the issuance of the invoice are obligations prescribed by law. If the data controller does not receive the data prescribed by law from the Data Subject, it cannot perform the service undertaken. The legal basis for data processing is the fulfillment of the data controller’s legal obligation pursuant to Article 6(1)(c) of Regulation (EU) 2016/679 of the European Parliament and of the Council, Article 169(c) of Act CXXVII of 2007 on Value Added Tax, and Article 167(1)(aj) and Article 169(1) of Act C of 2000 on Accounting.
The data controller’s company primarily concludes contracts with legal entities, however, personal data may also be included in contracts concluded with legal entities (for example: the contact person’s last and first name, telephone number, e-mail address, or the name of the legal entity’s representative). The condition for concluding a contract is that the Data Controller knows this data and knows where and how to reach the other party (whether a natural person or a natural person’s contact person of a legal entity). Without knowledge of the data, the Data Controller does not consider the contract to be concluded and cannot provide the service. The legal basis for data processing is the fulfillment of the data controller’s legal obligation, Article 6(1)(b) of Regulation (EU) 2016/679 of the European Parliament and of the Council.
During business relationships, the data controller processes the name, title, e-mail address and telephone number of the managers or contact persons of business partners based on legitimate interest. The data controller considers a natural person who, as a sole proprietor or as a natural person contact person of a legal entity, establishes a business relationship with the data controller and with whom the data controller works together in a work process (for example: supplier).
The personal data listed in this section was obtained by the data controller directly from the data subjects during previous business correspondence and meetings dating back many years.
The data subjects have already been convinced of the confidentiality of their personal data during the business relationship that has been going on for years. Nevertheless, the data controller has carried out a balancing test, which is essential for the lawful processing of personal data, the content of which is made available to the data subjects upon request. The data controller ensures the right to object to the processing of personal data for all data subjects.
– Contact forms (first and last name, email address) – until the business relationship is closed (reviewed every six months).
– Billing name and address – for the period prescribed by law (in the case of companies, the current year + 8 (eight) years).
– Business partner data (first and last name, email address, telephone number) – During the existence of the business relationship or until a deletion request.
– Cookies coming from the website until the cookie’s validity period or until the user deletes these cookies from their browser (GA visitor statistics – 26 months).
The data controller uses data processors to perform certain tasks.
Hosting provider Websupport Hungary Ltd. (registered office: 1132 Budapest, Victor Hugo utca 18-22., telephone number: +36 1 700 4140, e-mail: info@tarhelypark.hu , website: https://tarhelypark.hu ) – Data processing information – Access to the full content of the websites
Receiving and sending emails: Magyar Telekom Plc (head office: 1013 Budapest, Krisztina krt. 55., telephone number: 1400, e-mail: ts_ugyfelkapsulate@t-systems.hu , website: https://www.telekom.hu ) – Data processing information – Receiving and forwarding e-mail from your own domain
Mobile service provider: Magyar Telekom Plc (headquarters: 1013 Budapest, Krisztina krt. 55., telephone number: 1400, e-mail: ts_ugyfelkapcsolat@t-systems.hu , website: https://www.telekom.hu ) – Data processing information – Receiving and forwarding e-mail from your own domain
Google Analytics: Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) – Privacy Policy – Access to the IP address of website visitors
Facebook page: Facebook Ireland Limited (4 Grand Canal Square Grand Canal Harbour Dublin 2 Ireland) – Privacy Policy – Access to the full content of the user’s profile including comments
The personal data of the data subjects may also be accessed by the data controller’s employees for the time and to the extent necessary to perform tasks arising in connection with the employment relationship. The camera system operating at the data controller’s headquarters is operated by the data controller.
Data transfer takes place exclusively to the United States of America. A decision of conformity with the USA was made on July 12, 2016. The decision of conformity is directly accessible by clicking on the following link:
The adequacy decision is being followed by both Google and Facebook.
Google’s position statement on the compliance decision can be accessed directly by clicking on the link below:
https://policies.google.com/privacy/frameworks
Facebook’s position statement regarding the compliance decision can be accessed directly by clicking on the link below:
https://www.facebook.com/about/privacyshield
Right to information: Data subjects may at any time request the data controller to provide information about the processing of their personal data and the right to data portability, or they may at any time request access to their personal data, their modification, rectification, or – with the exception of mandatory data processing – their deletion or blocking. Data subjects may exercise these rights orally or in writing at the data controller’s contact details specified in point 1 of this policy. We inform you that the condition for verbal information is proof of identity.
Right of access: The data subject has the right to receive feedback on whether the data controller is processing his or her personal data. At the data subject’s request, the data controller shall provide information on the categories of data processed by the data subject, their source, recipients, the purpose, legal basis, duration of the data processing, the circumstances of a data protection incident, its effects and the measures taken to remedy it, its activities related to data processing, and the right to file a complaint with the supervisory authority.
The data controller shall provide the data subject with a copy of the personal data subject to data processing. The data controller shall provide the information within one month of the submission of the request.
The right to data portability: The data subject has the right to receive the data concerning him or her, which he or she has provided to the data controller, in a machine-readable format and to transmit these data to another data controller or to request that the data be sent directly to another data controller.
Right to rectification: The data subject has the right to request the correction or completion of incorrectly recorded data at any time.
The data controller shall mark the personal data it processes if the data subject disputes its correctness or accuracy, but the incorrectness or inaccuracy of the disputed personal data cannot be clearly established.
The right to erasure/to be forgotten: The data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies:
– the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
– the data subject withdraws his/her consent which forms the basis for data processing and there is no other legal basis for data processing;
– the data subject objects to the data processing and there are no overriding legitimate grounds for the data processing,
– personal data has been processed unlawfully;
– the personal data must be erased for compliance with a legal obligation under Union or Member State law to which the controller is subject;
– the personal data were collected in connection with the provision of information society services.
The data subject may not initiate the deletion of data if data processing is necessary:
– for the purpose of exercising the right to freedom of expression and information;
– for compliance with an obligation to process personal data under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
– on the basis of public interest in the field of public health;
– for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes, where erasure of the data would likely render impossible or seriously jeopardise such processing; or
– to assert, enforce or defend legal claims.
In the event of a deletion request (withdrawal of data processing consent), the data processed by the operator cannot be processed from the date of receipt of the request.
In the case of a request to be forgotten, the operator is obliged to delete from the system all contacts, profiles and automated decisions involving data lawfully processed prior to receipt of the request.
Right to restriction of data processing: If one of the following conditions is met, the data controller will restrict data processing at the request of the data subject instead of erasure:
– the data subject disputes the accuracy of the personal data, in which case the restriction shall apply for a period of time enabling the controller to verify the accuracy of the personal data;
– the data processing is unlawful and the data subject opposes the deletion of the data and instead requests the restriction of their use;
– the controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or
– the data subject has objected to the processing; in this case, the restriction shall apply for the period until it is determined whether the legitimate grounds of the data controller override those of the data subject.
In the event of restriction of data processing, the data controller may only store personal data and process them with the consent of the data subject, or for the establishment, exercise or defence of a legal interest, or for the protection of the rights of another natural or legal person, or for important public interest reasons of the Union or a Member State.
Right to object: The data subject has the right to object at any time, on grounds relating to his or her particular situation, to processing of personal data concerning him or her, which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or which is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling.
The data subject has the right to object to the processing of personal data concerning him or her at any time, even if personal data is processed for direct marketing purposes.
In this case, the data controller may no longer process the personal data unless the data controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Right to withdrawal: The data subject has the right to withdraw his/her consent at any time. Withdrawal of consent does not affect the lawfulness of data processing based on consent prior to withdrawal.
The controller shall inform the data subject without undue delay, and in any event not later than one month from the date of receipt of the request, of the action taken in response to the request pursuant to Articles 15 to 22 of the GDPR. Where necessary, taking into account the complexity of the request and the number of requests, this period may be extended by a further two months. The controller shall inform the data subject of the extension of the period within one month from the date of receipt of the request, stating the reasons for the delay. If the data subject has submitted the request electronically, the information shall be provided electronically, where possible, unless the data subject otherwise requests.
If the controller does not take action on the data subject’s request, it shall inform the data subject without delay, but no later than one month from the receipt of the request, of the reasons for the failure to take action and of the fact that the data subject may lodge a complaint with a supervisory authority and exercise his or her right to a judicial remedy.
The controller shall provide the requested information and action free of charge. If the data subject’s request is manifestly unfounded or, in particular due to its repetitive nature, excessive, the controller may charge a reasonable fee, taking into account the administrative costs of providing the requested information or taking the requested action, or may refuse to take action on the request.
The controller shall inform any recipient to whom the personal data have been disclosed of any rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. Upon request, the controller shall inform the data subject of these recipients.
Data subjects may contact our company if their rights are violated, and we are available at the contact details indicated in point 1. Data subjects may also seek legal redress from a court or the National Data Protection and Freedom of Information Authority. The adjudication of data protection lawsuits falls within the jurisdiction of the court; the lawsuit may also be initiated before the court of the data subject’s place of residence or residence, at the choice of the data subject.
You can contact the National Data Protection and Freedom of Information Authority with a complaint regarding data processing, whose contact details are:
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Mailing address: 1530 Budapest, P.O. Box: 5.
Phone number: +36 (1) 391-1400
Fax number: +36 (1) 391-1410
Website: https://www.naih.hu
E-mail: ugyfelszolgalat@naih.hu
The Data Controller does not use automated decision-making or profiling.
The data controller ensures the security of personal data, takes technical and organizational measures and develops procedural rules that ensure that the personal data recorded, stored and processed are protected, and prevents their destruction, unauthorized use and unauthorized alteration.
In order to protect data files managed electronically in various registers, the data controller ensures with appropriate technical solutions that the data stored in the registers cannot be directly linked to the data subject, unless permitted by law.
The company takes the necessary measures to protect paper-based records, especially with regard to unauthorized access and fire protection.
The data controller selects the IT tools it uses in such a way that the processed data is accessible to authorized persons, its authenticity is ensured, its immutability can be verified, and it is protected against unauthorized access.
The data controller, within the scope of its tasks related to IT security, ensures in particular:
– measures to ensure protection against unauthorized access (protection of software and hardware devices),
– measures to ensure the possibility of restoring data files (regular backups and separate, secure management of copies),
– protection of data files against viruses (virus protection),
– the physical protection of data files and the devices carrying them (archiving, fire protection).
The data controller’s IT system and network are protected against computer-aided fraud, espionage, sabotage, vandalism, fire and flood, as well as computer viruses, computer intrusions and denial-of-service attacks. The data controller ensures security with server-level and application-level protection procedures.
Electronic messages transmitted over the Internet, regardless of the protocol (e-mail, web, ftp, etc.), are vulnerable to network threats that may lead to dishonest activity or to the disclosure or modification of information. To protect against such threats, the data controller takes all reasonable precautions. The systems are monitored in order to record any security deviations and provide evidence for any security incidents. However, the Internet is known to be not 100% secure, as is also known to the data subjects. The data controller is not liable for any damage caused by unavoidable attacks that occur despite the utmost care.
When developing this information, the data controller took into account the relevant applicable laws and important international recommendations, with particular regard to the following:
– Act CXII of 2011 on the right to informational self-determination and freedom of information,
– Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC,
– Act VI of 1998 on the promulgation of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, signed in Strasbourg on 28 January 1981;
– Act V of 2013 on the Civil Code,
– Act XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activities,
– Act CVIII of 2001 on certain issues of electronic commerce services and services related to the information society,
– Act C of 2000 on Accounting,
– Act CLV of 1997 on Consumer Protection,
– the recommendations, positions and data protection practices of the Data Protection Commissioner.
The data controller is entitled to amend this information at any time by notifying the data subjects in due time. This data protection and data management information comes into force on the day of its publication on the website – i.e. on October 30, 2019. This information is valid until its withdrawal.