A kosara még üres!
1. General Provisions
2. Personal Data Process
2.1. Principles and Legal Basis of Data Processing
2.2. Data of the Seller and the Persons Granted Access to the Data
2.3. Length of Processing Data
2.4. Purpose of the Use
2.5. Details of Data
2.6. Data Security
2.7. Transfer of Data
3. Rights of the Data Subject, Law Enforcement
3.1. Requirement of Preliminary Information of the Data Subject
3.2. The Seller’s Obligation to Disclose Data
3.3. Rights of the Data Subject
3.4. Rectification, Blocking and Erasure of Processed Data
3.5. The Data Subject’s Right to Object
3.6. The Right to Remedy, Judicial Remedy,
3.7. Compensation in Case of Injury
4. Further Requirements Concerning Data Protection and Data Safety
The subjects of the present Data Protection Information (hereinafter referred to as ‘Information’) ofwebshop Webshop (hereinafter referred to as ‘Webshop’) are those natural person customers [hereinafter referred to as Provider(s)] who provide personal data through the use of the website.
The Information is not applicable to any other websites accessible through the Webshop.
The operator ofwebshop (hereinafter referred to as ‘Seller’ or ‘Data Controller’) complies with current legal policy information as data controller, and is responsible for all data concerning data processes – through its activity – being in compliance with the provisions set out in the Information.
According to the provisions of the Information, the Seller handles the data of the Providers confidentially.
The Provider shall propose the rectification, blocking and erasure of the processed data
a) Via e-mail by clicking on ‘Contact’ menu point and selecting ‘Sending a message’. Or by contacting info@webshop
b) Via regular post, on the address indicated in 2.2.
Present Information is permanently accessible at http://www.webshop In case of any question concerning the Information’s content please use the ‘Contact’ menu point and your question will be answered by the Seller as soon as possible.
The Seller has the right to modify the provisions of the Information anytime and notifies the Customers about the changes on its website within an adequate timeframe.
The present Information is an intellectual property entirely belonging to the Seller thus any forms of its use requires the written consent of the Seller.
In the following paragraphs the Seller is presenting its principles of the processing of data and the requirements that previously had been set out by himself as Data Controller and which he obeys.
The legal bases of the Information:
a) Act CXII of 2011 on Informational Self-determination and Freedom of Information (hereinafter referred to as Info Act) which is in line with European Parliament and Council Directive 95/46/EC of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data
b) Act CVIII of 2001 on certain issues of electronic commerce services and information society services (hereinafter referred to as. Elcor Act) which is in line with European Parliament and Council Directive 2000/31/EC on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market
c) Government Decree 45/2014 (II.26) which is in line with European Parliament and Council Directive 2011/83/EC on consumer rights
d) Act C of 2000 on Accountancy.
Through the maintenance of present Information terms defined hereunder shall have the following meaning:
a) ‘Data subject’ shall mean any natural person directly or indirectly identifiable by reference to specific personal data
b) ‘Personal data’ shall mean data relating to the data subject, in particular by reference to the name and identification number of the data subject or one or more factors specific to his physical, physiological, mental, economic, cultural or social identity as well as conclusions drawn from the data in regard to the data subject
c) ‘Special data’ shall mean:
a) personal data revealing racial origin or nationality, political opinions and any affiliation with political parties, religious or philosophical beliefs or trade-union membership, and personal data concerning sex life
b) Personal data concerning health, pathological addictions, or criminal record
d) ‘Data of public interest’ shall mean information or data other than personal data, registered in any mode or form, controlled by the body or individual performing state or local government responsibilities, as well as other public tasks defined by legislation, concerning their activities or generated in the course of performing their public tasks, irrespective of the method or format in which it is recorded, its single or collective nature; in particular data concerning the scope of authority, competence, organisational structure, professional activities and the evaluation of such activities covering various aspects thereof, the type of data held and the regulations governing operations, as well as data concerning financial management and concluded contracts;
e) ‘Data public on grounds of public interest’ shall mean any data, other than public information, that are prescribed by law to be published, made available or otherwise disclosed for the benefit of the general public
f) ‘The data subject’s consent’ shall mean any freely and expressly given specific and informed indication of the will of the data subject by which he signifies his agreement to personal data relating to him being processed fully or to the extent of specific operations
g) ‘The data subject’s objection’ shall mean a declaration made by the data subject objecting to the processing of their personal data and requesting the termination of data processing, as well as the deletion of the data processed
h) ‘Controller’ shall mean natural or legal person, or organisation without legal personality which alone or jointly with others determines the purposes and means of the processing of data; makes and executes decisions concerning data processing (including the means used) or have it executed by a data processor
i) ‘Data’ processing’ shall mean any operation or the totality of operations performed on the data, irrespective of the procedure applied; in particular, collecting, recording, registering, classifying, storing, modifying, using, querying, transferring, disclosing, synchronizing or connecting, blocking, deleting and destructing the data, as well as preventing their further use, taking photos, making audio or visual recordings, as well as registering physical characteristics suitable for personal identification (such as fingerprints or palm prints, DNA samples, iris scans)
j) ‘Data transfer’ shall mean ensuring access to the data for a third party
k) ‘Disclosure’ shall mean ensuring open access to the data
l) ‘Data deletion’ shall mean making data unrecognizable in a way that it can never again be restored
m) ‘Tagging data’ shall mean marking data with a special ID tag to differentiate it
n) ‘Blocking of data’ shall mean marking data with a special ID tag to indefinitely or definitely restrict its further processing
o) ‘Data destruction’ shall mean complete physical destruction of the data carrier recording the data
p) ‘Data process’ shall mean performing technical tasks in connection with data processing operations, irrespective of the method and means used for executing the operations, as well as the place of execution, provided that the technical task is performed on the data
q) ‘Data processor’ shall mean any natural or legal person or organisation without legal personality processing the data on the grounds of a contract, including contracts concluded pursuant to legislative provisions
r) ‘Data set’ shall mean all data processed in a single file
s) ‘Third party’ any natural or legal person, or organisation without legal personality other than the data subject, the data controller or the data processor
t) 'Information' shall mean any data, signals and images that can be processed, stored and transmitted by way of electronic means, irrespective of whether they are under copyright protection or not
u) 'Electronic commercial service’ shall mean any information society service provided in the form of business operations where the purpose is to encourage the sale, purchase or exchange of and access by other means to any goods of a fungible nature that are capable of being delivered, including money and securities and natural resources that can be utilized as capital goods, also including services, immovable property and rights (hereinafter referred to as “goods”);
v) ’By electronic means’ means that the service is sent and received at its destination by means of electronic equipment for the processing (including digital compression) and storage of data, and entirely transmitted, conveyed and received by wire, by radio, by optical means or by any electromagnetic means
w) 'Information society service' shall mean services provided electronically - normally for financial consideration - at a distance and at the individual request of the recipient of the services;
x) ’Seller’: shall mean any natural or legal person, or business association lacking the legal status of a legal person providing an information society service;
y) ‘Intermediary seller’: shall mean a provider of information society services engaged in the transmission of information supplied by the recipient of the service through a telecommunications network
Principles of Data Processing
Personal data may be processed only for specified and explicit purposes, where it is necessary for the exercising of certain rights and fulfillment of obligations. The personal data processed must be essential for the purpose for which it was recorded, and it must be suitable to achieve that purpose.
The purpose of processing must be satisfied in all stages of data processing operations; recording of personal data shall be done under the principle of lawfulness and fairness.
The purpose of processing must be satisfied in all stages of data processing operations; recording of personal data shall be done under the principle of lawfulness and fairness (authenticity of data processing). Furthermore, the processed personal data must be accurate, complete, and – if deemed necessary in the light of the aim of processing – up-to-date. The form of storage shall be kept in a way to permit identification of the data subject for no longer than it is necessary for the purposes which the data had been recorded for (integrity of data).
Customer data is handled with confidentiality according to Present Data Protection Information and shall only be used within the sphere of the Seller’s competence. Data processed by the Seller shall only be transferred to authorities when it is prescribed by law.
Legal Basis of Data Processing
Personal data may be processed when the data subject has given his consent.
Personal data may also be processed if obtaining the data subject’s consent is impossible or it would give rise to disproportionate costs, and the processing of personal data is necessary for compliance with a legal obligation pertaining to the data controller; or for the purposes of the legitimate interests pursued by the controller or by a third party, and enforcing these interests is considered proportionate to the limitation of the right for the protection of personal data.
Special data are not processed by the Seller!
The Seller shall be authorized to process data relating to the use of its services for reasons other than what is set out - such as in particular for improving its efficiency for providing the service, for the transmission of electronic communications or other targeted content to the recipient of the service, or for market research -, only if the reason for processing is indicated in advance and subject to the prior consent of the recipient of the service.
The statement of consent of minors over the age of sixteen shall be considered valid without the permission or subsequent approval of their legal representative.
Where processing under consent is necessary for the performance of a contract with the controller in writing, the contract shall contain all information that is to be made available to the data subject in connection with the processing of personal data, such as the description of the data involved, the duration of the proposed processing operation, the purpose of processing, the transmission of data, the recipients and the use of a data processor. The contract must clearly indicate the data subject’s signature and explicit consent for having his data processed as stipulated in the contract.
Where personal data is recorded under the data subject’s consent, the Controller shall – unless otherwise provided for by law – be able to process the data recorded where this is necessary for compliance with a legal obligation pertaining to the controller; or for the purposes of legitimate interests pursued by the Controller or by a third party (if enforcing these interests is considered proportionate to the limitation of the right for the protection of personal data) without the data subject’s further consent, or after the data subject having withdrawn his consent.
Name: Fakopáncs '92 Industrial and Commercial Limited Liability Company
Trade Register Number: 01-09-260626
Tax identification number: 10804733-2-42
Representative: István Szabó
Registered office: Baross str 46, Budapest Hungary H-1085
Telephone:+36 (1) 337 0992
Fax: +36 (1) 337 8448
Address: Baross str 46, Budapest Hungary H-1085
Bank account number: 11613008-01309400-13000005
Bank account managed at: Erste Bank
Scope of activity: TEÁOR 52.61.03- parcel service retail
Data Protection Supervisor Office registration number: 01994-0001
The following entities shall have access to data for the extent necessary to their scope:
Seller shall install equipment for the provision of information society services - and operate under all circumstances - with facilities to ensure that the processing of personal data takes place only when it is absolutely necessary for providing the services and to meet the objectives of processing data; however, under no circumstances may they exceed the extent required in terms of time and volume.
Personal data provided by Customers when requesting service shall be used for executing services and shall not be transferred to third parties unless prescribed by law or it is necessary in order to complete Customer’s requests.
The Seller shall be authorized to process the personal identification data and home address of the Providers as required for contracts for information society services, for defining their contents, for subsequent amendments and for monitoring performance of these contracts, for invoicing the relevant fees, and for enforcing the claims arising out of or in connection with such contracts.
The Seller shall be authorized to process personal identification data and home address for the purposes of invoicing for the fees payable under the contracts for the provision of information society services to the extent related to the use of information society services, and information relating to the date, the duration and the place of using the service.
Moreover for the purposes of the service the Seller shall process personal data to the extent absolutely necessary for technical reasons.
a) Navigation Data
Computer systems and software procedures connected to the website’s operation and ordinary operation acquires a certain amount of personal data, which is forwarded in line with internet communication protocols.
This data category includes IP addresses of information technology devices (PCs, mobile phones etc.) which are used by Customers when connecting to the Webshop, URL addresses, the type of browser and other characteristics (for example data regarding the protocol in use) in connection with the Customer’s computer environment.
The purpose of the afore mentioned information is anonymous statistical data collection about the Webshop’s use and control over the adequate operation, and are not connected to the Customer’s identity.
The process of data is necessary in order to make the providing of service possible and improve the service as set out in the contract.
Publication of the processed data does not include personal data.
b) Visitor Identification (cookie)
Anonymous visitor identification (cookie) is an individual information identifying or storing profile information which is placed in the visitor’s computer or other information technology device by the Webshop’s program, and varies according to security settings. It is important to note that this information itself cannot detect the Customer due to the lack of storing of IP addresses: it is only capable of recognizing former Customers’ computers, clarifying statistical data, or for Customers’ convenience (storing uncompleted purchases in order to allow for the possibility of continuing an order).
Cookies make personal information notifications possible for applications.
Most browsers enable cookies. However the Customer is able to set his browser to refuse all cookies or to get a notification about accepting cookies. Certain features may not work on the website if cookies are blocked.
Cookies are not used by the Seller to forward personal data.
c) Data Provided Voluntarily
The Customer gives his consent to the processing of his data so that the Seller can answer his question(s) and/or complete his order.
By providing data the Customer agrees to his data being processed in compliance with the present Information, and it being stored at the registered office of the Seller, as well as on the on the contracted party’s server when creating a backup copy.
d) Optional Data Retrieval
In addition to the navigational data, it may be necessary for the Customer to provide personal data when requesting services offered by the Seller (for example asking for information, price-offers, registering for services etc.). Otherwise it may not be possible to receive the service asked for.
When the Customer is providing his e-mail address to the Seller, he will only receive data which he previously requested or subscribed to.
Newsletters are only sent to those who had previously subscribed via the webpage, e-mail or had given their written consent.
The Seller shall keep a record of the consented personal data. Data from this record regarding the recipient of the advertisement shall be processed as set out in the written consent and until the withdrawal of the consent; shall only be forwarded to third parties if previously agreed by the person concerned.
Newsletters and other advertisements contain the possibility of unsubscribing.
Recipients of newsletters or advertisements are able to ask via e-mail or regular post to block such content without being obligated to give a reason.
g) Information and Data Regarding Sections from a) to e)
The administrator of the website is Zoltán Kőrösi, who is self-employed (his operational data is available at www.webnpro.hu). He has unlimited access to the stored and processed data of the Webshop’s software strictly for as long as he is operating the website, programming or providing service. During his work he prevents unauthorized entry and access to data.
In the case of registered Customers:
Data process aim: The Seller processes and – if needed – transfers data to enforce claims as set out in contracts and other statements, in order to deliver the service. The Seller – for restoration purposes – shall backup the data of the Webshop in a separate place.
The legal basis of processing data: The Provider’s consent and 13/A. § (1), (2) of the Elcor Act.
Set of data:
With regards to the Customer: Name/Name of the company, Citizenship, Tax identification number /Trade register number, Permanent address/Headquarters, Delivery address, Telephone, E-mail, Customer card number, Customer group.
With regards to the invoice payer: Name/Name of the company, Place and date of birth, Identity card number, Tax identification number /Trade register number, Permanent address/Headquarter, Invoice address, Telephone, Transaction mode, Date of request.
Period of data processing: Enforcement of claims as laid down in the contract or in other statements, such as the purposes of data process as long as the limitation period lasts, in connection with the fulfillment of the service. Beyond the deadline mentioned here in case of legal claims connected to the service, period of data process may last until the final decision of the procedure.
Transfer of data: depending on the order.
To DPD delivery service: Recipient’s name, delivery address, telephone.
To Erste Bank: number of order, sum total of order.
For the purposes of backing up data by Webshop: The Mediacenter’s servers (operational data available at www.mediacenter.hu)
In relation to the Seller’s invoices:
Data process purpose: Data necessary for accounting for documents set out by the Act on Accountancy and processed with the help of the Seller’s own maintenance software are processed by the Seller in order to carry out the service.
Legal basis of data process: the consent of the Customer and 13/A. § (1), (2) of the ElcorAct, and Chapter IX. of Act on Accountancy.
Set of data: Name/Name of the company, Tax identification number /Trade register number, Address indicated in the invoice, Postal address, Telephone, Transaction mode, Date of contract (purchase), Date of contractual performance, data of product(s) ordered, customer discount(s), order number.
Period of data processing: The fact of contractual performance and until the end of the 8th year starting from the end of the contract (paragraph 169 of the Act on Accountancy).
Transfer of data: The back-ups of the Webshop for storage purposes on the servers of Mediacenter (operational data available at www.mediacenter.hu).
Regarding the Webshop’s customer card holders:
Data processing purpose: the operation of customer loyalty program, the evaluation of the habits of customers for the improvement of meeting their needs, more effective notification method for informing the regular customers about the possibilities.
Legal basis of data process: the consent of the Customer and 13/A. § (4) and 14/A §. (1) c) of Elcor Act.
Set of data: Name, E-mail, Address, Date of filling out the registration form, Customer Card number, Shopping data.
Period of data process: between and 90 days starting from the filling out of the loyalty customer registration form; in electronic form: until the withdrawal of the Customer Card.
With regards to the users of the Webshop’s Contact feature:
Purpose of data process: In relation to the Customer to getting in contact and in relation to the Seller to keep the contact.
Legal basis of the data process: Customer’s consent.
Set of data: Name, E-mail, Date of establishing contact, Subject, Text, other data provided by the Customer.
Period of data process: Indefinite, or until the Customer requests for deletion.
With regard to the visitors of the Webshop:
Purpose of data process: Securing technical support in relation to the service, improving services set out in the contract in regard to the service, preventing misuse and monitoring the operation of the service.
Legal basis of data process: the consent of the visitor and 13/A. § (3) of the Elcor Act.
Set of data: IP address of the customer’s computer and data concerning the operational system and the browser, the time of visit, the address of the website, the address of the previous website visited, information concerning connection status.
Period of data process: Indefinite or until request for deletion.
With regards to users of the newsletter feature:
Purpose of data process: Improving the service provided by the Seller.
Legal basis of data process: the consent of the visitor and 13/A. § (4) of the Elcor Act.
Set of data: Name, E-mail, IP address of the customer’s computer, consent statement.
Period of data process: Indefinite or until request for deletion.
Controller shall make arrangements for and carry out data processing operations in a way so as to ensure full respect for the right to privacy of data subjects in due compliance with the provisions of Info Act and other regulations on data protection.
Controller, and within their sphere of competence, data processors must implement adequate safeguards and appropriate technical and organizational measures to protect personal data, as well as adequate procedural rules to enforce the provisions of Info Act and other regulations concerning confidentiality and security of data processing.
Controller assures that persons authorized can have access to data (availability), verification and authorization of data is granted (authenticity of data process), the consistency can be checked (integrity of data), and that data is safe from unauthorized entries.
Data are be protected by the Seller by means of suitable measures against unauthorized access, alteration, transmission, public disclosure, deletion or destruction, as well as damage and accidental loss, and to ensure that stored data cannot be corrupted and rendered inaccessible due to any changes in or modification of the applied technique.
For the protection of data sets stored in different electronic filing systems, suitable technical solutions shall be introduced to prevent the interconnection of data stored in these filing systems and the identification of the data subjects, Customers.
Through the data process, the Seller provides anonymity (so that only those who are entitled to do so can get access to data), availability (giving the possibility by the Seller to the Customers to have access to requested data), and integrity (protecting the accuracy, the completeness of data, and the method of data process).
The Seller does not use general, or standard, or unlimitedly usable identifications signs.
Upon request by a court, prosecutor’s office, investigating authority, administrational authority, tax authority, the Hungarian National Authority for Data Protection and Freedom of Information, personal data shall be transferred to the authorities. This shall only occur in compliance with the law, and with setting out the aim and the scope of the requested data.
The Seller shall disclose personal data essential for the purpose of the request.
Prior to data processing being initiated the data subject shall be informed that his consent is required.
Before processing operations are carried out the data subject shall be clearly and elaborately informed of all aspects concerning the processing of his personal data, such as the purpose for which his data is required and the legal basis, the person entitled to control the data and to carry out the processing, the duration of the proposed processing operation, and the persons to whom his data may be disclosed. Information shall also be provided on the data subject’s rights and remedies.
The Seller as service provider shall render easily, directly and permanently accessible at least the following data and information by way of electronic means in connection with information society service (prescribed by Elcor Act Paragraph 4):
a) The name of the service provider;
b) The registered office or permanent establishment, or failing this, the home address of the service provider;
c) The details of the service provider, including his electronic mail address, which allow him to be contacted by recipients of the service rapidly and communicated with in a direct and effective manner;
d) The registration number of the service provider;
e) If the service provider is liable to pay value added tax, the relevant tax number;
The following information shall be given by the Seller as service provider clearly and unambiguously and prior to the order being placed by the recipient of the service:
a) The different technical steps to follow to conclude the contract by way of electronic means;
b) Whether or not the concluded contract is considered made in writing, whether or not it will be filed by the service provider and whether it will be accessible;
c) The technical means for identifying and correcting input errors prior to the placing of the order;
d) The languages offered for the conclusion of the contract;
e) The relevant codes of conduct - relating to the service activities in question - to which he subscribes in connection with the services in question and information on how those codes can be consulted by way of electronic means.
These information are available under ‘General Terms of Service’ in the Webshop.
The data subject may request from the Seller information on his personal data being processed, the rectification of his personal data, and the erasure or blocking of his personal data, save where processing is rendered mandatory.
Upon the data subject’s request the Controller shall provide information concerning the data relating to him, including those processed by a data processor on its behalf or according to his notice, the sources from where they were obtained, the purpose, grounds and duration of processing, the name and address of the data processor and on its activities relating to data processing, and - if the personal data of the data subject is made available to others - the legal basis and the recipients.
Data Controller must comply with requests for information without any delay, and provide the information requested in an intelligible form, in writing at the data subject’s request, within not more than 25 days. The information shall be provided free of charge, if the requesting party has not sent previously such a request to the Controller during the year, with regards to the same category of data.
Concerning other category of data, information may be subject to a charge. The amount of such charge may be fixed in an agreement between the parties. Where any payment is made in connection with data that was processed unlawfully, or the request led to rectification, it shall be refunded.
The Controller may refuse to provide information to the Data Subject in the cases defined in the Info Act.
Should a request for information be denied, the data controller shall inform the data subject in writing as to the provisions of the prescribed law serving grounds for refusal.
The rights of data subjects may be restricted by law: in order to safeguard the external and internal security of the State (such as defence, national security, the prevention and prosecution of criminal offences, the safety of penal institutions), to protect the economic and financial interests of central and local government, safeguard the important economic and financial interests of the European Union, guard against disciplinary and ethical breaches in regulated professions, prevent and detect breaches of obligation related to labour law and occupational safety - including in all cases control and supervision - and to protect Data Subjects or the rights and freedoms of others.
Where information is refused, the Data Controller shall inform the Data Subject of the possibilities for seeking judicial remedy or lodging a complaint with the National Authority for Data Protection and Freedom of Information.
Data controllers shall notify the Authority of refused requests once a year, by 31 January of the following year.
The Seller rectifies the personal data that is deemed inaccurate, and when the accurate data is available to the Data Controller.
Personal data shall be erased if processed unlawfully, or if requested by the Data Subject, or is incomplete or inaccurate (and it cannot be lawfully rectified) provided that erasure is allowed in accordance by a statutory provision of an act; if the purpose of processing no longer exists, or the legal time limit for storage has expired, if so ordered by court or by the Authority.
Personal data shall be blocked instead of erased if requested by the Data Subject, or if - in light of the available information – it violates his legitimate interests. Blocked data shall only be processed if the data process’ aim – which made the erasure impossible – exists.
If the accuracy of an item of personal data is contested by the Data Subject and its accuracy or inaccuracy cannot be ascertained beyond doubt, the Data Controller shall mark that personal data for the purpose of referencing.
When a data is rectified, blocked, marked or erased, the Data Subject and all recipients to whom it was transmitted for processing shall be notified. Notification is not required if it does not violate the rightful interest of the Data Subject in light of the purpose of processing.
If the Data Controller refuses to comply with the Data Subject’s request for rectification, blocking or erasure, the factual or legal reasons on which the decision for refusing the request for rectification, blocking or erasure is based shall be communicated in writing within 25 days of receipt of the request.
Where rectification, blocking or erasure is refused, the Data Controller shall inform the Data Subject of the possibilities for seeking judicial remedy or lodging a complaint with the Authority.
The Data Subject shall have the right to object to the processing of data relating to him if processing or disclosure is carried out solely for the purpose of discharging the Seller’s legal obligation or for enforcing the rights and legitimate interests of the Seller, the recipient or a third party, unless processing is mandatory; furthermore if personal data is used or disclosed for the purposes of direct marketing, public opinion polling or scientific research.
In the event of objection, the Controller shall investigate the cause of objection within the shortest possible time inside a fifteen-day time period, adopt a decision as to merits and shall notify the Data Subject in writing of its decision.
If, according to the findings of the Seller, the Data Subject’s objection is justified, the controller shall terminate all processing operations (including data collection and transmission), block the data involved and notify all recipients to whom any of these data had previously been transferred concerning the objection and the ensuing measures, upon which these recipients shall also take measures regarding the enforcement of the objection.
If the Data Subject disagrees with the decision taken by the Controller or if the Controller fails to meet the deadline, the Data Subject shall have the right to turn to court specified in the Info Act within thirty days of the date of delivery of the decision or from the last day of the time limit.
Data Subject’s Right to Remedy:
a) Data Subjects can initiate an investigation and seek a remedy at the Hungarian National Authority for Data Protection and Freedom of Information (hereinafter referred to as Authority).
In case of denial of his request for rectification, blocking or erasure, the Data Subject shall have the right to notify the Authority and request an investigation alleging an infringement relating to his personal data or if there is imminent danger of such infringement.
Having submitted a notification to the Authority may not entail any discrimination against the notifier. The Authority may reveal the person of the notifier only if the inquiry cannot be carried out otherwise. If so requested by the notifier, the Authority may not disclose his identity even if the inquiry cannot be carried out otherwise. The notifier must be informed by the Authority of this circumstance.
The Authority shall carry out the investigation free of charge; the costs thereof shall be advanced and borne by the Authority.
The Authority may refuse the notification without examination thereof as to merits if the infringement alleged in the notification is considered minor, or the notification is anonymous.
The Authority shall refuse the notification without examination thereof as to merits if court proceedings are in progress, or a final court ruling has previously been rendered concerning the case in question; the notifier maintains his request for not having his identity disclosed despite the information provided by the Authority; the notification is manifestly unfounded; the notification has been re-submitted and it contains no new facts or information as to merits
The Hungarian National Authority for Data Protection and Freedom of Information is located in H-1125 Budapest, Szilágyi Erzsébet fasor 22/C.
b) Judicial Remedy
In the event of any infringement of his rights, the Data Subject may turn to court action against the Controller. The court shall hear such cases in priority proceedings.
The burden of proof to show compliance with the law lies with the Seller.
Actions fall within the jurisdiction of the county courts, in case of Budapest, the Budapest Court (hereinafter referred to as county court). The action may be brought before the county court within the jurisdiction of the Data Subject’s home address or temporary residence.
When the court’s decision is in favor of the plaintiff, the court shall order the Seller to provide the information, to rectify, block or erase the data in question, to annul the decision adopted by means of automated data-processing systems, to respect the Data Subject’s objection.
The Seller shall be liable for any damage caused to the Data Subject as a result of unlawful processing or by any breach of data security requirements.
The Seller shall be liable for any damage caused to a data subject as a result of unlawful processing or by any breach of data security requirements and shall pay compensation.
The Seller shall be liable for any damage caused by the data processor – acting on his behalf – to the Data Subject, and the Seller shall pay compensation to the damaged party in the case of a violation of his right to privacy. The Seller may be exempted from liability and obligations to pay compensation if he proves that the damage or violation of the aggrieved party’s privacy was caused by reasons beyond his control.
No compensation shall be paid if the damage or unlawful act concerning ones right to privacy is caused intentionally or through grave negligence by the aggrieved party himself.
The Seller, his employees, contractors, and agents shall act in confidentiality and in compliance with present Information.
Processed data by the Seller shall be open to third parties only with the previous written consent of the data subject, except when the data in question has to be disclosed as prescribed by law.
Data Subjects’ rights against unauthorized access, alteration, disclosing, deletion, damage, and destruction are protected by the Seller.
The Data Subject shall act with due diligence when using personal data so as not to enable misuse, especially in the choosing of passwords and log-in information for using the Seller’s services.
The Seller is not liable for the misuse of personal data included in present Information when the misuse or damage is caused intentionally, or through grave negligence by the Data Subject himself, and the Seller has complied with the present Information.