Privacy policy
Privacy
Policy
INTRODUCTION
Wellis Hungary Trade and Service Ltd. (seated at: 1118 Budapest, Budaörsi út 31 / C, Company Registration Number: 10-10-048882, Tax Number: 25584864-2-43) (hereinafter referred to as ” Data Controller, Data Processor”) hereby agrees to the present Policy.
Pursuant to REGULATION No. 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 (General Data Protection Regulation), we hereby provide the following information.
The present Privacy Policy shall govern the data management of the following websites:
wellisparts.com
spacoverseurope.com
accounts.wellis.com
and their sub-domains.
The present Privacy Policy may be accessed by visiting the following website:
www.wellis.hu/adatvedelmi_iranyelvek
wellisparts.com/privacy
spacoverseurope.com/privacy
accounts.wellis.com/privacy
Amendments to the present Policy shall become effective upon their publication at the aforementioned website.
Data Processing Registration Number: NAIH-129604/2017.
DATA CONTROLLER AND CONTACT INFORMATION
Name: Wellis Hungary Trade and Service Ltd.
Central Office: 2371 Dabas, Mánteleki út 0417 hrsz.
E-mail: info@wellis.hu
Telephone: 06 29 564 380
DEFINITION OF TERMS
Personal Data:
Any and all data related to an identified or identifiable natural person (“Data Subject”); a natural person may be identified, directly or indirectly, with special regards to one or more identifiers such as his/her name, number, location data, online identifier or identifiers related to the physical, physiological, genetic, intellectual, economic, cultural or social identity of a natural person;
Data Processing:
Any and all operations or sum of operations performed in an automated or non-automated way regarding personal data or data files, such as their collection, gathering, systemization, partition, storage, transformation or modification, query, inspection, use, communication, distribution or other forms of their publication, alignment or interconnection, restriction, deletion or destruction;
Data Controller:
A natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data on its own or jointly with other entities; should the purposes and means of data processing be defined under EU law or national law of a member country, the data controller or the specific aspects regarding the designation of the data controller may also be defined under EU law or national law of a member country;
Data Processor:
A natural or legal person, public authority, agency, or any other body that processes personal data on behalf of the Data Controller; 5. “Recipient”: a natural or legal person, public authority, agency or any other body to which the personal data is disclosed, regardless of whether or not they are third parties. Public authorities with access to personal data under an individual assessment in accordance with the relevant provisions of EU law or national law shall not be considered recipients; the processing of such data by these public authorities shall be in compliance with the applicable data protection rules according to the purposes of data processing;
Consent of Data Subject:
A voluntary, explicit, and unambiguous declaration of the Data Subject’s will, based on adequate informing by expressing his consent to the processing of personal data that he is the subject of in a way that stipulates such pertinent declaration or consent without reasonable doubt;
Personal Data Breach:
Any damage to security resulting in accidental or unlawful destruction, loss, alteration, disclosure or unauthorized access to personal data transmitted, stored, or otherwise processed.
PRINCIPLES OF PERSONAL DATA PROCESSING
Any and all personal data:
- shall be processed lawfully and fairly in a way that is transparent to the Data Subject (“lawfulness, fairness and transparency”);
- shall be collected following a specified, unambiguous, and legitimate purpose and shall not be processed in a way incompatible with these purposes; pursuant to Article 89, Section (1), further data processing for purposes of public archiving, scientific, and historical research purposes or statistical purposes (“purpose limitation”) shall not be considered incompatible with the original purpose;
- shall be appropriate and relevant to the purposes of data processing while being limited to the data necessary (“data minimisation”);
- shall be accurate and up-to-date, if necessary; any and all reasonable measures shall be taken for the immediate deletion or correction of inaccurate personal data for the purposes of data processing (“data accuracy”);
- shall be stored in a way that enables the identification of the Data Subjects only for the time needed to achieve the purposes of personal data processing. Any storage of personal data for an extended period of time may only take place, should the personal data be processed for purposes of public archiving, scientific and historical research purposes, or statistical purposes as stipulated under Article 89, Section 1, considering the rights and freedoms of Data Subjects and their protection and subject to the implementation of appropriate technical and organizational measures (“storage limitation”);
- shall be managed in a way that ensures adequate security of personal data, including the protection against unauthorized or unlawful use, unintentional loss, destruction, or corruption of data by the implementation of appropriate technical or organizational measures (“integrity and confidentiality”).
The Controller shall be responsible to ensure compliance with the aforementioned, as well as to demonstrate such compliance (“accountability”).
DATA PROCESSING, MESSAGE SENDING, CONNECTION ESTABLISHMENT
- Nature of data collection, scope and purpose of data processed:
Personal data | Purpose of Data Processing |
Name, E-mail Address, Telephone. | Contact options, identification, creation of statistics. |
Time of message sent | Performance of a technical measure. |
IP address at the time of message sent | Performance of a technical measure. |
- Data Subjects: Any and all subjects of messages sent/inquiring through the website.
- Data processing duration, deadline of data deletion: The data processing is performed until the matter has been resolved.
- Identity of potential data controllers authorized to gain access to personal data: Personal data may be handled by the data controller in compliance with the aforementioned principles.
- Description of rights of Data Subjects regarding the data processing:
- The Data Subject may request access to personal data related to him/her as well as their correction, deletion, or limitation from the data controller.
- The Data Subject may object to the processing of such personal data.
- The Data Subject has the right to data transferring and to withdraw his/her contribution at any time.
- You may initiate the deletion or modification of your personal data in the following ways:
- By post to 2371 Dabas, Mánteleki út 0417 hrsz.
- Via e-mail at the e-mail address adattorles@wellis.hu.
- Legal basis for data processing: the consent of the Data Subject pursuant to Article 6, Section (1) subsection (a) of the Information Act 5. Section (1)
- We hereby inform You that
- the data processing shall be based on Your consent.
- You are required to provide personal data in order for us to be able to respond to the message
- failure to provide data prevents us from fulfilling Your request as a consequence.
CONTRACTED DATA PROCESSORS
Hosting Provider
- Activity performed by a data processor: Hosting Service
- Name and contact information of the data processor:
Name: Wellis Hungary Trade and Service Ltd.
E-mail: info@wellis.hu
Telephone: 06 29 564 380
Mailing Address: 2371 Dabas, Mánteleki út 0417 hrsz.
- Nature of data processing and the scope of data processed: Any and all personal data provided by the Data Subject.
- Data Subjects: Any and all Data Subjects using the website.
- Data processing purpose: Availability and proper operation of the website.
- Data processing duration, deadline of data deletion: Until the termination of the agreement, concluded between the Data Controller and the Hosting Provider, or the submission of a deletion request by the Data Subject to the hosting service provider.
- Legal basis for data processing: the User’s consent pursuant to the Information Act 5. Section (1), Article 6 subsection (a), and Article 13/A of Act No. CVIII. of 2001 on certain aspects of electronic commercial services and information community services Section (3).
PROCESSING OF COOKIES
- Nature of data processing and the scope of data processed: Unique identification number, dates and times
- Data Subjects: Any and all Data Subjects visiting the website.
- Data processing purpose: Identification of users and tracking of visitors.
- Data processing duration, deadline of data deletion:
Cookie Type | Legal basis for data processing | Duration of data processing | Scope of processed data |
Work session cookies (session) | Pursuant to the act of 2001 on certain aspects of electronic commercial services and information community services Act No. CVIII. (E-Commerce Act) Article 13/A. Section (3) | Until the relevant work session of the visitor is finished. | connect.sid |
- Identity of potential data controllers authorized to gain access to personal data: The data controller does not process any personal data by the use of cookies.
- Description of rights of Data Subjects regarding the data processing: The Data Subjects may delete the cookies from the browser, usually by visiting the Privacy Protection section of the Tools/Preferences menu.
- Legal basis for data processing: No consent of the Data Subject is required, should the sole purpose of the use of cookies be to provide communication services through an electronic communication network or if it is essential to the service provider to provide services related to the information community explicitly requested by the subscriber or user.
USE OF GOOGLE ADWORDS CONVERSION TRACKING
- The online ad program “Google AdWords”, as well as the Google conversion tracking feature within its framework, shall be used by the data controller. Google conversion tracking is provided as an analytics service of Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; “Google”).
- When a user reaches a website through a Google ad, a conversion tracking cookie is be placed on his/her computer. Such cookies have limited validity and do not contain any personal data, therefore they do not allow for the User to be identified by them.
- When the user browses certain pages of the website while the cookie has not yet expired, both Google and the data controller may see that the User clicked on the ad.
- Every Google AdWords customer receives a different cookie, therefore it is not allowed for them to be tracked through the AdWords clients’ websites.
- The data – obtained through the use conversion tracking cookies – are designed to produce conversion statistics for customers choosing the services of AdWords conversion tracking. Customers are thus informed about the number of users clicking on their ad and subsequently redirected to the conversion-tagged page. However, they shall not gain access to any data that could identify any user.
- Should You not wish to participate in the conversion tracking, You may decline this option by disabling the placing of cookies into your browser. Upon this case, You shall not be included under the conversion tracking statistics.
- For more information and to reach Google’s Privacy Policy, please visit www.google.de/policies/privacy/
USING GOOGLE ANALYTICS
- The present website uses the Google Analytics application, a web analytics service of Google Inc. (“Google”). Google Analytics uses “cookies”, i.e. text files, which are placed on Your computer to help analyze the use of a website visited by the User.
- The data created by the use of cookies related to the website used by the User are usually placed in and stored at one of Google’s US servers. By activating the IP anonymization on the website, Google abbreviates the IP address of the User within the EU member countries, or in other countries participating in the Agreement on the European Economic Area beforehand.
- The transfer of the entire IP address to a Google server in the US and its abbreviation thereat may only be performed in exceptional cases. On behalf of the operator of the present website, Google shall use these data to evaluate the User’s use of the Website, as well as to create reports for the website operator related to the activity of the website, and to perform additional services related to the use of the website and the Internet.
- In the framework of Google Analytics, the IP address transmitted by the User’s browser may not be linked to any other Google data of the User. The storage of cookies may be prevented on the User’s side by selecting the correct browser settings; however, please note that not all of the website’s features may be fully available in this case. You may also prevent Google from collecting and processing cookie data related to the use of the website by the User (including your IP address) by downloading and installing the browser plug-in available at the domain listed below. https://tools.google.com/dlpage/gaoptout?hl=hu
NEWSLETTERS, DM ACTIVITY
- Pursuant to Act No. XLVIII of 2008 on the fundamental terms and limitations of economic advertising activities, Section 6. §, the User may give an explicit and prior consent to the Service Provider to contact him/her with advertisements and other messages by using the contact information submitted at the registration.
- The Customer may also, considering the the provisions of the present Policy, consent to the Service Provider’s processing of personal data for the purpose of sending promotional offers.
- The Service Provider may not send unsolicited advertisements and the User may, without limitation or cause, unsubscribe from the sending of promotional offers. In this case, the Service Provider shall remove any and all personal data of the User – essential for the sending of promotional offers – from its database and shall not contact the User with further promotional offers. You may unsubscribe from the ads by following the link in the message.
- Nature of data collection, scope and purpose of data processed:
Personal data | Purpose of Data Processing |
Name, E-mail Address, Telephone. | Contact options, identification, creation of statistics. |
Time of message sent | Performance of a technical measure. |
IP address at the time of message sent | Performance of a technical measure. |
- Data Subjects: Any and all subscribers signed up for the newsletter.
- The purpose of data processing: to send electronic messages (e-mail, sms, push notifications) to the Data Subject, provide information on the current news, products, promotions, new features, etc.
- Data processing time, deadline of data deletion: data shall be processed until the consent statement is withdrawn, i.e. until the unsubscription.
- Identity of potential data controllers authorized to gain access to personal data, recipients of personal data: Personal data may be handled by the sales and marketing staff of the Data Controller, in compliance with the aforementioned principles.
- Description of rights of Data Subjects regarding the data processing:
- The Data Subject may request access to personal data related to him/her as well as their correction, deletion, or limitation from the data controller,
- and may object to the processing of such personal data, as well as
- the right to data transferring and to withdraw his/her contribution at any time.
- The Data Subject may initiate the proceedings to access of his/her personal data, their deletion, modification, limitation of their use, their transferability and object against the processing of your personal data in the following ways:
- By post to 2371 Dabas, Mánteleki út 0417 hrsz.
- Via e-mail at the e-mail address adattorles@wellis.hu.
- The Data Subject may unsubscribe from the newsletter free of charge at any time.
- Legal basis for data processing: the consent of the Data Subject pursuant to Article 6, Section (1) subsection (a) of the Information Act. 5. Section (1), and Act No. XLVIII of 2008 on the fundamental terms and limitations of economic advertising activities, Article 6. Section § (5):
The advertiser, the advertisement provider or the publisher of the advertisement – in a scope specified under the consent – shall keep a database of the personal data of any and all persons consenting to their terms. The data included in the pertinent database – related to the recipient of the advertisement – may only be processed pursuant to the statement of consent, until such consent is withdrawn, and may only be transferred to a third party with the prior consent of the Data Subject.
- We hereby inform You that
- the data processing shall be based on Your consent.
- You shall submit Your personal data in order to be eligible to receive a newsletter from us.
- Failure to submit your personal prevents us from sending You a newsletter.
SOCIAL MEDIA WEBSITES
- Nature of data collection and the scope of data processed:
Registered user name and public profile pictore of the User at social media websites such as Facebook / Google+ / Twitter / Pinterest / Youtube / Instagram etc.
- Data Subjects: Any and all Data Subjects registered on Facebook / Google+ / Twitter / Pinterest / Youtube / Instagram etc. social media websites and who “liked” the website.
- Purpose of data collection: Sharing or “liking” the website’s content, products, promotions, or the website itself on social media pages.
- Duration of data processing, Deadline of data deletion, Identity of potential data controllers authorized to gain access to personal data, Description of rights of Data Subjects regarding the data processing: The Data Subject may receive more information regarding the source of the data, their processing, nature of submission, and legal basis thereto at the pertinent social media websites. Data processing takes place at the social media websites; therefore, the regulations of the respective social media websites shall apply regarding the duration and nature of data processing, as well as the data deletion and modification options.
- The legal basis for data processing: the voluntary consent of the Data Subject to the processing of his/her personal data at social media websites.
COMPLAINT MANAGEMENT
- Nature of data collection, scope and purpose of data processed:
Personal data | Purpose of Data Processing |
First and Last Name | Identification, Contact Options. |
E-mail Address | Contact Options. |
Telephone number | Contact Options. |
Billing Name and Address | Identification, management of quality complaints, inquiries, and problems arising in connection with products. |
- Data Subjects: Any and all Data Subjects buying the product and exercising his/her right to file a quality complaint or a claim.
- Data processing duration, deadline of data deletion: The data processing shall continue until the end of the guarantee/warranty period stipulated under the contract. Copies of the complaint minutes, transcripts, and replies to the pertinent complaint raised, pursuant to Act No. CLV of 1997 on consumer protection, Article 17/A. Section (7) shall be retained for 5 years.
- Identity of potential data controllers authorized to gain access to personal data, recipients of personal data: Personal data may be handled by the sales and marketing staff of the Data Controller, in compliance with the aforementioned principles.
- Description of rights of Data Subjects regarding the data processing:
- The Data Subject may request access to personal data related to him/her, as well as their correction, deletion, or limitation from the data controller,
- may object to the processing of such personal data, as well as
- the right to data transferring and to withdraw his/her consent at any time.
- The Data Subject may initiate the proceedings to access his/her personal data, their deletion, modification, limitation of their use, their transferability and object against the processing of your personal data in the following ways:
- By post to 2371 Dabas, Mánteleki út 0417 hrsz.
- Via e-mail at the e-mail address adattorles@wellis.hu.
- Legal basis for data processing: consent of the Data Subject pursuant to Article 6, Section (1) subsections (b) and (c), of the Information Act 5. Section (1), Act No. CLV. of 1997 on consumer protection, Article 17/A. Section (7).
- We hereby inform You that
- The submission of personal data is based on a contractual obligation.
- The processing of personal data constitutes a precondition to the conclusion of the contract.
- You shall provide Your personal data in order to enable us to manage your complaint.
- Failure to submit Your personal data prevents us from managing Your complaint delivered to us as a consequence.
DATA TRANSFER TO THE SUBCONTRACTOR
- Nature of data processing and the scope of data processed: Contact name, contact phone number, contact email address, delivery address.
- Data Subjects: Any and all Data Subjects ordering a product from the data controller.
- Data processing purpose: Performance of subcontracting tasks.
- Data processing duration, deadline of data deletion: The data processing shall last until the termination of the agreement between the Data Controller and the subcontractor, or until the submission of the request for deletion by the Data Subject to the subcontractor.
- Identity of potential data controllers authorized to gain access to personal data: Personal data may be processed by the following entities, in compliance with the aforementioned principles:
Name: Wellis Hungary Trade and Service Ltd.
Central Office: 2371 Dabas, Mánteleki út 0417 hrsz.
E-mail: info@wellis.hu
Telephone: 06 29 564 380
Data Protection Registration Number: NAIH-129604/2017.
- Legal basis for data processing: consent of the Data Subject pursuant to Article 6, Section (1) subsections (b) and (c), of the Information Act 5. Section (1).
- Description of rights of Data Subjects regarding the data processing:
- The Data Subject may request access to personal data related to him/her as well as their correction, deletion, or limitation from the data controller,
- and may object to the processing of such personal data, as well as
- the right to data transferring and to withdraw his/her consent at any time.
CUSTOMER RELATIONS AND OTHER DATA PROCESSING
- Should the Data Subject have any questions that may arise during the use of the Data Controller’s services or encounter any problems, he/she may contact the Data Controller via the means listed at the website (telephone, e-mail, social media pages, etc.).
- The Data Processor shall delete the received e-mails, messages, data provided over the phone, through Facebook, etc., along with the name and email address of the Data Subject as well as other voluntarily submitted personal data, by no later than 2 years from the date of disclosure.
- We shall inform You regarding data processing operations not listed under the present Policy at the submission of such pertinent data.
- The Service Provider shall provide information, communicate or transfer data, or provide documentation on the basis of a special authority request or in case of a request of other bodies pursuant to the relevant provisions of the applicable law.
- Upon such cases, the Service Provider shall – having indicated the exact purpose and scope of the data – disclose personal data only limited to the necessary scope needed to fulfill the aim of the pertinent request.
DATA SUBJECT RIGHTS
- Right of access
You shall be entitled to receive feedback from the Data Controller regarding Your personal data being processed and, if such processing is in progress, to be granted access to Your personal data and the data stipulated under the Directive.
- Right to Rectification
You shall be entitled to request the Data Controller to rectify any inaccurate personal data related to You without undue delay. Considering the purpose of data processing, you shall be entitled to request the supplementation of incomplete personal data – including but not limited to, by means of a supplementary statement.
- Right to Deletion
You shall be entitled to request that the Data Controller shall, without undue delay, delete any and all personal data related to You, and the data controller is obliged to delete any and all personal data related to You without undue delay, should specific conditions be fulfilled.
- Right of Erasure (Right to “be forgotten”)
If the Data Controller has disclosed the personal data and is required to erase it, he shall take any and all reasonable measures, considering the accessible technical measures and the cost of their implementation – including any and all technical measures – in order to inform the Data Controllers processing the pertinent data that You have requested the erasure of links redirecting to the personal data in question, or of their copies, or of their duplicates.
- Right to Restriction of Data Processing
You shall be entitled to request that your Data Controller restricts your data processing, should one of the following conditions be met:
- You dispute the accuracy of your personal data – upon this case, the restriction extends over a period of time that allows for the data controller to verify the accuracy of personal data;
- the data processing is unlawful, and You are opposed to the erasure of the data, requesting to restrict their processing instead;
- the Data Controller no longer needs the pertinent personal data for the purposes of data processing, but You request them for the purpose of submitting, enforcing, or protecting Your legal claims;
- You have objected against the data processing – upon this case, the restriction extends over a period of time that allows to establish whether the legitimate reasons of the data controller prevail over your legitimate reasons.
- Right to Data Portability
You shall be entitled to receive personal data related to You that is disclosed by a Data Controller in a fragmented, widely used, computer-readable format, as well as to transfer such data to another data controller without the interference of the Data Controller by whom these personal data have been disclosed to You (…)
- Right to Object
You shall be entitled to object to the processing of your personal data for any reason relating to your own situation at any time (…), including the profiling based on the aforementioned provisions.
- Right to Object under Direct Business Acquisition
If Your personal data is processed for the purposes of direct business acquisition, You shall be entitled to object against the processing of any personal data relating to such processing at any time, including the profiling, should it be related to the direct business acquisition. Should You object to personal data processing for direct business acquisition purposes, Your personal data may no longer be processed for the pertinent purpose.
- Automated Decision-Making in Individual Cases, including Profiling
You shall be entitled to exclude the scope of any decision, as well as its effects, based solely on automated data processing – including the profiling – which would give rise to legal or other significant consequences related to You.
The previous paragraph shall not apply, should the decision be:
- essential for the conclusion or fulfillment of a contract between You and the Data Controller;
- allowed to be made under EU law or the law of its member countries applicable to the Data Controller, the relevant provisions of which also stipulate proper measures to protect your rights and freedoms and legitimate interests; or
- based on your explicit consent.
DEADLINE OF TAKING MEASURES
The Data Controller shall inform You of any measures taken in response to the aforementioned requests without undue delay, in any case by no later than 1 month after the delivery of the request.
This deadline may be extended to a period of 2 months, if applicable. The Data Controller shall inform You regarding the extension of the deadline, along with the indication of the cause of the delay, by no later than 1 month after the receipt of the request.
Should the Data Controller fail to take measures upon Your request, he shall notify You without undue delay, by no later than 1 month after the receipt of the request, regarding the reasons of failure to take measures, as well as whether you may file a complaint with a supervisory authority and exercise Your right to appeal in a court of law.
SECURITY OF DATA PROCESSING
The Data Controller and the Data Processor shall take appropriate technical and organizational measures to consider the current state of science and technology and the costs of implementation, the nature, scope, circumstances and objectives of data processing, and the risk of varying probability potentially affecting the natural persons’ rights and freedoms to guarantee an adequate level of data security, including, but not limited to, where appropriate:
- the pseudonymization and encryption of personal data;
- to ensure the integrity, availability, and confidentiality of systems and services, as well as their continued privacy used for personal data processing;
- the ability to restore access to personal data and the availability of data within reasonable time upon the case of physical or technical incidents;
- the procedure for the regular testing, assessment, and evaluation of the effectiveness of the technical and organizational measures taken to guarantee the security of data processing.
Data security measure of the Data Controller: Continuous automatic backup from the server to the Google Drive service
INFORMING THE Data Subject OF DATA SECURITY BREACHES
If the data security breach is likely to pose a high risk to the rights and freedoms of natural persons, the Data Controller shall inform the Data Subject of the data security breach without undue delay.
Information provided to the Data Subject should be clearly and easily understood and the nature of the data security breach shall be disclosed, along with the name and contact details of the Data Protection Officer or other contact person providing additional information; the potential consequences of a data security breach shall be described; measures taken or planned by the Data Controller to remedy the data security breach, including, where appropriate, measures to mitigate any adverse consequences of a data security breach shall be disclosed, as well.
The Data Subject does not need to be informed, should any of the following conditions be met:
- the Data Controller has implemented appropriate technical and organizational protection measures and has applied those measures to the data affected by the data security breach, in particular, measures – such as the use of encryption – that make it impossible for unauthorized persons to gain access to decypher the pertinent personal data;
- following the data security breach, the Data Controller has taken further measures to ensure that the high-risk factors potentially affecting the rights and freedoms of the Data Subject shall not reoccur in the future;
- providing information would require disproportionate effort. Upon such cases, the Data Subjects shall be informed by means of publicly disclosed information, or a similar measure shall be taken to ensure that such informing of the Data Subjects is performed equally effectively.
Should the Data Controller have not yet informed the Data Subject of the data security breach, the supervisory authority may itself, after having considered whether the privacy incident is likely to pose a high risk, inform the Data Subject.
DATA SECURITY BREACH REPORTING TO THE COMPETENT AUTHORITIES
The data security breach shall be reported by the Data Controller to the supervisory authority competent as stipulated under Article 55 without undue delay and, if possible, by no later than 72 hours after the data security breach has been acknowledged by the Data Controller, unless the data security breach is unlikely to pose a risk to the rights and freedoms of natural persons. Should the report not be submitted within 72 hours as stipulated above, the reasons explaining the delay shall also be attached thereto.
COMPLAINT OPTIONS
You may lodge a complaint against a potential breach of law of the Data Controller with the National Data Protection and Information Authority:
National Data Protection and Information Freedom Authority
1125 Budapest, Szilágyi Erzsébet fasor 22 / C.
Mailing address: 1530 Budapest, Mailbox: 5.
Telephone: +36 -1-391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
CONCLUSION
During the preparation of the present Policy, we have observed the following legal acts and regulations:
- REGULATION (EEC) No. 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 (General Data Protection Regulation)
- 2011 CXII. law on information self-determination and freedom of information (hereinafter referred to as: Information Act)
- Act No. CVIII of 2001 on certain aspects of electronic commercial services and information community services (with specific regards 13/A. Article)
- Act No. XLVII. of 2008 on the prohibition of unfair commercial practices against consumers;
- Act No. XLVIII of 2008 on the basic conditions and limitations of commercial advertising activity (with special regards to Article 6.)
- Act No. XC of 2005 on the freedom of electronic Information – Act C of 2003 on electronic communications (with special regards to Article 155.)
- Opinion No. 16/2011 on the EASA / IAB Recommendation on the best practice of behavior-based online advertising
- Recommendation of the National Data Protection and Information Freedom Authority on the data protection requirements of prior informing
- REGULATION No. 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 (General Data Protection Regulation).