Effective: 24/05/2018. from the date of revocation
Zsolt Lang Self-Employer
By using the Website, using one of its services and applications, and initiating it, you, as the User, consent to the processing of your personal data in accordance with the provisions of these Data Management Regulations. The Service Provider shall provide information on other data handling not listed in this prospectus, related to the operation of the Website and the services of the Service Provider, upon recording the data.
I. Data controller, data processor
Zsolt Lang Self-Employed
Address: Malta SPB 2610 Bugibba, Flat 5 Blue waters Triq Gulju
Tax number: MT23432706
Registration number: N794 / 2016
Operating license number: N794 / 2016
Phone: +36 20 282 6609
Partners selling products on the Service Provider's Website and its associated pages act as an independent data controller in relation to the personal data provided during the purchase / inquiry. As part of the operation of the IT system on which the system is based, the Service Provider uses Magyar Hosting Kft (Address: 1132 Budapest, Victor Hugo u. 18-22.) As a data processor.
In addition, the Service Provider uses PayPal Corp. as a data processor.
Data Protection Officer of Zsolt Lang Self-Employer: In view of the mandatory case provided for in Article 37 of the GDPR Regulation - regular and systematic, large-scale monitoring of data subjects - for the appointment of a Data Protection Officer on 24.05.2018. took place on. The Data Controller also informs the Data Subject that if it detects a data protection concern, incident or other circumstance with the Data Controller that is otherwise lawful and / or technically objectionable, or at least justified, it may make a report at the following contact details, contact the data contact with official:
Name and contact details of the Data Protection Officer:
address: Malta SPB 2610 Bugibba, Flat 5 Blue waters Triq Gulju.
tel: +36 20 282 6609
According to the Info Act:
Personal data: data that can be contacted by the Data Subject, in particular the name, identification mark and knowledge of one or more physical, physiological, mental, economic, cultural or social identities of the data subject, and the conclusion that can be drawn from the data concerning the data subject
Data subject: Any natural person identified or identifiable, directly or indirectly, on the basis of personal data
Consent: a voluntary and firm declaration of the will of the data subject, based on adequate information and giving his or her unambiguous consent to the processing of personal data concerning him or her, in whole or in part.
Data management: any operation or set of operations on data, regardless of the procedure used, in particular their collection, recording, recording, systematisation, storage, alteration, use, interrogation, transmission, disclosure, coordination or linking, blocking, deletion and destruction, and prevent further use of the data, take photographs, sound or images and record physical characteristics (eg fingerprints or palm prints, DNA samples, irises, sounds) that can be used to identify the person
Data controller: a natural or legal person or an organization without legal personality who, alone or together with others, determines the purpose of data processing, makes and implements decisions on data processing (including the means used) or implements it with a data processor entrusted by him;
Data transfer: making the data available to a specific third party
Disclosure: making the data available to anyone;
Data erasure: making data unrecognizable in such a way that it is no longer possible to recover it
Data marking: the identification of the data in order to distinguish it
Data blocking: the identification of data to limit their further processing permanently or for a specified period of time
Data processing: the performance of technical tasks related to data management operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;
Data processor: a natural or legal person or an organization without legal personality who carries out the processing of data on the basis of a contract concluded with the data controller, including the conclusion of a contract on the basis of a provision of law
System: the set of technical solutions operating the mechanical processing of the Data Controller (hereinafter: “System”). Otherwise, under the terms of these Regulations, Infotv. The content according to the interpretative definitions defined in § 3 shall be understood.
III. Principle of data management, source, method of data collection
Principles of data management: Personal data may only be obtained and processed fairly and lawfully. Personal data may only be stored for specified and lawful purposes and may not be used otherwise. The scope of the personal data processed must be proportionate to the purpose for which they are stored and must comply with that purpose and must not go beyond that purpose. Appropriate security measures shall be taken to protect personal data stored in automated data files against accidental or unlawful destruction or accidental loss, and against unauthorized access, alteration or dissemination.
Voluntary consent: In connection with the fulfillment of the agreement between the parties based on a real act (voluntary consent), the Data Controller shall provide the personal data of natural persons and data subjects in accordance with the Voluntary, informed and definite consent of the Data Subject. § 5 (1), or if it is necessary for the fulfillment of a relevant legal obligation, for the enforcement of the legitimate interest of a data controller or a third party, and the enforcement of this interest is proportionate to the restriction of the right to personal data protection. Pursuant to Section 6 (1). Given that each personal data is in all cases entered into the Data Controller's data with the voluntary, informed and definite consent of the Data Subject, in the case of data subjects where the Data Subject and the person providing the relevant personal data are not the same, the Data Subject is responsible for the authenticity and manageability of personal data; unless the possible bad faith of the Data Controller would not exclude this liability.
Source of data management: The managed data is recorded directly from the Data Subject.
The Data Controller shall include the personal data included in these Regulations in accordance with the data protection legislation in force at any time, in particular the Infotv. Pursuant to Section 5 (1), Section 6 (5), with the voluntary consent of the data subject's natural person, in accordance with international conventions on data protection, EU legal acts and other relevant legislation, in accordance with this prospectus, or if fulfilling a relevant legal obligation necessary for the purpose of enforcing the legitimate interest of the data controller or a third party, and the enforcement of this interest is proportionate to the restriction of the right to the protection of personal data in accordance with Infotv. 6 (1) and in accordance with the provisions of the relevant sectoral legislation.
Thus, the Data Controller complies with Article II of the GDPR Regulation. Chapter 6 Article 1 (1)
"The data subject has consented to the processing of his or her personal data for one or more specific purposes"
"The processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to the conclusion of the contract",
"Processing is necessary for compliance with a legal obligation to which the controller is subject"
"The processing is necessary for the protection of the legitimate interests of the controller or of a third party, unless those interests take precedence over the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the child concerned"
lawfully processes data in accordance with
Method of data collection: The Data Controller receives and obtains the data of the Stakeholders in accordance with these Regulations, in all cases with the voluntary consent of the Stakeholders, directly from the Data Subject in person or through its Website and associated pages. In all cases, the Data Subject is responsible for the authenticity of the personal data provided. The data controller does not check the personal data provided to him. They are concerned by concluding any contractcovered by the material scope of the Data Controller's Regulations, these Regulations are also expressly accepted.
ARC. Legal basis for data management
The collection and processing of personal data during the data management related to the operation and services of the Website is based on the voluntary consent of the data subject.
The User gives the consent by using one of the services of the Website (eg purchase, interest) by initiating it.
The User may consent to the use of his / her personal data for direct business acquisition or marketing inquiries with advertising content (eg Newsletter, e-DM), which consent may be revoked from the Data Controller at any time without restriction or justification. The User can also give the consent when using certain services, eg (purchase, inquiry) by ticking a separate checkbox.
By participating in the Sweepstakes, the Player consents to the processing of his / her personal data, the details of which are determined by the current Game Description and the Sweepstakes Rules.
A legal representative may give consent on behalf of a minor under the age of 14 and an otherwise incapacitated User. A minor who has reached the age of 14 but has not yet reached the age of 16, as well as a User with otherwise limited legal capacity, may consent to the data processing with the consent or subsequent approval of his or her legal representative. A minor User who has reached the age of 16 may give consent independently, the consent or subsequent approval of his / her legal representative is not required for the validity of his / her legal declaration. The Service Provider is not in a position to check the right of the consenting person or to get acquainted with the content of the statement of the legal representative, so the User or his / her legal representative guarantees that the consent complies with the law. The Service Provider considers the appropriate consent of the legal representative to have been given.
The User warrants that the data subject has lawfully obtained the consent of the data subject to the processing of personal data provided and made available during the service.
Unless otherwise provided by law, the Service Provider shall fulfill the legal obligation (such as the accounting obligation, contractual obligation to the Partners) or to enforce its own or a third party's legitimate interest, if enforcing this interest to protect personal data. is proportionate to the restriction of the related right, without further separate consent, and after the withdrawal of the User's consent.
V. Scope of data managed
The Data Controller declares that he / she handles personal data only in order to exercise a right or fulfill an obligation. The processed personal data is not used for private purposes, the data processing always complies with the principle of purpose limitation - if the purpose of the data processing has ceased or the processing of the data is otherwise illegal, the data will be deleted.
The User is solely responsible for the authenticity and accuracy of the personal data. The scope of personal data processed is influenced and partly determined by the nature of the Services and the rules of electronic commerce, accounting and advertising, in particular the CVIII of 2001 on certain issues of electronic commerce services and information society services. Section 13 / A of Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Commercial Advertising Activities. § 6 of the Act.
Purchase: Data managed during online shopping: name, email address, telephone number, address (country, postcode, town, street, house number), list of purchased products
Product and / or Partner Review: In case of purchase, the Service Provider sends a questionnaire that can be filled in anonymously, in which it is possible to comment on the product and / or Partner. Product reviews made available by the User are publicly available to anyone.
Marketing inquiries: Data handled by Zsolt Lang Self-Employer during a direct business acquisition or marketing inquiry with advertising content: User's first and last name, email address, and all data provided by the user on the website or in a promotion. shopping habits, user behavior.
VI. Purpose of data management
The purpose of the Regulations is to define the scope of the Data of the Data subjects managed by the Data Controller, the method, purpose and legal basis of the data processing, as well as to ensure the constitutional principles of data protection, data security requirements, prevent unauthorized access to data data, or use.
The purpose of the processing of the User's personal data is to provide the Services of the Website, in particular: identification of the Users, collection of information from other Users discrimination, preventing unauthorized persons from accessing personal data; Transmission of the User's data for the purpose of purchase, identification of the User's rights (sub-services available to the User); administration through the customer service of the Service; contact with the User; sending a system message related to the status of the product order; sending system messages related to the Service; Providing hosting for the publication of User Content (eg product reviews); improving the services of the Website, increasing its quality, enhancing the user experience; search for products, find relevant products and facilitate ordering; avoidance of abuse; fulfillment of accounting obligations; fulfillment of legal obligations towards the Partners.
Based on the consent, the Service Provider may also use the User's personal data for the purpose of direct business acquisition or marketing inquiries with advertising content. (example: newsletter, e-DM, SMS, Viber messaging)
The following data (username, surname, first name, country, city, street, house number, telephone number, e-mail address, bank account number), if the purchase was made on the Website with a bank card by Zsolt Lang Self-Employer. transmits the data to B-Payment Szolgáltató Zrt. (Address: Budapest, Váci út 4, 1132) as an independent data controller. The purpose of the data transfer is to provide customer service assistance to users, to execute the order, to confirm transactions and to monitor fraud in order to protect users.
The Data Controller may process the personal data of the Data Subjects for the following purposes, in the following scope and proportion:
Purpose of data management
Operations, process description
Personal data - scope, type, categories
Marketing email inquiries. Send purchase information.
Name, email address
During the Purchasing process, the Buyer will be notified of any problems with the order, the success of the package, etc.
Name, phone number
Online shopping, payment
When ordering the Customer, choosing to pay online, it is necessary to store the details of your purchase.
Store for 8 years
Name, address, bank account number
Customer service administration (email, phone)
Order related questions, complaints, administration, warranty administration
Canceled 2 years after administration
correspondence, telephone conversation
Write an opinion
During the order, the customer can write an opinion about the Product and / or the Partner, which will be displayed by the Service Provider.
Opinions are constantly stored and made available (first name + settlement is displayed)
Name, email, relation to the target person of the purchase
When ordering an online payment, the Customer must store the details of his purchase.
Store for 8 years
To deliver the order, the courier service needs the Customer's details.
Name, address, telephone number, email address
Write a review (without purchasing)
The visitor can write an opinion about the Product and / or the Partner, which is displayed by the Service Provider
Opinions are constantly stored and made available (first name + settlement is displayed)
Name, email address
Write an opinion (about the Service Provider)
The visitor can write an opinion about the Service Provider and the experience of the visit, which the Service Provider will display on its website.
Opinions are constantly stored and made available (first name + settlement is displayed)
Name, email address
VII. Privacy legislation
Legislation of key importance for the Regulations:
Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter: the “GDPR Regulation”)
Act CXII of 2011 on the right to information self-determination and freedom of information. Act (hereinafter: “Information Act”) Act V of 2013 on the Civil Code (hereinafter: “Civil Code”)
Act CVIII of 2001 on certain issues of electronic commerce services and information society services. Act (thus in particular §§ 13 / A.-13 / B
Electronic commerce services and information society services
VIII. Data transmission
Purchase, Request for Quotation: In case of request for quotation, purchase, the Service Provider transmits the personal data of the contracting authority, user (name, email address, telephone number, and comment, as well as the chosen means of payment / payment method) to the Partner. , obsession
In case of interest, request for quotation, the Service Provider, based on the voluntary consent of the User, transmits the personal data of the interested User in part or in full (name, email address, telephone number, address) and comments, as well as the chosen payment method / payment instrument. to send an offer to the Partner offering the wedge. In case of purchase, the Service Provider transmits the Buyer's User's personal data in part or in full (name, email address, telephone number, address) and comments, as well as other purchase data (discount, chosen payment method / means of payment, etc.) to the product offering based on the User's voluntary consent. To a partner to complete the purchase. The Service Provider forwards the data provided by the User during the purchase to the Partner offering the product, after the Partner has given feedback that he can complete the purchase. In case of purchase, the Service Provider, based on the User's voluntary consent, simultaneously transmits the Buyer's User's personal data in part or in full (name, email address, telephone number, address) and comment, as well as other ordering data (product name, size, weight, payment method). / means of payment, etc.) to the Partner delivering the product for the purpose of shipping, tracking and sending the Products.
The data controller is entitled and obliged to transfer to the competent authorities all personal data in his / her possession and lawfully stored, which is required to be transferred by law or a final official decision. The Data Controller cannot be held liable for such transfer of data and the consequences thereof
In addition, the data controller shall transfer data only to its social data controllers and / or data processors who have a contractual relationship with it, including only those who have a contractual obligation to the Data Subject; accordingly, the Data Controller shall transfer data to a third party only in order to fulfill the purposes and to the extent specified in these Regulations. This transfer of data may not place the Data Subject at a disadvantage compared to the data management and data security rules specified in the text of these Regulations in force at any time.
The Data Controller informs the Data Subject that the Data Subject's personal data will not be transferred abroad (outside the European Union, to a non-EEA state), except with the data subject's express consent and under the conditions set out in a written declaration by the parties, with guarantees in accordance with GDPR.
IX. Duration of data management
Data handled in connection with the use of the Services: The Service Provider shall purchase the personal data of the purchase and request for quotation initiated by the User in order to fulfill the obligations to the accounting and Partners for 8 years pursuant to § 169 of Act C of 2000 and the Taxation Act of 2003. XCII. for the statutory limitation period.
Data processed for the purpose of inquiry: The Service Provider shall provide the consent X.3. until the revocation according to point 1, it handles the personal data of the User for the purpose of making a direct business acquisition or marketing inquiry with advertising content. The termination of certain Services of the Website, the closing of a sweepstakes or the deletion of a Facebook application do not result in the revocation of the consent to send a direct business acquisition or marketing request with advertising content, the consent - by request type (eg newsletter, e-DM, etc.) - separately -It is necessary to revoke the User separately.
Customer Service: The Service Provider stores complaints, questions and requests sent to customer service for 24 months from the date of submission, and then deletes them - with the exception of correspondence in pending cases.
In summary: The duration of the Data Management up to the periods indicated for the data management purposes, but
As a general rule, until the purpose of data management is achieved.
With respect to legal rights and obligations until their termination.
Otherwise for the period required by the relevant legislation (s).
Lastly, until the withdrawal of the data subject's approval and / or the cessation or failure of the objective to be achieved.
is in force.
X. Modification, deletion, locking of data; the right to protest against data processing; information
The User can notify the Service Provider of any changes to the data provided during the purchase at the e-mail address email@example.com. If the User notifies the Service Provider of his / her intention to change the data at the customer service email address or by telephone number, the Service Provider will forward his request to the Partner.
In order to operate the Service, the Service Provider continuously stores and makes available the opinions of the product until the legal relationship with the evaluated Partner (Product) (given first name and city name), but at the request of info concerned available. The Service Provider reserves the right to partially delete, remove and reject opinions for its own discretion.
Consent to direct business acquisition or marketing inquiries with advertising content by inquiry type (eg Zsolt Lang Self-Employer. Newsletter, e-DM) via the link at the bottom of the e-mail, or at the email address firstname.lastname@example.org or at the Zsolt Lang Self-Employer address: Malta, SPB 2610 Bugibba, Flat 5 Blue waters Triq Gulju. revoked in respect of the controller.
In cases other than the above - the User - the so-called except for mandatory data management - you can request the deletion of your personal data by sending a letter to the email address email@example.com. The Service Provider deletes the User's personal data without the data subject's request, if its handling is illegal; the purpose of data management has ceased; or the statutory period for the storage of data has expired; it has been ordered by a court or the National Data Protection and Freedom of Information Authority; or if the data processing is incomplete or incorrect - and this condition cannot be legally remedied - provided that the deletion is not precluded by law. Instead of deleting, the Service Provider blocks the personal data if the User so requests or if, on the basis of the information available to him, it can be assumed that the deletion would harm the legitimate interests of the User. The personal data blocked in this way is handled by the Service Provider only as long as the purpose of data management, which precludes the deletion of personal data, exists. Following the withdrawal of the User's consent, the Service Provider shall You can continue to process the personal data of the data subject according to the table in point.
The Data Subject is the Infotv. You may object to the processing of your personal data in accordance with Section 21 (2), in particular
if the processing or transfer of personal data is necessary only for the fulfillment of a legal obligation to the Data Controller or for the enforcement of the legitimate interests of the Data Controller, the data recipient or a third party, except in the case of mandatory data processing;
if the use or transfer of personal data is for the purpose of direct business acquisition, public opinion polling or scientific research; and
in other cases specified by law.
The Data Subject may object to the processing of his / her personal data by sending a letter to the customer service email address firstname.lastname@example.org.
The Data Controller shall examine the protest as soon as possible after the submission of the request, but not later than fifteen (15) days, make a decision on the merits thereof and inform the applicant in writing of its decision. For the duration of the investigation, but for a maximum of five (5) days, the Data Controller shall suspend the data processing. If the protest is justified, the head of the organizational unit handling the data shall inform Infotv. Act in accordance with the provisions of Section 21 (3). If the Data Controller finds that the Data Subject's objection is justified, the data processing, including further data collection and data transfer, shall be terminated and the data shall be blocked, and the protest and the measures taken on the basis thereof shall be notified to all persons to whom the personal data and who are obliged to take action to enforce the right to protest. If the Data Subject does not agree with the decision of the Data Controller, or if the Data Controller fails to meet the deadline, the Data Subject may apply to a court within thirty (30) days from the notification of the decision or the last day of the deadline.
If the data management (eg accounting) has been ordered by law, the Service Provider may not delete the User's data, but will not forward the personal data to the data recipient if he has agreed with the protest or the court has established the legitimacy of the protest.
The User is entitled to request information at any time about the personal data processed by the Service Provider in connection with the services of the Website at the email address email@example.com. At the request of the User, the Service Provider provides information on the data concerning the User, processed by it or processed by the data processor in connection with the given service, their source, purpose, legal basis, duration, name, address, legal basis and recipient of data transfer, its activities related to data management. The Service Provider shall provide the requested information within a maximum of 30 days from the submission of the request.
Based on the authorization of a court, prosecutor's office, investigating authority, violation authority, administrative authority, the National Data Protection and Freedom of Information Authority, or other bodies, other bodies may contact the Service Provider to provide information, disclose data, transfer or make documents available. The Service Provider shall provide the requesting body with the personal data necessary for the realization of the purpose of the request, provided that it has indicated the exact purpose and scope of the data.
The Data Subject may request information on the handling of his / her personal data, as well as request the correction or deletion of his / her personal data in accordance with these Regulations, except for the contact details provided above.
The Affected will enter by emailUpon request, the Data Controller shall provide information on the data it manages, the purpose of the data processing, the duration of the legal basis, the name, address (registered office) of the data processor and its activities related to data processing, as well as who received or received the data. The Data Controller shall, within the shortest time from the submission of the application, but not later than within thirty (30) days, in writing, in an intelligible form, free of charge - reimburse the costs. It is charged in the case specified in Section 15 (5) - to provide the information. The information covers the Infotv. To the information specified in Section 15 (1), if the information of the data subject cannot be refused on the basis of law.
The Data Controller is obliged to correct personal data that does not correspond to reality. Personal data will be deleted by the Data Controller if its processing is unlawful, requested by the data subject - in this case within five (5) working days - incomplete or incorrect - and this condition cannot be legally corrected - provided that the deletion is not precluded by law. the purpose of the data processing has ceased, the time limit for the storage of data specified by law has expired or it has been ordered by a court or the National Data Protection and Freedom of Information Authority. The data controller shall notify the Data Subject of the rectification and deletion, as well as all those to whom the data has previously been transmitted for data management purposes. The notification may be omitted if it does not harm the legitimate interests of the data subject in view of the purpose of the processing.
If the Data Subject uses personal data unlawfully or deceptively, or the Data Subject commits a criminal offense, the Data Controller reserves the right to retain the relevant data in the event of such use for the purpose of possible litigation and non-litigation evidence until the end of the proceedings. . The latter shall also apply mutatis mutandis in the event that the deletion of the personal data of the Data Subject has been requested in order to frustrate, but at least make more difficult, the data controller's legitimate claim.
The Data Controller shall indemnify the damage caused to others by the unlawful processing of the Data Subject's data or by violating the requirements of technical data protection. The data controller is released from liability if he proves that the damage was caused by an unavoidable cause outside the scope of data processing. The damage shall not be compensated to the extent that it resulted from the intentional or negligent conduct of the injured party.
Informing stakeholders may be omitted / rejected or restricted by the Infotv. Specified in Section 16 (2) - Infotv. For the reasons specified in Section 9 (1) or Section 19 and with a detailed justification - subject to the provisions if
the data subject already has the information;
the provision of such information proves impossible or would involve a disproportionate effort, in particular for data processing in the public interest, for scientific and historical research purposes or for statistical purposes, subject to the conditions and guarantees of Article 89 (1) of the GDPR Regulation, or where the obligation to provide information would be likely to make it impossible or seriously jeopardize the achievement of the purposes of such processing. In such cases, the controller shall take appropriate measures, including making the information publicly available, to protect the rights, freedoms and legitimate interests of the data subject;
the acquisition or disclosure of the data is expressly provided for by Union or Member State law applicable to the controller, which provides for appropriate measures to protect the legitimate interests of the data subject; obsession
personal data must remain confidential under an obligation of professional secrecy laid down in Union or Member State law, including a legal obligation of professional secrecy.
Otherwise, the Data Subject has the right to access personal data concerning him or her and the following information:
Copy of personal data (for additional copies ktsg.)
Objectives of data management
Categories of data
Data related to automated decision making and profiling
When receiving data, source information
Recipients to whom the data have been or will be communicated
Information and guarantees related to data transfer to a third country
Duration of storage, its aspects
Rights of the data subject
Right to apply to an authority
How to exercise the right of access: If the data subject has submitted the request electronically, the information should be provided in a widely used electronic format, unless the data subject requests otherwise. The right to request a copy must not adversely affect the rights and freedoms of others.
If the controller has disclosed the data and is required to delete it, it shall take steps that can reasonably be expected, taking into account the available technology and the cost of implementation.in order to inform other data controllers of the deletion of the links, copies and duplicates in question. The data subject may not exercise the right of erasure and forgetting if the processing is necessary: for freedom of expression, to fulfill a legal obligation or to exercise public authority, in the public interest in the field of public health, for archiving in the public interest, for scientific and historical research, to enforce legal claims
At the request of the Data Subject, the Data Controller restricts data processing if:
the Data Subject disputes the accuracy of the personal data
the data processing is illegal and the Data Subject objects to the deletion of the data
the Data Controller no longer needs the personal data, but the Data Subject requests it in order to submit, enforce or protect legal claims
the Data Subject has objected to the data processing and the Data Controller is still under investigation.
Notification obligation: The Data Controller shall inform all recipients to whom the data have been communicated of the rectification, erasure or restriction. Unless this is impossible or requires a disproportionate amount of effort.
Data portability: The Data Subject is entitled to receive the data provided by him / her to the Data Controller:
in an articulated, widely used, machine-readable format
authorized to transfer to another controller
request the direct transfer of data to the other controller -
if this is technically feasible
except: processing of data for the exercise of a public interest or public authority right
Enforcement possibilities: In the event of a violation of the rights of the Data Subject, the Data Controller may exercise their enforcement possibilities against the Data Controller before an arbitration court in accordance with the general contractual terms and conditions in force at any time, and in accordance with Infotv. and applicable legislation, they may apply to the National Data Protection and Freedom of Information Authority (mailing address: 1534 Budapest, Pf .: 834; address: 1125 Budapest, Szilágyi Erzsébet fasor 22 / c.). The court is acting out of turn in the case.
XI. Claims enforcement
The Service Provider considers the request received from the email address previously provided to the Service Provider to be the request received from the User. In case of requests submitted from other email addresses and in writing, the User may submit a request if - in the manner specified by the Service Provider or by law - he has duly certified his user quality.
If the data management of the Service Provider is not based on the data subject's consent, but the data processing was abusively initiated by a third party, the data subject may request the deletion of personal data published by him or her and information on data management
In the event of the User's death, any close relative of the User or the person to whom he or she has been granted a will may request the deletion of the data concerning the User by presenting the death certificate or sending a copy to the customer service address of firstname.lastname@example.org.
XII. Enforcement options
In case of an alleged violation of the law related to the processing of personal data, the data subject may also apply to the competent court, the Capital Court in the capital or initiate an investigation at the National Data Protection and Freedom of Information Authority (chairman: Dr. Attila Péterfalvi, 1024 Budapest, Szilágyi Erzsébet fasor 22 / C @ naih.hu, + 36-1-3911400, www.naih.hu).
If you have any questions or comments related to data management, the Data Controller can also be contacted directly at the following e-mail address: email@example.com
XIII. Data security, data management security
The Service Provider shall take the necessary technical and organizational measures and establish the necessary procedural rules in order to ensure the security of the personal data provided or made available by the User during the entire process of data management.
In the server room of the Service Provider in Hungary, in the server room of Magyar Hosting Kft. (As an independent data manager. Data management registration number: NAIH-86703/2015) XIII. district 1132 Budapest, Victor Hugo u. 18-22. stores the personal data of the Users in its data center protected by a 24-hour guard and security camera. Where data management is performed by the Data Controller himself. The data is physically handled here, the data of the Stakeholders are stored here.
Data controller of Infotv. In accordance with its obligation under Section 7, it shall make every effort to ensure the security of the data of the Data Subject, shall also take the necessary technical and organizational measures and establish the procedural rules that apply to the Information Act and other data and confidentiality protection rules. necessary to provide.
The controller shall protect the data in particular against unauthorized access, alteration, transmission, disclosure, deletion oragainst brain destruction and accidental destruction and injury. During the operation of the data management system (s), the data that is automatically and technically recorded will be stored in the System for a period of time justified from the point of view of ensuring the operation of the System. The Data Controller ensures that this automatically recorded data cannot be linked to other personal data, except in cases required by law. If the Data Subject has terminated or objected to his or her consent to the processing of his or her personal data, his or her identity, excluding the investigating authorities or their experts, will not be identifiable thereafter.
If this happens, the employees of the Data Controller's organizational units are obliged to keep the personal data known as a business secret. To this end, our employees who handle and have access to personal information have made a privacy statement. At the same time, the employees of the Data Controller are separately obliged and in the course of their work to ensure that unauthorized persons cannot access personal data. The storage and placement of personal data has been designed in such a way that it cannot be accessed, learned, changed or destroyed by an unauthorized person.
The senior official of the Data Controller with the current decision-making competence shall determine the organization of data protection, the tasks and powers related to data protection and related activities, taking into account the specifics of the Data Controller, and shall appoint a person to supervise data management.
XIV. Logging data
When using the Website, the time of the website visit and each conversion event (eg registration, purchase, Newsletter and e-DM subscription, sweepstakes registration), the visitor's IP address and the address of the page viewed are recorded. This data is continuously logged by the system in order to prevent abuses, compile statistics, and to monitor the performance and operation of the services of the Website, and keeps personal data related to the given event.
The Service Provider uses "cookies" on its Website and its associated pages, the purpose of which is to provide a more complete service to its visitors. For the purpose of customized service and convenience functions, the browser cookie stores the viewed product until the deletion, the time of the last page access, the identification in the chat function, the products placed in the basket, and the closing of the newsletter popup. The use of a browser cookie can be rejected by selecting the appropriate settings for the browser (s), in which case the User will not be able to use this convenience feature.
XVI. External intermediary service providers
XVII. Web analytics and ad server outsourcing companies
The Service Provider uses external web analytics and ad server companies for the operation of the Website, which perform their activities independently of the Service Provider.
Possibility to amend the Data Management Policy: The Data Controller reserves the right to unilaterally amend this Policy for the future. It publishes the new Regulations on the website at the domain address youpi.hu (https://youpi.hu/privacy-policy).
Recording of data management activities
The controller and, if any, his representative shall keep records of the data processing activities carried out under his responsibility. This register shall contain the following information:
the name and contact details of the controller and, if any, the name and contact details of the joint controller, the controller 's representative and the data protection officer;
purposes of data management
a description of the categories of data subjects and the categories of personal data;
categories of recipients to whom personal data are or will be communicated, including recipients in third countries or international organizations;
where applicable, information on the transfer of personal data to a third country or international organization, including the identification of the third country or international organization and, in the case of a transfer under the second subparagraph of Article 49 (1) of the GDPR Regulation, appropriate guarantees;
if possible, the deadlines for deleting the different categories of data;
if possible, a general description of the technical and organizational measures referred to in Article 32 (1).
The controller shall make the register available to the supervisory authority upon request.