PRIVACY POLICY

Peak Performance Products Hungary Kft. (hereinafter: Data Controller) handles the data of visitors to the Website, registrants on the Website or others providing their personal data (hereinafter collectively: Data Subject) during the operation of peakshop.hu (hereinafter: Website). In connection with the processing of data, the Data Controller hereby informs the Data Subject about the personal data processed by him on the Website, his principles and practices in the field of personal data processing, and the manner and possibilities of exercising the Data Subject's rights.

The Data Controller shall pay particular attention to the (EU) 2016/679 Regulation of THE EUROPEAN PARLIAMENT AND THE COUNCIL (“Regulation”) on repealing of Regulation 95/46/EC (General Data Protection Regulation) and Act CXII of 2011 (Infortv.) on right to self-determination and freedom of information about the protection of individuals with regard to the processing of personal data and on the free movement of such data.

Any Data Subject is entitled to withdraw his consent to data processing in part or in full by written notice to the Data Controller, or to request the deletion of his data in the manner specified in this informative.

1. TITLE OF DATA CONTROLLER

The data is handled by the Peak Performance Products Hungary Kft.

Headquarters, mailing address: 1191 Budapest, Ady Endre Street 42-44.

Phone: + 36-1- 280-12- 72 + 36-20- 367-9910

E-mail: support@peakshop.hu

VAT number: 13851181-2- 43

Company registration number: 01-09- 876586

EU VAT number: HU13851181

Name of the court of registration: Company Registry Court of Budapest

Data management registration number: NAIH-56500/2012.

2. DEFINITIONS

The conceptual system of these regulations is the same as the interpretative explanations defined in Article 4 of the General Data Protection Regulation (hereinafter: Regulation) and supplemented at certain points with the interpretative provisions of section 3 of Infotv. from 25 May 2018. Based on these:

  1. personal data: any information relating to an identified or identifiable natural person ("Data Subject"); a natural person can be identified directly or indirectly, in particular by an identifier such as name, number, location, online identifier or one or more factors relating to the natural, physiological, genetic, mental, economic, cultural or social identity of the natural person identified.
  2. consent: the voluntary, specific and duly informed and clear expression of the will of the data subject, by which he indicates his consent to the processing of personal data concerning him by means of a statement or an act which unequivocally verifies his confirmation.
  3. data controller: means a natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, and the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law.
  4. data management: any operation or set of operations on personal data or files, whether automated or non-automated, such as collection, recording, systematisation, sorting, storage, transformation or alteration, retrieval, consultation, use, communication, transmission or other means, coordination or interconnection, restriction, deletion or destruction.
  5. data processor: any natural or legal person, public authority, agency, or any other body which processes personal data on behalf of the controller.

3. LEGAL BASIS FOR DATA MANAGEMENT

The legal basis for data processing for the data management set out below was determined in accordance with section 1 of Article 6 of 2016/679 Regulation (“Regulation”) OF THE EUROPEAN PARLIAMENT AND THE COUNCIL (EU) on repealing 95/46/EC Regulation, on the protection of individuals with regard to the processing of personal data and on the free movement of such data, which is also indicated for each data management case.

The Data Subject may withdraw his consent to data management at any time, in which case the Data Controller shall delete all personal data of the Data Subject from the system. In the absence of withdrawal, the duration of the data management in each case involving data processing is the deadline specified in this informative.

4. CASES OF DATA MANAGEMENT, SCOPE OF DATA PROCESSED, PURPOSE, TIME, LEGAL BASIS OF DATA MANAGEMENT

1. Registration on the Website

Purpose of data management: Ensuring purchases on the Website as a registered user, ensuring access to service subject to registration, convenience function - avoiding repeated data entry by automatically filling in the data previously entered by the registered user (Data Subject) and stored in our system.

Scope of data managed: Name, e-mail address, telephone number, billing, and delivery address: postal code, city, street/house number.

Duration of data management: The processing of personal data provided during registration starts with the registration and lasts until it is deleted upon request. If the Data Subject does not request the cancellation of his registration, the Data Controller shall delete the registration data from the system no later than 30 days after the termination of the Website.

Legal basis for data management: The legal basis for data management is under the subsection of section 1 of Article 6 of the Regulation, which is the voluntary consent of the Data Subject as a purchaser.

Data source: Recorded directly from the Data Subject.

Possible consequences of lack of data service: The Data Subject cannot use the convenience function associated with registration; he is not entitled to create a user account.

2. Data processed for the performance of the contract (purchase on the Website)

Purpose of data management and scope of managed data: Fulfilment of orders, issuance of invoices, records of registered or unregistered purchasers, documentation of purchases and payments, fulfilment of accounting obligations, contact related to orders.

During the order, the Data Controller sends the information related to the order, emails related to the payment transaction to the Data Subject's email address (payment of the order successful/unsuccessful), delivers to the specified delivery address and issues the invoice based on the provided data.

Legal basis for data management

  • The legal basis for data management is the performance of a contract concluded with the Data Subject as a customer based on subsection b of section 1 of Article 6 of the Regulation.
  • In the case of an invoice, the issuance and preservation of the invoice is a legal obligation under the Accounting Act and the VAT Act, so the legal basis for data management in the case of an invoice is subsection c of section 1 of Article 6 of the Regulation.

Providing the data is a condition for concluding the contract, it is essential in order to fulfil the order (online contract).

Duration of data management: The Data Controller manages the data of the Data Subject until the expiry of the civil law limitation period (5 years) after the performance of the contract, however, the data contained in the invoice must be kept by the Data Controller for 8 years.

Data source: Recorded directly from the Data Subject.

Possible consequences of failure to provide data: The Data Subject cannot make a purchase on the Website, as it is impossible to fulfil the order without providing personal data. Failure to fulfil orders, given that the Data Controller will not have any data that would enable it to be fulfilled (e.g. delivery).

3. Customer correspondence, contact

Purpose of data management: If the Data Subject has a question related to the Website or products, he may contact the Data Controller through the contact details within this informative and on the interface of the Website.

Duration of data management, scope of managed data: The Data Controller handles the received e-mails, postal letters together with the sender's name, e-mail address and other personal data provided in the message, from the data communication until the Data Subject's question or comment can be successfully solved or answered.

Legal basis for data processing: The legal basis for data processing under subsection a of section 1 of Article 6 of the Regulation is the voluntary consent of the data subject as a customer.

Data source: Recorded directly from the Data Subject.

Possible consequences of failure to provide data: Loss of contact through customer correspondence.

4. Data processed due to complaint and warranty management

Purpose of data management: If the Data Subject requests the Data Controller to fulfil a warranty claim related to the purchased product, or the Data Controller handles the Data Subject's complaint, he also implements the processing of personal data during the administration. The purpose of data management is to implement warranty claims and complaint handling in accordance with legal regulations.

Scope of managed data: In connection with the complaint management, the Data Controller handles the name, contact details (email address, telephone number, postal address) and complaint of the Data Subject.

Legal basis of data management: The legal basis of data management is the fulfilment of the obligations prescribed in the Consumer Protection Act and the Civil Code based on subsection c of section 1 of Article 6 of the Regulation.

Duration of data management: According to the Consumer Protection Act, the data must be kept for 5 years after the complaint handling.

Data source: Recorded directly from the Data Subject.

Possible consequences of failure to provide data: Failure to manage warranty, guarantee, complaint, given that without providing personal data the Data Controller, he cannot contact, maintain, and remedy the problem with the Data Subject.

5. Data management for other purposes

1. Participation in the regular customer system

Scope of managed data: Name, email address, telephone number, postal address.

Purpose of data management: To provide a regular customer discount for the registered Data Subject.

In case of purchasing above a certain amount, providing a discount of the amount specified in the information available through the Website as well as collecting and registering loyalty points in the system.

Duration of data management: The Data Controller manages the data registered in connection with the regular customer system until the Data Subject requests its deletion from the system.

Legal basis for data management: Voluntary consent of the Data Subject.

Possible consequences of failure to provide data: The Data Subject does not have access to the benefits provided within the framework of the Regular Customer System and cannot use them.

2. Newsletter, DM activity

Scope of managed data: Name, email address.

Purpose of data management: By subscribing, the Data Subject consents to the Data Controller sending a direct marketing newsletter online using the direct inquiry method.

In case of subscription: In the absence of a different statement, objection or protest, the Data Controller uses the personal data provided by the Data Subject during the subscription in order for the Data Controller to provide information material, sales, offers and information about its services.

Duration of data management: The Data Controller manages this data until the Data Subject unsubscribes from the newsletter by clicking on the unsubscribe link in the newsletter or until he requests its removal by email or post letter. In case of unsubscribing, the Data Controller will not contact the Data Subject with further newsletters or offers. The Data Subject may unsubscribe from the newsletter at any time, without restriction or justification, free of charge.

Legal basis for data management: Voluntary consent of the Data Subject.

Possible consequences of failure to provide data: The Data Subject does not receive a newsletter with direct marketing content, nor does he receive or be informed about the information, offers, coupons or promotions contained therein.

3. Market research

The purpose of data management: To register and segment the subjects of market research, to conduct market research based on the provision of information related to the purchased product.

Type of personal data processed: Name, address, e-mail address, telephone number, purchased product, other personal data provided by the Data Subject during the market research.

Duration of data management: Until the withdrawal of the Data Subject's consent.

Legal basis for data management: Voluntary consent of the Data Subject. Only people over the age of 16 may participate in market research.

Possible consequences of failure to provide data: Data Subject cannot participate in market research.

4. Profiling in order to send personalized ads

Purpose of data management: During profiling, the Data Controller analyses the shopping habits of a given person (or group of individuals) in order to display a targeted advertisement, send a personalized newsletter or send informative, reminder messages based on their behaviour (e.g. you have left your cart behind and content has already been saved, a recommendation for a product or similar item already purchased, etc.). Data management profiling is based on the Data Subject's browsing history and purchase data.

In the absence of a different statement or objection, the creation and sending of targeted advertising related to business activities will only take place if the Data Subject expressly consents to this during registration.

If the Data Subject does not consent to the use of his personal data for this purpose, the Data Controller will not perform profiling in relation to the Data Subject, however, the Data Controller will continue to manage, store and process the personal data of registration, ordering, newsletter subscription, etc. to ensure the services available and provided (e.g. sending a system message, sending coupons, registering orders, sending newsletters, etc.). 

Scope of managed and transferred data: Name, browsing history, purchase data, email address, phone number, postal address.

Duration of data management: The Data Controller will carry out the profiling until the Data Subject objects to the profiling. The Data Subject is entitled to object to the processing of this data at any time, without giving reasons and without adverse legal consequences, by a written statement addressed to the Data Controller. In the event of an objection, the Data Controller will no longer use the data of the Data Subject specified in this section for the purpose of profiling and the Data Subject will continue to be entitled to use the Website.

Legal basis for data processing: Voluntary consent of the data subject.

Possible consequences of failure to provide data: The Data Subject does not receive personalized advertisements or information on discounts that have been prepared specifically for the Data Subject using the data collected during profiling.

5. Data collected in connection with the use of the Website

1. Technical data, Website visit data

Data Controller does not link the data generated during the analysis of the log files with other information and does not seek to identify the Data Subject.

An IP address is a series of numbers by which the computers of Data Subjects on the Internet can be clearly identified. IP addresses can even be used to geographically locate a visitor using a particular computer. The address of the visited pages, as well as the date and time data, are not suitable for the identification of the Data Subject per se, however, in combination with other data (e.g. provided during registration) they are suitable for drawing conclusions about the Data Subject.

The scope of data managed: date, time, IP address of the Data Subject's Computer, the type of browser, the address of the web page viewed and previously visited.

Duration of data management: 30 days from the date of viewing the Website.

Legal basis for data management: voluntary consent of the Data Subject.

2. Management of cookies

In order to provide customized service, the Data Controller will place a small data packet, so-called cookie, and reads it back at a later visit. If the browser returns a previously saved cookie, the cookie service provider has the option to link the Data Subject's current visit to the previous ones, but only for its own content. 

Possible consequences of failure to provide data: incomplete use of the services of the Website, inaccuracy of analytical measurements.

● Session cookie:

Purpose of data management: These cookies are used to make the Website more efficient and secure, so they are essential for certain functions of the Website or certain applications to work properly.

● Persistent cookie:

Purpose of data management: Data Controller also uses a persistent cookie for a better user experience (e.g. to provide optimized navigation). These cookies are stored in the browser's cookie file for a longer period of time. The duration of this depends on the setting that the Data Subject uses in his Internet browser. These cookies are stored in the browser's cookie file for a longer period of time. The duration of this depends on the setting that the Data Subject uses in his Internet browser.

● Shopping cart cookie:

The purpose of data management: to identify users, register the "shopping cart", manage the shopping cart (virtuemart) and ensure proper navigation.

Scope of managed data: name, email address, postal address, telephone number, products placed in the basket. 

Duration of data management: 30 days

● Security cookies:

The purpose of data management: to identify the Data Subject's current session and to prevent unauthorized access. 

Scope of managed data: IP address. 

Duration of data management: 30 days

● Cookies required for a password-protected session.

This cookie is used to identify the Data Subject after logging in to the information society service; the identification of the Data Subject is necessary in order not to interrupt the communication with the server on the communication network.

Scope of managed data: IP address, e-mail.

Duration of data management: 30 days

Delete cookies

The Data Subject has the right to delete the cookie from his own computer or to disable the use of cookies in his browser. Cookies can usually be managed in browsers' Tools/Settings menu under Privacy/History/Custom Settings, under the name of cookie, or tracking.

If the Data Subject wants to know more about what cookies his browser uses, he should visit one of the following websites for his browser:

● Google Chrome (https://support.google.com/chrome/answer/95647?hl=hu )

● Mozilla Firefox

(https://support.mozilla.org/hu/kb/sutik-engedelyezese-es-tiltasa-amit-weboldak-haszn )

● Windows Internet Explorer

(https://support.microsoft.com/hu-hu/help/260971/description-of-cookies )

Possible consequences of failure to provide data: incomplete use of the services of the Website, inaccuracy of analytical measurements.

3. Data management of external service providers

The html code of the portal contains links from and to an external server, independent of the Data Controller. The external service provider's server is directly connected to the Data Subject's computer. We would like to draw the attention of our visitors to the fact that the providers of these links are able to collect the data of the Data Subject due to the direct connection from their server and the direct communication with the Data Subject's browser.

The interface of the Website may contain information, especially advertisements, from third parties and advertising service providers who are not related to the Data Controller. These third parties may also place cookies, web beacons on the Data Subject's computer, or collect data using similar technologies in order to send the Data Subject an advertising message addressed to the Data Subject in connection with their own services. In such cases, the data processing shall be governed by the data protection regulations laid down by these third parties and the Data Controller shall not be liable for such data processing.

Content that may be personalized for the Data Subject is served by the server of the external service provider.

The data controllers listed below can provide detailed information on the management of data by third-party servers.

In order to provide customized service, external service providers place a small data package, so-called cookie, and read it back. If the browser returns a previously saved cookie, the service providers managing it have the option to link the Data Subject's current visit to the previous ones, but only for their own content.

Data Controller's ads may appear on third-party websites (Google).

These third-party service providers (Google) use cookies to store that the Data Subject has previously visited the Data Controller's Website and, based on this, they display the advertisements to the Data Subject on a personalized basis (i.e. they carry out remarketing activities).

Possible consequences of failure to provide data: incomplete use of the website's services, inaccuracy of analytical measurements.

● Cookies placed by Google Analytics

Purpose of data management: External servers help to independently measure and audit the website traffic and other web analytics data (Google Analytics). These cookies are not able to personally identify the Data Subject (the IP address currently in use is only partially recorded).

They collect information such as e.g. which part of the Website the Data Subject clicked on, how many pages he visited, etc. The Data Controller intends to use this data for the purpose of developing the Website, and improving the experiences provided to the Data Subjects. Data Controllers can provide detailed information on the management of measurement data to the Data Subject.

Google Analytics uses cookies for the following analytical purposes:

If the Data Subject does not want Google Analytics to measure the data in the manner and for the purpose described, install a blocker in the browser.

Scope of managed data: IP address 

Duration of data management: 14 months

Legal basis for data management: voluntary consent of the Data Subject.

For more information on data management by www.google.com/analytics, please visit http://www.google.com/intl/en/policies/. The document “How Google uses information from sites and apps that use our services” is available at the following link:

http://www.google.com/intl/en/policies/privacy/partners/

● Google Adwords

Purpose of data management: The Website uses Google Adwords remarketing tracking codes. This is based on the ability for visitors to visit the site later with remarketing ads on websites within the Google Display Network. In order for the Data Controller to collect data about the Data Subject in this way, the Data Subject's consent is required. The remarketing code uses cookies to tag visitors. Users of the Website may disable these cookies by visiting the Google Ad Preferences Manager and following the instructions there. After that, they will not see personalized offers from the Data Controller. If the Data Subject does not wish to see remarketing ads, he has the option to disable the use of the Google cookie in Google’s Ads Preferences.

https://adssettings.google.com/authenticated

Scope of managed data: IP address, email address, search history

Duration of data management: 30 days

Legal basis for data management: voluntary consent of the Data Subject.

4. Other data management

The Data Controller informs the Data Subjects that the court, the prosecutor, the investigating authority, the infringement authority, the administrative authority, the National Authority for Data Protection and Freedom of Information or other bodies authorized by law may contact the Data Controller for the purpose of providing information, communicating, transferring or making available documents.

The Data Controller shall provide personal data to the authorities - provided that the authority has indicated the exact purpose and scope of the data - just so much and to that extent strictly necessary for the purpose of the request.

5. DATA PROCESSING

The Data Controller is entitled, in accordance with the applicable law, to use a data processor to perform certain technical operations or the provision of the service, performance of delivery, etc. The data processor is only entitled to execute the instructions and decisions of the Data Controller.

1. Name: GLS General Logistics Systems Hungary CsomagLogisztikai Kft.

Headquarters: 2351 Alsónémedi, GLS Európa Street 2.

Email address: info@gls-hungary.com

Activity: courier service

Company registration number: 13-09- 111755

VAT number: 12369410-2-44

Scope of transmitted data: IP address, username, telephone number, e-mail address, postal code, delivery address and name, parcel collection address and name, bank account number, message sent to GLS courier up to 30 characters long.

Purpose of the data transfer: delivery of the product, collection of the cash on delivery fee

2. Name: Magyar Posta Zrt.

Headquarters: 1138 Budapest, Dunavirág Street 2-6.

VAT number: 10901232-2- 44

Company registration number: 01-10-42463

Scope of data transmitted: username, postal code and address, billing name and address, delivery name and address, parcel collection name and address, cash on delivery amount.

3. Name: Bea Bordás, E.V. (Registration Number: 51672397)

Headquarters: 1201 Bp. Károly Street 94.

Activity: Accounting

4. Name: Emarsys UK Ltd.

Head office: 100 Euston Street London, NW1 2HQ United Kingdom

Activity: Newsletter 

Scope of transmitted data: username, e-mail address, telephone number, purchase data.

Purpose of data transmission: newsletters, promotions, sending SMS, providing personalized service, help desk service.

5. Name: Mito Europe Kft.

Headquarters: 1053 Budapest, Károlyi Street 9. floor 4

Company registration number: 01 09 893067

VAT number: 14192151-2-41

Email: info@mito.hu

Scope of transmitted data: IP address, username, e-mail address, arranging and processing payment on a website using a sub data processor, Facebook ads and remarketing, Web analytics tag manager, Linkedin, Twitter, Googleblog, Google Adwords, Google Analytics

6. Name: Microsoft Corporation

Headquarters: One Microsoft Way, Redmond, Washington 98052, USA.

Phone number: +1 (425) 882 8080

Activity: software operation

Scope of data transmitted: IP address, username, telephone number, e-mail address, postal code, delivery address and name, parcel collection address and name, bank account number. 

Purpose of data transfer: invoicing, accounting, corporate governance.

7. Name: Evolve Development Kft.

Headquarters: Király Street 26. 1061, Budapest

Email: info@itegration.com

Activity: software operation and development, IT service

Scope of transmitted data: IP address, username, telephone number, e-mail address, postal code, delivery address and name, parcel collection address and name, bank account number. 

Purpose of data transfer: invoicing, accounting, corporate governance

Hosting Provider Details:

8. Name: Amazon Web Services, Inc.

Headquarters: P.O. Box 81226 Seattle, WA 98108-1226

Phone: (206) 266-4064

Email: copyright@amazon.com

9. Name: Servergarden Kft.

Headquarters: Lajos Street 28-32, 1023 Budapest.

E-mail address: info@servergarden.hu

Activity: hosting provider

Company registration number: 01-09-186097

VAT number: 24855608-2-41

Scope of transmitted data: IP address, username, telephone number, e-mail address, postal code, delivery address and name, parcel collection address and name, bank account number.

Purpose of data transfer: invoicing, accounting, corporate governance 

In addition to the above, the transfer of personal data concerning the Data Subject may only take place in cases specified by law or on the basis of the Data Subject's consent.

6. DATA SECURITY

Data Controller shall take all necessary measures to ensure the security of the data, ensuring an adequate level of protection, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, and accidental destruction and damage. Data Controller shall ensure the security of the data by appropriate technical and organizational measures.

The computer system of the Website is located at the data processor of the Data Controller, on the servers of Amazon Web Services, Inc.

Data Controller selects and operates the IT tools used to manage personal data during the provision of the service in such a way that the managed data can be:

● accessible to those entitled to it (availability)

● its authenticity and authentication are ensured (authenticity of data management)

● its invariability can be verified (data integrity)

● it is protected against unauthorized access (data confidentiality). It is retained by the Data Controller during data management

● confidentiality: protects information so that only those who have access to it can access it

● integrity: protects the accuracy and completeness of the information and the method of processing

● availability: ensures that when an authorized user needs it, he can actually access the information he wants and have the tools to do so.

7. RIGHTS OF THE DATA SUBJECT

1. Information and access to personal data

The Data Subject has the right to get acquainted with the personal data stored by the Data Controller and the information related to their processing; check what data the Data Controller keeps records of and is entitled to access personal data.

Data Subject is obliged to send his request for access to the data to the Data Controller in writing (by e-mail or post). Data Controller shall provide the information to the Data Subject in a widely used electronic format, unless the Data Subject requests it in writing (by email or on paper). Upon verbal request, the Data Controller does not provide information on the handling and storage of data by telephone.

In case of exercising the right of access, the information shall include:

● defining the scope of data processed, the purpose, duration, and legal basis of data processing with regard to the scope of data processed,

● data transfer: to whom the data was transferred or will be transferred later,

● indicating data source.

Data Controller shall provide a copy of the personal data (in person at the customer service) free of charge to the Data Subject for the first time. For additional copies requested by the Data Subject, the Data Controller may charge a reasonable fee based on administrative costs. If the Data Controller requests the release of a copy electronically, it shall provide the information to the Data Controller by e-mail in a widely used electronic format.

After the information, the Data Subject may, if he does not agree with the data processing and the correctness of the processed data, request the correction, supplementation, deletion, restriction of the processing of personal data concerning him, may object against the processing of such personal data or may initiate the procedure set out in section 8.

2. The right to correct or supplement processed personal data

At the written request of the Data Subject, the Data Controller shall, without undue delay, correct inaccurate personal data provided by the Data Subject in writing or in one of the Data Controller's shops, or supplement the incomplete data with the content indicated by the Data Subject. Data Controller shall inform all recipients with whom the personal data has been communicated of the correction or addition unless this proves impossible or requires a disproportionate effort. The Data Subject shall provide the details of these recipients upon written request.

3. Right to data management restriction

The Data Subject may, by written request, ask the Data Controller to restrict the processing of his data if the

● Data Subject disputes the accuracy of the personal data, in which case the restriction applies to the period of time that allows the Data Controller to verify the accuracy of the personal data,

● data processing is illegal, and the Data Subject objects to the deletion of the data and instead requests a restriction on their use,

● Data Controller no longer needs the personal data for the purpose of data processing, but the Data Subject requests them in order to submit, enforce or protect legal claims,

● Data Subject objects to the data processing: in this case, the restriction applies for the period until it is determined whether the legitimate reasons of the Data Controller take precedence over the legitimate reasons of the Data Subject.

Personal data subject to a restriction, with the exception of storage, may be processed during that period only with the consent of the Data Subject or for the purpose of bringing, enforcing or protecting legal claims or protecting the rights of another natural or legal person or in the important public interest of the Union or a Member State. The Data Controller shall inform the Data Subject, at whose request the data processing has been restricted, in advance of the lifting of the data processing restriction.

4. Right to delete (forget)

At the request of the Data Subject, the Data Controller shall delete the personal data of the Data Subject without undue delay if any of the specified reasons exist: i) the personal data are no longer necessary for the purpose for which they were collected or otherwise processed by the Data Controller; (ii) Data Subject withdraws his consent on which the processing is based and there is no other legal basis for the processing; iii) Data Subject objects to the processing for reasons related to his own situation and there is no legitimate reason for the processing, iv) Data Subject objects to the processing of personal data relating to him for the purpose of direct business acquisition, including profiling, insofar as it is related to the direct business acquisition; v) the personal data is unlawfully processed by the Data Controller; (vi) personal data have been collected in connection with the provision of information society services directly to children.

The Data Subject may not exercise his right to delete or forget if the processing is necessary: i) for the purpose of exercising the right to freedom of expression and information; (ii) on grounds of public interest in the field of public health; (iii) for archiving purposes in the public interest, for scientific and historical research purposes or for statistical purposes, where the exercise of the right of delete would make such processing impossible or seriously jeopardize; or (iv) to file, enforce or defend legal claims.

5. Right to data portability

If the data processing is necessary for the performance of the contract or the data processing is based on the voluntary consent of the Data Subject, the Data Subject has the right to request that the data provided by the Data Subject to the Data Controller be received in a computer-readable form. If technically feasible, he can request that the data be transferred to another data controller. In all cases, the right is limited to the data provided by the Data Subject, there is no possibility for the portability of other data (e.g. statistics, etc.). The Data Subject has personal data concerning him that can be found in his Data Management System (e.g. during newsletter subscription):

● receive in a structured, widely used, computer-readable format,

● is entitled to transfer to another data controller,

● request the direct transfer of data to the other data controller - if this is technically feasible within his Data Management system.

The Data Controller fulfils the request for data portability only on the basis of a written request by e-mail or post. In order to fulfil the request, it is necessary for the Data Controller to make sure that the Data Subject entitled actually wishes to exercise this right. Within the framework of this right, the Data Subject may request the portability of the data that he has provided to the Data Controller. The exercise of this right does not automatically lead to the deletion of the data from the Data Controller's systems, therefore the Data Subject will be registered in the Data Controller's systems even after exercising this right unless he also requests the deletion of his data.

6. Objection against the processing of personal data

The Data Subject may object to the processing of his personal data by submitting a statement to the Data Controller if the legal basis for the data processing is

● a public interest based on subsection e of section 1 of Article 6 of the GDPR

● a legitimate interest based on subsection f of section 1 of Article 6 of the GDPR.

In the event of exercising the right to object, the Data Controller may no longer process personal data unless it proves that the processing is justified by compelling legitimate reasons which take precedence over the Data Subject's interests, rights and freedoms or related to the submission, enforcement or protection of legal claims. In connection with the determination that the data processing is justified by compelling legitimate reasons, the Data Controller shall decide and inform the Data Subject of his position in this regard. The Data Subject may object in writing (by e-mail or post) or, in the case of a newsletter, by clicking on the unsubscribe link in the newsletter.

7. Deadline for fulfilling the request, procedural rules

Data Controller without undue delay, but in any case, in accordance with section 6.1. - 6.6, it shall inform the Data Subject of the measures taken within one month of receipt of any request. If necessary, taking into account the complexity of the request and the number of requests, this deadline may be extended by another two months, but in this case, the Data Controller shall inform the Data Subject within one month of receiving the request and that the Data Subject may file a complaint to the supervisory authority and may exercise his right of judicial review.

If the Data Subject's request is manifestly unfounded or excessive (especially in view of its repetitive nature), the Data Controller may charge a reasonable fee for the execution of the request or refuse to act on the request. It is the responsibility of the Data Controller to prove this.

If the Data Subject has submitted the request electronically, the information shall be provided electronically by the Data Controller, unless otherwise requested by the Data Subject.

The Data Controller shall inform all recipients with whom personal data have been communicated about any rectification, erasure, or restriction on data processing unless this proves impossible or requires a disproportionate effort. Upon request, the Data Controller shall inform the Data Subject of these recipients.

8. RIGHT ENFORCEMENT OPTIONS

The Data Subject may exercise his rights by e-mail or by written request sent by post through the contact details specified in section 1.

The Data Subject's rights cannot be enforced if the Data Controller proves that he is not in a position to identify the Data Subject. If the Data Controller has doubts as to the identity of the natural person submitting the request, he may request the provision of additional information necessary to confirm the identity of the requester.

Based on Info.tv, the Regulation and the Civil Code (Act V of 2013):

1. Data Subject can contact the National Authority for Data Protection and Freedom of Information (1125 Budapest, Szilágyi Erzsébet alley 22/c.; www.naih.hu) or

2. Data Subject can assert his rights in court. The person concerned may, at his choice, also bring an action before the court having jurisdiction over his place of residence or stay.

1. Compensation and grievance fee

Any person who has suffered pecuniary or non-pecuniary damage as a result of a breach of the Regulation is entitled to compensation from the Data Controller or the data processor for the damage suffered. The data processor is liable for damages caused by data processing only if it has not complied with the obligations specified in the law, which are specifically imposed on the data processors, or if it has disregarded or acted contrary to the Data Controller's lawful instructions. The Data Controller or the data processor shall be released from liability if it proves that he is not liable in any way for the event that caused the damage.

9. MANAGING DATA PROTECTION INCIDENTS

A data protection incident is a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data that is transmitted, stored, or otherwise handled. In order to control the measures related to the data protection incident, inform the supervisory authority and inform the Data Subject, the Data Controller shall keep a register containing the scope of personal data involved in the incident, the scope and number of data subjects, the date, circumstances, effects and measures taken to remedy it. In the event of an incident - unless it poses a risk to the rights and freedoms of natural persons - Data Controller shall inform the Data Subject and the supervisory authority of the data protection incident without undue delay and within a maximum of 72 hours.

10. OTHER PROVISIONS

The Data Controller reserves the right to unilaterally amend this Privacy Policy with prior notice to the Data Subject via the Website. The amendments shall enter into force on the date specified in the notification unless the Data Subject objects to the amendments.

If the Data Subject has provided the data of a third party during the use of the service, during the subscription to the newsletter or for other purposes, or has caused damage in any way during the use of the Website, the Data Controller is entitled to enforce compensation against the Data Subject.

The Data Controller does not check the personal data provided to him. The person who provided the data is solely responsible for the accuracy of the information provided. When providing personal data, any Data Subject is also responsible for ensuring that only he uses the service with the personal data provided.

Date of entry into force of this Privacy Policy: 7 April 2020