Date of acceptance: 2024-01-23

Data controller

Name: T.C.P. Service Kft.

Headquarters: 1036 Budapest, Bécsi út 77 – 79.

Mailing address, complaint handling: 1036 Budapest, Bokor utca 2-4.

Email: office@transfercasepartshop.com

Phone number: +36 20 288 6135

Website: https://transfercasepartshop.com/

Hosting provider

Name: ELIN.hu Kft.

Mailing address: 9024 Győr, Déry T utca 11. 2. em. 4.

E-mail address: info@elin.hu

Phone number: +36 70 297 4811

Description of the data processing carried out in the operation of the webshop

This document contains all relevant information on data processing in connection with the operation of the webshop in accordance with the General Data Protection Regulation of the European Union 2016/679 (hereinafter: Regulation, GDPR) and the Act of 2011 CXII (hereinafter: Infotv.).

Information on the use of cookies

What is a cookie?

The Data Controller uses so-called cookies when you visit the website. A cookie is a set of information consisting of letters and numbers that our website sends to your browser in order to save certain settings, facilitate the use of our website and help us to collect some relevant statistical information about our visitors.

Some of the cookies do not contain any personal information and cannot be used to identify the individual user, but some of them contain a unique identifier – a secret, randomly generated sequence of numbers – that is stored on your device, thus ensuring your identification. The duration of each cookie is described in the relevant description of each cookie.

Legal background and legal basis for cookies:

We distinguish between three basic types of cookies, cookies that are essential for the proper functioning of the Website, cookies for statistical purposes and cookies for marketing purposes.

The legal basis for the processing is your consent pursuant to Article 6(1)(a) of the Regulation in the case of statistical and marketing cookies, and the legitimate interest necessary for the functioning of the Website pursuant to Article 6(1)(f) of the Regulation in the case of cookies necessary for the functioning of the Website.

The legal basis for the processing is your consent pursuant to Article 6(1)(a) of the Regulation in the case of cookies for statistical and marketing purposes and your legitimate interest pursuant to Article 6(1)(f) of the Regulation in the case of cookies necessary for the functioning of the Website.

Main characteristics of the cookies used by the Website:
Cookies necessary for the functioning of the website:
If you do not accept the use of these cookies, certain functions may not be available to you.

Strictly necessary cookies: these cookies are essential for the use of the website and allow you to use its essential functions. Without them, many of the site’s features will not be available to you. The lifetime of these types of cookies is limited to the duration of the session.

Session cookie

Mobile version, design cookie: detects the device the visitor is using and switches to full view on mobile. Lifetime 365 days.

Cookie acceptance cookie: accepts a cookie storage statement in the warning window when you arrive at the site. Lifetime 365 days.

Barion Pixel cookies Barion Payment Zrt. uses cookies (ba_vid, ba_vid.xxx, and ba_sid cookies) to prevent fraud when using the Barion payment solution, and these cookies also process personal data (profile). The purpose of the ba_vid cookie, according to the Barion Cookie Notice, is to detect credit card fraud based on the digital fingerprint of the device used by the Customer and his browsing habits. The use of the cookie is necessary to detect fraudsters. The purpose of the ba_vid.xxx cookie, as described in the Barion Cookie Notice, is to detect credit card fraud based on the digital fingerprint and browsing habits of the device used by the Customer. The cookie ensures that the browsing habits can be tracked by Barion Ltd. between two sessions on the website. It collects the following data: ba_vid, user ID, which is a hash compiled from browser properties, the timestamp of the first, current and last visit to the website, the ID of the current session, third party cookie permissions. The ba_vid and ba_vid.xxx cookies have a retention period of 1.5 years from the last update, the ba_sid cookie has a retention period of 30 minutes. The data is stored by Barion Zrt. The Barion Cookie Notice is available here: https://www.barion.com/hu/suti-tajekoztato/

Cookies for statistical purposes:

Google Analytics cookie: Google Analytics is Google’s analytics tool that helps website and application owners to get a more accurate picture of their visitors’ activities. The service may use cookies to collect information and report statistics about website usage without identifying visitors individually to Google. The main cookie used by Google Analytics is the “__ga” cookie. In addition to generating reports from website usage statistics, Google Analytics, together with some of the advertising cookies described above, can also be used to display more relevant ads in Google products (such as Google Search) and across the web.

Cookies to improve your user experience: these cookies collect information about your use of the website, such as which pages you visit most often or what error messages you receive from the website. These cookies do not collect any information that identifies the visitor, i.e. they are completely generic and anonymous. We use the information they provide to improve the performance of the website. The lifetime of these types of cookies is limited to the duration of the session.

Last viewed product cookie: records the products last viewed by the visitor. Cookies that are used to store the last cookie used by the user.

Last viewed category cookie: Records the last category viewed. The last time a category was checked.

Shopping cart cookie: records the products placed in the shopping cart. Lasts 365 days.

Cookies for marketing purposes:

Google Adwords cookie When someone visits our site, the visitor’s cookie ID is added to our remarketing list. Google uses cookies – such as NID and SID cookies – to personalise the ads you see in Google products, such as Google Search. It uses such cookies, for example, to remember your recent searches, your previous interactions with advertisements from individual advertisers or search results, and your visits to advertisers’ websites. The AdWords conversion tracking feature uses cookies. To track ad sales and other conversions, cookies are saved on a user’s computer when they click on an ad. Some common uses of cookies include: selecting ads based on what is relevant for a particular user, improving campaign performance reporting, and avoiding displaying ads that the user has already viewed.

Facebook pixel (Facebook cookie) A Facebook pixel is a code that allows the website to report conversions, create audiences and provide the site owner with detailed analytics on how visitors use the site. The Facebook pixel is used to display personalised offers and ads to website visitors on the Facebook interface. You can read Facebook’s privacy policy here: https://www.facebook.com/privacy/explanation

The purpose of BarionMarketingConsent.xxx is to store the data subject’s consent to the collection of data from his/her browsing habits and to the analysis of his/her shopping habits in order to display personalized advertisements and offers. If you have given your consent, we will also use the data collected by the credit card fraud prevention cookies placed in the cookies necessary for the operation of the website and your browsing habits to analyse your shopping habits in order to display personalised advertisements and offers. Lifetime: 1.5 years from last update

Barion Media and advertiser partners’ cookie The purpose of the cookie is to synchronise and pair different user identifiers of the Barion system with the system of the respective partner. As part of their function, cookies tell the partners’ server to download its own user ID cookie to the website visitor’s browser. In this way, identifiers generated in both systems at the same time, in the same browser, are paired.

For more information on how to delete cookies, please follow the links below:

Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11
Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
Mozilla: https://support.mozilla.org/hu/kb/weboldalak-altal-elhelyezett-sutik-torlese-szamito
Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Chrome: https://support.google.com/chrome/answer/95647
Edge: https://support.microsoft.com/hu-hu/help/4027947/microsoft-edge-delete-cookies
Data processed for the purposes of contracting and performance
For the purposes of contracting and performance, there may be more than one processing operation. Please note that data processing in relation to complaint handling and warranty management will only take place if you exercise one of these rights.

If you do not make a purchase through the webshop, but are a visitor to the webshop, the marketing processing may apply to you if you provide us with your consent for marketing purposes.

For more details on processing for the purposes of contracting and performance:

Registration on the website

By storing the data provided during registration, the Data Controller can provide a more convenient service (e.g. the data subject does not have to re-enter his/her data for a new purchase). Registration is not a condition for the conclusion of a contract

Data processed
In the course of processing, the Data Controller processes your name, address, telephone number, e-mail address, the characteristics of the product purchased and the date of purchase.

Duration of processing
Until you withdraw your consent.

Legal basis for processing
Your voluntary consent, which you provide to the Data Controller by registering [processing under Article 6(1)(a) of the Regulation]

Processing of the order
Processing of orders requires processing activities in order to fulfil the contract.

Data processed
The Data Controller processes your name, address, telephone number, e-mail address, the characteristics of the product purchased, the order number and the date of purchase.

If you have placed an order in the webshop, the processing and the provision of the data are necessary for the performance of the contract.

Duration of processing
We process the data for a period of 5 years in accordance with the statute of limitations under civil law.

Legal basis for processing
Performance of the contract. [Processing under Article 6(1)(b) of the Regulation]

Issue of the invoice
The processing is carried out in order to issue a legally compliant invoice and to fulfil the obligation to keep accounting records. Pursuant to Article 169 (1) to (2) of the Act, companies are required to keep accounting documents which directly and indirectly support the accounting.

Data processed
Name, address, e-mail address, telephone number.

Duration of processingInvoices issued must be kept for 8 years from the date of issue of the invoice, pursuant to Section 169 (2) of the Public Finance Act.

Legal basis for data processing
Pursuant to Article 159 (1) of Act CXXVII of 2007 on Value Added Tax, the issue of invoices is mandatory and must be kept for 8 years pursuant to Article 169 (2) of Act C of 2000 on Accounting [processing pursuant to Article 6 (1) (c) of the Regulation].

Processing of data relating to the transport of goods
The data processing is carried out for the purpose of the delivery of the ordered product.Data processedName, address, e-mail address, telephone number.

Duration of processing
The Data Controller processes the data for the duration of the delivery of the ordered goods.

Legal basis for processing
Performance of the contract [processing under Article 6(1)(b) of the Regulation].

Recipients and processors of data processing in relation to the delivery of goods.

Name of the recipient: GLS

Address of the recipient: 2351 Alsónémedi, GLS Európa u. 2.

Telephone number of the addressee: 06-29-88-67-00

E-mail address of the addressee: info@gls-hungary.com

Addressee’s website: https://gls-group.eu/HU/hu/home

The courier service will assist in the delivery of the ordered goods on the basis of a contract with the Data Controller. The courier service will process the personal data received in accordance with the Privacy Policy available on its website.

The name of the recipient is Packeta Hungary Kft.

The address of the recipient is: 1044 Budapest, Ezred utca 2.

Recipient’s telephone number: +36 1 400 8806

E-mail address of the addressee: info@packeta.hu

Addressee’s website: packeta.hu

DPD Hungária Kft.

Address of the recipient.

Phone number of the recipient: +36-1/501-6200

E-mail address of the addressee: dpd@dpd.hu

Addressee’s website: https://www.dpd.com/hu/

Name of the recipient: Magyar Posta Zártkörűen Működő Részvénytársaság

Address of the addressee.

Phone number of the addressee: +36-1/767-8200

E-mail address of the addressee: ugyfelszolgalat@posta.hu

Website of the addressee: posta.hu

Management of warranty and guarantee claims

Warranty and guarantee claims must be handled in accordance with the rules of Decree 19/2014 (IV. 29.) NGM, which also specifies how we must handle your claim.

Data processed

When handling warranty and guarantee claims, we must act in accordance with the rules of Decree 19/2014 (IV. 29.) NGM.

Under the Regulation, we are obliged to keep a record of the warranty or guarantee claim notified to us:

your name, address and a declaration that you consent to the processing of your data recorded in the report in accordance with the Regulation,
the name of the movable property sold under the contract concluded between you and us and the purchase price,
the date of performance of the contract,
the date on which the defect was notified,
the description of the defect,
the right you wish to exercise under any warranty or guarantee claim; and
how the warranty or guarantee claim is to be settled or the grounds for refusing the claim or the right to enforce it.
If we take delivery of the goods purchased from you, we must issue a receipt stating your name and address,
the data necessary to identify the item,
the date of receipt of the item, and
the time when you can collect the repaired item.

Duration of processing
The business must keep the record of the consumer’s warranty or guarantee claim for three years from the date of its recording and present it at the request of the supervisory authority.

Legal basis for processing
The legal basis for data processing is compliance with legal obligations pursuant to the Regulation 19/2014 (IV. 29.) NGM [Article 4 (1) paragraph and Article 6 (1) paragraph] [processing pursuant to Article 6 (1) c) of the Regulation].

Handling of other consumer complaints

The processing of data is carried out in order to handle consumer complaints. If you have made a complaint to us, the processing of the data and the provision of the data is essential.

Data processed
Customer name, telephone number, email address, complaint content.

Duration of processing
We keep warranty complaints for 3 years under the Consumer Protection Act.

Legal basis for processing
Whether you contact us with a complaint is a voluntary decision, but if you contact us, we are obliged to keep the complaint for 3 years pursuant to Article 17/A (7) of the Consumer Protection Act of 1997 (CLV of 1997) [processing of data pursuant to Article 6 (1) (c) of the Regulation].

Data processed in relation to the justification of consent

When registering, ordering or subscribing to a newsletter, the IT system stores the IT data relating to the consent for the purpose of subsequent verifiability.

Data processed
Date of consent and IP address of the data subject.

Duration of data processing
Due to legal requirements, consent must be verifiable at a later date, therefore the duration of data storage will be stored for a period of limitation after the end of the data processing.

Legal basis for processing
Article 7(1) of the Regulation imposes this obligation. [Processing under Article 6(1)(c) of the Regulation]

Processing for marketing purposes
Processing in relation to the sending of newsletters
The processing is carried out for the purpose of sending out newsletters.

Data processed
Name, address, e-mail address, telephone number.

Duration of processing
Until the data subject’s consent is withdrawn.

Legal basis for processing
Your voluntary consent, which you give to the Data Controller by subscribing to the newsletter [processing under Article 6(1)(a) of the Regulation]

Processing in connection with the sending and display of personalised advertising
The processing is carried out for the purpose of sending advertising content tailored to the interests of the data subject.

Data processed
Name, address, e-mail address, telephone number.

Duration of processing
Until your consent is withdrawn.

Legal basis for processing
Your specific and voluntary consent given to the Data Controller at the time of collection [processing under Article 6(1)(a) of the Regulation]

Remarketing
The processing is carried out as a remarketing activity using cookies.

Data processed
Data processed by cookies as defined in the cookie notice.

Duration of data processing
The duration of the data storage period of the cookie, more information is available here:

Google general cookie notice:
https://www.google.com/policies/technologies/types/

Google Analitycs notice:
https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=hu

Facebook Privacy Policy::
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

Legal basis for data processing
Your voluntary consent, which you give to the Data Controller by using the website [processing pursuant to Article 6(1)(a) of the Regulation].

Other data processing
If the Data Controller intends to carry out further processing, it will provide prior information on the relevant circumstances of the processing (legal background and legal basis of the processing, purpose of the processing, scope of the data processed, duration of the processing).

The recipients of the personal data

Processing for the storage of personal data
Name of the data processor: ELIN.hu Kft.

Contact details of the data processor:

Phone number: +36 70 297 4811

E-mail address: info@elin.hu

Address: 9024 Győr, Déry T utca 11. 2. floor. 4.

Website: https://elin.hu/

The Processor stores personal data on the basis of a contract with the Data Controller. It is not entitled to access the personal data.

Data processing activities in relation to the sending of newsletters
The company operating the mailing system is called The Rocket Science Group LLC.

The company operating the mailing system is located at 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA

Phone number of the company operating the mailing system:

E-mail address of the company operating the mailing system: privacy@mailchimp.com

Website of the company operating the mailing system: mailchimp.com

The Data Processor is contracted by the Data Controller to assist in the sending of newsletters. In doing so, the Data Processor processes the name and e-mail address of the data subject to the extent necessary to send the newsletter.

Data processing in relation to accounting
Name of the data processor.

The data processor’s registered office is located at 3 Hajnóczy József utca, 1122 Budapest, fszt. 2.

Phone number of the data processor: +36 20 404 09 66

E-mail address of the data processor: info@perfacta.hu

Website of the data processor: http://www.perfacta.hu/

The Processor shall assist in the accounting of the invoices on the basis of a written contract with the Data Controller. In doing so, the Data Processor shall process the name and address of the data subject to the extent necessary for the accounting records, for the period of time pursuant to Section 169 (2) of the Act, and shall delete them without delay thereafter.

Processing of data in connection with invoicing
Name of the data processor: Számlázz.hu (KBOSS.hu Kft.)

The data processor’s registered office is located at 1031 Budapest, Záhony utca 7/C.

Telephone number of the data processor: +36303544789

E-mail address of the data processor: info@szamlazz.hu

Website of the data processor: https://www.szamlazz.hu/

The Data Processor contributes to the recording of accounting documents on the basis of a contract with the Data Controller. In doing so, the Data Processor shall process the name and address of the data subject to the extent necessary for the accounting records, for the period of time pursuant to Section 169 (2) of the Act, after which it shall delete them.

PROCESSING OF DATA IN CONNECTION WITH THE WEBSHOP FULFILMENT SERVICE

Name of the data processor.
The data processor’s registered office. 13.
Phone number of the data processor: +36 1 998 8099
E-mail address of the data processor: info@webshippy.com

The purposes of the processing of personal data by the Processor are: processing orders, packaging the product, handing over the package to the Service Provider carrying out the delivery, handling the returned goods, invoicing on behalf of the Data Controller. In addition, the Data Processor shall provide the Controller with the possibility to record the above data in the Webshippy System without time limitation.

Categories of personal data processed:

Customer data required for delivery: name of recipient (customer), delivery address,
telephone number, e-mail address
Customer data required to issue an invoice: name of the recipient (customer),
(if the invoice is issued by the Data Processor, the Data Controller must provide the invoice address, the address of the customer (e.g.: address of the buyer, address of the customer, address of the buyer, telephone number of the customer, address of the invoice, address of the invoice)
(name, address of the data processor on behalf of the Customer))
Data relating to the purchase: time, product purchased, price, characteristics
Delivery method, status
Payment method, status, amount
Order ID
Delivery details

Duration of processing of personal data

The Data Controller instructs the Data Processor to keep the processed data in the Webshippy System for 1 year after the order has been fulfilled. The Webshippy System shall provide the possibility for the Data Controller to keep the data related to the order beyond the retention period of 1 year for orders fulfilled through the Webshippy System. The Data Controller may delete data from the records at any time after the expiry of the 1 year period, thus the Webshippy System allows the Data Controller to comply with the data retention period set by the Data Controller.

SimplePay data transfer declaration
I acknowledge that the following personal data stored by the data controller T.C.P. Service Kft. (1036 Budapest, Bécsi út 85, fszt 5.) in the user database of https://transfercasepartshop.com/ will be transferred to OTP Mobil Kft. as data processor. Name, Email address, Telephone number, Billing address, Delivery name, Delivery address, Delivery phone, Company name… The nature and purpose of the data processing activities carried out by the data processor can be found in the SimplePay Data Processing Information, at the following link: https://simplepay.hu/vasarlo-aff /.

Your rights in relation to the processing of your data
For the duration of the processing, you have the following rights under the Regulation:

the right to withdraw consent
access to personal data and information on data processing
the right to rectification
restriction of processing,
right to erasure
right to object
the right to portability.

If you wish to exercise your rights, this will involve your identification and the necessary communication with you by the Data Controller. For this purpose, identification will require the provision of personal data (but identification will only be based on data that the Controller already holds about you) and your complaints about the processing will be available on the Controller’s email account for the period of time specified in this notice in relation to complaints. If you have been a customer of ours and would like to be identified for the purposes of complaint handling or warranty handling, please also provide your order ID for identification purposes. We can use this to identify you as a customer.

The Data Controller will respond to complaints about data processing within 30 days at the latest.

Right to withdraw consent

You have the right to withdraw your consent to data processing at any time, in which case the data will be deleted from our systems. However, please note that in the case of an outstanding order, withdrawal may result in our inability to deliver to you. In addition, if the purchase has already been made, we may not be able to delete the billing data from our systems under accounting regulations, and if you have a debt to us, we may process your data in the event of withdrawal of consent on the basis of a legitimate interest in the recovery of the debt.

Access to personal data

You have the right to receive feedback from the Data Controller as to whether your personal data is being processed and, if it is being processed, the right to:

to have access to the personal data processed; and
to be informed by the Controller of the following information:
the purposes of the processing;
the categories of personal data processed concerning you; and
information about the recipients or categories of recipients to whom or with which the personal data have been or will be disclosed by the Controller;
the envisaged period of storage of the personal data or, where this is not possible, the criteria for determining that period;
your right to request the Controller to rectify, erase or restrict the processing of personal data concerning you and to object to the processing of such personal data where the processing is based on legitimate interests;
the right to lodge a complaint with a supervisory authority;
if the data have not been collected from you, any available information about their source;
the fact of automated decision-making (if such a process is used), including profiling, and, at least in these cases, clear information on the logic used and the significance and likely consequences for you of such processing.
The purpose of the exercise of this right may be to ascertain and verify the lawfulness of the processing, and the Data Controller may charge a reasonable fee for providing the information in exchange for repeated requests for information.

Access to personal data shall be ensured by the Controller by sending you, by email, the personal data and information processed, after you have identified yourself. If you are registered, we will provide access so that you can view and verify the personal data we process about you by logging into your account.

Please indicate in your request whether you are requesting access to personal data or information about data processing.

Right to rectification

You have the right to have inaccurate personal data relating to you corrected by the Data Controller without delay upon your request.

Right to restriction of processing
You have the right to obtain from the Controller, at your request, the restriction of processing if one of the following conditions is met:

You contest the accuracy of the personal data, in which case the restriction shall apply for the period of time necessary to allow the Controller to verify the accuracy of the personal data, if the accuracy of the data can be established immediately, the restriction shall not apply;
the processing is unlawful, but you object to the erasure of the data for any reason (for example, because the data are important to you for the purposes of pursuing a legal claim) and therefore do not request the erasure of the data but instead request the restriction of their use; the Controller no longer needs the personal data for the purposes for which they are processed but you require them for the establishment, exercise or defence of legal claims; or you have objected to the processing, but the Controller may have a legitimate interest in the processing, in which case, until it is established whether the legitimate grounds of the Controller prevail over your legitimate grounds, the processing should be restricted.

If the processing is restricted, such personal data, except for storage, may be processed only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or of an important public interest of the Union or of a Member State.

The controller shall inform you in advance (at least 3 working days before the restriction is lifted) of the lifting of the restriction on processing.

Right to erasure – right to be forgotten

You have the right to obtain from the Controller the erasure of personal data concerning you without undue delay where one of the following grounds applies:

the personal data are no longer necessary for the purposes for which they were collected or otherwise processed by the Controller;
You withdraw your consent and there is no other legal basis for the processing;
You object to the processing based on legitimate interest and there is no overriding legitimate ground (i.e. legitimate interest) for the processing,
the personal data have been unlawfully processed by the Controller and this has been established on the basis of the complaint,
the personal data must be erased in order to comply with a legal obligation under Union or Member State law applicable to the Controller.

If the Data Controller has disclosed personal data about you for any lawful reason and is required to delete it for any of the reasons set out above, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform other data controllers that you have requested the deletion of the links to or copies of the personal data in question.

Deletion does not apply where the processing is necessary:

for the exercise of the right to freedom of expression and information;
to comply with an obligation under Union or Member State law that requires the controller to process personal data (such as processing in the context of invoicing, where the storage of the invoice is required by law) or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;
for the establishment, exercise or defence of legal claims (e.g. where the Controller has a claim against you and has not yet settled it, or in the course of dealing with a consumer complaint or a complaint about data processing).

Right to object

You have the right to object to the processing of your personal data based on legitimate interests at any time on grounds relating to your particular situation. In such a case, the Controller may no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such purposes, including profiling, where it is related to direct marketing. If you object to the processing of your personal data for direct marketing purposes, your personal data may no longer be processed for those purposes.

Right to portability

If the processing is automated or if the processing is based on your voluntary consent, you have the right to request the Data Controller to receive the data you have provided to the Data Controller, which the Data Controller will make available to you in xml, JSON or csv format, and if technically feasible, you may request that the Data Controller transfer the data in this format to another controller.

Automated decision-making

You have the right not to be subject to a decision based solely on automated processing (including profiling) that would have legal effects concerning you or similarly significantly affect you. In such cases, the controller must take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, including at least the right to obtain human intervention by the controller, to express his or her point of view and to object to the decision.

The above shall not apply where the decision:

necessary for the conclusion or performance of a contract between you and the controller;
it is permitted by Union or Member State law applicable to the controller which also lays down appropriate measures to protect your rights and freedoms and legitimate interests; or
is based on your explicit consent.
Registration in the data protection register
Under the provisions of the Data Protection Act, the Controller was required to notify certain of its processing to the Data Protection Register. This notification obligation ceased as of 25 May 2018.

Data security measures

The Controller declares that it has implemented appropriate security measures to protect personal data against unauthorised access, alteration, disclosure, transmission, disclosure, erasure or destruction, accidental destruction or accidental damage and inaccessibility resulting from changes in the technology used.

The Data Controller will make every effort to ensure that its Data Processors also take appropriate data security measures when working with your personal data, as far as organisational and technical feasibility allows.

Remedies

If you believe that the Data Controller has violated a legal provision on data processing or has failed to comply with a request, you may initiate an investigation procedure with the National Authority for Data Protection and Freedom of Information to stop the alleged unlawful processing (mailing address: 1363 Budapest, Pf. 9., e-mail: ugyfelszolgalat@naih.hu, telephone numbers: +36 (30) 683-5969 +36 (30) 549-6838; +36 (1) 391 1400).

You are also informed that in the event of a breach of the legal provisions governing data processing or if the Controller has not complied with any of your requests, you may bring a civil action against the Controller before a court.

Amendments to the Privacy Notice

The Data Controller reserves the right to amend this Privacy Notice in a way that does not affect the purpose and legal basis of the processing. By using the website after the amendment has entered into force, you accept the amended privacy notice.

If the Data Controller intends to carry out further processing of the collected data for purposes other than those for which they were collected, the Data Controller will inform you of the purposes of the processing and the information below prior to the further processing:

the duration of the storage of the personal data or, where this is not possible, the criteria for determining the duration; the right to request the Controller to access, rectify, erase or restrict the processing of personal data concerning you and, in the case of processing based on legitimate interest, to object to the processing of personal data and, in the case of processing based on consent or a contractual relationship, to request the right to data portability; in the case of processing based on consent, that you may withdraw your consent at any time, the right to lodge a complaint with a supervisory authority; whether the provision of the personal data is based on a legal or contractual obligation or is a precondition for the conclusion of a contract, whether you are under an obligation to provide the personal data and the possible consequences of not providing the data; the fact of automated decision-making (where such a process is used), including profiling, and, at least in these cases, clear information about the logic used and the significance and likely consequences for you of such processing.
The processing may only start after this, if the legal basis for the processing is consent, to which you must give your consent in addition to the information.