top of page

Privacy policy

Privacy Policy of https://www.hsglaser.hu/.

​

In short: We only collect and process personal data in accordance with the law and regulations. We do our utmost to keep your data secure. We will only transfer personal data to third parties with consent. We will provide information to anyone about the data we hold about them upon written request to sales@signdepot.eu.


Introduction Signdepot Europe Kft. 5100 Jászberény, Alkotás u. 4. (16-09-010080 Szolnok Court of Justice, Commercial Court) (hereinafter referred to as the "Service Provider", "Controller") is subject to the following information. Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information states that the data subject (in this case the user of the webshop/website/blog, hereinafter referred to as the "user") must be informed before the processing starts whether the processing is based on consent or whether it is mandatory. The data subject must be informed clearly and in detail of all the facts relating to the processing of his or her data, in particular the purposes and legal basis of the processing, the identity of the controller and processor and the duration of the processing, before the processing starts. The data subject shall be informed of the provisions of the Info tv. 5 (1) that personal data may be processed if

a. it is ordered by law or - on the basis of the authorisation of the law, within the scope specified therein, in the case of data that does not constitute special data or personal data in the criminal field - by decree of a local government for a purpose in the public interest,

b. it is strictly necessary for the performance of the controller's tasks as defined by law and the data subject has given his or her explicit consent to the processing of personal data,

c. in the absence of a), necessary and proportionate for the protection of the vital interests of the data subject or of another person or for the prevention or elimination of an imminent danger to life, limb or property of a person; or

(d) except as provided for in point (a), the personal data have been explicitly made public by the data subject and are necessary and proportionate for the purposes for which they are processed. The information shall also cover the rights and remedies of the data subject with regard to the processing. This privacy notice governs the processing of personal data on the following websites: https://www.hsglaser.hu/


Amendments to this notice will enter into force upon publication at the above address. We have also included a reference to the law behind each part of the notice.


Definitions (Article 4 of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation))

 

(1) "personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

(2) 'processing' means any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

(3) "restriction of processing" means the marking of stored personal data for the purpose of restricting their future processing;

(4) 'profiling' means any form of automated processing of personal data by which personal data are used to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict characteristics associated with the work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements of that natural person;

(5) 'pseudonymisation' means the processing of personal data in such a way that it is no longer possible to identify the natural person to whom the personal data relate without further information, provided that such further information is kept separately and technical and organisational measures are taken to ensure that no association with identified or identifiable natural persons is possible;

(6) 'filing system' means a set of personal data, structured in any way, whether centralised, decentralised or structured according to functional or geographical criteria, which is accessible on the basis of specified criteria;

(7) 'controller' means the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law;

(8) 'processor' means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of a controller;

(9) "recipient" means a natural or legal person, public authority, agency or any other body to whom or with which personal data are disclosed, whether or not a third party. Public authorities which may have access to personal data in the context of an individual investigation in accordance with Union or Member State law are not recipients; the processing of those data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;

(10) 'third party' means a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data;

(11) 'data subject's consent' means a freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she signifies, by a statement or by an act unambiguously expressing his or her consent, that he or she wishes to have personal data concerning him or her processed;

(12) 'personal data breach' means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed;

(13) 'genetic data' means any personal data relating to the inherited or acquired genetic characteristics of a natural person which contains specific information about the physiology or state of health of that person and which results primarily from the analysis of a biological sample taken from that natural person;

(14) 'biometric data' means any personal data relating to the physical, physiological or behavioural characteristics of a natural person obtained by means of specific technical procedures which allow or confirm the unique identification of a natural person, such as facial image or dactyloscopic data;

(15) 'health data' means personal data relating to the physical or mental health of a natural person, including data relating to the provision of health services to a natural person which contain information about the health of the natural person;

16. "Activity Centre": (a) in the case of a controller having establishments in more than one Member State, the place of its central administration within the Union, except that where decisions concerning the purposes and means of the processing of personal data are taken at another place of activity of the controller within the Union and the latter place of activity has competence to implement those decisions, the place of activity which takes those decisions shall be considered the centre of activity; (b) in the case of a processor having its place of business in more than one Member State, the place of its central administration within the Union or, where the processor does not have a central administration in the Union, the place of business of the processor within the Union where the main processing activities in relation to the activities carried out at the place of business of the processor take place, where the processor is subject to obligations under this Regulation;

(17) 'representative' means a natural or legal person established or resident in the Union and designated in writing by the controller or processor pursuant to Article 27 to represent the controller or processor in relation to the obligations incumbent on the controller or processor under this Regulation;

(18) 'undertaking' means any natural or legal person, regardless of its legal form, engaged in an economic activity, including partnerships or associations which regularly carry on an economic activity;

19) 'group of undertakings' means the controlling undertaking and the undertakings controlled by it;

(20) 'Binding Corporate Rules' means the rules on the protection of personal data followed by a controller or processor established in the territory of a Member State of the Union in one or more third countries in respect of the transfer or series of transfers of personal data by a controller or processor within the same group of undertakings or the same group of undertakings engaged in joint economic activities;

(21) 'supervisory authority' means an independent public authority established by a Member State in accordance with Article 51;

(22) 'supervisory authority concerned' means a supervisory authority which is concerned by the processing of personal data for one of the following reasons: (a) the controller or processor has an establishment in the territory of the Member State of that supervisory authority; (b) the processing substantially affects or is likely to substantially affect data subjects residing in the Member State of the supervisory authority; or (c) a complaint has been lodged with that supervisory authority;

(23) 'cross-border processing of personal data' means (a) the processing of personal data within the Union in the context of activities carried out by a controller or processor established in more than one Member State at sites of activity in more than one Member State; or (b) the processing of personal data within the Union in the context of activities carried out by a controller or processor at a single site of activity, which significantly affects or is likely to significantly affect data subjects in more than one Member State;

(24) 'relevant and reasoned objection' means an objection to a draft decision as to whether this Regulation has been infringed or whether the envisaged measure concerning the controller or processor is in compliance with the Regulation; the objection must clearly demonstrate the significance of the risks posed by the draft decision to the fundamental rights and freedoms of data subjects and, where applicable, to the free flow of personal data within the Union;

25) 'information society service' means a service within the meaning of Article 1(1)(b) of Directive (EU) 2015/1535 of the European Parliament and of the Council ( 1 );

(26) 'international organisation' means an organisation governed by public international law or its subsidiary bodies, or any other body which is established by or under an agreement between two or more countries.

 

Legal basis for data processing (Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information, § 5)

1. Personal data may be processed if

a) it is ordered by law or - on the basis of an authorisation granted by law, within the scope specified therein, in the case of data that are not considered special categories of data or personal data in the criminal field - by a decree of a local government for a purpose in the public interest,

(b) in the absence of the cases specified in point (a), it is strictly necessary for the performance of the controller's tasks as defined by law and the data subject has given his or her explicit consent to the processing of the personal data,

(c) necessary and proportionate, except as provided for in point (a), for the protection of the vital interests of the data subject or of another person or for the prevention or elimination of an imminent threat to the life, physical integrity or property of a person; or

(d) except as provided for in point (a), the personal data have been explicitly made public by the data subject and are necessary and proportionate for the purposes for which they are processed.

 

Lawfulness of the processing (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), Article 6)

___________________________________________________________________________ ________

 

The processing of personal data is lawful only if and to the extent that at least one of the following conditions is met:

(a) the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes;

(b) the processing is necessary for the performance of a contract to which the data subject is a party or is necessary for the purposes of taking steps at the request of the data subject prior to entering into a contract;

(c) processing is necessary for compliance with a legal obligation to which the controller is subject;

(d) processing is necessary for the protection of the vital interests of the data subject or of another natural person;

(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child. Point (f) of the first subparagraph shall not apply to the processing carried out by public authorities in the exercise of their functions.

 

Principles for the processing of personal data (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) Article 5 (1) Personal data:

(a) be processed lawfully and fairly and in a transparent manner for the data subject ("lawfulness, fairness and transparency");

(b) be collected only for specified, explicit and legitimate purposes and not processed in a way incompatible with those purposes; further processing for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes shall not be considered incompatible with the original purposes in accordance with Article 89(1) ('purpose limitation');

(c) they must be adequate, relevant and limited to what is necessary for the purposes for which they are processed ('data minimisation');

(d) be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that personal data which are inaccurate for the purposes for which they are processed are erased or rectified without undue delay ("accuracy");

(e) be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be kept for longer periods only if the personal data will be processed for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1), subject to the implementation of appropriate technical and organisational measures as provided for in this Regulation to safeguard the rights and freedoms of data subjects ('limited storage');

(f) processing must be carried out in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage ('integrity and confidentiality'), by implementing appropriate technical or organisational measures.

(2) The controller shall be responsible for compliance with paragraph (1) and shall be able to demonstrate such compliance ("accountability").

 

Information to be provided

1:

a) the fact of data collection,

b) the scope of the data subjects,

c) the purpose of the data collection,

(d) the duration of the data processing,

(e) the identity of the potential controllers who have access to the data,

(f) a description of the data subjects' rights in relation to the processing.

 

2. The fact of data collection, the scope of the data processed:

Website when requesting a quote:

Customer's email address

Name

Address

Tax number

Phone number

Username

 

3. Stakeholders:

All users registered on the website.

 

4. Purpose of data collection:

 

Website:

Email:

- marketing your target

- direct marketing

- periodic promotion target

- discounting is the goal

- registration target

- related services target

- webshop operation target

- sending newsletters target

- customer relationship target

Name (First name and/or surname, company name):

- marketing target

- direct marketing target

- Periodic promotion target

- discounting the objective

- registration target

- related services target

- webshop operation target

- sending newsletters target

- customer relationship target

Address (country, postal code, city, street, house number, floor/door)

- marketing the target

- direct marketing is the goal

- periodic promotion of the target

- discounting the target

- registration target

- related services target

- webshop operation target

- sending newsletters target

- relationship with a partner target

Tax number (can be linked to the person)

- marketing target

- direct marketing target

- periodic promotion target

- giveaway target

- registration target

- related services target

- webshop operation target

- sending newsletters target

- customer relationship target

Phone number

- marketing target

- direct marketing target

- periodic promotion target

- discounting the target

- registration target

- related services target

- webshop operation target

- sending newsletters target

- customer relationship target

User name:

- marketing target

- direct marketing target

- periodic promotion target

- discounting the target

- registration target

- related services target

- webshop operation target

- sending newsletters target

- customer relationship target

 

5. Duration of data processing, deadline for deletion of data: immediately upon cancellation of registration. Except in the case of accounting documents, since pursuant to Article 169 (2) of Act C of 2000 on Accounting, these data must be kept for 8 years. The accounting documents (including general ledger accounts, analytical or detailed records) directly and indirectly supporting the accounting accounts must be kept for at least 8 years in a legible form, retrievable by reference to the accounting records.

6. Potential data controllers who may have access to the data: personal data may be processed by the controller's staff, in compliance with the principles set out above.

7. Description of data subjects' rights in relation to data processing: the following data may be modified on the websites: E-mail address in webshop Customer's name in webshop Customer's account address in webshop Customer's tax number in webshop Customer's contact person in webshop Customer's telephone number delivery address in webshop Customer's bank account number in webshop E-mail address in webshop Name in webshop Address in webshop Tax number in webshop Telephone number in webshop Username in blog Other personal data The data subject can initiate the deletion or modification of personal data by the following means: - by post (5100 Jászberény, Alkotás u. 4.), - by e-mail sales@signdepot.eu e-mail address.

8. Legal basis for data processing: the User's consent, the Infotv. The service provider may process personal data that are technically indispensable for the provision of the service for the purpose of providing the service. The service provider must, other conditions being equal, choose and in any case operate the means used in the provision of the information society service in such a way that personal data are processed only if absolutely necessary for the provision of the service and for the fulfilment of the other purposes specified in this Act, but in this case only to the extent and for the duration necessary.

 

Data of the hosting provider (webshop) used for data management Name: ShopRenter.hu Kft Address: 4028 Debrecen, Kassai út 129 E-mail: info@shoprenter.hu Phone: +36-1 2345012 Contact details of the data management: https://www.shoprenter.hu/egyeb/adatvedelmi-nyilatkozat/ Data of the hosting provider (website) used for data management Name: ShopRenter. hu Kft Address: 4028 Debrecen, Kassai út 129 E-mail: info@shoprenter.hu Phone number: +36-1 2345012 Contact details of the data controller: https://www.shoprenter.hu/egyeb/adatvedelmi-nyilatkozat/ Data of the hosting provider (blog) used for data management Name: ShopRenter.hu Kft Address: 4028 Debrecen, Kassai út 129 E-mail: info@shoprenter.hu Phone number: +36-1/234-5012 Contact details of the data controller: https://www.shoprenter.hu/egyeb/adatvedelmi-nyilatkozat/

 

Data security and data subjects' rights (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

 

The processing of personal data must be lawful and fair. It should be transparent to natural persons how their personal data relating to them are collected, used, accessed or otherwise processed, and in what context the personal data are or will be processed. The principle of transparency requires that information and communication relating to the processing of personal data should be easily accessible and comprehensible and should be drafted in clear and plain language. This principle applies in particular to the information provided to data subjects on the identity of the controller and the purposes of the processing, as well as to further information to ensure fair and transparent processing of their personal data, and to the information that data subjects have the right to obtain confirmation and information about the data processed concerning them. The natural person should be informed of the risks, rules, safeguards and rights associated with the processing of personal data and how to exercise his or her rights in relation to the processing. In particular, the specific purposes of the processing of personal data must be explicitly stated and lawful and must be determined at the time of the collection of the personal data. The personal data must be adequate and relevant for the purposes for which they are processed and the scope of the data must be limited to the minimum necessary for that purpose. This requires in particular ensuring that the storage of personal data is limited to the shortest possible period of time. Personal data should be processed only if the purpose of the processing cannot be achieved by any other reasonable means. In order to ensure that the storage of personal data is limited to the necessary period, the controller shall set time limits for erasure or periodic review. All reasonable steps must be taken to correct or delete inaccurate personal data. Personal data shall be processed in a manner which ensures an adequate level of security and confidentiality, inter alia, in order to prevent unauthorised access to or use of personal data and the means used to process personal data. In order for the processing of personal data to be lawful, it should be based on the consent of the data subject or have another lawful basis laid down by law, whether in this Regulation or in other Union or Member State law as referred to in this Regulation, including the need to comply with legal obligations to which the controller is subject, the performance of any contract entered into by the data subject or the steps requested by the data subject to be taken prior to the conclusion of the contract.

 

Data transmission ___________________________________________________________________________

 

1.Pursuant to Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information, the following must be specified in the website/ data transfer activity: a) the fact of data collection, b) the data subjects, c) the purpose of data collection, d) the duration of data processing, e) the identity of the potential controllers entitled to access the data, f) the rights of the data subjects in relation to data processing.

 

2. The fact of processing, the scope of the data processed. a) The scope of the data transmitted for the purpose of delivery: delivery name, delivery address, telephone number, amount to be paid. b) The scope of the data transmitted for the purpose of online payment: billing name, billing address, amount to be paid.

 

3. Data subjects: all data subjects requesting home delivery/online shopping.

 

4. Purpose of data processing: to deliver the ordered product to your home / to carry out the online purchase.

 

5. Duration of data processing, time limit for deletion of data: until the delivery/online payment is completed.

 

6. Potential controllers of the data: the personal data may be processed by the following, in compliance with the principles set out above: the Service Provider, the Data Controller.

 

7. Description of the data subjects' rights in relation to data processing: the data subject may request the data controller of the door-to-door delivery/online payment service provider to erase his/her personal data as soon as possible.

 

8. Legal basis for the transfer of data: the User's consent. Data transferred to an external company: social media

- I use facebook: kamadoshop.hu Facebook privacy: https://www.facebook.com/privacy/explanation

-I use youtube: www.youtube.com/channel/UChRgdQf5lT2gVcvM0- d1KYA Youtube privacy: https://policies.google.com/privacy?hl=hu - I use google+: business.google.com/dashboard/l/03077441679893694752?hl=hu Youtube privacy: https://policies.google.com/privacy?hl=hu

 

1.Pursuant to Article 20 (1) of Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information, the following must be specified in the data transfer activities of the webshop/website/blog: a) the fact of data collection, b) the scope of data subjects, c) the purpose of data collection, d) the duration of data processing, e) the identity of the potential data controllers entitled to access the data, f) a description of the data subjects' rights in relation to data processing.

 

2. Fact of data collection, scope of data processed: the name of the user registered on the social networking sites listed above and the user's public profile picture.

 

3. Data subjects: all data subjects who have registered on Facebook, Youtube, Google+, social networking site(s) and have liked the website.

 

4. Purpose of data processing: to share or like certain content, products, promotions or the website itself on the social networking sites listed above.

 

5. Duration of data processing, the identity of the potential controllers entitled to access the data and the rights of the data subject in relation to data processing: the data subject can find out about the source of the data, the processing of the data and the method and legal basis of the transfer at the address(es) of the social networking site(s) listed above.

 

6. The data processing takes place on the social networking site(s) listed above, so the duration of the data processing, the method of data processing and the possibility to delete and modify the data are governed by the rules of the social networking sites.

 

7. Legal basis for processing: the data subject's voluntary consent to the processing of his or her personal data on the social networking site(s) listed above. External online biller.

-Name: szamlazz.hu, Tharanis.hu

-Data provided: tax number e-mail address shipping address (company)name, address (country, city, street, number of house, floor, door) phone number

External mail order company. Data transmitted for the purpose of punctual delivery: postal address, email, telephone number

- Name: GLS Courier Privacy Policy: https://gls-group.com/HU/hu/adatkezelesi-tajekoztato External online payment. For online payment purposes.

- OTP Privacy Policy: https://www.otpbank.hu/portal/hu/adatvedelem

Data transmitted to an external company: Google

- Google Adsense: I use it as a display

- Google Adsense: I use it as an advertiser

- Google Adwords: I use it as an advertiser

The shop/website/blog uses Google Adwords remarketing tracking codes. Remarketing is a feature that allows the webshop/website/blog to display relevant ads to users who have previously visited the site while browsing other sites in the Google Display Network. The remarketing code uses cookies to tag visitors. Users who visit the website can disable these cookies and other information about Goggle's privacy practices at http://www.google.hu/policies/technologies/ads/ and https://support.google.com/analytics/answer/2700409.

If users disable remarketing cookies, they will not receive personalised offers from the webshop/website/blog.

- google analytics

The Service Provider measures the traffic data of the webshop/website/blog by using Google Analytics. Data will be transmitted when using this service. The data transmitted cannot be used to identify the data subject. More information about Google's privacy policy can be found here: http://www.google.hu/policies/privacy/ads/

- google_remarketing_utility

Remarketing purpose:

Tracking abandoned shoppers

Reminder blog remarketing

Facebook

- For advertising purposes

​

The aim of remarketing:

Facebook

cart abandoners

Webshop/ website/ blog facebooks remarketing reminder

website reminder remarketing

 

I use an external mailer My external provider: mailchimp.com https://mailchimp.com/legal/privacy/

 

Sending newsletters (Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activity, § 6)

__________________________________________________________________________

 

(1) Unless otherwise provided by a special law, advertising may be communicated by means of direct solicitation of natural persons as the addressee of the advertising (hereinafter referred to as "direct marketing"), in particular by electronic mail or by other equivalent means of individual communication, with the exception of the provisions of paragraph (4), only if the addressee of the advertising has given his or her prior, clear and express consent.

(2) * A statement of consent may be given by any means which includes the name of the person who gives it and, where the advertising to which the consent relates is intended for persons of a specified age only, the date and place of birth, the categories of personal data to which the person concerned consents and the fact that the consent is given voluntarily and has been duly informed.

(3) A declaration of consent pursuant to paragraph (1) may be withdrawn at any time, without restriction and without giving reasons, and free of charge. In this case, the name and all other personal data of the declarant shall be deleted from the register provided for in paragraph 5 without delay and no further advertising as referred to in paragraph 1 may be communicated to him/her.

(4) * Addressed advertising mail may be sent to a natural person as the recipient of the advertising by direct marketing without the prior and express consent of the recipient, but the advertiser and the advertising service provider shall ensure that the recipient of the advertising may at any time prohibit the sending of the advertising free of charge and without restriction. In the event of such a prohibition, no further direct marketing of advertising may be sent to the person concerned.

(5) The advertiser, the advertising service provider or the publisher of the advertisement shall keep a record of the personal data of the persons who have given their consent within the scope of the consent provided for in paragraph (1). The data recorded in this register relating to the recipient of the advertising may be processed only in accordance with the consent given in the consent form, until it is withdrawn, and may be disclosed to third parties only with the prior consent of the person concerned.

(6) It shall be possible to make a withdrawal declaration pursuant to paragraph (3) or to prohibit the sending of advertising pursuant to paragraph (4) both by post and by electronic mail in such a way that the person making the declaration can be clearly identified.

(7) * In connection with advertising communicated in the manner provided for in paragraphs (1) and (4), the addressee shall be clearly and conspicuously informed of the address and other contact details where he may request the withdrawal of his consent to the communication of such advertising to him or to the non-dissemination of such advertising and, in the case referred to in paragraph (4), for this purpose, to the same addressee in the interest of the same advertiser in 2009. The first advertising mailing sent to the same advertiser after 1 October 2009 for the same advertiser for the same purpose shall include a reply letter allowing the cancellation, addressed by post, sent free of charge and registered post and delivered by certified mail.

(8) A direct request for consent pursuant to paragraph (1) shall not contain advertising, other than the name and designation of the undertaking.

(9) * For the purposes of this section, a direct mail item is a mail item containing only advertising, commercial or promotional material - sent to at least 500 addressees at any one time and containing the same content, except for the name, address of the addressee and information which does not change the nature of the message - as defined in the Postal Services Act, but not specifically named therein.

 

Management of cookies and cookie management (EUROPEAN PARLIAMENT AND COUNCIL 2016. REGULATION (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) By using the website/webshop, the person acknowledges that: natural persons may be associated with online identifiers provided by the devices, applications, tools and protocols they use, such as IP addresses and cookie identifiers, as well as other identifiers, such as radio frequency identification tags. This can generate traces that, when combined with unique identifiers and other information received by servers, can be used to create a personal profile of an individual and identify that individual.

 

Remedies(REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) Article 79

(1) Without prejudice to the administrative or non-judicial remedies available, including the right to lodge a complaint with a supervisory authority pursuant to Article 77, any data subject shall have an effective judicial remedy if he or she considers that his or her rights under this Regulation have been infringed as a result of the processing of his or her personal data not in accordance with this Regulation. (2) Proceedings against a controller or processor shall be brought before the courts of the Member State in which the controller or processor is established. Such proceedings may also be brought before the courts of the Member State in which the data subject has his or her habitual residence, unless the controller or processor is a public authority of a Member State acting in its exercise of official authority. In case of a possible infringement, a complaint may be lodged with the National Authority for Data Protection and Freedom of Information: National Authority for Data Protection and Freedom of Information 1125 Budapest, Szilágyi Erzsébet fasor 22/C. Postal address: 1530 Budapest, P.O. Box 5 Phone: +36 -1-391-1400 Fax: +36-1-391-1410 E-mail: ugyfelszolgalat@naih.hu

 

The right to compensation(REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) Article 82

 

(1) Any person who has suffered pecuniary or non-pecuniary damage as a result of an infringement of this Regulation shall be entitled to receive compensation from the controller or processor for the damage suffered.

(2) Any controller involved in the processing shall be liable for any damage caused by processing in breach of this Regulation. A processor shall only be liable for damage caused by processing if it has failed to comply with the obligations expressly imposed on processors by this Regulation or if it has disregarded or acted contrary to lawful instructions from the controller.

(3) The controller or processor shall be exempted from liability under paragraph 2 of this Article if it proves that it is not in any way responsible for the event giving rise to the damage.

(4) Where several controllers or several processors, or both controller and processor, are involved in the same processing and are liable for the damage caused by the processing pursuant to paragraphs 2 and 3, each controller or processor shall be jointly and severally liable for the entire damage in order to ensure that the data subject is effectively compensated.

(5) Where a controller or processor has paid full compensation for the damage suffered in accordance with paragraph 4, it shall be entitled to recover from the other controllers or processors involved in the same processing that part of the compensation corresponding to the extent of their liability for the damage under the conditions laid down in paragraph 2.

(6. Legal proceedings for the enforcement of the right to compensation shall be brought before the court competent under the law of the Member State referred to in Article 79(2). References:

__________________________________________________________________

 

In preparing this information, we have taken into account the following legislation: - Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: Infotv.) - Act CVIII of 2001 on certain issues of electronic commerce services and information society services (in particular Act 13/A. §-Act XLVII of 2008 on the Prohibition of Unfair Commercial Practices against Consumers; - Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions on Commercial Advertising (in particular Act XLVIII No. §-Act XC of 2005 on freedom of electronic information - Act C of 2003 on electronic communications (specifically § 155) - Opinion No 16/2011 on the EASA/IAB Recommendation on best practice in behavioural online advertising - REGULATION (EU) No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation)

bottom of page