Privacy notice

We only collect and process personal data in accordance with the law and regulations.
We do our best to keep your data secure.
We only transfer personal data to third parties with consent.
We will provide anyone with information about the data we hold about them on written request: orientalcarpetshop52@gmail.com
You can request the deletion or modification of your personal data at this address: orientalcarpetshop52@gmail.com

Introduction
Keleti Szőnyegek Galériája Kft. 1056 Budapest Váci street 52. ground floor 1-2 (01-09-563849 Capital: Metropolitan Court of Budapest) (hereinafter referred to as the “Service Provider”, “Data Controller”) hereby submits to the following information.
This information is subject to the provisions of the Freedom of Information Act of 2011 on the Right of Informational Self-Determination and Freedom of Information. CXII Act that the data subject (in this case the webshop/blog user, hereinafter referred to as the user) must be informed before the processing starts whether the processing is based on consent or whether it is mandatory. Before the processing starts, the data subject must be informed clearly and in detail of all the facts relating to the processing of his or her data, in particular the purposes and legal basis of the processing, the identity of the controller and processor and the duration of the processing. The data subject must also be informed pursuant to 5. paragraph (1) of the Info Act that personal data may be processed if.

a. if the processing is ordered by law or – on the basis of an authorisation granted by law, within the scope specified therein, in the case of data that are not considered special data or personal data for criminal matters – by a local government decree for a purpose in the public interest,
b. if it is strictly necessary for the performance of the controller’s tasks as defined by law and the data subject has given his or her explicit consent to the processing of the personal data,
c. except as provided for in point (a), it is necessary and proportionate for the protection of the vital interests of the data subject or of another person or for the prevention or elimination of an imminent threat to the life, physical integrity or property of a person, or
d. in the absence of point a), the personal data have been explicitly disclosed by the data subject and the disclosure is necessary and proportionate for the purposes of the processing.

The information should also cover the rights and remedies of the data subject in relation to the processing.

This privacy notice governs the processing of the following websites:
https://orientalcarpetshop.com
https://orientalcarpetshop.com

Amendments to the Prospectus will enter into force upon publication at the above address. We have also included a legal reference behind each part of the leaflet.

Definitions (REGULATION (EU) No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) Article 4)

1. ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

2. „processing” means any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

3. „restriction of processing”: the marking of stored personal data for the purpose of restricting their future processing;

4. „profiling” means any form of automated processing of personal data by which personal data are used to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict characteristics associated with that person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

5. “pseudonymisation” means the processing of personal data in such a way that it is no longer possible to identify the natural person to whom the personal data relate without further information, provided that such further information is kept separately and technical and organisational measures are taken to ensure that no natural person who is identified or identifiable can be linked to that personal data;

6. „filing system” means a set of personal data, structured in any way, whether centralised, decentralised or structured according to functional or geographical criteria, which is accessible on the basis of specified criteria;

7. “controller” means the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller
may also be determined by Union or Member State law;

8. „processor” means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;

9. „recipient” means a natural or legal person, public authority, agency or any other body to whom or with which personal data is disclosed, whether or not a third party. Public authorities which may have access to personal data in the context of an individual investigation in accordance with Union or Member State law are not recipients; the processing of those data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;

10. „third party”: a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons to whom the processing of personal data is delegated under the direct authority of the controller or processor;

11. „data subject’s consent” means a freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she signifies, by a statement or by an act expressing his or her unambiguous consent, that he or she signifies his or her agreement to the processing of personal data concerning him or her;

12. „data breach” means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

13. „genetic data” means any personal data relating to the inherited or acquired genetic characteristics of a natural person which contains specific information about the physiology or state of health of that person and which results primarily from the analysis of a biological sample taken from that natural person;

14. „biometric data” means any personal data relating to the physical, physiological or behavioural characteristics of a natural person obtained by means of specific technical procedures which allow or confirm the unique identification of a natural person, such as facial image or dactyloscopic data;

15. „health data” means personal data concerning the physical or mental health of a natural person, including data relating to the provision of health services to a natural person which contain information about the health of that natural person;

16. „activity centre”:
a) in the case of a controller established in more than one Member State, the place of its central administration within the Union, but where decisions concerning the purposes and means of the processing of personal data are taken in another place of activity of the controller within the Union and the latter place of activity is competent to implement those decisions, the place of activity which took those decisions shall be considered the centre of activity;
b) in the case of a processor established in more than one Member State, the place of its central administration within the Union or, if the processor does not have a central administration in the Union, the place of the processor’s establishment within the Union where the main processing activities in relation to the activities carried out at the processor’s place of establishment take place, where the processor is subject to obligations under this Regulation;

17. „representative” means a natural or legal person established or resident in the Union and designated in writing by the controller or processor pursuant to Article 27 to represent the controller or processor in relation to the obligations incumbent on the controller or processor under this Regulation;

18. „company” means any natural or legal person carrying on an economic activity, regardless of its legal form, including partnerships or associations carrying on a regular economic activity;

19. „group of companies” means the controlling company and the companies it controls;

20. “Binding corporate rules” means the rules on the protection of personal data followed by a controller or processor established in the territory of a Member State of the Union in one or more third countries in relation to the transfer or series of transfers of personal data by a controller or processor within the same group of undertakings or the same group of undertakings engaged in a joint economic activity;

21. „supervisory authority” means an independent public authority established by a Member State in accordance with Article 51;

22. „supervisory authority involved” means a supervisory authority which is involved in the processing of personal data for one of the following reasons:
a) the controller or processor is established in the Member State of that supervisory authority;
b) the processing significantly affects or is likely to significantly affect data subjects residing in the Member State of the supervisory authority; or
c) have lodged a complaint with that supervisory authority;

23. „cross-border processing of personal data”:
a) processing of personal data in the Union which takes place in the context of activities carried out by a controller or processor established in more than one Member State in several places of activity in several Member States; or
b) processing of personal data in the Union which takes place in the context of activities carried out by a controller or processor in a single place of activity and which significantly affects or is likely to significantly affect data subjects in more than one Member State;

24. ‘relevant and reasoned objection’ means an objection to a draft decision, raised with regard to whether this Regulation has been infringed or whether the envisaged measure concerning the controller or processor is in compliance with this Regulation; the objection must clearly demonstrate the significance of the risks posed by the draft decision to the fundamental rights and freedoms of data subjects and, where applicable, to the free flow of personal data within the Union;

25. „information society service’ means a service within the meaning of Article 1(1)(b) of Directive (EU) 2015/1535 of the European Parliament and of the Council ( 1 );

26. „international organisation” means an organisation governed by public international law, or its subsidiary organs, or any other body which is established by or under an agreement between two or more States.

Legal basis for data processing (Act CXII CXII Act on Informational Self-Determination and Freedom of Information, § 5)

1. Personal data may be processed if
a) the processing is ordered by law or – on the basis of an authorisation granted by law, within the scope specified therein, in the case of data that are not considered special data or personal data for criminal purposes – by a local government decree for a purpose in the public interest,
b) in the absence of the cases set out in point (a), it is strictly necessary for the performance of the controller’s tasks as defined by law and the data subject has given his or her explicit consent to the processing of the personal data,
c) failing the cases set out in point (a), it is necessary and proportionate for the protection of the vital interests of the data subject or of another person, or for the prevention or elimination of an imminent threat to the life, physical integrity or property of a person, or
d) in the absence of the conditions set out in point (a), the personal data have been explicitly disclosed by the data subject and the disclosure is necessary and proportionate for the purpose of the processing.

Lawfulness of data processing (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), No. 6 article
________________________________________________________________
___________________________________________
The processing of personal data is lawful only if and insofar as at least one of the following conditions is met:

a) the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes;
b) the processing is necessary for the performance of a contract to which the data subject is a party or is necessary for the purposes of taking steps at the request of the data subject prior to entering into a contract;
c) the processing is necessary for compliance with a legal obligation to which the controller is subject;
d) the processing is necessary for the protection of the vital interests of the data subject or of another natural person;
e) the processing is necessary for the protection of the vital interests of the data subject or of another natural person;
f) the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.

Point (f) of the first subparagraph shall not apply to the processing of data by public authorities in the exercise of their functions.

Principles for the processing of personal data (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) article 79

(1) The personal data:

a) must be processed lawfully and fairly and in a transparent manner („lawfulness, fairness and transparency”);
b) Personal data must: be collected only for specified, explicit and legitimate purposes and not be processed in a way incompatible with those purposes; further processing for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes („purpose limitation”) in accordance with Article 89(1) is not considered incompatible with the original purpose;
c) must be adequate, relevant and limited to what is necessary for the purposes for which they are processed („data minimisation”);
d) must be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that personal data which are inaccurate for the purposes of the processing are erased or rectified without undue delay („accuracy”);
e) must be stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods only if the personal data will be processed for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes in accordance with Article 89(1), subject to the implementation of appropriate technical and organisational measures as provided for in this Regulation to safeguard the rights and freedoms of data subjects („limited storage”);
f) must be processed in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage („integrity and confidentiality”), by implementing appropriate technical or organisational measures.

(2)The controller is responsible for compliance with paragraph (1) and must be able to demonstrate such compliance („accountability”).

The information to be provided

1. Pursuant to Act CXII of 2011 CXII Act on the Right to Informational Self-Determination and Freedom of Information, the following must be specified for the operation of the webshop/blog/website:

a) the fact of data collection,
b) the range of people affected,
c) the purpose of the data collection,
d) the duration of data processing,
e) the identity of the potential controllers who have access to the data,
f) the description of data subjects’ rights in relation to data processing.

2. The fact of data collection, the scope of the data processed:

Webshop:

– Customer’s email address
– Customer name
– Customer’s email address
– Orderer’s tax number
– Name of contact person
– Customer’s telephone number
– Customer’s delivery address
– When the customer is at home
– Customer’s bank account number

At the blog:

– Customer’s email address
– Name
– Address
– Marital status
– Phone number
– Username

3. Data subjects: all users registered on the webshop/blog.

4. The purpose of the data collection:

On the webshop:

Email:

• Marketing
• direct marketing
• webshop operation is the objective
• to send the newsletter is the objective
• The database building is the objective
• unofficial stat is the objective
• mandatory data processing is the objective
• customer relation is the objective
• periodic promotion
• prize game
• survey is the objective
• loyalty program is the objective
• to give a discount is the objective
• satisfaction measurement is the objective
• registration is the objective
• related services is the objective

Name of the customer (company):

• marketing the target
• direct marketing is the goal
• webshop operation the target
• newsletter distribution target
• database building target
• informal stat the target
• mandatory data processing
• customer relationship purpose
• periodic promotion
• sweepstakes purpose
• survey purpose
• loyalty programme target
• discount giveaway target
• satisfaction measurement target
• registration target
• related services target

Customer’s account address:

Customer’s tax number:

Name of the customer’s contact person:

• Marketing the target
• direct marketing is the goal
• webshop operation the target
• newsletter distribution target
• database building target
• informal stat the target
• mandatory data processing
• customer relationship purpose
• periodic promotion
• sweepstakes purpose
• survey purpose
• loyalty programme target
• discount giveaway target
• satisfaction measurement target
• registration target
• related services target

Customer’s telephone number:

Customer’s delivery address:

When the customer is at the address:
• customer contact is the objective

Customer’s bank account number:
• customer contact is the objective

On the blog:

Email:

• marketing is the objective
• direct marketing is the objective
• webshop operation is the objective
• to send the newsletter is the objective
• database building is the objective
• insurance broker in the objective
• unofficial stat is the objective
• mandatory data processing is the objective
• customer relation is the objective
• periodic promotion is the objective
• prize game is the objective
• survey is the objective
• loyalty programme is the objective
• to give a discount is the objective
• satisfaction measurement is the objective
• registration is the objective
• related services is the objective

Name (First name and/or surname, company name):

Address (country, postal code, city, street, house number, floor/door):

Marital status:

Telephone number:

5. Duration of processing, deadline for deletion of data: immediately upon cancellation of registration. Except in the case of accounting documents, since according to Article 169 (2) of Act C of 2000 on Accounting, these data must be kept for 8 years.

Accounting documents (including general ledger accounts, analytical or detailed records) directly and indirectly supporting the accounting accounts must be kept for at least 8 years in a legible form, retrievable by reference to the accounting records.

6. The identity of the potential controllers entitled to access the data: Personal data may be processed by the staff of the controller, in compliance with the above principles.

7. Description of data subjects’ rights in relation to data processing: The following data can be modified on the websites:

• E-mail address
• in webshop Orderer’s name
• in webshop Orderer’s account address
• in webshop Orderer’s tax number
• in webshop Orderer’s contact
• in webshop Orderer’s phone number
• delivery address
• in webshop Orderer’s time of arrival
• in blog e-mail address
• in blog name
• in blog address
• in blog phone number

The data subject may request the deletion or modification of personal data in the following ways:

• by post (1056 Budapest Váci street 52. ground floor 1-2),
• by e-mail orientalcarpetshop52@gmail.com e-mail address.

8. Legal basis for data processing: the User’s consent, the Infotv. 5. Article 5(1) of the Act on Electronic Commerce Services and Certain Aspects of Information Society Services of 2001 CVIII Act Article 13/A(3) of the Act on Electronic Commerce Services and Certain Aspects of Information Society Services of 2001 (hereinafter: Elker Act):

The provider may process personal data that are technically necessary for the provision of the service. The provider must, other things being equal, choose and in any case operate the means used to provide the information society service in such a way that personal data are processed only to the extent strictly necessary for the provision of the service and for the fulfilment of the other purposes laid down in this Act, but only to the extent and for the duration necessary.

Data of the hosting provider (webshop) used for data management:

Name: DOTROLL KFT.

Address: 1148 Budapest, Fogarasi street 3-5.

E-mail: support@dotroll.com

Telephone number: +36-1-432-3232

The availability of data management: https://dotroll.com/adatkezelesi-szabalyzat_dotroll.pdf

Security of processing and data subjects’ rights (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

The processing of personal data must be lawful and fair. It should be transparent to natural persons how their personal data relating to them are collected, used, accessed or otherwise processed, and in what context the personal data are or will be processed. The principle of transparency requires that any information or communication relating to the processing of personal data should be easily accessible and easy to understand, and that it should be drafted in clear and plain language. This principle applies in particular to the provision of information to data subjects about the identity of the controller and the purposes of the processing, as well as to the provision of additional information to ensure fair and transparent processing of their personal data, and to the provision of information that data subjects have the right to obtain confirmation and information about the data processed concerning them. The natural person must be informed of the risks, rules, safeguards and rights associated with the processing of personal data and how to exercise his or her rights in relation to the processing. The specific purposes of the personal data processing must, in particular, be explicitly stated and lawful and must be specified at the time of the collection of the personal data. The personal data must be adequate and relevant for the purposes for which they are processed and the scope of the data must be limited to the minimum necessary for that purpose. This requires in particular ensuring that the storage of personal data is limited to the shortest possible period. Personal data may only be processed if the purpose of the processing cannot reasonably be achieved by other means. In order to ensure that the storage of personal data is limited to the necessary period, the controller shall set time limits for erasure or periodic review. All reasonable steps must be taken to correct or delete inaccurate personal data. Personal data must be processed in a manner that ensures an adequate level of security and confidentiality, inter alia, in order to prevent unauthorised access to or use of personal data and the means used to process personal data. In order for the processing of personal data to be lawful, it must be based on the consent of the data subject or have another lawful basis laid down by law, whether in this Regulation or in other Union or Member State law as referred to in this Regulation, including the need to comply with legal obligations to which the controller is subject, the performance of any contract entered into by the data subject or the steps requested by the data subject to be taken prior to the conclusion of the contract.

Data transmission
__________________________________________
__________________________________________
___
1. Pursuant to Act CXII of 2011 CXII Act Right of Informational Self-Determination and Freedom of Information, the following must be defined in the scope of the website/ data transmission activity:

2. The fact of processing, the scope of the data processed.

a) The data transferred in order to carry out the delivery: delivery name, delivery address, telephone number, amount to be paid.
b) The data transmitted for the purpose of online payment: billing name, billing address, amount to be paid.

3. Scope of the concerned parties: All those requesting home delivery/online purchase are concerned.
4. Purpose of data processing: Delivering the ordered product to your home/managing the online purchase.
5. Duration of data processing, deadline for deletion of data: It takes until the delivery/online payment is processed.
6. Identity of potential data controllers entitled to access the data: Personal data may be processed by the following, in compliance with the above principles: Service provider, data controller.
7. Description of data subjects’ rights in relation to data processing: The data subject may request the data controller of the door-to-door delivery/online payment service provider to delete his/her personal data as soon as possible.
8. Legal basis for the transfer of data: the User’s consent.

Data provided to an external company:

Social media
• I use Facebook: https://www.facebook.com/keleti.szonyeg
Facebook privacy: https://www.facebook.com/privacy/explanation

• I use pinterest: https://hu.pinterest.com/antiquecarpet/
Pinterest privacy: https://policy.pinterest.com/hu/privacy-policy

• I use Instagram: https://www.instagram.com/keleti52/
Instagram privacy: https://help.instagram.com/155833707900388

1. Pursuant to Act CXII of 2011 CXII Act Right of Informational Self-Determination and Freedom of Information, the following shall be defined in the scope of the webshop/blog’s data transfer activities:

2. Fact of data collection, scope of data processed: the name registered on the social networking sites listed above or the user’s public profile picture.
3. Scope of the concerned parties: All data subjects who have registered on Facebook, Pinterest, Instagram, social networking site(s) and liked the website.
4. Purpose of processing: to share or like certain content, products, promotions or the website itself on the social networking sites listed above.
5. The duration of the processing, the identity of the potential controllers and the rights of the data subjects with regard to the processing: The data subject may obtain information on the source of the data, the processing thereof and the method and legal basis of the transfer at the address(es) of the above-mentioned social networking site(s).
6. The data processing takes place on the above-mentioned social networking site(s), so the duration of the data processing, the method of data processing and the possibilities for deletion and modification of the data are governed by the rules of the social networking sites.
7. Legal basis of data processing: the data subject’s voluntary consent to the processing of his or her personal data on the above-mentioned social networking site(s).

External online biller.

• Name: Ügyvitel Net Számlázó – http://www.ugyvitel.net/

Data provided:

• tax number
• e-mail address
• delivery address
• (company)name,
• address (country, city, street, house number, floor, door)

External parcel delivery.
Data provided for accurate delivery:
postal address, email, phone number

• Name: Dpd Courier Service
Data privacy::
https://www.dpd.com/hu/home/siteutilities/adatvedelmi_nyilatkozat2

External online payment.

For online payment.

• SimplePay privacy policy: https://simplepay.hu/adatkezelesi-tajekoztatok/

Data provided to an external company:

Google
• Google Adsense: using it as a displayer
• Google Adsense: using it as an advertiser
• Google Adwords: using it as an advertiser

The webshop/blog uses Google Adwords remarketing tracking codes. Remarketing is a feature that allows the webshop/blog to display relevant ads to users who have previously visited the site while browsing other sites in the Google Display Network. The remarketing code uses cookies to tag visitors. Users visiting the website can disable these cookies and find other information about Goggle’s privacy practices at the following addresses:

http://www.google.hu/policies/technologies/ads/ and https://support.google.com/analytics/answer/270040

9. If users disable remarketing cookies, they will not receive personalised offers from the webshop/blog.
• google analytics the Service Provider measures the traffic data of the webshop/blog by using the Google Analytics service. During the use of the service, data is transferred. The data transferred are not suitable to identify the data subject. More information about Google’s privacy policy can be found below:

http://www.google.hu/policies/privacy/ads/

• google_remarketing_user

The aim of remarketing is:

• Tracking basket abandoners
• Reminder web store remarketing
• Reminder about website remarketing
• Reminder blog remarketing

Facebook

• For the purpose of advertisements

The aim of remarketing is:

• Facebook basket abandoners
• webshop/ blog facebook remarketing reminder
• website reminder remarketing
• blog reminder remarketing

Newsletter sender

1. I use an internal newsletter sender

My internal service provider:

DotRoll Kft.

1148 Budapest, Fogarasi street 3-5.

https://dotroll.com/adatkezelesi-szabalyzat_dotroll.pdf

Sending newsletters (Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activity, § 6)
________________________________________
__________________________________
(1) Unless otherwise provided by a special law, advertising may be communicated by means of a direct approach to a natural person as the addressee of the advertising (hereinafter referred to as “direct marketing”), in particular by electronic mail or by any other equivalent means of individual communication, with the exception of the communication provided for in paragraph 4, only if the addressee of the advertising has given his or her prior, clear and express consent.
(2) * Consent may be given by any means which includes the name and, where the advertising to which the consent relates is restricted to persons of a certain age, the date and place of birth of the person making the declaration, the categories of personal data to which the personal data subject consents, and the fact that the consent is voluntary and informed.
(3) The declaration of consent under paragraph 1 may be withdrawn at any time, without restriction and without giving any reason, and free of charge. In that case, the name and all other personal data of the declarant shall be deleted from the register provided for in paragraph 5 without delay and no further advertising as provided for in paragraph 1 shall be communicated to him or her.
(4) * Addressed direct mail may be sent to a natural person as the addressee of the advertisement for direct marketing purposes without the prior and express consent of the addressee, but the advertiser and the advertising service provider must ensure that the addressee of the advertisement may at any time prohibit the sending of the advertisement free of charge and without restriction. In the event of a banning order, the person concerned may no longer be sent advertising by direct marketing.
(5) The advertiser, the advertising service provider or the publisher of the advertisement shall keep a record of the personal data of the persons who have given their consent within the scope of the consent provided for in paragraph 1. The data recorded in this system – relating to the recipient of the advertising – may be processed only in accordance with the consent form, until it is withdrawn, and may be disclosed to third parties only with the prior consent of the person concerned.
(6) The possibility to make a withdrawal declaration pursuant to paragraph 3 or to prohibit the sending of the advertisement pursuant to paragraph 4 shall be provided both by post and by electronic mail in such a way that the person making the declaration can be clearly identified.
(7) * Advertising communicated in the manner specified in paragraphs (1) or (4) shall be accompanied by clear and prominent information informing the addressee of the address and other contact details where he or she may request the withdrawal of his or her consent to the communication of such advertising or the prohibition of its communication to him or her and, in the case referred to in paragraph (4) – to this end, the first advertising mailing sent to the same addressee on behalf of the same advertiser after 1 October 2009 shall include a reply letter allowing the cancellation, addressed by post, posted and registered, and delivered by any means which can be certified as such.
(8) A direct request for consent pursuant to paragraph 1 shall not contain any advertising, other than the name and designation of the undertaking.
(9) * For the purposes of this §, a direct mail advertising item is a mailing containing only advertising, marketing or promotional material – sent to at least 500 addressees at a time, with the same content, except for the name, address of the addressee and information that does not change the nature of the message – as defined in the Postal Services Act, but not specifically named therein.

Management of cookies (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

By using the website/webshop, the person acknowledges the following:

Natural persons can be associated with online identifiers provided by the devices, applications, tools and protocols they use, such as IP addresses and cookie identifiers, as well as other identifiers, such as radio frequency identification tags. This can generate traces that, when combined with unique identifiers and other information received by the servers, can be used to create a personal profile of the individual and identify that person.

Remedies(REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) article 79

(1) Without prejudice to the administrative or non-judicial remedies available, including the right to lodge a complaint with a supervisory authority under Article 77, any data subject shall have an effective judicial remedy if he or she considers that his or her rights under this Regulation have been infringed as a result of the processing of his or her personal data not in accordance with this Regulation
(2) Proceedings against the controller or processor shall be brought before the courts of the Member State in which the controller or processor is established. Such proceedings may also be brought before the courts of the Member State in which the data subject has his or her habitual residence, unless the controller or processor is a public authority of a Member State acting in its exercise of official authority.

In case of a possible infringement, you can lodge a complaint with the National Authority for Data Protection and Freedom of Information:

National Authority for Data Protection and Freedom of Information
1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Postal address: 1530 Budapest, P.O. box: 5.
Phone: +36 -1-391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu

Right to compensation(REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) 82. article 79

(1) Any person who has suffered pecuniary or non-pecuniary damage as a result of a breach of this Regulation shall be entitled to receive compensation from the controller or processor for the damage suffered.
(2) Each controller involved in the processing shall be liable for any damage caused by processing in breach of this Regulation. A processor shall be liable for damage caused by the processing only if it has failed to comply with the obligations expressly imposed on processors by this Regulation or if it has disregarded or acted contrary to lawful instructions from the controller.
(3) The controller or processor shall be exempt from liability under paragraph 2 of this Article if the controller or processor proves that he or she is not in any way responsible for the event which caused the damage.
(4) Where more than one controller or more than one processor or both controller and processor are involved in the same processing and are liable for the damage caused by the processing pursuant to paragraphs 2 and 3, each controller or processor shall be jointly and severally liable for the entire damage in order to ensure that the data subject is effectively compensated.
(5) Where a controller or processor has paid full compensation for the damage suffered in accordance with paragraph 4, it shall be entitled to recover from the other controllers or processors involved in the same processing that part of the compensation corresponding to the extent of their liability for the damage under the conditions laid down in paragraph 2.
(6) Legal proceedings to enforce the right to compensation shall be brought before the court having jurisdiction under the law of the Member State referred to in Article 79(2).

References:
________________________________________
__________________________
The preparation of this information has taken into account the following legislation:

• 2011 Act CXII law – on the Right to Informational Self-Determination and Freedom of Information (hereinafter: Infotv.)
• 2001. Act CVIII law – on certain aspects of electronic commerce services and information society services (in particular § 13/A)
• 2008. Act XLVII law – on prohibiting unfair business-to-consumer commercial practices;
• 2008. Act XLVIII law – on the basic conditions and certain restrictions on commercial advertising (in particular § 6)
• 2005. Act XC law on electronic freedom of information
• Act C of 2003 on Electronic Communications (specifically § 155)
• 16/2011. Draft opinion on the EASA/IAB Recommendation on best practice for behavioural online advertising
• REGULATION (EU) No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation)

Cookie policy