Privacy policy.

Information on data processing and data protection

1. INTRODUCTION:
We inform you that Unix Autó Kft., as the person responsible, processes personal data during the operation of the web shop it operates https://autoaz.de/ and the informative website (hereinafter: “ website” ) natural persons who visit the website, register there and make a purchase there are processed as data subjects (hereinafter: “data subjects”). The controller provides the information contained in this notice regarding the processing of personal data of data subjects in accordance with Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (hereinafter: “GDPR”).
2. CONTACT DETAILS OF THE RESPONSIBLE PERSON AND HIS REPRESENTATIVE:The Responsible Person:Name: Unix Autó és Alkatrészészkereskedelmi Korlátolt Felelősségű Társaság (hereinafter: Responsible Person or Unix Autó)Registered Office: 1139 Budapest, Frangepán utca 55-57.Representative:Name: Antal Zombori, Managing Director Contact details: info@unixauto.hu 3. Name and CONTACT DETAILS OF THE DATA PROTECTION OFFICERAccording to the GDPR, a data protection officer has been appointed at the Controller, whose contact details are as follows: karpati.gergely@unixauto.huContact details gdpr@autoaz.com

CHARACTERISTICS OF INDIVIDUAL DATA PROCESSING
4. REGISTRATION IN THE WEBSHOPThe controller informs the data subjects that prior registration is required to purchase in the webshop, but that the purchase after registration is not mandatory.The data subject is liable for any damage resulting from the provision of incorrect or incorrect data. The person responsible reserves the right to delete an obviously incorrect or incorrect registration and, in case of doubt, to check the accuracy of the data provided. Please note that to complete the registration (to avoid registrations with incorrect or incorrect data) the system sends an automatic email to the email address provided, in which the person concerned confirms their registration by clicking on the email address provided Links can confirm. Affected persons: natural persons who register in the webshop, which can be both natural persons and private persons who act on behalf of legal entities (register)

  • Scope of processed data: Email address, last name, first name, password
  • Purpose of data processing: Carrying out registration, setting up a user account for the data subjects and the possibility of making purchases later.
  • Legal basis for data processing:  The controller processes this data in accordance with Article 6 paragraph (1) point a) of the GDPR (your consent) , which is done by checking the checkbox in front of the “Register” button on the registration interface.
 

Persons authorized to access: the personal data provided above may be viewed by the responsible employees of the area responsible for the operation of the webshop.

Data transfer: The person responsible does not transfer the above-mentioned personal data of the data subjects to any third parties within the EU, to any third country or to any international organization.

Processor : the controller does not use processors to achieve the purpose of data processing.

Place and method of data processing: The personal data provided by the data subject are stored on the controller's servers in the European Union.

Data retention period :

·         until the consent of the data subject is revoked, until the user account is finally deleted, which the data subject can request in a request sent to the contact details of the person responsible listed under point 2 or by deleting the registration in the web shop,

·         in the event of registration with obviously incorrect or untrue information or in the event of non-confirmation of the registration, immediately after the error or untrue information was discovered and not confirmed,

·         if the user does not use the user account, after 2 years of inactivity, the user account will be automatically deleted by the controller at its sole discretion, unless the data subject has previously made a purchase in the web shop and thus the data of the previous purchase will be as in the next section stored as described.

1.     PURCHASE IN THE WEBSHOP

Because purchasing is not mandatory after registration and if the data subject does not make a purchase after registration, the controller only processes the personal data of the data subjects specified in point 4. If the registered user also makes a purchase in the webshop, he is obliged to provide the personal data necessary for the conclusion, fulfillment of the purchase contract and invoicing before the purchase, as well as the vehicle data necessary for the purpose of the purchase due to the type of product sold by the Controller selection of the product to purchase are required.

Data subjects : natural persons who make a purchase in the online shop

Last name, first name, billing address (residential address), delivery address, order number, name, quantity, value of the purchased product, payment method, bank card number, name on the bank card, expiry date, CVC/CVV, transaction data -  Preparation and conclusion of the contract with the customer, fulfillment of the contract, issuing invoices and receipts based on the contract, correct maintenance of receipts. - The controller collects and processes these personal data in accordance with Article 6 paragraph (1) point b) of the GDPR (for the preparation and performance of the contract ) until the contract is fulfilled. If the contract between the parties has been fulfilled (the data subject as buyer has paid the purchase price and the controller as seller has delivered the ordered product to the buyer who took delivery of the product), the legal basis for data processing is Article 6 paragraph ( 1) Point c) of the GDPR and Section 169 paragraph (2) of the Accounting Act (fulfillment of a legal obligation ).

Vehicle type, year of vehicle construction, engine code, registration number, chassis number, comment - Saving vehicles from previous purchases as favorites to facilitate the future purchasing process to identify the products ordered. - The person responsible only processes this data if the data subject saves this data. The legal basis for data processing is Article 6 paragraph (1) point a) of the GDPR (your consent), which you give by saving your data as a favorite. - The person responsible only processes this data if the data subject saves this data. The legal basis for data processing is Article 6 paragraph (1) point a) of the GDPR (your consent), which you give by saving your data as a favorite.

Email address, telephone number - Maintaining contact with the data subject for the performance of the contract, notifying the data subject of the performance of the contract. - The controller processes these personal data in accordance with Article 6 paragraph (1) point b) of the GDPR (data processing necessary for the preparation and performance of a contract to be concluded with you ).

 

 

Persons authorized to access: the above personal data may be viewed by employees responsible for sales, customer service, financial tasks and warehouse management.

Data transfer: The controller transfers the following personal data of the data subjects to the following third parties:

 

  • National Tax and Customs Office (Hungarian name: Nemzeti Adó-, és Vámhivatal) Registered office: 1054 Budapest, Széchenyi u.  Contact details: 1818@1818.hu - 

    Name, billing address, name, quantity and value of the product purchased- Fulfillment of legal reporting requirements - The controller transmits this personal data in accordance with Article 6 paragraph (1) point c) of the GDPR, Section 178 paragraph (1a) of the VAT Act and Annex 10 (fulfillment of a legal obligation ).

  • PayPal (Európa) S.à rl et Cie, SCA Address: 22-24 Boulevard Royal, L-2449 Luxembourg Contact details: https://www.paypal.com/hu/webapps/mpp/home

  • Barion Payment Zrt. Address: H-1117, Budapest, Irinyi József st. 4-20. 2. floor Contact details: https://www.barion.com/hu/ugyfelszolgalat/

  • Stripe, Inc. 354 Oyster Point Boulevard South San Francisco, California, 94080, USA - Stripe Payments Europe Limited 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland https://stripe.com/gb

Last name, first name, email address, billing address, delivery address, payment method, bank card number, name on the bank card, expiry date, CVC/CVV - Execution of the bank card transaction, booking of the transaction, confirmation of the transaction, handling possible complaints related to fraud monitoring, customer service tasks- 

The controller transmits this personal data in accordance with Article 6 paragraph (1) point b) of the GDPR ( data processing necessary for the performance of a contract concluded with you ). - 

Processor: the controller uses the following processors to achieve the purpose of data processing:

GLS General Logistics Systems Hungary Kft. Registered office: 2351 Alsónémedi, GLS Európa utca 2.  Contact details: info@gls-hungary.com

DPD Hungary Kft. Sitz: 1134 Budapest, Váci St. 33., Build A, II. Floor Kontaktangaben: dpd@dpd.hu

Delivering the ordered products, collecting and returning the products to be returned and maintaining contact with the buyer for this purpose

 

Place and method of data processing: The personal data provided by the data subject are stored on the controller's servers in the European Union.

Data retention period:

·         The person responsible keeps the contract and invoice data as basic accounting documents in accordance with Section 169 paragraph (2) of the Accounting Act until the last day of the 8th year after the last day of the year in which the invoice was issued.

·         The Controller processes the personal data processed in accordance with the data subject's consent until the data subject withdraws his or her consent, which may be requested by the data subject in a request to the contact details of the Controller referred to in point 2.

1.     SEND NEWSLETTER (PROCESSING OF MARKETING DATA)

The data subject has the opportunity to request general information about news, promotions and products on the website and to receive this by email. These messages are considered data processing for direct marketing purposes under the relevant legislation. In connection with this data processing, the controller provides the following information.

Data subjects : natural persons who request newsletters and have therefore subscribed to receiving advertising mail

Name, email address - Send email containing advertisements, news, promotions, information; Designing and adapting personalized commercial offers in order to send personalized advertising mail to a filtered, selected group of recipients - The controller processes this data in accordance with Article 6 paragraph (1) point a) of the GDPR ( your consent ), which is done when subscribing to newsletters by ticking the checkbox in front of the “Register” button on the website.

Email address, fact of subscription to newsletters (yes/no) - Storage of information about whether the data subject has subscribed to the newsletter in order to be able to prove at a later date whether they have given or not given their consent. - The controller processes this data in accordance with Article 6 paragraph (1) point f) of the GDPR (legitimate interest of the controller) . The Controller defines his legitimate interest in recording the fact of giving consent and proof of this fact, which interests cannot be carried out without the management of the data specified in this point. The person responsible has prepared the interest assessment in connection with the legitimate interest as a legal basis and makes it available to the data subjects upon request.

Persons authorized to access: the personal data provided above may be viewed by the responsible employees of the department responsible for marketing activities and the IT department.

Data transfer: The person responsible does not transfer the above-mentioned personal data of the data subjects to any third parties within the EU, to any third country or to any international organization.

Processor: the controller uses the following processors to achieve the purpose of data processing:

 Send newsletters, mass mailings, create analyses, statistics - GetResponse Address: Gdansk (80-309), Grunwaldzka 413 (NEON) 80-309 Gdansk, Poland +48 58 668 31 30 EU VAT ID: 9581468984 Contact details: https://www.getresponse.com/help

 

Place and method of data processing: The personal data provided by the data subject are stored on the controller's servers in the European Union. The processor only has access to the personal data through remote access to the controller's system.
Data retention period: until you unsubscribe from newsletters and thus until the data subject’s consent is revoked. The data will also be deleted if the data subject deletes their user account.

7. SEND PERSONALIZED ADVERTISING MESSAGES (PROFILING) The Controller hereby informs the data subjects that Users have the possibility, after their express consent, to receive personalized newsletters and other marketing messages (e-mail, SMS) according to their preferences. According to the relevant legislation, these messages are considered direct marketing and advertising messages and the sending of personalized messages relies on profiling. In connection with data processing, the controller provides the following information.

Significance of the logic used, the data processing and the likely consequences of the data processing for the data subject: As part of the profiling (data analysis), the person responsible draws from the analysis and comparison of the personal data listed in this section as well as from the comparison of the data statistical and demographic data held by the controller or coming from external sources, conclusions about the purchasing habits, expected preferences and interests of the data subject. These conclusions are used by the Controller to enable him to develop personalized, individual promotions and offers for the users of the webshop and to send these offers to the relevant target group.

The analysis and processing of data results in the data subjects being divided into groups with different characteristics, which means that the controller does not offer certain offers and discounts to all, but only to certain groups, so that these offers and discounts will not be sent unsolicited to all affected persons who have subscribed to the newsletter, but only to those who are interested in it.

Your consent is required for data analysis, which you can grant or change at any time or revoke at any time without giving reasons and free of charge.

Data subjects: natural persons who have subscribed to the personalized newsletters

Name, email address, telephone number, date of birth, online purchasing behavior, shopping habits, type, price of products ordered, browsing habits, demographic data - Designing and adapting personalized commercial offers in order to send personalized advertising mail to a filtered, selected group of recipients - The controller processes this data in accordance with Article 6 paragraph (1) point a) of the GDPR ( your consent ), which is done when subscribing to personalized newsletters by ticking the checkbox on the website

Email address, phone number, fact that you have subscribed to your personalized newsletters (yes/no) - Storage of information about whether the data subject has subscribed to personalized newsletters in order to be able to prove at a later date whether he or she has given or not given consent. - The controller processes this data in accordance with Article 6 paragraph (1) point f) of the GDPR (legitimate interest of the controller) . The Controller defines his legitimate interest in recording the fact of giving consent and proof of this fact, which interests cannot be carried out without the processing of the data specified in this point. The person responsible has prepared the interest assessment in connection with the legitimate interest as a legal basis and makes it available to the data subjects upon request

Persons authorized to access: the personal data provided above may be viewed by the responsible employees of the department responsible for marketing activities and the IT department.
Data transfer: The controller does not transmit the above-mentioned personal data of the data subjects to any third parties within the EU, to any third country or to any international organization. Processor: the controller uses the following processors to achieve the purpose of data processing:

Send newsletters, mass mailings, create analyses, statistics - GetResponse Address: Gdansk (80-309), Grunwaldzka 413 (NEON) 80-309 Gdansk, Poland +48 58 668 31 30 EU VAT ID: 9581468984 Contact details: https://www.getresponse.com/help

Place and method of data processing: The personal data provided by the data subject are stored on the controller's servers in the European Union. The processor only has access to the personal data through remote access to the controller's system.
Data retention period: until you unsubscribe from newsletters and thus until the data subject’s consent is revoked. The data will also be deleted if the data subject deletes their user account.

Please note that we do not send unsolicited commercial messages. You can unsubscribe from receiving personalized and general newsletters and other direct marketing messages free of charge without restriction and without giving any reason. In this case, we will delete your personal data that is necessary to send you marketing messages from our records and we will no longer contact you for marketing purposes. You can unsubscribe from electronic newsletters by clicking on the link in the email message and unsubscribing from the newsletter in your user account.

8. DATA PROCESSING FOR THE PURPOSES OF CONTACTING, VEHICLE SEARCHThe data subjects have the option of sending a message directly to the controller or to the specific organizational units of the controller, using the contact details provided in the “ Contact” menu item on the website. The data subject sends the message to the email addresses indicated on the website directly from their own email application or by filling out the “ Send message” form located on the website.
Data subjects: natural persons who contact the person responsible.

 Name, email address, telephone number, order number, all data provided by the data subject in the message. When searching for unknown vehicles: chassis number, make, model, year of manufacture, email address - Maintaining contact between the controller and the data subjects, dealing with and responding to any requests or questions and dealing with consumer complaints - The controller processes this data in accordance with Article 6 paragraph (1) letter a) of the GDPR (your consent) , whereby the consent is given in the case of a contact form before sending the message, ticking the checkbox on the website, or by sending an email message is sent. If the message is a consumer complaint, the legal basis for data processing is Article 6 paragraph (1) point c) of the GDPR and is carried out in accordance with Section 17/A paragraph (5) of the Consumer Protection Act (fulfillment of a legal obligation ).

Persons authorized to access: the personal data provided above may be viewed by the responsible employees of the area corresponding to the subject of the message, of the customer service, of the sales area and of the IT area.
Data transfer: The controller does not transmit the above-mentioned personal data of the data subjects provided for contact to any third party within the EU, to any third country or to any international organization. Processor: the controller does not use any processor to achieve the purpose of data processing :Place and method of data processing: The personal data provided by the data subject are stored on the controller's servers in the European Union.
Data retention period: the controller processes the personal data of the data subject until the data subject withdraws his consent, but no longer than one year from the date of providing the data. If, based on the subject of the message, it is determined that the person responsible has additional tasks, the retention period of the data will be adapted to the respective task (e.g. the civil law statute of limitations for enforcing civil law claims, the statute of limitations for criminal law measures). crime, or time of the final discontinuation of the criminal proceedings, etc.)

9. COOKIES DATA PROCESSINGThe person responsible hereby informs the data subjects that the website uses cookies. Cookies are small data files used by websites to improve user experience. These files are stored on the user's device when they visit the website and are read again on subsequent visits, allowing the user to be identified. In some cases, these files are considered personal data within the meaning of the GDPR, because if the browser sends back a previously stored cookie, the service provider processing cookies has the opportunity to link the user's current visit to previous visits, however only in relation to its own content. According to the relevant legislation, cookies may be placed on the user's device without the user's consent if they are necessary for the functioning of the website. All other (non-essential) cookies can only be set with the user’s consent. You can check and change your previous consents to the use/processing of cookies by clicking here.

Google Tag Manager

Our website uses the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Tag Manager is used to manage tracking tools and other services, so-called website tags. The Google Tag Manager does not require the use of cookies.

The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR, based on our legitimate interest in integrating and managing multiple tags on our website in a straightforward manner

You can find more information here.

Criteo

In the context of shared responsibility within the meaning of Article 26 of the GDPR, we use services provided by Criteo SA, 32 Rue Blanche, 75009 Paris, France ("Criteo") to collect information about user behaviour (e.g. products you have viewed, added to your shopping cart or purchased) in a purely anonymous form in order to improve our advertising offering. Within the framework of the contract with Criteo, we determine the scope of the respective advertising campaign. The implementation of this advertising campaign, including the decision about which ads are delivered where, is then the responsibility of Criteo.

In the context of our joint responsibility for the aforementioned processing, you may exercise your rights under the GDPR against both us and Criteo. We have entered into a shared responsibility agreement with Criteo, the main terms of which we will make available to you on request.

YouTube

We have integrated videos on this website that are stored on YouTube and can be played from our website. We have activated YouTube's extended data protection mode. This means that Google does not receive any usage information and does not set any cookies until the user actively clicks on the play button. After this click, the video starts playing and Google sets its own cookies to improve its services and to play individualised advertising on the Google advertising network.


9.1. REQUIRED COOKIESData subjects: natural persons who visit the websiteScope of data processed: session ID, time of visit to the websitePurpose of data processing: The necessary cookies facilitate the usability of the website and enable basic functions such as navigation on the website and the Access to secure websites, login authentication, load balancing and storage of language settings. Without the use of these cookies, the website cannot function properly. Legal basis for data processing: The consent of the data subject is not required for the use of the necessary cookies; these data are processed by the controller in accordance with Article 6 paragraph (1) point f) of the GDPR (legitimate interest of the person responsible) and Section 25 Paragraph (2) of the Act on Data Protection and Protection of Privacy in Telecommunications and Telemedia (Telecommunications Telemedia Data Protection Act - TTDSG). The person responsible has prepared the interest assessment in connection with the legitimate interest as a legal basis and makes it available to the data subjects upon request.

 _answer  - It helps prevent Cross-Site Request Forgery (CSRF), generates a unique identifier to prevent these CSRF attacks - End of session

_sesid  - It retains user session data for each page request - End of session

_ccons - A cookie that stores the fact that the information about the use of cookies has been accepted. - 1 year

_pgsiz - This cookie describes the number of products to be displayed per page. - 1 year

_acto - ookie to identify logged in users - 1 year

_vehty - When selecting a vehicle, the last vehicle type selected by the user is saved here. - 1 year

_vehma  - When selecting a vehicle, the last vehicle manufacturer selected by the user is saved here - 1 year

_vehmo  - When selecting a vehicle, the last vehicle manufacturer selected by the user is saved here - 1 year

_vehid  - When selecting a vehicle, the last vehicle manufacturer selected by the user is saved here - 1 year

_grave  - The vehicles in the user's garage are saved in the logged out state.  - 1 year

_lstar  - This cookie stores the identifiers of the last products viewed on the website. .  - 1 year

_lstve  -If you are logged out, this cookie stores the specific vehicles most recently selected by the user.  .  - 1 year

_guid  - This cookie stores the unique identifier generated for each user.   .  - 1 year

_gufapro  - This cookie stores the wish list of logged out users.  - 1 year

9.1A Usage-oriented cookies
Data subjects: natural persons who visit the website Scope of data processed: storage of personalized product-related settings

Purpose of data processing: The necessary cookies make the website easier to use and enable basic functions. Without using these cookies, the website cannot function as intended.
Legal basis for data processing: Usage-oriented cookies are processed by the person responsible in accordance with Article 6 paragraph (1) point a) of the GDPR (consent of the data subject), which is given the first time you visit the site by ticking the checkbox in the pop-up -Window is done by the person concerned.

 _vehty - When selecting a vehicle, the last vehicle type selected by the user is saved here. - 1 year

_vehma  - When selecting a vehicle, the last vehicle manufacturer selected by the user is saved here - 1 year

_vehmo  - When selecting a vehicle, the last vehicle manufacturer selected by the user is saved here - 1 year

_vehid  - When selecting a vehicle, the last vehicle manufacturer selected by the user is saved here - 1 year

_grave  - The vehicles in the user's garage are saved in the logged out state.  - 1 year

_lstar  - This cookie stores the identifiers of the last products viewed on the website. .  - 1 year

_lstve  -If you are logged out, this cookie stores the specific vehicles most recently selected by the user.  .  - 1 year

_guid  - This cookie stores the unique identifier generated for each user.   .  - 1 year

_gufapro  - This cookie stores the wish list of logged out users.  - 1 year

 9.2 STATISTICAL COOKIES Data subjects: natural persons who visit the website and give their consent to data processing

Scope of data processed: anonymized IP address, relay URL (previously visited page); Pages viewed (date, time, URL, address, length of stay), files downloaded, links clicked on other websites, specific goals achieved (conversions), technical information: operating system; browser type, version and language; Device type, brand, model and resolution, approximate location (country and city, if available, based on anonymized IP address), demographic characteristics and interestsPurpose of data processing: Statistical cookies help the website owner understand how visitors contact the website. The information is collected anonymously.Legal basis for data processing: Statistical cookies are processed by the controller in accordance with Article 6 paragraph (1) point a) of the GDPR (consent of the data subject), which is provided when you first visit the site by ticking the checkboxes in the pop-up. up window is done by the person concerned.

 9.3 MARKETING
Data subjects: natural persons who visit the website and give their consent to data processing Scope of data processed: IP address of the device, cookie ID, device ID of mobile devices (Device ID), re-lay URL ( previously visited page), pages viewed (date, time, URL, address, length of stay), files downloaded, links clicked on other websites, specific goals achieved (conversions), technical information: operating system; browser type, version and language; Device type, brand, model and resolution, approximate location (country and, if applicable, city). Purpose of data processing: Marketing cookies are used to follow visitors to websites. The purpose of setting marketing cookies is to display personalized advertising tailored to users' interests. The information obtained in this way is valuable for advertisers.Legal basis for data processing: The marketing cookies are processed by the controller in accordance with Article 6 paragraph (1) point a) of the GDPR (consent of the data subject), which is given when you first visit the site by ticking the checkbox in the pop-up window is made by the person concerned.

 gaVisitorUuid - This cookie is used by GetResponse to individually identify users. - 1 year

gaVisitorResubscribed - This cookie is used by GetResponse to individually identify users. -  1 year

^BarionMarketingConsent. - These cookies are used by the Barion Smart Gateway service. The purpose is to store your declaration as to whether you agree to the collection of data from your surfing behavior and the evaluation of your shopping behavior to display personalized advertising and offers. If you have given your consent, we will also use the data collected by the following credit card fraud prevention cookies, which are among the cookies required for operation, and your browsing habits to study your shopping behavior and display personalized advertising and offers. - 1.5 years

grUuidHasBeenSet - This post is used by GetResponse. - Unlimited

gaLocalStorageVisitKey .- This post is used by GetResponse.  Unlimited

Below is a list of information about the social networks on which we have an online presence:

9.4 COMMON RULES FOR THE PROCESSING OF COOKIES
Persons authorized to access: the personal data collected through the use of cookies may be viewed by the responsible employees of the area responsible for marketing activities as well as the management of the controller. Processors: the controller uses the following processors to achieve the purpose of data processing.

Wise Digital Kft.  - Address: 1033 Budapest, Csikós st. 8. 1. floor 11. door, Hungary  - Contact details: solution@wisedigital.hu

Create statistics, analyses, marketing campaigns and personalized offers based on the cookie data.

Data transfer: the personal data collected through the above-mentioned cookies are transmitted to the service provider that collects the data. The personal data collected for statistical purposes for the operation of Google Analytics is transmitted to Google Inc. The data collected by cookies processed for marketing purposes is transmitted to . With the consent of the data subject to the transfer of data in accordance with this point, the user gives his/her express consent to the transfer of data in accordance with this point.
Place and method of data processing: The personal data provided by the data subject are stored on servers provided by the processor appointed by the controller within the European Union.

10 LINKS
Please note that there are also links on the website that lead to other websites. The data protection guidelines and notices of the respective website apply to the use of such external websites, and after clicking on an external link or on the corresponding button, the person responsible is no longer able to influence the collection, storage or processing of data, Therefore, the controller is not liable for processing of this data.

11 SECURITY OF DATAPlease note that the controller takes all technical and organizational measures and establishes the necessary procedural rules to enforce the GDPR provisions on confidentiality and security of processing.The controller takes appropriate measures Measures to protect the data processed by it from unauthorized access, alteration, disclosure, transmission, transfer, deletion or destruction, as well as from accidental destruction or damage. As part of its data processing, the controller maintains a) confidentiality: it protects the information in such a way that that only those who are authorized to have access to them have access to them; b) Integrity: it protects the accuracy and completeness of the information and the way it is processed; c) Availability: it ensures that the legitimate user actually has access to it when necessary has the information he needs and the necessary means are available.

The controller protects its information technology systems and networks appropriately against computer fraud, espionage, fire and flood, viruses and computer break-ins. The operator must ensure security through protection procedures at the server and application levels. The controller monitors its systems to record any security incidents and to provide evidence of any security incidents. System monitoring also makes it possible to check the effectiveness of the precautionary measures taken. The controller also requires and monitors compliance with the data protection measures it applies based on the provisions of the contracts concluded with the processors it may use.

12 RIGHTS OF THE DATA SUBJECT, ENFORCEMENT OF RIGHTS Please note that you can exercise or assert the following rights in connection with personal data at any time without restriction:
- information, access to data,
- correction, - deletion of data, - Restriction of data processing, - Portability of data, - Withdrawal of your consent, - You have the right to also object to the processing of personal data.

12.3 Right to informationThe controller shall take appropriate measures to provide data subjects with all of the information set out in Articles 13 and 14 of the GDPR as well as all information on the processing of personal data referred to in Articles 15 to 22 and 34 of the GDPR in a concise, transparent, understandable and easily accessible form and in a clear and simple language. The right To obtain information, you can do so in writing using the contact details provided in point 3 of this notice. Upon request, the data subject can also be given verbal information after they have proven their identity.

12.4 Right to information of the data subjectThe data subject has the right to obtain information from the person responsible as to whether their personal data is being processed or not, and, if such data processing occurs, he or she has the right to access the personal data and the details of the data processing in accordance with the GDPR. The controller shall provide the data subject with a copy of the processed personal data. For additional copies requested by the data subject, the controller may charge a reasonable fee in accordance with the administrative costs. At the request of the data subject, the data controller shall provide the information in electronic form. The data controller shall provide the information within a period not exceeding one month from the date of the request.

12.5 Right to rectificationThe data subject may request the rectification of their inaccurate personal data, which are processed by the controller and request the completion of the incomplete data.

12.6 Right to erasureThe data subject has the right to delete his or her personal data upon request without undue delay if one of the following reasons applies:- the personal data for the purposes for which they were collected or otherwise processed are no longer necessary; - the data subject withdraws their consent on which the data processing is based and there is no other legal basis for the data processing; - the data subject objects to the data processing , and there are no overriding legitimate grounds for the data processing;- the personal data have been processed unlawfully;- the personal data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State;- the personal data to provide Services related to the information society. The deletion of data cannot be initiated if the data processing is necessary for the following cases: exercising the right to freedom of expression and information, fulfilling an obligation under Union law or law of a Member State, or carrying out a task which is in the public interest or in the exercise of official authority vested in the person responsible, research in the field of public health or archival, scientific and historical research, public interest or for the purposes of assertion , enforcement and defense of legal claims.

12.7 Right to restriction of data processingAt the request of the data subject, the controller limits data processing if one of the following conditions is met:
- the data subject disputes the accuracy of the personal data; in this case, the restriction applies for a period allowing the accuracy of the personal data to be verified;- the data processing is unlawful and the data subject refuses the deletion of the data and instead requests the restriction of their use;- the controller needs the personal data no longer for the purposes of data processing, but the data subject needs it to assert, enforce or defend legal claims; or- the data subject has objected to data processing; in this case, the restriction applies for the period until it is determined whether the legitimate reasons of the controller override the legitimate reasons of the data subject. If data processing is restricted, the personal data, with the exception of storage, may only be processed with the consent of the data subject person or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or of an important public interest of the Union or a Member State. The controller shall inform the data subject in advance of the lifting of the restriction on data processing.

12.8 Right to data portabilityThe data subject has the right to receive the personal data that he or she has provided to the controller in a structured, common and machine-readable format and to transmit this data to another person responsible if - the data processing is based on the consent of the data subject or on a contract to which the data subject is one of the contracting parties, and - the data processing is carried out using automated procedures.

12.9 Right to objectThe data subject has the right, for reasons arising from their own situation, to object at any time to the processing of their personal data in the public interest or to data processing necessary for the performance of a task within the scope of the exercise of public authority -walt, which has been assigned to a responsible person, including profiling in accordance with the aforementioned provisions. In the event of an objection, the person responsible may no longer process the personal data unless there are compelling legitimate reasons that take precedence over the interests, rights and freedoms of the data subject, or those related to the assertion, enforcement or defense of legal claims. If the personal data is to be processed for direct advertising purposes, the data subject has the right to object to this processing of his or her personal data at any time; This also applies to profiling insofar as it is connected to such direct advertising. In the event of an objection to the processing of personal data for the purposes of direct advertising, the data may not be processed for these purposes.

12.10 Right to object to automated decision-making in individual cases, including profiling, the data subject has the right to be excluded from the scope of a decision based solely on automated data processing - including profiling. The above right does not apply if the data processing is for the purpose or Performance of a contract between the data subject and the controller is necessary; - is possible under the Union law applicable to the controller or the law of a Member State, which also includes appropriate measures to protect the rights and freedoms and legitimate interests of the data subject or- is based on the express consent of the data subject.

12.11 Right of withdrawalThe data subject has the right to withdraw their consent at any time. The revocation of consent does not affect the lawfulness of data processing based on the consent before its revocation.
12.12 Rules of ProcedureThe controller shall inform the data subject immediately, but in any case within one month of receipt of the request, of the measures taken in connection with the request submitted by the data subject. If necessary and taking into account the complexity of the application and the number of applications submitted, this deadline may be extended by a further two months. If the person responsible does not take any measures in connection with the data subject's submitted request, he shall inform the data subject immediately, but no later than one month after receipt of the request, why no measures were taken, whereby the data subject has the right to to lodge a complaint with a supervisory authority or to take legal action. The person responsible provides the requested information and data free of charge. If the data subject's request is obviously unfounded or disproportionate, in particular because it is submitted repeatedly, the person responsible may, taking into account the administrative costs for providing the requested information or information or for carrying out the requested measure, charge a reasonable fee or suspend the processing of the request Reject the application.

12.13 Compensation and compensationAny person who has suffered material or immaterial damage as a result of a violation of the Regulation has the right to claim compensation from the controller or the processor. The processor is only liable for damage caused by the processing if it has breached the obligations expressly imposed on the processor by law or if it has disregarded or acted contrary to the lawful instructions of the controller. If more than one controller or more than one If the processor or both the controller and the processor are involved in the same processing and they are responsible for the damage caused by the data processing, each controller or processor is jointly and severally liable for the total damage. The controller or processor is not liable exempt if he proves that he is in no way responsible for the event giving rise to the damage.

If you have a complaint or problem regarding the processing of your personal data, please contact us to find an amicable solution.
If this does not lead to success, you can also contact the relevant data protection authority or the competent court at your place of residence or residence in the event of a breach of the protection of your personal data. You can submit a complaint to the supervisory authority by: Use the following contact details:Name of the authority: National Authority for Data Protection and Freedom of Information (Hungarian name: Nemzeti Adatvédelmi és Információszabadság Hatóság (Website: https://naih.hu/)Head office: 1055 Budapest, Falk Miksa utca 9-11.Postal address: 1363 Budapest, Pf. 9., Hungary13 DATA PROCESSING FOR OTHER PURPOSESPlease note that the data provided to the controller on the basis of this information letter may not be used for purposes other than those stated in this information letter.

updated: November 2024

Ongoing exclusive discounts and offers in the app.