Menu
Your Cart

Privacy Policy

Pickpackdecor.com 


INTRODUCTION

A Pick Pack Decor Kft. (1112 Budapest, Felső határ út 28., VAT number: 26194985-2-43 /HU26194985, company registration number: 01-09-307122) (hereinafter: Service Provider, Controller) shall submit to the followings:

The following information is provided pursuant to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

This Privacy Policy regulates the processing activities of the following website: http://www.pickpackdecor.com.

The Privacy Policy is available at:

http://www.pickpackdecor.com/adatvedelem 

Any amendment to this policy takes effect from the date of disclosure at link above. 



CONTACT DATA OF CONTROLLER:


Name: Pick Pack Decor Kft.

Registered seat: H-1112 Budapest, Felső határ út 28.

E-mail: hello@pickpackdecor.com

Phone: +36 20 321 5208



DEFINITIONS


1. “personal data”: any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;


2. “processing”: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;


3. “controller”: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;


4. “processor”: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;


5. “recipient”: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;


6. “Consent of the Data Subject”: any freely given, specific, informed and unambiguous indication of the Data Subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;


7. “personal data breach”: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;



PRINCIPLES WITH REGARD TO THE PROCESSING OF PERSONAL DATA


Personal data


a) shall be processed lawfully, fairly and in a transparent manner in relation to the Data Subject (‘lawfulness, fairness and transparency’);


b) may only be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89 (1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);


c) shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);


d) shall be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);


e) shall be kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the Data Subject (‘storage limitation’);


f) shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).


Controller shall be responsible for, and be able to demonstrate compliance with the above (‘accountability’).


CONTROLLING


CONTROLLING RELATED TO THE OPERATION OF THE WEBSHOP


1. The existence of processing, the scope of the data processed and the purpose of data processing: 


Personal DataPurpose of processing
Username
Identification, allowing registration
Password
Ensuring safe login to the user account
First name and last name

Required for contact, purchase and the issuance of the invoice

in accordance with the relevant requirements

E-mail address
Keeping contact
Phone number
Keeping contact, efficient arrangement of issues related to invoicing or shipping
Invoicing name and address

Issuing invoices in accordance with the relevant requirements, preparing agreements,

determining, amending the content of agreements, tracking contractual performance,

invoicing fees and enforcing claims related to the agreement

Shipping name and address
Delivery
Date of purchase/registration
Implementing technical operations
IP address when the purchase/registration takes placeImplementing technical operations


No personal data is required either in the username or the e-mail address.


2. Scope of the Data Subjects: Each Data Subject who registers or makes a purchase in the webshop.


3. Duration of processing, the deadline for the erasure of the data: Upon erasure of the registration. Except in case of accounting documents, as pursuant to Section 169 (2) of Act C of 2000 on Accounting, these data shall be stored for 8 years.


Accounting documents supporting the preparations of the accounts either directly or indirectly (including the general accounts, the analytic and detailed registries) shall be retained for at least 8 years, in a legible format and traceable manner and according to the reference numbers of the accounting records.


4. Possible data controllers entitled to have access to the data, the recipients of personal data: Personal data may be controlled by sales and marketing employees of the Controller in line with the principles specified above.


5. Informing the Data Subjects about their rights related to processing: 


Data Subject is entitled to request from the Controller access to and rectification or erasure of personal data or restriction of processing concerning the Data Subject,

Data subject shall have the right to object to processing of such personal data, and 

Data Subject shall have the right to data portability and withdrawal of his or her consent at any time.


6. Access to, erasure, modification of the personal data, or restriction of procession, data portability or objection to processing can be requested by Data Subject in the following manner:

- via regular mail sent to the following address: Felső határ út 28., H-1112 Budapest, Hungary.

- via e-mail sent to hello@pickpackdecor.com

- via telephone: +36 20 321 5208


7. Legal basis for the processing:


7.1. Consent of the Data Subject, paragraph (1)(a) of Article 6, paragraph (1) of Section 5 of the Privacy Act, 


7.2. Paragraph (3) of Section 13/A of Act CVIII of 2001 on certain issues of electronic commerce services and information society services (hereinafter: Act on certain issues of electronic commerce services and information society services):


For service provision purposes, Service Provider may process personal data that are strictly necessary for technical reasons to provide the services. In case of equivalent conditions, Service Provider shall choose and apply in each case the technical tools used in connection with information society services to ensure that personal data are processed only if it is strictly necessary for the provision of the service and to comply with the purposes of this legislation and only to the extend and for the period necessary.



7.3. Regarding invoices issued in accordance with accounting laws, paragraph (1) c) of Article 6.


8. We would like to inform you that

processing is based on Your consent

you are obliged to provide personal data so that we can complete the order.

as a result of any failure to provide the relevant data we will not be able to process your order.


PROCESSORS INVOLVED


Shipping


1. Activity performed by processor: Delivery of the products, shipping services


2.    Name and contact details of data processor: : 


DPD Hungária Futárpostai Csomagküldő Szolgáltató 

Korlátolt Felelősségű Társaság 

registered seat: Késmárk u. 14/B., H-1158 Budapest, Hungary

+36 (1) 501-6200

+ 36 (40) 100-373

dpd@dpd.hu


3. The existence of processing, the scope of the data processed: Shipping name, shipping address, phone number, e-mail address.


4. The scope of the Data Subjects: Data Subjects requesting delivery.


5. Purpose of processing: Delivery of the products ordered.


6. Duration of processing, the deadline for the erasure of the data: Until completion of the delivery.


7. Legal basis of processing: consent of the Data Subject, paragraph (1) a) of Article 6, paragraph (1) of Section 5 of the Privacy Act.


Online payment


1. Activity performed by processor: Online payment 


2. Name and contact details of data processor: 


Barion Payment Zrt. 

License number: H-EN-I-1064/2013

Institutional identification number 14859034

Phone: + 36 1 464 70 99

E-mail: support@barion.com

ÁSZF: https://www.barion.com/hu/vasarlok/arak-vasarloknak/ 


3. The existence of processing, the scope of the data processed: Invoicing name, invoicing address, e-mail address.


4. The scope of the Data Subjects: Data Subjects requesting online payment.


5. Purpose of processing: Online payment processing, transaction confirmation fraud-monitoring to protect users (abuse control)


6. Duration of processing, the deadline for the erasure of the data: Until the completion of the online payment transaction.


7. Legal basis for data processing: consent of the Data Subject, paragraph (1) of Section 5 of the Privacy Act, paragraph (1) a) of Article 6 of the GDPR and Section 13/A (3) of Act CVIII of 2001 on certain issues of electronic commerce services and information society services. . 


Hosting service provider


1. Activity performed by processor: Hosting services


2. Name and contact details of data processor: 


Viacom Informatikai Kereskedelmi és Szolgáltató Kft.

Registered seat: Gyár utca 8., H-2225 Üllő, Hungary

Website: https://viacomkft.hu

E-mail: ugyfelszolgalat viacomkft.hu


3. The existence of processing, the scope of the data processed: All data provided by the Data Subject.


4. The scope of the Data Subjects: Each Data Subject using the website.


5. Purpose of processing: Ensuring accessibility to the website, proper operation of the website.


6. Duration of processing, the deadline for the erasure of the data: Data controlling shall last until the termination of the agreement between Controller and Hosting service provider or the request of the Data Subject submitted to Hosting service provider to erase the data.


7. Legal basis for data processing: consent of the Data Subject, paragraph (1) of Section 5 of the Privacy Act, paragraph (1) a) of Article 6 of the GDPR and Section 13/A (3) of Act CVIII of 2001 on certain issues of electronic commerce services and information society services. 


HANDLING COOKIES


1. Prior consent of the Data Subjects is not required for cookies normally used by webshops: “session cookies protected with a password”, “cookies required for the cart” and “safety cookies”.


2. The existence of processing, the scope of the data processed: Unique identification number, dates, times


3. The scope of the Data Subjects: Each Data Subject visiting the website.


4. Purpose of processing: Identification of users, keep records of the cart and tracking users.


5. Duration of processing, the deadline for the erasure of the data: 


Type of cookieLegal basis of processingDuration of controllingScope of the data processed
Session cookies

Paragraph (3) Section 13/A of Act CVIII of 2001

on certain issues of electronic commerce services

and information society services.

The period until the end of the

relevant visitor session.


connect.sid



Other cookies are deleted after 7 or 30 days.


6. Possible data controllers entitled to have access to the data: No personal data are processed by Controller during the usage of cookies.


7. Informing the Data Subjects about their rights related to processing: Data Subjects may erase cookies in the Tools/Settings menu of their browser by choosing Data Protection settings.


8. Legal basis for the processing: Consent from the Data Subject is not required if the data are used for the sole purpose of carrying out the transmission over an electronic communication network or necessary for Service Provider in order to provide an information society service explicitly requested by the Data Subject.


GOOGLE ADWORDS CONVERSION TRACKING


1. Controller uses “Google AdWords” online advertising and within the framework of this service, Google conversion tracking services. Google conversion tracking is the analysis service provided by Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; „Google“).


2. If a website is accessed by a user via a Google-ad, a cookie required for conversion tracking is placed on the relevant computer. These cookies have limited validity and do not contain any personal data, therefore the User may not be identified by them.


3. When the User browses certain pages of the website and the cookie has not expired yet, both Google and Controller can see that User clicked on the add.


4. Different cookies are allocated to each Google AdWords client so they are impossible to track via the websites of the Adwords clients.


5. Information acquired using conversion tracking cookies are used to prepare conversion statistics for clients using AdWords conversion tracking services. Clients receive information about the number of users clicking on the ads and forwarded to the site using a conversion tracking tag. However, they do not have access to information required to identify any client.


6. If you do not wish to be involved in conversion tracking you can refuse to consent by disabling cookies in the browser and you will not be included in the conversion statistics.


7. Further information and the Privacy Policy of Google is available at www.google.de/policies/privacy/


USING GOOGLE ANALYTICS


1. This website uses Google Analytics, which is the web analysis service of Google Inc. (“Google”). Google Analytics uses so called cookies, text files saved on your computer to help analyse the use of the website visited by the User. 


2. Information generated by cookies and related to the website used by the User are generally recorded and stored in one of the Google servers located in the USA. By activating the IP anonymization for the relevant website, the IP address is shortened by Google within the member states of the European Union or in other states party to the agreement on the European Economic Area. 


3. Entire IP addresses are transferred to the Google servers located in the USA to be shortened there only in exceptional cases. Based on the assignment of the operator of this website, Google will use this information to assess how the User used the website and prepare reports for the operator of the website related to the website activity and provide further services related to internet usage and the usage of the website. 


4. Within the framework of Google Analytics the IP address forwarded by the browser of the User is not connected to other data by Google. Storage of cookies can be blocked by the User with the appropriate setting applied in the browser. However, we would like you to note that in this case it may happen that not all functions of this website will be entirely available. If you download and install the browser plugin below, you can block Google to collect and process the data generated by the cookies and related to the website usage of the User (including the IP address). https://tools.google.com/dlpage/gaoptout?hl=hu  


NEWSLETTER, DM ACTIVITY


1. Pursuant to Section 6 of Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities, the User may give his or her prior and explicit consent to Service Provider to send him or her promotional or other e-mails at the contact details provided for registration.


2. Furthermore, in view of the provisions of this policy, the User may give his or her consent to Service Provider to process  the relevant personal data required for sending promotional materials.


3. Service Provider shall not spam messages and User may unsubscribe from receiving promotional e-mails free of charge without restriction or giving any reason. In such cases, Service Provider shall erase all the personal data required for sending promotional e-mails from the records and shall not contact User with further promotional offers. User may unsubscribe from the promotional offers by clicking on the link included in the e-mail.


4. The existence of processing, the scope of the data processed and the purpose of data processing: 


Personal DataPurpose of processing
Name, e-mail addressIdentification, allowing subscription to newsletters
Date of subscriptionImplementing technical operations
IP address and the time of subscriptionsImplementing technical operations


5. The scope of the Data Subjects: All Data Subjects subscribing to newsletters.


6. Purpose of processing: sending electronic messages (e-mail, text messages, push messages) for promotional purposes to the Data Subject, providing updates and information about the products, sales, new functions etc. 


7. Duration of processing, the deadline for the erasure of the data: until the withdrawal of the consent, i.e. until the user unsubscribes.


8. Possible data controllers entitled to have access to the data, the recipients of personal data: Personal data may be controlled by sales and marketing employees of the Controller in line with the principles specified above.


9. Informing the Data Subjects about their rights related to processing:


Data Subject is entitled to request from the Controller access to and rectification or erasure of personal data or restriction of processing concerning the Data Subject,

to object to processing of such personal data, and 

Data Subject shall have the right to data portability and withdrawal of his or her consent at any time.


10. Access to, erasure, modification of the personal data, or restriction of procession, data portability or objection to processing can be requested by Data Subject in the following manner:

- via regular mail sent to the following address: Felső határ út 28., H-1112 Budapest, Hungary.

- via e-mail sent to hello@pickpackdecor.com

- via telephone: +36 20 321 5208


11. Data Subjects can unsubscribe free of charge at any time.


12. Legal basis for the processing: the consent of the Data Subject, paragraph (1) a) of Article 6, paragraph (1) of Section 5 of the Privacy Act and paragraph (5) of Section 6 of Act XLVIII. of 2008 on the basic requirements and certain restrictions of commercial advertising activities


Regarding the scope of the data indicated in the consent, the advertiser, the advertising service provider and the party disclosing the advertisement keep records of the personal data of the persons giving their consent. Data recorded in these records and pertaining to the addressee of the advertisement may be processed in accordance with and until the withdrawal of the consent and may only be disclosed to third parties upon prior consent of the Data Subject.


13. We would like to inform you that


processing is based on Your consent

you are obliged to provide personal data if You wish to receive newsletters from us.

as a result of any failure to provide the relevant data we will not be able to send you newsletters.


HANDLING COMPLAINTS


1. The existence of processing, the scope of the data processed and the purpose of data processing: 



Personal DataPurpose of processing
First name and last nameIdentification, keeping contact
E-mail addressKeeping contact
Phone numberKeeping contact
Invoicing name and address

Identification, handling quality complaints, questions

and issues in relation to the products ordered.


2. The scope of the Data Subjects: Data Subjects making a purchase, submitting quality or other complaints via the webshop.


3. Duration of processing, the deadline for the erasure of the data: Copies of the records or transcript of the complaint as well as the reply shall be kept for 5 years in accordance with Section 17/A (7) of Act CLV of 1997 on Consumer Protection.


4. Possible data controllers entitled to have access to the data, the recipients of personal data: Personal data may be controlled by sales and marketing employees of the Controller in line with the principles specified above.


5. Informing the Data Subjects about their rights related to processing: 


Data Subject is entitled to request from the Controller access to and rectification or erasure of personal data or restriction of processing concerning the Data Subject,

to object to processing of such personal data, and 

Data Subject shall have the right to data portability and withdrawal of his or her consent at any time.


6. Access to, erasure, modification of the personal data, or restriction of procession, data portability or objection to processing can be requested by Data Subject in the following manner:

- via regular mail sent to the following address: Felső határ út 28., H-1112 Budapest, Hungary.

- via e-mail sent to hello@pickpackdecor.com

- via telephone: +36 20 321 5208


7. Legal basis for the processing: the consent of the Data Subject, Article 6 (1) c), Section 5 (1) of the Privacy Act and Section 17/A (7) of Act CLV of 1997 on Consumer Protection.


8. We would like to inform you that  


the provision of the personal data is based on a contractual obligation.

the processing of the personal data is a precondition for the conclusion of the agreement

you are obliged to provide personal data so that we can handle your complaint.

The consequence of any failure to provide the relevant data is that we will not be able to handle the complaint submitted to our company.


SOCIAL NETWORKING SITES



1. The existence of processing, the scope of the data processed: Name and the profile picture of the User registered in Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc.


2. The scope of the Data Subjects: Each Data Subject, who signed up for Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc. and “liked” the website.


3. Purpose of data processing: Sharing, “liking” or promoting the website, its specific content elements, products, campaigns on the social networking sites.


4. Duration of processing, the deadline for the erasure of the data, providing information related to the data processors that have the right to have access to the data and the rights of the Data Subjects related to processing: Data Subject can find information regarding the source, processing, the method of transfer and the legal basis on the relevant social networking sites. Processing is carried out on the social networking sites, consequently, the regulation of the social networking site is applicable regarding the duration and method of processing, the possibilities of the modification or erasure of the data.


5. Legal basis for the processing: the consent freely given by the Data Subject to the processing of the data concerning him or her on the social networking sites.


CUSTOMER RELATIONS AND OTHER DATA PROCESSING


1. Data Subject may contact the processor at the contact details indicated on the website (phone, e-mail, social networking sites etc.) in case of any questions or problems during the usage of our processing services.


2. Processor shall erase the incoming e-mails, messages, and any data provided on the phone or via Facebook etc., along with the name and e-mail address and other freely given personal data of the Data Subject submitting the enquiry for up to 2 years following the processing activity.


3. We provide information about processing activities not detailed herein when the relevant data are recorded.


4. Service Provider shall provide information, disclose or provide data or documents if it is specifically requested by an authority or other bodies in accordance with the relevant legislation.


5. In such cases, Service Provider provides personal data to the requesting party - if the specific purpose and the scope of the data are given - to the extent and that is strictly necessary for the achievement of the relevant purpose.


RIGHTS OF THE DATA SUBJECTS


1. Right of access


You have the right to obtain from the Controller confirmation as to whether or not personal data are being processed, and, where that is the case, access to the personal data and the following information.


2. Right to rectification


You have the right to obtain from the Controller without undue delay the rectification of your inaccurate personal data. Taking into account the purposes of the processing, You have the right to have incomplete personal data completed, including by means of providing a supplementary statement.


3. Right to erasure


You have the right to obtain from the Controller the erasure of your personal data without undue delay and the controller shall have the obligation to erase personal data without undue delay where the relevant grounds apply.


4. Right to be forgotten


Where the Controller has made the personal data public and is obliged to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that You have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.


5. Right to restriction of processing  



You have the right to obtain from the Controller restriction of processing where one of the following applies:

You contest the accuracy of the personal data; the restriction shall apply for a period enabling the Controller to verify the accuracy of the personal data; 

The processing is unlawful and You oppose the erasure of the personal data and request the restriction of their use instead; 

The Controller no longer needs the personal data for the purposes of the processing, but You require them for the establishment, exercise or defence of legal claims; 

You have objected to processing; in such case restriction shall apply for a period until it is verified whether the legitimate grounds of the Controller override those of the Data Subject.



6. Right to data portability 


You have the right to receive your personal data you have provided to a Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.


7. Right to object 


You have the right to object, on grounds relating to Your particular situation, at any time to processing of Your personal data, including profiling based on those provisions. 


8. Objection in case of direct marketing purposes


Where personal data are processed for direct marketing purposes, You have the right to object at any time to processing of personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. If You object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.


9. Automated individual decision-making, including profiling


You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or has similar, significant effects.

The paragraph above shall not apply if the decision:

is necessary for entering into, or performance of, a contract between You and a data controller;;

is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard Your rights and freedoms and legitimate interests; or

is based on Your explicit consent.


DEADLINE FOR TAKING THE NECESSARY MEASURES


The controller shall provide information on action taken on the request above without undue delay and in any event within 1 month of receipt of the request. 


That period may be extended by 2 further months where necessary. The controller shall inform You of the extension of the deadline within 1 month of receipt of the request, together with the reasons for the delay. 


If the controller does not take action on Your request, the controller shall inform You without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.


SECURITY OF PROCESSING


Taking into account the state of the art and technology, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:


a) pseudonymisation and encryption of personal data;


b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;


c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;


d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.


Specific data security measures applied by Controller SSL encryption, Captcha



COMMUNICATION OF A PERSONAL DATA BREACH TO THE DATA SUBJECT


When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the Data Subject without undue delay.


The communication to the Data Subject shall describe in clear and plain language the nature of the personal data breach and communicate the name and contact details of the data protection officer or other contact point where more information can be obtained; describe the likely consequences of the personal data breach; describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.



The communication to the Data Subject shall not be required if any of the following conditions are met:

the controller has implemented appropriate technical and organisational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption;

the controller has taken subsequent measures which ensure that the high risk to the rights and freedoms of Data Subjects is no longer likely to materialise;

it would involve disproportionate effort. In such a case, there shall instead be a public communication or similar measure whereby the Data Subjects are informed in an equally effective manner.


If the controller has not already communicated the personal data breach to the Data Subject, the supervisory authority, having considered the likelihood of the personal data breach resulting in a high risk, may require it to do so.


NOTIFICATION OF A PERSONAL DATA BREACH TO THE SUPERVISORY AUTHORITY


In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.




MAKING A COMPLAINT


Complaints may be submitted to the Hungarian National Authority for Data Protection and Freedom of Information in case of infringement of controller. 

Hungarian National Authority for Data Protection and Freedom of Information

1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Mailing address: 1530 Budapest, Postafiók: 5.

Phone number:+36 -1-391-1400

Telefon: +36 -1-391-1400

Fax: +36-1-391-1410

E-mail: ugyfelszolgalat@naih.hu


CONCLUSION


The following laws were observed when preparing this privacy policy: 


- REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);

- Act CXII of 2011 on the right of informational self-determination and on freedom of information (hereinafter: Privacy Act)

- Act CVIII of 2001 on certain issues of electronic commerce services and information society services (in particular Section 13/A;

- Act XLVII of 2008 on the Prohibition of Unfair Business-to-Consumer Commercial Practices;

- Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (in particular Section 6);

- Act XC of 2005 on the freedom of electronic information.

- Act C of 2003 on electronic communications (in particular Section 155)

- Opinion 16/2011 on EASA/IAB best practice recommendation on online behavioural advertising;

- Recommendation of the Hungarian National Authority for Data Protection and Freedom of Information on the data protection requirements of the provision of prior information;

- Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);


2 September 2018