Privacy Policy

General Provisions

In the course of our economic activities, we handle personal data. We ensure the legality and appropriateness of data processing for all processed personal data.

The purpose of this notice is to provide data subjects with adequate information before providing their personal data about how our company processes their personal data, for what purposes, under what conditions and guarantees, and for how long.

Our company adheres to the provisions contained in this notice in every case of personal data processing, and we consider what is described here to be binding upon ourselves. However, we reserve the right to change the descriptions in this unilateral legal declaration, with appropriate notification to the data subjects.

Our data processing activities are established in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, hereinafter: “GDPR”) and the provisions of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (“Info Act”).

Our company’s details and contact information are as follows:

We provide the following detailed information regarding our data processing activities.

Data Processing of Registered Customers and Inquirers on the Website

• Purpose of Data Processing: To establish a contract with our company.
• Legal Basis for Data Processing: The prior consent of the data subjects.
• Scope of Processed Personal Data: Name, contact information (phone number, email address).
• Duration of Data Processing: 90 days from registration or request for quotation.
• Possible Consequences of Non-Disclosure: Providing data is voluntary, and failure to do so will result in no contract being established with our company.
• Rights of the Data Subject: The data subject (the person whose personal data is processed by our company) may:
  • request access to their personal data,
  • request rectification of their personal data,
  • request deletion of their personal data,
  • request restriction of the processing of their personal data under the conditions set forth in Article 18 of the GDPR (i.e., for the period of time required for the verification of their personal data before deletion or destruction until a court or authority requests them, but no longer than thirty days, and further that the data not be processed for other purposes),
  • object to the processing of their personal data,
  • exercise their right to data portability. In this regard, the data subject is entitled to receive their personal data in a Word or Excel format and to request that these data be transmitted to another data controller upon their request.
• Other Information Regarding Data Processing: Our company takes all necessary technical and organizational measures to prevent potential data protection incidents (e.g., damage to, loss of, or unauthorized access to files containing personal data).

Data Processing Related to Newsletters

• Purpose of Data Processing: To provide regular information to data subjects about products and services.
• Legal Basis for Data Processing: The prior consent of the data subjects.
• Scope of Processed Personal Data: Name, contact information (phone number, email address).
• Duration of Data Processing: 5 years from registration.
• Use of Data Processors: Our company engages the following data processors:
  • Data Processor: Zsolt Babocsai / Viblance Hungary Kft.
    • Address: 2535 Mogyorósbánya, Kastély köz 3.
    • Description of Data Processing Tasks: Processing of online purchases.
  • Data Processor: David Vermeersch / Geniefacts BVBA
    • Address: Geldenaaksebaan 310 3001 Heverlee Belgium.
    • Description of Data Processing Tasks: System development and server hosting.
  • Data Processor: OTP Mobil Szolgáltató Kft.
    • Address: 1093 Budapest, Közraktár u. 30-32.
    • Description of Data Processing Tasks: Data communication required for payment transactions between the merchant and payment service provider, providing customer service support to users, transaction confirmations, and conducting fraud monitoring for the protection of users.
  • Data Processor: Stripe Inc..
    • Address:  South San Francisco, California, United States and Dublin, Ireland.
    • Description of Data Processing Tasks: Data communication required for payment transactions between the merchant and payment service provider, providing customer service support to users, transaction 
• Possible Consequences of Non-Disclosure: Providing data is voluntary, and failure to do so will result in the data subject not receiving information about our company’s products and services via the newsletter.
• Rights of the Data Subject: The data subject may:
  • request access to their personal data,
  • request rectification of their personal data,
  • request deletion of their personal data,
  • request restriction of the processing of their personal data under the conditions set forth in Article 18 of the GDPR,
  • object to the processing of their personal data,
  • exercise their right to data portability. The data subject is entitled to receive their personal data in Word or Excel format and to request that these data be transmitted to another data controller upon their request.
• Other Information Regarding Data Processing: The data subject may also subscribe to the newsletter without creating a registered user profile. In this case, our company will not process any additional data beyond the name and email address. We take all necessary technical and organizational measures to prevent potential data protection incidents.

Cookie Management

Our website places a small data package, known as a cookie, on the user’s computer for personalized service and reads it during future visits. If the browser returns a previously saved cookie, the service provider managing the cookie has the opportunity to link the user’s current visit to previous ones, but only concerning its own content.

• Purpose of Data Processing: To identify users, distinguish them from each other, identify the current user session, store provided data during the session, prevent data loss, track users, perform web analytics, and provide personalized services.
• Legal Basis for Data Processing: The voluntary consent of the data subjects.
• Scope of Data Subjects: Visitors to our company’s website.
• Scope of Processed Data: Identifier, date, time, and previously visited pages.
• Duration of Data Processing: For session cookies, the duration of data processing lasts until the visit to the website is completed.
• Additional Information Regarding Data Processing: Users can delete cookies from their computers and can also disable the use of cookies in their browser.
• Possible Consequences of Non-Disclosure: Limited availability of the website’s services, inaccuracies in analytical measurements.

Management of Business Partners’ Contact Data

• Purpose of Data Processing: To fulfill contracts concluded by our company.
• Legal Basis for Data Processing: The voluntary consent of the data subjects, as well as the legitimate interest of the data controller.
• Scope of Processed Personal Data: Name, contact information (phone number, email address).
• Duration of Data Processing: 5 years from contract signing or the due date of the claim arising from it.
• Rights of the Data Subject: The data subject may:
  • request access to their personal data,
  • request rectification or clarification of their personal data,
  • request restriction of the processing of their personal data under the conditions set forth in Article 18 of the GDPR,
  • exercise their right to data portability.
• Other Information Regarding Data Processing: Our company stores documents containing personal data in a secured location and protects electronically stored documents with appropriate security measures.

Other Data Processing Activities

We provide information about data processing not listed in this notice at the time of data collection. We inform our clients that authorities, public bodies, and courts may request the disclosure of personal data from our company. Our company only provides as much personal data to these organizations as is strictly necessary to fulfill the purpose of the request, provided the requesting organization specifies the purpose of the data request and the scope of the data.

Method of Storage of Personal Data, Security of Data Processing

Our company’s IT systems and other data storage locations are located at the registered office and on the servers of the system administrator data processor. Our company selects and operates the IT tools used for data processing in a way that ensures the processed data:

1. a) is accessible to those authorized (availability);
2. b) its authenticity and authentication are ensured (data processing authenticity);
3. c) its integrity is verifiable (data integrity);
4. d) is protected against unauthorized access (data confidentiality).

We pay special attention to the security of data and take all necessary technical and organizational measures to ensure compliance with GDPR guarantees. The data is protected against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as accidental loss, damage, or inaccessibility due to changes in the applied technique.

Both our company and our contractual partners’ IT systems and networks are protected against computer-assisted fraud, viruses, hacking, and denial-of-service attacks. The operator ensures security with server-level and application-level protective procedures. Daily security backups of the data are in place. Our company takes all possible measures to prevent data protection incidents, and in the event of such an incident, we will act promptly to minimize risks and mitigate damages.

Rights of Data Subjects, Legal Remedies

Right to Information:

Our company provides all information regarding the processing of personal data to the data subjects in a concise, transparent, intelligible, and easily accessible form, clearly and understandably articulated, upon the request of the data subjects.

The right to information can be exercised in writing through the contact details provided in point 1. The data subject may also receive verbal information after verifying their identity upon request. We inform our clients that if our staff has doubts about the identity of the data subject, we may request the provision of necessary information to confirm their identity.

Right of Access:

The data subject has the right to receive feedback from the data controller regarding whether their personal data is being processed. If the personal data is being processed, they are entitled to access their personal data.

Right to Rectification:

According to this right, anyone may request the correction of inaccurate personal data concerning them and the completion of incomplete personal data handled by our company.

Right to Deletion:

The data subject is entitled to request the deletion of their personal data without undue delay under any of the following conditions:

• Personal data is no longer necessary for the purposes for which they were collected or processed in any other way;
• The data subject withdraws consent on which the processing is based, and there is no other legal ground for the processing;
• The data subject objects to the processing, and there are no overriding legitimate grounds for the processing;
• The personal data has been unlawfully processed;
• The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the data controller is subject;
• The personal data has been collected in relation to the offer of information society services.

The deletion of data cannot be initiated if the processing is necessary for compliance with a legal obligation that requires the processing by Union or Member State law applicable to the data controller, or for the establishment, exercise, or defense of legal claims.

Right to Restriction of Processing:

The data subject may request the restriction of processing where:

• The data subject contests the accuracy of the personal data, for a period enabling the data controller to verify the accuracy of the personal data;
• The processing is unlawful and the data subject opposes the deletion of the personal data and requests the restriction of its use instead;
• The data controller no longer needs the personal data for the purposes of the processing, but the data subject requires the data for the establishment, exercise, or defense of legal claims; or
• The data subject has objected to processing; in this case, the restriction applies for the period until it has been verified whether the legitimate grounds of the data controller override those of the data subject.

If the processing is restricted, personal data may only be processed with the data subject’s consent, or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State. The data subject must be informed before the restriction of processing is lifted.

Right to Data Portability:

The data subject has the right to receive the personal data concerning them, which they have provided to the data controller, in a structured, commonly used, and machine-readable format, and has the right to transmit those data to another data controller without hindrance from the data controller to which the personal data have been provided. Our company can fulfill such requests from the data subject in Word or Excel format.

Right to Object:

If the processing of personal data is carried out for the purposes of direct marketing, the data subject has the right to object at any time to the processing of personal data concerning them for such marketing, including profiling to the extent that it is related to such direct marketing. If the data subject objects to the processing of personal data for the purposes of direct marketing, the data may no longer be processed for such purposes.

Right to Withdraw Consent:

The data subject has the right to withdraw their consent to data processing at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Procedural Rules:

The data controller shall provide information to the data subject about the measures taken in response to their request without undue delay, and in any event within one month of receipt of the request, free of charge. If necessary, taking into account the complexity of the request and the number of requests, this period may be extended by a further two months. The data controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay.

If the request is submitted electronically, the information shall be provided electronically, unless the data subject requests otherwise.

Right to Legal Action and Complaint to the Data Protection Authority:

In the event of a violation of their rights, the data subject may bring a legal action against the data controller. The court shall act promptly in such matters.

A complaint can be lodged with the National Authority for Data Protection and Freedom of Information. The authority’s address is: 1125 Budapest, Szilágyi Erzsébet fasor 22/C, mailing address: 1530 Budapest, P.O. Box 5.

Phone: +36-1-391-1400

Email: ugyfelszolgalat@naih.hu

Budapest, April 1, 2018

Viblance Hungary Kft.

Zsolt Babocsai as Data Controller