Privacy Notice

Date of adoption: 01.28.2022

1. Introduction
This Privacy Notice sets out the terms and conditions for the data management of the webshop operating under the domain www.ayuralife.eu. The owner and operator of the webshop, and therefore the data controller, is AYURA HERBAL Kft. (hereinafter: ‘Company’).

The Company’s primary objective is to protect the personal data of its customers and visitors to the website in a lawful, fair and transparent manner at all times. The Company keeps personal data up-to-date, confidential and attaches the utmost importance to respecting its customers’ right to informational self-determination and takes all security, technical and corporate governance measures to ensure data security.

The Company sets out below its data processing principles and the expectations it has set and applies to itself as data controller and to its partners as data controllers and data processors.
Our data processing principles comply with applicable national and EU legislation on data protection, in particular with the following:
• Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: ‘Info tv.’),
• General Data Protection Regulation of the European Union (Regulation (EU) 2016/679, hereinafter: ‘GDPR’),

• Act V of 2013 – on the Civil Code (hereinafter: ‘Civil Code’),
• Act LXXVI of 1999 – on Copyright (hereinafter: ‘Copyright Act’),
• Act CLV of 1997 – on Consumer Protection (hereinafter: ‘Consumer Protection Act’),
• Act XIX of 1998 – on the Code of Criminal Procedure (hereinafter: ‘Criminal Procedure Act’1),
• Act C of 2000 – on Accounting (hereinafter: ‘Accounting Act;),
• Act CVIII of 2001 – on Certain Issue of E-Commerce Services and Services Related to the Information Society (hereinafter: ‘E-Commerce Act’),
• Act C of 2003 – on Electronic Communications (hereinafter: ‘Electronic Communications Act’),
• Act CXXXIII of 2005 on the Rules of Security Services and the Activities of Private Investigators (hereinafter: ‘Property Protection Act’)
• Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (hereinafter: ‘Grt.’),
• Act I of 2012 – on the Labour Code (hereinafter: ‘Labour Code’),
• Act CLIX of 2012 – on Postal Services (hereinafter: ‘Postal Act’).
Company data of the controller:
Company name: AYURA HERBAL Kft.
Registered office: 4030 Debrecen, Epreskert utca 2
Phone: +36 20 455 2555
Website: www.ayuralife.eu
TAX number: 23586970-2-09
Company registration no.: 09-09-022061

Data of hosting company(ies):
Company name: ShopRenter.hu Kft.
Registered office: 4028 Debrecen, Kassai út 129
Phone: +36-1/234-5012
Website: https://shoprenter.hu
TAX number: 23174108-2-09
Company registration no.: 09 09 020636

Data protection information request:
Should you have any requests or questions regarding our data processing, you can contact us by post or in person at 4030 Debrecen, Galamb utca 3 or electronically at ayuraherbal@ayuraherbal.eu.
Our replies will be sent to the address you provide within a maximum of 30 days.
Data processed by our company
Personal data: any data, data inferences or information that can be directly or indirectly used to identify a natural person (hereinafter: ‘data subject’). This may be, for example, the name of the data subject, or a specific number, location data, online identifier, or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.

When you register or make a purchase on our webshop, the following personal data will be collected from the personal data you provide:
• name, e-mail address, phone number, delivery and billing address,
• login and user account information, including your username, password and unique user ID,
• details of your previous purchases,
• your cookie settings.
The personal data you provide is not controlled by the Company. You are solely responsible for the accuracy of the data you provide. When you provide your e-mail address, you also accept responsibility for ensuring that you are the only person using the e-mail address you provide. Any responsibility for accessing the site from an e-mail address is the sole responsibility of the user who registered the e-mail address.
Purpose and conditions of the processing
Personal data may only be processed for specified purposes, for the exercise of a right or the performance of an obligation. Only personal data which is indispensable for the purpose of the processing and which is adequate to achieve that purpose may be processed. Personal data may be controlled to the extent and for the duration necessary to achieve the purpose.
The processing of data relating to the activities of the company is primarily based on voluntary consent and on the applicable legislation. However, in cases specified in the applicable legislation, the processing, storage and transmission of a set of data is subject to an obligation under the law. In such cases, we will inform the data subject directly.
The consent of the legal representative of a data subject who is a minor aged 16 or over is not required for the validity of the legal declaration of consent.

We collect, process and use personal data when you visit, register or log in to our website or when you order products or services through our website, subject to legal requirements. We will only process your personal data in accordance with the applicable legal requirements and this document and with your explicit consent.
In case of registration in our webshop, the purpose of data processing is to keep track of orders and purchases in our webshop, to issue invoices, to register customers, to distinguish between customers, to fulfil orders, to document purchases and payments, to fulfil accounting obligations, to maintain customer contact, to analyse customer habits, to provide targeted service, to settle accounts with partners, to send direct marketing (EDM) enquiries and to inform you about current information and offers.

Duration of the processing:
• For direct marketing consents, until the user’s consent is withdrawn,
• 4 (four) years from the last login for profile data,
• 8 (eight) years with regard to the data on purchases pursuant to Section 169 (2) of the Accounting Act.
Data processing in connection with the webshop
This document contains all relevant information on data processing in connection with the operation and management of the webshop in accordance with the European Union’s General Data Protection Regulation 2016/679 (hereinafter: ‘Regulation’ or ‘GDPR’) and Act CXII of 2011 (hereinafter: ‘Info tv.’).
Information on the use of cookies
What is a cookie?
The Controller uses cookies during your visit to the website. A cookie is an information package consisting of letters and numbers that our website sends to your browser in order to save certain settings, thus facilitating the use of our website and helping us to collect some relevant statistical information about our visitors.
Some of the cookies do not contain any personal information and cannot be used to identify an individual user, but some of them contain a unique identifier – a secret, randomly generated sequence of numbers – that is stored on your device, thus ensuring your identification. The period of functionality of each cookie is described in the relevant description of each cookie.
These include, for example, settings for displaying the shopping cart function. A cookie contains a clear letter/number combination that identifies the browser used by the user. These cookies are only stored temporarily on the user’s computer and are only transferred to the company’s IT equipment when the user visits our site.

The purpose of this type of processing is to identify and distinguish users, to identify the current session of users, to store the data provided during the session, to prevent data loss, to perform web analytics measurements.
The user can control and delete the cookies stored on their computer and determine how they are used through their browser settings.
The use of cookies is subject to the consent of the user concerned. The processed data include: the date, time, and the page previously visited.
Data is processed for a maximum of 5 years.
If the user disables the use of cookies in their browser, this may result in limited or no access to certain functions of the company’s website or webshop.
Legal background and the legal grounds for cookies:
The legal ground for processing is your consent pursuant to Article 6(1)a) of the Regulation.
Data processed for the purposes of contracting and performance
Several processing situations may occur for the purposes of contracting and performance. Please note that data processing related to complaint handling and guarantee services only takes place if you exercise any of your rights.
If you do not make a purchase and are only a visitor to the webshop, the processing described under processing for marketing purposes may apply to you.
Processing for the purposes of contracting and performance in more detail:
Contact
For example, if you contact us by e-mail, in person or by phone with a query about a product. You do not need to contact us in advance, you can order from the webshop at any time even without contacting us.
If you contact our company using the contact details provided, we as the controller will keep all incoming e-mails together with the sender’s name, e-mail address, date, time and other personal data recorded in the message for a maximum of 5 years from the date of communication and will erase them afterwards.
Processed data
The data provided by you when contacting us.
Duration of the processing
The data are processed only while the communication lasts.
Legal ground of the processing

Your voluntary consent, which you provide to the Controller by contacting us. [processing pursuant to Article 6(1)a) of the Regulation]
Registration on the website
By storing the data provided during registration, the Controller can provide a more convenient service (e.g. the data subject does not have to re-enter their data for a new purchase). Registration is not a condition for the conclusion of a contract
Processed data
The Controller processes your name, address, phone number, e-mail address, the characteristics of the product purchased and the date of purchase.
Duration of the processing
Until your consent is withdrawn.
Legal ground of the processing
Your voluntary consent, which you provide to the Controller by registering. [processing pursuant to Article 6(1)a) of the Regulation]
Order processing
When processing orders, data processing activities are necessary for the performance of the contract.
Processed data
The Controller processes your name, address, phone number, e-mail address, the characteristics of the product purchased, the order number and the date of purchase.
If you have placed an order in the webshop, the processing and the provision of the data are necessary for the performance of the contract.
Duration of the processing
We process the data for 5 years according to the statute of limitations in civil law.
Legal ground of the processing
Performance of the contract [processing pursuant to Article 6(1)b) of the Regulation].
Issuance of the invoice
The processing is performed in order to issue an invoice in accordance with the substantive and formal requirements laid down in the applicable legislation and to fulfil the obligation to keep accounting records. Pursuant to Section 169 (1) to (2) of the Accounting Act, companies are required to keep accounting documents that directly and indirectly support the accounting.
Processed data

Name, address, e-mail address, phone number.
Duration of the processing
Invoices issued must be kept for 8 years from the date of issue of the invoice, pursuant to Section 169 (2) of the Accounting Act.
Legal ground of the processing
Pursuant to Section 159 (1) of Act CXXVII of 2007 on Value Added Tax, the issue of an invoice is mandatory and must be kept for 8 years pursuant to Section 169 (2) of Act C of 2000 on Accounting [processing pursuant to Article 6 (1) c) of the Regulation].

Processing related to the transport of goods
The legal ground for the transfer of data is Section 6 (6) of the Infotv., the voluntary consent of the data subject, while for our delivery partners it is Section 54 (1) of the Postal Act.
The processing is performed in order to deliver the ordered product.
In connection with the fulfilment of orders, personal data and delivery data are transmitted to logistics companies contracted to deliver the products as data processors:
Processed data
Name, address, e-mail address, phone number.
Duration of the processing
The Controller processes the data for the duration of the delivery of the ordered goods.
Legal ground of the processing
Performance of the contract [processing pursuant to Article 6(1)b) of the Regulation].
Recipients and processors of data processing in relation to the delivery of goods
Addressee: GLS General Logistics Systems Hungary Csomag-Logisztikai Kft.
Registered office of addressee: 2351 Alsónémedi, GLS Európa u. 2
Phone number of addressee: +36-29-88-67-00
E-mail address of addressee: info@gls-hungary.com
Website of addressee: https://gls-group.eu/HU/hu/home
The courier service contributes to the delivery of the ordered goods based on the contract with the Controller. The courier service processes the personal data received in accordance with the applicable legislation, as set out in the privacy notice available on its website.

The purpose of the transfer of data to data processors is the delivery of the purchased product, payment and date coordination. The data transmitted include: the name, address and phone number of the addressee and the value of the order.
The period of data processing lasts until settlement with the service provider.
Processing of warranty and guarantee claims
The warranty and guarantee claims are governed by the Decree of the Minister of National Economy 19/2014 (29 April) NGM.
Processed data
The processing of warranty and guarantee claims are governed by the Decree of the Minister of National Economy 19/2014 (29 April) NGM.
Pursuant to the Decree, we keep a record of any warranty or guarantee claims made to us in relation to the products we supply, which contains the following:

a) your name, address and a declaration that you consent to the processing of your data stated in the record in accordance with the Decree,

b) the description of the movable property sold under the contract concluded between us and the purchase price,

c) the date of performance of the contract,

d) the date of notification of the warranty or guarantee claim,

e) a description of the problem,

f) the right you wish to exercise under the warranty or guarantee claim, and

g) how the warranty or guarantee claim is to be settled or the grounds for rejecting the claim or the right to be enforced under it.

If we take delivery from you of the goods purchased, we must issue a receipt for the goods, which must include the following

a) your name and address,

b) the details necessary to identify the product and the problem with it,

c) the date of receipt of the product, and

d) the date on which you can take delivery of the repaired/replaced product.
Duration of the processing
The company must keep a record of the consumer’s warranty or guarantee claim for three years from the date of its recording and present it at the request of the supervisory authority.
Legal ground of the processing
The legal ground for the processing is compliance with legal obligations pursuant to the Decree of the Minister of National Economy 19/2014 (29 April) NGM [Section 4(1) and Section 6(1)] [processing pursuant to Article 6 (1)c) of the Regulation].
Handling of other consumer complaints
The processing of data is performed in order to handle consumer complaints. If you have submitted a complaint to us, the processing and the provision of the data are essential.
Processed data
Customer name, phone number, e-mail address, complaint content.
Duration of the processing
We keep guarantee complaints for 5 years under the Consumer Protection Act.
Legal ground of the processing
If you contact us with a complaint, we are obliged to keep the complaint for 5 years pursuant to Section 17/A(7) of Act CLV of 1997 on Consumer Protection [processing pursuant to Article 6 (1)c) of the Regulation].
Data processed in relation to the verifiability of consent
During registration, ordering and subscribing to newsletters, the IT system stores the IT data related to the consent for later verifiability.
Processed data
Date of consent and IP address of the data subject.

Duration of the processing
Due to legal requirements, consent must be verifiable at a later date, and therefore the data is stored for the limitation period following the cessation of processing.
Legal ground of the processing
This obligation is imposed by Article 7(1) of the Regulation. [processing pursuant to Article 6(1)c) of the Regulation]
Processing for advertising purposes
You can subscribe to the company’s newsletter on the company’s website.

The purpose of the processing is to send e-mail newsletters containing commercial advertising and product descriptions to interested parties about possible special offers.
The legal ground for the processing is the voluntary consent of the data subject, and the relevant provisions of the E-Commerce Act and the Grt.
In this context, the controller processes the following data: name, date, time, e-mail address, IP address.
Duration of the processing:
• until withdrawal of the data subject’s consent
The Company ensures that the data subject may unsubscribe from marketing e-mails at any time free of charge. The user may request the withdrawal of consent by sending a message to ayuraherbal@ayuraherbal.eu or by sending a request by post to 4030 Debrecen Galamb utca 3.
Data processing in relation to the sending of newsletters
The data processing process is performed for the purpose of sending out newsletters.
Processed data
Name, address, e-mail address, phone number.
Duration of the processing
Until withdrawal of the data subject’s consent.
Legal ground of the processing
Your voluntary consent, which you give to the Controller by subscribing to the newsletter [processing pursuant to Article 6(1)a) of the Regulation]
Processed data
Data processed by the cookies as defined in the Cookie Notice.

Duration of the processing
Data storage duration of a given cookie, see below for more information:
Google general cookie notice: https://www.google.com/policies/technologies/types/
Google Analitycs notice:
https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=hu
Facebook notice:
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

Legal ground of the processing
Your voluntary consent, which you give to the Controller by using the website [processing pursuant to Article 6(1)a) of the Regulation].
Processing for other purposes
We store and use our customers’ data as set out in this Notice when they contact us by e-mail or when they send us information in any other form, register or place an order on our website. In order to maintain data security, we store and use this data and other technical information to the extent necessary to respond to any inappropriate or improper use of the content of www.ayuralife.eu, as part of unlawful activity, or in the event of an attack on our information technology systems. Where we transfer our customers’ personal data to a processor, ayuralife.eu is responsible for compliance with the legal requirements relating to such processing. Therefore, we will only transfer data to service providers with whom we have a contract for processing purposes and who are bound by this contract to protect the personal data received.
Any processing not listed in this Notice will be notified to the data subject at the time of collection.
Please be informed that the Controller must comply with written requests for data from public authorities based on a legal mandate. The Controller keeps records of data transfers in accordance with Section 15(2)-(3) of the Infotv. (what personal data the Controller has transmitted, to which authority, on what legal ground and when), about the content of which the Controller provides information upon request, unless the provision of such information is excluded by law.
Recipients of the personal data
Processing for the purpose of storing personal data
Name of the data processor: AYURA HERBAL Kft.

Contact details of the data processor: 4030 Debrecen Galamb utca 3
Phone: +36204552555
E-mail address: ayuraherbal@ayuraherbal.eu
Registered office: 4030 Debrecen Epreskert utca 2
Website: www.ayuralife.eu
The Processor stores personal data on the basis of a contract with the Controller. The Processor is not entitled to access the personal data.
Processing activities related to the sending of newsletters
Company operating the newsletter system: AYURA HERBAL Kft.
Registered office of the company operating the newsletter system: 4030 Debrecen Epreskert utca 2
Phone number of the company operating the newsletter system: +36204552555
E-mail address of the company operating the newsletter system:
Website of the company operating the newsletter system: www.ayuralife.eu
The Processor contributes to the sending of newsletters on the basis of a contract with the Controller. In doing so, the Processor processes the name and e-mail address of the data subject to the extent necessary for sending the newsletter.
Processing of data related to online payments
Name of the data processor: CIB Bank Zrt.
Registered office of the processor: H-1027 Budapest, Medve utca 4-14
Phone number of the processor: +361424242
E-mail address of the processor: cib@cib.hu
Website of the processor: www.cib.hu
The Processor contributes to the execution of Online Payments according to the contract concluded with the Controller. In doing so, the Processor processes the billing name and address of the data subject, the order number and date of the order within the civil law limitation period.
In case of payment by bank card, the data of the card payment transactions are processed by CIB Bank Zrt. The data processed includes: the payer’s identifier, the amount of the transaction, the date and time of the transaction. Our company does not process, collect, store or access in any way any card data necessary for the payment transaction.
The privacy policy of CIB Bank Zrt. is available at www.cib.hu.
Data processing related to Szép card payments

In the case of a Szép card payment, the data of the card payment transaction are processed by OTP Bank Nyrt., MKB and K&H Bank. The data processed includes: the payer’s identifier, the amount of the transaction, the date and time of the transaction.
Your rights during data processing
For the duration of the processing, you have the following rights under the Regulation:
• the right to withdraw consent
• access to personal data and information relating to the processing
• the right to rectification
• restriction of processing,
• the right to erasure
• the right to object
• the right to portability.
The Controller shall respond to complaints regarding processing at the latest within 30 days.
Right to withdraw consent
You have the right to withdraw your consent at any time, in which case the data will be erased from our systems. However, please note that in the case of an outstanding order, withdrawal may result in our inability to deliver to you. In addition, if the purchase has already been made, we may not be able to erase the billing data from our systems under accounting regulations, and if you have a debt to us, we may process your data in the event of withdrawal of consent on the basis of a legitimate interest in the recovery of the debt.
Access to personal data
You have the right to receive feedback from the Controller as to whether your personal data are being processed and, if their processing is ongoing, you have the right to:
• be granted access to the personal data being processed; and
• be informed by the Controller of the following information:
o the purposes of the processing;
o the categories of personal data processed concerning you;
o information about the recipients or categories of recipients to whom or with which the personal data have been or will be disclosed by the Controller;
o the intended preservation period of the personal data or, if this is not possible, the aspects of determining such a preservation period,

o your right to obtain from the Controller rectification, erasure or restriction of the processing of personal data concerning you and, in the case of processing based on legitimate interest, to object to the processing of such personal data;
o the right to lodge a complaint with a supervisory authority;
o where the data have not been collected from you, any available information about their source;
o the fact of automated decision-making (where such a process is used), including profiling, and, at least in these cases, clear information on the logic used and the significance and likely consequences for you of such processing.
The purpose of exercising the right may be to ascertain and verify the lawfulness of the processing, and the Controller may charge reasonable compensation for providing the information in return for repeated requests for information.
Access to personal data shall be ensured by the Controller by sending you, by e-mail, the personal data and information processed, after you have identified yourself. If you are registered, access will be provided so that you can view and verify the personal data processed about you by logging into your account.
Please indicate in your request whether you are requesting access to personal data or information about data processing.
Right to rectification
You have the right to have inaccurate personal data relating to you rectified by the Controller without delay upon your request.
Right to restriction of processing
You have the right to request the restriction of the processing of your personal data, which request the Controller shall comply with if any of the following criteria apply:
• you contest the accuracy of the personal data, in which case the restriction shall apply for the period of time necessary to allow the Controller to verify the accuracy of the personal data, if the accuracy of the data can be ascertained immediately, the restriction shall not apply;
• the processing is unlawful, but you object to the erasure of the data for any reason (for example, because the data are important to you for the purposes of pursuing a legal claim) and therefore do not request the erasure of the data but the restriction of their use;
• the Controller no longer needs the personal data for the purposes for which they are processed, but you require them for the submission, enforcement or defence of legal claims; or
• you have objected to the processing, but the Controller may have a legitimate interest in the processing, in which case, until it is established whether the legitimate grounds of the Controller prevail over your legitimate grounds, the processing should be restricted.

Where processing has been restricted, such personal data shall, with the exception of preservation, only be processed with the consent of the Data Subject or for the submission, enforcement or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
The Controller shall inform you in advance (at least 3 working days before the restriction is lifted) of the lifting of the restriction on processing.
Right to erasure, right to be forgotten
You have the right to obtain from the Controller the erasure of personal data concerning you without undue delay where one of the following grounds applies:
• the personal data are no longer necessary for the purposes for which they were collected or otherwise processed by the Controller;
• you withdraw your consent and there is no other legal ground for the processing;
• you object to the processing based on legitimate interest and there is no overriding legitimate ground (i.e. legitimate interest) for the processing,
• the Controller has unlawfully processed the personal data and this has been established on the basis of the complaint,
• the personal data must be erased in order to fulfil a legal obligation under Union or Member State law applicable to the Controller.
If the Controller has disclosed personal data processed about you for any lawful reason and is required to erase it for any of the reasons set out above, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform other controllers that have processed the data that you have requested the erasure of the links to or copies of the personal data in question.
Erasure does not apply where the processing is necessary:
• to exercise rights to freedom of expression and information;
• to comply with an obligation under Union or Member State law that requires the controller to process personal data (such as processing in the context of invoicing, where the storage of the invoice is required by law) or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
• for the submission, enforcement or defence of legal claims (e.g. where the Controller has a claim against you and has not yet settled it, or in the course of handling a consumer complaint or a complaint about data processing).
Right to objection

You have the right to object to the processing of your personal data based on legitimate interests at any time on grounds relating to your particular situation. In such a case, the Controller may no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or are necessary for the submission, enforcement or defence of legal claims.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such purposes, including profiling, insofar as it relates to direct marketing. If you object to the processing of your personal data for direct marketing purposes, your personal data may no longer be processed for those purposes.
Right to portability
Where the processing is performed by automated means or where the processing is based on your voluntary consent, you have the right to obtain from the Controller the data that you have provided to the Controller, which the Controller will make available to you in the format it uses, and, where technically feasible, you may request, by means of an appropriate legal declaration, that the Controller transfer the data in that format to another controller.
Automated decision-making
You have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you. In such cases, the Controller must take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, including at least the right to obtain human intervention by the Controller, to express their point of view and to object to the decision.
The above shall not apply where the decision is:
• necessary for the conclusion or performance of a contract between you and the Controller;
• permitted by Union or Member State law applicable to the Controller which also lays down appropriate measures to protect your rights and freedoms and legitimate interests; or
• based on your explicit consent.
Data security measures
The Controller declares that it has implemented appropriate security measures to protect personal data against unauthorised access, alteration, transmission, disclosure, erasure or destruction and against accidental destruction or accidental damage, as well as against inaccessibility resulting from changes in the technology used.
The Company selects and operates the IT tools used to process personal data in the provision of the service in such a way that the data processed:

a) is accessible only to authorised persons (availability),
b) is authentic (authenticity of processing),
c) can be verified in terms of integrity (data integrity),
d) is protected against unauthorised access (data confidentiality).
The Company ensures the security of the data processing by technical, administrative and organisational measures that provide a level of protection appropriate to the risks associated with the processing.
The Company shall, during the processing,
a) maintain confidentiality: protect information so that only authorised persons have access to it,
b) maintain integrity: to protect the accuracy and completeness of the information and the method of processing,
c) and ensure availability: ensure that, when an authorised user requires, they actually have access to the information they require and the means to access it. The Company’s IT system and network are protected against computer fraud, espionage, sabotage, vandalism, fire and flooding, computer viruses and computer intrusions. The operator applies protection procedures at server and application level to guarantee security.
Compensation and restitution
Anyone who suffers material or non-material damage as a result of a breach of data protection law is entitled to compensation, which the controller or processor is liable to pay. The processor shall be liable if it has not complied with the obligations specifically imposed on processors by law or has not complied with lawful instructions from the controller. Where several controllers or several processors, or both the controller and processor, are involved in the same processing and are liable for the damage caused by the processing, they shall be jointly and severally liable for the entire damage.
The controller or processor should be exempt from liability if it proves that it is not in any way responsible for the damage.
Legal remedy options
If you believe that the Controller has violated a legal provision applicable to data processing or has not complied with a request, you may initiate an investigation procedure with the National Authority for Data Protection and Freedom of Information (address: 1363 Budapest, P.O. Box 9, e-mail: ugyfelszolgalat@naih.hu) to stop the alleged unlawful processing.
You are also informed that in case of violation of the legal provisions on data processing or if the Controller has not complied with any of your requests, you may bring a civil action against the Controller before a court.

Procedural rules
The Company shall inform the data subject of the action taken in response to the request pursuant to Articles 15 to 22 of the GDPR within 1 (one) month at the latest from the receipt of the request. Taking into account the complexity of the request or the number of requests, if necessary, the time limit may be extended by 2 (two) months, of which the Company shall inform the data subject in writing within 1 (one) month of receipt of the request, stating the reasons therefor. If the data subject has sent their request electronically, the information shall also be provided in electronic form, unless the data subject has provided otherwise.
If the controller does not take action on the basis of the data subject’s request, it shall inform the data subject within 1 (one) month at the latest of the reason or reasons for the failure to act and of the right to lodge a complaint with the supervisory authority and to seek legal remedy.
The Company provides the information free of charge, except where the data subject’s request is manifestly unfounded or excessive, in particular because of its repetitive nature, having regard to the administrative costs involved in providing the information requested or in implementing the requested measure. The controller may, in addition to a reasonable fee, request reimbursement of those costs or refuse to take the action requested.
The Company may, upon the data subject’s request, provide a copy of the personal data it processes in relation to the data subject. If the data subject requests additional copies, the controller may charge reasonable administrative costs.
Amendment of the Privacy Notice
The Controller reserves the right to amend this Privacy Notice in a way that does not affect the purposes and legal grounds of the processing. By using the website after the amendment has entered into force, you accept the amended Privacy Notice.
If the Controller wishes to perform further processing of the data collected for purposes other than those for which they were collected, it will inform you of the purposes of the processing and the information below before performing the further processing:
• the duration of the storage of the personal data or, where this is not possible, the criteria for determining the duration;
• the right to request the Controller to access, rectify, erase or restrict the processing of personal data concerning you and, in the case of processing based on legitimate interest, to object to the processing of personal data and, in the case of processing based on consent or a contractual relationship, to request the right to data portability;
• in the case of processing based on consent, that you may withdraw your consent at any time,
• the right to lodge a complaint with a supervisory authority;

• whether the provision of the personal data is based on a legal or contractual obligation or is a precondition for the conclusion of a contract, whether you are under an obligation to provide the personal data and the possible consequences of not providing the data;
• the fact of automated decision-making (where such a process is used), including profiling, and, at least in these cases, clear information on the logic used and the significance and likely consequences for you of such processing.
The processing may only start thereafter, and if the legal ground for the processing is consent, in addition to the information, you must also consent thereto.

Call Now Button