Privacy Policy

Introduction

Pixtar Media Ltd. (registered address: 1068 Budapest, Király utca 80. ground floor 11., tax number: 27801251-2-42, company registration number: 01-09-398545) (hereinafter referred to as "Service Provider," "Data Controller") adheres to the following regulations:
In accordance with the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, we provide the following information.

This privacy policy regulates the data processing of the following websites/mobile applications: https://pixtarmedia.hu
Data Controller and contact details
Name: Pixtar Media Ltd.
Registered address: 1068 Budapest, Király utca 80. ground floor 11.
Email: info@pixtarmedia.hu
Phone: +36 70 4014488

Definitions

1 „ "Personal data": any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

2 "Data processing": any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

3 "Data controller": a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

4 "Data processor": a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the data controller.

5 "Recipient": a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

6 "Consent of the data subject": any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

7 "Personal data breach": a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

Principles of Personal Data Processing

Personal data must be:

  1. Processed lawfully, fairly, and in a transparent manner in relation to the data subject (“lawfulness, fairness, and transparency”).
  2. Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes shall not be considered incompatible with the initial purposes (“purpose limitation” in accordance with Article 89(1)).
  3. Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (“data minimization”).
  4. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (“accuracy”).
  5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, subject to the implementation of appropriate technical and organizational measures required by the GDPR to safeguard the rights and freedoms of the data subject (“storage limitation”).
  6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures (“integrity and confidentiality”).
  7. The data controller is responsible for compliance with these principles and must be able to demonstrate such compliance (“accountability”).

Personal Data

  • Surname and given name
  • E-mail address
  • Phone number
  • IP address

The purpose of data processing

  • This information is necessary for initiating contact, making a purchase, issuing a proper invoice, and exercising the right of withdrawal
  • Contact Information
  • Effective communication for inquiries related to invoicing or delivery.
  • Exsecution of a technical operation.

Legal Basis

  • Article 6(1)(b) of the GDPR and Section 13/A(3) of the Electronic Communications Act (Elker tv.)
  • Article 6(1)(b) of the GDPR and Section 13/A(3) of the Electronic Communications Act (Elker tv.)
The data controller declares that data processing is carried out in accordance with the principles set out in this section.  Data Processing Related to Service Usage
  1. The fact of data collection, the scope of processed data, and the purpose of data processing:
  2. Scope of data subjects: All individuals registered/purchasing on the webshop website. Neither the username nor the email address needs to contain personal data.
  3. Duration of data processing, deadline for data deletion: If any of the conditions set out in Article 17(1) of the GDPR are met, data will be retained until the data subject requests deletion. The data controller informs the data subject electronically about the deletion of any personal data provided by the data subject, in accordance with Article 19 of the GDPR. If the data subject’s deletion request extends to the provided email address, the data controller will also delete the email address after providing the information. However, accounting documents must be retained for 8 years according to Section 169(2) of Act C of 2000 on Accounting. The contractual data of the data subject can be deleted upon the data subject’s request after the expiration of the statutory limitation period for civil claims. Accounting documents directly and indirectly supporting the accounting records (including general ledger accounts, analytical or detailed records) must be preserved in a readable form for at least 8 years, allowing retrieval based on references to the accounting entries.
  4. Identity of authorized data processors and recipients of personal data: Personal data may be processed by the data controller and its authorized employees while respecting the above principles.
  5. Description of data subjects’ rights related to data processing:
    • The data subject may request access to their personal data, rectification, erasure, or restriction of processing from the data controller.
    • The data subject has the right to data portability and the right to withdraw consent at any time.
  1. The data subject can initiate access, erasure, modification, or restriction of personal data and data portability in the following ways:
    • By mail to the address: Király utca 80. Fsz. 11. 1068 Budapest, Hungary.
    • By email to: info@pixtarmedia.hu
    • By phone: +36 70 401 4488
7. Legal basis for data processing:
  1. Article 6(1)(b) and (c) of the GDPR.
  2. Section 13/A(3) of Act CVIII of 2001 on certain issues of electronic commerce services and information society services (hereinafter referred to as “Elker tv”):
  3. The service provider may process personal data necessary for providing the service that is technically indispensable. In case of identity verification, the service provider must choose and operate the tools used in the provision of information society services in a manner that ensures personal data is processed only if it is essential for providing the service and fulfilling the other purposes specified in this law. However, in such cases, personal data should be processed only to the necessary extent and for a limited period.
  4. Article 6(1)(c) in case of issuing invoices in compliance with accounting regulations.
  5. Pursuant to Section 6:22 of Act V of 2013 on the Civil Code, in case of enforcing claims arising from contracts, the limitation period is 5 years.
    Section 6:22 [Limitation]
    (1) Unless otherwise provided in this law, claims shall become time-barred after five years.
    (2) The limitation period begins when the claim becomes due.
    (3) Any agreement to modify the limitation period must be in writing.
    (4) An agreement excluding the limitation period is void.
  1. We inform you that:
  • Data processing is necessary for the performance of the contract and providing a quotation.
  • You are obligated to provide personal data in order for us to fulfill your order.
  • Failure to provide the required data will result in us being unable to process your order.

Management of Cookies

  1. Prior consent is not required from data subjects for the use of so-called “password-protected session cookies,” “shopping cart cookies,” “security cookies,” “essential cookies,” “functional cookies,” and “cookies responsible for managing website statistics.”
  2. The fact of data processing and the scope of processed data: Unique identifier, dates, timestamps.
  3. Scope of data subjects: All individuals visiting the website.
  4. Purpose of data processing: User identification, tracking visitors, ensuring personalized functionality.
  5. Duration of data processing, deadline for data deletion:

Type of cookie

  • Session cookies or other cookies that are strictly necessary for the functioning of the website.
  • Persistent or saved cookies.
  • Statistical and marketing cookies

Legal basis of data processing

  • Article 6(1)(f) of the GDPR.

    The legitimate interest of the data controller for the purpose of operating the website, ensuring the functionality of the website's basic features, and maintaining the security of the computer system.
  • Article 6(1)(f) of the GDPR. The legitimate interest of the data controller is to operate the website, ensure the functionality of the website's basic features, and maintain the security of the computer system.
  • Article 6(1)(a) of the GDPR

Duration of data processing

  • The relevant period until the visitor's session is terminated.
  • The data processing continues until the data subject's deletion or until the stored (persistent, saved) cookies are deleted, but they are stored on the computer until their expiration date at the latest.
  • 1 month = 2 years

6. Explanation of the data subject’s rights related to data processing: The data subject has the option to delete cookies in the browser’s Tools/Settings menu, usually under the Privacy settings.

7. Most browsers used by our users allow them to customize which cookies should be saved and enable them to delete (specific) cookies. If you restrict cookie saving on specific websites or do not allow third-party cookies, it may, under certain circumstances, prevent our website from being fully functional. Here you can find information on how to customize cookie settings for common browsers:

GoogleChrome (https://support.google.com/chrome/answer/95647?hl=hu)

InternetExplorer (https://support.microsoft.com/hu-hu/help/17442/windows-internet-explorer-delete-manage-cookies)

Firefox (https://support.mozilla.org/hu/kb/sutik-engedelyezese-es-tiltasa-amit-weboldak-haszn)

Safari (https://support.apple.com/hu-hu/guide/safari/sfri11471/mac)

 

Use of Google Ads Conversion Tracking

  1. The data controller uses the online advertising program called “Google Ads” and utilizes the Google Conversion Tracking service within it. Google Conversion Tracking is an analytics service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).
  2. When a user accesses a website through a Google ad, a conversion-tracking cookie is placed on their computer. These cookies have a limited validity period and do not contain any personal data, so the user cannot be identified through them.
  3. When the user visits certain pages of the website and the cookie has not expired, both Google and the data controller can see that the user clicked on the ad.
  4. Each Google Ads client receives a different cookie, so it is not possible to track them through the websites of other Ads clients.
  5. The information obtained through the conversion-tracking cookies is used to create conversion statistics for clients using Ads conversion tracking. This allows clients to track the number of users who clicked on their ads and were redirected to a page with a conversion tracking tag. However, they do not have access to information that could personally identify any user.
  6. If you do not wish to participate in conversion tracking, you can reject it by disabling the installation of cookies in your browser. After that, you will not appear in the conversion tracking statistics.
  7. Further information and Google’s privacy policy can be found at the following link: https://policies.google.com/privacy

Use of Google Analytics

  1. This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies,” which are text files placed on your computer, to help analyze how users use the website.
  2. The information generated by the cookies about your use of the website will generally be transmitted to and stored by Google on servers in the United States. However, if IP anonymization is activated on this website, your IP address will be shortened beforehand within member states of the European Union or other parties to the Agreement on the European Economic Area.
  3. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services relating to website activity and internet usage.
  4. Google will not associate your IP address, transmitted by your browser within the framework of Google Analytics, with any other data held by Google. You can prevent the storage of cookies by adjusting your browser settings; however, please note that if you do this, you may not be able to use the full functionality of this website. You can also prevent Google from collecting and processing cookie-based data related to your website usage (including your IP address) by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en
Newsletter and Direct Marketing Activities
  1. Pursuant to Section 6 of Act XLVIII of 2008 on the Basic Conditions and Certain Limitations of Commercial Advertising Activities, the user may expressly consent to be contacted by the service provider with advertising offers and other communications at the contact details provided during registration.
  2. Furthermore, the customer, while considering the provisions of this information, may consent to the processing of their personal data necessary for sending advertising offers.
  3. The service provider does not send unsolicited advertising messages, and the user can unsubscribe from receiving offers without restriction or justification, free of charge. In this case, the service provider will delete all personal data necessary for sending advertising messages from their records and will not contact the user with further advertising offers. The user can unsubscribe from advertisements by clicking on the link in the message.
  4. The fact of data collection, the scope of processed data, and the purpose of data processing:

Personal Data

  • Name , e-mail address .
  • The IP address at the time of subscription

The purpose of data processing

  • Enabling identification and subscription to the newsletter.
  • Execution of technical operation

Legal Basis

  • Consent of the data subject
    Article 6(1)(a) of the GDPR.
    Section 6(5) of Act XLVIII of 2008 on the basic conditions and certain restri economic advertising activities.
  1. Scope of data subjects: All individuals subscribing to the newsletter.
  2. Purpose of data processing: Sending electronic messages (email, SMS, push notifications) containing advertisements to the data subjects, providing information about current updates, products, promotions, new features, etc.
  3. Duration of data processing, deadline for data deletion: Data processing continues until the withdrawal of consent, i.e., until unsubscribing from the newsletter.
  4. Possible data controllers authorized to access the data, recipients of personal data: The personal data can be processed by the data controller, as well as its sales and marketing staff, while adhering to the above principles. Description of data subjects’ rights related to data processing: The data subject can request access to their personal data, as well as their correction, deletion, or restriction of processing from the data controller. The data subject can object to the processing of their personal data. The data subject has the right to data portability and can withdraw consent at any time.
  1. The data subject can initiate access to personal data, deletion, modification, or restriction of processing, data portability, and objection in the following ways:
    • By mail to the address 1068 Budapest, Király utca 80. fsz. 11.
    • By email to info@pixtarmedia.hu.
  1. The data subject can unsubscribe from the newsletter at any time free of charge.
  2. We inform you that:
    • The data processing is based on your consent and the legitimate interest of the service provider.
    • Providing personal data is mandatory if you want to receive newsletters from us.
    • Failure to provide data will result in the inability to send you newsletters.
    • You can withdraw your consent at any time.
    • The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Complaint Handling
  1. Fact of data collection, scope of processed data, and purpose of data processing:

Personal Data

  • Surname and given name
  • E-mail address
  • Phone number
  • Invoicing name and address

The purpose of data processing

  • Identification, communication
  • Communication.
  • Communication.
  • Identification and handling of quality complaints, questions, and issues related to the ordered services

Legal Basis

  • Article 6(1)(c) and Section 17/A(7) of Act CLV of 1997 on Consumer Protec
  1. Scope of data subjects: All individuals who make purchases on the website and submit quality complaints.
  2. Duration of data processing, deadline for data deletion: According to Section 17/A(7) of Act CLV of 1997 on Consumer Protection, copies of minutes, transcripts, and responses related to complaints must be kept for 3 years.
4. Possible data controllers authorized to access the data, recipients of personal data: The personal data can be processed by the data controller and its authorized employees, while adhering to the above principles.
5. Description of data subjects’ rights related to data processing:
    • The data subject can request access to their personal data, as well as their correction, deletion, or restriction of processing from the data controller.
    • The data subject has the right to data portability and can withdraw consent at any time.
  1. The data subject can initiate access to personal data, deletion, modification, or restriction of processing, and data portability through the following methods:
    • By mail to the address 1068 Budapest, Király utca 80. fsz. 11.
    • By email to info@pixtarmedia.hu.
  1. We inform you that:
    • Providing personal data is based on a legal obligation.
    • – Processing personal data is a prerequisite for entering into a contract.
    • -It is mandatory to provide personal data in order to handle your complaint.
    • -Failure to provide data will result in the inability to handle the complaint received.
Recipients with whom personal data is shared
“Recipient”: Any natural or legal person, public authority, agency, or any other body to whom or which the personal data is disclosed, whether a third party or not.
  1. Data Processors (who carry out data processing on behalf of the data controller)
The data controller may engage data processors to facilitate their own data processing activities and to fulfill contractual obligations and obligations imposed by laws. The data controller places great emphasis on engaging data processors who provide sufficient guarantees for compliance with the GDPR’s data processing requirements and the implementation of appropriate technical and organizational measures to protect the rights of data subjects. The data processor and any person acting under the control of the data controller or data processor who has access to personal data will process the personal data only in accordance with the instructions of the data controller. The data controller bears legal responsibility for the activities of the data processor. The data processor is only liable for damages caused by the data processing if they have not complied with the specific obligations imposed on data processors by the GDPR or if they have disregarded the lawful instructions of the data controller or acted contrary to them. The data processor does not have decision-making authority concerning the processing of the data. The data controller may engage hosting service providers for ensuring the IT infrastructure and courier services for delivering ordered products as data processors.
  1. Specific Data Processors

Data processing activities

  • Hosting Service
  • Other data processors (e.g., online invoicing, web development, marketing).

Name, address, contact information

  • Websupport Magyarország Ltd. Address: 1132 Budapest, Victor Hugo utca 18-22. E-mail: support@websupport.hu website: www.websupport.hu
  • Billing service: KBOSS.hu Ltd.
    Address: 1031 Budapest, Záhony utca 7/D.
    E-mail: info@szamlazz.hu

Social media platforms

  1. The fact of data collection, the scope of processed data: the registered name on social media platforms such as Meta/Twitter/Pinterest/YouTube/Instagram, as well as the user’s public profile picture.
  2. The scope of individuals concerned: all individuals who have registered on social media platforms such as Meta/Twitter/Pinterest/YouTube/Instagram and have “liked” the Service Provider’s social media page or have contacted the data controller through the social media platform.
  3. The purpose of data collection: sharing, “liking,” following, and promoting certain content elements, products, actions, or the website itself on social media platforms.
  4. Duration of data processing, deadline for data deletion, possible data controllers authorized to access the data, and description of data subjects’ rights related to data processing: The data subject can find information about the source, processing, transfer method, and legal basis of the data on the respective social media platform. Data processing takes place on social media platforms, so the rules and regulations of the specific social media platform apply to the duration, method of processing, and options for data deletion and modification.
  5. Legal basis for data processing: the data subject’s voluntary consent to the processing of personal data on social media platforms.

Customer relations and other data processing activities

  1. If the data subject has any questions or issues regarding the data controller’s services, they can contact the data controller through the provided methods on the website (phone, email, social media platforms, etc.).
  2. The data controller deletes received emails, messages, phone calls, data provided through Meta, etc., along with the inquirer’s name, email address, and other voluntarily provided personal data, after a maximum of 2 years from the date of communication.
  3. Information about data processing activities not listed in this notice will be provided at the time of data collection.
  4. In exceptional cases of requests from authorities or based on authorization by law, the Service Provider is obliged to provide information, disclose, transfer, or make documents available.
  5. In such cases, the Service Provider may disclose personal data to the requesting party to the extent necessary to achieve the specific purpose if the requesting party has specified the exact purpose and scope of data.

Rights of data subjects

Right of access

You have the right to obtain confirmation from the data controller as to whether or not personal data concerning you is being processed and, if so, access to the personal data and the information listed in the regulation.

2. Right to rectification

You have the right to request the data controller to rectify your inaccurate personal data without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.

3. Right to erasure

You have the right to request the data controller to erase your personal data without undue delay, and the data controller is obliged to erase personal data concerning you under certain conditions.

4. Right to be forgotten

If the data controller has made the personal data public and is obligated to erase it, considering available technology and implementation costs, the data controller should take reasonable steps, including technical measures, to inform other data controllers processing the personal data that you have requested the erasure of any links to, or copies or replications of, the personal data.

5. Right to restriction of processing

    • You have the right to request the data controller to restrict the processing if one of the following conditions is met:
    • You contest the accuracy of the personal data, in which case processing is restricted for a period allowing the data controller to verify the accuracy of the personal data.
    • The processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead.
    • The data controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise, or defense of legal claims.
    • You have objected to processing pursuant to the regulation, pending verification of whether the legitimate grounds of the data controller override your grounds.

6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to a data controller, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another data controller without hindrance from the data controller to which the personal data have been provided (…)

  1. Right to object

In cases where personal data processing is based on legitimate interests or the exercise of official authority, you have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data, including profiling based on the mentioned provisions.

  1. Objection in case of direct marketing

If personal data processing is carried out for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for this purpose, including profiling, if it is related to direct marketing. If you object to the processing of personal data for direct marketing purposes, the personal data may no longer be processed for this purpose.

  1. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

The previous paragraph does not apply in cases where the decision:

  • Is necessary for entering into or performance of a contract between you and the data controller,
  • Is authorized by Union or Member State law applicable to the data controller, which also lays down suitable measures to safeguard your rights, freedoms, and legitimate interests, or
  • Is based on your explicit consent.

Deadline for action

The data controller shall provide you with information on the actions taken in response to the above requests without undue delay and in any event within one month of receipt of the request. This period may be extended by two months if necessary. The data controller shall inform you of any such extension within one month of receipt of the request, together with the reasons for the delay. If the data controller does not take action on your request, they shall inform you without delay and at the latest within one month of receipt of the request, of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

Data security

The data controller and the data processor shall implement appropriate technical and organizational measures, taking into account the state of the art, the costs of implementation, the nature, scope, context, and purposes of processing, as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk, including, among others:

  1. Pseudonymization and encryption of personal data,
  2. Ensuring the ongoing confidentiality, integrity, availability, and resilience of processing systems and services,
  3. The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident,
  4. Regular testing, assessment, and evaluation of the effectiveness of technical and organizational measures for ensuring the security of the processing,
  5. Storage of personal data in a manner that prevents unauthorized access. In the case of paper-based records, this involves establishing rules for physical storage and filing. For electronically processed data, this involves using a centralized access management system,
  6. Choosing a method of storing data in electronic form that allows for their deletion at the end of the data retention period, or earlier if necessary. Deletion must be irreversible,

Destroying paper-based records using a shredder or by engaging a specialized organization for document destruction, and, in the case of electronic data carriers, ensuring secure and irreversible deletion of the data in accordance with the rules for the disposal of electronic data carriers. The data controller implements the following specific data security measures:

  1. For the security of personal data processed on paper, the Service Provider applies the following measures (physical protection):
  2. Securely storing documents in a lockable, dry room.
  3. If there is a digitization of personal data on paper, the rules applicable to digitally stored documents must be applied.
  4. The employee performing data processing may only leave the room where the data processing takes place after securing the entrusted data carriers or by locking the respective room.
  5. Personal data may only be accessed by authorized personnel and may not be accessed by third parties.
  6. The Provider’s building and premises are equipped with fire protection and asset protection devices.

IT protection

  1. The computers and mobile devices (other data carriers) used during data processing are owned by the Provider.
  2. The computer system containing personal data used by the Provider is equipped with antivirus protection.
  3. To ensure the security of digitally stored data, the Provider employs data backups and archiving.
  4. Access to the central server machine is restricted to authorized personnel designated for that purpose.
  5. Access to the data on the computers is only possible with a username and password.

Notification of the data subject regarding the data protection incident

If a data protection incident is likely to pose a high risk to the rights and freedoms of natural persons, the data controller shall inform the data subject without undue delay.

The notification provided to the data subject shall clearly and understandably describe the nature of the data protection incident and shall disclose the name and contact details of the data protection officer or other contact person providing further information. It shall outline the likely consequences of the data protection incident and describe the measures taken or planned by the data controller to address the data protection incident, including, where applicable, the measures aimed at mitigating any potential adverse effects resulting from the incident.

The data subject shall not be notified if any of the following conditions are met:

  • The data controller has implemented appropriate technical and organizational protection measures, including measures such as encryption, which render the data unintelligible to unauthorized persons with regard to the data affected by the data protection incident.
  • The data controller has taken subsequent measures after the data protection incident to ensure that the high risk to the rights and freedoms of the data subject is no longer likely to materialize.
  • Providing the notification would involve disproportionate effort. In such cases, the data subjects shall be informed through publicly available information or by other equally effective means of communication.

If the data controller has not already informed the data subject about the data protection incident, the supervisory authority, after assessing whether the data protection incident is likely to result in a high risk, may order the notification of the data subject.

Reporting the data protection incident to the authority

The data controller shall notify the competent supervisory authority referred to in Article 55 without undue delay and, where feasible, no later than 72 hours after becoming aware of the data protection incident, unless the data protection incident is unlikely to result in a risk to the rights and freedoms of natural persons. If the notification is not made within 72 hours, it shall be accompanied by reasons for the delay.

Mandatory review in case of compulsory data processing

If the duration or necessity of compulsory data processing is not determined by law, local government regulations, or mandatory legal acts of the European Union, the data controller shall review, at least every three years from the commencement of data processing, whether the processing of personal data, carried out by itself or on its behalf or under its authority by a data processor, is necessary for the purpose of data processing.

The data controller shall document the circumstances and results of this review, retain this documentation for a period of ten years following the completion of the review, and make it available to the National Authority for Data Protection and Freedom of Information (hereinafter referred to as the Authority) upon request by the Authority.

Possibility of filing a complaint

In case of any alleged violation of the data controller’s obligations, a complaint can be filed with the National Authority for Data Protection and Freedom of Information.

Nemzeti Adatvédelmi és Információszabadság Hatóság
1055 Budapest, Falk Miksa street 9-11.
Address : 1363 Budapest, Pf. 9.
Phone :+36-1-391-1400
Fax:+36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu

Closing Remarks

During the preparation of this information, we took into account the following legislation:

  • The General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR) (April 27, 2016);
  • Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter referred to as the Infotv.);
  • Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (particularly Section 13/A);
  • Act XLVII of 2008 on the Prohibition of Unfair Commercial Practices against Consumers;
  • Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (especially Section 6);
  • Act XC of 2005 on Electronic Information Freedom;
  • Act C of 2003 on Electronic Communications (specifically Section 155);
  • Opinion 16/2011 on the European Advertising Standards Alliance (EASA)/Interactive Advertising Bureau (IAB) Recommendation on Online Behavioral Advertising;
  • The recommendation of the National Authority for Data Protection and Freedom of Information on the requirements of prior information.

Personal Data

  • Surname and given name
  • E-mail address
  • Phone number
  • IP address

The purpose of data processing

  • This information is necessary for initiating contact, making a purchase, issuing a proper invoice, and exercising the right of withdrawal
  • Contact Information
  • Effective communication for inquiries related to invoicing or delivery.
  • Exsecution of a technical operation.

Legal Basis

  • Article 6(1)(b) of the GDPR and Section 13/A(3) of the Electronic Communications Act (Elker tv.)
  • Article 6(1)(b) of the GDPR and Section 13/A(3) of the Electronic Communications Act (Elker tv.)