For which purposes do we process your data?

Responding to communications received by the controller (for instance: inquiries related to the activities of the controller), and to complaints, eventual comments, enforcement of legal claims of the controller (claim management).

What are the legal grounds for processing your data?

When processing is necessary for the purposes of the legitimate interests pursued by the controller (GDPR Article 6 paragraph (1) item f)). Legitimate interest: managing communications, inquiries received by the controller, responding to eventual comments, enforcement of claims of the controller, submission of legal claims, handling receivables, defence against claims of data subjects or in judicial or governmental proceedings filed by them.

In the case of processing consumer complaints: in order to meet legal obligations the controller is subject to (GDPR Article 6 paragraph (1)c)), and in harmony with Article 17/A of Act No CLV of 1997 on the protection of consumers (“Consumer Protection Act”) the controller shall process personal data related to complaint management, responding to consumer complaints and retention of the report drawn up in connection with the consumer complaint and the duplicated copy of the reply thereto.

Section 5.3 of this Privacy Policy deals with the communication related to our Facebook page and the respective data processing measures more in details.

Are you obliged to provide your data?

You are not obliged to communicate with or – provided you are deemed to be a consumer – submit consumer complaints to the controller. However, should you make any communication or submit any consumer complaint to the data controller, the controller shall process your related data in accordance with and up to the time limit specified in this Privacy Policy.

What data do we process?

Personal data concerned with the communication or consumer complaint received by the controller, data necessary for keeping contacts with the data subjects and the persons represented by them (name, address, e-mail address), the contents of the claims (complaints) presented by the data subjects, recording the actions taken in response to the communication, in case of consumer complaint the report drawn up in connection with the consumer complaint and the duplicated copy of the reply thereto pursuant to Article 17/A of the Consumer Protection Act.

Your name (and other particulars for your identification, provided you have handed them over to us earlier on and it is necessary for the purposes of the given procedure) as well as your contact details (in the scope required by the enforcement of the claim or the given procedure, including in particular your permanent address and e-mail address, if communication with You is accomplished via e-mail and the processing of your e-mail address is therefore necessary) are processed in connection with the enforcement of legal claims and with the defence in legal or governmental proceedings initiated by them.

How long do we store your data?

Your data will be recorded for a period of 5 years (Article 6:22 paragraph (1) of the Civil Code – unless provided for otherwise, claims shall become superannuated in a five years term). The report drawn up in connection with the consumer complaint and the duplicated copy of the reply thereto shall be retained by the controller pursuant to Article 17/A paragraph (7) of the Consumer Protection Act for a period of 5 years just as well.

In the event of a court or governmental proceeding the duration of the data processing period will be extended up to the final closure of the proceeding in question (for instance: a final and legally binding decision arrived at by the court or authority).

To whom do we transmit your personal data?

Your personal data may be transmitted to our legal representative, the acting court, or other authority (such as a public notary) for the purposes specified above.

For which purposes do we process your data?

Processing applications received by the controller, taking actions in the wake of such applications, facilitation of exercising data privacy rights of data subjects and data processing related to incident management.

What are the legal grounds for processing your data?

When processing is necessary for the purposes of the legitimate interests pursued by the controller (GDPR Article 6 paragraph (1) item f)).

The controller shall facilitate the exercise of data subject rights (GDPR Article 12 paragraph (2)), and to investigate personal data breach incidents – if any – and to notify the supervisory authority (data protection authority) as well as the data subject, pending on the severity of the breach (GDPR Articles 33 and 34).

Are you obliged to provide your data?

For the purposes of exercising data privacy rights, the performance of the associated queries, as well as in the case of a potential data privacy incident (such as a hacker attack) processing of the personal data of the data subject concerned (especially his or her name and the contact details provided to us) might become necessary. In this scope the controller might request to have the aforementioned personal data made available to it, and – in the case of electronic communication, when the identification of the data subjects is necessary –, the photocopy of the personal identity card, passport or driving licence of the data subject concerned (for instance: by sending the PDF file recording the photocopy in an e-mail attachment). These duplicated copies will only be processed for the purposes of verification of the identity of the person concerned, subsequently they will be immediately and irreversibly erased.

What data do we process?

The application received by the controller, name and contact details of the data subject (in particular: permanent address, e-mail address).

In the case of electronic communication means, if the identification of the data subjects requires so, the photocopy of the personal identity card, passport or driving licence of the data subject concerned. Such copies will be erased immediately after inspection and will not be retained.

How long do we store your data?

Your data will be recorded for a period of 5 years (Article 6:22 paragraph (1) of the Civil Code – unless provided for otherwise, claims shall become superannuated in a five years term). The photocopy of the personal identity cards, passports or driving licences of data subjects will not be stored or retained.

To whom do we transmit your personal data?

Personal data of the data subject might be transmitted to the data protection authority and to our legal representative, should there be any proceedings in progress at the competent data protection authority (in particular in the case of a data protection incident, if the weight and nature thereof mandates such an action).

Access

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

a)     the purposes of the processing;

b)     the categories of personal data concerned;

c)     the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries;

d)     where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

e)     the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

f)      the right to lodge a complaint with a supervisory authority; and

g)     where the personal data are not collected from the data subject, any available information as to their source.

Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.

The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.

Rectification

You shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you and your incomplete personal data completed, including among others by means of providing a supplementary statement.

Please note that by reporting any changes in your personal data you shall facilitate for the Data Controller to maintain accurate and up to date data about you.

Restriction

You shall have the right to obtain from the controller restriction of processing where one of the following applies

-       the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data;

-       the processing is unlawful but you oppose the erasure of the personal data and request the restriction of their use instead;

-       the controller no longer needs the personal data for the purposes of the processing, but they are required by your for the establishment, exercise or defence of legal claims,

-       You have objected to processing of your data. In such a case the restriction shall be pending for the period of the verification whether the legitimate grounds of the controller override those of the data subject.

Withdrawal of your consent

In the event the legal grounds for data processing is your consent, You are entitled to withdraw your consent any time. Please note if you withdrew your consent, former data processing activities carried out by the controller shall not become unlawful.

You may find guidance in the section “What are the legal grounds for processing your data?” of the Privacy Policy on the cases where the controller relies upon your consent for data processing.

Objection

You shall have the right to object to processing of personal data concerning you, provided the ground for processing data is the lawful interest of the Controller. For more information on this subject please refer to the part “Legal grounds for processing your data” of this Privacy Policy.

Provided you raised objection to processing your data, the controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, your rights and freedoms or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

Erasure

You shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay to erase personal data without undue delay where one of the following grounds applies:

-       the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,

-       You have withdrawn consent on which the processing is based and where there is no other legal ground for the processing,

-       You object to the processing of your data and there are no overriding legitimate grounds for the processing,

-       Your personal data have been unlawfully processed,

-       the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

Data portability

In the event the processing is based on your consent or on the performance of a contract concluded with you, and the processing is carried out by automated means, You shall have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.

The exercise of the right referred to above shall be without prejudice to the provisions laid down with respect to the right to erasure (right to be forgotten) and furthermore it shall not adversely affect the rights and freedoms of others.

Complaint

You are entitled for lodging a complaint with a supervisory authority – in particular in a Member State of your habitual residence, workplace or the location of the presumed violation of the law –, if according to your judgement the processing of the personal data concerning you is in conflict with the provisions laid down in the GDPR. For the contact details of each supervisory (data protection) authority within the European Union see: https://edpb.europa.eu/about-edpb/board/members_hu. In Hungary, the competent authority is the following: Hungarian National Authority for Data Protection and Freedom of Information (1055 Budapest, Falk Miksa utca 9-11.; mailing address: 1363 Budapest, PO. Box: 9.; Telephone number: +36-1-391-1400; fax: +36-1-391-1410; e-mail: ugyfelszolgalat@naih.hu; webpage: https://naih.hu/). Additionally, you are also entitled to lodge a complaint with the competent court in order to enforce your rights. Such a proceeding can be launched at the court of the Member State of your habitual residence. Such a law suit in Hungary falls within the competence of the High Court. You may also file an action – at your sole discretion – at the High Court with a jurisdiction at your permanent residence or place of stay. You may find details on the jurisdiction, competence, authority and contacts of the court (High Court) at: www.birosag.hu.