Privacy Policy
Greenstic Kft.
EFFECTIVE: 10.01.2020 FROM DATE TO WITHDRAWAL
Data of the data controller:
- Company name: Greenstic Kft. hereinafter Greenstic
- Headquarters: 2836 Baj, Tóvárosi út 1/A.
- Tax number: 26797447-2-11
- Company registration number: 11-09-027460
- Represented by: Managing Director Krisztián Balázs
- Phone number: +36 70 344 21 11
- E-mail address: info@greenstic.hu
The purpose of the Data Management Notice:
The data controller acknowledges the content of this legal notice as binding.
The purpose of this Data Management Notice is to inform partners and customers about the management of their personal data. The data manager handles personal data exclusively in accordance with the provisions of the applicable laws and in strict compliance with the provisions of the data management and data protection provisions, taking into account the principles of legality, fair procedure and transparency, purposefulness, data economy, accuracy, and limited storage capacity.
The data controller takes all technical and organizational measures to ensure that the personal data of its partners is secure, according to the European Parliament and Council (EU) 2016/679. handle it in the manner prescribed by its regulation.
In accordance with the above, the data controller restructured its everyday activities, developed its regulations, records, document samples, and information sheets. The data protection guidelines arising in connection with the data management of the data controller are continuously available at the data controller's headquarters and website. The data manager reserves the right to change this information at any time.
Of course, you will notify your audience of any changes in good time.
In order to protect the personal data of its committed partners and customers, the data manager considers it of utmost importance to respect the right of its customers to self-determination of information. The data controller treats personal data confidentially and takes all security, technical and organizational measures that guarantee data security.
The data controller describes its data management practices below.
The personal, material and temporal scope of the Data Management Notice:
The personal scope of this Data Management Notice covers the data controller, as well as the natural persons whose data is included in the data processing covered by this Notice, as well as the persons whose rights or legitimate interests are affected by the data processing.
The material scope of the Notice covers all data processing that occurs in the course of the data controller's activities (except for internal (for example, employee-related) data processing). This Notice enters into force on the day of approval and is valid indefinitely until further notice.
Definitions of more important terms:
Personal data : any information relating to an identified or identifiable natural person. A natural person can be identified directly or indirectly, in particular by an identifier, such as a name, number, location data, online identifier, or one or more of the natural person's physical, physiological, genetic, mental, economic, cultural or social identity. can be identified based on a factor.
Special data: all data belonging to special categories of personal data, i.e. personal data referring to racial or ethnic origin, political opinion, religious or worldview beliefs or trade union membership, as well as genetic data, biometric data aimed at unique identification of natural persons, health data and personal data concerning the sexual life or sexual orientation of natural persons.
Data management: any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or otherwise by making available, coordinating or linking, limiting or destroying. Data controller: the natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others.
Data processor: the natural person or legal entity, public authority, agency, or any other body that processes personal data on behalf of the data controller.
Joint data controllers: if the purposes and means of data management are determined jointly by two or more data controllers, they are considered joint data controllers.
Third party: the natural or legal person, public authority, agency or any other body that is not the same as the data subject, the data manager, the data processor, or the persons who have been authorized to process personal data under the direct control of the data manager or data processor .
The consent of the data subject: the voluntary, specific and clear declaration of the will of the data subject based on adequate information, with which the data subject indicates by means of a statement or an act clearly expressing the confirmation that he gives his consent to the processing of personal data concerning him.
Data protection incident : a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise handled.
Legal data management by the data controller:
Personal data is processed by the data controller only in the following cases: if the data subject has given his consent to the processing of his personal data for one or more specific purposes, the data processing is necessary for the performance of a contract to which the data subject is a party, the data processing is for the fulfillment of a legal obligation to the data controller
necessary, data processing is necessary to protect the vital interests of the data subject or another natural person, data processing is necessary to enforce the legitimate interests of the data controller or a third party.
The data controller examines the legality of data management in every phase of its activity, and only processes data for which it can prove its purpose and legal basis.
In the event that a condition of a legal basis ceases, data processing can only be continued if the data controller can prove another suitable legal basis.
As a general rule, the method of proving the legal grounds is in writing, the reference
even in the case of a legal basis created by conduct, it must be examined whether it can be clearly justified afterwards. In case of doubt, with regard to the aspects of reasonableness and economy, efforts should be made to confirm in writing the data management created by referring behavior.
In the case of data processing based on consent, the data subject gives his written consent to the processing of his personal data. Consent is not formally bound, but subsequent verifiability requires paper or electronic written consent.
Fulfillment of a legal obligation is data processing based on a legal basis
independent of your consent, as data management is determined by law.
Regardless of the mandatory nature of the data processing, the data subject must be informed before the data processing begins that the data processing is mandatory and cannot be avoided, and the data subject must be given clear and detailed information about all significant facts related to the processing of his data before the data processing begins.
According to the GDPR (General Data Protection Regulation), it is also possible to process personal data if the data processing is necessary for the performance of a contract in which the individual concerned is one of the parties, or the data processing or data collection is necessary to take steps at the request of the data subject prior to the conclusion of the contract . The data controller may process personal data for the purpose of concluding, fulfilling, or terminating the contract with the legal basis of performance of the contract.
Management of personal data at the data controller:
The data controller mainly retails and wholesales eco products
deals with distribution. The products are sold in the web store operated by the data controller (www.greenstic.hu). In carrying out this activity, the data controller comes into contact with the personal data of natural persons.
It carries out the following data management activities:
A.) The data controller in connection with the sale of the products it distributes
accepts orders on its website (www.greenstic.hu). The customers
they can be both private individuals and legal entities. After registration, the customer can shop in the online store. After logging in (by entering an e-mail address and password), customers can view their previous orders, the status and current status of ongoing orders, and it becomes easier for them to place a new order, since they do not have to enter their data again. During registration, the data manager requests the customer's name (in the case of a legal entity, company name), customer's address (invoicing, shipping), e-mail address, and phone number. The legal basis for the processing of personal data is the fulfillment of contractual obligations. In the case of a legal entity, the contact person's personal data may be processed based on the data subject's consent.
After preparing the ordered products, the data controller issues an invoice to the customer's name and address. The personal data handled in this way is processed in order to fulfill the obligation written in the law. The customer's data is also forwarded to the delivery company. During the registration and purchase, the buyer declares that he has read and accepts the contents of the Data Management Information of the data controller.
B.) In the course of performing the duties of the data controller, the e-mail addresses of partners and customers,
manages their phone numbers, fulfilling their contractual obligations, presenting their activities and products, or their individual consent
according to
C.) In the performance of the duties of the data controller, with delivery and service companies,
may also be related to subcontractors. In the case of an individual or a sole proprietorship partner, the legal basis for data management is the fulfillment of contractual obligations, and the data management of the legal person's contact person is carried out with the consent of the contact person.
D.) The data controller also operates a Facebook page, where personal data is also processed. The data controller also promotes its activities and the products it sells on the Facebook page. This page is used by the data controller for marketing purposes, and its additional purpose is to familiarize interested parties with its products. Occasionally, a prize draw is organized on the social site. In this case, the winner's personal data (name, address, telephone number, e-mail address) will be processed.
- ) The data controller also has an Instagram profile, where the followers' personal data is also managed.
- ) The website of the data manager (www.greenstic.hu) uses cookies during its operation.
The data controller keeps a data management record of the above-mentioned data management. THE
the register also includes the deadlines for erasing personal data. The register forms an appendix to this Data Management Information.
Data processors and joint data controllers connected to the data manager:
If the data management is carried out by someone else on behalf of the data controller, the data controller may only use data processors that provide adequate guarantees for compliance with the requirements of the General Data Protection Regulation, or implement appropriate technical and organizational measures that ensure the protection of the rights of the data subjects.
The data controller hereby declares that in the course of his work he only
contacts data processors who have an adequate guarantee of compliance with the GDPR regulation and the implementation of appropriate technical and organizational measures ensuring the protection of the rights of the data subjects. The relevant declarations of the data processors are available.
Data processor is the accounting firm employed by the data controller:
Expert Kft.
Address: 1075 Budapest, Károly krt. 3/A. II/3.
Company registration number: 01 09 566941
Regarding the issuance of invoices, the data controller's partner:
CO3 Kft.
Address: 2600 Vác, Szüret u. 19.
Company register number: 13 09 151981
In order to pay by bank card, the entrepreneur's data processor, who is also an independent data controller:
SIX Payment - Worldline Financial Services (Europe) SA
Address: 1034 Budapest, Tímár u. 20.
Company registration number: 01 09 302898
The legal basis for processing personal data is the performance of the contract, and then this
following the fulfillment of the statutory retention obligation.
The courier service companies contracted with the data controller are the following:
GLS General Logistics Systems Hungary Csomag-Logisztikai Kft.
Address: 2351 Alsónémedi, GLS Európa utca 2.
Company registration number: 13-09-111755
The company that provides hosting for the data controller's website is also the same
qualifies as a data processor:
Magyar Hosting Kft.
Address: 1132 Budapest, Victor Hugo utca 18-22.
Company registration number: 01 09 968314
The server of the data controller's mail system is also a data processor:
Magyar Hosting Kft.
Address: 1132 Budapest, Victor Hugo utca 18-22.
Company registration number: 01 09 968314
The contracted data processing and data management partners manage the personal data of the partners solely on the basis of the instructions given by the data manager (except for the application of legal requirements), assuming an obligation of confidentiality.
Data management related to contracts concluded by the data controller:
Customer contracts:
The data controller accepts orders on its website (www.greenstic.hu) in connection with the sale of the products it distributes. Buyers can be both private individuals and legal entities. After registration, the customer can shop in the online store. After logging in (by entering an e-mail address and password), registered customers can view their previous orders, the status and current status of ongoing orders, and it becomes easier for them to place a new order, since they do not have to enter their data again. Both during registration and in the case of an order without registration, the data manager requests the customer's name (in the case of a legal entity, also the company name), the customer's address (invoicing, delivery), e-mail address, and telephone number. The legal basis for the processing of personal data is the fulfillment of contractual obligations. In the case of a legal entity, the contact person's personal data may be processed based on the data subject's consent. After preparing the ordered products, the data controller issues an invoice to the customer. The invoice contains the customer's name and address, and possibly his tax number. Issuing the invoice is the legal obligation of the data controller. The legal basis for the processing of the personal data included in the account is therefore the fulfillment of a legal obligation. The invoice is subject to the retention obligation prescribed in § 169 of the Accounting Act, according to which the data manager will keep the invoice and thus also the personal data (8 years), taking into account the retention period written there.
Supplier contracts:
The data controller may also be in contact with supplier and service companies and subcontractors. In the case of a private person or sole proprietorship partner, the legal basis for data management is the fulfillment of contractual obligations, in the case of a contact person of a legal entity, the legal basis is the consent of the data subject based on adequate information. The data controller fills out a consent statement with the companies' contacts, in which they are informed of their rights and consent in relation to personal data
requests to be able to manage their data. In such cases, the legal basis for the processing of personal data is the express, written, and properly informed consent of the data subject to data processing. If the contract with the partner has been terminated and the statutory preservation obligation does not apply to the preservation of data and documents, the telephone numbers and e-mail addresses will be deleted. The retention of personal data included in the contract and invoice also takes into account the legal retention obligation (8 years).
Invoices issued to customers and the personal data on them
his treatment:
The data controller issues an invoice to the customer for the consideration of the product. The invoice contains the customer's name and address, and possibly his tax number. Issuing the invoice is the legal obligation of the data controller. The legal basis for the processing of the personal data included in the account is therefore the fulfillment of a legal obligation. The account is subject to the retention obligation prescribed in § 169 of the Accounting Act, according to which the data controller also keeps personal data (8 years) taking into account the retention period written there.
Children's data, management of special categories of personal data:
The data subject registers and purchases on the website of the data controller
declares that he has reached the age of 16. A person under the age of 16 may not register or make purchases on the website of the data controller, given that, based on Article 8 (1) of the GDPR, the consent of their legal representative is required for the validity of their legal declaration containing their consent to data management. The data controller is unable to check the consenting person's age and eligibility, so the data subject guarantees that the data provided is true.
The data controller does not record any special data brought to the attention of the data controller or to which it has become aware. If this type of data has entered any of the data controller's systems without the data controller's knowledge, it will be deleted from the system immediately upon detection.
Procedure used when storing e-mail addresses and telephone numbers:
In the course of its activity, the data controller also learns the e-mail address and telephone number of its partners and customers. It handles the personal data entered into its system in this way primarily in order to fulfill its contractual obligations. If the contract with the partner has been terminated and the statutory preservation obligation does not apply to the preservation of data and documents, the telephone numbers and e-mail addresses will be deleted. In some cases, the data controller still has a legitimate interest in preserving the data, in which case he requests the express and written consent of the data subject to preserve his personal data.
Website of the data controller:
The data controller primarily presents it on its own website (www.greenstic.hu).
activities and the products it markets. The website provides visitors with information on the contact details of the data controller and the opportunity to contact and make purchases.
The website of the data controller uses cookies during its operation.
Personal data management during shopping and registration on the website:
The data controller accepts orders through its website in connection with the sale of the products it distributes. Buyers can be both private individuals and legal entities. After registration, the customer can shop in the online store. After logging in (by entering an e-mail address and password), customers can view their previous orders, the status and current status of ongoing orders, and it becomes easier for them to place a new order, since they do not have to enter their data again. Both during registration and in the case of an order without registration, the data manager requests the customer's name (in the case of a legal entity, also the company name), the customer's address (invoicing, delivery), e-mail address, and telephone number. The legal basis for the processing of personal data is the fulfillment of contractual obligations. In the case of a legal entity, the contact person's personal data may be processed based on the data subject's consent. Personal data is stored by the data controller for 8 years, taking into account the statutory retention period.
In connection with the purchase and registration on the website of the data controller, the data subject declares that he has reached the age of 16. A person under the age of 16 may not purchase from the data controller or register on the website, given that pursuant to Article 8 (1) of the GDPR, the consent of their legal representative is required for the validity of their legal declaration containing their consent to data management. The data controller is unable to check the consenting person's age and eligibility, so the data subject guarantees that the data provided is true.
Social pages of the data controller:
The data controller also operates a Facebook page, where personal data is also processed. The data controller also promotes its activities and presents its products on the Facebook page. This page is used by the data controller for marketing purposes, so that interested parties can learn about the products it sells. Occasionally, a prize draw is organized on the social site. The winner's personal data (name, address, telephone number, e-mail address) will be processed here
in the case.
https://www.facebook.com/greenstic/
The data controller also provides comprehensive personal support via Facebook. If you ask him a question via Facebook, he tries to answer it as soon as possible. The information obtained on the Facebook page is used exclusively to answer your question, not for further advertising purposes.
The purpose of using the Facebook page: advertising on the social media interface, providing information. Facebook can also use the data for its own purposes, including profiling the data subject and targeting them with advertisements.
In order to be able to contact the controller via Facebook, you must log in. For this purpose, Facebook also requests, stores and processes personal data. The data controller has no influence on the type, scope and processing of this data, and does not receive personal data from the Facebook operator. You can find more information about this on the Facebook page.
The data controller occasionally organizes a prize draw on its Facebook page. In such cases, the personal data of the winner will be processed in order to forward the prize. The data controller manages the winner's data based on the data subject's consent and keeps it in accordance with the statutory retention period. The personal data of followers on the Facebook page is handled by the data controller in accordance with their consent, and the consent is considered given when the person in question likes, follows the page, posts, or writes a comment on them.
The data controller is already present on the social media site Instagram with the following profile:
https://www.instagram.com/greenstic/
Followers' personal data is handled on the Instagram page. Data management is carried out on the legal basis of consent given through tracking.
Complaint handling related to the activities of the data controller:
In this case, the purpose of the data management is to enable the communication of the complaint, to identify the person concerned and his complaint, as well as to record the data that must be recorded by law, as well as to investigate the complaint and maintain contact related to its settlement. making a complaint is based on voluntary consent, but in the case of a complaint, the administration, and thus the handling of personal data - CLV of 1997 on consumer protection. by law - mandatory.
The data controller will keep the record of the complaint and a copy of the response for 5 years, and on this basis will also process personal data during this period.
Security of data management:
The data controller undertakes to take care of the security of the data, to take the technical and organizational measures and to maintain the procedural rules that ensure that the recorded, stored and managed data are protected, as well as to prevent their destruction, unauthorized use and unauthorized change. You also undertake to call on all third parties to whom you forward or transfer the data to comply with the requirement of data security.
The data controller ensures that no unauthorized person can access, disclose, transmit, modify, or delete the processed data. The managed data can only be seen by the data controller and the data processor(s) used by it, it will not be passed on to third parties who are not authorized to see the data.
The data controller pays particular attention to the security of the personal data of its partners and customers.
It acts in full compliance with the legal provisions and requires this from all its partners. The protection of personal data includes both physical data protection (storing documents in a lockable room) and IT protection (use of antivirus, password protection).
The data controller stores the personal data provided by the data subject primarily on the servers equipped with the usual protection systems of the data processor(s) specified in this Data Management Notice, partly on its own IT devices, and in the case of paper data carriers, at its headquarters, properly locked.
Those concerned acknowledge and accept that, in case of providing their personal data, data protection cannot be fully guaranteed on the Internet and in the computer system. In the event of unauthorized access or knowledge of data - despite the efforts of the data controller - it is necessary to proceed as described in this information.
The rights of those affected by data management:
Transparent information:
This Data Management Notice also serves the purpose of providing clear, concise,
provide transparent, comprehensible information to the data controller
about data management activities.
Access right:
The data subject is entitled to receive feedback from the data controller
regarding whether and if your personal data is being processed
such data processing is in progress, you are entitled to access your personal data and the following information:
a.) the purpose of data management,
b.) categories of personal data concerned,
c.) the recipients to whom the personal data were disclosed,
d.) the planned period of storage of personal data.
You can request information about the above data from the data controller at the following e-mail address:
Greenstic Kft., 2836 Baj, Tóvárosi út 1/A
E-mail: info@greenstic.hu
The data controller hereby informs you that within 30 days of your inquiry
answer. For information requests sent by post, e-
responds to requests sent by e-mail to those concerned by e-mail.
Right to rectification:
The data subject is entitled to have the data controller correct the data upon request
inaccurate personal data.
You can request information about the above data from the data controller at the following address, e-
at email address:
Greenstic Kft., 2836 Baj, Tóvárosi út 1/A
E-mail: info@greenstic.hu
The data controller hereby informs you that within 30 days of your inquiry
answer. For information requests sent by post, e-
responds to requests sent by e-mail to those concerned by e-mail.
Right to erasure:
The data subject has the right to have the data controller delete the data relating to him at his request
personal data. Based on this request, the data controller is obliged to delete the personal data if one of the following reasons exists:
1) the personal data are no longer needed for the purpose for which they were collected
collected
2.) the data subject withdraws his previously given consent and there is no other legal basis for data processing,
3.) the data subject objects to data processing and there is no priority
legitimate reason for data processing,
4.) personal data were handled illegally,
5.) to fulfill a legal obligation prescribed by EU or member state law
it is necessary to delete the data.
You can request information about the above data from the data controller at the following address, e-
at email address:
Greenstic Kft., 2836 Baj, Tóvárosi út 1/A
E-mail: info@greenstic.hu
The data controller hereby informs you that within 30 days of your inquiry
answer. For information requests sent by post, e-
responds to requests sent by e-mail to those concerned by e-mail.
Right to restrict data processing:
The data subject has the right to request that the data controller limit data processing,
especially if:
1.) disputes the accuracy of the data,
2.) considers the data processing illegal, but for some reason does not request the deletion of the data.
You can request information about the above data from the data controller at the following e-mail address:
Greenstic Kft., 2836 Baj, Tóvárosi út 1/A
E-mail: info@greenstic.hu
The data controller hereby informs you that within 30 days of your inquiry
answer. For information requests sent by post, e-
responds to requests sent by e-mail to those concerned by e-mail.
Right to data portability:
The data subject has the right to receive his/her personal data in a segmented, widely used, machine-readable format, and is also entitled to transmit this data to another data controller.
You can request information about the above data from the data controller at the following address, e-
at email address:
Greenstic Kft., 2836 Baj, Tóvárosi út 1/A
E-mail: info@greenstic.hu
The data controller hereby informs you that within 30 days of your inquiry
answer. For information requests sent by post, e-
responds to requests sent by e-mail to those concerned by e-mail.
Right to protest:
The data subject is entitled to, for reasons related to his own situation,
object to the processing of your personal data at any time, the European Parliament and the Council (EU) 2016/679. as written in Article 21 of its decree.
You can request information about the above data from the data controller at the following address, e-
at email address:
Greenstic Kft., 2836 Baj, Tóvárosi út 1/A
E-mail: info@greenstic.hu
The data controller hereby informs you that within 30 days of your inquiry
answer. For information requests sent by post, e-
responds to requests sent by e-mail to those concerned by e-mail.
The data controller undertakes to inform all recipients of the requests sent to them in connection with the above rights, to whom they have disclosed personal data, unless this proves to be impossible. He also undertakes to notify the person concerned (applicant) of the decision regarding the handling of the above requests within 30 days at the latest.
Data protection incident:
A data protection incident is a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access to personal data transmitted, stored or handled in another way.
In the case of a data protection incident, the damage to data security must be at a level that threatens serious danger, so the damage must be of such a degree that the personal data:
- with its destruction,
- by losing
- by changing
- by unauthorized communication
- accompanied by unauthorized access.
- It is considered an incident if any of the above occurs, but this does not exclude
- to achieve several points simultaneously. Not just the intentional, malicious one
- behavior, but also injuries caused by negligence. The
- an incident therefore occurs when it is caused by an accident or an illegal act.
- Examples of data protection incidents include:
- personal data on a document, portable device, or data carrier
- its illegal transmission via an IT system (e.g. by mail),
- unauthorized access to an IT system handling personal data
- or for application,
- damage to part or all of the database containing personal data,
- or loss,
- rendering part or all of the IT system unusable
- by a virus or other malicious software, etc.
In the absence of appropriate and timely measures, a data protection incident can cause physical, financial or non-financial damage to natural persons, including the loss of control over their personal data or the restriction of their rights, discrimination, identity theft, or identity abuse , financial loss, unauthorized removal of pseudonyms, damage to reputation, damage to the confidential nature of personal data protected by the obligation of professional confidentiality, or other significant economic or social disadvantage affecting the natural persons in question.
In the event of a possible data protection incident (unless the data protection incident is likely to pose no risk to the rights and freedoms of natural persons), the data controller shall immediately notify the National Data Protection and Freedom of Information Authority. As soon as the data controller becomes aware of the incident, he must report it without undue delay and, if possible, no later than 72 hours after he became aware of the data protection incident.
If the notification cannot be made within 72 hours, the reason for the delay must be indicated, and the required information must be provided in detail without further undue delay.
To report a data protection incident, the National Data Protection and
The Freedom of Information Authority operates a system specially created for this purpose on its website, through which notifications can be made electronically.
The data controller keeps records of data protection incidents, indicating the facts related to the data protection incident, its effects, and the measures taken to remedy it. The data controller must keep records of the data related to the incidents, including the reasons, the events and the scope of the personal data involved.
In addition, the register must also include the effects and consequences of the incidents, as well as the measures taken to remedy them and the data controller's conclusions (for example: why do you think that the incident does not have to be reported, or if the report is delayed, what was the reason for the delay).
It is not necessary to report to the supervisory authority the incident which
probably does not involve a risk to the rights of natural persons and
for his freedoms.
If the data protection incident is likely to involve a high risk for the rights and freedoms of the data controller's partners and customers, we will immediately inform the affected partner. In the information given to the person concerned, the nature of the data protection incident must be clearly and comprehensibly described, and the most important information and measures must be communicated.
The data subject does not need to be informed as above if any of the following conditions are met:
- the data controller has implemented appropriate technical and organizational protection measures and these measures have been applied with respect to the data affected by the data protection incident, in particular the measures that are necessary for persons not authorized to access personal data
- make the data unintelligible;
- after the data protection incident, the data controller has taken additional measures to ensure that the high risk to the rights and freedoms of the data subject is unlikely to materialize in the future;
- providing information would require a disproportionate effort. In such cases, the data subjects must be informed through publicly published information, or a similar measure must be taken that ensures similarly effective information to the data subjects.
Information about the relevant legislation:
year CXII. Act - on the right to self-determination of information and freedom of information (Info. tv.);
Right to go to court:
In the event of a violation of their rights, the data subject may apply to the court against the data controller. The court acts out of sequence in the case.
Official data protection procedure:
You can file a complaint with the National Data Protection and Freedom of Information Authority:
Name: National Data Protection and Freedom of Information Authority
Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, Pf.: 5.
Phone: 0613911400
Fax: 0613911410
E-mail: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu
Other provisions:
The data controller is the data for data management not listed in this information
provides information upon admission. In such cases, the provisions of the applicable legislation are considered to be governing.
The data controller hereby informs its clients and customers that the court, the prosecutor, the investigative authority, the infringement authority, the public administrative authority, the National Data Protection and Freedom of Information Authority, the Magyar Nemzeti Bank, or other bodies based on the authorization of the law, provide information and provide data , they can contact the data controller in order to transfer or provide documents. The data controller is for the authorities - if the authority is the exact target
and indicated the scope of the data - personal data is disclosed only to the extent and to the extent that is absolutely necessary to achieve the purpose of the request.
The website of the Data Protection Authority contains additional information about the data protection rights referred to in this Data Management Notice.
Baj, 31.03.2022.
Balázs Krisztián
managing director