Home / Privacy policy

Privacy policy

Data processing information

 

Identification of the data controller
The webshop available at https://www.pothaj-apolas.hu is operated by

Cri-Style Kft.

Company registration number: 01-09-881065

Tax number: 13943215-2-43

Registered office:  1215 Budapest, Ív utca 32.

Location:  1214 Budapest, Erdősor utca 32.

Place of business activity: Hungary

Telephone: +3630 9145937

E-mail address: info@pothaj-apolas.hu, cristile.hair.webshop@gmail.com

(hereinafter referred to as: Service Provider).

 

Legislation applicable to data processing, scope of the information

2.1. The Data Controller processes the Users' data primarily in accordance with the provisions of

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation); (The EU General Data Protection Regulation - Az Europána Unió Algortás Apadvédeny Redelete), (hereinafter: GDPR),

Act XLVIII of 2008 on the basic conditions and certain restrictions of economic advertising activity,

Act CVIII of 2001 on electronic commerce services and certain issues of information society services (Ekertv.)

 

2.2. The scope of this information applies to the data processing carried out during the use of the website available at the above-mentioned internet address (hereinafter: website), the use of the services available there and the fulfillment of orders placed in the web store.

 

2.3. For the purposes of this information, User: natural persons browsing the website, using the website’s services and ordering products from the Data Controller.

 

Legal basis for data processing

 

3.1. The legal basis for data processing carried out by the Data Controller is the User’s consent pursuant to Article 6(1)(a) of the GDPR for certain data processing, and Article 6(1)(b) of the GDPR for order-related data processing, according to which the data processing is necessary for the performance of a contract to which the User is a party.

 

3.2. In the case of data processing carried out on the basis of consent, the User provides his/her consent by checking the checkbox in front of the data processing statement placed in the relevant places. The User can read the data management information at any time by clicking on the “Data Management Information” inscription at the bottom of each page of the website, or by clicking on the link marked with the text “Data Management Information” in the data management statement mentioned in this point, with which the Data Manager provides the User with clear and detailed prior information. By checking the checkbox before the data management statement, the User declares that he has read the data management information and, knowing its content, consents to the processing of his data as described in this information.

 

3.3. In some cases, the Data Manager is obliged by law to carry out certain data management operations, or his legitimate interest may also be a legal basis for processing the data. The User can read more about these in the chapters on individual data management below.

 

Data management related to ensuring the operation of information technology services

 

4.1. The Data Manager uses cookies to operate the website and collect technical data regarding website visitors.

 

4.2. The Data Controller provides a separate information on the data processing implemented by cookies: Data processing information on the use of cookies.

 

Data processing related to receiving and responding to messages

 

5.1. Scope of data processing: Users who send messages to the Data Controller using the messaging interface available from the “Contact” menu item of the website, or by e-mail using the e-mail address(es) indicated on the website.

 

5.2. Legal basis for data processing: the User’s consent pursuant to Article 6(1)(a) of the GDPR.

 

5.3. Definition of the scope of processed data:

The User sending the message:

name,

e-mail address,

any additional data provided by the User in the message.
With regard to any additional data that the User may have provided in the message, the Data Controller only necessarily performs data processing in relation to the content of the message sent upon receipt, however, the Data Controller does not request the User to provide any personal data that may have been provided there. When such unexpected personal data is provided, the Data Controller does not store the unexpected personal data and deletes it immediately from its IT system.

 

5.4. Purpose of data processing: To enable the User to exchange messages with the Data Controller.

Related services:

writing a message on the website,
receiving a message sent via e-mail (using the e-mail address(es) indicated on the website),
responding to messages received by the Data Controller in the above ways, which the Data Controller will complete within 2 working days.

 

5.5. Duration of data processing:

It lasts until the message is answered or the User's request is fulfilled. The Data Controller deletes the data processed for this purpose after the message is answered/fulfilled. If the information exchange takes place through several related message exchanges, the Data Controller deletes the data after the information exchange is completed or after the request is fulfilled.

If a contract is concluded as a result of the message exchange and the content of the messages is essential for the contract, the legal basis and duration of the data processing are as described in the "Order-related data processing" section (order-related data processing).

 

5.6. Method of storing the data: In a separate data processing list in the Data Controller's IT system.

 

Data processing related to sending a newsletter

 

6.1. The data subject is the User who has subscribed to the newsletter by filling in the fields on the website and checking the consent declaration.

 

6.2. Legal basis for data processing: the User’s consent pursuant to Article 6(1)(a) of the GDPR and Section 6(1) and (2) of the Personal Data Protection Act. The User gives voluntary consent by reading this data processing information and filling in the fields for subscribing to the newsletter, ticking the consent statement there. By doing so, the User declares that he/she consents to the processing of his/her data as specified in the data processing information and to the sending of newsletters.

In addition to sending useful information, the newsletter service also aims at direct business acquisition by the Data Controller. The User may subscribe to this service regardless of the use of other services. The use of this service is voluntary and is based on the User’s decision made after appropriate information has been provided. If the User does not use the newsletter service, this will not disadvantage him/her in terms of using the website and its other services. The Data Controller does not make the use of its direct marketing service a condition for the use of any other of its services.

 

6.3. Definition of the scope of processed data:

name,
e-mail address.

 

6.4. Purpose of data processing: sending newsletters by the Data Controller to the User via e-mail. Sending newsletters means sending information about the Data Controller's service, news and current events, attention-grabbing offers, advertising and sales promotion content.

 

6.6. Duration of data processing: The Data Controller processes the data processed for the purpose of sending the newsletter until the User withdraws their consent to this (unsubscribes) or until the data is deleted at the User's request.

 

6.7. Method of storing the data: On a separate data processing list in the Data Controller's IT system.

 

Data processing related to registration

 

7.1. The scope of data processing: Users registering on the website.

 

7.2. Legal basis for data processing: the User's consent pursuant to Article 6(1)(a) of the GDPR. The User provides voluntary consent by completing the data form displayed during registration and checking the box before the data processing declaration, and finally by clicking the button required to finalize the registration.

 

7.3. Definition of the scope of data processed: In the case of registering users, data processing concerns the scope of personal data and contact details indicated on the registration form referred to above.

The scope of data:

last name,
first name,
e-mail address,
password.

Purpose of data processing: facilitating registration on the website and regular purchases.

The related services:

creating a personal account for the User,
facilitating the online ordering of products by storing the data necessary for the fulfillment of the order and enabling the User to independently modify this data,
storing previous orders and making them accessible to the User in the user account.
7.4. Duration of data management: In the case of registered Users, the duration of data management lasts until deletion at the request of the registered User. Data management may also be terminated by the deletion of the registration by the User or by the deletion of the User's registration by the Data Controller. The User may delete his/her registration at any time or request its deletion from the Data Controller, which request shall be executed by the Data Controller immediately, but no later than 10 working days after receipt of the request.

 

7.5. Method of data storage: In a separate data management list in the Data Controller's IT system.

 

Order-related data management

 

8.1. The scope of data processing: Users placing orders on the website.

 

8.2. Legal basis for data processing: Article 6(1)(b) of the GDPR, according to which data processing is necessary for the performance of a contract to which the User is a party.

8.3. Definition of the scope of processed data: data processing concerns the following personal data and contact details.

The User's

surname
first name
billing address
telephone number
e-mail address
delivery address
designation of ordered product(s)
purchase price of ordered product(s)
method of receipt/delivery
method of payment
other information provided by the User at the time of ordering, which may be necessary for the fulfillment of the order
date of order
date of payment

8.4. Purpose of data processing: conclusion and fulfillment of the contract resulting from the order.

 

8.5. Duration of data processing: the above data processed for the fulfillment of the order is processed by the Data Controller for the period necessary to fulfill the obligation to retain documents arising from the Accounting Act. This period is at least 8 years from the date of issue of the invoice, after which the Data Controller deletes the data within one year.

During the delivery required to fulfill the order, the processing of the data necessary for this purpose (name, delivery address, telephone number) lasts until the delivery is completed. When transmitting the data necessary for the delivery to the carrier, the Data Controller applies a data processing restriction, according to which the carrier may only process the transmitted data to the extent and for the period necessary for the delivery.

However, the carrier may have a legitimate interest in retaining the above data or part of it for a certain period in the event of possible complaints, claims, or civil disputes. However, it does this as an independent Data Controller; more information about this can be found in the data processing information of the given service provider. Such service providers used by the Data Controller can be found in the chapter entitled “Using a Data Processor” of this information, where the contact details of their websites containing their data processing information are also indicated.

Any additional data processed during the order – e.g. messages of the User and the Data Controller with essential content related to the order – will be processed by the Data Controller until 5 years from the conclusion of the contract – the general limitation period applicable to civil law claims.

 

8.6. Method of storing the data: On a separate data management list in the Data Controller’s IT system, or on accounting documents in order to fulfill the document retention obligation required by the Accounting Act.

 

Data transfer

 

9.1. Scope of data transfer: Users who choose an online payment method during the order on the website, regardless of the use of other services provided by the website.

 

9.2. Recipient of the data transfer:

9.2.1 OTP Mobil Kft. (https://simplepay.hu/)

Company registration number: 01-09-174466

Registered office: 1143 Budapest, Hungária krt. 17-19

SimplePay Online Payment System Data Processing Information [ Download ].

 

9.2.2 * SHOPTET Kft. ( https://www.shoptetpay.com/hu/ )

Registered office number: 01-09-357795

Tax number: 27933460-2-41

Registered office: MILLENÁRIS AVANTGARDE OFFICE BUILDING, 1024 Budapest
Hungary, Fény utca 16. / 3rd floor

Location: 1024 Budapest, Hungary, Fény utca 16, 3rd floor,

Place of business: 1024 Budapest, Hungary, Fény utca 16, 3rd floor,

Telephone: +3612344578

E-mail address: info@shoptetpay.hu

a business company, as a provider of online payment services available on the Data Controller's website.

 

9.3. Legal basis for data transfer: the legitimate interest of the Recipient pursuant to Article 6(1)(f) of the GDPR.

The Recipient is obliged to operate a fraud prevention and detection system in connection with the provision of the payment service under the applicable laws and is entitled to process the personal data necessary for this purpose. The Recipient has established a system in accordance with its legal obligation, the operation of which requires data transfer by the Data Controller. Accordingly, the Recipient has a legitimate interest in operating a fraud prevention and detection system in order to fulfill its legal obligations.

The legitimate interest of the Data Controller and the Recipient is to prevent fraud and ensure the proper functioning of online payments. The proper functioning of the payment service is related to the main source of income of both organizations. In addition, this is also in the interest of the User, especially to avoid misuse of bank card data.

The transfer of data enables the screening and detection of fraud and the removal of obstacles that may arise during the payment process.

The data processed during the User's reservation/order are transferred through an electronic channel providing encrypted data traffic, exclusively to the Recipient and only in the event of an online bank card payment, which the Recipient does not use for any other purpose. It follows from all this that the transfer of data does not pose a significant risk to the User and does not have any further noticeable impact on him/her.

The transmission of data is necessary to achieve the goals described here, and is also suitable for making the payment service more secure.

Taking into account the above and the built-in guarantee measures, the data transmission does not constitute an unjustified interference with the privacy of Users, therefore the transmission of data is a necessary and proportionate data processing operation.

9.4. The scope of the transmitted data:

the products placed in the shopping cart during the purchase and the purchase data appearing in the cart (prices, costs),
name,
telephone number,
e-mail address,
address.
The User provides the bank card data provided during the payment directly to the payment service provider, so they do not come into the possession of the Data Controller.

 

9.5. Purpose of data transfer: Proper operation of the payment service and technical execution of the payment, confirmation of transactions, operation of fraud monitoring – a fraud detection system supporting the control of bank transactions initiated electronically – carried out in order to protect the interests of users, and provision of customer service assistance to the User.

 

9.6. The User can find out more about the data processing implemented by the company providing the online payment service, the further circumstances of the data processing – including the legal basis, purpose, exact scope of data processed, and duration of data processing – on the company’s website.

 

9.7. The data controller does not transfer data to third parties for business or marketing purposes.

 

9.8. Apart from the above cases, the data controller only transfers data to authorities in the event of a legal obligation.

 

Use of a data processor
The data controller uses the following economic entities as data processors.

 

10.1. Hosting provider

10.1.1. Data subjects: Users visiting the website, regardless of the use of the services provided by the website.

10.1.2. The Data Controller uses as a data processor

Shoptet Kft.

Company registration number: 01-09-357795

Tax number: 27933460-2-41

Registered office: MILLENÁRIS AVANTGARDE OFFICE BUILDING, 1024 Budapest
Hungary, Fény utca 16. / 3. em.

Location: 1024 Budapest, Hungary, Fény utca 16, 3rd floor,

Place of business: 1024 Budapest, Hungary, Fény utca 16, 3rd floor,

Telephone: +3619555895

E-mail address: info@shoptet.hu

a business company as a web hosting service provider (hereinafter referred to as: Data Processor).

 

10.1.3. Definition of the scope of data subject to data processing: the data processing concerns all data specified in this information.

10.1.4. Purpose of data processing: to ensure the operation of the website in terms of information technology.

10.1.5. Duration of data processing: the same as the data processing periods indicated in this information for data processing regulated according to the data processing purposes affecting each data group.

10.1.6. The processing of data means only providing the storage space necessary for the IT operation of the website.

 

 

10.2. Website developer

 

10.2.1. The scope of data processing: Users visiting the website, regardless of the use of the services provided by the website.

10.2.2. The Data Controller uses as a data processor

Shoptet, as

Company registration number: 28935675

Tax number: CZ28935675

Registered office: Dvořeckého 628/8, 169 00 Prague 6, Czech Republic

Telephone: +420 604 600 444

E-mail address: info@shoptet.cz

Website: https://www.shoptet.cz/

a business company as the developer of the website (hereinafter referred to as the Data Processor).

 

10.2.3. Definition of the scope of data subject to data processing: data processing concerns all data specified in this notice.

 

10.2.4. Purpose of data processing: to ensure the operation of the website in the information technology sense by means of data processing manifested in the necessary information technology operations.

10.2.5. Duration of data processing: is the same as the data processing periods indicated in this notice for data processing regulated according to the data processing purposes affecting each data group.

10.2.6. Data processing means exclusively the technical operations necessary for the IT operation of the website.

 

10.3. Data processing related to sending newsletters.

 

10.3.1. Scope of data subject to data processing: Users who subscribe to the newsletter on the website, regardless of the use of other services provided by the website.

10.3.2. The Data Controller uses as a data processor

*name of the company providing the e-mail marketing service

Company registration number:

Tax number:

Head office:

Location:

Place of business:

Telephone:

E-mail address:

as the developer and maintainer of the newsletter sending software used by the Data Controller (hereinafter referred to as the Data Processor).

 

10.3.3. Definition of the scope of data affected by the data processing: the data processing concerns the name and e-mail address of the User subscribing to the newsletter.

10.3.4. Purpose of data processing: the Data Controller is responsible for sending the newsletter ensuring the operation of the software used for sending newsletters in the information technology sense, through data processing manifested in the technical operations necessary for the safe operation of the software.

10.3.5. Duration of data processing: Until the User withdraws his consent to send newsletters (unsubscribes) or until the data is deleted at the User's request.

10.3.6. Data processing means exclusively the technical operations necessary for the IT operation of the newsletter sending software.

 

10.4. Data processing related to the delivery of a product.

 

10.4.1. The scope of data processing: Users who order the product with delivery to the address they have indicated.

10.4.2. The data controller uses the following as a data processor:

GLS General Logistics Systems Hungary Csomag-Logisztikai Kft.

Company registration number: 13 09 111755

Tax number: 12369410-2-44

Head office: 2351 Alsónémedi GLS Európa u. 2.

Location: H-2351 Alsónémedi GLS Európa u. 2.

Place of business: Alsónémedi, GLS Európa utca 2.

Telephone:  (+36 29) 886 700

E-mail address: info@gls-hungary.com

as the service provider delivering the products (hereinafter referred to as the Data Processor), and

Foxpost Zrt.

Company registration number: 10-10-020309 (registered by the Commercial Court of Eger)

Tax number: 25034644-2-10.
Registered office: 3300 Eger, Maklár út 119.
Mailing address (also branch office): 1097 Budapest, Könyves Kálmán körút 12-14.
www.foxpost.hu
Electronic contact of the Service Provider: info@foxpost.hu
Telephone contact of the Service Provider: +36-1-999-0369
Customer service address: 1097 Budapest, Könyves Kálmán körút 12-14. 3rd floor.
Customer service telephone number: +36-1-999-0369 (hereinafter referred to as: Data Processor 2.).

Magyar Posta Zrt.
Company registration number: 01 10 042463

Tax number: 10901232244

Head office: 1138 Budapest, Dunavirág u.2-6., Postal address: Budapest 1540

Location: Budapest X. district. Üllői út 114-116.

Place of business: Hungary

Telephone: +36-1-767-8200
Website: http://www.posta.hu
Email: ugyfelszolgalat@posta.hu

as the service provider delivering the products (hereinafter referred to as the Data Processor),

 

GLS General Logistics Systems Hungary Csomag-Logisztikai Kft.

Company registration number: 13 09 111755

Tax number: 12369410-2-44

Registered office: 2351 Alsónémedi GLS Európa u. 2.

Location: H-2351 Alsónémedi GLS Európa u. 2.

Place of business: Alsónémedi, GLS Európa utca 2.

Telephone:  (+36 29) 886 700

Email address: info@gls-hungary.com

as the service provider delivering the products to the collection point (hereinafter referred to as the Data Processor), and

Foxpost Zrt.

Company registration number: 10-10-020309 (registered by the Commercial Court of Eger)

Tax number: 25034644-2-10.

Registered office: 3300 Eger, Maklár út 119.

Mailing address (also branch office): 1097 Budapest, Könyves Kálmán körút 12-14.
www.foxpost.hu
Electronic contact of the Service Provider: info@foxpost.hu
Telephone contact of the Service Provider: +36-1-999-0369
Customer service address: 1097 Budapest, Könyves Kálmán körút 12-14. III. floor.
Customer service phone number: +36-1-999-0369 (hereinafter referred to as: Data Processor).

as the service provider delivering the products to the collection point (hereinafter referred to as: Data Processor), and

Magyar Posta Zrt.
Company registration number: 01 10 042463

Tax number: 10901232244

Head office: 1138 Budapest, Dunavirág u.2-6., Postal address: Budapest 1540

Location: Budapest X. ker. Üllői út 114-116.

Place of business: Hungary

Telephone: +36-1-767-8200
Website: http://www.posta.hu
Email: ugyfelszolgalat@posta.hu

as a service provider delivering products to the collection point (hereinafter referred to as the Data Processor).

 

GLS General Logistics Systems Hungary Csomag-Logisztikai Kft.

Company registration number: 13 09 111755

Tax number: 12369410-2-44

Registered office: 2351 Alsónémedi GLS Európa u. 2.

Location: H-2351 Alsónémedi GLS Európa u. 2.

Place of business: Alsónémedi, GLS Európa utca 2.

Telephone:  (+36 29) 886 700

E-mail address: info@gls-hungary.com

as the service provider delivering the products to the collection point (hereinafter referred to as the Data Processor), and

Foxpost Zrt.

Company registration number: 10-10-020309 (registered by the Commercial Court of Eger)

Tax number: 25034644-2-10.
Registered office: 3300 Eger, Maklár út 119.
Mailing address (also branch office): 1097 Budapest, Könyves Kálmán körút 12-14.
www.foxpost.hu
Electronic contact of the Service Provider: info@foxpost.hu
Telephone contact of the Service Provider: +36-1-999-0369
Customer service address: 1097 Budapest, Könyves Kálmán körút 12-14. 3rd floor.
Customer service telephone number: +36-1-999-0369 (hereinafter referred to as: Data Processor).

Magyar Posta Zrt.
Company registration number: 01 10 042463

Tax number: 10901232244

Head office: 1138 Budapest, Dunavirág u.2-6., Postal address: Budapest 1540

Location: Budapest X. district. Üllői út 114-116.

Place of business: Hungary

Telephone: +36-1-767-8200
Web address: http://www.posta.hu
Email: ugyfelszolgalat@posta.hu

as a service provider delivering products to the collection point (hereinafter referred to as: Data Processor).

10.4.3. Data subject to data processing definition of the scope of data: data processing in order to fulfill the contract (delivery) resulting from the User's order affects the following data of the User:

last name,
first name,
telephone number,
delivery address.
10.4.4. Purpose of data processing: within the framework of the fulfillment of the contract resulting from the User's order, to deliver the ordered product to the address indicated by the User, if necessary, by coordinating the place and time of delivery by telephone.

10.4.5. Duration of data processing: lasts for the time necessary to complete the delivery and delivery.

10.4.6. Data processing means exclusively the data processing operations necessary to complete the delivery and delivery.

 

10.5. Data processing related to the generation of invoices.

10.5.1. The scope of data processing: Users placing orders on the website, regardless of the use of other services provided by the website.

10.5.2. The Data Controller uses as a data processor

Shoptet Kft.

Company registration number: 01-09-357795

Tax number: 27933460-2-41

Registered office: MILLENÁRIS AVANTGARDE OFFICE, 1024 Budapest
Hungary, Fény utca 16. / 3. em.

Location: 1024 Budapest, Hungary, Fény utca 16, 3rd floor,

Place of business: 1024 Budapest, Hungary, Fény utca 16, 3rd floor,

Telephone: +3619555895

E-mail address: info@shoptet.hu

as the developer and maintainer of the invoicing software used by the Data Controller (hereinafter referred to as the Data Processor).

 

10.5.3. Definition of the scope of data affected by the data processing: the data processing concerns the name and address of the user placing the order, as well as the designation of the ordered item(s) and/or service(s), the date of purchase and the receipts containing the purchase price, delivery fee and any other fees.

10.5.4. Purpose of data processing: to ensure the operation of the software used by the Data Controller for issuing invoices in the IT sense, through data processing in the technical operations necessary for the secure operation of the software.

10.5.5. Duration of data processing: for the period necessary to fulfill the obligation to retain documents arising from the Accounting Act - 8 years from the date of issuance of the invoice.

10.5.6. Data processing means exclusively the technical operations necessary for the IT operation of the software used for issuing invoices.

 

10.6. Data processing related to accounting services.

 

10.6.1. The scope of data processing: Users placing orders.

10.6.2. The Data Controller uses as a data processor

Edith Line Bt.

Company registration number: 01-06-745372

Tax number: 21107425-1-43

Registered office: 1202 Budapest, Vaskapu u. 8.

Location: 1202 Budapest, Vaskapu u. 8.

Place of business activity: Hungary

Telephone: 06704231104

E-mail address: edithline@gmail.com

 

as the accountant of the Data Controller’s economic activities (hereinafter referred to as the Data Processor).

 

10.6.3. Definition of the scope of data affected by data processing: data processing concerns the name and address of the User placing the order, as well as the information on the receipts containing the designation of the ordered item(s), the date of purchase and the purchase price, delivery fee and any other fees.

10.6.4. Purpose of data processing: to fulfill the accounting obligations prescribed by law for the economic activity carried out by the Data Controller by using the services of the above Data Processor.

10.6.5. Duration of data processing: no longer than the time necessary to fulfill the obligation to retain documents arising from the Accounting Act – until deletion in the year following the 8th year from the date of issue of the invoice.

10.6.6. Data processing only includes operations necessary for the fulfillment and verification of accounting obligations.

 

10.7. Data processing is not carried out for any other purpose.

 

10.8. The Data Controller does not use any other data processor other than the Data Processors indicated above.

 

User's rights related to data processing

 

11.1. Right of access: Upon the User's request, the Data Controller shall provide information about the User's data processed by it or by the Data Processor entrusted by it or at its request, their source, the purpose, legal basis, duration of the data processing, the name, address of the Data Processor and its activities related to the data processing, the circumstances, effects of any data protection incident that may have occurred and the measures taken to remedy it, and - in the case of the transfer of the personal data of the data subject - the legal basis and recipient of the data transfer. The Data Controller shall provide the information without undue delay, but no later than one month from the receipt of the request.

Within the framework of the right of access, the Data Controller shall provide the User with a copy of the personal data that is the subject of the data processing shall make available to the User, no later than one month from the date of receipt of the request. For additional copies requested by the User, the Data Controller may charge a reasonable fee based on administrative costs.

 

11.2. Right to data portability: The User shall have the right to receive the personal data concerning him or her, which he or she has provided to the Data Controller, in a structured, commonly used and machine-readable format and shall have the right to transmit such data to another data controller without hindrance from the data controller to which the personal data have been provided, if:

the data processing is based on the User’s consent or on a contract; and
the data processing is carried out by automated means.

In exercising the right to data portability as above, the User shall have the right – where technically feasible – to request the direct transmission of the personal data between data controllers.

 

11.3. Right to rectification: The User may request the rectification of his/her processed data, which the Data Controller shall comply with without undue delay, but no later than one month from the date of receipt of the request. Taking into account the purpose of the data processing, the User shall have the right to request the completion of incomplete personal data, including by means of a supplementary statement.

 

11.4. Right to restriction of data processing: The Data Controller shall mark the personal data it processes for the purpose of restricting data processing. The User shall have the right to request that the Data Controller restrict data processing at his/her request if one of the following applies:

the User contests the accuracy of the personal data, in which case the restriction shall apply for a period enabling the Data Controller to verify the accuracy of the personal data;
the data processing is unlawful and the User opposes the erasure of the data and instead requests the restriction of their use;
the Data Controller no longer needs the personal data for the purposes of the data processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or
the User has objected to the processing based on the legitimate interests of the Data Controller; in this case, the restriction shall apply for the period until it is determined whether the legitimate interests of the Data Controller override those of the data subject.

 

11.5. Right to erasure: The Data Controller shall erase the personal data if:

the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

the User withdraws his/her consent on which the data processing is based and there is no other legal basis for the data processing;

the User objects to the data processing and there are no overriding legitimate grounds for the data processing, or the User objects to the data processing for direct marketing purposes;

the personal data have been processed unlawfully;
the personal data must be erased for compliance with a legal obligation under Union or Member State law to which the controller is subject;
the User requests erasure or objects to the processing, and the personal data were collected in connection with the provision of information society services directly to children.
The Controller shall notify the User concerned of the rectification, restriction and erasure, as well as all controllers to whom the data have previously been transmitted. Notification may be omitted if it proves impossible or involves a disproportionate effort. Upon request, the Controller shall inform the User of these recipients.

 

11.6. Right to object: The User has the right to object at any time, for reasons relating to his or her own situation, to the processing of his or her personal data based on the legitimate interests of the Controller. In this case, the data controller may no longer process the personal data, unless the data controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

 

Fulfillment of User requests

12.1. The above information and action shall be provided free of charge by the Data Controller. If the request of the User concerned is manifestly unfounded or, in particular, excessive due to its repetitive nature, the Data Controller, taking into account the administrative costs of providing the requested information or taking the requested action:

may charge a reasonable fee, or
may refuse to take action on the request.

 

12.2. The Data Controller shall inform the User without undue delay, but no later than one month from the date of receipt of the request, of the measures taken in response to the request, including the provision of copies of the data. If necessary, taking into account the complexity of the request and the number of requests, this deadline may be extended by two additional months. The Data Controller shall inform the User of the extension of the deadline, indicating the reasons for the delay, within one month of receipt of the request. If the User concerned submitted his/her request electronically, the Data Controller shall provide the information electronically, unless the User concerned requests otherwise.

 

12.3. If the Data Controller does not take action following the request of the User concerned, it shall inform the data subject without delay, but no later than one month from receipt of the request, of the reasons for the failure to take action, and that the User concerned may file a complaint with the data protection authority specified below and exercise his/her right to judicial remedy as stated therein.

 

12.4. The User may submit his/her requests to the Data Controller in any manner that allows for the identification of his/her person. The identification of the User submitting the request is necessary because the Data Controller can only fulfill requests to those authorized to do so. If the Data Controller has reasonable doubts about the identity of the natural person submitting the request, it may request the provision of additional information necessary to confirm the identity of the User concerned.

 

12.5. User requests can be sent by post to the Data Controller at 1215 Budapest, Ív utca 32., or by e-mail to info@pothaj-apolas.hu. The Data Controller will only consider a request sent by e-mail to be authentic if it is sent from the e-mail address provided by the User to the Data Controller and registered there, however, using another e-mail address does not mean that the request is ignored. In the case of e-mail, the date of receipt shall be considered the first working day following the sending.

 

Data protection, data security

13.1. The Data Controller ensures the security of data within the scope of its data management and data processing activities, and ensures the enforcement of legal regulations and other data and confidentiality rules by means of technical and organizational measures and internal procedural rules. It protects the processed data with appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage, as well as against inaccessibility resulting from changes in the technology used.

 

13.2. The data serving as the basis for measuring attendance and mapping the habits of using the website are recorded by the Data Controller's IT system from the beginning in such a way that they cannot be directly linked to any person.

 

13.3. The data are processed only to the extent necessary and proportionate to achieve the legitimate purpose specified in this information, based on the relevant laws and recommendations, with appropriate security measures.

 

13.4. To this end, the Data Controller uses the "https" scheme http protocol to access the website, with which web communication can be encrypted and uniquely identified. In addition, in accordance with the above, the Data Controller stores the processed data in encrypted data files, separated by data processing purpose, which can be accessed by specific employees of the Data Controller - performing tasks related to the activities specified in this information - whose job responsibility is to protect the data and to handle it responsibly in accordance with this information and the relevant laws.

 

Legal enforcement
The data subjects may exercise their legal enforcement options in court, and may contact the National Data Protection and Freedom of Information Authority:

National Data Protection and Freedom of Information Authority
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
Postal address: 1530 Budapest, Pf.: 5.
Telephone: +36 1 391 1400
Fax: +36 1 391 1410
E-mail: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu/

In the event of choosing the court route, the lawsuit - at the choice of the affected User - can also be initiated before the court of the affected User's place of residence or residence, as the adjudication of the lawsuit falls within the jurisdiction of the court.

2023.05.11.

Subscribe to newsletter