Introduction

This document contains the guidelines of Filipper Ltd. (Hereinafter: Controller) regarding the management of personal data. Here you find information about the types of personal data we handle, the purpose and legal basis of our data management process, duration of data storage and access to personal data, and detailed information about your rights regarding privacy and data management.

How do we process personal data?

Filipper Ltd., as Controller, will handle all personal data and information made available to them (e.g. ID numbers, contact details, etc.) according to the legislation governing the processing of personal data and the free flow of such data; in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (General Data Protection Regulation – GDPR) and in accordance with relevant Hungarian data protection legislation.

If you, as a user, have any question that is not clearly answered in this guide, please write to us and we will answer your question. Although Filipper Ltd. is committed to keeping the quality of services at the highest level, it does not assume any liability for damages resulting from the use of the system.

In accordance with Act XII of 2011 (“Infotv”) Section 6 (3) and Article 8 (1) of the GDPR, the consent or subsequent approval of a legal guardian is not required for the validity of the legal declaration of minors over the age of 16.  For minors below the age of 16 the legal declaration of consent must be approved by the parent or guardian. Filipper Ltd. is not in a position to verify such approvals, therefore the user warrants authenticity.

For the management of personal data during the provision of services, Filipper Ltd. selects and manages IT tools to ensure:

  • accessibility to authorized persons (availability);
  • authenticity and authentication (authenticity of data management)
  • verifiable constancy (data integrity);
  • protection against unauthorized access (data confidentiality).
  • provision of adequate backup for the IT data and the context, with the required parameters based on the retention period for each data, thereby guaranteeing the availability of the data during the retention period and permanently deleting all stored information after the expiry of the retention period.

This data management guide regulates data management for the following page:

www.filippergrip.com (http://filippergrip.com/)

The data management guide is available here: GoDaddy.com

Controller information and contact:

Name: Filipper Kft.

Registered address: 1116 Budapest, Sopron út 68. 3./ 2.

Tax number: 26276285-2-42

Company registration number: 01 09 321547

Representative: Filip Gergő Krisztián, Executive Director

E-mail:  gergo.filip@filippergrip.com

Telephone: +36205640625

 

Data processors:

  • Hosting service provider

Name: GoDaddy.com, LLC is a wholly-owned subsidiary of GoDaddy Inc.

Registered address: Corporate Headquarters 14455 N. Hayden Rd., Ste. 226

Scottsdale, AZ 85260 USA
Phone number: 01 653 5976

Fax number: (480) 624-2546

Email address: HQ@godaddy.com

 

-Involvement and scope of data management:

All personal data provided by users.

 

-Persons involved:

All website users.

 

-Purpose of data management:

Making the website available and ensuring adequate functionality.

 

-Duration of data management, deadline of deletion:

Until the agreement between Controller and the hosting service provider is terminated, or the user notifies the hosting service provider of cancellation request.

 

-Legal basis of data management:

GDPR Article 6 Paragraph (1), points c) and f), as well as CVIII of 2001 13/A. § (3) on certain issues of electronic commerce services and services relevant to information society.

 

  • Website operator

 

Name: Rottenbacher Tamás entrepreneur

Registration number: 51044857

Tax number: 67982839-1-41

 

-Involvement and scope of data management:

All personal data provided by users.

 

-Persons concerned:

All website users.

 

-Purpose of data management:

Making the website available and ensuring adequate functionality.

 

-Duration of data management, deadline of deletion:

Until the agreement between Controller and the hosting service provider is terminated, or the user notifies the hosting service provider of cancellation request.

 

-Legal basis of data management:

GDPR Article 6 Paragraph (1), points c) and f), as well as CVIII of 2001 13/A. § (3) on certain issues of electronic commerce services and services relevant to information society.

 

  • MailChimp newsletter service provider – The Rocket Science Group, LLC

Registered address: 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, Georgia 30308

Data management information: https://www.sendinblue.com/gdpr/

  • ActiveCampaign, LLC

Registered address: 1 North Dearborn St, 5th Floor, Chicago, IL 60602

Data management information: https://www.activecampaign.com/legal/privacy-policy

Principles of personal data management

Personal data:

  • will be managed in a lawful and fair manner and transparency is ensured for users (“legal, fair and transparent procedures”);
  • will be collected only for specified, clear and legitimate purposes and not be processed in any way incompatible with those purposes; is not considered incompatible with the original purpose in accordance with Article 89 (1) to collect personal data for archiving in the interest of the public, for scientific and historical research purposes, or for statistical purposes (“purpose limitation”);
  • data management must be relevant and suitable, and limited to the necessary extent only (“data saving”);
  •  must be accurate and updated if necessary; all reasonable measures must be taken to delete or rectify personal data that are inaccurate for the purposes of the data management (“accuracy”);
  • will be stored in a way that only allows the identification of users for the duration necessary to personal data management purposes; personal data may be stored longer only if it is in accordance with Article 89 (1), allowing personal data management for archiving in the interest of the public, for scientific and historical research purposes, or for statistical purposes, keeping in mind the technical and organizational arrangements which serve the protection of users’ rights and liberty (“limited storage”).
  • adequate security of personal data should be provided in all circumstances, using appropriate technical or organizational measures including protection against unauthorized or unlawful handling, accidental loss, destruction or damage, (“integrity and confidentiality”).

 

  • Controller is responsible for compliance with the above, and must be able to verify compliance (“accountability”).

Use of cookies

Cookies are unique sequences for identifying and storing profile information, information files placed on the user’s device by the service providers. Cookies allow websites to record data regarding the user’s browsing habits (for example, storing preferences and settings; they help with sign-in; display personalized ads and analyze how the site works). However, the sequence stored in the cookie itself is only suitable for recognizing the user’s computer, and cannot identify the user individually.

The content of cookies is protected by high-level encryption against third-party access. Cookies used on the Filipper Ltd. website do not contain viruses and do not damage your computer.

 

We hereby notify our users that the download of the cookies operated by our website requires your informed consent according to Act C of 2003 on Electronic Communications and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Therefore, when you first visit the website of Filipper Ltd, you will see a pop-up window at the bottom of the screen, notifying you that Filipper Ltd. uses cookies, and showing a link to further information. My clicking “YES”, you accept cookies. If consent is denied or revoked, our website will not send cookies to Users’ devices.

 

Legal basis and duration of data management, Controller identity, users’ rights

  • Legal basis of data management when using cookies:

The voluntary consent of the user, by making the informed decision to click “OK” on the pop-up window offering short information about the use of cookies.

  • Duration of data management when using cookies :

Depends on the cookie, as specified in the table.

  • Parties authorized to manage data on the website, related to the use of cookies:

GoDadd.com Ltd. (registered address: Corporate Headquarters 14455 N. Hayden Rd., Ste. 226 Scottsdale, AZ 85260 USA company registration number: 51044857 Data is accessible to GoDaddy.com Ltd. and data processors employed by them.

  • Users’ rights:

Users may request access to their personal data, rectification, deletion, or restricted management of their personal data, and may at any time withdraw their consent to data management. Filipper Ltd. (registered address: 1116 Budapest, Sopron út 86. 3./.2 .; registration number: 01-09-321547) will respond without undue delay, no later than one month after receipt of such requests; should the request be refused, the company is liable to give reasonable justification for refusal.  Users may file complaints at the National Bureau for Data Protection and Freedom of Information (1125 Budapest, Szilágyi Erzsébet fasor 22/c, telephone: +36 (1) 391-1400, fax: +36 (1) 391-1410, email: ugyfelszolgalat@naih.hu, website: www.naih.hu)

Session cookies:

These cookies are created only for the duration of your visit and are automatically deleted after the visit ends. They aim to make our website more user-friendly and secure. They are the site’s own cookies, primarily based on session identifiers, which will expire at the latest when the session is closed (temporary, with a few hours of durability). Session cookies track users’ data entries, such as filling online forms or shopping with a virtual basket. The service provider specifically needs these cookies to provide information society related services, and the cookies are linked to the user’s activities (such as filling a form or clicking a button).

Valid until the end of the session, or before, as specified in the table below:

The website contains the following session cookies:

Name of cookieFunction, short description, purpose of data managementValidity and durationData accessed and managed by cookie
cookielawinfo-checkbox-necessaryThis cookie checks logical values to see whether the visitor’s browser has  JavaScript supportUpon the closing of the website session the session cookie is deletedPersonal data of the user is not registered, only the data related to the activities of the website session
cookielawinfo-checkbox-non-necessaryPrevious click on the “Yes” button of the cookie banner is saved and stored100 daysPersonal data of the user is not registered, only the data related to the activities of the website session

 

External cookies

When using this website, 3rd party cookies may be placed on the user’s device to facilitate the sharing of content on social networking sites, or the preparation of website traffic statistics. If the browser returns a previously saved cookie, the cookie provider has the option of linking the user’s current visit to the previous ones, on web pages where the external provider’s cookies are used.

Google Analytics

The independent measuring and auditing of our website traffic and other web analytical data is assisted by external servers (www.google.com/analytics/). For data management by external cookies used by Google, please refer to http://www.google.com/intl/hu/policies for further information.

The following external providers placed the cookies listed below on the website:

Name of external providerName of cookieFunction, short description, purpose of data managementValidity and durationData accessed and managed by cookie
Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043 USA)

www.google.com/analytics

Differentiation between individual users2 yearsUser IP address, website path, duration, date and time of browsing, performance measurement of visited pages.
Blocks specific incoming requests1 minute
Differentiation between individual users

 

24 hours

Google Adwords conversion tracking

Controller uses an online advertising program called “Google AdWords” and uses Google’s conversion tracking. Google conversion tracking is a Google Inc. analytical service (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; „Google“).

When User accesses a web page via Google Ad, a cookie for conversion tracking will be placed on their computer. The validity of these cookies is limited, and they do not contain any personal information, so the User cannot be identified by them.

When User browses certain pages of the website, and the cookie has not yet expired, Google and the data manager can see that the user has clicked on the ad.

All Google AdWords users are assigned an individual cookie, so no follow-up is possible via the websites of AdWords clients.

The information obtained through conversion tracking cookies is designed to generate conversion statistics for AdWords clients who use conversion tracking. This way, clients are informed about the number of users who click on their ad and proceed to a site with a conversion tracking tag. However, they do not get access to information that could identify any user.

If you do not wish to participate in conversion tracking, you can disable the use of cookies in your browser. By doing so, you ensure that you are not included in the conversion tracking statistics.

For further information, and to read Google’s privacy policy, please visit:  www.google.de/policies/privacy/

Cookie management

  • Users can choose to delete cookies from their devices or disable the acceptance of cookies in their browser. Usually, you can manage cookies in the Tools / Options menu of your browsers under Privacy / History / Settings, in “Cookies” or “Tracking”.
  • Allowing cookies is not essential for the operation of the website, but improves the browsing experience and performance. You may delete or disable cookies, but in this case some features of the website may not function properly.
  • The information stored by cookies is not used to identify you, and sample data is kept under our supervision. The information stored by cookies is used solely for the purposes described here.
  •  If you do not want to accept certain types of cookies, you can set your browser not to allow the placement of a unique identifier, or to warn you if the website wants to send a cookie.
  • To learn more about these features and adjust your cookie settings, check the instructions or help screen of your browser, or use the link below to turn on and off online behavioural ads for specific providers:  http://www.youronlinechoices.com/hu/ad-choices

Assistance for cookie settings:

Definitions

    • Controller: a natural or legal person, public authority, agency or any other body that defines the purpose and means of managing personal data independently or with others; if the purpose and means of data management are defined by EU or Member State legislation, the specific requirements of the appointment of the controller, or the person/company appointed as controller may be set by Union or Member State legislation;

 

  • Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

 

  • Data management: any automated or non-automated operation or set of operations dealing with personal data or data files, such as collection, recording, systematization, subdivision, storage, alteration, inquiry, access, use, transmission, distribution or other means of disclosure, synchronization or linking, limitation, or deletion;
  • Personal data: any information relating to an identified or identifiable natural person (“Person concerned”); identifies a natural person who is identifiable, directly or indirectly, by reference to an identifier, such as name, number, location, online identifier or one or more factors relating to the physical, physiological, genetic, intellectual, economic, cultural or social identity;
  • Recipient: any natural or legal person, public authority, agency or any other body to which personal data are disclosed, whether or not they are third parties. Public authorities which have access to personal data in accordance with Union or Member State law in the context of a specific investigation shall not be considered recipients; the management of such data by these public authorities must be in accordance with the applicable data protection regulations relevant to the purposes of the data processing;
  • Consent (of persons concerned): definite declaration of informed and voluntary consent, whereby the person concerned clearly declares or confirms consent to management of their personal data;
  • Data protection incident: damage to security that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access of personal data transmitted, stored or otherwise processed.

Newsletter, direct marketing

-Purpose of data management:

-The purpose of data management is to send bi-weekly electronic newsletters that promote the services of Controller to the persons who subscribe to the e-mail newsletters of Filipper Ltd.

– If Controller wishes to use personal data for purposes other than the one stated above, concerned parties will be informed about all the relevant details via the usual means of contact.

-Legal basis, duration and extent of data management:

The legal basis for data management is the prior and voluntary consent of the person concerned (subscriber). Newsletter subscription is subject to data provision and data management consent.

–Data management will take place from the date of subscription until the date of unsubscription (withdrawal of consent) or until the Controller ceases sending newsletters.

-Controller manages the following data of newsletter subscribers:

  1. first name
  2. e-mail address

Controller shall forward the above data to a third party only upon prior written consent of the person concerned, or in the course of fulfilment of a legal obligation.

  • XLVIII of 2008 on the Basic Terms and Limitations of Advertising Activities, § 6 specifies that User may give prior and informed consent to the Service Provider to send advertisements and other mailings to the contact details given at the time of registration.
  • Moreover, Client may consent to Service Provider managing personal data necessary for sending promotional materials, keeping in mind the terms and conditions specified in this document.
  • Service Provider will not send unsolicited advertising and User may unsubscribe any time, for any reason, free of charge. In this case, Service Provider will delete all personal data – kept for the purpose of sending advertisements – and wil not send further promotions to User.

-Scope and purpose of data collection and data management:

Personal dataPurpose of data management
Name, e-mail addressIdentification, newsletter subscription.
Date of subscriptionTechnical requirement.
Subscription IP addressTechnical requirement.

 

-Persons concerned:

All newsletter subscribers.

 

-Purpose of data management:

sending e-mails (e-mail, SMS, push notifications) containing advertisements, providing up-to-date information on products, promotions, new features, etc.

 

-Duration of data management, deadline of deletion:

data management ceases upon withdrawal of consent, that is, the unsubscription of User.

 

-Potential controllers authorized to access data; recipients of personal data:

Sales and marketing staff employed by Controller may manage personal data, in accordance with the above guidelines.

 

-Rights of Persons concerned, with regard to data management:

Persons concerned may request access to their personal data, rectification, deletion, or restricted management of their personal data, and may object to the processing of such personal data. Persons concerned also have the right to data storage, data portability and withdrawal of consent at any time.

-The access, deletion, modification, or restriction of personal data, portability of data, or objection against data processing may be initiated in the following way:

via e-mail to hello@filippergrip.com e-mail address.

 

Users may unsubscribe any time, free of charge.

-Legal basis of data management:

consent of User, Article 6. section (1) points a) and f), XLVIII of 2008 on the Basic Terms and Limitations of Advertising Activities, § 6 section (5):

The advertiser, the advertising service provider, or the publisher of the advertisement keeps a record of the personal data of the persons giving consent, as defined in the consent details. The data contained in this database, relating to the recipients of the advertisement, may only be managed in accordance with the consent statement until withdrawal, and transferred to third parties only with the prior consent of the persons concerned.

Please note that data management is based on your informed consent.

Failing to provide the required data means that we cannot send you newsletters.

Customer relations and other data management issues

Should questions or problems arise during the use of Controller’s services, please get in touch via the contact details specified on the website (e-mail, social media, etc.)

Controller will delete incoming emails, messages, data provided over Facebook etc., as well as name and e-mail address of inquirers and any other personal data provided voluntarily after a maximum of 2 years from the date of the disclosure.

Information on data management issues not listed in this document is provided upon registering any data concerned.

In special cases, Service Provider is obliged to provide information, data and documents, or make information, data and documents available upon request of the authorities or other organizations authorized by law.

In such cases, the Service Provider issues personal data to the requesting party – if it specifies the exact purpose and scope of the request- only to the extent strictly necessary for the purpose of the request.

Complaints

-Scope and purpose of data collection and data management:

Personal dataPurpose of data management
First name and surnameIdentification, contact.
E-mail addressIdentification, contact.
Billing address and nameIdentification, issues and complaints regarding products ordered.

 

-Persons concerned:

All customers filing a complaint about product quality on the website.

– Duration of data management, deadline of deletion:

Copies of the record of the complaint, of the transcript and of the response given shall be kept for 5 years, as per CLV 1997 on Consumer Protection Act 17 / A. § (7).

-Potential controllers authorized to access data; recipients of personal data:

Sales and marketing staff employed by Controller may manage personal data, in accordance with the above guidelines.

-Rights of Persons concerned, with regard to data management:

Persons concerned may request access to their personal data, rectification, deletion, or restricted management of their personal data, and may object to the processing of such personal data. Persons concerned also have the right to data storage, data portability and withdrawal of consent at any time.

-The access, deletion, modification, or restriction of personal data, portability of data, or objection against data processing may be initiated in the following way:

via e-mail to hello@filippergrip.com e-mail address.

-Legal basis of data management:

GDPR article 6. paragraph (1) point c), and Consumer Protection Act 1997. CLV. 17/A. § (7)

Please note that the provision of personal data is based on a contractual obligation.

The processing of personal data is a prerequisite for concluding the contract.

Failing to provide the required data prevents us from dealing with your complaint.

Social media

– Scope and purpose of data collection and data management:

Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc. registered name and public profile picture.

-Persons concerned:

All persons registered on Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc. who “Like” the website.

 

-Purpose of data collection:

Sharing and promoting the website itself, or certain contents, products, sales and promotions of the website on social media.

 

-Duration of data management, deadline for deletion of data, identity of potential data controllers and the rights of persons concerned:

Information regarding the source of data, management thereof, and the mode and legal basis for data transfer can be found on the social media sites. Data management is carried out on social networking sites, so the duration, mode and possibilities of deleting and modifying data are governed by the regulations of the social networking site.

 

-Legal basis of data management:

Persons concerned give express consent on social media sites, allowing management of their personal data .

 

Rights and legal remedy options of persons concerned, regarding data management

 

Revoking consent

Persons concerned have the right to revoke consent to data management at any point, but this does not nullify the legality of prior data management carried out during the period while consent was still valid.

 

Access

Persons concerned have the right to receive feedback from Controller regarding any ongoing management of their personal data, and if there is ongoing data management, persons concerned have the right to access personal data and the following information:

  1. a) purpose of data management;
  2. b) categories of relevant personal data;
  3. c) categories of recipients who (or which) were or will be notified of personal data, in particular third country recipients and international organizations;
  4. d) in certain cases, prospective duration of data storage, or, if an exact period cannot be specified, then the criteria of determining the duration ;
  5. e) the rights of persons concerned to request rectification, deletion, or restricted management of their personal data, and object to the processing of such personal data.;
  6. f) the right to file a complaint with the supervisory authorities;
  7. g) all the available information regarding the source of data, provided that it was not collected by the persons concerned.

 

Rectification

Persons concerned are entitled to having inaccurate personal data rectified by Controller without undue delay. Taking into account the purpose of data management, persons concerned are entitled to request the completion of incomplete personal data, by means of supplementary declaration.

 

The right to object

Persons concerned have the right to object at any time, for personal reasons, to the processing of their personal data based on the legitimate interests of the Controller. In this case, the Controller may not manage the personal data any longer, unless Controller proves that further data management is justified by compelling legal reasons that take precedence over the interests, rights and personal freedom of persons concerned, or further data management is related to the presentation, validation or defence of legal claims.

 

Deletion and restriction

Upon request, persons concerned have the right to ask Controller to delete their personal data without undue delay, and Controller is obliged to delete personal data without undue delay if one of the following reasons exists:

  1. a) personal data which was collected or managed is no longer needed for the original purpose;
  2. b) persons concerned revoke their consent forming the basis of data management, and data management has no other legal basis;
  3. c) persons concerned object to data management and there is no other legitimate, reason that takes precedence over the objection;
  4. d) personal data was managed illegitimately;
  5. e) personal data must be deleted in order to fulfil a legal obligation under EU or Member State law applicable to the controller;
  6. f) the collection of personal data was related to the provision of information society services offered directly to children.

The above regulations are not applicable if data management is necessary for any of the following:

  • to exercise the right to freedom of expression and information;
  • to fulfil an obligation under EU or Member State law that governs the processing of personal data, or to perform a task carried out in the interest of the public, or by public authority delegated to Controller.;
  • for the purpose of preparing archives of public interest, for scientific and historical research purposes or for statistical purposes, if the right to delete data is likely to hinder significantly or make the above mentioned purposes  ; or
  • for the presentation, validation or defence of legal claims.

 

– Persons concerned have the right to request Controller to restrict data management for any of the following reasons:

  1. a) persons concerned doubt the accuracy of personal data, in which case restriction applies for the time it takes Controller to check the accuracy of personal data;
  2. b) data management is illegitimate and persons concerned do not wish the data to be deleted but prefer restriction of use;
  3. c) Controller no longer needs personal data of the persons concerned, but they need said data for the presentation, validation or defence of legal claims ; or
  4. d) persons concerned objected to data management, in which case restriction applies for the time it takes to ascertain whether the rightful justifications of Controller take precedent over the rightful justifications of the persons concerned.

If data management is restricted, such personal data may be processed only with the consent of the persons concerned, or for the presentation, validation or defence of legal claims or the protection of the rights of another natural or legal person, or for the public interest of the Union or a Member State.

Controller will notify in advance the persons who initiated the restriction of data management, should the restriction be revoked.

 

Portability

Persons concerned have the right to receive their personal data in a structured, widely used machine-readable format and shall be entitled to forward such data to another controller, without being obstructed by the Controller who received the personal data originally, if:

  1. a) data management is based on consent or contract; and
  2. b) data management is automated.

When exercising the right to portability of data, the persons concerned are entitled to request, if technically feasible, the direct transmission of personal data between controllers.

Please note that if receiving your personal data is not technically feasible for the target person, data portability right cannot be exercised.

Response deadlines

Controller informs you without undue delay, but definitely within 1 month of the receipt of your request, of the action taken regarding your request.

If necessary, the deadline can be extended by 2 months. Controller will inform you about the extension of the deadline by indicating the reasons for the delay within 1 month of receiving your request.

If Controller does not take immediate action following your request, you will be informed without delay, definitely within one month of receipt of the request, of the reasons for not taking action, and of your right to file a complaint with a supervisory authority and your right to seek legal remedy.

Data protection incident notification

If the data protection incident is likely to pose a high risk to the rights and freedom of natural persons, the Controller will inform the persons concerned without undue delay.

 

The information provided must clearly describe the nature of the data protection incident and the name and contact details of the data protection officer or other contact person providing further information; the
likely consequences of the data protection incident must be explained in detail; information must be provided regarding the measures taken or planned by the Controller to remedy the data protection incident, including, where appropriate, measures to mitigate any adverse consequences arising from the data protection incident.

Persons concerned do not have to be notified if:

-Controller has implemented appropriate technical and organizational protection measures, which have been applied to the data affected by the data protection incident; in particular: measures such as encryption, which make the personal data unintelligible for unauthorised viewers;

-following the data protection incident, Controller implemented further measures whinch ensure that the high risk to the rights and freedom of persons concerned is going to be avoided;

-notification would require disproportionate efforts. In this case persons concerned should be notified via public announcements or similar measures which offer an effective way to inform all persons concerned.

If Controller has not yet notified the persons concerned of the data protection incident, the supervisory authority, after considering whether the data protection incident is likely to pose a high risk, may order the persons concerned to be informed.

Notifying the authorities of data protection incidents

The supervisory authority must be notified without undue delay and, if possible, no later than 72 hours after the data protection incident has come to the attention of Controller, pursuant to Article 55, unless the data protection incident is unlikely to pose a risk to the rights and freedom of natural persons. If the notification is not made within 72 hours, justification of the delay must be provided.

The following laws and regulations were taken into consideration when preparing this document:

  • Protection of natural persons with regard to personal data management and free circulation of such data, and repeal of Regulation 95/46/EK (General Data Protection Law) REGULATION 2016/679 OF THE EUROPEAN PARLIAMENT AND COUNCIL (EU) (27.04.2016)
  • CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (Infotv.)
  • CVIII. of 2001 on certain aspects of electronic commerce services and information society services (ECommerce Act). (in particular 13/A. §)
  • Act XLVII of 2008 on the Prohibition of Unfair Commercial Practices against Consumers;
  • Act XLVIII of 2008 on Essential Conditions of and Certain Limitations to Business Advertising (in particular 6.§)
  • Act XC of 2005 on the Freedom of Information by Electronic Means
  • Act C of 2003 on Electronic Communications (in particular 155.§)
  • Opinion 16/2011 on EASA/IAB Best Practice Recommendation on Online. Behavioural Advertising
  • Recommendation of the National Data Protection and Freedom of Information Authority on data protection requirements for prior notification
  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

 

Legal remedy

Persons concerned may complain to the National Authority for Data Protection and Freedom of Information in the event of a breach of personal data management regulations.

Name: National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság)

Registered address: 1024 Budapest, Szilágyi Erzsébet fasor 22/C.

Postal address: 1530 Budapest, Pf.: 5.

Email: ugyfelszolgalat@naih.hu

Website: http://www.naih.hu

 

In addition, persons concerned may initiate a legal remedy court proceedings against Controller or the data processors employed by Controller, before the court of competent jurisdiction.

 

Dated: 25.05.2018