Privacy Policy

Privacy and Cookie Policy effective March 21, 2020

Judit Takács e.v. (hereinafter: Service Provider, Data Controller) submits to the following rules:

REGULATION (EU) No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 2016 on the protection of natural persons with regard to the processing of personal data and on the free flow of such data and repealing Regulation (EC) No 95/46 (General Data Protection Regulation) 27.), the following information is provided.

This Privacy Policy governs the privacy practices of the following pages: www.justa.hu

The Privacy Policy is available at www.justa.com/en/adatkezeles

Amendments to the Terms of Reference shall enter into force upon publication at the above address.

Name: Judit Takács e.v.
Headquarters: 3950 Sárospatak, Hunyadi Street 30th
67766343-1-25
Registration number: 50728598
E-mail: hello@justa.hu
Phone: +3630 278 5124

1. "Personal data" means any information relating to an identified or identifiable natural person (user); identifiable by a natural person who, directly or indirectly, in particular by virtue of one or more factors such as name, number, position, online identification or physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identified;

2. "Data management" means any operation or combination of operations, whether automatic or not, carried out on personal data or data files, such as collection, recording, filing, sorting, storing, transforming or altering, retrieving, accessing, using, communicating, distributing or otherwise making available, coordinating or linking, limiting, deleting or destroying;

3. "Controller" means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of data processing are determined by Union or Member State law, the controller or the specific criteria for designating the controller may be defined by Union or Member State law;

4. "Processor" means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;

5. "Recipient" shall mean any natural or legal person, public authority, agency or any other body to whom personal data are disclosed, whether a third party or not. Public authorities which have access to personal data in the framework of an individual investigation in accordance with Union or Member State law shall not be considered as recipients; the processing of such data by such public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;

6. "Consent of the user" means the voluntary, explicit and unambiguous expression of the will of the user, by which the user, by means of a statement or act of unequivocal confirmation, indicates his or her consent to the processing of personal data concerning him or her;

7. "Data incident" means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access of personal data transmitted, stored or otherwise processed.

The personal data:

a) must be administered in a manner which is lawful and fair and transparent to the user (“legality, due process and transparency”);

b) collected for specified, explicit and legitimate purposes and not furthered in a way incompatible with those purposes; additional processing of data for archiving purposes of general interest, scientific and historical research or statistical purposes ("purpose limitation") is not considered incompatible with the original purpose;

c) they must be appropriate and relevant to the purposes for which the data are processed and must be limited to what is necessary ('data-saving');

d) they must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data which are inaccurate for the purposes for which the data are processed are erased or rectified without delay ('accuracy');

e) it must be kept in a form which permits identification of users for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for a longer period only if they are processed for archiving purposes in the public interest, for scientific and historical research purposes or for statistical purposes, as well as appropriate technical and organizational measures to protect the rights and freedoms of data subjects subject to its implementation ("limited storage");

f) shall be handled in such a way as to ensure adequate security of personal data by appropriate technical or organizational measures, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage to the data ("integrity and confidentiality").

The controller is responsible for compliance with the above and must be able to justify such compliance ("accountability").

The data controller declares that its data management is carried out in accordance with the principles set out in this section.

OPERATING DATA RELATED TO WEBSITE OPERATION

1. The fact of collecting data, the scope of the data processed and the purpose of data management:

Personal dataPurpose of data management
E-mail addressContact, sending system messages.
Phone numberContact
Billing information (first name, last name, country, street, house number, city, state, zip code)Issuing of a proper invoice, as well as the establishment of the contract, the definition, modification, monitoring of its performance, the invoicing of the fees arising therefrom and the enforcement of claims related thereto.
Shipping data (first name, last name, country, street, house number, city, state, postal code)Enable home delivery.
Order notesImprove service delivery and clarify other issues related to transportation.
Date of orderPerform a technical operation
The order IP addressPerform a technical operation

It is not necessary for the email address to contain personal information.

2. Users: All users who buy (place an order) on the webshop.

3. Duration of data processing or deletion of data: Until the request for deletion of the data subject. Pursuant to Article 19 of the GDPR, the controller shall inform the data subject by electronic means of the deletion of any personal data provided by the data subject. If the deletion request of the data subject extends to the e-mail address provided by the data subject, the controller will delete the e-mail address after being informed. Except in the case of accounting documents, since § 169 (2) of Act C of 2000 on Accounting requires that these data be retained for 8 years.

(The accounting document (including ledger accounts, analytical and accounting records) which directly and indirectly supports the accounting records shall be preserved in a legible form for at least 8 years, retrievable by reference to the accounting records.)

4. Identity of potential data controllers entitled to access the data, recipients of personal data: Personal data may be managed by the data controller's sales and marketing staff, subject to the above principles.

5. A description of users' data management rights:

• The user may request from the controller access, rectification, erasure or restriction of the processing of personal data concerning him or her, and
• the user has the right to data portability and to withdraw the consent at any time.

6. The user can initiate the access, deletion, modification or restriction of the handling of the personal data and the portability of the data in the following ways:

- by post to 3950 Sárospatak, Hunyadi Str. 30th, Hungary,
- by email to hello@justa.hu,
- by telephone on +3630 278 5124.

7. Legal basis for data management:

7.1 Article 6. (1) (b) of the GDPR; Section 5. § (1),

7.2 Act CVIII of 2001 on Certain Issues in Electronic Commerce Services and Information Society Services 13 / A. § (3):

(The service provider may manage the personal data that is technically necessary for the provision of the service in order to provide the service. The Service Provider shall, in the event that the other conditions are identical, select and in any case operate the tools used in the provision of the information society service in such a way that personal data is processed only if it is strictly necessary for the service however, in this case only to the extent and for the time necessary.)

7.3 In the case of an invoice issued in accordance with the accounting rules, Article 6 (1) (c).

8. We inform you that,

• the data management is necessary for the performance of the contract and the making of an offer.
• is required to provide personal information to enable us to fulfill your order.
• failure to provide data will result in the inability to process your order.

 

CONTACTING

1. The fact of collecting data, the scope of the data processed and the purpose of data management:

Personal dataPurpose of data management
NameIdentification
E-mail addressContact, send reply messages
Message contentNeeded to answer
Date of contactPerform a technical operation.
Contacting IP addressPerform a technical operation.

It is not necessary for the email address to contain personal information.

2. Range of Users: Who fill out the contact form in the "Contact Us" menu on the top menu bar of the website.

3. Duration of data processing or deletion of data: It will take until the request for cancellation is made by the user.

4. Identity of potential data controllers entitled to access the data, recipients of personal data: Personal data may be managed by authorized personnel of the controller.

5. A description of users' data management rights:

• The user may request from the controller access, rectification, erasure or restriction of the processing of personal data concerning him or her, and
• the user has the right to data portability and to withdraw the consent at any time.

6. The user can initiate the access, deletion, modification or restriction of the handling of the personal data and the portability of the data in the following ways:

- by post to 3950 Sárospatak, Hunyadi Str. 30th, Hungary,
- by email to hello@justa.hu,
- by telephone on +3630 278 5124.

7. Legal basis for data management: user consent, Article 6 (1) (b) of the GDPR;

8. We inform you that,

• this data management is based on your consent.
• is required to provide your personal information in order to contact us.
• denial of data will result in your being unable to contact the Service Provider.

We also inform you that by using the "send" button in your contact data management as regulated in this section, you agree that the personal data provided by you will be handled in accordance with this policy.

 

REQUIRED DATA PROCESSORS

Transport

1. Data processing activity: Delivery of goods, transportation

2. Name and contact details of the data processor:

Name: GLS General Logistics System Hungary Csomag-Logisztikai Kft.
Headquarters: 2351 Alsónémedi, GLS Európa utca 2.
Contact: info@gls-hungary.com, 06 29 88 66 70
Web: https://gls-group.eu/HU/hu/home

Name: Magyar Posta Zrt. - MPL - Courier Service
Headquarters: 1138 Budapest, Dunavirág utca 2-6.
Contact: ugyfelszolgalat@posta.hu, 06-40-31-32-33
Web: www.posta.hu

3. Fact of data management, scope of personal data processed: Shipping name, shipping address, telephone number, e-mail address.

4. Range of users: All users requesting home delivery.

5. Purpose of Data Management: Delivery of the ordered product to your home.

6. Duration of data processing, deadline for deletion of data: It takes place until the delivery is completed.

7. Legal basis for the processing: Article 6 (1) (b) of the GDPR. The legal basis is required for delivery at the user's request.

8. User Rights:

a) You can find out about the circumstances of data management,

b) You have the right to receive feedback from the controller that your personal data is being processed and to have access to all information related to the processing.

c) You have the right to receive your personal information in a structured, widely used, machine-readable format.

d) You have the right to rectify your inaccurate personal data upon your request without undue delay.

 

Hosting provider

1. Data Processor Activity: Hosting Service

2. Name and contact details of the data processor:

Name: Magyar Hosting Kft.
Address: 1132 Budapest, Victor Hugo u. 18-22.
Contact info@tarhely.com

3. Fact of data management, scope of data processed: All personal data provided by the data subject.

4. Users: All users of the site.

5. Purpose of data management: To make the website accessible and to operate it properly.

6. Duration of Data Management, Deadline for Deletion of Data: Data management will continue until the termination of the agreement between the data controller and the hosting provider, or until the user requests the deletion of the hosting provider.

7. Legal basis for the processing of data: Article 6 (1) (f) of the GDPR and Article CVIII of the 2001 Act on certain aspects of electronic commerce and information society services. 13 / A. (3).

8. User Rights:

a) You may be informed about the circumstances of the data processing,

b) You have the right to receive feedback from the controller that your personal data is being processed and to have access to all information relating to the processing.

c) You have the right to receive your personal information in a structured, widely used, machine-readable format.

d) You have the right to rectify your inaccurate personal data upon your request without undue delay.

e) You may object to the processing of your personal data.

 

Accounting tasks, invoicing

1. Data Processor Activity: Accounting Tasks and Billing

2. Name and contact details of the data processor:

Name: Takács Antal Tamásné
Business ID: 12014236
Address: 3950 Sárospatak, 30 Hunyadi Street.
Tax number: 64846501-1-25
E-mail: artom_munka@pr.hu

3. Fact of data management, scope of data processed: Name, billing name, billing address.

4. User scope: All users who place an order on the website.

5. Purpose of data management: Electronic invoice issuance / accounting tasks

6. Period of data management, deadline for deletion of data: According to Section 169 (2) of Act C of 2000 on Accounting, 8 years.

7. Legal basis for the processing of data: Article 6 (1) (c) of the GDPR and section IV of the CVIII of 2001 on certain aspects of electronic commerce services and information society services. 13 / A. (3).

8. User Rights:

a) You may be informed about the circumstances of the data processing,

b) You have the right to receive feedback from the controller that your personal data is being processed and to have access to all information relating to the processing.

c) You have the right to receive your personal information in a structured, widely used, machine-readable format.

d) You have the right to rectify your inaccurate personal data upon your request without undue delay.

 

ADDRESSEES TO WHICH PERSONAL DATA SHALL BE COMMUNICATED (TRANSFER CASES):

Payment by credit card

1. Activities performed by the Recipient: Payment by credit card

2. Name and contact details of consignee:

Name: Barion Payment Zrt.
Address: 1117 Budapest, Infopark Promenade 1. Building I 5. Floor 5.
Web: www.barion.com
Privacy Policy: https://www.barion.com/en-us/adatvedelmi-tajekoztato/

3. Fact of data management, scope of data processed: Online credit card payments are made through the Barion system. Credit card details will not be sent to the merchant. The service provider Barion Payment Zrt. Is an institution under the supervision of the National Bank of Hungary, license number: H-EN-I-1064/2013.

4. Range of Users: All users who choose to pay by credit card on the website.

5. Purpose of Data Management: Fraud monitoring for online payment, transaction confirmation and user protection

6. Duration of data processing, deadline for deletion of data: Until the online payment is made.

7. Legal basis for the processing: Article 6 (1) (b) of the GDPR. The legal basis is required for online payment at the request of the data subject

8. User Rights:

a) You may be informed about the circumstances of the data processing,

b) You have the right to receive feedback from the controller that your personal data is being processed and to have access to all information relating to the processing.

c) You have the right to receive your personal information in a structured, widely used, machine-readable format.

d) You have the right to rectify your inaccurate personal data upon your request without undue delay.

9. Other Information: Online purchases are made through the Barion system. The personal data and credit card details you provided when you placed your order will be forwarded to Barion's servers. The personal data so transmitted will be handled in accordance with barion.com's Privacy and Privacy Policy.

 

Online payment

1. Recipient's activity: Online payment

2. Name and contact details of consignee:

Name: Paypal
Address:
Web: www.paypal.com
Privacy Policy: https://www.paypal.com/en/webapps/mpp/ua/privacy-full

3. Fact of data management, scope of data processed: Shipping data, billing data, name, email address

4. Range of Users: All users who choose paypal on the website.

5. Purpose of Data Management: Fraud monitoring for online payment, transaction confirmation and user protection

6. Duration of data processing, deadline for deletion of data: Until the online payment is made.

7. Legal basis for the processing: Article 6 (1) (b) of the GDPR. The legal basis is required for online payment at the request of the data subject

8. User Rights:

a) You may be informed about the circumstances of the data processing,

b) You have the right to receive feedback from the controller that your personal data is being processed and to have access to all information relating to the processing.

c) You have the right to receive your personal information in a structured, widely used, machine-readable format.

d) You have the right to rectify your inaccurate personal data upon your request without undue delay.

9. Other information: Online purchases are made through paypal. The personal information and credit card details you provided when you placed your order will be transferred to paypal's US servers. Personal data transmitted in this way will be handled in accordance with paypal.com's Privacy and Privacy Policy.

 

HANDLING COOKIES

1. Web Store Specific Cookies are so-called "password-protected session cookies", "shopping cart cookies", "security cookies", "cookie cookies", "functional cookies", and "website cookies" cookies "which do not require prior consent from the parties concerned.

2. The fact of data management, the scope of the processed data: Unique identification number, dates, times

3. Range of Users: All users who visit the site.

4. Purpose of Data Management: Identify users, register a "shopping cart" and track visitors.

5. Duration of the data processing and deadline for deletion of the data: (end of the document)

6. Identity of potential data controllers entitled to access the data: By using cookies, the data controller does not manage personal data.

7. Understanding users 'privacy rights: Users have the option to delete cookies in the browsers' Tools / Settings menu, usually under the Privacy menu options.

8. Legal basis for data management: The consent of the user is not required if the sole purpose of the use of cookies is to transmit communications over an electronic communications network or to provide the information society service explicitly requested by the subscriber or user.

 

NEWSLETTER, DM ACTIVITY

1. Act XLVIII of 2008 on the General Conditions and Certain Limits of Economic Advertising Activities Pursuant to Article 6 of the Act, the User may in advance and expressly consent to contact the Service Provider with his advertising offers and other mailings at the contact details provided at registration.

2. In addition, Customer, subject to the provisions of this Prospectus, may consent to the Service Provider handling personal data necessary for sending promotional offers.

3. The Service Provider does not send unsolicited advertising messages and the User may, without limitation and without justification, unsubscribe from sending offers. In this case, the Service Provider will delete all personal data necessary for sending advertising messages from its register and will not contact the User with further advertising offers. User can unsubscribe from ads by clicking on the link in the message.

4. The fact of collecting data, the scope of the data processed and the purpose of data management:

Personal dataPurpose of data management
Nickname, e-mail address.Identify, enable newsletter sign-up.
Date of subscriptionPerform a technical operation.
Subscriptied IP addressPerform a technical operation.

5. Range of Users: All users who subscribe to the newsletter.

6. Purpose of data management: sending electronic messages containing advertising (e-mail, SMS, push message) to the user, providing information about current information, products, promotions, new features, etc.

7. Duration of data processing, deadline for deletion of data: data processing will take place until withdrawal of consent, ie withdrawal.

8. Identity of potential data controllers entitled to access the data, addressees of the personal data: Personal data may be managed by the data controller's sales and marketing staff, subject to the above principles.

9. Description of Users' Data Management Rights:

• The user may request from the controller access to, rectification, erasure or restriction of processing of personal data concerning him / her, and
• object to the processing of your personal data; and
• the user has the right to data portability and to withdraw the consent at any time.

10. The user may initiate access, deletion, modification or restriction of the handling of personal data, portability or protest of the data in the following ways:

- by post to 3950 Sárospatak, Hunyadi Str. 30th, Hungary,
- by email to hello@justa.hu,
- by telephone on +3630 278 5124.

11. The user can unsubscribe from the newsletter at any time, free of charge.

12. Legal basis for data processing: consent of the user, Article 6 (1) (a), Infotv. Section 5 para. (1) of the Act, and Act XLVIII of 2008 on the basic conditions and certain restrictions of economic advertising activity. § 6 (5) of the Act:

(The advertiser, the advertising service provider, or the advertiser of the advertisement - within the scope specified in the consent - shall keep a record of the personal data of the persons who make a statement with their consent. The data entered in this register concerning the addressee of the advertisement may be managed only as stated in the consent statement , and may be transferred to a third party only with the prior consent of the person concerned.)

13. Please be advised that

• Data management is based on your consent.
• must provide personal information if you wish to receive a newsletter from us.
• Refusing to provide information has the effect of not being able to send you a newsletter.

We also inform you that by processing the data you submit for the purpose of sending the newsletter regulated by this section, by clicking on the "SUBSCRIBE" button you agree that the data controller will treat the personal data you have provided in accordance with this policy.

 

COMPLAINT HANDLING

1. The fact of collecting data, the scope of the data processed and the purpose of data management:

Personal dataPurpose of data management
Surname and first nameIdentification, contact.
E-mail addressContact
Phone numberContact
Billing name and addressIdentification, addressing quality objections, issues, and issues with the products you order.

2. Range of Users: All users who purchase and complain about the quality of the website.

3. Duration of data processing, time limit for deletion of data: Copies of the record of the objection, transcript and answer to the objection are in accordance with CLV 1997, on consumer protection. 17 / A. (7) shall be retained for 5 years.

4. Identity of potential data controllers entitled to access the data, addressees of the personal data: Personal data may be managed by the data controller's sales and marketing staff, subject to the above principles.

5. Disclosure of Users' Data Management Rights:

• The user may request from the controller access, rectification, erasure or restriction of personal data relating to him / her, and
• the user has the right to data portability and to withdraw the consent at any time.

6. The user may initiate the access, deletion, modification or restriction of the handling of personal data and the portability of the data in the following ways:

- by post to 3950 Sárospatak, Hunyadi Str. 30th, Hungary,
- by email to hello@justa.hu,
- by telephone on +3630 278 5124.

7. Legal basis for data processing: consent of the user, Article 6 (1) (c), Infotv. Section 5 (1) of the Consumer Protection Act and CLV 1997 on Consumer Protection. 17 / A. (7).

8. Please be advised that,

• the provision of personal data is based on a legal obligation;
• the processing of personal data is a prerequisite for the conclusion of the contract;
• must provide personal information in order to process your complaint;
• refusing to provide information has the effect that we are unable to handle the complaint we have received.

 

SOCIAL SITES

1. The fact of collecting data, the scope of data processed: Facebook / Google + / Twitter / Pinterest / Youtube / Instagram etc. your community name and your public profile picture.

2. User circle: All users who have registered on Facebook / Google + / Twitter / Pinterest / Youtube / Instagram etc. social networking sites and "liking" the site.

3. Purpose of Data Collection: To share or "like" or promote certain content, products, promotions or the website itself on social networking sites.

4. Duration of data processing, deadline for deletion of data, identity of potential data controllers who are entitled to access the data and description of the data processing rights of the users Data management is done on social networking sites, so the duration, mode of data management, and the options for deleting and modifying data are governed by the specific social networking site.

5. Legal basis for data management: the voluntary consent of the user to the management of his / her personal data on social networking sites.

1. Should you have any questions or problems with the use of our data management services, you may contact the data controller in the ways set out on the website (telephone, e-mail, social networking sites, etc.).

2. Data manager for incoming emails, messages, phone, Facebook etc. You will delete any information you provide, along with your contact name and email address, as well as any other personally identifiable information you provide, no later than 2 years from the date of disclosure.

3. Data handling not listed in this brochure will be disclosed when the data is collected.

4. The Service Provider is obliged to provide information, provide information, provide data and provide documents upon exceptional request of the authorities or upon request of other authorities on the basis of legal authority.

5. In these cases, the Service Provider will provide the requester with personal data only if and to the extent necessary to achieve the purpose of the request, provided that the purpose and scope of the data are specified.

1. Right of access

You have the right to receive feedback from the controller as to whether your personal data is being processed and, if so, to have access to the personal data and information listed in the Regulation.

2. Right of rectification

You have the right, upon request, to rectify any inaccurate personal data relating to him or her without undue delay. In view of the purpose of the data processing, you have the right to request that any personal information that is incomplete be completed, including by means of a supplementary statement.

3. Right of cancellation

You have the right, upon request, to delete personal data relating to him without undue delay, and the controller is obliged to delete personal data relating to you without undue delay, under certain conditions.

4. Right of forget

If the controller discloses personal data and is required to delete it, it shall, taking into account the technology available and the cost of implementation, take reasonable steps, including technical measures, to inform the controllers that you have requested the personal data in question. links, or a copy or duplicate of this personal information.

5. The right to restrict data management

You have the right, at your request, to limit the data management if any of the following conditions are met:

• You dispute the accuracy of your personal data, in which case the limitation applies to the period of time that allows the controller to verify the accuracy of your personal data;
• the data processing is unlawful and you object to the deletion of the data and instead ask for restrictions on their use;
• the controller no longer needs personal data for the purposes of data processing, but you request it for the purpose of making, enforcing or defending legal claims;
• You have objected to the data management; in this case, the restriction applies for a period until it is determined whether the data controller's legitimate reasons take precedence over your legitimate reasons.

6. Right of data portability

You have the right to receive personal data relating to him that is made available to him by a controller in a well-structured, widely used, machine-readable format, and you have the right to transfer such data to another controller without being hindered by the controller provided personal information (...)

7. Right to protest

In the case of data processing based on a legitimate interest or a power of attorney as a legal authority, you have the right to object at any time to the processing of your personal data, including profiling based on those provisions, for reasons related to your situation.

8. Protest against direct sales

If your personal data is being processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for this purpose, including profiling, if it is related to direct marketing. If you object to the processing of personal data for the purpose of direct marketing, personal data may no longer be processed for this purpose.

9. Automated decision making on individual matters, including profiling

You have the right not to be subject to any decision based solely on automated data management, including profiling, that would have legal effect or be significantly affected by it. The preceding paragraph shall not apply if the decision:

• necessary for the conclusion or performance of a contract between you and the controller;
• it is made possible by Union or national law applicable to the controller, which also lays down appropriate measures to protect your rights and freedoms and legitimate interests; obsession
• Based on your explicit consent.

The controller shall inform you without undue delay, but in any event within 1 month of receipt of the request, of the action taken on these requests.

It may be extended by 2 months if necessary. The controller shall inform you of the extension within one month of receipt of the request, stating the reasons for the delay.

If the controller does not act on your request, it shall inform you without delay, and at the latest within one month of receipt of the request, of the reasons for the non-action and of your being able to lodge a complaint with a supervisory authority.

The controller and the processor shall take appropriate technical and organizational measures, taking into account the state of the art and technology and the costs of its implementation, as well as the nature, scope, circumstances and purposes of the processing and the varying likelihood and severity of the rights and freedoms of natural persons. to ensure a level of data security appropriate to the degree of risk, including, where appropriate:

a) the pseudonymisation and encryption of personal data;

b) ensuring the continued confidentiality, integrity, availability and resilience of systems and services used for the processing of personal data;

c) in the event of a physical or technical incident, the ability to restore access to, and availability of, personal data in a timely manner;

d) a procedure for periodically testing, evaluating and evaluating the effectiveness of technical and organizational measures taken to ensure security of data processing.

If a privacy incident is likely to pose a high risk to the rights and freedoms of natural persons, the controller shall inform the user without undue delay of the privacy incident.

The information provided to the user shall clearly and comprehensively state the nature of the data protection incident and the name and contact details of the data protection officer or other contact person providing further information; a description of the likely consequences of a privacy incident; a description of the measures taken or planned by the controller to remedy the privacy incident, including, where appropriate, measures to mitigate any adverse consequences that may result from the privacy incident.

The user need not be notified if any of the following conditions are met:

• the controller has implemented appropriate technical and organizational security measures and has been applied to the data affected by the data protection incident, in particular measures such as the use of encryption which make it unintelligible to unauthorized persons the data;
• the controller has taken further measures following the privacy incident to ensure that the high risk to the user's rights and freedoms is no longer likely to materialize;
• information would require a disproportionate effort. In such cases, users should be informed through publicly available information, or similar measures should be taken to ensure that users are provided with equally effective information.

If the controller has not yet notified the user of the privacy incident, the supervisory authority, after considering whether the privacy incident is likely to present a high risk, may order the data subject to be informed.

The data controller shall notify the data protection incident to the supervisory authority competent pursuant to Article 55 without undue delay and, if possible, no later than 72 hours after becoming aware of it, unless the data protection incident is likely to endanger the rights of natural persons. and your freedoms. If the notification is not made within 72 hours, the reasons for the delay shall also be attached.

Complaints about possible violations of the data controller can be made to the National Data Protection and Freedom of Information Authority:

National Data Protection and Freedom of Information Authority
1125 Budapest, Erzsébet Szilágyi alley 22 / C.
Mailing address: 1530 Budapest, Mailbox: 5.
Phone: +36 -1-391-1400
Fax: + 36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu

During the preparation of this prospectus we have observed the following legal acts:

- REGULATION (EU) No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 20 June 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and on the repeal of Regulation (EC) No 95/46 (General Data Protection Regulation) April 27)
- CXII of 2011 Act on Information Self-Determination and Freedom of Information (hereinafter: Infotv.)
- CVIII of 2001 Act I.13. - On Certain Issues of Electronic Commerce Services and Information Society Services (in particular Article 13 / A)
- XLVII of 2008 law - prohibiting unfair commercial practices against consumers;
- XLVIII of 2008 Act I - General Conditions and Certain Restrictions on Economic Advertising (in particular Article 6)
- XC of 2005 Law on Freedom of Electronic Information
- Act C of 2003 on Electronic Communications (specifically §155)
- 16/2011. s. Opinion on EASA / IAB Recommendation on Good Practice for Online Behavioral Advertising
- Recommendation by the National Authority for Data Protection and Freedom of Information on Prior Information Information Privacy Requirements
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation 95/46 / EC

March 21, 2020
Judit Takács

The below list details the cookies used in our website.

CookieTypeDurationDescription
__cfduidthird party1 monthThe cookie is set by CloudFare. The cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.
_fbpthird party3 monthsThis cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.
ba_sidpersistent30 minutesIts purpose is detecting fraud in case of online payment through Barion Smart Gateway based on the digital fingerprint of your browser and online habits. This cookie provides data that we can use to identify a user through multiple websites.
ba_sid.xxxpersistent30 minutesIts purpose is detecting fraud in case of online payment through Barion Smart Gateway based on the digital fingerprint of your browser and online habits. This cookie provides data that we can use to identify a user through a single website.
ba_vidpersistent18 month from the last updateIts purpose is detecting fraud in case of online payment through Barion Smart Gateway based on the digital fingerprint of your browser and online habits. This cookie provides data that we can use to identify a website user through multiple sessions.
ba_vid.xxxpersistent18 month from the last updateIts purpose is detecting fraud in case of online payment through Barion Smart Gateway based on the digital fingerprint of your browser and online habits. This cookie provides data that we can use to identify a website user through multiple sessions. It also collects ba_vid, digital fingerprint from browser settings, first-, current- and last visit timestamps on the site and that whether 3rd party cookies are enabled or not.
BarionMarketingConsent.xxxpersistent18 month from the last updateIts purpose is storing your statement of consenting to the collection and usage of data regarding your browser sessions and shopping habits to provide you with tailored advertisements and offers. Provided you gave your consent, data collected by the following cookies placed for the purpose of credit card fraud prevention is also going to be used to analyze your browsing and shopping habits and to provide tailored advertisements and offers.
cookielawinfo-checkbox-necessarypersistent1 monthThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-non-necessarypersistent11 monthThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Non-necessary".
csrftokenthird party11 monthThis cookie is associated with Django web development platform for python. Used to help protect the website against Cross-Site Request Forgery attacks.
frthird party3 monthsThe cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.
ig_didthird party9 yearThe cookie is set by Instagram. The cookie is used to distinguish users and to show relevant content, for better user experience and security.
midthird party9 yearThe cookie is set by Instagram. The cookie is used to distinguish users and to show relevant content, for better user experience and security.
qtrans_front_languagepersistent11 monthThis cookie is set by qTranslate WordPress plugin. The cookie is used to manage the preferred language of the visitor.
rurthird partynever expireThe cookie is set by instagram to enable the user to browse through the website securely by preventing any cross-site request forgery.
urlgenthird partynever expireThe cookie is set by instagram to enable the user to browse through the website securely by preventing any cross-site request forgery.