Privacy Policy
Signdepot.eu data management information
In short, succinctly:
We only collect and manage personal data in accordance with laws and regulations
We do our best to store data securely.
We transfer personal data to third parties only with consent. We provide information to anyone about the data stored about them upon written request: sales@signdepot.eu
The deletion or modification of personal data can be requested at the following address: sales@signdepot.eu
Introduction
Signdepot Europe Kft. 5100 Jászberény, Alkotás u. 4. (16-09-010080 Company Court of Szolnok Court) (hereinafter: Service Provider, data controller) submits to the following information.
CXII of 2011 on the right to information self-determination and freedom of information. law states that the data subject (in this case, the user of the webshop/webpage/blog, hereinafter: user) must be informed before data processing begins that data processing is based on consent or is mandatory.
Before data processing begins, the data subject must be informed clearly and in detail about all the facts related to the processing of his data, including, in particular, the purpose and legal basis of data processing, the person entitled to data processing and data processing, and the duration of data processing.
The person concerned must be informed by Info tv. On the basis of Section 5 (1), it also states that personal data can be processed if
the. it is ordered by law or - based on the authority of the law, within the scope specified therein, in the case of data that is not classified as special data or criminal personal data - a local government decree for a purpose based on public interest,
b. it is absolutely necessary for the performance of the duties of the data controller defined by law and the data subject has expressly consented to the processing of personal data,
c. in the absence of what is specified in point a), it is necessary and proportionate to protect the vital interests of the affected person or another person, as well as to prevent or prevent a direct threat to the life, physical integrity or property of persons, or
d. in the absence of what is specified in point a) the personal data has been expressly disclosed by the data subject and is necessary for the realization of the purpose of data management and is proportionate to it.
The information must also cover the data subject's rights and legal remedies.
This data management information sheet regulates the data management of the following websites:
https//www.signdepot.eu
Amendments to the prospectus will take effect upon publication at the above address. We also displayed the legal reference behind some parts of the information.
Concept definitions
(REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free flow of such data and on the repeal of Directive 95/46/EC (general data protection regulation) Article 4)
1. "personal data": any information relating to an identified or identifiable natural person ("data subject"); a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable;
2. "data management": any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or by making it available in another way, coordinating or connecting, limiting, deleting or destroying;
3. "restriction of data management": designation of stored personal data for the purpose of limiting their future management;
4. "Profiling": any form of automated processing of personal data, during which personal data are used to evaluate certain personal characteristics of a natural person, in particular work performance, economic situation, state of health, personal preferences, interests, reliability, behavior, location or used to analyze or predict motion-related characteristics;
5. "pseudonymisation": processing of personal data in such a way that, without the use of additional information, it is no longer possible to determine which specific natural person the personal data refers to, provided that such additional information is stored separately, and technical and organizational measures by doing so, it is ensured that this personal data cannot be linked to identified or identifiable natural persons;
6. "registry system": the file of personal data in any way - centralized, decentralized or divided according to functional or geographical aspects - which is accessible based on specific criteria;
7. "data controller": the natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others; if the purposes and means of data management are determined by EU or member state law, the data controller or the special aspects regarding the designation of the data controller may also be determined by EU or member state law;
8. "data processor": the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller;
9. "Recipient": the natural or legal person, public authority, agency or any other body to whom or to which the personal data is communicated, regardless of whether it is a third party. Public authorities that have access to personal data in accordance with EU or Member State law in the context of an individual investigation are not considered recipients; the management of said data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of data management;
10. "third party": the natural or legal person, public authority, agency or any other body that is not the same as the data subject, the data manager, the data processor or those persons who, under the direct control of the data manager or data processor, process the personal data have been authorized to treat;
11. "consent of the data subject": the voluntary, specific and well-informed and clear declaration of the will of the data subject, with which the data subject indicates through a statement or an act clearly expressing the confirmation that he/she consents to the processing of personal data concerning him/her;
12. "data protection incident": a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise handled;
13. "genetic data": all personal data relating to the inherited or acquired genetic characteristics of a natural person, which carries unique information about the physiology or state of health of that person, and which primarily results from the analysis of a biological sample taken from said natural person;
14. "biometric data": any personal data obtained by special technical procedures relating to the physical, physiological or behavioral characteristics of a natural person, which enables or confirms the unique identification of a natural person, such as a facial image or dactyloscopic data;
15. "health data": personal data relating to the physical or mental health of a natural person, including data relating to the health services provided to the natural person, which carries information about the natural person's health;
16. "activity center": a) in the case of a data controller with a place of business in more than one Member State, the place of its central administration within the Union, if, however, decisions regarding the purposes and means of processing personal data are made at another place of business of the data controller within the Union, and the latter's place of business location has the authority to implement the aforementioned decisions, the activity location that makes the aforementioned decisions must be considered the activity center; b) in the case of a data processor with a place of business in more than one Member State, the place of central administration within the Union, or if the data processor does not have a central place of business in the Union, then the place of business of the data processor within the Union where the main activities carried out in connection with the activities carried out at the place of business of the data processor data management activities take place if the data processor is subject to the obligations defined in accordance with this regulation;
17. "representative": the natural or legal person with a place of business or residence in the Union and designated in writing by the data manager or data processor pursuant to Article 27, who represents the data manager or data processor to the data manager or data processor in accordance with this regulation in relation to accrued liabilities;
18. "enterprise": a natural or legal person engaged in economic activity, regardless of its legal form, including partnerships and associations engaged in regular economic activity;
19. "enterprise group": the controlling enterprise and the enterprises controlled by it;
20. "mandatory company rules": regulations on the protection of personal data, which a data controller or data processor with a place of business in the territory of a member state of the Union, in one or more third countries, shall use personal data within the same group of enterprises or the same group of enterprises engaged in joint economic activity or follows with regard to its transmission by the data processor or a series of such transmissions;
21. "supervisory authority" means an independent public authority established by a Member State in accordance with Article 51;
22. "affected supervisory authority": the supervisory authority that is affected by the processing of personal data for one of the following reasons: a) the data controller or data processor has a place of business in the territory of the said supervisory authority's member state; b) the data processing significantly affects or is likely to significantly affect data subjects residing in the supervisory authority's Member State; or c) a complaint has been submitted to the aforementioned supervisory authority;
23. "cross-border processing of personal data": a) processing of personal data in the Union, which takes place in connection with the activities of a data controller or data processor with a place of business in more than one Member State; or b) the processing of personal data in the Union, which takes place in connection with activities carried out at a single place of business of the data controller or data processor in a way that significantly affects or is likely to significantly affect data subjects in more than one Member State;
24. "relevant and well-founded objection": an objection submitted against the draft decision, related to whether this regulation has been violated, or whether the planned measure concerning the data controller or the data processor is in accordance with the regulation; the objection must clearly demonstrate the significance of the risks posed by the draft decision to the fundamental rights and freedoms of the affected parties and, where applicable, to the free flow of personal data within the Union;
25. "service related to the information society": service within the meaning of Article 1(1)(b) of Directive (EU) 2015/1535 of the European Parliament and of the Council ( 1 );
26. "international organization": an organization subject to public international law or its subordinate bodies, or any other body established by an agreement between two or more countries or based on such an agreement.
The legal basis for data management (Act CXII of 2011 on the right to self-determination of information and freedom of information § 5)
1. Personal data can be processed if
a) it is ordered by a law or - based on the authority of the law, within the scope defined therein, in the case of data that is not classified as special data or criminal personal data - a local government decree for a purpose based on public interest,
b) in the absence of what is specified in point a) it is absolutely necessary for the performance of the duties of the data controller defined by law and the data subject has expressly consented to the processing of personal data,
c) in the absence of what is specified in point a) it is necessary and proportionate to protect the vital interests of the affected person or another person, as well as to prevent or prevent a direct threat to the life, physical integrity or property of persons, or
d) in the absence of what is specified in point a) the personal data has been expressly made public by the data subject and it is necessary for the realization of the purpose of the data management and is proportionate to it.
Legality of data management (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and outside the scope of Directive 95/46/EC on placement (general data protection regulation) Article 6
________________________________________________________________________________
The processing of personal data is only legal if and to the extent that at least one of the following is fulfilled:
a) the data subject has given his consent to the processing of his personal data for one or more specific purposes;
b) data management is necessary for the performance of a contract in which the data subject is one of the parties, or it is necessary for taking steps at the request of the data subject prior to the conclusion of the contract;
c) data processing is necessary to fulfill the legal obligation of the data controller;
d) data management is necessary to protect the vital interests of the data subject or another natural person;
e) data management is in the public interest or is necessary for the execution of a task performed in the context of the exercise of public authority conferred on the data controller;
f) data processing is necessary to enforce the legitimate interests of the data controller or a third party, unless these interests are overridden by the interests or fundamental rights and freedoms of the data subject that require the protection of personal data, especially if the data subject is a child.
Point f of the first subparagraph cannot be applied to data management carried out by public authorities in the performance of their duties.
Principles for the management of personal data (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and 95/46/EC on the repeal of the directive (general data protection regulation) Article 5
(1) Personal data:
a) its handling must be carried out legally and fairly, as well as in a transparent manner for the data subject ("legality, fair procedure and transparency");
b) be collected only for specific, clear and legitimate purposes, and they should not be handled in a manner incompatible with these purposes; in accordance with Article 89 (1), further data processing for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes is not considered incompatible with the original purpose ("purpose limitation");
c) they must be appropriate and relevant in terms of the purposes of data management and must be limited to what is necessary ("data economy");
d) they must be accurate and, if necessary, up-to-date; all reasonable measures must be taken to promptly delete or correct personal data that is inaccurate for the purposes of data processing ("accuracy");
e) it must be stored in a form that allows the identification of the data subjects only for the time necessary to achieve the goals of personal data management; personal data may be stored for a longer period only if the personal data will be processed in accordance with Article 89 (1) for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, the rights of the data subjects and subject to the implementation of appropriate technical and organizational measures required to protect your freedoms ("limited storage capacity");
f) must be handled in such a way that adequate security of personal data is ensured through the application of appropriate technical or organizational measures, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage of data ("integrity and confidentiality").
(2) The data controller is responsible for compliance with paragraph (1) and must also be able to prove this compliance ("accountability").
Information to be made available
1. CXII of 2011 on the right to information self-determination and freedom of information. Based on § 5 (1) of the Act, the following must be defined for the operation of the webshop/webpage/blog/website:
a) the fact of data collection,
b) the range of stakeholders,
c) purpose of data collection,
d) duration of data management,
e) the identity of potential data controllers authorized to access the data,
f) description of the rights of data subjects related to data management.
2. The fact of data collection, the scope of the processed data:
At the webshop:
Ordering email address
Customer name
Customer account address
Customer's tax number
Name of the contact person
Customer phone number
Customer's shipping address
Customer's bank account number
On the website:
Ordering email address
His name
Address
Your registration number
Your phone number
Username
3. Scope of those affected: All users registered on the webshop/webpage/blog.
4. Purpose of data collection:
At the webshop:
E-mail:
Marketing
Direct marketing
periodic promotion
the goal is to give a discount
registration is the goal
the goal is to operate an online store
the purpose is to send a newsletter
customer relationship is the goal
Customer (company) name:
marketing is the goal
direct marketing is the goal
periodic promotion
the goal is to give a discount
registration is the goal
the goal is to operate an online store
the purpose is to send a newsletter
mandatory data management
customer relationship is the goal
Customer account address:
marketing is the goal
direct marketing is the goal
the goal is periodic promotion
the goal is to give a discount
registration is the goal
the goal is to operate an online store
the purpose is to send a newsletter
the goal is mandatory data management
customer relationship is the goal
Customer tax number:
marketing is the goal
direct marketing is the goal
the goal is to give a discount
registration is the goal
the goal is to operate an online store
the purpose is to send a newsletter
the goal is mandatory data management
customer relationship is the goal
Tax number (can be linked to the person)
registration is the goal
the goal is to operate an online store
Phone number
registration is the goal
the goal is to operate an online store
customer relationship is the goal
Username:
registration is the goal
related services are the goal
the goal is to operate an online store
customer relationship is the goal
5. Duration of data management, deadline for deletion of data: Immediately upon cancellation of registration. Except in the case of accounting documents, since these data must be kept for 8 years based on § 169 (2) of Act C of 2000 on accounting.
The accounting documents directly and indirectly supporting the bookkeeping (including ledger accounts, analytical and detailed records) must be kept in legible form for at least 8 years, in a way that can be retrieved by reference to the accounting records.
6. Person of possible data controllers entitled to access the data: Personal data can be managed by the employees of the data controller, in compliance with the above principles.
7. Description of the data processing rights of the data subjects: The following data can be modified on the websites:
E-mail address
in online store Customer's name
in the online store Customer's account address
in the online store Customer's tax number
in the online store Customer's contact person
in the online store Customer's phone number
Delivery Address
in the online store Customer's bank account number
website e-mail address
website name
home address on the website
tax number on the website
the phone number on the website
website username
other personal data in the blog
The data subject can initiate the deletion or modification of personal data in the following ways:
• by post (address 4 Alkotás u. 5100 Jászberény),
• by email at sales@signdepot.eu.
8. Legal basis for data management: User's consent, Infotv. Paragraph (1) of § 5, and CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. Act (hereinafter: Elker Law) 13/A. Section (3):
For the purpose of providing the service, the service provider may process the personal data that is technically absolutely necessary for the provision of the service. If the other conditions are the same, the service provider must choose and in any case operate the tools used in the provision of services related to the information society in such a way that personal data is only processed if this is absolutely necessary for the provision of the service and the fulfillment of other objectives defined in this law necessary, but also in this case only to the extent and for the necessary time.
Data of the hosting service provider (web store) used during data management:
Name: UNAS Online Kft.
Address: 9400 Sopron, Kőszegi út 14.
E-mail: unas@unas.hu
Phone number: +36-99 200-200
Contact information for data management: https://unas.hu/adatkezelesi-tajekoztato
Data of the hosting provider (website) used during data management:
Name: UNAS Online Kft.
Address: 9400 Sopron, Kőszegi út 14.
E-mail: unas@unas.hu
Phone number: +36-99 200-200
Contact information for data management: https://unas.hu/adatkezelesi-tajekoztato
Data of the hosting service provider (blog) used during data management:
Name: UNAS Online Kft.
Address: 9400 Sopron, Kőszegi út 14.
E-mail: unas@unas.hu
Phone number: +36-99 200-200
Contact information for data management: https://unas.hu/adatkezelesi-tajekoztato
The security of data management and the rights of data subjects (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and 95/46/ EC directive repealing (general data protection regulation)
The processing of personal data must be legal and fair. It must be transparent for natural persons how their personal data is collected, used, accessed or otherwise handled, as well as in connection with the extent to which personal data is or will be handled. The principle of transparency requires that information and communication related to the management of personal data be easily accessible and comprehensible, and that it is formulated in clear and simple language. This principle applies in particular to informing the data subjects about the identity of the data controller and the purpose of the data management, as well as to further information aimed at ensuring fair and transparent handling of the personal data of the data subject, as well as to the information that the data subjects have the right to receive confirmation and information about the data processed about them. The natural person must be informed about the risks, rules, guarantees and rights related to the management of personal data, as well as how he can exercise the rights he is entitled to in connection with data management. The specific purposes of personal data management must first of all be explicitly formulated and legal, and also defined at the time of collection of personal data. Personal data must be suitable and relevant for the purpose of their management, and the range of data must be limited to the minimum necessary for the purpose. And for this, it must be ensured that the storage of personal data is limited to the shortest possible period. Personal data can only be processed if the purpose of data processing cannot be reasonably achieved by other means. In order to ensure that the storage of personal data is limited to the necessary period, the data controller establishes deletion or regular review deadlines. All reasonable steps must be taken to correct or delete inaccurate personal data. Personal data must be managed in a way that ensures an appropriate level of security and confidentiality, including in order to prevent unauthorized access to personal data and the tools used to manage personal data, as well as their unauthorized use.
In order for the processing of personal data to be legal, it must be based on the consent of the data subject or have some other legal basis established by law - either in this regulation or in other EU or member state law as mentioned in this regulation - including the need to comply with the legal obligations applicable to the data controller, the fulfillment of any contract concluded by the data subject, and the steps to be taken prior to the conclusion of the contract requested by the data subject.
Data transfer
1. CXII of 2011 on the right to information self-determination and freedom of information. based on the law, the following must be defined as part of the website's/data transmission activities:
a) the fact of data collection,
b) the range of stakeholders,
c) purpose of data collection,
d) duration of data management,
e) the identity of potential data controllers authorized to access the data,
f) description of the rights of data subjects related to data management.
2. The fact of data management, the scope of the managed data. a) Scope of transmitted data in order to carry out the delivery: Delivery name, delivery address, telephone number, amount to be paid. b) Scope of transmitted data in order to complete the online payment: Billing name, billing address, amount to be paid.
3. Scope of stakeholders: All stakeholders requesting home delivery/online shopping.
4. The purpose of data management: Delivery of the ordered product to your home/processing of the online purchase.
5. Duration of data management, deadline for data deletion: It lasts until home delivery/online payment is completed.
6. Person of possible data controllers entitled to access the data: Personal data may be processed by the following, in compliance with the above principles: Service provider, data controller.
7. Description of the rights of data subjects related to data management: The data subject may request the data controller of the home delivery/online payment service provider to delete their personal data as soon as possible.
8. Legal basis for data transmission: the User's consent.
Data transferred to an external company:
Social media
• I use facebook: https://www.facebook.com/SigndepotPrintAndCutHungary/
Facebook data protection: https://www.facebook.com/privacy/explanation
• I use youtube: https://www.youtube.com/@signdepot YouTube data protection: https://policies.google.com/privacy?hl=hu
• I use google+: business.google.com/dashboard/l/03077441679893694752?hl=hu Youtube data protection: https://policies.google.com/privacy?hl=hu
1. CXII of 2011 on the right to information self-determination and freedom of information. Based on Section 20 (1) of the Act, the following must be defined as part of the data transfer activity of the webshop/webpage/blog:
a) the fact of data collection,
b) the range of stakeholders,
c) purpose of data collection,
d) duration of data management,
e) the identity of potential data controllers authorized to access the data,
f) description of the rights of data subjects related to data management.
2. The fact of the data collection, the scope of the managed data: the name registered on the above-listed social networking sites, and the user's public profile picture.
3. Scope of stakeholders: All stakeholders who registered on Facebook, YouTube, Google+, social media site(s) and liked the website.
4. Purpose of data management: Sharing or liking certain content elements, products, promotions, or the website itself on the social media sites listed above.
5. The duration of the data management, the identity of the possible data controllers authorized to access the data and the description of the rights of the data subjects in relation to data management: The data subject can find information about the source of the data, its management, the method of transfer and its legal basis at the address(es) of the social media pages listed above. .
6. Data management takes place on the social media sites listed above, so the duration and method of data management, as well as the options for deleting and modifying data, are subject to the regulations of social media sites.
7. The legal basis for data management: the consent of the concerned volunteer to the processing of his personal data on the above-listed social media sites.
External online invoicer.
• Name: szamlazz.hu, Tharanis.hu
Transferred data:
tax number
e-mail address
Delivery Address
(company name,
address (Country, city, street, house number, floor, door)
telephone number
External courier.
Data transferred for the purpose of accurate delivery: postal address, email, phone number
• Name: GLS Courier Service
Data protection information:
https://gls-group.com/HU/hu/adatkezelesi-tajekoztato
External online payment.
For online payment.
• OTP data protection information:
https://www.otpbank.hu/portal/hu/adatvedelem
Data transferred to an external company:
• Google Adsense: I use it as a display
• Google Adsense: I use it as an advertiser
• Google Adwords: I use it as an advertiser The webshop/webpage/blog uses Google Adwords remarketing tracking codes. Remarketing is a function that allows the webshop/webpage/blog to display relevant ads to users who have previously visited the website while browsing other websites in the Google Display Network. The remarketing code uses cookies to mark visitors. Users visiting the online store can disable these cookies and read other information about Goggle's data management at the following addresses: http://www.google.hu/policies/technologies/ads/ and https://support.google. com/analytics/answer/2700409. If a user disables remarketing cookies, personalized offers will not appear for them on the webshop/webpage/blog.
• google analytics The Service Provider measures the visitor data of the webshop/webpage/blog using the Google Analytics service. When using the service, data is transmitted. The transmitted data are not suitable for identifying the data subject. More information on Google's data protection principles can be found here: http://www.google.hu/policies/privacy/ads/
• google_remarketing_use
Purpose of remarketing:
Tracking cart abandoners
Reminder webshop remarketing
Reminder web page remarketing
Reminder blog remarketing
Facebook
• For advertising purposes
Purpose of remarketing:
• Facebook cart abandoners
• webshop/ web page/ blog facebook remarketing reminder
• website reminder remarketing
• blog reminder remarketing
Newsletter sender
1. I use an external newsletter sender
My external service provider:
mailchimp.com
https://mailchimp.com/legal/privacy/
Sending a newsletter (Act XLVIII of 2008 - on the basic conditions and certain limitations of economic advertising, § 6)
________________________________________________________________________
(1) If a separate law does not provide otherwise, advertising by the method of directly contacting a natural person as the addressee of the advertisement (hereinafter: direct business acquisition), especially by means of electronic mail or other equivalent means of individual communication - with the exception specified in paragraph (4) - only if can be disclosed if the recipient of the advertisement clearly and specifically consented to it in advance.
(2) * A declaration of consent can be made in any way that includes the name of the declarant, and - if the advertisement to which the consent applies can only be communicated to persons of a certain age - the place and time of birth, as well as the scope of the personal data for the processing the declarant consents, and the expression of consent is voluntary and in possession of the appropriate information.
(3) The declaration of consent according to paragraph (1) can be revoked at any time without limitation or justification, free of charge. In this case, the declarant's name and all other personal data must be immediately deleted from the register specified in paragraph (5), and no further advertising may be published for him in the manner specified in paragraph (1).
(4) * Addressed advertising may be sent to a natural person as the recipient of the advertisement through direct business acquisition in the absence of the recipient's prior and express consent, however, the advertiser and the advertising service provider are obliged to ensure that the recipient of the advertisement can prohibit the sending of the advertisement at any time free of charge and without restrictions. In the event of a ban, advertising may no longer be sent to the affected person through direct business acquisition.
(5) The advertiser, the advertising service provider, or the publisher of the advertisement - within the scope specified in the consent according to paragraph (1) - keeps a record of the personal data of the persons who have given their consent. The data recorded in this register - relating to the recipient of the advertisement - can only be handled in accordance with the consent statement, until it is revoked, and can only be transferred to third parties with the prior consent of the person concerned.
(6) The opportunity to make a revocation statement according to paragraph (3) and to prohibit the sending of advertising according to paragraph (4) must be provided both by post and by electronic mail, so that the person making the statement can be clearly identified.
(7) * Regarding the advertisement communicated in the manner specified in subsections (1) and (4), the addressee must be clearly and prominently informed of the address and other contact information where the withdrawal of the declaration of consent to the communication of such advertisements to him or the sending of the advertisement can report its request for prohibition, and - in the case according to paragraph (4) - for this purpose, the advertising mail sent for the first time to the same addressee on behalf of the same advertiser after October 1, 2009 must contain the cancellation-allowing, addressed by post, which can be sent free of charge and a verifiably delivered reply letter as registered mail.
(8) The direct inquiry regarding the request for a statement of consent pursuant to paragraph (1) may not contain advertising, excluding the name and designation of the company.
(9) * In the application of this section, addressed advertising mail: containing only advertising, business acquisition or advertising material - sent to at least 500 recipients at the same time, with the same content except for the recipient's name, address, and data that does not change the nature of the message - according to the Postal Services Act, there mail item not independently registered.
Management of cookies (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and 95/46/EC on the repeal of the directive (general data protection regulation)
By using the website/online store, the person acknowledges the following:
Natural persons can be associated with online identifiers such as IP addresses and cookie identifiers, as well as other identifiers such as radio frequency identification tags, provided by the devices, applications, tools and protocols they use. In this way, traces can be created which, combined with unique identifiers and other information received by the servers, can be used to create a natural personal profile and to identify the given person.
Legal remedy (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free flow of such data and on the repeal of Directive 95/46/EC ( General Data Protection Regulation) Article 79
(1) Without prejudice to the available administrative or non-judicial remedies - including the right to file a complaint with the supervisory authority pursuant to Article 77 - everyone concerned is entitled to an effective judicial remedy if, in their opinion, their personal data has been handled in a way that does not comply with this regulation your rights under this regulation have been violated.
(2) Proceedings against the data controller or data processor must be initiated before the court of the Member State where the data controller or data processor operates. Such a procedure can also be initiated before the court of the Member State of the habitual residence of the person concerned, unless the data controller or the data processor is a public authority of a Member State acting in the capacity of public authority.
In the event of a potential violation, you can file a complaint with the National Data Protection and Freedom of Information Authority:
National Data Protection and Freedom of Information Authority
1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, PO Box: 5.
Telephone: +36 -1-391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
The right to compensation (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and in the scope of Directive 95/46/EC on externalization (general data protection regulation) Article 82
(1) Any person who has suffered material or non-material damage as a result of a violation of this regulation is entitled to compensation from the data manager or data processor for the damage suffered.
(2) All data controllers involved in data management are liable for any damage caused by data management that violates this regulation. The data processor is only liable for damages caused by data processing if it has not complied with the obligations specifically imposed on data processors specified in this regulation, or if it has ignored or acted contrary to the legal instructions of the data controller.
(3) The data manager or the data processor shall be exempted from liability according to paragraph (2) of this article if it proves that it is not in any way responsible for the event causing the damage.
(4) If several data controllers or data processors or both the data controller and the data processor are involved in the same data management and - on the basis of paragraphs (2) and (3) - are liable for damages caused by the data management, each data controller or data processor is the affected actual in order to ensure his compensation, he is jointly and severally liable for the entire damage.
(5) If a data controller or data processor has paid full compensation for the damage suffered in accordance with paragraph (4), he is entitled to reclaim from other data controllers or data processors involved in the same data management the part of the compensation that corresponds to the conditions established in paragraph (2) the extent of their responsibility for the damage.
(6) Court proceedings aimed at asserting the right to compensation must be initiated before the court that is competent under the law of the Member State referred to in Article 79 (2).
References:
The following legislation was taken into account when preparing the information:
• CXII of 2011. Act - on the right to self-determination of information and freedom of information (hereinafter: Infotv.)
• CVIII of 2001 Act - on certain issues of electronic commercial services and services related to the information society (mainly § 13/A)
• XLVII of 2008 law - on the prohibition of unfair trade practices towards consumers;
• XLVIII of 2008 Act - on the basic conditions and certain limitations of economic advertising (especially § 6.a)
• 2005 XC. Act on Electronic Freedom of Information
• Act C of 2003 on electronic communication (specifically § 155.a)
• 16/2011. s. Opinion on the EASA/IAB Recommendation on Best Practices for Behavioral Online Advertising
• REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and on the repeal of Regulation 95/46/EC ( general data protection regulation)