Data Processing Information

 

Briefly

We only collect and process personal data in line with legal acts.

We will only send you DM letters if we have your consent. We may send system messages without it though.

We shall store data with utmost security.

Personal data shall only be handed over by us to third parties in case we have the authorisation to do so.

We shall give information to each person about the data we store about them, and the deletion of data may always be requested through our contact details.

 

Download PDF

 

 

Introduction

UNIFILTER-SZŰRÉSTECHNIKA Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság (H-3300 Eger, Mester utca 8., company registration number: 10 09 020514, tax number: 10679122-2-10) (hereinafter referred to as:: Supplier, data controller) shall abide by the following information document.

Section 20(1) of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information lays down that prior to data processing being initiated the data subject (in this case the user of the webshop, hereinafter referred to as: User) shall be informed whether his/her consent is required or processing is mandatory.

Before processing operations are carried out the data subject shall be clearly and elaborately informed of all aspects concerning the processing of his/her personal data, such as the purpose of data processing and its legal basis, the person entitled to control the data and to carry out the processing, the duration of the proposed processing operation.

The data subject shall have to be informed based on Section 6(1) of the Info Act that personal data may be processed also if obtaining the data subject’s consent is impossible or it would give rise to disproportionate costs, and the processing of personal data is necessary

  • for compliance with a legal obligation pertaining to the data controller, or
  • for the purposes of the legitimate interests pursued by the controller or by a third party, and enforcing these interests is considered proportionate to the limitation of the right for the protection of personal data.

Information shall also be provided on the data subject’s rights and remedies regarding data processing.

If the provision of personal information to the data subject proves impossible or would involve disproportionate costs (as in this case regarding a webshop), the obligation of information may be satisfied by the public disclosure of the following:

  1. a) an indication of the fact that data is being collected,
  2. b) the data subjects targeted,
  3. c) the purpose of data collection,
  4. d) the duration of the proposed processing operation,
  5. e) the potential data controllers with the right of access,
  6. f) the right of data subjects and remedies available relating to data processing, and
  7. g) where the processing operation has to be registered, the number assigned in the data protection register.

The present information document on data processing regulates the data processing of the following webpages: http://www.gulfdrumdesign.com and it is based on the content above. The information document is available on the following site: http://www.gulfdrumdesign.com/privacy

The modifications of the information document shall enter into force on the date of disclosure.

Interpretative definitions (Section 3)

  1. data subject/User: any natural person identified, or directly or indirectly identifiable by reference to specific personal data;
  2. personal data: data relating to the data subject, in particular by reference to
    the name and identification number of the data subject or one or more factors specific to his physical, physiological, mental, economic, cultural or social identity as well as conclusions drawn from the data in regard to the data subject;
  3. controller: shall mean natural or legal person, or organisation without legal personality which alone or jointly with others determines the purposes and means of the processing of data; makes and executes decisions concerning data processing (including the means used) or have it executed by a data processor;
  4. data processing: any operation or the totality of operations performed on the data, irrespective of the procedure applied; in particular, collecting, recording, registering, classifying, storing, modifying, using, querying, transferring, disclosing, synchronising or connecting, blocking, deleting and destructing the data, as well as preventing their further use, taking photos, making audio or visual recordings, as well as registering physical characteristics suitable for personal identification (such as fingerprints or palm prints, DNA samples, iris scans);
  5. data process: performing technical tasks in connection with data processing operations, irrespective of the method and means used for executing the operations, as well as the place of execution, provided that the technical task is performed on the data;
  6. data processor: any natural or legal person or organisation without legal personality processing the data on the grounds of a contract concluded with the data controller, including contracts concluded pursuant to legislative provisions;
  7. data incident: the unlawful processing or process of personal data, in particular the illegitimate access, alteration, transfer, disclosure, deletion or destruction as well as the accidental destruction or damage. 

 

Data processing in connection with the operation of the webshop

  1. Section 20(1) of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information lays down that the following shall have to be indicated regarding data processing performed in connection with the operation/functioning of the webshop:

a) an indication of the fact that data is being collected,

b) the data subjects targeted,

c) the purpose of data collection,

d) the duration of the proposed processing operation,

e) the potential data controllers with the right of access,

f) information on the right of data subjects relating to data processing.

 

  1. The fact that data is being collected, the sphere of processed data and the purpose of data processing:

 

Personal data

The purpose of data processing

User name

Identification, making it possible to register.

Password

Serves the secure entry into the user account.

Family name and first name, name of the company

It is necessary for keeping contact, for purchasing and for being able to issue a proper invoice.

E-mail address

Keeping contact.

Phone number, mobile phone number, fax number

Keeping contact, being able to communicate more efficiently regarding questions in connection with invoicing or shipping.

Billing name and address

The issuing of a proper invoice, also, the conclusion of the agreement, defining its contents, its modification, supervising its performance, invoicing the fees arising from it, and enforcing the claims in connection with it.

Shipping name and address, phone number/mobile phone number, fax number in connection with shipping

Making possible home delivery, communication.

The time of purchase/registration

Technical operation.

IP address at the time of purchase/registration

Technical operation.

 

It is not necessary neither regarding the user name, nor the e-mail address to contain personal data.

  1. The data subjects targeted All data subjects who register/make a purchase on the webshop website.
  1. Duration of the proposed processing operation, time limit for deleting the data: Immediately when registration is deleted. Except for the accounting documents, as these data have to be retained for a minimum of 8 years according to Section 169(2) of Act C of 2000 on Accounting.

 

The accounting documents underlying the accounting records directly or indirectly (including ledger accounts, analytical records and registers) shall be retained for minimum eight years, shall be
legible and retrievable by means of the code of reference indicated in the accounting records.

  1. The potential data controllers with the right of access: Personal data may be processed by the data controller's sales and marketing staff, by respecting the above principles.
  1. Information on the rights of data subjects relating to data processing: Data subjects may initiate the deletion or modification of the data in the following ways:
  • during the process of making a purchase on the website,
  • by post, sent to the address H-3300 Eger, Mester utca 8. Hungary,
  • via e-mail, sent to the address This email address is being protected from spambots. You need JavaScript enabled to view it.,
  • by phone, at number (+36) 36 424 136.
  1. The data of the data processor used for data processing (hosting service provider):

Médiacenter Hungary Kft.

Seat: H-6000 Kecskemét, Sosztakovics u. 3. II/6. Hungary

Postal address: H-6001 Kecskemét, P f. 588. Hungary

Phone number: +36 76 506 618

E-mail : This email address is being protected from spambots. You need JavaScript enabled to view it.

  1. The number assigned in the data processing register: in progress...
  1. Legal base for data processing: the approval of the User, Section 5(1) of the Info Act, and Section 13/A(3) of Act CVIII of 2001 on Certain Aspects of Electronic Commerce and Information Society Services (hereinafter referred to as: Act on  E-Commerce):

The supplier may control those personal data for the purpose of providing the service that are technically indispensable for the provision of the service. In case further conditions are identical, the supplier shall choose and operate at all times the devices it uses during the provision of services in connection with information society so that the processing of personal data shall be performed only if it is indispensable for the performance of the service or for the fulfilment of other purposes laid down in the present act, but still, in these cases only to the necessary extent and for the necessary duration.

  

Controlling cookies

  1. Section 20(1) of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information lays down that the following shall be indicated regarding the website cookie data processing of the webshop:

 

a) an indication of the fact that data is being collected,

b) the data subjects targeted,

c) the purpose of data collection,

d) the duration of the proposed processing operation,

e) the potential data controllers with the right of access,

f) information on the right of data subjects relating to data processing.

 

  1. The cookies that are typical for our webshop are so-called "password-protected workflow cookies", "shopping cart cookies" and "security cookies", regarding the use of which it is not necessary to request a prior approval from data subjects.
  1. The indication of the fact that data is being collected, the scope of processed data: Individual identification number, dates, times
  1. The data subjects targeted: All data subjects visiting the website.
  1. The purpose of data collection: Identifying users, keeping the "shopping cart" open and tracking visitors.
  1. Duration of the proposed processing operation, time limit for deleting the data: The period during which data are processed lasts until the finishing of visiting the homepages in case of session cookies, in other cases, it is 60 days.
  1. Potential data controllers with the right of access: By using cookies, the data controller does not process personal data.
  1. Information on the rights of data subjects relating to data processing: Data subjects have the possibility to delete the cookies under the point Data protection within the Tools/Settings menu in the browser.
  1. The legal base for data processing: It is not necessary to have the consent of the data subject in case the exclusive purpose of using cookies is the transmitting of communication through the electronic communication network, or if the supplier indispensably needs it for the provision of the information society service, which service had been expressly requested by the subscriber or user.

 

The use of Google AdWords conversion tracking

 

  1. The data controller uses the online advertising programme called "Google AdWords", furthermore, within that, it uses the conversion tracking service of Google. Google conversion tracking is an analysis service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; „Google“).
  1. When the user reaches a website via a Google advertisement, a cookie which is needed for tracking the conversion shall be placed on the User's computer. The validity of these cookies is limited, and they do not contain any personal data, thus it is not possible to identify the User through them.
  1. When the User browses specific pages of the website, and the cookie has not expired until then, then Google and the data controller shall both see that the User clicked on the advertisement.
  1. Each Google AdWords client receives a different cookie, thus it is not possible to track them through the websites of the clients of AdWords.
  1. The information which was obtained by means of conversion tracking cookies serve the purpose to be able to prepare conversion statistics for the clients of AdWords who have chosen conversion tracking. This is how clients acquire information about the number of users who click on their advertisement and who are forwarded to the pages which have a conversion tracking label. But, they shall not receive any information by which any of the users could be identified.
  1. In case you do not wish to participate in conversion tracking, you may refuse it by blocking in your browser the possibility of installing cookies. After that, you shall not be included in conversion tracking statistics.
  1. Further information and the data protection declaration of Google can be found on the page below: google.de/policies/privacy/

 

Using Google Analytics

 

  1. This website uses the application Google Analytics, which is the web analysis service of Google Inc. (Google). Google Analytics uses so-called "cookies", text files, which are saved to the computer, thus they support the analysis of the website visited by the User.
  1. The information created by the cookies that are in connection with the website used by the User are generally sent to one of the servers of Google in the U.S. and they are stored there. By activating IP-anonymising on the website, Google shall previously abridge the IP address of the User within the Member States of the European Union or within the states participating in the agreement on the European Economic Area.
  1. Forwarding the full IP-address to the server of Google located in the U.S. and abridging it there shall take place only in exceptional cases. Under the assignment of the operator of the present website, Google shall use these pieces of information for the purpose of evaluating in what way the User had used the website, and for preparing reports for the operator of the website regarding the activity of the website, and for performing other services regarding the use of the website and of the internet.
  1. Within Google Analytics, the IP-address forwarded by the browser of the User shall not be compared with any other data that Google holds. The User is able to prevent the storing of cookies by suitably setting his/her browser, but hereby we call his/her attention that in this case it might happen that not all functions of this website will be available for full use. The User may also prevent Google from collecting and processing by cookies the data of the User in connection with website usage (including IP address) if he/she downloads and installs the following browser plugin. https://tools.google.com/dlpage/gaoptout?hl=hu

 

Newsletter, DM activity

 

  1. According to Section 6 of Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities, the User may give his/her prior express consent that the Supplier may approach the User by its advertisement offers and other consignments at the address provided during registration.
  1. Furthermore, by keeping in mind the provisions of the present information document, the Client may give authorisation to the Supplier for processing those pieces of the Client's personal data that are necessary for sending advertisement offers.
  1. The Supplier shall not send unwanted advertising messages, and the User may unrestrictedly cancel his/her subscription from the sending of offers without having to provide reasons. In this case the Supplier shall delete every personal data of the User - needed for sending advertising messages - from its records, and shall not further approach the User by its advertising messages. The User may cancel his/her subscription by clicking on the link in the message.
  1. Section 20(1) of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information lays down that within the scope of data processing regarding sending newsletters, the following shall have to be indicated:

 

a) an indication of the fact that data is being collected,

b) the data subjects targeted,

c) the purpose of data collection,

d) the duration of the proposed processing operation,

e) the potential data controllers with the right of access,

f) information on the right of data subjects relating to data processing.

 

  1. The fact that the data is being processed, the scope of processed data: name, e-mail address, date, time.
  1. The data subjects targeted: All data subjects who are subscribed for receiving newsletters.
  1. The purpose of data processing: sending electronic messages to the data subject, notifications about any actual information, about products, special offers, new functions, etc.
  1. The duration of data processing, the time limit for deleting the data: the processing operation lasts until revoking the declaration of authorisation, that is until the cancellation of subscription.
  1. Potential data controllers with the right of access: Personal data may be processed by the staff of the data controller, by respecting the principles above.
  1. Information on the rights of the given data subjects relating to data processing: The data subject may cancel his/her subscription from the newsletter at any time, free of charges.
  1. Legal base for data processing: the voluntary consent of the data subject, Section 5(1) of the Info Act, and Section 6(5) of Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities:

 

Advertisers, advertising suppliers and publishers of advertising shall maintain records on the personal data of persons who provided for them a statement of consent - to the extent specified in the statement. The data contained in the aforesaid records - relating to the person to whom the advertisement is addressed - may be processed only for the purpose defined in the statement of consent, until withdrawn, and may be disclosed to third persons subject to the express prior consent of the person affected.

 

Social media

 

  1. Section 20(1) of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information lays down that the following shall have to be determined regarding the data processing performed by social media sites:

 

a) an indication of the fact that data is being collected,

b) the data subjects targeted,

c) the purpose of data collection,

d) the duration of the proposed processing operation,

e) the potential data controllers with the right of access,

f) information on the right of data subjects relating to data processing.

 

  1. The fact that data is being collected, scope of the processed data: The registered name, and the public profile picture of the user on the social media sites Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc.
  1. The data subjects targeted: All data subjects who are registered on the social media sites Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc. , who "like" the website.
  1. The purpose of data collection: The sharing and "liking", promoting of specific contents, products, special offers of the website or the website itself on social media sites.
  1. The duration of the proposed processing operation, the time limit for deleting the data, the potential data controllers with the right of access and information on the right of data subjects relating to data processing: The data subject may obtain information through the given social media site about the source of the data, their processing, about the method of transmission, and about the legal base. Data processing shall be performed on the social media sites, thus the duration of the processing operation, its methods, and the possibilities of deletion and modification shall be governed by the regulations in connection with the given social media site.
  1. Legal base for data processing: the data subject's voluntary consent to the processing of his/her data on the social media sites.

Data transmission

  1. Section 20(1) of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information lays down that the following shall have to be indicated regarding the data transmission activities of the webshop:

 

a) an indication of the fact that data is being collected,

b) the data subjects targeted,

c) the purpose of data collection,

d) the duration of the proposed processing operation,

e) the potential data controllers with the right of access,

f) information on the right of data subjects relating to data processing.

 

  1. The fact that data is being collected, the scope of processed data.
    1. The scope of transmitted data regarding shipping: Shipping name, shipping address, phone number.
  1. The data subjects targeted: All data subjects who request home delivery.
  1. The purpose of data collection: Home delivery of the ordered product.
  1. Duration of the proposed processing operation, time limit for deleting the data: Lasts until the fulfilment of home delivery.
  1. The potential data controllers with the right of access: Personal data may be processed by the following entities, respecting the principles above:

 

DPD Hungária Futárpostai Csomagküldő Szolgáltató

Korlátolt Felelősségű Társaság

seat: H-1158 Budapest, Késmárk u. 14/B. Hungary

+36 (1) 501-6200

+ 36 (40) 100-373

This email address is being protected from spambots. You need JavaScript enabled to view it.

 

TNT Express Hungary Kft.

seat: H-1094 Budapest, Ecseri út 14-16., Hungary

Phone: 06 40 31 3131

e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

Data processing information document: http://www.tnt.com/express/hu_hu/site/privacy_statement.html

 

DHL Express Magyarország Kft.
H-1097 Budapest, Fehérakác utca 3., Hungary

Data processing information document: http://www.dhl.hu/hu/jogi_informaciok.html#privacy

  1. Information on the rights of data subjects relating to data processing: The data subject may request from the home delivery supplier data controller to delete his/her personal data within the shortest time.
  1. Legal base for data forwarding: the consent of the User, Section 5(1) of the Info Act, and Section 13/A(3) of Act CVIII of 2001 on Certain Aspects of Electronic Commerce and Information Society 

 

Customer service and other data processing

 

  1. In case questions arise during the use of the services of the data controller, if the data subject should have any problems, it may get in touch with the data controller using the channels provided on the homepage (phone, e-mail, social media pages, etc.).
  1. The data controller shall delete at latest within 2 years from the disclosing of the data the incoming e-mails, messages, the data submitted on Facebook, etc,, together with the name and address of the enquirer and with his/her any other, voluntarily submitted data.
  1. Regarding any other data processing not listed here we shall provide information at the time of submitting the data.
  1. Under exceptional requests of the authorities, or in case of requests of other entities if they are authorised to do so by law, the Supplier shall be obliged to provide information, to disclose and hand over data and to make certain documents available.
  1. In these cases the Supplier shall disclose personal information for the requester - in case the latter had indicated the exact purpose and the scope of data - only in the amount and in the rate as it is absolutely necessary to fulfil the purpose of the request.

 

Data security (Section 7)

  1. The data controller shall design and perform data processing operations in a way so that they protect the right of privacy of the data subjects.
  1. The data controller shall provide the security of the data (protection through password, virus scanner), it shall take every technical and organisational measure and shall elaborate those procedural rules that are needed in order for the rules of Info Act and of other data and confidential information protection rules to be enforced.
  1. Data shall be protected by means of suitable measures by the data controller especially against
  • unauthorized access,
  • alteration,
  • transmission,
  • public disclosure,
  • deletion or destruction,
  • damage and accidental loss,
  • that the stored data is corrupted and rendered inaccessible due to any changes in or modification of the applied technique.

 

  1. Suitable technical solutions shall be introduced by the data controller to prevent the interconnection of data stored in the filing systems and the identification of the data subjects.
  1. The Data controller shall provide the following in order to prevent illegitimate access to the data, alteration, illegitimate disclosure to the public or illegitimate use of the data:
  • operation and creation of a suitable information technology environment and technical environment,
  • controlled selection and supervision of its staff who participate in providing the service,
  • issuing regular operation, risk management and service providing procedure protocols.
  1. In line with the above, the supplier shall provide that
  • the data it processes is available for the entitled person,
  • the authenticity and authentication of the data is provided,
  • the unaltered state of the data

is verifiable.

  1. The information technology system of the data controller and its hosting service provider shall provide protection above others against
  • computer fraud,
  • espionage,
  • computer viruses,
  • spams,
  • hacks,
  • and other attacks.

 

Rights of the data subject

 

  1. The data subject may request from the Supplier information about the processing of his/her personal data, it may request the correction of his/her personal data, and may request to delete or block his/her personal data - except for compulsory data processing.
  1. Upon the data subject’s request the data controller shall provide information concerning the data relating to him/her, including those processed by a data processor on its behalf or according to its orders, the sources from where they were obtained, the purpose, grounds and duration of processing, the name and address of the data processor and its activities relating to data processing, and the conditions and effects of the data incident and measures taken with a view to eliminate them and – in case of transfer of the data subject's personal data – the legal basis and the recipients of data transfer.
  1. Data controllers – by means of an internal data protection officer should they have appointed one - with the purpose of controlling the measures relating to data incidents and to inform data subjects - shall keep records containing the affected personal data, the persons affected by the data incident, the time, circumstances and effects of the data incident, and the measures taken to eliminate them, and further information determined by law.
  1. With the aim to verify the legitimacy of the data transfer and for giving information to the data subject, the data controller shall maintain a transmission log, containing the time of transmission, the legal basis of transmission and the recipient, the description of the personal data transmitted, and other information prescribed by the relevant legal regulation on data processing.
  1. Upon the User's request, the Supplier shall provide information about the data it processes, their source, the purpose, grounds and duration of processing, the name and address of the possible data processor and information on its activities relating to data processing, and – in case of data transfer regarding the personal data of the data subject – the legal basis of data transfer and its recipient. The Supplier must comply with requests for information within the shortest time from the submission of the request, the latest within twenty-five days, and shall provide the information requested in writing.and in an intelligible way. Information supply is free of charge.
  1. Where a personal data is deemed inaccurate, and the correct personal data is at the controller’s disposal, the data controller shall rectify the personal data in question.
  1. Personal data shall be blocked by the Supplier instead of erased if so requested by the User, or if there are reasonable grounds to believe that erasure could affect the legitimate interests of the User. Blocked data shall be processed only until the time during which the data processing purpose exists which prevented their erasure.
  1. Personal data shall be erased by the Supplier if processed unlawfully, if requested by the data subject, the processed data is incomplete or inaccurate and it cannot be lawfully rectified, provided that erasure is not disallowed by statutory provision of an act, or if the purpose of processing no longer exists or the legal time limit for storage has expired, or so ordered by court or by the National Authority of Data Protection and Freedom of Information.
  1. If the accuracy of an item of personal data is contested by the data subject and its accuracy or inaccuracy cannot be ascertained beyond doubt, the data controller shall mark that personal data.
  1. When a data is rectified, blocked, marked or erased, the data subject and all recipients to whom it was transmitted for processing shall be notified. Notification is not required if it does not violate the rightful interest of the data subject in light of the purpose of processing.
  1. If the data controller refuses to comply with the data subject’s request for rectification, blocking or erasure, the factual or legal reasons on which the decision for refusing the request for rectification, blocking or erasure is based shall be communicated in writing within 25 days of receipt of the request. Where rectification, blocking or erasure is refused, the data
    controller shall inform the data subject of the possibilities for seeking judicial remedy or lodging a complaint with the Authority.

Legal remedy

 

  1. The User shall have the right to object to the processing of data relating to him/her,
    • if processing or disclosure is carried out solely for the purpose of discharging the Supplier's legal obligation or for enforcing the rights and legitimate interests of the Supplier, the recipient or a third party, unless processing is mandatory;
    • if personal data is used or disclosed for the purposes of direct marketing, public opinion polling or scientific research;
    • in all other cases prescribed by law.

 

  1. In the event of objection, the Supplier shall investigate the cause of objection within the shortest possible time but at most within a fifteen-day time period, adopt a decision as to merits and shall notify the data subject in writing of its decision. If the Supplier finds that the data subject’s objection is justified, the controller shall terminate all processing operations (including data collection and transmission), block the data involved and notify all recipients to whom any of these data had previously been transferred concerning the objection, upon which these recipients shall take measures regarding the enforcement of the objection.
  1. If the User disagrees with the decision taken by the Supplier, he/she shall have the right to turn to court within thirty days of the date of delivery of the decision. The court shall hear such cases in priority proceedings.
  1. In case of a possible breach of law committed by the data controller, it is possible to launch a complaint to the National Authority of Data Protection and Freedom of Information:

 

National Authority of Data Protection and Freedom of Information

H-1125 Budapest, Szilágyi Erzsébet fasor 22/C., Hungary

Postal address: 1530 Budapest, Hungary P.O. Box: 5.

Phone: +36 -1-391-1400

Fax: +36-1-391-1410

E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

 

Enforcement of rights in front of the courts

 

  1. The burden of proof to show compliance with the law in connection with data processing lies with the data controller. The burden of proof concerning the lawfulness of transfer of data lies with the data recipient.
  1. The action shall be heard by the regional court as the court of competence. If so requested by the data subject, the action may be brought before the regional court in whose jurisdiction the data subject’s home address or temporary residence is located.
  1. Any person otherwise lacking legal capacity to be a party to legal proceedings may also be involved in such actions as party. The Authority may intervene in the action on the data subject’s 
  1. When the court’s decision is in favour of the plaintiff, the court shall order the controller to provide the information, to rectify, block or erase the data in question, to annul the decision adopted by means of automated data-processing systems, to respect the data subject’s objection, or to disclose the data requested by the data recipient.
  1. If the court rejects the petition filed by the data recipient, the controller shall be required to erase the data subject’s personal data within three days of delivery of the court ruling. The controller shall erase the data even if the data recipient does not file for court action within the defined time limit.
  1. The court may order publication of its decision, indicating the identification data of the controller as well, where this is deemed necessary for reasons of data protection or in connection with the rights of large numbers of data subjects.

 

Compensation and restitution

 

  1. If the data controller infringes the rights relating to personality of the data subject as a result of unlawful processing or by any breach of data security requirements, the data subject shall be entitled to claim restitution from the given data controller.
  1. Regarding the data subject, the data controller shall be liable for damages caused by the data processor and s/he will be liable to pay restitution for personal rights violations as well. The controller shall be released from liability for damages and from paying restitution if s/he demonstrates that the damage or the violation of personal rights were brought about by reasons beyond his/her data processing activity.
  1. No compensation shall be paid and no restitution shall be demanded where the damage or the violation of rights was caused by intentional or seriously negligent conduct on the part of the aggrieved party or the data subject.

 

Final provisions

When preparing this information document, we considered the following legal regulations:

  • Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter referred to as: Info Act).
  • Act CVIII of 2001 on Certain Aspects of Electronic Commerce and Information Society Services (especially Section 13/A).
  • Act XLVII of 2008 on the Prohibition of Unfair Commercial Practices
    against Consumers
  • Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (Especially Section 6)
  • Act XC of 2005 on the Freedom of Information by Electronic Means
  • Act C of 2003 on Electronic Communications (especially Section 155)
  • Opinion 16/2011 on EASA/IAB Best Practice Recommendation on Online Behavioural Advertising
  • The Recommendation of the National Authority of Data Protection and Freedom of Information on the requirements on prior information supply regarding data protection destination-rx.com

 

Contact us

3300 Eger,

Mester utca 8.

Hungary

LUBRICANTS Hungary Ltd.