Data protection

Introduction

The Civil Cooperation Public Foundation (Address: 1027 Budapest, Vitéz utca 5-7., e-mail: info@civilek.hu , ) (hereinafter: Service provider, data controller) is subject to the following information.

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL On the protection of natural persons with regard to the processing of personal data and on the free flow of such data and on the repeal of Regulation 95/46/EC (General Data Protection Regulation) (April 2016) 27.), we provide the following information.

This data management information sheet regulates the data management of the https://eucet.hu website and the European Union Civil Cooperation Council.

The data management information is available from the following page: eucet.hu/adatvedelem

Amendments to the prospectus will take effect upon publication at the above address.

The data controller and its contact details

• Name: Civil Union Public Benefit Foundation
• Headquarters: 1027 Budapest, Vitéz utca 5-7. » show on the map
• E-mail: info@civilek.hu
• Website: https://www.civilek.hu

Concept definitions

1. "personal data": any information relating to an identified or identifiable natural person ("data subject"); a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable;

2. "data management": any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as the collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or by making it available in other ways, coordinating or connecting, limiting, deleting or destroying;

3. "data controller": the natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others; if the purposes and means of data management are determined by EU or member state law, the data controller or the special aspects regarding the designation of the data controller may also be determined by EU or member state law;

4. "data processor": the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller;

5. "Recipient": the natural or legal person, public authority, agency or any other body to whom the personal data is communicated, regardless of whether it is a third party. Public authorities that have access to personal data in accordance with EU or Member State law in the context of an individual investigation are not considered recipients; the management of said data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of data management;

6. "consent of the data subject": the voluntary, specific and well-informed and clear declaration of the will of the data subject, with which the data subject indicates by means of a statement or an act clearly expressing the confirmation that he gives his consent to the processing of personal data concerning him;

7. "data protection incident": a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise handled.

Principles for handling personal data

Personal data:

• a) it must be handled legally and fairly, as well as in a transparent manner for the data subject ("legality, fair procedure and transparency");
• b) it is collected only for specific, clear and legitimate purposes, and they are not handled in a way that is incompatible with these purposes; in accordance with Article 89 (1), further data processing for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes is not considered incompatible with the original purpose
  ("purpose limitation");
• c) they must be appropriate and relevant from the point of view of the purposes of data management, and must be limited to what is necessary ("data economy");
• d) they must be accurate and, if necessary, up-to-date; all reasonable measures must be taken to
  promptly delete or correct personal data that is inaccurate for the purposes of data management ("accuracy");
• e) it must be stored in a form that allows the identification of the data subjects only for the time necessary to achieve the goals of personal data management; personal data may be stored for a longer period only if the personal data will be processed in accordance with Article 89 (1) for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, the rights of the data subjects and subject to the implementation of appropriate technical and organizational measures required to protect your freedoms ("restricted
  storage");
• f) must be handled in such a way that adequate security of personal data is ensured through the application of appropriate technical or organizational measures, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage of data
  ("integrity and confidentiality").

The data controller is responsible for compliance with the above, and must also be able to prove this compliance ("accountability").

Data management

Join us!

1. The fact of data collection, the scope of processed data and the purpose of data management:

The e-mail address does not need to contain personal data.

2. Scope of stakeholders: All stakeholders applying for the program on the website.

3. Duration of data management, deadline for data deletion: The data will be deleted immediately after the user responds to the application (in this case, the data controller is no longer authorized to send a newsletter).
The accounting documents directly and indirectly supporting the bookkeeping (including ledger accounts, analytical and detailed records) must be kept in legible form for at least 8 years, in a way that can be retrieved by reference to the accounting records.

4. Person of the possible data controllers entitled to access the data, recipients of the personal data: Personal data can be handled by the sales and marketing staff of the data controller, in compliance with the above principles.

5. Description of the rights of data subjects related to data management:

• The data subject may request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and
• you can object to the processing of such personal data, as well as
• the data subject has the right to data portability and to withdraw consent at any time.

6. The data subject can initiate access to personal data, its deletion, modification or restriction of processing, portability of data, objection to data processing in the following ways:

• by post to 1027 Budapest, Vitéz utca 5-7,
• by e-mail at the info@civilek.hu .

7. consent of the data subject, Article 6 (1) points a) and b), Infotv. § 5, paragraph (1), § 169, paragraph (2) of Act C of 2000 on accounting, and CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. Act (hereinafter: Elker Law) 13/A. Section (3):
For the purpose of providing the service, the service provider may process the personal data that is technically absolutely necessary for the provision of the service. If the other conditions are the same, the service provider must choose and in any case operate the tools used in the provision of services related to the information society in such a way that personal data is only processed if this is absolutely necessary for the provision of the service and the fulfillment of other objectives defined in this law necessary, but also in this case only to the extent and for the necessary time.

8. We inform you that

• data processing is based on your consent .
• must provide personal data so that we can respond to the application
• failure to provide data result in us not being able to process your application.

The data processors used

Hosting provider

1. Activity provided by data processor: Storage service

2. Name and contact information of the data processor:

• Bábelhal Webstudio Kft.
• Headquarters: 8360 Keszthely, Kossuth Street 35.
• E-mail: info@babelhal.hu
• Phone number: +37 83/777-603

3. Fact of data management, scope of managed data: All personal data provided by the data subject.

4. Scope of stakeholders: All stakeholders who use the website.

5. Purpose of data management: Making the website available and operating it properly.

6. Duration of data management, deadline for data deletion: Data management lasts until the termination of the agreement between the data manager and the storage provider, or until the deletion request addressed to the storage provider by the data subject.

7. Legal basis for data processing: Article 6 (1) points c) and f) and CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. Act 13/A. (3) of §

Management of cookies

1. The fact of the data management, the scope of the managed data: Unique identification number, dates, times

2. Scope of stakeholders: All stakeholders visiting the website.

3. Purpose of data management: Identification of users and tracking of visitors.

4. Duration of data management, deadline for data deletion:

5. The person of the possible data controllers entitled to access the data: The data controller does not manage personal data through the use of cookies.

6. Description of data processing rights of data subjects: The data subject has the option to delete cookies in the Tools/Settings menu of browsers, usually under the settings of the Data Protection menu item.

7. Legal basis for data management: Consent from the data subject is not required if the sole purpose of using cookies is the transmission of information via an electronic communication network or if the service provider absolutely needs it to provide a service related to the information society specifically requested by the subscriber or user.

Application of Google Analytics

1. This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are saved on your computer, thus facilitating the analysis of the use of the website visited by the User.

2. The information created by cookies related to the website used by the User is usually sent to and stored on one of Google's servers in the USA. By activating IP anonymization on the website, Google shortens the User's IP address beforehand within the member states of the European Union or in other states that are parties to the Agreement on the European Economic Area.

3. The full IP address is transmitted to a Google server in the USA and shortened there only in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate how the User used the website, to prepare reports related to website activity for the website operator, and to provide additional services related to website and Internet use.

4. Within the framework of Google Analytics, the IP address transmitted by the User's browser is not combined with other Google data. The User can prevent the storage of cookies by setting their browser accordingly, but please note that in this case, not all functions of this website may be fully usable. You can also prevent Google from collecting and processing the User's website usage data (including IP address) through cookies by downloading and installing the browser plugin available at the following link. https://tools.google.com/

Customer relationship

1. The fact of data collection, the scope of processed data and the purpose of data management:

2. Scope of stakeholders: All stakeholders who are in contact with the data controller by phone/e-mail/in person, or who have a contractual legal relationship.

3. Duration of data management, deadline for data deletion: Data management lasts until the termination of the legal relationship between the data controller and the data subject, or 5 years after the contract in the case of claims.

4. The person of the possible data controllers entitled to access the data, the recipients of the personal data: The personal data can be handled by the authorized employees of the data controller, in compliance with the above principles.

5. Description of the rights of data subjects related to data management:

• The data subject may request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and
• the data subject has the right to data portability and to withdraw consent at any time.

6. The data subject can initiate access to personal data, their deletion, modification, or restriction of processing, data portability in the following ways:

• by post to 1027 Budapest, Vitéz utca 5-7,
• by e-mail at the info@civilek.hu .

7. Legal basis for data management:

7.1. Article 6(1)(b) and (c) of the GDPR.

7.2. In case of enforcement of claims arising from the contract, Act V of 2013 on the Civil Code 6:21. according to § 5 years.

6:22 a.m. § [Prescription]
(1) If this law does not provide otherwise, claims become time-barred within five years.
(2) The statute of limitations begins when the claim becomes due.
(3) The agreement to change the limitation period must be in writing.
(4) An agreement excluding the limitation period is void.

8. We inform you that

• data management is necessary for the fulfillment of the contract and the submission of an offer.
• is obliged to provide personal data so that we can fulfill your order/other request.
• Failure to provide data result in us not being able to process your order/request.

Getting in touch

1. The fact of data collection, the scope of processed data and the purpose of data management:

The e-mail address does not need to contain personal data.

2. Scope of stakeholders: All stakeholders who send messages via the contact form.

3. Duration of data management, deadline for data deletion: It lasts until the data subject's request for deletion.

4. Person of possible data controllers entitled to access the data, recipients of personal data: Personal data can be handled by authorized employees of the data controller.

5. Description of the rights of data subjects related to data management:

• The data subject may request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and
• the data subject has the right to data portability and to withdraw consent at any time.

6. The data subject can initiate access to personal data, their deletion, modification, or restriction of processing, data portability in the following ways:

• by post to 1027 Budapest, Vitéz utca 5-7,
• by e-mail at the info@civilek.hu .

7. Legal basis for data management: consent of the data subject, Article 6 (1) points a) and b)

8. We inform you that

• this data management is based on your consent and is necessary for making contact or making an offer
• you are required to provide personal data in order to contact us.
• failure to provide data results inability to contact the service provider.

Newsletter, DM activity

1. XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activity. Pursuant to § 6 of the Act, the User may give prior and express consent to contact the Service Provider with its advertising offers and other mailings at the contact details provided during registration.

2. In addition, the Customer may, bearing in mind the provisions of this information, consent to the Service Provider managing his personal data necessary for sending advertising offers.

3. The Service Provider does not send unsolicited advertising messages, and the User may unsubscribe from the sending of offers free of charge without limitation or justification. In this case, the Service Provider will delete all personal data necessary for sending advertising messages from its records and will not contact the User with further advertising offers. Users can unsubscribe from advertisements by clicking on the link in the message.

4. The fact of data collection, the scope of processed data and the purpose of data management:

5. Scope of stakeholders: All stakeholders who subscribe to the newsletter.

6. Purpose of data management: sending electronic messages containing advertising (e-mail, SMS, push message) to the person concerned, providing information about current information, products, promotions, new functions, etc.

7. Duration of data management, deadline for deletion of data: data management lasts until withdrawal of consent, i.e. until unsubscription.

8. Person of possible data controllers entitled to access the data, recipients of personal data: Personal data can be handled by the sales and marketing staff of the data controller, in compliance with the above principles.

9. Description of the rights of data subjects related to data management:

• The data subject may request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, as well as
• you can object to the processing of your personal data and
• the data subject has the right to data portability and to withdraw consent at any time.

10. The data subject can initiate access to personal data, its deletion, modification, or restriction of processing, data portability, or objection in the following ways:

• by post to 1027 Budapest, Vitéz utca 5-7,
• by e-mail at the info@civilek.hu .

11. The person concerned can unsubscribe from the newsletter at any time, free of charge.

12. Legal basis for data management: consent of the data subject, Article 6 (1) points a) and f) and XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activities. § 6 (5) of the Act:

The advertiser, the advertising service provider, or the publisher of the advertisement - within the scope defined in the consent - keeps a record of the personal data of the persons who have given their consent. The data recorded in this register - relating to the recipient of the advertisement - can only be handled in accordance with the consent statement, until it is revoked, and can only be transferred to third parties with the prior consent of the person concerned.

13. We inform you that

• data management is based on your consent and the service provider's legitimate interest .
• you must provide personal data if you want to receive a newsletter from us.
• failure to provide data result in us not being able to send you a newsletter.

Complaint handling

1. The fact of data collection, the scope of processed data and the purpose of data management:

2. Scope of stakeholders: All stakeholders who complain about the quality of the hotel's services.

3. Duration of data management, deadline for deletion of data: Copies of the minutes, transcripts and the response to the objection taken in the CLV of 1997 on consumer protection. Act 17/A. § (7) must be kept for 5 years.

4. Person of the possible data controllers entitled to access the data, recipients of the personal data: Personal data can be handled by the sales and marketing staff of the data controller, in compliance with the above principles.

5. Description of the rights of data subjects related to data management:

• The data subject may request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and
• you can object to the processing of such personal data, as well as
• the data subject has the right to data portability and to withdraw consent at any time.

6. The data subject can initiate access to personal data, their deletion, modification, or limitation of processing, portability of data, objection to data processing in the following ways:

• by post to 1027 Budapest, Vitéz utca 5-7,
• by e-mail at the info@civilek.hu .

7. Legal basis for data management: Article 6 (1) point c) and CLV of 1997 on consumer protection. Act 17/A. (7) of §

8. We inform you that

• the provision of personal data a legal obligation .
• the processing of personal data is a prerequisite for the conclusion of the contract
• must provide personal data so that we can handle your complaint.
• Failure to provide data result in us not being able to handle your complaint.

Recipients with whom personal data is communicated

"recipient" : the natural or legal person, public authority, agency or any other body to whom or to which the personal data is communicated, regardless of whether it is a third party.

Data processors (those who perform data management on behalf of the data controller)

The data controller uses data processors in order to facilitate its own data management activities, as well as to fulfill its contractual obligations with the data subject and the obligations imposed by legislation.

The data controller places great emphasis on using only data processors who provide adequate guarantees for the implementation of appropriate technical and organizational measures ensuring compliance with the requirements of the GDPR and the protection of the rights of the data subjects.

The data processor and any person acting under the control of the data processor who has access to personal data shall handle the personal data contained in these regulations exclusively in accordance with the instructions of the data controller.

The data controller is legally responsible for the activities of the data processor. The data processor is only liable for damages caused by data processing if it has not complied with the obligations specifically imposed on data processors as defined in the GDPR, or if it has ignored or acted contrary to the legal instructions of the data controller.

The data processor has no meaningful decision-making regarding the management of the data.

The data controller can use a storage service provider to provide the IT background, and a courier service as a data processor to deliver the ordered products.

Some data processors

Data processing activity:

Hosting service, web development

• Name: Bábelhal Webstudio Kft.
• Address, contact information: 8360 Keszthely, Kossuth utca 35.

Internal data protection (data sheet)

1. data management : Article 6 (1) point c) of the GDPR.

2. The purpose of data management: compliance with the legal regulations related to tourism tax.

3. The duration of data management, the deadline for data deletion: until the competent authority can verify the fulfillment of the obligations specified in the relevant legislation, and in the case of a contract, the deadline - in accordance with § 169 (2) of Act C of 2000 on accounting - is 7 days after the given year December 31 of the year.

4. Scope of processed data: name, e-mail, residential address, ID number, citizenship, date of birth, registration number, other personal data.

5. Person of possible data controllers entitled to access the data: Personal data can be managed by the employees of the data controller, in compliance with the above principles.

6. Description of the rights of data subjects related to data management:

• The data subject may request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and
• the data subject has the right to data portability and to withdraw consent at any time.

9. The data subject can initiate access to personal data, its deletion, modification or limitation of processing, data portability in the following ways:

• by post to 1027 Budapest, Vitéz utca 5-7,
• by e-mail at the info@civilek.hu .

Social sites

1. The fact of data collection, the range of data processed: Facebook / Google+ / Twitter / Pinterest / Youtube / Instagram, etc. the name registered on social networking sites and the user's public profile picture.

2. Scope of stakeholders: All stakeholders who have registered on Facebook / Google+ / Twitter / Pinterest / Youtube / Instagram, etc. on social networking sites and "liked" the website.

3. Purpose of data collection: To promote the sharing or "liking" of certain content elements, products, promotions or the website itself on social networking sites.

4. The duration of the data management, the deadline for the deletion of the data, the identity of the possible data controllers entitled to access the data and the description of the rights of the data subjects related to data management: The data subject can find information about the source of the data, its management, the method of transfer and its legal basis on the given social site. Data management takes place on social networking sites, so the duration and method of data management, as well as the options for deleting and modifying data, are governed by the regulations of the respective social networking site.

5. The legal basis for data management: the voluntary consent of the concerned person to the processing of his personal data on social networking sites.

Customer relations and other data management

1. If a question arises when using our data management services, or if the data subject has a problem, you can contact the data manager using the methods provided on the website (telephone, e-mail, social media sites, etc.).

2. The data controller processes received e-mails, messages, on the phone, on Facebook, etc. data provided, together with the name and e-mail address of the interested party, as well as other voluntarily provided personal data, will be deleted after a maximum of 2 years from the date of data communication.

3. We provide information on data management not listed in this information when the data is collected.

4. The Service Provider is obliged to provide information, communicate and hand over data, or make documents available in the event of an exceptional official inquiry, or in the event of an inquiry by other bodies based on the authorization of the law.

5. In these cases, the Service Provider will only release personal data to the requester - if he has indicated the exact purpose and the scope of the data - to the extent and to the extent that is absolutely necessary to achieve the purpose of the request.

Rights of data subjects

1. The right of access: You are entitled to receive feedback from the data controller as to whether your personal data is being processed, and if such data processing is underway, you are entitled to access your personal data and the information listed in the regulation.

2. The right to rectification: You have the right to request that the data controller correct inaccurate personal data concerning you without undue delay. Taking into account the purpose of data management, you are entitled to request the completion of incomplete personal data, including by means of a supplementary statement.

3. The right to deletion: You have the right to request that the data manager delete your personal data without undue delay, and the data manager is obliged to delete your personal data without undue delay under certain conditions.

4. The right to be forgotten: If the data controller has disclosed personal data and is obliged to delete it, taking into account the available technology and the costs of implementation, it will take reasonably expected steps - including technical measures - in order to inform the data controllers handling the data that You have requested the deletion of the links to the personal data in question or the copy or duplicate of this personal data.

5. The right to restrict data processing: You have the right to have the data controller restrict data processing at your request if one of the following conditions is met:

• You dispute the accuracy of the personal data, in which case the limitation applies to the period that allows the controller to check the accuracy of the personal data;
• the data processing is unlawful and you object to the deletion of the data and instead request the restriction of its use;
• the data controller no longer needs the personal data for the purpose of data management, but you require them to submit, enforce or defend legal claims;
• You have objected to data processing; in this case, the restriction applies to the period until it is determined whether the data controller's legitimate reasons take precedence over your legitimate reasons.

6. The right to data portability: You have the right to receive the personal data about you that you have provided to a data controller in a segmented, widely used, machine-readable format, and you have the right to transmit this data to another data controller without this would be hindered by the data controller to whom the personal data was made available (…)

7. The right to object: You have the right to object at any time to the processing of your personal data by (…), including profiling based on the aforementioned provisions, for reasons related to your own situation.

8. Objection in the event of direct business acquisition: If personal data is processed for the purpose of direct business acquisition, you have the right to object at any time to the processing of your personal data for this purpose, including profiling, if it is related to direct business acquisition. If you object to the processing of personal data for direct business purposes, then the personal data may no longer be processed for this purpose.

9. Automated decision-making in individual cases, including profiling: You have the right not to be subject to the scope of a decision based solely on automated data management, including profiling, which would have legal effects on you or similarly significantly affect you.

The previous paragraph does not apply if the decision:

• It is necessary to conclude or fulfill the contract between you and the data controller;
• it is made possible by EU or member state law applicable to the data controller, which also establishes appropriate measures for the protection of your rights and freedoms, as well as your legitimate interests; or
• It is based on your express consent.

Action deadline

will inform you of the measures taken following the above requests without undue delay, but in any case within 1 month

If necessary, this can be extended by 2 months . The data controller will inform you of the extension of the deadline, indicating the reasons for the delay, within 1 month of receiving the request.

If the data controller does not take measures following your request, it will inform you without delay, but at the latest within one month of the receipt of the request, of the reasons for the failure to take action, as well as the fact that you can file a complaint with a supervisory authority and exercise your right to judicial redress.

Security of data management

The data manager and the data processor implement appropriate technical and organizational measures, taking into account the state of science and technology and the costs of implementation, as well as the nature, scope, circumstances and purposes of data management, as well as the variable probability and severity of the risk to the rights and freedoms of natural persons. , to guarantee a level of data security appropriate to the degree of risk, including, among others, where appropriate:

• a) pseudonymization and encryption of personal data;
• b) ensuring the continuous confidentiality, integrity, availability and resilience of the systems and services used to manage personal data;
• c) in the event of a physical or technical incident, the ability to restore access to personal data and the availability of data in a timely manner;
• d) a procedure for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures taken to guarantee the security of data management.

Specific data security measures of the data controller:

The hotel uses the front office software of HostWare Kft. (1149 Budapest, Róna utca 120. Tel.: +36 1 469 9000, E-mail: hostware@hostware.hu ) to perform guest traffic, statistical services, and tasks related to invoicing .

The protection of personal data is ensured by the following measures:

• 1. The hotel executive and the front office manager have access rights to the database of the front office system.
• 2. Only verified and authentic data can be entered into the system, the immutability of which can be verified.
• 3. Protection against unauthorized access to data and unauthorized data entry is ensured.
• 4. Checking and ascertaining whether the personal data was entered into the system by whom and when, and whether its content was changed in the meantime.
• 5. Restoring the installed IT systems in the event of a malfunction, securing the databases.

Informing the data subject about the data protection incident

If the data protection incident is likely to involve a high risk for the rights and freedoms of natural persons, the data controller shall inform the data subject of the data protection incident without undue delay.

In the information provided to the data subject, clearly and comprehensibly described, and the name and contact information of the data protection officer or other contact person providing additional information must be provided; the likely consequences of the data protection incident must be described; the measures taken or planned by the data controller to remedy the data protection incident must be described, including, where appropriate, measures aimed at mitigating any adverse consequences resulting from the data protection incident.

The data subject does not need to be informed if any of the following conditions are met:

• the data controller has implemented appropriate technical and organizational protection measures and these measures have been applied to the data affected by the data protection incident, in particular those measures - such as the use of encryption - that make the personal data unintelligible to persons not authorized to access the personal data data;
• after the data protection incident, the data controller has taken additional measures to ensure that the high risk to the rights and freedoms of the data subject is unlikely to materialize in the future;
• providing information would require a disproportionate effort. In such cases, the data subjects must be informed through publicly published information, or a similar measure must be taken that ensures similarly effective information to the data subjects.

If the data controller has not yet notified the data subject of the data protection incident, the supervisory authority, after considering whether the data protection incident is likely to involve a high risk, may order the data subject to be informed.

Reporting a data protection incident to the authority

The data controller shall report the data protection incident to the competent supervisory authority pursuant to Article 55 without undue delay and, if possible, no later than 72 hours after becoming aware of the data protection incident, unless the data protection incident is likely to pose no risk to the rights of natural persons and freedoms. If the notification is not made within 72 hours, the reasons justifying the delay must also be attached.

Possibility of filing a complaint

You can file a complaint with the National Data Protection and Freedom of Information Authority against possible violations of the data controller:

• National Data Protection and Freedom of Information Authority
• 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
• Mailing address: 1530 Budapest, PO Box: 5.
• Phone: +36 -1-391-1400
• Fax: +36-1-391-1410
• E-mail: ugyfelszolgalat@naih.hu

Final word

During the preparation of the information, we paid attention to the following legislation:

• REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL On the protection of natural persons with regard to the processing of personal data and on the free flow of such data and on the repeal of Regulation 95/46/EC (General Data Protection Regulation) (April 2016) 27.)
• CXII of 2011 Act - on the right to self-determination of information and freedom of information (hereinafter: Infotv.)
• CVIII of 2001 Act - on certain issues of electronic commercial services and services related to the information society (mainly § 13/A)
• XLVII of 2008 law - on the prohibition of unfair trade practices towards consumers;
• XLVIII of 2008 Act - on the basic conditions and certain limitations of economic advertising (especially § 6.a)
• XC of 2005. Act on Electronic Freedom of Information
• Act C of 2003 on electronic communications (specifically § 155.a)
• 16/2011. no. Opinion on the EASA/IAB Recommendation on Best Practices for Behavioral Online Advertising
• The recommendation of the National Data Protection and Freedom of Information Authority on the data protection requirements of prior information
• Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free flow of such data and repealing Regulation 95/46/EC

Downloadable documents

• Data protection incident report
• Informing the data subject about the data protection incident
• Consent according to GDPR
• Declaration of cancellation

Keszthely, March 4, 2020