Privacy Statement

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as ‘GDPR’) provides that the controller shall take appropriate measures to provide any information and any communication relating to processing of personal data to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, and that the controller shall facilitate the exercise of data subject rights.
Right to prior information of the data subject is also foreseen by Act CXII of 2011 on the right to informational self-determination and on the freedom of information (hereinafter referred to as ‘Infotv.’).

By providing the information below we fulfil these legal obligations.

This statement shall be published on the company’s website or shall be sent to the data subject at their request. Personal data shall only be collected and processed in accordance with the law.

Data storage shall be as secure as possible.

Personal data shall be transmitted to third parties only upon consent.

Should you need information on your personal data stored by us, you may send us a written request to kata@purposeprototyping.com

You may request your personal data to be deleted at kata@purposeprototyping.com.

Name of the Data Controller

Name: Impact Iraining, and Coaching Limited Partnership (hereinafter referred to as: Service Provider or Data Controller

Contact person: Kata Mórocz

Registered address: 8000 Székesfehérvár, Semmelweis I. utca 17.

Tax number: 26726735-1-07

Community tax number: HU26726735

Company registration number: 07-06-016433

Email: kata@purposeprototyping.com

Website: https://purposeprototyping.com

‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller (GDPR, Article 4(8)). No prior consent is needed from the data subject for the use of a processor, however the data subject shall be informed. Accordingly, the following information is hereby provided:

The IT provider of the Data Controller

The Data Controller relies on an external service provider to maintain and manage her website. This external service provider provides IT services (hosting, operation of the web-store interface), in the framework of which it processes personal data entered on the website, for the duration of our contract with them. Operation carried out by the IT provider: storing personal data on the server.

Name of the Processor:

Company name: Magyar Hosting Limited Liability Company
Tax number: 23495919-2-41
Company registration number: 01-09-968314
Email: info@tarhely.com
Seat/Head office: 1132 Budapest Victor Hugo utca 18-22
Privacy statement (in Hungarian): https://www.mhosting.hu/adatvedelem?_ga=2.49701605.2140912754.1589375779-1316255552.1561037693

Names of other potential processors when using the website www.purposeprototyping.com

https://analytics.google.com/analytics/web/provision/#/provision

  • Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, telephone:+1 650-543-

4800. www.facebook.com GDPR: http://www.facebook.com/legal/terms?ref=pf), http://www.facebook.com/about/privacy/

The Service Provider as Data Controller hereby informs visitors of her website www.purposeprototyping.com about personal data processed in connection with the operation of the website and its services, the identity of data controller(s) and their details, guiding principles and practices for the processing of personal data, transmission of data, organizational and technical measures taken to protect personal data, as well as the way and possibilities for data subjects to exercise their rights.

Section 20(1) of Act CXII of 2011 on the right to informational self-determination and on the freedom of information provides that the data subject (hereinafter: user) shall be informed prior to the start of the processing of data that this processing is either consent-based or mandatory.

The data subject shall receive information, prior to the start of processing, on all relevant facts connected to the processing, in particular the purpose and legal basis of data processing, the person entitled to data processing and data control, as well as the duration of data processing.

Under Section 6(1) of Infotv. the data subject shall be informed that personal data may be processed even if it is impossible to obtain the consent of the data subject or if it caused disproportionate costs, and the processing of personal data is necessary to

  • fulfil a legal obligation applicable to the data controller, or
  • enforce a legitimate interest of the data controller or a third party, and the enforcement of this interest is proportionate to the restriction of the right to the protection of personal data.

The information shall include the rights of the data subject related to data processing and legal remedies available.

If it is impossible to directly inform the data subject or if it entailed disproportionate costs (such as on the website, in this case), information may be provided also by publishing the following information:

  1. a) the fact of data collection,
  2. b) the group of data subjects,
  3. c) the purpose of data collection,
  4. d) the duration of data processing,
  5. e) the identity of potential data controllers entitled to have access to these data,
  6. f) description of the rights of data subjects related to data processing and legal remedies available, and
  7. g) if the data protection registration of data processing has a location, the registration number of data processing.

This privacy statement regulates the data processing of the following website: www.purposeprototyping.com

The amendments to this statement will enter into force by being published at the above address.

Interpretative provisions

  1. data subject/user: any specified natural person identified or identifiable directly or indirectly by personal data;
  2. personal data: any information relating to a data subject, in particular the name and identification number of the data subject, as well as one or more factors specific to their physical, physiological, mental, economic, cultural or social identity, and conclusions relating to that data subject that can be drawn from the data in question;
  3. sensitive data:
  4. a) personal data revealing racial or ethnic origin, political opinion or party affiliation, religion or belief, trade union membership, sexual life,
  5. b) personal data revealing health status or addictions, as well as criminal personal data;
  6. consent: any freely given, specific, informed and unambiguous indication of the data subject’s wishes, by which he, by a statement or a clear affirmative action, signifies agreement to the processing of personal data relating to them;
  7. objection: statement made by the data subject objecting the processing of their personal data and requesting the termination of data processing, or the deletion of data processed;
  8. data controller: a natural or legal person, or an organisation having no legal personality which, alone or jointly with others, determines the purposes of the processing of personal data; makes and implements decisions relating to the processing of data (including the tools used), or entrusts a data processor to implement such decisions for them;
  9. processing: any operation or set of operations that is performed on data, regardless of the procedure applied; in particular collecting, recording, registering, organising, storing, modifying, using, retrieving, transferring, disclosing, synchronising or connecting, blocking, erasing and destroying the data, as well as preventing their further use; taking photos and making audio or visual recordings, as well as registering physical characteristics suitable for personal identification (such as fingerprints or palm prints, DNA samples and iris scans);
  10. data transfer: providing access to the data for a designated third party;
  11. disclosure: making the data accessible to anyone;
  12. data erasure: making the data unrecognisable in such a way that its restoration is no longer possible;
  13. data identification: assigning identifiers to data with the purpose of distinguishing them;
  14. data blocking: assigning an identifier to the data with the purpose of limiting their further processing permanently or for a fix term;
  15. data destruction: the complete physical destruction of the data medium that contains the data;
  16. data control: performing technical tasks in connection with data processing activities, regardless of the methods and tools used for executing the operations, or the location where they are performed, provided that such technical tasks are performed on data;
  17. processor: a natural or legal person, or an organisation having no legal personality which processes personal data under an agreement concluded with the controller, including contracts as provided by the relevant legislation;
  18. data source: the organ performing public duties, which generated the data of public interest that is to be published through electronic means, or during the operations of which such data was generated;
  19. data publisher: the organ performing public duties which, if the data source itself does not publish the data, uploads the data sent to it by the data source to a website;
  20. dataset: all data processed in a single registry;
  21. third party: a natural or legal person, or an organisation having no legal personality, other than the data subject, controller, processor and the persons who, under the direct authority of the controller or processor, carry out operations aimed at processing personal data.
  1. Legal basis of data processing
  1. Personal data may be processed if
  • the data subject has given their consent, or
  • it is prescribed in an Act or, based on the authorisation of an Act, within the limits set forth therein, in a local government decree for purposes in the public interest.
  1. Personal data may be processed also if it is impossible to obtain the consent of the data subject or it would cause disproportionate costs, and processing of personal data is necessary to
  2. a) fulfil a legal obligation applicable to the data controller, or
  3. b) to enforce a legitimate interest of the data controller or a third party, and the enforcement of this interest is proportionate to the restriction of the right to the protection of personal data.
  4. If the data subject is unable to give consent due to incapacity or any other unavertable reason, then the personal data of the data subject may be processed during the existence of circumstances beyond their control that prevent them to give consent, to the extent that is necessary to protect an interest which is essential for the data subject’s or another person’s vital interests, including physical integrity or life.
  5. The legal statement of a minor over 16 years of age containing their consent shall be valid without the consent or subsequent approval of their legal representative.
  6. If the purpose of data processing based on consent is the performance of a contract concluded with the data controller in writing, such contract shall contain all the information that the data subject should be aware of during the processing of personal data, such as, in particular, the personal data to be processed, the duration of processing, the purpose of use, the fact and the recipients of data transmission, and the fact of using a data processor. The contract shall contain in an unambiguous manner that by signing the contract, the data subject gives their consent to the processing of their personal data pursuant to the terms and conditions of the contract.
  7. If the recording of personal data takes place upon consent by the data subject, unless otherwise provided for by the law, the data controller shall process the recorded data to
  • fulfil a legal obligation applicable to the data controller, or
  • enforce a legitimate interest of the data controller or a third party, if the enforcement of this interest is proportionate to the restriction of the right to the protection of personal data.

Article 13/A (1) of Act CVIII of 2001 on certain aspects of electronic commerce and information society services:

‘The service provider may – for the purpose of providing the service – process personal data indispensable for providing the service for technical reasons. Should other conditions be identical, the service provider shall select and operate the means applied in the course of providing information society service at all times, so that personal data be processed only if it is absolutely indispensable for providing the service or achieving other objectives stipulated in this Act, and only to the required extent and duration.’

  1. Purpose limitation of data processing
  1. Personal data shall be processed only for clearly specified purposes, in order to exercise certain rights and fulfil obligations. The purpose of processing shall be met in all stages of processing; data shall be collected and processed fairly and lawfully.
  2. Only personal data that is essential and suitable for achieving the purpose of processing may be processed. Personal data may be processed only to the extent and for the period of time necessary to achieve its purpose.
  3. The visitor of the website is entitled to be informed of personal data breaches if they are likely to present a high risk to their rights and freedoms. A personal data breach occurs when personal data is lost, destroyed or accessed by unauthorised persons. Personal data breaches shall be reported to the data protection authority within 72 hours. If the data processor is informed of such data protection breach, they are obliged to report this to the owners of the webstore (data controllers).
  1. Other principles of data processing

In the course of processing, data shall retain their personal character as long as their connection with the data subject can be restored. The connection with the data subject shall, in particular, be considered restorable if the controller is in possession of the technical means necessary for the restoration.

The accuracy and completeness, and, if deemed necessary with respect to the purpose of the processing, the up-to-date status of the data shall be ensured throughout the processing; the identification of the data subject shall be possible for no longer than necessary for the purpose of the processing.

  1. Functional data processing

Pursuant to Section 20(1) of Act CXII of 2011 on the right to informational self-determination and on the freedom of information the following shall be determined within the operation of the functionality of the website:

  1. a) the fact of data collection,
  2. b) the group of data subjects,
  3. c) the purpose of data collection,
  4. d) the duration of data processing,
  5. e) the identity of potential data controllers entitled to have access to these data,
  6. f) description of the rights of data subjects related to data processing.
  1. The fact of data collection, set of data processed: last name and first name, email address, phone number, secondary phone number
  2. Group of data subjects: All users sending a message via the website shall be considered as data subjects.
  3. The purpose of data collection: The Service Provider shall process the personal data of Users in order to ensure fully fledged use of the website and to contact Users.
  4. Duration of data processing, deadline for the erasure of personal data: Immediately after the execution of the order. Except in the case of accounting documents as Section 169(2) of Act C of 2000 on accounting provides that these data shall be retained for 8 years.

The accounting documents underlying the accounting records directly or indirectly (including ledger accounts, analytical records and registers) shall be retained for minimum eight years, shall be legible and retrievable by means of the code of reference indicated in the accounting records.

  1. The identity of potential data controllers entitled to have access to these data: Personal data can be processed by the data controller, in compliance with the above principles.
  2. Description of the rights of data subjects related to data processing: Erasure or modification of personal data may be requested by the data subject in the following ways:

– by ordinary mail sent to 8000 Székesfehérvár Semmelweis I. utca 17.

– by email sent to kata@purposeprototyping.com

Legal basis of data processing: the User’s consent, Section 5(1) of Infotv., as well as Article 13/A(3) of Act CVIII of 2001 on certain aspects of electronic commerce and information society services (hereinafter referred to as ‘Elker tv.’):

The service provider may – for the purpose of providing the service – process personal data indispensable for providing the service for technical reasons. Should other conditions be identical, the service provider shall select and operate the means applied in the course of providing information society service at all times, so that personal data be processed only if it is absolutely indispensable for providing the service or achieving other objectives stipulated in this Act, and only to the required extent and duration.

  1. Principles relating to functional data processing (Elker tv. Article 13/A)
  1. For the purpose of billing the charges arising under the contract for the information society service, the service provider may process data related to the use of such service, such as identification data of a natural person, address, as well as the data regarding the time, duration and place of using the service.
  2. The service provider may – for the purpose of providing the service – process personal data indispensable for providing the service for technical reasons. Should other conditions be identical, the service provider shall select and operate the means applied in the course of providing information society service at all times, so that personal data be processed only if it is absolutely indispensable for providing the service or achieving other objectives stipulated in Elker tv., and only to the required extent and duration.
  1. The service provider may process data related to the use of the service for any other purposes – thus, in particular, for the purposes of enhancing the efficiency of the service, forwarding of electronic advertisements or other direct communications addressed to the recipient of the service, or market surveys – only with the prior specification of the purpose of data processing and subject to the consent of the recipient of the service.
  2. Recipient of the services shall be allowed, at all times, prior to and during the course of using the information society service to prohibit the data processing.
  3. Data processed shall be deleted if the contract is not concluded, is terminated and after the billing. Data processed shall be deleted if the purpose of data processing has ceased or upon the instruction of the recipient of the service to this effect. Unless provided otherwise by the law, deletion of the data shall take place without delay.
  4. The service provider shall ensure that the recipient of the service of the information society service may, at any time prior to and in the course of using the service, get acquainted with the types of data processed by the service provider and the objective of processing such data, including the processing of data directly not associated with the recipient of the service.
  1. Managing cookies

Managing cookies

The current cookie policy contains the terms applicable to the use of the website operated by https://purposeprototyping.com/ as service provider (‘Service Provider’).When designing this website the rules applicable to the further use of cookies were observed. As regards this use, we observed the following rules and use cookies accordingly:

Act C of 2003 on Electronic Communications
Act CVIII of 2001 on certain issues of electronic commerce services and information society services
Act CXII of 2011 on the right of informational self-determination and the freedom of information
Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications)

Please read the document carefully and use my services only if you agree with all the terms herein and accept them as binding to you as a User. Please note that this cookie policy applies only to cookie management on this specific Website. If you click on a link on this website that directs you to another website, please find and read the cookie policy of that particular website too.

What is a cookie?

Cookies are little text files or pieces of information which are saved by your browser from our website and stored on your computer. Next time you visit our website these cookies help the server computer that stores the materials of our website to recognize that you have already visited our website.
The default setting of the majority of browsers is to accept cookies. If you prefer, you can change your settings so that your browser refuses cookies or alerts you that cookies have been sent to your computer. Our website uses such cookies in order to ensure certain functions or for reasons of convenience. The cookies we use won’t load, slow down or cause harm to your computer.

The website also uses third-party cookies. Cookies can be deleted or disabled in your browser. Cookies can also be disabled. You will find information about such settings on the official website of your browser.

What is the purpose of cookies?

These technologies can be used for a variety of purposes, such as to display the most relevant content or advertisement for the User; for the development of our products and services; as well as to preserving the security of our services. The precise names of cookies, pixels and other similar technologies may change from time to time with the development and upgrading of services.

How cookies are generated?

First, the client computer sends a request towards the server. The server then creates a unique ID and stores it in its own database, then sends back the cookie, together with all the information, to the client. The information cookie is then stored on the client computer.

How cookies are used?

When the client computer once again contacts the server, the previously generated and stored cookie will be attached to it. The server will compare the contents of the received and of the stored cookie. Thus it can easily identify e.g. a registered user.

What type of cookies do we use?

A variety of cookies are used, but each website uses different types of cookies. Our website usually uses only the following types, but new types may be added during upgrades.

Session/Temporary cookies:

These cookies are stored in the temporary memory as long as the user navigates the website. When the user closes the browser, the cookie will be deleted. These cookies do not contain any personal data, and are not suitable to identify the visitor.

Stored/Persistent cookies:

These are the cookies that will be used every time the user visits the website. Based on the type of cookies, they can be used for the following purposes:

Analytics:

It tracks your movements around the site, what products you’ve looked at, what you’ve been doing. This cookie will remain on the client computer depending on its lifetime. It can be used by functions such as Google Analytics or Youtube. These cookies do not contain any personal data, and are not suitable to identify the visitor.

Social networks:

Allows easy access to social media networks and sharing your views and information on our products with others. It can be used by third-party functions such as Facebook, Twitter, Google+, Pinterest or YouTube. These cookies may contain personal data, and are suitable to identify the visitor.

Media:

These cookies are used to view videos on the website. They can be used by third-party functions such as Youtube. These cookies do not contain any personal data, and are not suitable to identify the visitor.

Functional:

It shows whether the user has already visited this site and if so, on what device. It notes the user name, password, language selection, location information. These cookies may contain personal data, and are suitable to identify the visitor.

Advertising:

With the help of these cookies I can send targeted information and newsletters to the users. These cookies may contain personal data, and are suitable to identify the visitor.

For further information on cookies, their types and full functionalities visit www.allaboutcookies.org.

How cookies are managed?

In a variety of ways, but the client has the option to adapt the settings of their browser in order to manage cookies. Generally speaking, browser settings can be as follows:

Accept all cookies

Reject all cookies

Request notification on each cookie use

As for cookie settings, it’s worth looking into the Options or Settings menu of your browser, or check the Help menu. The following websites provide assistance in relation to the settings of the most commonly used browsers.

Internet Explorer

Firefox

Chrome

Please note that this website has been generated with cookie management. If the client partially or completely blocks the use of cookies that may hinder the operation of the website. In that case, there may be functions and services that the user won’t be able to use, either partially or in their entirety.

We use cookies even if the User has no registered account with us or if they’ve signed out of their account. For example, if the User has logged out of their account, we use cookies to facilitate the following:

identify and disable the accounts of spammers

restore account, in case of lost access

provide additional security features such as log-in notifications and log-in approvals

prevent the registration of minors with fake dates of birth

display, select, evaluate, measure and interpret advertisements displayed on the website and elsewhere (including advertisements displayed by or on behalf of partner enterprises and other partners)

compile analytical information about persons who come into contact with our services, and the websites of our advertisers and partners.

In order to protect our services and our users against malicious activities we place cookies even if the User has no registered account but visited our website. For example, these cookies help us detect and prevent attacks aimed at interrupting our services, and the mass creation of fake accounts.

If cookies are stored in the browser or on the device, we can read the actual cookie when you visit a website that includes a social module. The operators of social networking websites (Facebook, Twitter, LinkedIn, Google Plus) are responsible for cookies created by these websites of which you can find information on the actual social networking website.

  1. Customer correspondence (contact, sending opinions, help)
  1. If you have queries or experience problems while using our services, wish to advertise on our website or collaborate with us in any other way, share your opinion with us or ask for help, you may contact the editors of this service in the way specified on our website or through the contact form.
  2. Right after the settlement of a case, the Service Provider immediately deletes incoming letters, together with the name and email address, phone number and any other personal data provided voluntarily by the sender.
  1. Facebook

Pursuant to Section 20(1) of Act CXII of 2011 on the right to informational self-determination and on the freedom of information the following shall be determined within the data transmission activities of the website:

  1. a) the fact of data collection,
  2. b) the group of data subjects,
  3. c) the purpose of data collection,
  4. d) the duration of data processing,
  5. e) the identity of potential data controllers entitled to have access to these data,
  6. f) description of the rights of data subjects related to data processing.
  1. The fact of data collection, the range of data processed: the registered name and public profile picture of the user on Facebook.com.
  2. Group of data subjects: All data subjects who have registered on Facebook.com and liked www.purposeprototyping.com website.
  3. Purpose of data processing: Sharing and liking the website on Facebook.com.
  4. Duration of data processing, the identity of potential data controllers entitled to have access to these data and description of the rights of data subjects related to data processing: Data subjects can find further information on data sources, data processing, as well as the mode and the legal basis of data transmission at http://www.facebook.com/about/privacy/.
  5. Data processing takes place on Facebook.com, therefore the duration and mode of data processing, as well as the potential erasure and rectification of data is governed by the rules and regulations of facebook.com.

(http://www.facebook.com/legal/terms?ref=pf), (http://www.facebook.com/about/privacy/ )

  1. Legal basis of data processing: the voluntary consent of the data subject to the processing of their data on facebook.com.

 

  1.  Data security
  1. The data controller is obliged to design and implement data processing operations in a way so as to ensure protection of the privacy of data subjects.
  2. The controller, or the processor acting on behalf of or instructed by the controller, shall ensure the security of personal data, and implement appropriate technical and organisational measures and develop rules of procedure required to enforce Infotv. and other data and privacy protection rules.
  3. Data shall be protected by appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, erasure or destruction, unavailability due to accidental destruction and damage resulting from a change in the technology used.
  4. For the purpose of protecting datasets processed electronically in various registers it shall be ensured with an appropriate technical solution that data stored in these registers cannot be directly interconnected or assigned to the data subjects, unless an Act allows it.
  5. During the automated processing of personal data the data controller and the data processor shall ensure through further measures to
    • prevent unauthorised recording of personal data;
    • prevent the use of the automated processing system by unauthorised persons by means of data transmission equipment;
    • verify and determine the identity of the recipients to whom the personal data have been or can be transferred or provided by means of data transmission equipment;
    • verify and determine the scope of the personal data entered into the processing system, as well as the time of entering such data and the identity of the person who entered them;
    • recoverability of the processing system in the event of a breakdown; and
    • reporting of malfunctions that occurred during automated processing.

When determining and applying data security measures, the data controller and the data processor shall take into consideration the level of technological development. When several possible data processing solutions are available, they shall choose the one that ensures a higher level of protection of personal data, except if that entailed disproportionate difficulties for the data controller.

  1. Entitlements of the data subject
  1. The data subject may request the Service Provider to provide information on the processing of their personal data, to rectify their personal data, as well as to have their personal data erased or blocked, except in the case of mandatory processing.
  2. Upon request by the user the data controller shall provide information about data processed by them or by the data processor acting on their behalf, the source of such data, the purpose, legal basis and duration of data processing, name, address of the data processor and their activities related to data processing, and, in case of transmission of the personal data of the data subject, the legal basis and the recipient of data transmission.
  3. For the purpose of verifying the lawfulness of data transmission, as well as to inform data subjects, the data controller shall keep a data transmission register containing the date of the transmission of personal data processed by them, the legal basis and the recipient of such data transmission, definition of the set of transmitted personal data, as well as other data specified in the legislation that provides for the data processing.
  4. Upon the data subject’s request, the Data Controller shall provide information as soon as possible after the submission of the request, or at the latest within 30 days in writing, in a clearly understandable form. Information shall be provided free of charge.
  5. Upon request by the user, Service Provider provides information about data processed by them, the source of these data, the purpose, legal basis and duration of data processing, name, address of the eventual processor and their activities related to data processing, and, in case of transmission of the personal data of the data subject, the legal basis and the recipient of data processing. The Service Provider shall provide information as soon as possible after the submission of the request, or at the latest within 30 days in writing, in a clearly understandable form. The provisions of information is free.
  6. If the personal data are incorrect, and the correct personal data are available to the Data Controller, the personal data shall be rectified by the Service Provider.
  7. Instead of erasure, the Service Provider will block the personal data at the User’s request, or if available information suggests that the deletion of the data would harm the legitimate interests of the User. Personal data blocked in this way may only be processed as long as the purpose of the data processing excluding erasure exists.
  8. The Service Provider shall erase personal data if processing is unlawful; at the User’s request; if processed data is incomplete or inaccurate – and such condition cannot be remedied in a lawful way – provided that such erasure is not excluded by law; if the purpose of data processing no longer exists, or if the period for data storage specified by legislation expired; or if ordered by the Court or the National Authority for Data Protection and Freedom of Information.
  9. The data controller shall mark the processed data if the data subject disputes their correctness or accuracy, while such incorrectness or inaccuracy may not be clearly ascertained.
  10. The data subject and all other parties shall be notified on the rectification, blockage and erasure of data, to whom the such data had been transmitted for the purposes of processing. Notification may be omitted if this does not violate the legitimate interest of the data subject with respect to the purpose of the data management.
  11. If the data controller fails to fulfil the data subject’s request for rectification, blocking or erasure, the controller shall be obliged to advise the data subject in writing within 30 days upon the receipt of the request on the factual and legal causes of the rejection of the rectification, blockage or erasure request thus submitted. In the event if compliance with the rectification, erasure or blockage request thus submitted by the data subject is withheld by the data controller, so the same controller will be under obligation to advise the subject on the available appeal procedures and legal remedies offered by the courts or the administrative authority.
  1. Legal remedies
  1. The User may object to the processing of their personal data, if
  2. a) processing or transmission of personal data is required only to fulfil a legal obligation applicable to the Service Provider, or to pursue the legitimate interests of the Service Provider, data recipient or a third party, except when data processing is required by the law;
  3. b) the purpose of use or transfer of personal data is direct marketing, opinion polling or scientific research;
  4. c) in another case set out by the law.
  5. The Service Provider shall examine the objection as soon as possible but no later than 15 days after its submission, then it shall make a decision on its soundness, and inform the data subject about its decision. If based on the findings of the data controller the data subject’s objection is justified, the data controller shall terminate all processing operations (including further data collection and transmission), block the data involved and notify all recipients to whom any of these data had previously been transferred concerning the objection and the ensuing measures, upon which these recipients shall also take measures regarding the enforcement of the objection.
  6. If the User disagrees with the decision made by the Service Provider, they can challenge it in court within 30 days of its notification. Such court proceedings shall be conducted under priority.
  7. A potential infringement by the data controller may be reported to the National Authority for Data Protection and Freedom of Information:

National Authority for Data Protection and Freedom of Information, 1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Mailing address:1530 Budapest, PO Box: 5.

Telephone:+36-1-391-1400

Fax:+36-1-391-1410

Email: ugyfelszolgalat@naih.hu

  1. Judicial enforcement
  1. The controller shall be obliged to prove that the processing complies with the provisions laid down in legislation. The data recipient shall be obliged to prove the legality of data transmission.
  2. The lawsuit shall be conducted by the tribunal. At the data subject’s own discretion, the lawsuit may be brought to the court of the domicile or place of residence of the data subject.
  3. Any person who otherwise does not have the capacity to be a party may be a party to the court action. The Authority may intervene in the action in order to facilitate the success of the data subject.
  4. If the court upholds the claim, it shall oblige the controller to provide information; rectify, block or erase the personal data; annul the decision made through automated processing; take into account the right of the data subject to objection; and to issue the data requested by the data recipient.
  5. If the court rejects the claim by the data recipient, the data controller shall be obliged to erase the personal data of the data subject within 3 days of the notification of the judgement. The data controller shall be obliged to delete personal data even if the data recipient does not go to court within the specified time limit.
  6. The court may order the publication of its judgement so as to disclose the identification data of the data controller, if required in the interests of data protection and by the protected rights of a large number of data subjects.
  1. Damages and grievance award

The data controller shall be liable for compensating any damage which another person may suffer as a result of unlawful processing of the personal data of the data subject or of breaching data security requirements.

  1. The controller shall be liable for paying a grievance award for the violation of personality rights of the data subject as a result of unlawful processing of the personal data of the data subject or of breaching data security requirements.
  2. The data controller shall bear liability towards the data subject for the damage caused by the data processor, and the data controller shall pay to the data subject a grievance award in the event of a violation of personality rights caused by the data processor. The controller shall be exempted from liability for damage and from the obligation to pay the grievance award if they prove that the damage or the violation of the data subject’s personality rights occurred as a consequence of an unavertable reason falling outside the scope of processing.
  3. Damages shall not be paid and a grievance award shall not be claimed if the damage was due to the intentional or grossly negligent conduct of the person suffering the damage, or if the infringement of the personality rights arose from the intentional or grossly negligent conduct of the data subject.
  1. Afterword

While drawing up this privacy statement the following legislation was taken into consideration:

– Act CXII of 2011 on the right of informational self-determination and the freedom of information (hereinafter referred to as ‘Infotv.’)

– Act CVIII of 2001 on certain aspects of electronic commerce and information society services – Elkertv. – (in particular Article 13/A)

– Act XLVII of 2008 on the prohibition of unfair commercial practices against consumers;

– Act XLVIII of 2008 on essential conditions of and certain limitations to business advertising activity (in particular Article 6)

– Act XC of 2005 on the freedom of information by electronic means

– Act C of 2003 on electronic communications (Article 155, in particular)

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL