Privacy Policy

Effective date: 01 May 2023

  1. PREAMBLE, OBJECTIVE OF THE RULES
    1. DATAPAO Korlátolt Felelősségű Társaság (Seat: HU-1061 Budapest, Paulay Ede utca 56. 3. em. 15. ajtó; Registration number: 01-09-389494; VAT number: 25710177-2-42; hereinafter “Company” or “DATAPAO”) operates websites to grant access to the services of DATAPAO and to keep in touch with the users (hereinafter: “Website“). 
    2. During its activity the Company processes personal data defined in Article 4, point (1) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR“) originated from the Companies clients, recipients of its marketing messages and visitors to its facilities, as well as other data subjects. These rules and information on data protection (hereinafter: “Rules”) include the conditions of data processing of the Company of these personal data. 
    3. DATAPAO and the Website are owned and operated by the Company. 
    4. The Company, as data controller, subjects itself to the contents of these Rules, furthermore undertakes liability to that all the data management connected to its activities shall be compliant to the requirements specified in these Rules and the valid Hungarian and EU legal regulations.
    5. The objective of these Rules is that the processing of personal and incidental sensitive data
      1. necessary for using the services of DATAPAO and services connected to the Website, 
      2. necessary for the popularization of DATAPAO via the Website, and
      3. necessary for the activity of the Company
    6. should take place pursuant to the provisions of the prevailing Hungarian and EU legal regulations on data protection. The objective of these Rules furthermore is that the Company previous to the processing of personal data to provide clear and detailed information on all facts relating to the processing of personal data, especially the purpose and legal basis of the data processing, the persons authorized to process and manage the data, the duration of the data processing, and to determine who can access the data and which rights and remedies are available for the data subject.
    7. Furthermore, the objective of these Rules is that in the whole scope of services provided by the Company, the user can be assured of that – regardless of the user’s sex, nationality or home address – the user’s rights and basic rights of freedom, such as especially their right to private life will be respected while their personal data is processed electronically (data protection). The Company shall process the recorded personal data in confidence, by complying with the legal regulations and international recommendations on data protection and these Rules on data protection.

  1. INTERPRETATION OF THE RULES, DEFINITIONS
    1. These Rules shall be interpreted based on the principles of the English language in consideration of the general legal principles of the Hungarian civil law. When interpreting these Rules, the words and phrases written in capital letters shall have the meaning conferred to them on their first place of appearance in the Rules – independently of their tense, mode and case, or whether they are singular or plural. 
    2. In harmony with the provisions of Act CXII of 2011 on the right to possess personal data and the freedom of information (hereinafter: “Info Law”) and the regulation of GDPR where it cannot be interpreted otherwise based on the context, the terms used in lowercase letters in these Rules shall mean the following:
data subject/userinformation, statement, method of appearance, aimed at promoting the sales or other usage of marketable movables that can be possessed – including money, securities and financial assets and natural resources that can be utilized as things – (hereinafter jointly: the product), services, real estates, rights constituting asset value (hereinafter all of these jointly: goods) or, in connection with this objective, aimed at popularizing the name, trademark, activities of the corporation or goods or brands
business advertisementinformation, statement, method of appearance, aimed at promoting the sales or other usage of marketable movables that can be possessed – including money, securities and financial assets and natural resources that can be utilized as things – (hereinafter jointly: the product), services, real estates, rights constituting asset value (hereinafter all of these jointly: goods) or, in connection with this objective, aimed at popularising the name, trademark, activities of the corporation or goods or brands
controllerfulfilling technical tasks connected to data processing operations independently of the method and tools used for their realization and the place of usage, provided that the technical tasks are realized with data
consent/ approvalof the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to them
data processingmeans any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
data managementfulfilling technical tasks connected to data processing operations independently of the method and tools used for their realization and the place of usage, provided that the technical tasks are realized with data;
destructionthe complete physical destruction of data carrier containing the data
data transfermaking the data available to a specified third party
data erasuremaking data unrecognizable in a way that their restoring is not possible any longer
data blockingproviding data with identification marking in order to limit its further management definitely or for a specified period; instead of erasure, the Company blocks the data where the definite erasure of the data would breach the lawful interests of the data subject; blocked data shall be treated exclusively as long as the objective of data management exists, which excluded the erasure of the personal or sensitive data
disclosuremaking the data available to anyone
event/conferenceany event organized by any person on which the services of DATAPAO are used
objectionthe statement of the data subject by objecting to the processing of its personal data and by which it requests the erasure of the processed data
personal datathe statement of the data subject by objecting to the processing of its personal data and by which it requests the erasure of the processed data
personal data breachmeans a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed
personal identification datathe first and last name, maiden name, of the data subject, its sex, place and date of birth, its mother’s birth first name and last name, permanent address, place of stay, social security identification mark jointly or any of them which is or may be suitable for identifying the data subject
pseudonymizationmeans a natural or legal person, public authority, agency, or other body which manages personal data on behalf of the controller;
processormeans a natural or legal person, public authority, agency or other body which manages personal data on behalf of the controller;
profilingmeans any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular, to analyze or predict aspects concerning that natural person’s performance at personal preferences, interest, behavior
registrationis the procedure with which the user creates their own profile on the Website
sensitive datapersonal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation
supervisory authoritymeans the authority which is responsible for personal data and the freedom of information in Hungary, the Nemzeti Adatvédelmi és Információszabadság Hatóság (Hungarian National Authority for Data Protection and Freedom of Information; address: 1055 Budapest, Falk Miksa utca 9-11.; mail address: 1363 Budapest, Pf 9.)
third partymeans a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
  1. If it is not concluded differently from the text otherwise:
    1. reference to any legal regulations in these Rules includes the incidental later modified, expanded, uniform structure of the legal regulation in question;
    2. in these Rules the titles and paragraph numbers serve exclusively reference and they shall be considered only together with the interpretation of the text of these Rules;
    3. all references to a person in these Rules mean reference to any person, company, association, government, state, state institution or authority;
    4. any of the provisions of these Rules shall not be interpreted in a way that it would exclude the liability or legal remedy for fraudulent statements or procedures or statements or procedures made or initiated in bad faith.

  1. NAME AND CONTACT INFORMATION OF THE CONTROLLER
    1. Name of the Company as controller: DATAPAO Korlátolt Felelősségű Társaság
    2. Seat of the controller: HU-1061 Budapest, Paulay Ede utca 56. 3. em. 15. ajtó
    3. Mail (postal) address of the controller: HU- 1061 Budapest, Paulay Ede utca 56. 3. em. 15. ajtó
    4. Registration number of the controller: 01-09-389494
    5. VAT number of the controller: 25710177-2-42
    6. E-mail address of the controller: [email protected]

The data subject shall acknowledge that the Company will receive only the questions, complaints of the data subject relating to their own data processing or to these Rules at the above email address.

  1. PRINCIPLES RELATING TO PROCESSING OF PERSONAL DATA
    1. The Company shall use and store the personal data provided by the data subject lawfully, fairly and in a transparent manner only for specified purposes determined in these Rules.
    2. The personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
    3. The process of the personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
    4. The processed personal data shall be accurate and, where necessary, kept up to date. Every reasonable step must be taken by the Company to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
    5. The processed personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. 
    6. The personal data shall be processed by the Company in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
    7. The Company shall process the personal data provided by the data subject only for the realization of the purposes specified in these Rules. 
    8. Where the data subject is a child below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorized by the holder of parental responsibility over the child. The Company shall make reasonable efforts to verify in such cases that consent is given or authorized by the holder of parental responsibility over the child, taking into consideration available technology.
    9. The Company shall be responsible for and be able to demonstrate compliance with the provisions of this paragraph.

  1. OBJECTIVE OF DATA PROCESSING, PURPOSES OF PROCESSED DATA, AND DURATION OF DATA PROCESSING
    1. Newsletters
      1. You can subscribe to DATAPAO’s newsletter on our website. If you have agreed to receive a newsletter, we will use your e-mail address and other personal data optionally provided on the filled-in form to send you information about our news. The data provided is processed by DATAPAO for the purpose of sending the newsletter.
      2. The legal basis for data processing in the context of sending the newsletter is your voluntary, express consent according to Article 6, Paragraph 1, Point a) of the GDPR.
      3. The purpose of processing the personal data you gave us is that the Company can provide online communication between you and the Company.
      4. Consent shall be given providing the required personal data and checking the “checkbox”.
      5. We process personal data until you unsubscribe from the newsletter but for a maximum of 5 years from the date of consent.
    1. Contact us
      1. You have the opportunity to contact us through the form on our website with the aim of possible future cooperation, in which form you provide DATAPAO with the following information: first and last name; company name, role (company role or title); e-mail; phone number.
      2. The legal basis for data processing in the context of contacting you is your voluntary, express consent according to Article 6, Paragraph 1, Point a) of the GDPR.
      3. The purpose of processing the above-listed personal data is that the Company can provide online communication between the data subjects and the Company.
      4. When you contact us and send your request for future cooperation, the consent shall be given by providing the required personal data and sending the request.
      5. The personal data will be processed until you withdraw your consent, but at the latest for 1 year from the date of consent.
    2. Data processing on the Website of the Company
      1. The system used by the Company will identify the Website user by so-called cookies. In order that all contents of the Website can be viewed, the user should approve the cookies. Therefore, when downloading certain parts of the Website, cookies will be placed on the user’s computer, which are necessary for the operation of each function of DATAPAO and the Website. Cookies are small text files, which are saved by the computer and the browser and the user will not receive any information on that from the Company. Cookies are not suitable for identifying the person of the user and they live only during the session. The objective of the Company with placing the cookies is to send essential information to the visitors in a targeted way. The above information shall be used by the Company exclusively for the operation of DATAPAO and the Website and statistical purposes.
      2. The user shall acknowledge that by using DATAPAO and the Website, the user approves expressly that DATAPAO and the Website uses cookies for marketing (remarketing), by the aid of which the Company can send customized advertisements to the users via the Internet. The User can prohibit the usage of the above cookies on the advertisement setting page of Google.
      3. While browsing the Website, technical information is recorded (e.g. in the form of log files, which include the user’s IP address, the date and time, the URL of the visited page). The system logs such information continuously, but it will not connect it to the information provided during usage. The users will not but only the Company will access to information collected in this way. The Company shall use the above information exclusively for the technical operation and for statistical purposes of DATAPAO and the Website.
      4. At specified frequency, the Company may send to the users newsletters, email messages, geo-localization messages, and marketing and advertisement messages on the operation of the Website, the conditions of using the services and in connection with the services. By accepting these Rules, the user approves expressly that the Company sends messages as specified above. While using the Website, the user shall be entitled to withdraw the above approval at any time – by clicking on the correct icon of the Website.

  1. GENERAL REGULATIONS OF DATA PROCESSING
    1. The Company informs the data subject that no process of sensitive data takes place.
    2. It is the voluntary decision of the data subject whether or not to give the personal data included in paragraph 5 of the Rules to the Company but without the recording of personal data specified above most of the services provided by the Company cannot be used by the data subject. In case the data subject gives the data of a third party while using the services of the Company or in case the data subject causes any harm, the Company shall be entitled to claim compensation for damages from the data subject. The Company will not verify the personal data given to the Company. Exclusively, the person providing the data shall be liable for the authenticity and accuracy of the provided data. Any data subject, when providing its e-mail address shall undertake liability for that only this person that has provided the contact information will use the services from the e-mail address.
    3. The Company may request the data subject to provide other personal data as well subject to the condition that the Company shall specify the purpose of data processing before requesting so. Recording personal data shall be voluntary in each case and if certain personal data is not provided this fact shall not influence the services provided by the company. 
    4. Should the Company process personal data of the data subject pursuant to any provisions of laws, then the Company shall inform the data subject on such data management operation, the purpose and duration of the operation before executing the – by also specifying the legal reference. Before requesting any personal data, the Company shall inform the data subject that the provision of the data in question is voluntary and based on the approval of the data subject or it is compulsory and is based on legal regulations.
    5. The Company shall be entitled to use the personal data in a way that the data shall be deprived of its relationship to the data subject and for statistical purposes. The Company undertakes that it will be impossible to connect such data to any of the data subjects after their statistical processing.
    6. Where processing is based on consent, the data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. The processing shall be continued if there is any other legal basis of data processing. 

  1. ACCESS TO THE PROCESSED DATA, DATA MANAGEMENT AND DATA TRANSFER
    1. Access to the processed data
      1. Primarily the Company and the internal employees of the Company shall be entitled to know the personal data and they shall not publish or disclose the personal data to any third parties and they shall use the personal data for the purposes specified in the Rules. 
      2. Within the scope of operation of its information system, the Company may use the services of a data processor person (e.g. system operator, system administrator.
      3. The Company shall be entitled to transfer the data subject’s personal data to its subcontractors. Before selecting its partners, the Company prepared such selections with utmost care. Such partners shall treat the confidential information acknowledged by them when fulfilling their liabilities and providing their services, subject to the provisions of legal regulations.
    2. Data management
      1. The controller shall use only processors providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of GDPR and ensure the protection of the rights of the data subject.
      2. Processing by a processor shall be governed by a contract or other legal act, that is binding on the processor with regard to the controller and that sets out the subject matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects and the obligations and rights of the controller.
      3. The processor shall not process personal data except on instructions from the controller, unless required to do so by Union or Member State law.
      4. The Company will not keep or manage any personal data on its own server. The below-listed, cloud-based processors will manage personal data on behalf of the Company:
Name and seat of processorTask of processorManaged personal data
HubSpot, Inc., Two Canal Park, Cambridge, MA 02141 USACRM, stores and calculates data collected through website visits, newsletter subscriptions, download requests, contact forms, e-mail consumption, and one-on-one communication to create a bespoke, personalized and enhanced experience between visitors and DATAPAO.name, work e-mail, job title, work phone, message, and consent set by the website visitor
cookie preferences, website visit characteristics, content consumption characteristics
e-mail consumption characteristics
one-on-one communications characteristics
SiteGround Spain S.L. Calle de Prim 19, 28004 Madrid, Spainwebsite hosting, stores and sends data collected through newsletter subscriptions, download requests, and contact formsname, work e-mail, job title, work phone, message, and consent set by the website visitor
WordPress
Aztomattic Inc.
60 29th Street #343
San Francisco, CA 94110
United States of America		website engine, stores and sends data collected through newsletter subscriptions, download requests, and contact formsname, work e-mail, job title, work phone, message, and consent set by the website visitor
WebGrow Kft. Irányi Dániel street 5. 7400 Kaposvár, Hungarywebsite maintenance and technical supportname, work e-mail, job title, work phone, message, and consent set by the website visitor
  1. The data controlling’s procedure of processors detailed rules are included in the concerned’s own Privacy Policy or Cookie Policy which are available on its Website.
  2. The Company reserves the right to use other processors for managing the personal data in the future. In this case, the Company is obliged to inform the data subjects by sending them the modified Rules in which the new processors are listed. 
  3. The Company shall not transfer personal data to a third country or an international organization.

  1. DATA SECURITY
    1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: 
      1. the pseudonymization and encryption of personal data; 
      2. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; 
      3. the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; 
      4. a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
    2. The Company shall take all the measures necessary for ensuring the safety of personal data given by the data subjects on the Website during network communication, data storage and guarding. Access is strictly limited to personal data in order that illegal learning, illegal change and usage of personal data can be prevented. The information system and network of the Company are protected appropriately against fraud, spying, sabotage, vandalism, fire, flood, computer bugs, computer breaking that might take place during computer usage.
    3. When processing data, the Company shall preserve (1) secrecy: the Company protects personal data in a way that access to it can be possible to persons that are authorized to do so; (2) integrity: The Company protects the integrity and the accuracy of processing of personal data.

  1. RIGHTS OF THE DATA SUBJECT 
    1. Right of information and access to personal data
      1. The data subject shall have the right to obtain from the Company confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information
        1. the purposes of the processing;
        2. the categories of personal data concerned; 
        3. the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations; 
        4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; 
        5. the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; 
        6. the right to lodge a complaint with a supervisory authority; 
        7. where the personal data are not collected from the data subject, any available information as to their source; 
        8. the existence of automated decision-making, including profiling, referred and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
      2. Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards pursuant relating to the transfer.
      3. The Company shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form. 
    2. Right of rectification of personal data
      1. The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
    3. Right of erasure of personal data (“right to be forgotten”)
      1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
        1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; 
        2. the data subject withdraws consent on which the processing is based according to point, and where there is no other legal ground for the processing; 
        3. the data subject objects to the processing pursuant;
        4. the personal data have been unlawfully processed; 
        5. the personal data have to be erased for compliance with a legal obligation in EU or Hungarian law to;
        6. the personal data have been collected in relation to offer of information society services directly to a child.
      2. Where the controller has made the personal data public and is obliged pursuant to the above mentioned to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
      3. Erasure shall be refused (i) for exercising the right of freedom of expression and information; (ii) for compliance with a legal obligation which requires processing by law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; (iii)  for reasons of public interest in the area of public health; (iv)  for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes likely to render impossible or seriously impair the achievement of the objectives of that processing; or (v) for the establishment, exercise or defense of legal claims. 
    4. Right to restriction of processing
      1. The data subject shall have the right to obtain from the Company restriction of processing where one of the following applies:
        1. the accuracy of the personal data is contested by the data subject, for a period enabling the Company to verify the accuracy of the personal data; 
        2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
        3. the Company no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims; 
        4. the data subject has objected to processing pursuant pending the verification whether the legitimate grounds of the controller override those of the data subject.
      2. Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the EU or of Hungary.
      3. A data subject who has obtained restriction of processing shall be informed by the Company before the restriction of processing is lifted.
    5. Right to data portability
      1. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where: 
        1. the processing is based on consent or on a contract pursuant; and
        2. the processing is carried out by automated means. 
    6. Right to object
      1. The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6 (1) of GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. 
      2. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. 
      3. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes. 
      4. At the latest at the time of the first communication with the data subject, the right mentioned above shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information. 
      5. The data subject may exercise his or her right to object by automated means using technical specifications. 
      6. Where personal data are processed for scientific or historical research purposes or statistical purposes, the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
    7. Notification obligation regarding rectification or erasure of personal data or restriction of processing
      1. The controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.
    8. The data subject can exercise his/her above listed rights through one of the following contact methods:
      • Name: DATAPAO Korlátolt Felelősségű Társaság
      • Seat: HU-1061 Budapest, Paulay Ede utca 56. 3. em. 15. ajtó
      • E-mail: [email protected]
  1. AUTOMATED INDIVIDUAL DECISION-MAKING, PROFILING
    1. The Company informs the data subject that it operates profiling activities.
    2. Natural persons may be associated with online identifiers provided by their devices, applications, tools, such as cookie identifiers. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may used to create profiles of the natural persons and identify them.
    3. The data subject is entitled to object to profiling whether with regard to initial or further processing, at any time and free of charge.

  1. OBLIGATIONS OF THE DATA SUBJECT
    1. The data subject shall provide true, authentic personal data and – if any of the pieces of data is changed – shall correct the personal data or ask the Company to correct the information. 
    2. The Company, without any further notice, reserves the right to itself to erasure the data of a data subject that abuses the personal data of another person.

  1. RECORDS OF PROCESSING ACTIVITIES
    1. The Company shall be obliged, and the Company representative shall maintain an electronic record of processing activities under its responsibility. That record shall contain all of the necessary information prescribed in GDPR and Info Law.
    2. The Company and the Company representative shall make the record available to the supervisory authority on request.

  1. PERSONAL DATA BREACH
    1. In the case of a personal data breach, the Company shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay
    2. When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Company shall communicate the personal data breach to the data subject without undue delay.
    3. The communication to the data subject shall not be required if any of the following conditions are met: 
      1. the Company has implemented appropriate technical and organizational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorized to access it, such as encryption; 
      2. the Company has taken subsequent measures which ensure that the high risk to the rights and freedoms of data subjects are no longer likely to materialize; 
      3. it would involve disproportionate effort. In such a case, there shall instead be a public communication or similar measure whereby the data subject is informed in an equally effective manner.
      4. If the Company has not already communicated the personal data breach to the data subject, the supervisory authority, having considered the likelihood of the personal data breach resulting in a high risk, may require it to do so or may decide that any of the conditions referred to in clause 12.3. are met.

  1. LEGAL REMEDY
    1. If the data subject considers that the Company by the data processing realized by itself breached these Rules or the prevailing legal regulations, then, in order to stop the presumed unlawful data processing, the data subject shall contact Nemzeti Adatvédelmi és Információszabadság Hatóság (Hungarian National Authority for Data Protection and Freedom of Information /address: 1055 Budapest, Falk Miksa utca 9-11.; mail address: 1363 Budapest, Pf.:9./).
    2. The data subject shall be entitled to initiate a legal procedure against the Company where it considers that the rights regulated the Rules are breached by the Company. The court shall act in urgency. The tribunal shall have jurisdiction in the litigation – according to the data subject’s decision – based on the home address of the data subject or the seat of the Company. 

  1. MODIFICATION, INTERPRETATION
    1. With sending electronic notice to the data subject – the Company reserves the right to itself to modify these Rules unilaterally.
    2. The Company states that all the modifications of the Rules will be compliant to the provisions on data protection of the legal regulations in effect on the date of modification.
    3. The Company states that the Rules must be interpreted in harmony with the legal regulations in effect on the date of interpretation of the Rules. Should there be discrepancies between the Rules and the legal regulations in effect, the provisions of the legal regulations in effect shall be ruling.