Moving is your growing
movingisyourgrowing@gmail.com
+36304820428
en
Moving is your growing

Terms of Conditions

Introduction

Nóra Zsuzsa Török, sole proprietor, Registration number: 56764189 (hereinafter: Service Provider, Data Controller) submits to the following information notice.

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), we provide the following information.

Data Controller and Contact Information:

Name: Nóra Zsuzsa Török, sole proprietor
Registered Address: Hungary, 4032 Debrecen, Jerikó Street 36. 6th floor, door no. 53
Phone Number: +36 30 482 0428
Email Address: norioktatas@gmail.com

Data Protection Officer Contact Information:

Name: Nóra Zsuzsa Török, sole proprietor
Registered Address: Hungary, 4032 Debrecen, Jerikó Street 36. 6th floor, door no. 53
Phone Number: +36 30 482 0428
Email Address: norioktatas@gmail.com

1. Definitions:

  1. "Personal data": Any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  2. "Processing": Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

  3. "Controller": The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

  4. "Processor": A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

  5. "Recipient": A natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

  6. "Consent of the data subject": Any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

  7. "Personal data breach": A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

2. Principles Followed During Data Processing

The Service Provider:

  • Processes personal data lawfully, fairly, and in a transparent manner for the data subject.

  • Collects personal data only for specified, explicit, and legitimate purposes and does not process it in a manner incompatible with those purposes.

  • Further processing for archiving in the public interest, scientific or historical research purposes, or statistical purposes shall not be considered incompatible with the initial purposes (Article 89(1)).

  • Ensures that collected and processed personal data are adequate, relevant, and limited to what is necessary.

  • Takes all reasonable steps to ensure that personal data it processes is accurate and, where necessary, kept up to date; inaccurate personal data is erased or rectified without delay.

  • Stores personal data in a form which permits identification of data subjects for no longer than necessary for the purposes for which the personal data are processed.

  • Ensures appropriate security of personal data through appropriate technical and organizational measures to protect against unauthorized or unlawful processing, accidental loss, destruction, or damage.

  • Processes personal data based on prior informed and voluntary consent of the data subject or on statutory authorization, and only to the necessary extent and always in a purpose-specific manner.

  • Reminds every person providing personal data (data subject) that if they provide data not of their own, they are responsible for obtaining consent from the concerned data subject.

In cases of processing based on voluntary consent, the data subject can withdraw their consent at any stage of the data processing.

In some cases, processing of data is based on legal obligations and is mandatory. The Service Provider will specifically draw attention to such cases.

Furthermore, in certain situations, data processing is necessary for the legitimate interest of the Service Provider or a third party, such as for website operation, development, and security.

3. Principles for Processing Personal Data:

Personal data must be:

a. Processed lawfully, fairly, and in a transparent manner in relation to the data subject ("lawfulness, fairness and transparency");

b. Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered incompatible ("purpose limitation");

c. Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed ("data minimization");

d. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that inaccurate personal data are erased or rectified without delay ("accuracy");

e. Kept in a form which permits identification of data subjects for no longer than necessary. Longer storage is permitted only for archiving in the public interest, scientific or historical research purposes, or statistical purposes subject to appropriate safeguards ("storage limitation");

f. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures ("integrity and confidentiality").

The controller is responsible for and must be able to demonstrate compliance with these principles ("accountability").

4. Ways Personal Data is Collected

Personal data of the data subject may enter our system in two ways:

  • The data subject may voluntarily provide their name, contact details, or other information when initiating personal contact with the Service Provider via the website.

  • Technical data automatically generated by the computer system related to the internet connection used by the data subject, such as the computer, browser, IP address, visited pages, etc.

During system operation, technically recorded data include the login computer's details, which the system automatically logs as part of technical processes. These automatically recorded data are not linked to other personal user data, except as required by law. Only the website https://nora-torok.webnode.hu has access to this data.

5. Technical Background of Data Processing

The Service Provider selects and operates the IT tools used in the provision of services in a manner that ensures that the processed data:

  • Is accessible to those authorized (availability);

  • Is authentic and its authenticity is verifiable (authenticity);

  • Has its integrity protected (data integrity);

  • Is protected against unauthorized access (confidentiality).

The Service Provider protects the data against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental loss.

The Service Provider ensures data processing security through technical, organizational, and operational measures appropriate to the risks.

The Service Provider ensures:

  • Confidentiality: only authorized persons can access the information;

  • Integrity and Availability: continuous confidentiality, integrity, availability, and resilience of processing systems and services;

  • Availability: the data is accessible when required by authorized users;

  • Restoration capability: ability to restore availability and access to personal data in a timely manner in the event of a physical or technical incident;

  • Evaluation procedure: regular testing, assessment, and evaluation of the effectiveness of technical and organizational measures to ensure the security of processing.

The Service Provider reminds data subjects that data transmission over the internet cannot be considered entirely secure. The Service Provider does everything possible to make processes secure but cannot take full responsibility for data transmission through the website. However, it applies strict rules to incoming data to ensure security and prevent unlawful access.

For security reasons, data subjects are asked to safeguard their access passwords to the Service Provider's website and not to share them with anyone.

6. Data Subject's Consent

Please carefully read this Notice before using the Service Provider's services.

The Service Provider informs the Data Subject that the data processing is based on the Data Subject's consent. The Data Subject provides personal data voluntarily during registration or communication with the Service Provider.

The Data Subject is required to provide their personal data if they wish to receive newsletters, free e-books, method guides, etc., or if they want to register on the Service Provider's websites.

Therefore, the Service Provider requests that the Data Subject ensures the accuracy, correctness, and truthfulness of the data provided, as the Data Subject is responsible for them. Incorrect, inaccurate, or incomplete data may hinder access to the services.

The Service Provider informs the Data Subjects that if the provision of personal data is required by law or contractual obligation, or is a precondition of entering into a contract, then the Data Subject is obliged to provide the personal data specified in this Notice. Otherwise, the Service Provider cannot provide the services.

The Service Provider specifically draws the Data Subject's attention to the fact that if the Data Subject has given consent to any data processing described in this Notice, they are entitled to withdraw that consent at any time as detailed in this Notice, either:

  • by withdrawing consent to the processing of their personal data, or

  • by withdrawing or requesting the blocking of consent given for the processing or use of any data that must be filled out during registration.

For technical reasons, the Service Provider undertakes to register the withdrawal of consent within 10 days, but it also draws the Data Subject's attention to the fact that it may continue processing certain data after consent withdrawal in order to fulfill legal obligations or assert legitimate interests.

Age-related Conditions:

  • Only persons who have reached the age of 16 may provide personal data.

  • For minors under the age of 14 and otherwise legally incapacitated individuals, consent must be provided by their legal representative.

  • Minors aged 14 to 16 and otherwise partially incapacitated individuals may only give consent with the agreement or subsequent approval of their legal representative.

  • A minor aged 16 or over may give consent independently, without the legal representative's consent or approval.

As the Service Provider is not in a position to verify the eligibility of the Data Subject or review the content of a legal representative's statement, the Data Subject or their legal representative guarantees that the consent complies with legal requirements. If the Data Subject provides another person's personal data, the Service Provider assumes that they are duly authorized to do so.

In cases of misleading use of personal data, criminal acts, or attacks against the Service Provider's system, the Service Provider will immediately delete the user's registration and personal data, or—if necessary—retain them for the duration of civil or criminal proceedings.

7. Data Subject's Information on the Processing of Personal Data

1. General Principles

The Data Subject may:

  • request information on data processing,

  • request correction, modification, or supplementation of personal data,

  • object to data processing and request the deletion or blocking of data (except for mandatory data processing),

  • seek legal remedy in court,

  • file a complaint or initiate proceedings with the supervisory authority:
    https://naih.hu/panaszuegyintezes-rendje.html

Upon request, the Service Provider provides information on:

  • the personal data it processes or that are processed by the data processor(s) it engages,

  • the source of the data,

  • the purpose and legal basis of the data processing,

  • the duration of the data processing, or, if not possible, the criteria used to determine this duration,

  • the names, addresses, and activities related to data processing of any data processors,

  • the circumstances, effects, and the measures taken to prevent or address data protection incidents,

  • and in case of data transfers, the legal basis and the recipients of the transferred data.

The Service Provider informs the Data Subject and any recipients of forwarded data about the correction, blocking, marking, or deletion of the personal data, unless this would not violate the Data Subject's legitimate interest.

Upon request, verbal information may also be provided, provided that the Data Subject's identity is confirmed. The Service Provider may not refuse to fulfill a request to exercise the Data Subject's rights unless it proves that it cannot identify the Data Subject. If the Service Provider has reasonable doubts about the identity of the applicant, it may request additional information to confirm it.

The Service Provider may refuse a request if it proves that processing is justified by compelling legitimate grounds that override the interests, rights, and freedoms of the Data Subject or are related to the establishment, exercise, or defense of legal claims.

If the Data Subject disagrees with the Service Provider's decision or if no decision is made within the timeframe specified in section 2, the Data Subject may appeal to the court within 30 days from the last day of the deadline.

Data protection lawsuits fall under the jurisdiction of the regional courts and can be initiated either at the Data Subject's place of residence or place of stay. Foreign nationals may file complaints with the supervisory authority competent at their place of residence.

Before contacting the authority or court, we kindly ask you to contact the Service Provider to resolve any issues more efficiently.

2. Response Deadlines

The Service Provider shall provide information without undue delay and within one (1) month of receiving the request. If necessary, taking into account the complexity and number of requests, this deadline may be extended by two (2) additional months. The Service Provider will notify the Data Subject of any extension and its reasons within 1 month of receipt of the request. If the request was made electronically, the reply should also be provided electronically, unless otherwise requested.

If the Data Subject objects to the processing of personal data, the Service Provider must assess the objection as soon as possible, but within 10 days (no later than 1 month), and notify the Data Subject in writing of the decision. If the objection is justified, the Service Provider will cease data processing (including collection and transmission), block the data, and notify all recipients of the personal data of the objection and measures taken.

If the Service Provider does not fulfill a request for correction, blocking, or deletion within 10 days (no later than 1 month), it must inform the Data Subject in writing (with consent, electronically) of the reasons for the refusal and the Data Subject's options for judicial or supervisory authority remedies.

If the Service Provider does not act on the request, it must inform the Data Subject without delay, but no later than 1 month from the request, of the reasons for not taking action and the legal remedies available under this Notice. No fees are charged for providing information, but if a request is clearly unfounded or excessive (especially repetitive), the Service Provider may charge a reasonable fee or refuse to act.

Information is provided free of charge unless the Data Subject has already submitted a similar request concerning the same data set during the same year. Fees already paid will be refunded if the data processing was unlawful or if the information request led to correction. Information may only be refused in cases provided by law, with reference to the legal basis and available legal remedies.

8. Scope of Data Transfers

Employees and collaborators involved in the Service Provider's data processing or data processing activities may access personal data to a predefined extent and are bound by confidentiality obligations.

The Service Provider may only transfer Data Subject's personal data as permitted by law. It ensures, through contractual obligations with data processors, that personal data is not used for purposes inconsistent with the Data Subject's consent.

The purpose of data transfers is to provide high-quality service to customers, enable access to the website, and ensure proper operation of the business.

The data transfer applies to all personal data provided by the Data Subject.

The duration of data processing and the deadline for deletion is until the termination of the agreement with the third-party service providers or the fulfillment of a deletion request initiated by the Data Subject.

Any changes in the data processors will be reflected in this Notice.

9. Data Processing

1. Nature of data collection, scope of processed data, and purpose of data processing:

  • Full Name: Necessary for contacting the user, participation in yoga and movement development sessions, and issuing a proper invoice.

  • Email Address: For communication purposes.

  • Phone Number: For communication and more efficient handling of billing-related matters.

  • Billing Name and Address: For issuing a proper invoice, creating a contract, defining its content, modifying it, monitoring its fulfillment, invoicing related fees, and enforcing related claims.

  • Mother's Name, Date and Place of Birth, Birth Name: Required when the User has limited legal capacity, provided by the legal representative.

Neither the username nor the email address is required to contain personal data.

2. Scope of affected individuals: All users of all services announced on the website.

3. Duration of data processing, deadline for data deletion:
Upon cancellation of service, the data will be deleted immediately. The data controller shall inform the data subject electronically about the deletion of any personal data provided by the data subject under Article 19 of the GDPR. If the deletion request includes the provided email address, this will also be deleted after notification.
Exception: Accounting records must be kept for 8 years based on Act C of 2000 on Accounting, Section 169 (2).

Accounting documents (including general ledger accounts, analytical or detailed records) supporting bookkeeping must be preserved in a readable format and retrievable based on bookkeeping references for at least 8 years.

4. Authorized data processors and data recipients:
Personal data may be processed by the employees, instructors, and educational and marketing staff/subcontractors of the data controller, in accordance with the above principles.

5. Data subjects' rights regarding data processing:

  • The data subject may request access to their personal data, correction, deletion, or restriction of processing.

  • May object to the processing of their personal data.

  • Has the right to data portability and to withdraw consent at any time.

6. Methods for exercising data subject rights:

  • By post: Török Nóra Zsuzsa e.v., 4032 Debrecen, Jerikó utca 36. 6./53.

  • By email: norioktatas@gmail.com

  • By phone: +36 30 482 0428

7. Legal basis for data processing:

  • GDPR Article 6(1)(b),

  • Act CVIII of 2001 on certain aspects of electronic commerce and information society services, Section 13/A(3):
    The service provider may process personal data technically essential for providing the service. Tools used during service provision must be selected and operated to ensure that data is only processed when essential and only to the necessary extent and duration.

  • Article 6(1)(c) of the GDPR when issuing invoices in accordance with accounting regulations.

  • Enforcement of contractual claims under Act V of 2013 on the Civil Code, Section 6:21: 5 years.
    Section 6:22 [Statute of limitations]:
    (1) Unless otherwise specified, claims expire after five years.
    (2) The limitation period begins when the claim becomes due.
    (3) Agreements to modify the limitation period must be in writing.
    (4) Agreements excluding limitation periods are void.

8. Please note that:

  • Data processing is necessary for contract fulfillment.

  • You are required to provide personal data so we can fulfill your order.

  • Failure to provide data will result in us being unable to process your order.

Cookie (Tracking) Policy

  1. Common cookies for online stores include "cookies for password-protected sessions," "shopping cart cookies," and "security cookies," for which no prior consent is required.

  2. Nature of data processing and scope of data: dates, timestamps.

  3. Scope of affected individuals: All website visitors.

  4. Purpose of data processing: User identification.

  5. Duration of data processing and deadline for deletion:
    Session cookies: valid until the end of the session, based on Section 13/A(3) of Act CVIII of 2001.

  6. Authorized data processors: The controller does not process personal data through cookies.

  7. Data subject rights:
    Users can delete cookies in their browser settings, usually under the Privacy settings.

  8. Legal basis:
    Consent is not required if the sole purpose of cookies is transmission over an electronic communication network or they are strictly necessary for the provision of services explicitly requested by the subscriber or user.

Additional Data Processors

Authorized data processor: Designated employees of the Data Controller.

Billing:

  • Name: KBOSS.hu Kft.

  • Address: 1031 Budapest, Záhony utca 7.

  • Website: szamlazz.hu

  • Email: info@szamlazz.hu

  • Transferred data: First and last name, email address, billing name and address.

  • Purpose of data transfer: Invoice issuance.

10. Complaint Handling

  1. Nature of data collection, scope of processed data, and purpose:

  • Full Name: Identification, communication.

  • Email Address: Communication.

  • Phone Number: Communication.

  • Billing Name and Address: Identification, handling complaints and questions about ordered products.

  1. Scope of affected individuals: All customers of the website submitting a quality complaint.

  2. Duration of data processing:
    Complaint records and related correspondence must be retained for 5 years based on Act CLV of 1997 on Consumer Protection, Section 17/A(7).

  3. Authorized processors and data recipients:
    Sales and marketing subcontractors of the controller, in accordance with the above principles.

  4. Rights of data subjects:

  • Right to access, correct, delete, or restrict processing.

  • Right to object to processing.

  • Right to data portability and to withdraw consent at any time.

  1. Methods of exercising rights:

  • By post: Török Nóra Zsuzsa e.v., 4032 Debrecen, Jerikó utca 36. 6./53.

  • By email: norioktatas@gmail.com

  • By phone: +36 30 482 0428

  1. Legal basis:
    Article 6(1)(c) of the GDPR and Section 17/A(7) of Act CLV of 1997 on Consumer Protection.

  2. Please note:

  • Providing personal data is a contractual obligation.

  • Contract formation requires personal data processing.

  • You must provide your personal data so we can handle your complaint.

  • Without it, we cannot address your complaint.

11. Social Media

  1. Nature of data collected:
    Public username and profile picture on Facebook/Google+/Twitter/Pinterest/Youtube/Instagram, etc.

  2. Scope of affected individuals:
    Anyone registered on the above platforms who "likes" the website.

  3. Purpose of data collection:
    Sharing, liking, or promoting specific content, products, offers, or the website itself.

  4. Duration, deletion, data processors, and data subject rights:
    Information about data sources, processing, transfer methods, and legal basis can be found on the respective social media platforms. Data processing occurs there, so their policies apply.

  5. Legal basis:
    Voluntary consent by the data subject to the processing of their personal data on social media platforms.

12. Customer Relations and Other Data Processing

  1. If the data subject has any questions or issues while using our services, they may contact the data controller via the methods listed on the website (phone, email, social media, etc.).

  2. The data controller deletes received emails, messages, and data provided via phone, Facebook, etc., including the name and email address of the inquirer and any other voluntarily provided personal data, no later than 2 years after data provision.

  3. For any data processing not listed in this policy, information will be provided at the time of data collection.

  4. In the event of a request from an authority or another body authorized by law, the Service Provider is obliged to provide information, disclose data, hand over data, or make documents available.

  5. In such cases, the Service Provider discloses only as much personal data to the requesting party as is strictly necessary to fulfill the purpose of the request, provided that the purpose and scope of the data are specified.

13. Rights of the Data Subjects

  1. Right of Access
    You have the right to obtain confirmation from the data controller as to whether or not your personal data is being processed, and, if so, to access the personal data and the information listed in the regulation.

  2. Right to Rectification
    You have the right to have inaccurate personal data concerning you rectified without undue delay. Considering the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

  3. Right to Erasure ('Right to be Forgotten')
    You have the right to have your personal data erased without undue delay, and the data controller is obliged to erase your personal data without undue delay under certain conditions.

  4. Right to Be Forgotten (Public Disclosure)
    If the data controller has made the personal data public and is obliged to erase it, they must take reasonable steps—considering available technology and implementation costs—to inform other controllers processing the data that you have requested the deletion of any links to, or copies or replications of, such personal data.

  5. Right to Restriction of Processing
    You have the right to obtain restriction of processing from the data controller where one of the following applies:

  • You contest the accuracy of the personal data (restriction applies during the verification period);

  • The processing is unlawful and you oppose the erasure of the data and request restriction instead;

  • The controller no longer needs the data, but you require it for the establishment, exercise, or defense of legal claims;

  • You have objected to processing pending the verification of whether the legitimate grounds of the controller override yours.

  1. Right to Data Portability
    You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used, and machine-readable format, and the right to transmit that data to another controller without hindrance.

  2. Right to Object
    You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data, including profiling based on those provisions.

  3. Right to Object to Direct Marketing
    Where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. Once objected, your personal data may no longer be processed for this purpose.

  4. Automated Individual Decision-Making, Including Profiling
    You have the right not to be subject to a decision based solely on automated processing—including profiling—which produces legal effects concerning you or similarly significantly affects you.

This does not apply if the decision:

  • Is necessary for entering into, or performance of, a contract between you and the controller;

  • Is authorized by Union or Member State law with appropriate safeguards for your rights and freedoms;

  • Is based on your explicit consent.

14. Time Limit for Action

The controller shall inform you without undue delay and in any event within 1 month of receipt of the request of the actions taken. This may be extended by 2 months where necessary, in which case you will be informed of the delay and the reasons for it within 1 month of the request.

If the controller does not act on your request, they shall inform you without delay, and at the latest within 1 month of receipt of the request, of the reasons and your right to lodge a complaint with a supervisory authority and seek judicial remedy.

15. Security of Data Processing

The controller and processor implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, considering the state of the art, implementation costs, and the nature, scope, context, and purposes of the processing, including:

a. Pseudonymization and encryption of personal data;
b. Ensuring ongoing confidentiality, integrity, availability, and resilience of processing systems and services;
c. The ability to restore access to personal data in a timely manner in the event of a physical or technical incident;
d. A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures.

16. Informing the Data Subject about a Data Breach

If the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall inform the data subject without undue delay.

The notification must describe in clear and plain language the nature of the breach, contact details of the data protection officer or other contact point, likely consequences, and measures taken or proposed to address the breach and mitigate its effects.

The data subject does not need to be informed if:

  • Appropriate technical and organizational protection measures were in place (e.g., encryption);

  • The controller has taken subsequent measures that ensure the high risk is no longer likely to materialize;

  • It would involve disproportionate effort—then public communication or similar measures may be used instead.

If the controller has not already communicated the breach to the data subject, the supervisory authority may require it to do so if the risk is deemed high.

Reporting a Data Breach to Authorities

The controller shall notify the competent supervisory authority without undue delay and, if feasible, not later than 72 hours after becoming aware of a personal data breach, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons. If the notification is not made within 72 hours, it must be accompanied by reasons for the delay.

Mandatory Review in Case of Obligatory Data Processing

If the duration or the periodic review of the necessity of obligatory data processing is not defined by law or binding EU legal act, the data controller shall review at least every three years from the start of processing whether the processing is still necessary.

The conditions and outcome of this review must be documented and kept for ten years, and made available to the National Authority for Data Protection and Freedom of Information (NAIH) upon request.

Right to Lodge a Complaint

In case of any violation, a complaint may be lodged with the National Authority for Data Protection and Freedom of Information (NAIH):

National Authority for Data Protection and Freedom of Information
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, P.O. Box: 5.
Phone: +36-1-391-1400
Fax: +36-1-391-1410
Email: ugyfelszolgalat@naih.hu

Closing Statement

This privacy notice was prepared with regard to the following legislation:

  • Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR)

  • Act CXII of 2011 on Informational Self-Determination and Freedom of Information

  • Act CVIII of 2001 on Electronic Commerce Services

  • Act XLVII of 2008 on the Prohibition of Unfair Commercial Practices

  • Act XLVIII of 2008 on Fundamental Conditions and Certain Restrictions of Economic Advertising

  • Act XC of 2005 on Freedom of Electronic Information

  • Act C of 2003 on Electronic Communications

  • Opinion No. 16/2011 on EASA/IAB Best Practice Recommendation on Online Behavioural Advertising

  • Recommendations of the National Authority for Data Protection and Freedom of Information (NAIH) regarding prior information obligations.