The present provisions are especially based on the following laws:
- Act no. CXII of 2011 on information autonomy and freedom of information,
- Act no. VI on the enactment of the Treaty dated 28 January 1981 in Strassbourg on the protection of individuals in the course of online data processing
- Act no. CVIII on electronic commercial services and services related to information society.
Data of the online data manager:
Prieston and Co. Korlátolt Felelősségű Társaság (hereinafter referred to as: Prieston)
corporate registration number: 08-09-027379
registered seat: 9312 Szilsárkány, Dózsa György u. 2.
- Definitions relating to personal data
personal data: any data concerning a defined person (hereinafter referred to as the concerned person) or any conclusion that may be derived from the data relating to the concerned person. Any data shall remain personal data during data processing until their connection to the concerned person may be restored;
special data: any personal data referring to race, nationality, ethnicity, political views, religion or other conviction, health state, pathological addiction, sexuality, or criminal records;
data management: any collection, recording and storage, processing, utilisation (including data forwarding and publication) and deletion of personal data irrespective of the method used. In addition, the change of data and impeding their future utilisation;
data processing: data processing actions and technical duties, irrespective of the method and assets used and the place of utilisation;
data forwarding: to make available any data to a defined third person;
publication: to make available any data to any person;
data manager: the natural or legal person that defines the aim of the personal data processing, makes and executes any decisions relating to data management, or may engage a data processor for execution. In case of mandatory data management, the aim and conditions of data management and the data manager shall be defined by act or municipal order;
data processor: any natural or legal person engaged by the data manager that executes the personal data processing;
data deletion: to make any data unrecognisable in a manner that the data will no longer be restorable;
automated data file: data to be automatically processed;
machine processing: the following actions, provided that they are executed by automated tools: data storage, logic and arithmetic operations by data, change, deletion, search and circulation of data;
user: any natural person, who registers for the services of the data manager and, therefore, provides his/her data requested by the data manager for the registration.
- Data management principals
- any data may only be obtained and processed in a fair and lawful manner;
- any data may only be stored for specified and legal purposes, and may not be utilised for different purposes;
- any data shall be proportionate to the purposes of their storage and shall be in compliance with this;
- any data shall be accurate and up-to-date, if necessary;
- the manner of data storage shall provide that the concerned person may be identified only for the time necessary for the purposes of storage;
- any personal data referring to race, political views, religious or other conviction, health, sexuality, and criminal law judgments may not be machine processed, except if the national law provides for proper guarantees;
- in order to impede accidental or unlawful destruction or access, change or circulation of any personal data stored in automated data files, proper security measures shall be taken.
- Personal data may be managed, if
- the concerned person consented to it, or
- if any laws or municipality orders requires.
- Special data may be managed, if
- the concerned person consented to it in writing, or
- any personal data referring to race, nationality, ethnicity, political views, religion or other conviction, membership in any interest representation body, if it is based on international treaties, or required for the enforcement of a basic right provided by the Constitution, or by any acts for national security, crime prevention or criminal law enforcement;
- if any acts require so.
Data management assigned to purposes
Any personal data may only be managed for specified purposes, execution of specified rights and performance of specified duties. The data management shall comply with the purpose in any phase.
Purpose of data management: developing a data base, electronic sale, sending newsletter, data management for marketing purposes.
Data forwarding, connection of data management:
Upon the explicit consent of the user provided during registration or at a later stage, any and all data of the user managed by the data manager may be forwarded to the websites operated by Prieston.
The purpose of data forwarding: developing a data base, electronic sale, sending newsletter, data management for marketing purposes.
Data security: Data manager and the data processor shall provide for the data security, and take any technical and organising measures and implement those process rules, which are necessary for the enforcement of the data protection act and other data and secrecy laws. The data shall be protected especially against unlawful access, change, publication or deletion, and injury or destruction.
- Scope of data managed for Webshop operation
Data management by Prieston occurs on the basis of concerned person consent in relation to the operation of the Webshop.
Scope of managed data:
- Phone number
- E-mail address
- Rights and obligations of the person concerned
Based on Act no. CXII of 2011 on information autonomy and freedom of information the concerned person may request the following in relation to the data managed by the data manager:
- information of the managed data regarding the concerned person
- correction of personal data
- deletion of personal data (except for mandatory data management)
Information on the managed data regarding the concerned person
The concerned person may request information form the data manager on his/her data managed. The concerned person may request information on the purpose and time of the data management, name and seat/address of the data manager, the data management activity, and who and for what purpose may have access to his/her data.
The data manager shall provide information to the person concerned in writing in an easily interpretable manner within 30 days from the receipt of the request.
Correction of the personal data of the concerned person
The data manager, provided that he/she has the correct data, shall correct the false data. The concerned person may also request for the correction of his/her personal data. The data manager shall inform the concerned person on the correction of his/her data.
Withdrawal of data management consent
The person concerned may, at any time and without justification, withdraw his/her consent to personal data management. This excludes those data the management of which is required by law or necessary for contract performance. The data manager shall cease the data management following the receipt of notification on withdrawal and delete those data from the register which are covered by the consent withdrawal. The data manager shall notify the data processor and inform the concerned person thereon.
Prieston undertakes to publish a clear notice (data protection declaration) before registering, recording and managing any user data, and informs the user on the manner, purpose and principles of data registration. Furthermore, Prieston notifies the user that the data provision is voluntary. Any employee and executive of Prieston is entitled to learn the data managed by Prieston.
Prieston shall inform the user and request for his/her advance consent, if Prieston intends to use the data provided for any purpose differing from the original purpose, and shall provide for the user to prohibit such data use.
Prieston shall provide for the limitations recorded in the principles during data registration, record and management, and inform the concerned person on its activity by e-mail. Prieston shall not use any sanctions against those users, who denies the non-mandatory data provision.
Prieston undertakes to provide for the security of data and take any and all necessary technical and organisational measures and implements those process rules, which ensure the protection of the registered, recorded and stored data, and impedes their destruction, unlawful use and change. Prieston shall provide for notifying any third person on such measures, to whom Prieston may forward the data.
As a general principle, we provide for any visitor to freely decide, after reading the necessary information, whether they provide the data or not. It must be noted, however, that without the provision of certain personal data, the visitor may not use our services, which require the provision of such data.
If any authorised authority request for personal data provision form Prieston in line with the relevant laws (e.g. crime suspect), Prieston shall provide the requested information in compliance with the relevant legal obligations.
If our users provide personal information to us, we will take any and all necessary measures to ensure the security of these data both in online and offline data management and storage.
Prieston shall ensure that the visitors may access, correct and supplement their personal data in a manner they had previously provided their personal data. If any of our users request for the deletion of his/her personal data (undertaking that he/she will not be able to properly use our services), we shall immediately comply with such request. The time of data management shall last from the registration until the deletion of data.
If any of our users conceives that we have infringed their right to the protection of their personal data, they may file their claim with the respective court, or may request for help from the National Data Protection and Information Freedom Authority (1125 Budapest, Szilágyi Erzsébet fasor 22/c, www.naih.hu).
The court shall handle the case in an expedited procedure. The competence of the Court of Justice (Törvényszék) shall prevail. The lawsuit may be initiated in front of the Court of Justice competent based on the residence of the concerned person (upon the choice of the concerned person).
For any legal disputes and the obligations of the data manager the detailed provisions of Act no. CXII of 2011 on information autonomy and freedom of information shall apply.
Data protection identification number: NAIH-136179/2018.