Privacy notice
The protection of your personal data is of the utmost importance to us, and this Privacy Notice explains what personal data we process about you, for what purposes and on what legal basis. The Privacy Notice also sets out your rights.
- Data of the Data Controller
Data Controller: Sales In Move Zrt. (hereinafter referred to as “Data Controller”)
Head office: 1031 Budapest, Örlő utca 8. 1. floor. 5.
Company registration number: 01-10-141383
Tax number: 29274048-2-41
Website: www.cardinmove.com
Email contact: ugyfelszolgalat@cardinmove.com
- General legislation on which the processing is based
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR)
- Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Infotv.)
- Act V of 2013 on the Civil Code (Civil Code)
- Act CXXVII of 2007 on Value Added Tax (VAT Act)
- Act C of 2000 on Accounting (Accounting Act)
- Act CLV of 1997 on Consumer Protection (Fgy.tv.)
- Act XLVII of 2008 on the Prohibition of Unfair Commercial Practices against Consumers (Fttv.)
- Act CXIX of 1995 on the Processing of Name and Address Data for Research and Direct Marketing Purposes (DM Act)
- Act CVIII of 2001 on certain issues of electronic commerce services and information society services (Eker tv.)
- Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising (Act XLVIII of 2008)
- Concepts
Personal Data: any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Such typical personal data include in particular: name, address, place and date of birth, mother’s name.
Data processing: any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Controller: the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the Controller or the specific criteria for the designation of the Controller may also be determined by Union or Member State law.
Data Processor: a natural or legal person, public authority, agency or any other body that processes personal data on behalf of the Controller.
Recipient: the natural or legal person, public authority, agency or any other body, whether or not a third party, with whom or to which the personal data are disclosed.
- Principles
The Data Controller shall take into account the following principles in the processing of personal data, including:
- be carried out lawfully and fairly and in a transparent manner for the Data Subject (lawfulness, fairness and transparency)
- collected only for specified, explicit and legitimate purposes and not processed in a way incompatible with those purposes; further processing for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes is not considered incompatible with the original purpose in accordance with Article 89(1) of the GDPR (purpose limitation)
- be adequate, relevant and limited to what is necessary for the purposes for which the data are processed (data minimisation)
- be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that personal data which are inaccurate for the purposes for which they are processed are erased or rectified without delay (accuracy)
- be kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be kept for longer periods only if the personal data will be processed for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR, subject to the implementation of appropriate technical and organisational measures to safeguard the rights and freedoms of Data Subjects as provided for in this Regulation (limited storage)
- be processed in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage (integrity and confidentiality), by using appropriate technical or organisational measures
- the Data Controller is responsible for compliance with the above and must be able to demonstrate such compliance (accountability)
- Data management activities
- contact us (website)
| Purpose of data processing | How to contact us |
| Legal basis for data processing | Article 6(1)(b) GDPR: necessary for the performance of the contract or for taking steps at the request of the Data Subject prior to the conclusion of the contract |
| Categories of Affected Persons | Interested |
| Scope of personal data | Name, phone number, email address |
| Data retention time | Until the end of the 1st year after contact |
| Data transmission | No transfer of data pursuant to Articles 44-49 of the GDPR |
| Addressees | The Data Controller uses Data Processor(s): Hosting provider: ELIN.hu Kft. (headquarters: 9024 Győr, Déry T. utca 11. 2. floor. 4., company registration number: 08-09-016359) mail system provider: Google Ireland Ltd. (based in Google Building Gordon House, Barrow St, Dublin 4, Ireland) |
| Source of data | The source of the personal data is the interested party |
| How to provide data, consequences | The data must be provided. If you do not provide the personal data, the Data Controller will not be able to contact you. |
- chates contact (website)
| Purpose of data processing | Contact us via chat |
| Legal basis for data processing | Article 6(1)(b) GDPR: necessary for the performance of the contract or for taking steps at the request of the Data Subject prior to the conclusion of the contract |
| Categories of Affected Persons | Interested |
| Scope of personal data | Anonymous: no personal data is provided unless the Interested Party provides personal data |
| Data retention time | Until the end of the 1st year after contact |
| Data transmission | No transfer of data pursuant to Articles 44-49 of the GDPR |
| Addressees | The Data Controller uses Data Processor(s): chat sending software: Tidio Poland Sp. z o.o. (head office: Wojska Polskiego 81, 70-481 Szczecin, Poland) |
| Source of data | The source of the personal data is the interested party |
| How to provide data, consequences | The data must be provided. If you provide your email address, the Data Controller will reply to it, otherwise the contact is anonymous |
- send newsletter
| Purpose of data processing | Send newsletter |
| Legal basis for processing | Article 6(1)(a) GDPR: consent |
| Categories of Affected Persons | Newsletter subscriber |
| Scope of personal data | Name, email address |
| Data retention time | Until 30 days from the date of withdrawal of consent or unsubscription |
| Data transmission | No transfer of data pursuant to Articles 44-49 of the GDPR |
| Addressees | The Data Controller uses Data Processor(s): Hosting provider: Google Cloud European server: Google Ireland Ltd. (based in Gordon House, Barrow Street Dublin 4, Ireland) mail system provider: Google Ireland Ltd. (based in Google Building Gordon House, Barrow St, Dublin 4, Ireland)newsletter sending software: SalesAutopilot Kft. (headquarters: 1016 Budapest, Zsolt utca 6/A. 5. floor. 1., company registration number: 01-09-286773) |
| Source of data | The source of personal data is the subscriber to the newsletter |
| How to provide data, consequences | The provision of data is voluntary. If you do not provide the personal data, the Data Controller will not be able to send you a newsletter. |
- Registering for the Card in move service
| Purpose of data processing | To use the service, you need to register via a mobile app or websitePossible without registration |
| Legal basis for processing | Article 6(1)(b) GDPR: necessary for the performance of the contract or for taking steps at the request of the Data Subject prior to the conclusion of the contract |
| Categories of Affected Persons | Person (natural, legal) using the service |
| Scope of personal data | Name, email address |
| Data retention time | Until the end of the 1st year after cancellation of registration |
| Data transmission | No transfer of data pursuant to Articles 44-49 of the GDPR |
| Addressees | The Data Controller uses Data Processor(s): Hosting provider: Google Cloud European server: Google Ireland Ltd. (based in Gordon House, Barrow Street Dublin 4, Ireland) website developer: Zsolt Czeizer, sole proprietor (headquarters: 9027 Győr, Mártírok útja 40, 3 floor, door 12) |
| Source of data | The source of the personal data is the Service User |
| How to provide data, consequences | The data must be provided. If you do not provide the personal data, the Data Controller will not be able to provide you with services. |
- General use of the Card in move service
| Purpose of data processing | Card in move is for general use |
| Legal basis for processing | Article 6(1)(b) GDPR: necessary for the performance of the contract or for taking steps at the request of the Data Subject prior to the conclusion of the contract |
| Categories of Affected Persons | Person (natural, legal) using the service |
| Scope of personal data | Name, position, phone number, email address |
| Data retention time | Until the end of the 1st year after cancellation of registration |
| Data transmission | No transfer of data pursuant to Articles 44-49 of the GDPR |
| Addressees | The Data Controller uses Data Processor(s): Hosting provider: Google Cloud European server: Google Ireland Ltd. (based in Gordon House, Barrow Street Dublin 4, Ireland) mail system provider: Google Ireland Ltd. (based in Google Building Gordon House, Barrow St, Dublin 4, Ireland)website developer: Zsolt Czeizer, sole proprietor (head office: 9027 Győr, Mártírok útja 40, 3 floor, door 12) |
| Source of data | The source of personal data is the service user |
| How to provide data, consequences | The data must be provided. If you do not provide the personal data, the Data Controller will not be able to provide you with services. |
- Continue using the Card in move service
| Purpose of data processing | Card in move service for wider use |
| Legal basis for processing | Article 6(1)(a) GDPR: consent |
| Categories of Affected Persons | Person (natural, legal) using the service |
| Scope of personal data | Profile picture, occupation, social media links, phone number, email address, content uploaded by the user |
| Data retention time | Until consent is withdrawn |
| Data transmission | No transfer of data pursuant to Articles 44-49 of the GDPR |
| Addressees | The Data Controller uses Data Processor(s): Hosting provider: Google Cloud European server: Google Ireland Ltd. (based in Gordon House, Barrow Street Dublin 4, Ireland) mail system provider: Google Ireland Ltd. (based in Google Building Gordon House, Barrow St, Dublin 4, Ireland)website developer: Zsolt Czeizer, sole proprietor (head office: 9027 Győr, Mártírok útja 40, 3 floor, door 12) |
| Source of data | The source of personal data is the service user |
| How to provide data, consequences | The data must be provided. If you do not provide the personal data, the Data Controller will not be able to provide you with specific services. |
- send push message
| Purpose of data processing | Send push messages within the Card in Move service (e.g. modification of the GTC, modification of the Privacy Policy, system maintenance, sending system messages and notifications, etc.) |
| Legal basis for data processing | Article 6(1)(b) GDPR: necessary for the performance of the contract or for taking steps at the request of the Data Subject prior to the conclusion of the contract |
| Categories of Affected Persons | Person (natural, legal) using the service |
| Scope of personal data | Name, email address |
| Data retention time | Until the end of the 1st year after cancellation of registration |
| Data transmission | No transfer of data pursuant to Articles 44-49 of the GDPR |
| Addressees | The Data Controller uses Data Processor(s): Hosting provider: Google Cloud European server: Google Ireland Ltd. (based in Gordon House, Barrow Street Dublin 4, Ireland) mail system provider: Google Ireland Ltd. (based in Google Building Gordon House, Barrow St, Dublin 4, Ireland) |
| Source of data | The source of personal data is the recipient of the service |
| How to provide data, consequences | The data must be provided. If you do not provide the personal data, the Data Controller will not be able to provide you with information about the service. |
- payment for the service
| Purpose of data processing | Pay for the service via Stripe credit card, Apple Store and Google Play. |
| Legal basis for processing | Article 6(1)(b) GDPR: necessary for the performance of the contract or for taking steps at the request of the Data Subject prior to the conclusion of the contract |
| Categories of Affected Persons | Person (natural, legal) using the service |
| Scope of personal data | Name |
| Data retention time | Pursuant to paragraphs (1) and (2) of § 169 of the Accounting Act 8 years |
| Data transmission | No transfer of data pursuant to Articles 44-49 of the GDPR |
| Addressees | The Data Controller does not use Data Processor(s). The Data Controller will use an independent Data Controller(s) to pay the consideration for the product: Stripe’s service provider is Stripe Ltd. (1 Grand Canal Street Lower, Grand Canal Dock, Dublin D02 H210, Ireland), the privacy notice is https://stripe.com/en-hu/privacy Google Play Store: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Privacy Policy: https://policies.google.com/privacyApple Store Store: Apple DistributionInternational Ltd. (Hollyhill Industrial Estate Hollyhill, Cork, Ireland), the privacy notice is available at: https://www.apple.com/legal/privacy/hu/ |
| Source of data | The source of personal data is the recipient of the service |
| How to provide data, consequences | The data must be provided. If you do not provide the personal data, the Data Controller will not be able to provide you with services. |
- product delivery
| Purpose of data processing | Delivery of the purchased product |
| Legal basis for data processing | Article 6(1)(b) GDPR: necessary for the performance of the contract or for taking steps at the request of the Data Subject prior to the conclusion of the contract |
| Categories of Affected Persons | Person (natural, legal) using the service |
| Scope of personal data | Name, delivery address, phone number, email address |
| Data retention time | End of the 5th year following the performance or termination of the contract |
| Data transmission | No transfer of data pursuant to Articles 44-49 of the GDPR |
| Addressees | The Data Controller does not use a Data Processor.The Data Controller uses the transport companies as independent Data Controllers: DPD Hungária Kft. (registered office: 1134 Budapest, Váci út 33, 2nd floor, company registration number: 01-09-888141) |
| Source of data | The source of personal data is the recipient of the service |
| How to provide data, consequences | The data must be provided. If you do not provide the personal data, the Data Controller will not be able to deliver the product. |
- billing
| Purpose of data processing | Issuing an invoice |
| Legal basis for processing | Article 6(1)(c) GDPR: fulfilment of a legal obligation: section 159(1) of the VAT Act |
| Categories of Affected Persons | Client |
| Scope of personal data | Name, address, tax number (for companies), email address |
| Data retention time | Pursuant to paragraphs (1) and (2) of § 169 of the Accounting Act 8 years |
| Data transmission | No transfer of data pursuant to Articles 44-49 of the GDPR |
| Addressees | The Data Controller uses Data Processor(s): accounting: SZÁMOLDA Kft. (registered office: 1031 Budapest, Vitorla utca 11. fszt., company registration number: 01-09-711344) billing software operator of szamlazz.hu: KBOSS.hu Kft. (registered office: 1031 Budapest, Záhony utca 7. company registration number: 01-09-303201) The Data Controller shall provide data to the National Tax and Customs Administration (NAV) in accordance with point 1 of Annex 10 of Act CXXVII of 2007 on Value Added Tax (VAT Act). |
| Source of data | Source of personal data is the customer |
| How to provide data, consequences | Providing the data is mandatory. If you do not provide the personal data, the Data Controller will not be able to fulfil its legal obligation to invoice. |
- opinion, evaluation
| Purpose of data processing | Rating of the service by opinion and evaluation |
| Legal basis for processing | Article 6(1)(a) GDPR: consent |
| Categories of Affected Persons | Person (natural, legal) using the service |
| Scope of personal data | Name, email address |
| Data retention time | Until withdrawal of consent |
| Data transmission | No transfer of data pursuant to Articles 44-49 of the GDPR |
| Addressees | The Data Controller uses Data Processor(s): opinion management software operator: Trustindex Kft. (registered office: 2724 Újlengyel, Nyári Pál utca 15., company registration number: 13-09-223096) |
| Source of data | The source of personal data is the service user |
| How to provide data, consequences | The data must be provided. If you do not provide personal data, you will not be able to evaluate the service |
- enforcement of a claim
| Purpose of data processing | Enforcing a claim in the event of a debt |
| Legal basis for processing | Article 6 (1) (c) GDPR: Civil Code. 6:138 § ( Right to demand performance) |
| Categories of Affected Persons | Person (natural, legal) using the service |
| Scope of personal data | Personal data relating to the enforcement of claims |
| Data retention time | Until the end of the 5th year after the contract is performed or terminated |
| Data transmission | No transfer of data pursuant to Articles 44-49 of the GDPR |
| Addressees | The Data Controller uses an independent Data Controller(s):lawyerclaims management companyIn each case, individual information will be provided taking into account the circumstances of the case. |
| Source of data | The source of the personal data is an employee of the Data Controller |
| How to provide data, consequences | Providing the data is mandatory. If the personal data are not available, the Data Controller will not be able to enforce a claim. |
- contact
In the case of its contracted partners (suppliers), the Data Controller communicates and maintains business relations through its contact person as set out in the contract.
| Purpose of data processing | Maintaining communication and cooperation in order to fulfil the purpose of the contract between the Data Controller and the Partner |
| Legal basis for data processing | Article 6(1)(f) GDPR: legitimate interest |
| Categories of Affected Persons | Employee of the partner (sole trader, Ltd., Bt., Zrt.) as the designated contact person |
| Scope of personal data | Name, position, phone number, email address |
| Data retention time | Until the end of the 5th year after the contract is performed or terminated |
| Data transmission | No transfer of data pursuant to Articles 44-49 of the GDPR |
| Addressees | The Data Controller uses Data Processor(s):CRM system: SalesAutopilot Kft. (headquarters: 1016 Budapest, Zsolt utca 6/A. 5. floor. 1., company registration number: 01-09-286773) |
| Source of data | Source of personal data is the Partner’s contact person |
| How to provide data, consequences | The data must be provided. If you do not provide the personal data, the Data Controller will not be able to reconcile with the Partner |
- complaint handling
| Purpose of data processing | Handling a complaint about any service |
| Legal basis for data processing | Article 6(1)(c) GDPR: fulfilment of a legal obligation: the Consumer Protection Act CLV of 1997 |
| Categories of Affected Persons | Person using the service |
| Scope of personal data | Name, address, email address, place, time and manner of lodging the complaint, a detailed description of the complaint, a list of documents and other evidence presented by the consumer |
| Data retention period | Pursuant to Section 17/A (7) paragraph (7) of the Fgy.tv. 3 years |
| Data transmission | No transfer of data pursuant to Articles 44-49 of the GDPR |
| Addressees | The Data Controller does not use Data Processor(s) |
| Source of data | The source of personal data is the recipient of the service |
| How to provide data, consequences | The provision of data is voluntary. If you do not provide the required data, the Data Controller may not be able to investigate your complaint. |
- Website data management
The Website uses cookies.
A cookie is a file that is placed on your computer when you visit a website. A cookie is a packet of information that the server sends to the browser, and then each time you request a cookie, the browser sends it back to the server with the data content specified by the server. The purpose of this is to save the web settings of the website you are visiting, so that when you visit the same website again from the same device, the site will remember the parameters you have set.
The cookie has countless functions. Cookies are most often used to personalise ads, services and analyse website traffic.
Under current legislation, cookies can only be stored on your device if they are absolutely necessary, i.e. they are essential for the website to function, and are called “necessary cookies”. For all other types of cookies, your consent is required. You can view and set the cookies currently used on the website in a pop-up window when you access the website.
Modern browsers allow you to change cookie settings. Some browsers automatically accept cookies by default, but you can change this setting to prevent automatic acceptance in the future. If you change this setting, the browser will offer you the option to set cookies each time you change it.
Given that the cookies are intended to support and facilitate the usability and processes of the website, it cannot be guaranteed that you will be able to use all the features of the website to their full extent if you disable cookies. The website may then function differently than intended in the browser. For more detailed information on cookie settings for the browsers below:
- Google Chrome
- Firefox
- Microsoft Internet Explorer 11
- Microsoft Internet Explorer 10
- Microsoft Internet Explorer 9
- Microsoft Internet Explorer 8
- Microsoft Edge
- Safari
- Social media
The Data Controller is available on the following social networking sites.
The operator of the social networking site is considered as a separate Data Controller, information on data management is available at the following links:
| Community page: | Name of data controller: | Contact details of the Privacy Notice: |
| Meta Platforms Ireland Ltd. (based at 4 Grand Canal Square, Grand Canal Harbour Dublin 2, Ireland) | https://www.facebook.com/privacy/explanation | |
| LinkedIn Corporation (location: 2029 Stierlin Court, Mountain View, CA 94043, USA) | https://www.linkedin.com/legal/privacy-policy | |
| Meta Platforms Ireland Ltd. (based at 4 Grand Canal Square, Grand Canal Harbour Dublin 2, Ireland) | https://help.instagram.com/519522125107875/?helpref=hc_fnav | |
| Tiktok | TikTok Technology Ltd., 10 Earlsfort Terrace, Dublin, D02 T380, Ireland) | https://www.tiktok.com/legal/privacy-policy-eea?lang=hu |
| Youtube | Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland) | https://www.youtube.com/howyoutubeworks/our-commitments/protecting-user-data/ |
The Data Controller does not record or process personal data about the user of the given social networking site in its internal database and system.
- Access to data
Personal data may be accessed by the competent staff of the Data Controller to the extent necessary for the performance of their tasks.
- Data security measures
The Data Controller shall take appropriate IT, technical and personnel measures to protect the personal data it processes against, inter alia, unauthorised access or unauthorised alteration.
- Data Subjects’ rights in relation to data processing and their content
About data managementRight of access | Content of the Data Subject’s right in relation to data processing |
| Right to information/Articles 13-14 of the GDPR/ | You have the right to be informed of the fact and purposes of the processing at the time of obtaining your personal data. The Controller will also provide you with such additional information as is necessary to ensure fair and transparent processing, taking into account the specific circumstances and context in which the personal data are processed. You shall also be informed of the fact of profiling and its consequences. |
| Right of access/Article 15 of the GDPR/ | You have the right to request information from as to whether or not your personal data is being processed and, if such processing is taking place, you have the right to be informed that the Data Controller:what personal dataon what legal basisfor what processing purposehow long it treats to whom, when, under which law, to which personal data, to whom you have given access or to whom you have transferred your personal datathe source of your personal data (if not provided by you to the Data Controller)whether it uses automated decision-making and its logic, including profiling. |
| Right to rectification/Article 16 of the GDPR/ | You have the right to have inaccurate personal data concerning you corrected or incomplete personal data completed by the Data Controller at your request. You may therefore request that the Controller amend any of your personal data (for example, you may change your e-mail address or other contact details at any time). |
| Right to erasure (“right to be forgotten”)/Article 17 of the GDPR/ | You have the right to have your personal data deleted by the Data Controller at your request if one of the following grounds applies: your personal data are no longer necessary for the purposes for which they were collected or otherwise processed you withdraw your consent on the basis of which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) and there is no other legal basis for the processingyou object to processing on the basis of Article 21(1) and there is no overriding legitimate ground for processing, or you object to processing on the basis of Article 21(2)your personal data have been unlawfully processedyour personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the Data Controller is subjectyour personal data have been collected in connection with the provision of information society services referred to in Article 8(1). |
| Right to restriction/Article 18 of the GDPR/ | You have the right to have the Controller restrict the processing of your personal data at your request if one of the following grounds applies: You contest the accuracy of your personal data (in which case the limitation applies for the period of time that allows the Controller to verify the accuracy of the personal data)the processing is unlawful and you oppose the erasure of the data and instead request the restriction of their usethe Controller no longer needs the personal data for the purposes of processing, but you require them for the establishment, exercise or defence of a legal claimYou have objected to the processing pursuant to Article 21(1) (in which case the restriction applies for the period until it is established whether the legitimate grounds of the Controller prevail over your legitimate grounds). |
| Right to data portability/Article 20 of the GDPR/ | You have the right to receive personal data concerning you which you have provided to a Data Controller in a structured, commonly used, machine-readable format and the right to transmit such data to another Data Controller without hindrance from the Data Controller to which you have provided the personal data, if:the processing is based on consent within the meaning of Article 6(1)(a) or Article 9(2)(a), or on a contract within the meaning of Article 6(1)(b), and the processing is carried out by automated means.You have the right to request, where technically feasible, the direct transfer of your personal data between Data Controllers. |
| Right to object/Article 21 of the GDPR/ | You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1)(e) or (f), including profiling based on those provisions. In such a case, the Controller may no longer process your personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.If your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such purposes, including profiling, where it is related to direct marketing. |
| Right to withdraw consent/Article 7(3) GDPR/ | You have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of the processing based on consent prior to its withdrawal. You must be informed of this before consent is given. The withdrawal of consent shall be made possible in the same simple manner as the granting of consent. |
- Data subject’s rights of redress in relation to data processing and their content
| Legal remedies | Content of the remedy |
| Right to complain to the Supervisory Authority/Article 77 of the GDPR/ | If your right to the protection of your personal data is infringed, you may lodge a complaint with the following Authority:National Authority for Data Protection and Freedom of Information head office: 1055 Budapest, Falk Miksa utca 9-11.mailing address: 1363 Budapest, Pf. 9.phone: +36 (1) 391-1400email: ugyfelszolgalat@naih.hu Website: www.naih.hu |
| The right to an effective judicial remedy against the Controller or the Processor (initiation of legal proceedings)/Article 79 of the GDPR/ | You have the right to take legal action against the Controller or Processor if you consider that the processing of your personal data is unlawful. The court will decide the case out of turn. In such a case, you are free to decide whether to bring your action before the competent court in your place of residence or domicile. The courts can be contacted at: www.birosag.hu/torvenyszekek |
- Update of the Privacy Notice
The Data Controller reserves the right to unilaterally amend this Privacy Notice. In particular, this Privacy Notice may be amended if necessary due to changes in legislation, data protection authority practices, business needs or other circumstances. At the Data Subject’s request, the Controller shall send him a copy of the current version of the Privacy Notice in the form agreed with him.
Budapest, 27 April 2023.