We hereby inform the visitors of the website and the Customers of the Online Store about the practice followed in the management of personal data, the organizational and technical measures taken to protect the data, as well as the rights of the visitors in this regard, and the possibilities of their enforcement.
Data controller: MONTEEN Korlátolt Felelősségű Társaság (headquarters: 4200 Hajdúszoboszló; Company registration number: 09-09-034615; company registry: Debrecen Törvényszék; tax number: 32145227-2-09; phone number: +36 30 438 8962, email address: info@ monteen.eu, website: https://www.monteen.eu as Data Controller (hereinafter: Company).
Data processors: The data controller informs the data subjects that it uses the following data processors to carry out its activities:
Data processing activities related to delivery activities: DPD Hungary Kft. (1134 Budapest Váci út 33, A building II. floor, adatkezeles@dpd.hu, +36 1 501 6200) The courier service participates in the delivery of the ordered goods based on the contract concluded with the Data Controller. The courier service handles the personal data received in accordance with the data management information available on its website.
Hosting provider: Shopify International Ltd. (headquarters: Haddington Road, 2nd Floor 1-2 Victoria Buildings, Dublin 4, D04 XN32, Ireland, email: support@shopify.com) The Data Processor stores personal data based on the contract concluded with the Data Controller. You are not entitled to access personal data.
Data processing activity related to sending newsletters: The Mailchimp system is operated by The Rocket Science Group, LLC (675 Ponce de Leon Avenue, Suite 5000, Atlanta, GA 30308 USA). The Data Processor participates in the sending of newsletters based on the contract concluded with the Data Controller. In doing so, the Data Processor processes the data subject's name and e-mail address to the extent necessary for the newsletter.
Data transmission to the Data Processor specified in this Notice may be carried out without the Data Subject's separate consent. The Data Controller does not transfer the Personal data it manages to third parties other than the Data Processors specified in this Information. The Data Processor does not make an independent decision, it is only authorized to act according to the contract concluded with the Data Controller and the instructions received. The Data Processor records, manages and processes the Personal data transmitted to it by the Data Controller and managed or processed by it in accordance with the provisions of the GDPR, and makes a statement to the Data Controller about this. The Data Controller checks the work of the Data Processor. The Data Processor is entitled to use additional data processors only with the consent of the Data Controller.
Visitor data management on the Company's website
Information on the use of cookies:
In accordance with common Internet practice, our Company also uses cookies on its website. A cookie is a small file containing a string of characters that is placed on a visitor's computer when they visit a website. When you visit the website again, thanks to the cookie, the website can recognize the visitor's browser. Cookies can also store user settings (e.g. selected language) and other information. Among other things, they collect information about the visitor and his device, remember the visitor's individual settings, can be used, e.g. when using online shopping carts. In general, cookies facilitate the use of the website, help the website provide users with a real web experience and provide an effective source of information, and also ensure that the website operator can control the operation of the website, prevent abuses, and ensure that the services provided on the website are undisturbed and of an adequate standard. When using the website, our company's website records and manages the following data about the visitor and the device used for browsing: - the internal identifier of the last viewed product
The system automatically generates statistical data from this data. The operator does not connect this data with personal data.
Accepting and authorizing the use of cookies is not mandatory. You can reset your browser settings to reject all cookies or to notify you when a cookie is currently being sent. Although most browsers automatically accept cookies by default, they can usually be changed to prevent automatic acceptance and offer a choice each time.
You can find information about the cookie settings of the most popular browsers at the links below
Google Chrome: https://support.google.com/accounts/answer/61416?hl=hu
Firefox: https://support.mozilla.org/hu/kb/sutik-engedelyezese-es-tiltasa-amit-weboldak-haszn
Microsoft Internet Explorer 11: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-11
Microsoft Internet Explorer 10: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-10-win-7
Microsoft Internet Explorer 9: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-9
Microsoft Internet Explorer 8: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-8
Microsoft Edge: http://windows.microsoft.com/hu-hu/windows-10/edge-privacy-faq
Safari: https://support.apple.com/hu-hu/HT201265
In addition to all this, we would like to point out that certain website functions or services may not work properly without cookies. The cookies used on the website are not in themselves suitable for identifying the user.
Cookies used on the Company's website:
1. Technically necessary session cookies. These cookies are necessary so that visitors can browse the website, use its functions smoothly and fully, the services available through the website, so - among others - in particular, the comment of the actions performed by the visitor on the given pages during a visit. The duration of data management of these cookies is 2 hours.
The managed data range:
The displayed language
Internal currency identifier
The user's address
Selected delivery and payment method
VAT rate
Coupon details
Current country
Cart contents
User name
The legal basis for this data management is Act CVIII of 2001 on certain issues of electronic commercial services and information society services. Act (Elkertv.) 13/A. (3) of § The purpose of data management is to ensure the proper functioning of the website.
2. Cookies requiring consent: These allow the Company to remember the user's website choices. The visitor can prohibit this data management at any time before using the service and during the use of the service. These data cannot be linked to the user's identification data and cannot be transferred to third parties without the user's consent. Duration of data management: 1 day
2.1. Cookies facilitating use: The legal basis for data management is the consent of the visitor. Purpose of data management: Increasing the efficiency of the service, increasing the user experience, making the use of the website more convenient. Duration of data management: 2 hours
2.2. Performance cookies: Google Analytics cookies - you can find out more here: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
Google AdWords cookies - you can find information about this here: https://support.google.com/adwords/answer/2407785?hl=hu
The Company informs its Visitors that in order to measure the number of visitors to the www.monteen.eu website and its sub-pages and to monitor the behavior of its visitors, to compile statistics and to evaluate the effectiveness of its advertisements
Google Analytics,
Google AdWords Conversion Tracking,
Hotjar is
Facebook uses Remarketing programs.
The referred programs on the user's computer are so-called cookies are placed that collect user data. Website visitors allow the Company to use Google Analytics, AdWords Conversion Tracking, and Facebook Remarketing and Hotjar programs. At the same time, they consent to the monitoring and tracking of their user behavior and the use of all services provided by the programs for the Company. In addition to all of this, the visitor has the option to disable the data recording and data storage of cookies for the future at any time as described below. We inform our visitors that the settings and use of the Google Analytics, AdWords Conversion Tracking and Facebook Remarketing, Hotjar programs fully comply with the requirements of the data protection authority.
According to Google, Google Analytics mainly uses first-party cookies to report visitor interactions on its website. These cookies only record non-personally identifiable information. Browsers do not share their own cookies between domains. More information about the cookie can be found in the Google Advertising and Privacy FAQ.
Google Analytics: The Data Controller uses the Google Analytics program primarily to generate statistics, including measuring the effectiveness of its campaigns. By using the program, the Company mainly obtains information about how many visitors visited the website and how much time the visitors spent on the website. The program recognizes the visitor's IP address, so it can track whether the visitor is a returning or a new visitor, and it can also track how the visitor traveled on the website and where they entered. Google AdWords conversion tracking: The purpose of Google AdWords conversion tracking is to enable the Company to measure the effectiveness of AdWords ads. It does this with the help of cookies placed on the Visitor's computer, which exist for 30 days and do not collect personal data.
Disable cookies: If you want to manage cookie settings or disable the function, you can do so in your browser. Depending on the browser's toolbar, this option can be found in the cookies/cookies/tracking functions placements menu item. You can usually set which tracking features you enable/disable on your computer under Tools > Settings > Privacy Settings. If you do not want Google Analytics to report your visits, you can install the Google Analytics blocking browser extension. This add-on instructs the Google Analytics JavaScript scripts not to send visit information to Google. If you have installed the blocking browser extension, you will also not participate in content experiments. If you wish to opt-out of Google Analytics web activity, visit the Google Analytics opt-out page and install the add-on for your browser. For more information on installing and uninstalling the extension, see the help for your browser.
In addition to Google services, the Company also uses the analysis service of Hotjar: Hotjar Ltd. ("Hotjar") (http://www.hotjar.com, 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe). Through Hotjar's analysis, the Company has the opportunity to learn about and evaluate the habits of Visitors on the website (e.g. how much time they spend on certain subpages, what links they click, etc.). During the operation of the function, the information collected about the visit to the website is transmitted to Hotjar's servers in Ireland, where it is stored by Hotjar. The following information can be recorded with the visitor's device and browser:
IP address of the user's device (collected and stored in anonymous format)
The screen size of the user's device
The type of user's device and the type of browser they use
User location (country only)
With the help of Hotjar, the visit to the website and its use are analyzed and a separate report is prepared. During the operation of this function, Hotjar also uses the services of third parties, such as Google Analytics and Optimizely. Through data transfer, the third parties mentioned can store the information that the user's browser sends when viewing the website (e.g. cookies, IP offer requests, etc.). The cookies used by Hotjar are not deleted for different periods of time, some cookies are automatically deleted after the current visit, but there are also some that remain for up to 365 days. If you wish to disable data logging by Hotjar, please visit the following page: https://www.hotjar.com/opt-out. Hotjar's privacy policy can be found here (https://www.hotjar.com/legal/policies/privacy).
On the website, the Company uses Facebook Inc. (1 Hacker Way, Menlo Park, CA 94025, USA), or if you live in the EU, then Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) ("Facebook") of the Facebook social network operated by the so-called "Facebook pixel". The Facebook pixel enables Facebook to treat website visitors as a target group for the display of advertisements (so-called Facebook ads). Accordingly, the Company uses the Facebook pixel so that the embedded Facebook ads are displayed only to those Facebook users who have also shown an interest in the Company's offers. In other words, the purpose of the Facebook pixel is to ensure that Facebook ads match the potential interests of users and not be distracting factors. With the help of the Facebook pixel, the Company can also analyze the effectiveness of the ads appearing on Facebook for statistical and market research purposes, for example, whether users reached our website by clicking on the Facebook ad. When you open our website, Facebook directly embeds the Facebook pixel, which can place a so-called cookie, i.e. a small file, on the visitor's device. If you later log in to Facebook or visit Facebook pages while logged in, your visit to the website is registered in your profile. The data obtained about visitors is anonymous to us, which means that we cannot find out their identity based on this. At the same time, the data is stored and processed by Facebook, so they can be linked to the given user profile. Facebook handles data according to its own data management policy. Therefore, you can find more information about the operation of the remarketing pixel and the display of Facebook ads in general in Facebook's data management policy at the following address: https://www.facebook.com/policy.php. You can prevent data collection by the Facebook pixel and the use of your data for the purpose of displaying Facebook ads. To do this, go to the page created by Facebook and follow the instructions for personal ads settings: https://www.facebook.com/settings?tab=ads, the address of the US page is: http://www.aboutads.info/ choices/, and the EU site http://www.youronlinechoices.com/. The settings are platform-independent, meaning they apply to both desktop and mobile devices.
Data processed for the purpose of concluding and fulfilling the contract
In order to conclude and fulfill the contract, several cases of data management may be implemented. We would like to inform you that data processing related to complaint handling and warranty administration is only carried out if the Data Subject exercises one of the aforementioned rights. If the Data Subject does not make a purchase through the webshop, but is only a visitor to the webshop, then the provisions of data management for marketing purposes may apply to him, if he gives consent for marketing purposes to the Company. The data processing carried out for the purpose of concluding and fulfilling the contract in more detail:
- Contact
Contact is made if, for example, you contact us with a question about a product by e-mail, contact form, or telephone. Prior contact is not mandatory, you can skip this and order from the webshop at any time.
Managed data: Data provided during contact.
Duration of data management: The Company only manages the data until the contact is completed.
Legal basis for data management: The Data Subject's voluntary consent, which he gives to the Data Controller by contacting him. [Data management according to Article 6 (1) point a) of the Regulation]
Recipients of personal data and categories of recipients: the Company's employees performing tasks related to customer service, the Company's hosting provider as a data processor, and employees providing hosting services.
Registration to use the Webshop/Webstore
On the website, the registrant natural person can give his consent to the processing of his personal data by checking the relevant box.
Scope of data provided during registration:
name
company name (optional)
e-mail address
telephone number
billing and shipping address
The purpose of processing personal data:
1. Fulfillment of the services provided on the website,
The legal basis for data management is the consent of the data subject.
Recipients of personal data and categories of recipients: the Company's employees performing tasks related to customer service and marketing activities, the Company's hosting provider as a data processor, and employees providing hosting services.
The period of storage of personal data: until the registration / service exists, or until the consent of the person concerned is withdrawn (deletion request, which can be sent to the e-mail address support@monteen.eu).
Order processing
During the processing of orders, data management activities are necessary in order to fulfill the contract.
Data processed: name, address, telephone number, e-mail address, characteristics of the purchased product, order number and date of purchase. If you have placed an order in the webshop, data management and the provision of data are essential for the fulfillment of the contract.
Duration of data management: We process data for 5 years according to the civil law statute of limitations.
Legal basis for data management: Fulfillment of the contract. [Data management according to Article 6 (1) point b) of the Regulation]
Recipients of personal data and categories of recipients: the Company's employees performing tasks related to the processing of orders, the Company's storage service provider as a data processor, its employees performing storage services.
Issue of the invoice
The data management process takes place in order to issue an invoice in accordance with the legislation and to fulfill the obligation to preserve accounting documents. The Sztv. Pursuant to § 169, paragraphs (1)-(2), economic companies must keep the accounting documents directly and indirectly supporting the accounting.
Managed data: Name, tax number (in the case of a company), address, e-mail address, telephone number.
Duration of data management: The issued invoices are issued by Sztv. Based on § 169, paragraph (2), it must be kept for 8 years from the date of issue of the invoice.
Legal basis for data management: CXXVII of 2007 on VAT. On the basis of Section 159 (1), the issuance of the invoice is mandatory and it must be kept for 8 years on the basis of Section 169 (2) of Act C of 2000 on accounting [Data processing according to Article 6 (1) point c) of the Regulation].
Recipients of personal data and categories of recipients: employees of the Company performing tasks related to invoicing
Data management related to the delivery of goods
The data management process takes place in order to deliver the ordered product.
Data processed: Name, address, e-mail address, telephone number.
Duration of data management: The Data Controller manages the data until the delivery of the ordered goods.
Legal basis for data management: Contract performance [data management according to Article 6 (1) point b) of the Regulation].
Recipients and data processors of data processing related to the delivery of goods Name of the recipient: Company employees performing tasks related to order fulfillment, DPD Hungary Kft.
The DPD courier service contributes to the delivery of the ordered goods based on the contract concluded with the Data Controller. The DPD courier service handles the personal data received in accordance with the data management information available on its website.
Data processed in relation to the verifiability of consent
During the registration, order, and subscription to the newsletter, the IT system stores the IT data related to the consent for later provability.
Data processed: Date of consent and IP address of the person concerned.
Duration of data management: Due to legal requirements, the consent must be proven later, therefore the data storage period is stored for a period of limitation after the termination of data management.
Legal basis for data management: This obligation is prescribed by Article 7 (1) of the Regulation. [Data management according to Article 6 (1) point c) of the Regulation]
Recipients of personal data and categories of recipients: employees of the Company providing technical support, hosting providers of the Company as data processors, employees providing hosting services.
Data management related to the newsletter service
The Company operates a newsletter system for the purpose of continuously informing interested parties, in connection with which personal data (full name, e-mail address) provided during registration on the website are processed with the prior written consent of the recipient of the newsletter. The Company's newsletters are sent from abroad via the "Mailchimp" international newsletter system, so in addition to registration, your express consent is also required for the transmission of your personal data to a foreign data controller. The Mailchimp system is operated by The Rocket Science Group, LLC (675 Ponce de Leon Avenue, Suite 5000, Atlanta, GA 30308 USA). The foreign operator provides data management in accordance with European Union regulations based on the provisions of the "EU-US Privacy Shield Framework" data exchange agreement. The data subject can unsubscribe from the newsletter at any time by clicking the "Unsubscribe" button in the footer of the newsletters, which automatically deletes the data stored in the system, or upon request sent by e-mail (info@monteen.eu), the Company will delete the data immediately, but no later than within 15 days. You can find out Mailchimp's latest Privacy Policy at https://mailchimp.com/legal/privacy/.
On the website, a natural person who registers for the newsletter service can give his consent to the processing of his personal data by clicking the Subscribe button after checking the box for consent to the processing of data. The person concerned can unsubscribe from the newsletter at any time by using the "Unsubscribe" application of the newsletter, or by making a statement in writing or by e-mail, which means withdrawal of consent. In such a case, all data of the unsubscriber must be deleted immediately.
The range of personal data that can be processed: the natural person's name (surname, first name), e-mail address.
The purpose of processing personal data:
1. Sending a newsletter about the Company's products and services
2. Sending advertising material
Legal basis for data management: the consent of the data subject.
Recipients of personal data and categories of recipients: employees of the Company performing tasks related to customer service and marketing activities, employees of the Company's IT service provider as data processors for the purpose of providing hosting services,
The period of storage of personal data: until the existence of the newsletter service, or until the consent of the data subject is withdrawn (deletion request, which can be sent to the e-mail address support@monteen.eu).
Community guidelines / Data management on the Company's Facebook page
The Company maintains a Facebook page for the purpose of introducing and promoting its products and services.
A question on the Company's Facebook page is not considered an officially submitted complaint. The Company does not manage personal data published by visitors on the Company's Facebook page. Visitors are governed by Facebook's Privacy and Terms of Service. In case of publication of illegal or offensive content, the Company may exclude the person concerned from membership or delete his/her comments without prior notice.
The Company is not responsible for data content and comments posted by Facebook users that violate the law. The Company is not responsible for any errors, malfunctions or problems arising from changes to the operation of the system resulting from the operation of Facebook.
Data management for direct marketing purposes
If a separate law does not provide otherwise, by the method of directly contacting a natural person as the recipient of an advertisement (direct acquisition of business), especially by means of electronic correspondence or other equivalent means of individual communication - XLVIII of 2008. with the exception defined by law - it can only be disclosed if the recipient of the advertisement clearly and specifically consented to it in advance.
The range of personal data that can be processed by the Company for the purpose of advertising recipient inquiry: the natural person's name, address, telephone number, e-mail address, online identifier.
The purpose of processing personal data is to carry out direct marketing activities related to the Company's activities, i.e. the regular or periodic sending of advertising publications, newsletters, current offers in printed (postal) or electronic form (e-mail) to the contact details provided during registration.
Legal basis for data management: the consent of the data subject.
Recipients of personal data and categories of recipients: employees of the Company performing tasks related to customer service, employees of the Company's IT service provider providing server services as data processors, employees of the Post Office in the case of postal delivery.
Duration of storage of personal data: until consent is revoked.
Management of contractual partners' data
The Company processes the name, address, tax identification number, telephone number, e-mail address, website address, bank account number, customer number (customer number, order number), online identifier (list of customers, suppliers, master purchase lists). This data management is considered legal even if the data management is necessary to take steps at the request of the data subject prior to the conclusion of the contract. Recipients of personal data: the Company's employees performing tasks related to customer service, employees performing accounting and taxation tasks, and data processors. Duration of processing personal data: 5 years after the termination of the contract.
Before data processing begins, the data subject must be informed that the data processing is based on the legal title of the performance of the contract, this information can also be provided in the contract.
The data subject must be informed about the transfer of his personal data to the data processor.
Contact details of natural person representatives of legal entity clients, buyers, suppliers
The range of personal data that can be handled: the name, address, telephone number, e-mail address of the natural person.
The purpose of processing personal data is: fulfilling the contract concluded with the Company's legal entity partner, maintaining business relations. Personal data is processed by the Service Provider on the basis of Article 6, Paragraph (1) point f) of the GDPR, based on the Service Provider's legitimate interest in establishing and maintaining a business relationship.
Recipients of personal data and categories of recipients: employees of the Company performing tasks related to customer service.
Duration of storage of personal data: for 5 years after the existence of the business relationship or the quality of representative of the person concerned.
SUMMARY OF YOUR RIGHTS
In this chapter, for the sake of clarity and transparency, we briefly summarize the rights of the data subject.
Right to prior information
The data subject has the right to receive information about the facts and information related to data management before the start of data management. (Articles 13-14 of the Regulation) Data processing can only begin after the information has been provided. If the legal basis of the data management is consent, the data subject must also consent to the data management in addition to the information. We provide information on the detailed rules in the next chapter.
The data subject's right of access
The data subject is entitled to receive feedback from the Data Controller as to whether his personal data is being processed, and if such data processing is ongoing, he is entitled to access the personal data and related information specified in the Regulation. (Regulation Article 15). We provide information on the detailed rules in the next chapter.
Right to rectification
The data subject is entitled to have the Data Controller correct inaccurate personal data concerning him without undue delay upon request. Taking into account the purpose of the data management, the data subject is entitled to request the completion of incomplete personal data, including by means of a supplementary statement. (Regulation Article 16).
The right to erasure ("the right to be forgotten")
The data subject has the right to request that the Data Controller delete the personal data concerning him without undue delay, and the Data Controller is obliged to delete the personal data concerning the data subject without undue delay if one of the reasons specified in the Order exists.
(Regulation, Article 17) We provide information on the detailed rules in the next chapter.
The right to restrict data processing
The data subject is entitled to request that the Data Controller restricts data processing if the conditions specified in the order are met. (Regulation, Article 18) We provide information on the detailed rules in the next chapter.
Notification obligation related to the correction or deletion of personal data or the limitation of data management
The Data Controller informs all recipients of all corrections, deletions or data management restrictions to whom or to whom the personal data was disclosed, unless this proves to be impossible or requires a disproportionately large effort. At the request of the data subject, the Data Controller informs about these recipients. (Regulation Article 19)
The right to data portability
Under the conditions set out in the Regulation, the data subject is entitled to receive the personal data relating to him/her provided to a Data Controller in a segmented, widely used, machine-readable format, and is also entitled to forward this data to another Data Controller without being hindered by the the Data Controller to whom the personal data was made available. (Regulation, Article 20) We provide information on the detailed rules in the next chapter.
The right to protest
The data subject has the right to object to his personal data at any time for reasons related to his own situation under point e) of Article 6 (1) of the Regulation (the data processing is in the public interest or necessary for the performance of a task carried out in the framework of the exercise of public authority vested in the Data Controller) or point f) (the data management is necessary to enforce the legitimate interests of the Data Controller or a third party (Article 21 of the Regulation) We provide information on the detailed rules in the next chapter.
Automated decision-making in individual cases, including profiling
The data subject has the right not to be covered by the scope of a decision based solely on automated data management, including profiling, which would have a legal effect on him or affect him to a similar extent. (Regulation, Article 22) We provide information on the detailed rules in the next chapter.
Restrictions
The EU or Member State law applicable to the Data Controller or data processor may limit the provisions of Articles 12-22 through legislative measures. Article and Article 34, as well as Articles 12–22. in accordance with the rights and obligations defined in Article (Regulation, Article 23) We provide information on the detailed rules in the next chapter. Informing the data subject about the data protection incident
If the data protection incident is likely to involve a high risk for the rights and freedoms of natural persons, the Data Controller shall inform the data subject of the data protection incident without undue delay. (Regulation, Article 34) We provide information on the detailed rules in the next chapter.
The right to lodge a complaint with the supervisory authority (right to an official remedy)
The data subject has the right to file a complaint with a supervisory authority - in particular in the Member State of his or her usual place of residence, workplace or the place of the suspected infringement - if, in the opinion of the data subject, the processing of personal data concerning him/her violates the Regulation. (Regulation Article 77)
In Hungary, the supervisory authority is the National Data Protection and Freedom of Information Authority. The relevant detailed legal provisions can be found in Act CXII of 2011 on the right to self-determination of information and freedom of information. contained in the law.
Contact information of the National Data Protection and Freedom of Information Authority:
1055 Budapest, Falk Miksa utca 9-11.
Tel: +36 1 391-1400
Fax: +36 1 391-1410
Email: ugyfelszolgalat@naih.hu
website: www.naih.hu
The right to an effective judicial remedy against the supervisory authority
All natural and legal persons are entitled to an effective judicial remedy against the legally binding decision of the supervisory authority concerning them, or if the supervisory authority does not deal with the complaint, or does not inform the person concerned about the procedural developments related to the submitted complaint or its result within three months. (Regulation, Article 78) We provide information on the detailed rules in the next chapter.
The right to an effective judicial remedy against the controller or processor
All data subjects are entitled to an effective judicial remedy if, in their judgment, their rights according to this regulation have been violated as a result of the handling of their personal data not in accordance with this regulation. (Regulation Article 79)
SUBMISSION OF THE APPLICANT'S REQUEST, MEASURES OF THE DATA PROCESSOR
1. The Data Controller shall inform the data subject without undue delay, but in any case within one month of the receipt of the request, of the measures taken as a result of his request to exercise his rights.
2. If necessary, taking into account the complexity of the application and the number of applications, this deadline can be extended by another two months. The Data Controller shall inform the data subject of the extension of the deadline, indicating the reasons for the delay, within one month of receiving the request.
3. If the data subject submitted the application electronically, the information must be provided electronically, if possible, unless the data subject requests otherwise.
4. If the Data Controller does not take measures following the data subject's request, it shall inform the data subject without delay, but at the latest within one month of the receipt of the request, of the reasons for the failure to take action, and of the fact that the data subject may file a complaint with a supervisory authority and seek legal remedies with his right.
5. The Data Controller provides information according to Articles 13 and 14 of the Regulation and information about the rights of the data subject (Articles 15-22 and 34 of the Regulation) and measures free of charge. If the data subject's request is clearly unfounded or - especially due to its repeated nature - excessive, the Data Controller, taking into account the administrative costs associated with providing the requested information or information or taking the requested measure:
a) You can charge a fee of HUF 6,350, or
b) may refuse to take action based on the request. It is the responsibility of the Data Controller to prove that the request is clearly unfounded or excessive.
6. If the Data Controller has reasonable doubts about the identity of the natural person submitting the request, it may request the provision of additional information necessary to confirm the identity of the person concerned.
DATA SECURITY
During the operation of the IT systems, we provide the necessary authorization management, internal organization and technical solutions so that your data does not fall into the possession of unauthorized persons, and unauthorized persons cannot delete, save or modify the data. We also apply data protection and data security requirements to our data processors. We keep a record of possible data protection incidents, if necessary, we inform the data subject of the incidents that arise, if this is made mandatory by the Regulation.