PRIVACY POLICY

The purpose of the present Privacy Policy (hereinafter: Privacy Policy) is to provide information about the processing of the personal data of natural persons subscribing on the www.ecovis.hu website to the e-mail newsletter titled ‘Ecovis Legal News’ and published by Bihary • B. Szabó • Jean • Zalavári and Partners Law Office.

I. The Data Controller and the Data Processors

Data Controller:

Bihary • B. Szabó • Jean • Zalavári and Partners Law Office

Registered seat: 1036 Budapest, Bécsi út 52. II/6-7.
Phone: +36 1 439 11 66
E-mail: hungary@ecovis.hu
Registration Number: Budapest Bar Association 18105162

Data Processors:

NETSTUDIO HUNGARY Korlátolt Felelősségű Társaság (hosting provider)

Registered seat: 1021 Budapest, Ötvös János utca 13.
Company registration number: 01-09-691646

ECOVIS HOLDING Kft. (website operator)

Registered seat: 1036 Budapest, Bécsi út 52. II. em. 28.
Company registration number: Cg.01-09-874037

The Rocket Science Group, LLC (MailChimp newsletter provider)

Registered seat: 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, Georgia 30308

II. The purpose of data processing

The purpose of data processing is the distribution of weekly or bi-weekly electronic newsletters providing professional content and promoting the services of the Data Controller to subscribers of the e-mail newsletter ‘Ecovis Legal News’.

Should the Data Controller intend to use the personal data it controls for purposes other than stated above, then it shall, prior to commencing such use for other purposes, notify the Data Subjects of such other purpose and of any other relevant auxiliary information using channels customarily used by the parties.

III. Basis and term of data processing, scope of personal data processed

The basis of personal data processing is the previous and voluntary consent of Data Subject (i.e. of the person subscribing to the newsletter). Consequently, no newsletter can be sent if no personal data is supplied and no consent is granted.

Personal data will be processed from the date of subscription to the newsletter until the cancellation of such subscription (i.e. the withdrawal of consent) or until the termination of the purpose, i.e. until the termination of circulation of the newsletter.

The Data Controller shall process the following personal data in connection with the circulation of the newsletter:

1. The first and last name and
2. The e-mail address of the Data Subject.

The Data Controller shall forward the Data Subject’s personal data to third parties subject to the prior written consent of the Data Subject or if so required by the Data Controller’s relevant legal obligations.

IV. Rights and remedies of the Data Subject in relation to the processing of personal data

Rights

Withdrawal of consent

Data Subjects shall have the right to withdraw their consent to data processing anytime during the term of data processing. Such withdrawal shall, however, not affect the legitimacy of any data processing performed with the Data Subject’s consent prior to such withdrawal.

Access

Data Subjects shall have the right to receive feedback from the Data Controller whether their personal data is being processed and if so, then they shall have the right to access such personal data and also to be informed of the following:

a) The purpose of processing of personal data;
b) The categories of personal data involved;
c) The addressees or categories of addressees whom personal data was or will be disclosed to, including specifically those in third countries and international organisations;
d) The expected term of processing of personal data, if applicable, or if not, then the criteria of defining the length of such term;
e) A reference to the Data Subject’s right to request from the Processor the correction, deletion or limitation of processing of the Data Subject’s personal data and to object to the processing of such personal data;
f) A reference to the right to submit complaints to the supervisory authority;
g) If such personal data was not collected from the Data Subject, then all information regarding the source of such personal data.

Correction

The Data Subject shall be entitled to request that the Processor should rectify any inaccurate personal data pertaining to the Data Subject. Depending on the purpose of data processing the Data Subject shall have the right to request by way of, among others, a supplementary declaration, the addition of missing personal data.

Right to object

The Data Subject shall have the right to object, any time, to the processing of the Data Subject’s personal data based on the legitimate interests of the Processor. In these cases the Processor must not continue processing such personal data unless the Processor can prove that processing is necessitated by compelling and legitimate reasons that have priority over the Data Subject’s interests, rights and liberties, or that are in connection with the submission, enforcement or protection of legal claims.

Deletion and limitation

The Data Subject is entitled to request that the Processor should, without undue delay, delete personal data pertaining to the Data Subject and the Processor shall be obliged to delete, without any undue delay, the personal data pertaining to the Data Subject if any of the following reasons apply:

a) The personal data is no longer required for the purpose they were collected or otherwise processed;
b) The Data Subject withdraws their consent to the processing of their personal data and there is no other basis for processing;
c) The Data Subject objects to the processing of their data and there is no legitimate priority reason for data processing,
d) The personal data was were processed illegitimately;
e) The personal data must be deleted in order to comply with an obligation of the Processor set forth by EU or member state legal provisions;
f) The personal data was collected in connection with the offer of information society services directly to a child.

The above provisions shall not be applied if the processing is required for one of the following purposes:

• Exercising the right of freedom of expression and information;

• Compliance with EU or member state legislation applicable to the Processor and requiring the processing of personal data in the interest of the public or for the purpose of carrying out duties related to the public authority of the Processor;

• Archiving in the interest of the public, for the purposes of scientific or historical research or for statistical purposes, provided that the right to request deletion would presumably jeopardize or seriously risk such data processing;

• Putting forward, enforcing or protecting legal claims.

The Data Subject has the right to request that the Processor should limit processing the Data Subject’s personal data if any of the following requirements are met:

a) The Data Subject contests the accuracy of the personal data – in this case the limitation shall apply for a period that allows the Data Processor to check the accuracy of the personal data;
b) The processing is illegitimate and the Data Subject objects to deletion of the personal data and requests that its use is limited instead;
c) The Processor no longer needs the personal data for processing but the Data Subject requires that it is available for the purposes of submitting, enforcing or protecting legal claims; or
d) The Data Subject objected to the processing – in this case the limitation shall apply for the period until it is ascertained whether the Processor’s legitimate reasons have a priority over the legitimate reasons of the Data Subject.

In the event processing is subject to limitation then – apart from storage – affected personal data may only be processed subject to the consent of the Data Subject, for the purposes of submitting, enforcing or protecting legal claims or for the purpose of protecting other natural or legal persons’ rights or in the important interest of the public of the EU or a member state thereof.

The Processor shall notify the Data Subject upon whose request processing was limited about the lifting of the limitation of processing.

Portability of personal data

The Data Subject is entitled to receive personal data provided by the Data Subject to a data processor in a structured, commonly used, machine-readable format and also to transfer such data to another data processor without being obstructed to do so by the data processor to which the Data Subject had provided such personal data, provided that:

a) The data processing is based on a consent or a contract and
b) The data processing is performed in an automated manner.

While exercising the right to data portability the Data Subject shall have the right to request the direct transfer of the personal data between the data processors (provided this is physically possible).

We warn Data Subjects here that in case the personal data involved cannot be received by the target persons for technical reasons, then the right to portability of personal data cannot be exercised.

Legal remedies

In the event of a breach of the rules of personal data processing Data Subjects may seek legal remedy at the National Authority for Data Protection and Freedom of Information of Hungary (Nemzeti Adatvédelmi és Információszabadság Hatóság):

Name: Nemzeti Adatvédelmi és Információszabadság Hatóság
Seat: 1024 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, Pf.: 5.
Email: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu

Data Subjects may also seek legal remedy against the Data Controller or the Data Processors employed by the Data Controller at the competent court of their domicile or residence.

V. Miscellaneous

The present Privacy Policy shall enter into force on 25 May 2018.

 

PRIVACY POLICY

The purpose of the present Privacy Policy (hereinafter: Privacy Policy) is to provide information about the processing of the personal data of natural persons subscribing on the www.ecovis.hu website to the e-mail newsletter titled ‘Ecovis Accounting News’ and published by Ecovis Accounting Kft.

I. The Data Controller and the Data Processors

Data Controller:

Ecovis Accounting Kft.

Registered seat: 1036 Budapest, Bécsi út 52. 1. em. 19.
Phone: +36 1 439 11 66
E-mail: hungary@ecovis.hu
Company Registration Number: Cg.01-09-260678

Data Processors:

NETSTUDIO HUNGARY Korlátolt Felelősségű Társaság (hosting provider)

Registered seat: 1021 Budapest, Ötvös János utca 13.
Company registration number: 01-09-691646

ECOVIS HOLDING Kft. (website operator)

Registered seat: 1036 Budapest, Bécsi út 52. II. em. 28.
Company registration number: Cg.01-09-874037

The Rocket Science Group, LLC (MailChimp newsletter provider)

Registered seat: 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, Georgia 30308

II. The purpose of data processing

The purpose of data processing is the distribution of weekly or bi-weekly electronic newsletters providing professional content and promoting the services of the Data Controller to subscribers of the e-mail newsletter ‘Ecovis Accounting News’.

Should the Data Controller intend to use the personal data it controls for purposes other than stated above, then it shall, prior to commencing such use for other purposes, notify the Data Subjects of such other purpose and of any other relevant auxiliary information using channels customarily used by the parties.

III. Basis and term of data processing, scope of personal data processed

The basis of personal data processing is the previous and voluntary consent of Data Subject (i.e. of the person subscribing to the newsletter). Consequently, no newsletter can be sent if no personal data is supplied and no consent is granted.

Personal data will be processed from the date of subscription to the newsletter until the cancellation of such subscription (i.e. the withdrawal of consent) or until the termination of the purpose, i.e. until the termination of circulation of the newsletter.

The Data Controller shall process the following personal data in connection with the circulation of the newsletter:

1. The first and last name and
2. The e-mail address of the Data Subject.

The Data Controller shall forward the Data Subject’s personal data to third parties subject to the prior written consent of the Data Subject or if so required by the Data Controller’s relevant legal obligations.

IV. Rights and remedies of the Data Subject in relation to the processing of personal data

Rights

Withdrawal of consent

Data Subjects shall have the right to withdraw their consent to data processing anytime during the term of data processing. Such withdrawal shall, however, not affect the legitimacy of any data processing performed with the Data Subject’s consent prior to such withdrawal.

Access

Data Subjects shall have the right to receive feedback from the Data Controller whether their personal data is being processed and if so, then they shall have the right to access such personal data and also to be informed of the following:

a) The purpose of processing of personal data;
b) The categories of personal data involved;
c) The addressees or categories of addressees whom personal data was or will be disclosed to, including specifically those in third countries and international organisations;
d) The expected term of processing of personal data, if applicable, or if not, then the criteria of defining the length of such term;
e) A reference to the Data Subject’s right to request from the Processor the correction, deletion or limitation of processing of the Data Subject’s personal data and to object to the processing of such personal data;
f) A reference to the right to submit complaints to the supervisory authority;
g) If such personal data was not collected from the Data Subject, then all information regarding the source of such personal data.

Correction

The Data Subject shall be entitled to request that the Processor should rectify any inaccurate personal data pertaining to the Data Subject. Depending on the purpose of data processing the Data Subject shall have the right to request by way of, among others, a supplementary declaration, the addition of missing personal data.

Right to object

The Data Subject shall have the right to object, any time, to the processing of the Data Subject’s personal data based on the legitimate interests of the Processor. In these cases the Processor must not continue processing such personal data unless the Processor can prove that processing is necessitated by compelling and legitimate reasons that have priority over the Data Subject’s interests, rights and liberties, or that are in connection with the submission, enforcement or protection of legal claims.

Deletion and limitation

The Data Subject is entitled to request that the Processor should, without undue delay, delete personal data pertaining to the Data Subject and the Processor shall be obliged to delete, without any undue delay, the personal data pertaining to the Data Subject if any of the following reasons apply:

a) The personal data is no longer required for the purpose they were collected or otherwise processed;
b) The Data Subject withdraws their consent to the processing of their personal data and there is no other basis for processing;
c) The Data Subject objects to the processing of their data and there is no legitimate priority reason for data processing,
d) The personal data was were processed illegitimately;
e) The personal data must be deleted in order to comply with an obligation of the Processor set forth by EU or member state legal provisions;
f) The personal data was collected in connection with the offer of information society services directly to a child.

The above provisions shall not be applied if the processing is required for one of the following purposes:

• Exercising the right of freedom of expression and information;

• Compliance with EU or member state legislation applicable to the Processor and requiring the processing of personal data in the interest of the public or for the purpose of carrying out duties related to the public authority of the Processor;

• Archiving in the interest of the public, for the purposes of scientific or historical research or for statistical purposes, provided that the right to request deletion would presumably jeopardize or seriously risk such data processing;

• Putting forward, enforcing or protecting legal claims.

The Data Subject has the right to request that the Processor should limit processing the Data Subject’s personal data if any of the following requirements are met:

a) The Data Subject contests the accuracy of the personal data – in this case the limitation shall apply for a period that allows the Data Processor to check the accuracy of the personal data;
b) The processing is illegitimate and the Data Subject objects to deletion of the personal data and requests that its use is limited instead;
c) The Processor no longer needs the personal data for processing but the Data Subject requires that it is available for the purposes of submitting, enforcing or protecting legal claims; or
d) The Data Subject objected to the processing – in this case the limitation shall apply for the period until it is ascertained whether the Processor’s legitimate reasons have a priority over the legitimate reasons of the Data Subject.

In the event processing is subject to limitation then – apart from storage – affected personal data may only be processed subject to the consent of the Data Subject, for the purposes of submitting, enforcing or protecting legal claims or for the purpose of protecting other natural or legal persons’ rights or in the important interest of the public of the EU or a member state thereof.

The Processor shall notify the Data Subject upon whose request processing was limited about the lifting of the limitation of processing.

Portability of personal data

The Data Subject is entitled to receive personal data provided by the Data Subject to a data processor in a structured, commonly used, machine-readable format and also to transfer such data to another data processor without being obstructed to do so by the data processor to which the Data Subject had provided such personal data, provided that:

a) The data processing is based on a consent or a contract and
b) The data processing is performed in an automated manner.

While exercising the right to data portability the Data Subject shall have the right to request the direct transfer of the personal data between the data processors (provided this is physically possible).

We warn Data Subjects here that in case the personal data involved cannot be received by the target persons for technical reasons, then the right to portability of personal data cannot be exercised.

Legal remedies

In the event of a breach of the rules of personal data processing Data Subjects may seek legal remedy at the National Authority for Data Protection and Freedom of Information of Hungary (Nemzeti Adatvédelmi és Információszabadság Hatóság):

Name: Nemzeti Adatvédelmi és Információszabadság Hatóság
Seat: 1024 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, Pf.: 5.
Email: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu

Data Subjects may also seek legal remedy against the Data Controller or the Data Processors employed by the Data Controller at the competent court of their domicile or residence.

V. Miscellaneous

The present Privacy Policy shall enter into force on 25 May 2018.

 

PRIVACY POLICY

The purpose of the present Privacy Policy (hereinafter: Privacy Policy) is to provide information about the processing of the personal data of natural persons subscribing on the www.ecovis.hu website to the e-mail newsletter titled ‘Ecovis Audit News’ and published by Ecovis Audit Kft.

I. The Data Controller and the Data Processors

Data Controller:

Ecovis Audit Kft.

Registered seat: 1036 Budapest, Bécsi út 52. I. em. 23.
Phone: +36 1 439 11 66
E-mail: hungary@ecovis.hu
Company Registration Number: Cg.01-09-875510

Data Processors:

NETSTUDIO HUNGARY Korlátolt Felelősségű Társaság (hosting provider)

Registered seat: 1021 Budapest, Ötvös János utca 13.
Company registration number: 01-09-691646

ECOVIS HOLDING Kft. (website operator)

Registered seat: 1036 Budapest, Bécsi út 52. II. em. 28.
Company registration number: Cg.01-09-874037

The Rocket Science Group, LLC (MailChimp newsletter provider)

Registered seat: 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, Georgia 30308

II. The purpose of data processing

The purpose of data processing is the distribution of weekly or bi-weekly electronic newsletters providing professional content and promoting the services of the Data Controller to subscribers of the e-mail newsletter ‘Ecovis Audit News’.

Should the Data Controller intend to use the personal data it controls for purposes other than stated above, then it shall, prior to commencing such use for other purposes, notify the Data Subjects of such other purpose and of any other relevant auxiliary information using channels customarily used by the parties.

III. Basis and term of data processing, scope of personal data processed

The basis of personal data processing is the previous and voluntary consent of Data Subject (i.e. of the person subscribing to the newsletter). Consequently, no newsletter can be sent if no personal data is supplied and no consent is granted.

Personal data will be processed from the date of subscription to the newsletter until the cancellation of such subscription (i.e. the withdrawal of consent) or until the termination of the purpose, i.e. until the termination of circulation of the newsletter.

The Data Controller shall process the following personal data in connection with the circulation of the newsletter:

1. The first and last name and
2. The e-mail address of the Data Subject.

The Data Controller shall forward the Data Subject’s personal data to third parties subject to the prior written consent of the Data Subject or if so required by the Data Controller’s relevant legal obligations.

IV. Rights and remedies of the Data Subject in relation to the processing of personal data

Rights

Withdrawal of consent

Data Subjects shall have the right to withdraw their consent to data processing anytime during the term of data processing. Such withdrawal shall, however, not affect the legitimacy of any data processing performed with the Data Subject’s consent prior to such withdrawal.

Access

Data Subjects shall have the right to receive feedback from the Data Controller whether their personal data is being processed and if so, then they shall have the right to access such personal data and also to be informed of the following:

a) The purpose of processing of personal data;
b) The categories of personal data involved;
c) The addressees or categories of addressees whom personal data was or will be disclosed to, including specifically those in third countries and international organisations;
d) The expected term of processing of personal data, if applicable, or if not, then the criteria of defining the length of such term;
e) A reference to the Data Subject’s right to request from the Processor the correction, deletion or limitation of processing of the Data Subject’s personal data and to object to the processing of such personal data;
f) A reference to the right to submit complaints to the supervisory authority;
g) If such personal data was not collected from the Data Subject, then all information regarding the source of such personal data.

Correction

The Data Subject shall be entitled to request that the Processor should rectify any inaccurate personal data pertaining to the Data Subject. Depending on the purpose of data processing the Data Subject shall have the right to request by way of, among others, a supplementary declaration, the addition of missing personal data.

Right to object

The Data Subject shall have the right to object, any time, to the processing of the Data Subject’s personal data based on the legitimate interests of the Processor. In these cases the Processor must not continue processing such personal data unless the Processor can prove that processing is necessitated by compelling and legitimate reasons that have priority over the Data Subject’s interests, rights and liberties, or that are in connection with the submission, enforcement or protection of legal claims.

Deletion and limitation

The Data Subject is entitled to request that the Processor should, without undue delay, delete personal data pertaining to the Data Subject and the Processor shall be obliged to delete, without any undue delay, the personal data pertaining to the Data Subject if any of the following reasons apply:

a) The personal data is no longer required for the purpose they were collected or otherwise processed;
b) The Data Subject withdraws their consent to the processing of their personal data and there is no other basis for processing;
c) The Data Subject objects to the processing of their data and there is no legitimate priority reason for data processing,
d) The personal data was were processed illegitimately;
e) The personal data must be deleted in order to comply with an obligation of the Processor set forth by EU or member state legal provisions;
f) The personal data was collected in connection with the offer of information society services directly to a child.

The above provisions shall not be applied if the processing is required for one of the following purposes:

• Exercising the right of freedom of expression and information;

• Compliance with EU or member state legislation applicable to the Processor and requiring the processing of personal data in the interest of the public or for the purpose of carrying out duties related to the public authority of the Processor;

• Archiving in the interest of the public, for the purposes of scientific or historical research or for statistical purposes, provided that the right to request deletion would presumably jeopardize or seriously risk such data processing;

• Putting forward, enforcing or protecting legal claims.

The Data Subject has the right to request that the Processor should limit processing the Data Subject’s personal data if any of the following requirements are met:

a) The Data Subject contests the accuracy of the personal data – in this case the limitation shall apply for a period that allows the Data Processor to check the accuracy of the personal data;
b) The processing is illegitimate and the Data Subject objects to deletion of the personal data and requests that its use is limited instead;
c) The Processor no longer needs the personal data for processing but the Data Subject requires that it is available for the purposes of submitting, enforcing or protecting legal claims; or
d) The Data Subject objected to the processing – in this case the limitation shall apply for the period until it is ascertained whether the Processor’s legitimate reasons have a priority over the legitimate reasons of the Data Subject.

In the event processing is subject to limitation then – apart from storage – affected personal data may only be processed subject to the consent of the Data Subject, for the purposes of submitting, enforcing or protecting legal claims or for the purpose of protecting other natural or legal persons’ rights or in the important interest of the public of the EU or a member state thereof.

The Processor shall notify the Data Subject upon whose request processing was limited about the lifting of the limitation of processing.

Portability of personal data

The Data Subject is entitled to receive personal data provided by the Data Subject to a data processor in a structured, commonly used, machine-readable format and also to transfer such data to another data processor without being obstructed to do so by the data processor to which the Data Subject had provided such personal data, provided that:

a) The data processing is based on a consent or a contract and
b) The data processing is performed in an automated manner.

While exercising the right to data portability the Data Subject shall have the right to request the direct transfer of the personal data between the data processors (provided this is physically possible).

We warn Data Subjects here that in case the personal data involved cannot be received by the target persons for technical reasons, then the right to portability of personal data cannot be exercised.

Legal remedies

In the event of a breach of the rules of personal data processing Data Subjects may seek legal remedy at the National Authority for Data Protection and Freedom of Information of Hungary (Nemzeti Adatvédelmi és Információszabadság Hatóság):

Name: Nemzeti Adatvédelmi és Információszabadság Hatóság
Seat: 1024 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, Pf.: 5.
Email: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu

Data Subjects may also seek legal remedy against the Data Controller or the Data Processors employed by the Data Controller at the competent court of their domicile or residence.

V. Miscellaneous

The present Privacy Policy shall enter into force on 25 May 2018.

 

PRIVACY POLICY

The purpose of the present Privacy Policy (hereinafter: Privacy Policy) is to provide information about the processing of the personal data of natural persons subscribing on the www.ecovis.hu website to the e-mail newsletter titled ‘Ecovis Tax News’ and published by Ecovis Tax Solution Kft.

I. The Data Controller and the Data Processors

Data Controller:

Ecovis Tax Solution Kft.

Registered seat: 1036 Budapest, Bécsi út 52. I. em. 23.
Phone: +36 1 439 11 66
E-mail: hungary@ecovis.hu
Company Registration Number: Cg.01-09-205967

Data Processors:

NETSTUDIO HUNGARY Korlátolt Felelősségű Társaság (hosting provider)

Registered seat: 1021 Budapest, Ötvös János utca 13.

Company registration number: 01-09-691646

ECOVIS HOLDING Kft. (website operator)

Registered seat: 1036 Budapest, Bécsi út 52. II. em. 28.
Company registration number: Cg.01-09-874037

The Rocket Science Group, LLC (MailChimp newsletter provider)

Registered seat: 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, Georgia 30308

II. The purpose of data processing

The purpose of data processing is the distribution of weekly or bi-weekly electronic newsletters providing professional content and promoting the services of the Data Controller to subscribers of the e-mail newsletter ‘Ecovis Tax News’.

Should the Data Controller intend to use the personal data it controls for purposes other than stated above, then it shall, prior to commencing such use for other purposes, notify the Data Subjects of such other purpose and of any other relevant auxiliary information using channels customarily used by the parties.

III. Basis and term of data processing, scope of personal data processed

The basis of personal data processing is the previous and voluntary consent of Data Subject (i.e. of the person subscribing to the newsletter). Consequently, no newsletter can be sent if no personal data is supplied and no consent is granted.

Personal data will be processed from the date of subscription to the newsletter until the cancellation of such subscription (i.e. the withdrawal of consent) or until the termination of the purpose, i.e. until the termination of circulation of the newsletter.

The Data Controller shall process the following personal data in connection with the circulation of the newsletter:

1. The first and last name and
2. The e-mail address of the Data Subject.

The Data Controller shall forward the Data Subject’s personal data to third parties subject to the prior written consent of the Data Subject or if so required by the Data Controller’s relevant legal obligations.

IV. Rights and remedies of the Data Subject in relation to the processing of personal data

Rights

Withdrawal of consent

Data Subjects shall have the right to withdraw their consent to data processing anytime during the term of data processing. Such withdrawal shall, however, not affect the legitimacy of any data processing performed with the Data Subject’s consent prior to such withdrawal.

Access

Data Subjects shall have the right to receive feedback from the Data Controller whether their personal data is being processed and if so, then they shall have the right to access such personal data and also to be informed of the following:

a) The purpose of processing of personal data;
b) The categories of personal data involved;
c) The addressees or categories of addressees whom personal data was or will be disclosed to, including specifically those in third countries and international organisations;
d) The expected term of processing of personal data, if applicable, or if not, then the criteria of defining the length of such term;
e) A reference to the Data Subject’s right to request from the Processor the correction, deletion or limitation of processing of the Data Subject’s personal data and to object to the processing of such personal data;
f) A reference to the right to submit complaints to the supervisory authority;
g) If such personal data was not collected from the Data Subject, then all information regarding the source of such personal data.

Correction

The Data Subject shall be entitled to request that the Processor should rectify any inaccurate personal data pertaining to the Data Subject. Depending on the purpose of data processing the Data Subject shall have the right to request by way of, among others, a supplementary declaration, the addition of missing personal data.

Right to object

The Data Subject shall have the right to object, any time, to the processing of the Data Subject’s personal data based on the legitimate interests of the Processor. In these cases the Processor must not continue processing such personal data unless the Processor can prove that processing is necessitated by compelling and legitimate reasons that have priority over the Data Subject’s interests, rights and liberties, or that are in connection with the submission, enforcement or protection of legal claims.

Deletion and limitation

The Data Subject is entitled to request that the Processor should, without undue delay, delete personal data pertaining to the Data Subject and the Processor shall be obliged to delete, without any undue delay, the personal data pertaining to the Data Subject if any of the following reasons apply:

a) The personal data is no longer required for the purpose they were collected or otherwise processed;
b) The Data Subject withdraws their consent to the processing of their personal data and there is no other basis for processing;
c) The Data Subject objects to the processing of their data and there is no legitimate priority reason for data processing,
d) The personal data was were processed illegitimately;
e) The personal data must be deleted in order to comply with an obligation of the Processor set forth by EU or member state legal provisions;
f) The personal data was collected in connection with the offer of information society services directly to a child.

The above provisions shall not be applied if the processing is required for one of the following purposes:

• Exercising the right of freedom of expression and information;

• Compliance with EU or member state legislation applicable to the Processor and requiring the processing of personal data in the interest of the public or for the purpose of carrying out duties related to the public authority of the Processor;

• Archiving in the interest of the public, for the purposes of scientific or historical research or for statistical purposes, provided that the right to request deletion would presumably jeopardize or seriously risk such data processing;

• Putting forward, enforcing or protecting legal claims.

The Data Subject has the right to request that the Processor should limit processing the Data Subject’s personal data if any of the following requirements are met:

a) The Data Subject contests the accuracy of the personal data – in this case the limitation shall apply for a period that allows the Data Processor to check the accuracy of the personal data;
b) The processing is illegitimate and the Data Subject objects to deletion of the personal data and requests that its use is limited instead;
c) The Processor no longer needs the personal data for processing but the Data Subject requires that it is available for the purposes of submitting, enforcing or protecting legal claims; or
d) The Data Subject objected to the processing – in this case the limitation shall apply for the period until it is ascertained whether the Processor’s legitimate reasons have a priority over the legitimate reasons of the Data Subject.

In the event processing is subject to limitation then – apart from storage – affected personal data may only be processed subject to the consent of the Data Subject, for the purposes of submitting, enforcing or protecting legal claims or for the purpose of protecting other natural or legal persons’ rights or in the important interest of the public of the EU or a member state thereof.

The Processor shall notify the Data Subject upon whose request processing was limited about the lifting of the limitation of processing.

Portability of personal data

The Data Subject is entitled to receive personal data provided by the Data Subject to a data processor in a structured, commonly used, machine-readable format and also to transfer such data to another data processor without being obstructed to do so by the data processor to which the Data Subject had provided such personal data, provided that:

a) The data processing is based on a consent or a contract and
b) The data processing is performed in an automated manner.

While exercising the right to data portability the Data Subject shall have the right to request the direct transfer of the personal data between the data processors (provided this is physically possible).

We warn Data Subjects here that in case the personal data involved cannot be received by the target persons for technical reasons, then the right to portability of personal data cannot be exercised.

Legal remedies

In the event of a breach of the rules of personal data processing Data Subjects may seek legal remedy at the National Authority for Data Protection and Freedom of Information of Hungary (Nemzeti Adatvédelmi és Információszabadság Hatóság):

Name: Nemzeti Adatvédelmi és Információszabadság Hatóság
Seat: 1024 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, Pf.: 5.
Email: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu

Data Subjects may also seek legal remedy against the Data Controller or the Data Processors employed by the Data Controller at the competent court of their domicile or residence.

V. Miscellaneous

The present Privacy Policy shall enter into force on 25 May 2018