Privacy Policy

ANETT SÁRI-NAGY’S MANAGEMENT RULES AND REGULATIONS
in force from 01 November 2023 until revoked

  1. Purpose and scope of the Prospectus

1./ The purpose of this Privacy Notice and Policy (hereinafter referred to as the “Notice”) is to set out the privacy policy of Sári-Nagy Anett (hereinafter referred to as: The purpose of this Policy and Information Notice is to define the legal regime for the use of the records/databases kept by Sári-Nagy Anett(hereinafter referred to as the “Data Controller”), to ensure the application of the constitutional principles of data protection, the right to information self-determination and the requirements of data security, and to ensure that, within the framework of the law, everyone has access to his/her personal data, can understand the circumstances of their processing, and to prevent unauthorized access, alteration and unauthorized disclosure of data. In other respects, this Notice is intended to provide information to data subjects on the data management practices of the Data Controller.

2./ The Data Controller undertakes to comply with the provisions of this Notice. Acceptance of this Notice is a prerequisite for contacting the Data Controller or using the services provided by the Data Controller.

The Data Controller shall take all technical and organizational measures to process the personal data of its partners in a secure manner as required by Regulation (EU) 2016/679 of the European Parliament and of the Council.

3./ The personal scope of this Privacy Notice extends to the Contractor and to the natural persons whose data are included in the processing covered by this Notice, as well as to persons whose rights or legitimate interests are affected by the processing.

The scope of this Notice covers all processing of data that occurs in the course of the entrepreneur’s activities on the website.

Anett Sári-Nagy’s privacy policy in relation to her data processing is available on the website of the individual entrepreneur.

4./ The Data Controller reserves the right to change the Information. In such a case, the Data Controller undertakes to publish the amended Notice.

5./ This Policy shall enter into force on the date of approval and shall remain in force indefinitely until further notice.

  1. Data controller’s data: 

1./ The current data of the Data Controller are the following:

Contractor name: Sári-Nagy Anett

Registered office: 5350 Tiszafüred, Malom út 15/A.

Registration number:

Tax number: 57279071-1-37

Phone number: 0630/856-7091

E-mail address: info@sposafiorente.hu

III. Key definitions: 

Personal data: any information relating to an identified or identifiable natural person.

Data processing: any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction or destruction.

Controller: a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.

Third party: a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Data breach: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

  1. Lawful processing by the trader:

Personal data will be processed by the sole trader only in the following cases:

  1. where the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes
  2. processing is necessary for the performance of a contract to which the data subject is a party
  3. processing is necessary for compliance with a legal obligation to which the controller is subject
  4. processing is necessary for the protection of the vital interests of the data subject or of another natural person
  5. processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party

The entrepreneur examines the lawfulness of data processing at all stages of its activities, and only processes data for which it can justify the purpose and legal basis. In the event that the conditions of a legal basis cease to apply, the processing may only be resumed if the Contractor can demonstrate an adequate alternative legal basis.

As a general rule, the way of proving the legal basis is in writing, but even in the case of a legal basis created by implied conduct, it must be examined whether it can be clearly proved ex post . In case of doubt, for reasons of reasonableness and economy, written confirmation of the imputability should be sought.

In the case of consent-based processing, the data subject gives his or her written consent to the processing of his or her personal data. Consent is not formally required, but subsequent evidence requires written consent on paper or in electronic form.

Processing based on a legal basis to fulfill a legal obligation is independent of the data subject’s consent, as the processing is defined by law.

Irrespective of the mandatory nature of the processing, the private individual concerned must be informed before the processing starts that the processing is mandatory and cannot be avoided, and must be provided with clear and detailed information on all relevant facts concerning the processing of his or her data before the processing starts.

According to the GDPR (General Data Protection Regulation), personal data may also be processed if the processing is necessary for the performance of a contract to which the individual concerned is a party or if the processing is necessary for the purposes of taking steps at the request of the data subject prior to entering into a contract. The contractor may process personal data for the purposes of the conclusion, performance or termination of the contract on the basis of the legal basis for performance of the contract.

  1. Data processors connected to the self-employed person:

Where processing is carried out on behalf of the Contractor, the Contractor may only use processors that provide adequate guarantees of compliance with the requirements of the General Data Protection Regulation or implement appropriate technical and organizational measures to ensure the protection of the rights of data subjects.

The individual entrepreneur hereby declares that in the course of his work he will only deal with data processors who have sufficient guarantees of compliance with the GDPR and of the implementation of appropriate technical and organizational measures to ensure the protection of the rights of data subjects. The relevant declarations of the data processors are available to you.

  1. The web hosting is provided by RACKFOREST KFT.

The hosting provider details are as follows:

Name:
Registered office: 1132 Budapest,
Victor Hugo u. 18-22.

Company registration number: 01-09-914549
Tax number: 14671858-2-41
Telephone number: +36 70 362 4785
E-mail address: info@rackforest.com
Website: www.rackforest.com

The privacy policy of the hosting provider is available at: https://rackforest.com/wp-content/uploads/2020/04/adatkezelesi-szabalyzat-2020-kls-1.pdf

  1. Data processors’ details
    The Data Controller uses external data processors to perform certain tasks.

a.) Receive and send emails to RACKFOREST Kft. 1132 Budapest,
Victor Hugo u. 18-22.

  • The Processor’s Privacy Notice is available below:

https://rackforest.com/wp-content/uploads/2020/04/adatkezelesi-szabalyzat-2020-kls-1.pdf

  • The data processor is used to access the correspondence and the data contained therein.

b.) Appearance and communication on social networking sites (Facebook and Instagram): Facebook Inc., Menlo Park, California, USA

  • The Processor’s Privacy Notice is available at: https://www.facebook.com/about/privacy/update
  • https://help.instagram.com/519522125107875
  • The processing of data is done in order to access the name, comment and other reactions of the data subject and to send messages through the social networking site.

c.) Settlement of the consideration for the products:

  • PayPal payments: when processing payments, the Data Controller transfers part of the data to PayPal, including data necessary for processing the payment, such as the total amount of the purchase and billing information. The Processor’s Privacy Notice is available at https://www.paypal.com/us/webapps/mpp/ua/privacy-full.
  • Payment by bank card: when processing payments, the Data Controller transfers part of the data to Barion Payment Zrt., including those necessary for processing the payment, such as the total amount of the purchase and billing information. The Data Processor’s Privacy Policy is available at: https://www.barion.com/hu/adatvedelmi-tajekoztato/
  1. The Data Controller also informs the data subjects that the html code of the website operated by the Data Controller may contain links from and to an external server for the purposes of web analytics measurements. The measurement also includes tracking of conversions. The web analytics provider does not process personal data, only browsing-related data that cannot be used to identify individuals.

The user can delete the use of so-called cookies from his/her computer or prohibit their use in his/her browser. These options vary depending on the browser, but are usually available under Settings / Privacy.

We distinguish between the following basic cookies on the website:
Strictly necessary session cookies:
The purpose of these cookies is to allow visitors to browse the website, use its features and services fully and smoothly. This type of cookie is valid until the end of the session (browsing) and is automatically deleted from the computer or other browsing device when the browser is closed.

The data subject’s choice regarding the cookie:
Web browser cookies:
In the browser settings, the data subject can accept or reject new cookies and delete existing cookies. You can also set your browser to notify you each time a new cookie is placed on your computer or other device. For more information on how to manage cookies, please see the “help” function of your browser.
If you choose to disable some or all cookies, you may not be able to use all the features of this website.

Third party cookies (analytics):
The sole trader’s website also uses Google Analytics as a third party cookie. Using Google Analytics, a web analytics service for statistical purposes, the sole trader collects information about how visitors use the website. The data is used to improve the website and the user experience. These cookies will also remain on the visitor’s computer or other browsing device, their browser until they expire or until they are deleted by the visitor.

In the context of Google Analytics, the IP address transmitted by the visitor’s browser is not merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

In addition, the visitor can prevent the collection of data (including his IP address) generated by cookies and relating to the use of the website by the visitor and the processing of this data by Google by downloading and installing the browser plug-in under the link below.

The current link is http://www.google.com/policies/privacy/ads/.

The contracted data processing and data management partners process the personal data of the partners only on the basis of instructions given by the sole trader (except in the case of legal requirements) and under the obligation of confidentiality.

  1. Processing of children’s data:

The data subject declares that he or she is over 16 years of age in relation to the use of the customer contact forms on the website of the entrepreneur. A person under 16 years of age may not use the contact forms on the website of the Contractor, given that, pursuant to Article 8(1) of the GDPR, the validity of his/her declaration of consent to data processing requires the consent of his/her legal representative. The self-employed person is not in a position to verify the age and eligibility of the person giving his/her consent, so the data subject guarantees that the data he/she has provided is accurate.

VII. website of Anett Sári-Nagy: 

The Data Controller presents its activities to interested parties on its website. The website provides visitors with information about the services of the entrepreneur and contact details.

Website of the Data Controller: https://sposafiorente.hu/

VIII. Scope of personal data processed, purpose, duration and legal basis of the processing 

1./ The Data Controller carries out its processing on the basis of the voluntary consent of the data subjects or on the basis of a legal authorisation. In the case of voluntary consent, the data subject may at any time request information about the scope of the data processed and the way in which it is used, and may withdraw his or her consent, except in specific cases where the processing is continued on the basis of a legal obligation (in such cases, the Controller shall provide the data subject with information about the further processing of the data).

2./ Data subjects are obliged to provide all their data to the best of their knowledge and accurately, as recorded on a personal identification document.

3./ If the data subject does not provide his/her own personal data, the data subject is obliged to obtain the consent of the data subject.

4./ For persons under 18 years of age, the processing of personal data is subject to the involvement of a legal representative. A legal representative acts on behalf of a child under 14 years of age. For persons over the age of 14 but under the age of 18, the legal representative’s consent is required for the declaration to be valid.

Under the GDPR Regulation, the processing of personal data of persons under 13 years of age is not lawful in relation to information society services offered directly to children.

  1. Data processing related to certain activities of the Data Controller:

Personal data published in the “What my customers have said” section of the website:
Some of the previous customers’ opinions are included on the website. The full names and opinions of the customers mentioned on the website have been provided with the customer’s consent.

  1. Facebook and Instagram pages of Anett Sári-Nagy:

Facebook page of Anett Sári-Nagy:

https://www.facebook.com/Vivane-wedding-accessories-104543191463093

The Data Controller also operates a Facebook page, where personal data is also processed. The Entrepreneur also promotes its activities on Facebook, which is used by the Entrepreneur for marketing purposes.

The entrepreneur also offers extensive personal support via Facebook. If you ask her a question via Facebook, she will try to answer it as soon as possible. The data obtained on Facebook will be used exclusively to answer the enquirer’s question and will not be used for any other advertising purposes.

The entrepreneur hereby informs its followers that Facebook may also use the data for its own purposes, including profiling the data subject and targeting him/her with other advertising.

To contact the contractor via Facebook, you must be logged in. To do this, Facebook may also request, store and process personal data. The sole trader has no control over the type, scope and processing of this data. The Data Controller does not receive personal data from the operator of Facebook. You can find more information on this on the Facebook page.

The entrepreneur processes the personal data of the followers of the Facebook page according to their consent, the consent is considered as given by the fact that the person likes, follows or comments on his/her pages, posts.

The entrepreneur can also be found on Instagram with the following profile:

https://www.instagram.com/vivaneeskuvoikiegeszitok/

Personal data of followers is processed on the Instagram page. The data is processed on the basis of the consent given by the follower.

  1. Security of data processing:

Sári-Nagy Anett commits to ensure the security of the data, to take technical and organizational measures and to maintain procedural rules to ensure that the data collected, stored and processed are protected and to prevent their destruction, unauthorized use and unauthorized alteration. She also undertakes to require any third party to whom it transfers or discloses the data to comply with the requirements of data security.

Anett Sári-Nagy ensures that the processed data may not be accessed, disclosed, transmitted, modified or deleted by unauthorized persons. The processed data may only be known by the entrepreneur and the data processor(s) used by her, and shall not be disclosed to third parties not entitled to know the data.

Anett Sári-Nagy takes great care to ensure the security of the personal data of her partners and clients. She acts in full compliance with the legal provisions and requires the same from all her partners. Personal data protection includes physical data protection (storage of documents in a lockable room) as well as IT protection.

The Contractor shall store the personal data provided by the data subject primarily on the servers of the data processor(s) specified in this Privacy Notice, equipped with the usual protection systems, and partly on its own IT equipment, in case of paper data carriers, at its headquarters, in an appropriately locked manner.

The data subjects acknowledge and accept that, if they provide their personal data, the data protection cannot be fully guaranteed on the Internet and in the computer system. In the event of unauthorizedaccess or disclosure, despite the efforts of the controller, it is necessary to proceed as described in this notice.

XII. Handling of complaints about the contractor’s activities: 

In this case, the purpose of data processing is to enable the communication of the complaint, to identify the data subject and his/her complaint, to record the data required by law, to investigate the complaint and to contact the data subject in connection with its resolution.
The lodging of a complaint is based on voluntary consent, but in the case of a complaint, the handling of the complaint and thus the processing of personal data is mandatory under Act CLV of 1997 on Consumer Protection.

The Contractor will keep the record of the complaint and a copy of the reply for 5 years, and will also process the personal data for this period.

XIII. Rights of data subjects: 

1./ The data subject may at any time request information in writing from the Data Controller about the processing of his/her personal data, may indicate his/her wish to erase or amend the data, and may withdraw his/her consent previously given at the contact details provided in point II./1.

2./ The data subject may not exercise his/her right to erasure in the case of processing required by law.

3./ Content of the right to information:

At the request of the data subject, the controller shall provide the data subject with the information listed in Articles 13 and 14 of the GDPR and the information referred to in Articles 15 to 22 and Article 34 of the GDPR in a concise and plain language.

4./ Content of the right of access:

At the request of the data subject, the Data Controller shall provide information on whether or not data processing relating to him or her is in progress at the Data Controller. Where the Controller is processing data relating to the applicant, the data subject shall have the right of access to:

  • Personal data concerning him or her
  • the purpose(s) of the processing
  • the categories of personal data concerned
  • the persons to whom the data subject’s data have been or will be disclosed
  • the duration of data storage
  • the right to rectification, erasure and restriction of processing
  • the right to apply to a court or supervisory authority
  • the source of the data processed
  • profiling and/or automated decision making, details of its use and practical implications
  • the transfer of processed data to a third country or international organization.

In the event of a request for data as described above, the Data Controller shall provide the data subject with a copy (photocopy) of the data processed by the Data Controller in accordance with the request. Upon specific request, it is possible to request the Controller to deliver the data by electronic means. These means of execution of the data request are free of charge.

The Data Controller charges an administration fee of HUF 500,- per page for each additional copy. If the data subject requests data on a CD or DVD, the Data Controller shall charge an administration fee of HUF 1 500.

The Data Communicator may, at its individual discretion, deviate from point 4./ for the benefit of the Client. The deadline for providing the requested data is 30 days from the date of receipt of the request.

5./ Right to rectification:
The data subject may request the rectification of inaccurate data relating to him/her processed by the Controller.

6./ Right to erasure:

If any of the following grounds apply, the Data Controller shall, at the request of the data subject, delete the data relating to the data subject as soon as possible, but not later than 5 working days:

  • The data has been processed unlawfully (without legal authorisation or personal consent)
  • the processing is unnecessary for the achievement of the original purpose
  • the data subject withdraws his or her consent to the processing and the Controller has no other legal basis for the processing
  • the collection of the data in question by information society services

took place in connection with the offer of personal data in accordance with the legal obligations applicable to the Data Controller must be deleted in order to be fulfilled.

The erasure of data will not be possible if the processing is still necessary for any of the following:

  • Further processing is necessary to comply with the legal requirements applicable to the Data Controller
  • necessary for the exercise of the right to freedom of expression and information
  • in the public interest
  • for archiving, scientific, research or statistical purposes
  • to assert or defend legal claims

 

7./ Right to restriction of processing:

 

Where any of the following grounds apply, the Data Controller shall restrict the processing at the request of the data subject:

  • The data subject contests the accuracy of the data relating to him or her, in which case the restriction shall apply for the period of time until the accuracy or correctness of the data in question can be verified to the satisfaction of the data subject.
  • the processing is unlawful, but the data subject requests that it not be erased, but only that the processing be restricted
  • the data is no longer necessary for the purposes of processing, but the data subject requests their retention for the purpose of exercising or defending legal claims

Where the Controller imposes a restriction on any data processed, it shall process the data concerned during the period of the restriction only if and to the extent that:

  • The data subject consents to this
  • necessary to assert or defend legal claims
  • necessary to assert or defend the rights of another person
  • necessary for the protection of the public interest.

8./ Right of withdrawal:

The data subject has the right to withdraw his or her consent to the Data Controller at any time, in writing. In the event of such a request, the Controller shall immediately and permanently erase all data which it has processed in relation to the data subject and the further storage of which is not required by law or is not necessary for the purposes of its enforcement or defense. The lawfulness of the processing carried out until the withdrawal of consent shall not be affected by such withdrawal.

9./ The right to data retention:

The data subject shall have the right to request the transfer of data relating to him or her by the controller to another controller in a commonly used format readable by computer software. The Data Controller shall comply with the request as soon as possible and in any event within 30 days.

10./ Right to object:

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to the processing of his or her personal data, as provided for in Article 21 of Regulation (EU) 2016/679 of the European Parliament and of the Council.

11./ Automated decision-making and profiling:

The data subject has the right not to be subject to a decision based solely on automated processing (such as profiling) which would have legal effects concerning him or her or otherwise adversely affect him or her. This right shall not apply if:

  • processing is necessary for the conclusion or performance of a contract between the data subject and the controller
  • the data subject explicitly consents to the use of such a procedure
  • the use of which is authorized by law
  • necessary to assert or defend legal claims.

Anett Sári-Nagy undertakes to inform all recipients of requests sent to her in connection with the above rights to whom she has disclosed the personal data, unless this proves impossible. She also undertakes to notify the data subject (applicant) of the decision on the processing of the above requests within 30 days at the latest.

XIV. Contact us 

The e-mail received in the course of contacting the Data Controller regarding the complaint and its content (in particular the name, address, date, attachments of the sender), as well as the minutes and reply letter recorded on the basis of the e-mail, will be stored for 5 years and then deleted by the Data Controller. Otherwise, the Data Controller shall store the correspondence until the purpose is fulfilled.

  1. How the data is stored and secured

1./ The Data Controller shall keep the data processed – both in paper and electronic form – at its headquarters.

2./ Exceptions to point 1./ are data stored by the Data Controller’s processors, which are kept at the data processors’ headquarters.

3./ The Data Controller uses an IT system for its operations which ensures that the data is:

  • verifiable (data integrity)
  • authentic (authenticity of data processing)
  • accessible to those who are entitled to them (availability)
  • protected against unauthorized access (data confidentiality)

4./ Data protection covers in particular:

  • unauthorized access
  • change
  • transmission to
  • deletion
  • disclosure
  • accidental damage
  • accidental destruction
  • inaccessibility due to changes in the technology used

5./ The Data Controller shall use state of the art solutions providing an adequate level of security to protect the electronically processed data. When assessing adequacy, particular emphasis shall be placed on the level of risk involved in the processing of the data by the Data Controller. IT security shall ensure that the data stored cannot be directly attributed or linked to data subjects (unless permitted by law).

6./ The Data Controller shall ensure in its processing that:

  • the authorized person can access the data when they need it
  • only those who are authorized to access the information
  • the accuracy and completeness of the information and the processing method are protected

7./ The Data Controller and any data processors it may use shall at all times protect its IT systems against fraud, espionage, viruses, intrusions, damage and natural disasters. The Data Controller (or its processor) shall apply server-level and application-level security procedures.

8./ Messages transmitted to the Data Controller via the Internet, in whatever form, are highly vulnerable to network threats that could lead to modification of information, access by unauthorized persons, or other illegal activities. However, the Data Controller will do everything reasonably practicable and reasonable in the state of the art to prevent such threats. To this end, the systems in place are monitored to record security anomalies, to obtain evidence of a security incident and to verify the effectiveness of the precautions taken.

XVI. Rules of Procedure 

1./ If the Data Controller receives a request pursuant to Articles 15-22 of the GDPR, the Data Controller shall inform the data subject in writing of the action taken on the request as soon as possible and in any event within 30 days.

2./ Where justified by the complexity of the request or other objective circumstances, the above deadline may be extended once, up to a maximum of 60 days. The Data Controller shall notify the data subject in writing of the extension of the time limit, together with the reasons for the extension.

3./ The Data Controller shall provide the information free of charge, unless:

  • the data subject repeatedly requests information/action on substantially unchanged content
  • the request is clearly unfounded
  • the request is excessive

4./ In cases under point 3./, the Data Controller is entitled to:

  • refuse the application
  • to make the execution of the request subject to the payment of a reasonable fee

5./ If the applicant requests the data to be provided on paper or electronically (by email), the Data Controller shall provide a copy of the data concerned free of charge in the requested manner (unless the chosen platform would present a disproportionate technical difficulty).

The Data Controller charges an administration fee of HUF 500  per page or per e-mail for each additional copy. If the data subject requests data on a CD or DVD, the Data Controller shall charge an administration fee of HUF 1,500 , unless it is not possible to fulfill the data request in any other way.

6./ The Data Controller may, at its individual discretion, deviate from the provisions of point 5 for the benefit of the data subject.

7./ The Data Controller shall inform all persons to whom the data concerned was previously disclosed of any rectification, erasure or restriction carried out by the Data Controller, unless such information is impossible or involves a disproportionate effort.

8./ If the data subject so requests, the Data Controller shall inform him/her of the persons to whom his/her data has been disclosed.

9./ The Data Controller shall provide its response to the request in electronic form, unless:

  • the data subject explicitly requests a different response and this does not impose an unreasonably high additional burden on the controller
  • the Data Controller does not know the electronic contact details of the data subject

XVII Data Protection Incident 

A personal data breach is a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Examples of data breaches include:

  • the unlawful transmission of personal data on a document, portable device, storage medium or computer system (e.g. by mail)
  • unauthorized access to a computer system or application that processes personal data
  • damage to or loss of part or all of a database containing personal data
  • part or all of an IT system rendered unusable by a virus or other malicious software, etc.

In the event of a potential data breach (unless the data breach is unlikely to pose a risk to the rights and freedoms of natural persons), the individual entrepreneur shall immediately notify the National Authority for Data Protection and Freedom of Information. As soon as the personal data breach comes to the attention of the entrepreneur, he/she shall notify it without undue delay and, if possible, no later than 72 hours after the personal data breach has come to his/her attention. If the notification cannot be made within 72 hours, the notification shall state the reason for the delay and shall provide the required information in detail without further undue delay.

The National Authority for Data Protection and Freedom of Information operates a dedicated system on its website for the notification of data breaches, through which notifications can be made electronically.

If the data breach is likely to pose a high risk to the rights and freedoms of the contractor’s partners and customers, we will inform the affected partner without delay.

XVIII Information on the relevant legislation: 

  • Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Info. tv.)
  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation, GDPR)
  • Act CVIII of 2001 on certain aspects of electronic commerce services and information society services (hereinafter: Eker. tv.)
  • Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activities (hereinafter: Act XLVIII.)
  • Act V of 2013 – on the Civil Code (Civil Code)
  • Act CXXX of 2016 on the Code of Civil Procedure (hereinafter referred to as the “Code”)
  • Act C of 2000 on Accounting (Accounting Act)

XIX. Remedies 

1./ If the data subject considers that his or her rights have been infringed by the Data Controller and/or the processors, he or she has the right to apply to the competent court according to the Civil Code.

2./ The data subject may also address his/her complaint to the Data Protection Authority, whose contact details are:

Name: National Authority for Data Protection and Freedom of Information (NAIH) Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C
Phone: +36 1 391 1400
E-mail: ugyfelszolgalat@naih.hu

Website: www.naih.hu

  1.  

1./ Anett Sári-Nagy hereby informs her clients that the court, the prosecutor, the investigating authority, the administrative authority, the National Authority for Data Protection and Freedom of Information, the Hungarian National Bank, or other bodies authorized by law may contact the data controller to provide information, to disclose or transfer data, or to provide documents.

2./ The Data Controller shall only disclose data in the cases referred to in point 1./ which are strictly necessary for the purpose stated by the requesting authority.

XXI. Other provisions: 

The Contractor shall provide information on data processing not listed in this information notice at the time of recording the data. In such cases, the provisions of the applicable legislation shall prevail.

The website of the Data Protection Authority contains further information on the data protection rights referred to in this Privacy Notice.

Cd: Tiszafüred, 01 November 2023.