Effective Date: 1st of July, 2018
Last Modified Date: October 10, 2018
- The purpose of this Policy
As the User navigates through and interact with the Website, the Company may use automatic data collection technologies to collection certain information about the User’s equipment, browsing actions and patterns to improve the Website and to deliver a better and more personalized service. The Company hereby informs the Users about types of data the Company may collect from the User or what the User provide when he/she visits the Website, the Company’s principles and practices for data processing, the purpose of the data processing, the legal basis of data processing, the duration of data processing, the sources of the data process and the rights and enforcement of these rights of the Users.
The Company respects the individual rights of the Users, and the Company shall process the personal data on the basis of this Policy. The Company declares that the decisions on the purposes and means of processing are taken in Hungary in which case the legal regulations of Hungary are applicable, the Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter referred to as: ‘Act’), the Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as: ‘GDPR’), furthermore with the recommendation of the National Authority for Data Protection and Freedom of Information (hereinafter referred to as: ‘Authority’).
- The processed personal data and the purpose of the data processing
The Company may collect several types of information about the Users of the Website, including information
Information about the User’s computer or mobile device, the internet connection, including the User’s IP address, operating system, and browser type,
information the Users voluntarily supply to the Company by submitting information through the “Contact Us” form,
information collected through cookies.
The purpose of the data processing is to provide personalised services, to monitor and analyse trends, usage, and activities in connection with the Website and for marketing or advertising purposes, and to personalize the Website content, features or advertisements.
The following data of the User will be transmitted to a recommender system to analyse the data of the User and to provide suggestions for the User on the basis of his/her preferences: user ID, IP address, browser type, language settings, user agent, date of registration, location, user behaviour.
In all stages of data processing operation, the purpose of data processing is satisfied. The personal data is processed to the extent and for the duration necessary to achieve its purpose.
- Legal basis of data processing
The personal data is processed under the Section 5 Subsection (1) b) of the Act and under the Article 6 Point (1) a) of GDPR, when the data subject has given his/her consent.
The User will only access the Website if (1) he/she is at least 18-years old and (2) has reached the age of majority where he/she lives. The Company prohibits all persons who do not meet the age requirements from accessing the Website. Minors must not access the Website or use its services. The Company does not knowingly collect any information about children, minors, or anyone under the age of majority.
- The duration of data processing
The personal data shall be erased from the register of the Company, if the legal basis of data processing is not established. The User shall have the right to obtain the erasure of his/her personal data from the register of the Company at any time.
The Users shall have the right to request the erasure of personal data concerning him or her by sending a postal mail to the registered address of the Company or by electronic form. The Company shall erase the personal data without undue delay and in any event within 25 days of receipt of the request.
- The Data Controller and Data Processors
The Data Controller: SR LIMNATIS HOLDINGS LTD
Registered address: 2368 Nicosia Agios Dometios, Tsortsil street 6., Cyprus
Main establishment: 1011 Budapest, Szilágyi Dezső tér 1. 2. em., Hungary
Data Processor shall mean an operator that is engaged under contract in the processing of personal data on behalf of the Company:
The web server of the Website is operated by:
Magyar Telekom Nyrt. (Company reg. no.: 01-10-041928, registered seat: 1013 Budapest, Krisztina krt. 55.)
Gravity Research and Development Zrt. (Company reg. no.: 08-10-001848; registered seat: Bálint Mihály str. 64., H - 9025 Győr, Hungary; postal address: 1113 Budapest, Villányi út. 40/b, Hungary; tax no: HU23841901)
EXOCLICK, S.L. (NIF/VAT B-64355506, address: C/ Marina, 16-18, 08005, Barcelona, Spain) Traffic Stars Limited, Arch. Makariou III Avenue, 132, SAGRO BUILDING, 3021, Limassol, Cyprus Duodecad IT Services Luxembourg S.à r.l , 44 Avenue John F. Kennedy, 1855 Luxembourg
The Company may disclose the User’s personal information to comply with any court order, law, or legal process, including responding to any government or regulatory request.
- Data security requirement
The Company shall carry out data processing operations and select the technical devices to ensure full respect for the right to privacy of the User, and to protect the personal data from unauthorized access, to protect the accuracy of the data, and to protect the personal data from alteration, except the process of the Data Controller.
The Company shall take all necessary measures to ensure the computer system security, in particular, to protect the personal data from unauthorized access.
The Company shall process the personal data exclusively for the operation of the Website and for statistical purposes.
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Data Controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
(a) the pseudonymisation and encryption of personal data;
(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
(c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
(d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
- Information the Company Collects through Automatic Data Collection Technologies
As you navigate through and interact with the Website, the Company may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns.
The technologies the Company uses for this automatic data collection may include:
The types of cookies:
Also called a transient cookie, which is collected during the usage of the website and is erased automatically when the User closes the web browser. The session cookie is essential for the using and operating the Website. Session cookies do not collect information about the User by which the User could be identified.
Web Beacons. Pages of the Website (and the Company’s emails) may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages (or opened an email) and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity). If you want to learn more about web beacons, please visit www.allaboutcookies.org/web-beacons/ .
The Company does not collect personal information automatically, but it may tie this information to personal information about you that the Company collects from other sources or you provide to the Company.
The Company does not control third-party tracking technologies or how third parties’ use them. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.
- Social Networks and Third-Party Plug-ins
- Links to Other Websites
The Website contains links to other websites. Please be aware that the Company is not responsible for the content or privacy practices of those other websites. The Company encourages its customers to be aware when they leave the Website and to read the privacy statements of any other website that collects personally identifiable information.
- Blocking the Cookies
The User could control and block the cookies or web beacons on his/her browser. This depends on the type of browser but generally the User can block the cookies by clicking on the main ‘Menu’ button, then ‘Options’, under ‘Settings’ and then ‘Privacy’, where the User can set the type of tracking function which is blocked or allowed on his/her computer.
- Rights of the Users; Enforcement
Right of access
User shall have the right to obtain from the Data Controller the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed; the envisaged period for which the personal data will be stored; the rights of the User, the right to lodge a complaint with a supervisory authority. The User shall request the Company to provide information concerning the data processing at any time in writing or in electronic form. Data Controller should be obliged to respond to requests from the User without undue delay and at least within 25 days and to give reasons where the Data Controller does not intend to comply with any such requests. The Data Controller shall also inform the User of the possibilities for lodging a complaint with the Authority.
Right to rectification
User shall have the right to obtain from the Company without undue delay the rectification of inaccurate personal data concerning him or her. The Company shall rectify the data and should be obliged to respond to the requests from the User without undue delay and at the latest within 25 days in writing or in electronic form. If the Company does not take action on the request of the User, the Company shall inform the User without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with the Authority and seeking a judicial remedy.
Right to restriction of processing
User shall have the right to obtain from the Data Controller restriction of processing where one of the following applies:
(a) the accuracy of the personal data is contested by the User, for a period enabling the Data Controller to verify the accuracy of the personal data;
(b) the processing is unlawful and the User opposes the erasure of the personal data and requests the restriction of their use instead;
(c) the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the User for the establishment, exercise or defence of legal claims.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the User's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person.
The Company shall provide information on action taken on a request for rectification to the User without undue delay and in any event within one month of receipt of the request. If the Company does not take action on the request of the User, the Company shall inform the User without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with the Authority and seeking a judicial remedy.
Right to erasure
User shall have the right to obtain from the Data Controller the erasure of personal data concerning him or her without undue delay and the Data Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
(a) the personal data have been unlawfully processed;
(b) User withdraws consent on which the processing is based or requests the erasure of personal data, and where there is no other legal ground for the processing;
(c) the personal data have to be erased for compliance with a legal obligation in Union or or erasures is ordered by the Authority or by court;
(d) User objects to the processing and there are no overriding legitimate grounds for the processing.
The Company shall provide information on action taken on a request for erasure to the User without undue delay and in any event within one month of receipt of the request. If the Company does not take action on the request of the User, the Company shall inform the User without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with the Authority and seeking a judicial remedy.
In case of violation of his/her rights, User has the right to lodge a complaint with the Authority.
The supervisory authority:
National Authority for Data Protection and Freedom of Information
HUNGARY-1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Postal address: 1530 Budapest, Pf. 5.
Phone number: +36 -1-391-1400
Fax number: +36-1-391-1410
E-mail address: [email protected]
User is entitled to seek remedies in case of violation of his/her rights. The competent court is the regional court. The lawsuit could be brought – according to the choice of the User – before the court in the residence or the place of stay of the User.
- Personal Data Breach
In the case of a personal data breach, the Company shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the Authority, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the Authority is not made within 72 hours, it shall be accompanied by reasons for the delay.
When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Data Controller shall communicate the personal data breach to the User without undue delay.
The User is liable for any damage caused by the him or her during the use of the Website, or if the User provided third party data on the registration form. In such cases, the Company is entitled to enforce the damages from the User and the Company shall provide all necessary assistance to the competent authority in order to identify the violator.