PRIVACY POLICY

Introduction

A/Az ANK International Limited Liability Company (1118 Budapest XI. district, Povl Bang-Jensen utca 2. C. building. 2nd floor. 4th floor. 3rd door, tax number: 32562880-2-43 , company registration number/registration number : 01-09-430796 ) (hereinafter: Service provider, data controller) is subject to the following regulations:

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL On the protection of natural persons with regard to the processing of personal data and on the free flow of such data and on the repeal of Regulation 95/46/EC (General Data Protection Regulation) (April 2016) 27.), we provide the following information.

This data protection policy regulates the data management of the following websites/mobile applications: https://ankaofficial.com, https://ankaofficial.hu

The data protection policy is available from the following page: https://ankaofficial.hu/adatkezelesi-tajekoztato/

Amendments to the regulations will come into effect upon publication at the above address.

The data controller and its contact details

Name: ANK International Limited Liability Company

Headquarters: 1118 Budapest XI. district, Povl Bang-Jensen Street 2. Building C. 2nd house. 4th em. 3rd door

Email: hello@ankaofficial.hu

Telephone: +36/30-730-52-84

Concept definitions

" personal data ": any information relating to an identified or identifiable natural person ("data subject"); a natural person who can be identified directly or indirectly, in particular on the basis of an identifier such as a name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable;
" data management ": any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or otherwise by making available, coordinating or connecting, limiting, deleting or destroying;
" data controller ": the natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others; if the purposes and means of data management are determined by EU or member state law, the data controller or the special aspects regarding the designation of the data controller may also be determined by EU or member state law;
" data processor ": the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller;
" recipient ": the natural or legal person, public authority, agency or any other body to whom or to which the personal data is communicated, regardless of whether it is a third party. Public authorities that have access to personal data in accordance with EU or Member State law in the context of an individual investigation are not considered recipients; the management of said data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of data management;
" consent of the data subject ": the voluntary, specific and clear declaration of the will of the data subject based on adequate information, with which the data subject indicates by means of a statement or an unmistakable act of confirmation that he gives his consent to the processing of personal data concerning him;
" data protection incident ": a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise handled.

Principles for handling personal data

Personal data:

its handling must be carried out legally and fairly, as well as in a transparent manner for the data subject (" legality, fair procedure and transparency ");
be collected only for specific, clear and legitimate purposes, and they should not be handled in a way that is incompatible with these purposes; in accordance with Article 89 (1), further data processing for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes is not considered incompatible with the original purpose (" purpose limitation ");
they must be appropriate and relevant in terms of the purposes of data management and must be limited to what is necessary (" data economy ");
they must be accurate and, where necessary, up-to-date; all reasonable measures must be taken to promptly delete or correct personal data that is inaccurate for the purposes of data processing (" accuracy ");
its storage must take place in a form that allows the identification of the data subjects only for the time necessary to achieve the goals of personal data management; personal data may be stored for a longer period only if the personal data will be processed in accordance with Article 89 (1) for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, the rights of the data subjects and subject to the implementation of appropriate technical and organizational measures required to protect your freedoms (“ limited storage capacity ”);
must be handled in such a way that adequate security of personal data is ensured through the application of appropriate technical or organizational measures, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage of data (" integrity and confidentiality ").

The data controller is responsible for compliance with the above, and must also be able to prove this compliance (" accountability ").

The data controller declares that its data management is carried out in accordance with the basic principles contained in this point.

Data management related to the operation of the online store / the use of services

1. The fact of data collection, the scope of the processed data and that purpose of data management :

Personal data	Purpose of data management	Legal basis
Username	Identification, enabling registration.	Article 6 (1) point a) of the GDPR.
Password	It is used for secure access to the user account.	Article 6 (1) point a) of the GDPR.
Surname and first name	It is necessary for making contact, making purchases, issuing regular invoices, and exercising the right of withdrawal.	Article 6 (1) point b) of the GDPR.
E-mail address	Keeping in touch.
Phone number	Keeping in touch, more effectively negotiating questions related to invoicing or delivery.
Billing name and address	Issuing the regular invoice, as well as creating the contract, defining its content, amending it, monitoring its performance, invoicing the resulting fees, and asserting related claims.	Article 6, paragraph 1, point c). The legal obligation is § 169 (2) of Act C of 2000 on accounting)
Shipping name and address	Enabling home delivery.	Article 6 (1) point b) of the GDPR.
Date of purchase/registration	Execution of a technical operation.	Elker TV. 13/A. (3) of §
The IP address at the time of purchase/registration	Execution of a technical operation.	Elker TV. 13/A. (3) of §

2. Scope of stakeholders: All stakeholders registered/purchased on the webshop website. Neither the username nor the e-mail address is required to contain personal data.

3. Duration of data management, deadline for data deletion: If one of the conditions set out in Article 17 (1) of the GDPR exists, it lasts until the data subject's request for deletion. Based on Article 19 of the GDPR, the data controller informs the data subject electronically of the deletion of any personal data provided by the data subject. If the data subject's deletion request also covers the e-mail address he/she has provided, the data controller will also delete the e-mail address after the information has been provided. Except in the case of accounting documents, as these data must be kept for 8 years based on § 169 (2) of Act C of 2000 on accounting. The data subject's contractual data can be deleted after the expiration of the civil law limitation period based on the deletion request of the data subject.

The accounting documents directly and indirectly supporting the bookkeeping (including ledger accounts, analytical and detailed records) must be kept in legible form for at least 8 years, in a way that can be retrieved by reference to the accounting records.

4. The person of the possible data controllers entitled to access the data, the recipients of the personal data : The personal data can be processed by the data controller, as well as by its employees authorized to do so, in compliance with the above principles.

5. Description of the rights of data subjects related to data management :

The data subject may request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and
the data subject has the right to data portability and to withdraw consent at any time.

6. For personal data The data subject can initiate access to , their deletion, modification or restriction of processing, data portability in the following ways :

by post to 1118 Budapest XI. district, Povl Bang-Jensen Street 2. Building C. 2nd house. 4th em. at door 3,
via email at hello@ankaofficial.hu ,
by phone at +36/30-730-52-84.

7. Legal basis for data management :

1. Article 6 (1) point b) of the GDPR,

2. CVIII of 2001 on certain issues of electronic commercial services and services related to the information society. Act (hereinafter: Elker Law) 13/A. Section (3):

For the purpose of providing the service, the service provider may process the personal data that is technically absolutely necessary for the provision of the service. If the other conditions are the same, the service provider must choose and in any case operate the tools used in the provision of services related to the information society in such a way that personal data is only processed if this is absolutely necessary for the provision of the service and the fulfillment of other objectives defined in this law necessary, but also in this case only to the extent and for the necessary time.

3. In the case of issuing invoices in accordance with accounting legislation, point c) of Article 6 (1).

4. In case of enforcement of claims arising from the contract, Act V of 2013 on the Civil Code 6:22. according to § 5 years.

6:22 a.m. § [Prescription]

(1) If this law does not provide otherwise, claims become time-barred within five years.

(2) The statute of limitations begins when the claim becomes due.

(3) The agreement to change the limitation period must be in writing.

(4) An agreement excluding the limitation period is void.

8. We inform you that

data management is necessary for the performance of the contract and the submission of an offer .
obliged provide personal data so that we can fulfill your order.
failure to provide data with the with consequence We are unable to process your order.

Data processors and recipients used

Transport

1. Activity provided by data processor: Delivery of products, transport

2. Name and contact information of data processor:

GLS General Logistics Systems Hungary Csomag-Logisztikai Kft. 2351 Alsónémedi, Európa u. 2. info@gls-hungary.com Phone number: +36 1 802 0265

FoxPost Zrt.
3300 Eger, Maklári út 119.
Telephone: 06-1-999-0-369
Location: 1097 Budapest, Könyves Kálmán körút 12-14.
E-mail: info@foxpost.hu

Boxy Ltd.

1036 Budapest

48-66 Lajos Street. C. intact.

ugyfelszolgalat@boxygroup.hu

Fürgefutár.hu

limited liability company

Headquarters: 1027 Budapest, Horvát utca 14-26.

DHL Express Magyarország Kft. 1097 Budapest, Fehérakác utca 3. Data management information: http://www.dhl.hu/hu/jogi_informaciok.html#privacy Phone: +36 1 2 45 45 45

GLS General Logistics Systems Hungary Csomag-Logisztikai Kft.
2351 Alsónémedi, Europa u. 2.
info@gls-hungary.com
Phone number: 06-29-88-66-94

FoxPost Zrt.
3300 Eger, Maklári út 119.
Telephone: 06-1-999-0-369
Location: 1097 Budapest, Könyves Kálmán körút 12-14.
E-mail: info@foxpost.hu

3. The fact of the data management, the scope of the managed data: Delivery name, delivery address, telephone number, e-mail address.

4. Scope of stakeholders: All stakeholders requesting home delivery.

5. Purpose of data management: Delivery of the ordered product to your home.

6. Duration of data management, deadline for deleting data: It lasts until the home delivery is completed.

7. Legal basis for data processing: Article 6, paragraph 1, point b).

Hosting provider

1. Activity provided by data processor: Storage service

2. Name and contact information of data processor:

Shopify International Limited

2nd Floor 1-2 Victoria Buildings Haddington Road Dublin 4, D04 XN32, Ireland.

info@shopify.com

3. The fact of the data management, the scope of the managed data: All personal data provided by the data subject.

4. Scope of stakeholders: All stakeholders using the website.

5. Purpose of data management: Making the website available and operating it properly.

6. Duration of data management, deadline for data deletion: Between the data manager and the hosting provider
it lasts until the termination of the agreement or until the data subject sends a cancellation request to the hosting provider
data handling.

7. Legal basis for data processing: point b) of Article 6 (1).

Other data processors (if any)

RM 1 Bt. 7400 Kaposvár, Petőfi utca 47. 3.

Billingo Technologies Zrt. 1133 Budapest Árbóc utca 6. I. floor hello@billingo.hu

ADDRESSES WITH WHOM PERSONAL DATA IS COMMUNICATED (DATA TRANSFER):

Online payment

1. Activity provided by the Recipient: Online payment

2. Recipient name and contact information:

Stripe Inc.
web: https://stripe.com email: support@stripe.com.
Headquarters 185 Berry Street Suite 550. San Francisco, CA 94107

3. The fact of the data management, the scope of the managed data: Billing data, name, e-mail address

4. Scope of stakeholders: All stakeholders who choose to pay on the website.

5. Purpose of data management: Online payment processing, transaction confirmation and users
fraud-monitoring for the protection of

6. Duration of data management, data deletion deadline: It lasts until the online payment is completed.

7. Legal basis for data processing: Article 6, paragraph 1, point b) of the GDPR. Data management at the request of the data subject
is required to complete the online payment.

8. Rights of the data subject:

the. You can find out about the conditions of data management,
b. You are entitled to receive feedback from the data controller regarding the handling of your personal data
is in progress, and can you access all information related to data management.
c. You are entitled to have your personal data segmented, widely used, and machine-readable
format.
d. You are entitled to have the data controller correct the inaccuracy without undue delay upon your request
your personal data.

Management of cookies

1. The so-called "cookie used for a password-protected session", "shopping cart cookies", "security cookies", "necessary cookies", "functional cookies" and "cookies responsible for managing website statistics" k" does not require prior consent from the data subjects.

2. The fact of the data management, the scope of the managed data: Unique identification number, dates, times

3. Scope of stakeholders: All stakeholders visiting the website.

4. Purpose of data management: Identification of users, monitoring of visitors, ensuring customized operation.

5. Duration of data management, deadline for data deletion:

Cookie type

Legal basis for data management

Data handling

duration

Session cookies or other cookies that are absolutely necessary for the operation of the website

Data management is not performed using cookies.

The period until the relevant visitor session is closed, so it remains on the computer only until the browser is closed.

Statistical and marketing cookies

Article 6 (1) point a) of the GDPR

1 month - 2 years

6. The person of the possible data controllers authorized to see the data: The data controller can see the personal data.

7. Description of the data processing rights of data subjects: The data subject has the option to delete cookies in the Tools/Settings menu of browsers, usually under the settings of the Data Protection menu item.

8. Most browsers used by our users allow you to set which cookies are saved and allow (certain) cookies to be deleted again. If you limit the saving of cookies on specific websites or do not allow third-party cookies, this may lead to the fact that our website can no longer be used in its entirety under certain circumstances. Here you can find information on how to customize cookie settings for standard browsers:

Google Chrome ( https://support.google.com/chrome/answer/95647?hl=hu )

Internet Explorer ( https://support.microsoft.com/hu-hu/help/17442/windows-internet-explorer-delete-manage-cookies )

Firefox ( https://support.mozilla.org/hu/kb/sutik-engedelizeze-es-tiltasa-amit-weboldak-haszn )

Safari ( https://support.apple.com/hu-hu/guide/safari/sfri11471/mac )

Specification of cookies:

PrestaShop-UNIQUE_KOD: 20 days, _ga: 1 year, _gid: 1 day, _gat: 1 day, cookie_ue: 1 year, fr: 3 months

Using Google Ads conversion tracking

The data controller uses the online advertising program called "Google Ads", and also uses Google's conversion tracking service within its framework. Google conversion tracking is an analytics service of Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; "Google").
When a User accesses a website through a Google ad, a cookie required for conversion tracking is placed on their computer. The validity of these cookies is limited and they do not contain any personal data, so the User cannot be identified by them.
When the User browses certain pages of the website and the cookie has not yet expired, both Google and the data controller can see that the User has clicked on the ad.
Each Google Ads customer receives a different cookie, so they cannot be tracked through the websites of Ads customers.
The information - obtained with the help of conversion tracking cookies - serves the purpose of creating conversion statistics for Ads' customers who choose conversion tracking. In this way, clients are informed about the number of users who click on their ad and are redirected to a page with a conversion tracking tag. However, they do not get access to information that could identify any user.
If you do not wish to participate in conversion tracking, you can decline this by disabling the installation of cookies in your browser. After that, you will not be included in the conversion tracking statistics.
Based on Google Consent Mode v2, Google also uses two new types of cookies: ad_user_data and ad_personalization, which are based on the consent of the data subject and which relate to the use and sharing of data. ad_user_data is used to provide consent for user data to Google for advertising purposes. ad_personalization controls whether the data can be used to personalize ads (e.g. remarketing). The data controller ensures the acquisition and withdrawal of appropriate consents on the cookie banner / panel. Withdrawal of consent does not affect the legality of data processing based on consent prior to withdrawal.
Further information and Google's privacy statement are available on the following page: https://policies.google.com/privacy

Application of Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are saved on your computer, thus facilitating the analysis of the use of the website visited by the User.
The information created by cookies related to the website used by the User is usually sent to and stored on one of Google's servers in the USA. By activating IP anonymization on the website, Google shortens the User's IP address beforehand within the member states of the European Union or in other states that are parties to the Agreement on the European Economic Area.
The full IP address is transmitted to a Google server in the USA and shortened there only in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate how the User used the website, to prepare reports related to website activity for the website operator, and to provide additional services related to website and Internet use.
Within the scope of Google Analytics, the IP address transmitted by the User's browser is not combined with other Google data. The User can prevent the storage of cookies by setting their browser accordingly, but please note that in this case, not all functions of this website may be fully usable. You can also prevent Google from collecting and processing the User's website usage data (including IP address) through cookies by downloading and installing the browser plugin available at the following link. https://tools.google.com/dlpage/gaoptout?hl=en

Newsletter, DM activity

1. XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activity. Pursuant to § 6 of the Act, the User may give prior and express consent to contact the Service Provider with its advertising offers and other mailings at the contact details provided during registration.

2. Furthermore, with the provisions of this information in mind, the Customer may consent to the Service Provider handling his personal data necessary for sending advertising offers.

3. The Service Provider does not send unsolicited advertising messages, and the User may unsubscribe from the sending of offers free of charge without limitation or justification. In this case, the Service Provider deletes all personal data necessary for sending advertising messages from its records and does not contact the User with further advertising offers. Users can unsubscribe from advertisements by clicking on the link in the message.

4. The fact of data collection, the scope of the processed data and that purpose of data management :

Personal data	Purpose of data management	Legal basis
Name, e-mail address.	Identification, enabling subscription to the newsletter/discount coupons.	The consent of the data subject, Article 6, paragraph 1, point a). XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activity. § 6 (5) of the Act.
Date of subscription	Execution of a technical operation.
IP address at the time of registration	Execution of a technical operation.

5. That Scope of stakeholders : All stakeholders who subscribe to the newsletter.

6. Data management purpose : sending electronic messages containing advertising (e-mail, sms, push message) to the person concerned, providing information about current information, products, promotions, new functions, etc.

7. Data management duration , the deadline for data deletion: data processing lasts until the withdrawal of the consent statement, i.e. until the unsubscribe.

8. The person of the possible data controllers entitled to access the data, the recipients of the personal data : Personal data can be processed by the data controller, as well as its sales and marketing staff, in compliance with the above principles.

9. Description of the rights of data subjects related to data management :

The data subject may request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, as well as
you can object to the processing of your personal data and
the data subject has the right to data portability and to withdraw consent at any time.

10. The data subject can initiate access to personal data , its deletion, modification, or limitation of processing, data portability, or objection in the following ways :

by post to 1118 Budapest XI. district, Povl Bang-Jensen Street 2. Building C. 2nd house. 4th em. 3rd door
by e-mail to at hello@ankaofficial.hu e-mail address,
by phone at +36/30-730-52-84.

11. The data subject at any time, you can unsubscribe for free about the newsletter.

12. We inform you that

data processing is based on your consent and the service provider's legitimate interests is based on.
obliged provide personal data if you want to receive a newsletter from us.
failure to provide data with the with consequence it means that we cannot send you a newsletter.
we inform you that you can withdraw your consent at any time by clicking on unsubscribe.
withdrawal of consent it does not affect the legality of data management based on consent, before withdrawal.

Complaint handling

1. The fact of data collection, the scope of the processed data and that purpose of data management :

Personal data	Purpose of data management	Legal basis
Surname and first name	Identification, contact.	Article 6, paragraph 1, point c). (the relevant legal obligation: § 17/A. (7) of the 1997 Consumer Protection Act CLV.)
E-mail address	Keeping in touch.
Phone number	Keeping in touch.
Billing name and address	Identification, handling of quality objections, questions and problems arising in connection with the ordered products/services.

2. That Scope of stakeholders : All stakeholders who purchase on the website and complain about quality.

3. Data management duration , the deadline for deleting the data: Copies of the record, transcript and the response to the objection are provided in the CLV of 1997 on consumer protection. Act 17/A. § (7) must be kept for 3 years.

4. The person of the possible data controllers entitled to access the data, the recipients of the personal data : The personal data can be processed by the data controller, as well as by its employees authorized to do so, in compliance with the above principles.

5. Description of the rights of data subjects related to data management :

The data subject may request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and
the data subject has the right to data portability and to withdraw consent at any time

6. For personal data The data subject can initiate access to , their deletion, modification or restriction of processing, data portability in the following ways :

by post to 1118 Budapest XI. district, Povl Bang-Jensen Street 2. Building C. 2nd house. 4th em. 3rd door
via email at hello@ankaofficial.hu ,
by phone at +36/30-730-52-84.

7. We inform you that

service of personal data legal obligation is based on.
of concluding the contract prerequisite handling of personal data.
obliged provide personal data so that we can handle your complaint.
failure to provide data with the with consequence means that we cannot handle the complaint we received.

Community sites

The fact of data collection, the range of data processed: Twitter/Pinterest/Youtube/Instagram/TikTok etc. the name registered on social networking sites and the user's public profile picture.
Scope of stakeholders: All stakeholders who have registered on Twitter/Pinterest/Youtube/Instagram/TikTok etc. on social media sites and "liked" the Service Provider's social media site, or contacted the data controller via the social media site.
Purpose of data collection: Sharing, "liking", following and promoting certain content elements, products, promotions or the website itself on social media sites.
The duration of the data management, the deadline for the deletion of the data, the identity of the possible data controllers entitled to access the data and the description of the rights of the data subjects related to data management: The data subject can find information about the source of the data, its management, the method of transfer and its legal basis on the given social site. Data management takes place on social networking sites, so the duration and method of data management, as well as the options for deleting and modifying data, are governed by the regulations of the respective social networking site.
The legal basis for data management: the voluntary consent of the concerned person to the processing of his personal data on social networking sites.

Facebook / Meta shared data management

The data controller has a Facebook / Meta profile for the activity. Data management for statistical purposes implemented on the Facebook social media site is a joint data management between the Data Controller and Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, D2 Dublin Ireland). Detailed information on the details of the joint data management agreement can be found in the data manager appendix of the Facebook Page Analytics function. The appendix is available
at the following link: https://hu‐hu.facebook.com/legal/terms/page_controller_addendum

The data controller communicates in a private message on the social media site only if you find us there.

1. Categories of stakeholders

to the person concerned who registered on the social site and "liked" the profile page of the Data Controller,
the person concerned who contacts the Data Controller in a private message on the social media site.

2. Purpose of data management

The purpose of data management is to share and promote the activities and services of the data manager on the Facebook social media site. The Data Controller may use the data provided in the private message of the affected person in order to respond to the message, otherwise the Data Controller does not collect or extract data from social networking sites.

3. Legal basis for data management

The data management is based on point a) of Article 6 (1) of the GDPR, the legal basis of the data management is the consent of the data subject to the management of his personal data on the Facebook social site.

4. Scope of managed data

registered name of the affected person,
public profile picture of the affected user
other public data provided and shared by the data subject on the social media site

5. Source of processed personal data: The data subject is the source of the processed data.

6. Withdrawal of consent: You can withdraw your consent to data management at any time and delete your post or comment. Data management takes place via third-party social media sites
operates. If you withdraw your consent, the Data Controller will delete the conversation with you. Withdrawal of consent does not affect the legality of data processing based on consent prior to withdrawal.

The data subject can initiate access to personal data, their deletion, modification, or restriction of processing, as well as data portability in the following ways:

by post to 1118 Budapest XI. district, Povl Bang-Jensen Street 2. Building C. 2nd house. 4th em. at door 3,
by e-mail to at hello@ankaofficial.hu e-mail address,
by phone at +36/30-730-52-84.

7. Duration of data management

until the consent of the data subject is withdrawn,
if messages are exchanged, then 2 years.

8. Forwarding of personal data, recipients, and categories of recipients: For the concept of recipient, see Article 4, Clause 9 of the GDPR. Only in exceptional cases and on the basis of a legal obligation does the Data Controller transfer the Data Subject's personal data to state bodies and authorities - in particular courts, prosecutors, investigative authorities and infringement authorities, the National Data Protection and Freedom of Information Authority.

9. Possible consequences of failure to provide data

In case of non-delivery of data, the data subject cannot find out about the activities and services of the Data Controller via the Facebook social network, or send a message to the Data Controller via Facebook Messenger.

10. Automated decision-making (further profiling): During data management, automated decision-making, including profiling, is not required

11. Joint data controller agreement concluded with Facebook Ireland Ltd.:

The Page Analytics function displays aggregated data, with the help of which you can see how the Facebook page is used by the people involved. Facebook Ireland Limited (“Facebook Ireland”) and the Data Controller are joint data controllers for the management of analytics data. The Page Analytics appendix defines Facebook's responsibility and the Data Controller's responsibility in relation to the management of analytics data. Facebook Ireland assumes primary responsibility for the handling of analytics data under the GDPR and that it complies with all relevant obligations under the GDPR in relation to the handling of analytics data. Facebook Ireland will also make an extract of the Page Analytics appendix available to all stakeholders. The Data Controller ensures that it has the appropriate legal basis for the processing of analysis data in accordance with the GDPR, identifies the site's data controller, and complies with all other relevant legal obligations. Facebook Ireland is solely responsible for the handling of personal data in connection with the Page Analytics feature, except for data within the scope of the Page Analytics appendix. The Page Analytics appendix does not grant the Data Controller the right to request the personal data of Facebook users that Facebook Ireland handles in connection with Facebook, including page analytics data. The Data Controller cannot act on behalf of Facebook Ireland or provide answers to data protection inquiries.

Customer relations and other data management

If a question arises when using our data management services, or if the data subject has a problem, you can contact the data manager using the methods provided on the website (telephone, e-mail, social media sites, etc.).
Data manager handles received e-mails, messages, on the phone, on Meta, etc. data provided, together with the name and e-mail address of the interested party, as well as other voluntarily provided personal data, will be deleted after a maximum of 2 years from the date of data communication.
We provide information on data management not listed in this information when the data is collected.
The Service Provider is obliged to provide information, communicate and hand over data, or make documents available in the event of an exceptional official inquiry, or in the event of an inquiry by other bodies based on the authorization of the law.
In these cases, the Service Provider only releases personal data to the requester - if he has specified the exact purpose and the scope of the data - to the extent and to the extent that is absolutely necessary to achieve the purpose of the request.

Rights of data subjects

1. Right of access

You are entitled to receive feedback from the data controller as to whether your personal data is being processed, and if such data processing is underway, you are entitled to access the personal data and the information listed in the regulation.

2. Right to rectification

You have the right to request that the data controller correct inaccurate personal data concerning you without undue delay. Taking into account the purpose of data management, you are entitled to request the completion of incomplete personal data, including by means of a supplementary statement.

3. Right to erasure

You have the right to request that the data manager delete your personal data without undue delay, and the data manager is obliged to delete your personal data without undue delay under certain conditions.

4. The right to be forgotten

If the data controller has disclosed the personal data and is obliged to delete it, it will take reasonable steps, including technical measures, taking into account the available technology and the costs of implementation, in order to inform the data controllers handling the data that you have requested the personal data in question the deletion of links or duplicates of these personal data.

5. The right to restrict data processing

You have the right to have the data controller restrict data processing at your request if one of the following conditions is met:

You dispute the accuracy of the personal data, in which case the limitation applies to the period that allows the controller to check the accuracy of the personal data;
the data processing is unlawful and you object to the deletion of the data and instead request the restriction of its use;
the data controller no longer needs the personal data for the purpose of data management, but you require them to submit, enforce or defend legal claims;
You have objected to data processing; in this case, the restriction applies to the period until it is determined whether the data controller's legitimate reasons take precedence over your legitimate reasons.

6. The right to data portability

You have the right to receive the personal data you have provided to a data controller in a segmented, widely used, machine-readable format, and you have the right to transfer this data to another data controller without hindrance from the data controller whose provided personal data to (...)

7. Right to protest

In the case of data processing based on legitimate interest or public authority as legal grounds, you have the right to object at any time to the processing of your personal data for reasons related to your own situation, including profiling based on the aforementioned provisions.

8. Protest in the event of direct business acquisition

If personal data is processed for direct business acquisition, you have the right to object at any time to the processing of your personal data for this purpose, including profiling, if it is related to direct business acquisition. If you object to the processing of personal data for direct business purposes, then the personal data may no longer be processed for this purpose.

9. Automated decision-making in individual cases, including profiling

You have the right not to be subject to the scope of a decision based solely on automated data management, including profiling, which would have legal effects on you or would similarly significantly affect you.

The previous paragraph does not apply if the decision:

It is necessary to conclude or fulfill the contract between you and the data controller;
it is made possible by EU or member state law applicable to the data controller, which also establishes appropriate measures for the protection of your rights and freedoms, as well as your legitimate interests; obsession
It is based on your express consent.

Action deadline

The data controller will inform you of the measures taken following the above requests without undue delay, but in any case within 1 month from the receipt of the request.

If necessary, this It can be extended by 2 months . The extension of the deadline shall be calculated by the data controller upon receipt of the request indicating the reasons for the delay Within 1 month will inform you.

If the data controller does not take measures following your request, informs you without delay, but no later than one month from the receipt of the request, of the reasons for the failure to take action , as well as of the fact that you can file a complaint with a supervisory authority and exercise your right to judicial redress.

Security of data management

The data manager and the data processor implement appropriate technical and organizational measures, taking into account the state of science and technology and the costs of implementation, as well as the nature, scope, circumstances and purposes of data management, as well as the variable probability and severity of the risk to the rights and freedoms of natural persons. , to guarantee a level of data security appropriate to the degree of risk, including, among others, where applicable:

pseudonymization and encryption of personal data;
ensuring the continuous confidentiality, integrity, availability and resilience of the systems and services used to manage personal data;
in the event of a physical or technical incident, the ability to restore access to and availability of personal data in a timely manner;
a procedure for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures taken to guarantee the security of data management.
The processed data must be stored in such a way that unauthorized persons cannot access them. In the case of paper-based data carriers, by establishing the order of physical storage and filing, in the case of data handled in electronic form, by using a central authorization management system.
The method of data storage using IT methods must be chosen in such a way that it can be deleted - taking into account any different deletion deadlines - at the end of the data deletion deadline, or if necessary for other reasons. The deletion must be irreversible.
Paper-based data carriers must be stripped of personal data using a document shredder or an external organization specialized in document destruction. In the case of electronic data carriers, physical destruction must be ensured in accordance with the rules for the disposal of electronic data carriers and, if necessary, the data must be securely and irretrievably deleted in advance.
The data manager takes the following specific data security measures:

In order to ensure the security of personal data handled on a paper basis, the Service Provider applies the following measures ( physical protection ):

Place the documents in a safe, well-sealed dry room.
If personal data managed on paper is digitized, the rules applicable to digitally stored documents must be applied
During the course of his work, the employee of the Service Provider performing data management may only leave the room where data management is taking place by blocking the data carriers entrusted to him or by closing the given room.
Personal data can only be accessed by authorized persons, third parties cannot access it.
The Service Provider's building and premises are equipped with fire protection and property protection equipment.

IT protection

Computers and mobile devices (other data carriers) used during data management are the property of the Service Provider.
The computer system containing personal data used by the Service Provider is equipped with virus protection.
In order to ensure the security of digitally stored data, the Service Provider uses data backups and archives.
The central server machine can only be accessed by persons with appropriate authorization and only those designated for it.
Data on computers can only be accessed with a username and password.

Informing the data subject about the data protection incident

If the data protection incident is likely to involve a high risk for the rights and freedoms of natural persons, the data controller shall inform the data subject without undue delay.

In the information provided to the person concerned clearly and comprehensibly the nature of the data protection incident must be described, and the name and contact information of the data protection officer or other contact person providing additional information must be provided; the likely consequences of the data protection incident must be described; the measures taken or planned by the data controller to remedy the data protection incident must be described, including, where appropriate, measures aimed at mitigating any adverse consequences resulting from the data protection incident.

The data subject does not need to be informed if any of the following conditions are met:

the data controller has implemented appropriate technical and organizational protection measures , and these measures have been applied to the data affected by the data breach, in particular measures - such as the use of encryption - that prevent unauthorized persons from accessing personal data make the data unintelligible;
the data controller took additional measures after the data protection incident which they ensure that the reported high risk to the rights and freedoms of the data subject is unlikely to materialize in the future ;
the information it would require a disproportionate effort . In such cases, the data subjects must be informed through publicly published information, or a similar measure must be taken that ensures similarly effective information to the data subjects.

If the data controller has not yet notified the data subject of the data protection incident, the supervisory authority, after considering whether the data protection incident is likely to involve a high risk, may order the data subject to be informed.

Reporting a data protection incident to the authority

The data controller shall report the data protection incident to the competent supervisory authority pursuant to Article 55 without undue delay and, if possible, no later than 72 hours after becoming aware of the data protection incident, unless the data protection incident is likely to pose no risk to the rights of natural persons and freedoms. If the notification is not made within 72 hours, the reasons justifying the delay must also be attached.

Review in case of mandatory data management

If the duration of mandatory data management or the periodic review of its necessity is not determined by law, local government decree, or a mandatory legal act of the European Union, the data controller shall review at least every three years from the start of data management , whether the processing of personal data managed by him or by the data processor acting on his behalf or on the basis of his instructions is necessary for the realization of the purpose of data management is it necessary ?

The circumstances and results of this review are provided by the data controller documents, this documentation will be kept for ten years after the completion of the review and makes it available to the Authority at the request of the National Data Protection and Freedom of Information Authority (hereinafter: the Authority).

Possibility of filing a complaint

You can file a complaint with the National Data Protection and Freedom of Information Authority against possible violations of the data controller:

National Data Protection and Freedom of Information Authority
1055 Budapest, Falk Miksa utca 9-11.
Mailing address: 1363 Budapest, Pf. 9.
Telephone: +36 -1-391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu

Final word

During the preparation of the information, we paid attention to the following legislation:

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (GDPR) on the protection of natural persons with regard to the processing of personal data and on the free flow of such data and on the repeal of Regulation 95/46/EC (General Data Protection Regulation) 27 April 2016);
CXII of 2011 law - on the right to self-determination of information and freedom of information (hereinafter: Infotv.);
CVIII of 2001 Act - on certain issues of electronic commercial services and services related to the information society (mainly § 13/A);
XLVII of 2008 law - on the prohibition of unfair trade practices towards consumers;
XLVIII of 2008 law - on the basic conditions and certain limitations of economic advertising activity (especially § 6);
XC of 2005. Act on Electronic Freedom of Information;
Act C of 2003 on electronic communications (specifically §155);
16/2011. s. opinion on the EASA/IA Recommendation on best practices for behavioral online advertising;
The recommendation of the National Data Protection and Freedom of Information Authority on the data protection requirements of prior information.

Item added to your cart