Privacy policy.

1. Data controller's data:

Contractor's name: Balázs Sólyom, sole trader
Address: 2151 Fót, Kalász utca 22.
Registration number: 51058520
Tax number: 67991947-1-33
Representative: Balázs Sólyom
Data Protection Officer: Balázs Sólyom
Data Protection Officer: The company does not need to employ a Data Protection Officer
Phone number: +36704199480
E-mail address: hello@juststaynatural.com

2. The purpose of this Privacy Notice is to:

As the data controller, we accept the contents of this legal notice as binding on us. As the legal controller, we hereby declare ourselves bound by this Privacy Notice. The purpose of this Privacy Notice is to inform our customers and partners about the processing of their personal data. We hereby declare that we will only process personal data in accordance with the provisions of the legislation in force and in strict compliance with the provisions of the data management and data protection regulations, taking into account the principles of lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy and limited storage.

We inform you that we take all technical and organisational measures to ensure that the personal data of our partners are processed in a secure manner, as required by Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation).

We have adapted our day-to-day operations, policies, records, templates and information to comply with the above.

Our privacy policy regarding our data management is available on our headquarters and website on an ongoing basis. We reserve the right to change this policy at any time. We will of course notify our audience of any changes in due time.

We are committed to protecting the personal data of our customers and partners, and we attach the utmost importance to respecting our customers' right to information privacy. Personal data is treated confidentially and we take all security, technical and organisational measures to ensure the security of the data. Our data management practices are described below.

3. The personal, material and temporal scope of the Privacy Notice:

The personal scope of this Privacy Notice covers the individual entrepreneur and the natural persons whose data are included in the processing covered by this Notice, as well as persons whose rights or legitimate interests are affected by the processing.

The scope of this Notice covers all processing that takes place in the course of the entrepreneur's activities.

This Policy shall enter into force on the date of its approval and shall remain in force indefinitely until further notice.

4. Important definitions:

Personal data: any information relating to an identified or identifiable natural person.

Data processing: any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction or destruction.

Controller: a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Data processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.

Third party: a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or the processor, are authorised to process personal data.

Data breach: a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

5. Lawful processing by the contractor:

Personal data will only be processed in the following cases:

  1. where the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes,

  2. The processing is necessary for the performance of a contract to which the data subject is a party,

  3. processing is necessary for compliance with a legal obligation to which the controller is subject,

  4. processing is necessary in order to protect the vital interests of the data subject or of another natural person,

  5. processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party.

We check the lawfulness of data processing at every stage of our activities, and we only process data for which we can justify the purpose and legal basis. In the event that the conditions of a legal basis cease to apply, processing may only be resumed if we can demonstrate an adequate alternative legal basis.

As a general rule, the way to justify the legal basis is in writing, and even in the case of a legal basis established by imputability, it must be examined whether it can be clearly justified ex post. In case of doubt, in the interests of reasonableness and economy, efforts should be made to confirm in writing the processing by means of imputability.

In the case of processing based on consent, the data subject gives his or her written consent to the processing of his or her personal data. Consent is not formally binding, but subsequent evidence requires written consent on paper or in electronic form.

Processing based on a legal basis to fulfil a legal obligation is independent of the data subject's consent, as the processing is defined by law.

Irrespective of the mandatory nature of the processing, the private individual concerned must be informed before the processing starts that the processing is mandatory and cannot be avoided, and must be provided with clear and detailed information on all relevant facts concerning the processing of his or her data before the processing starts.

According to the GDPR (General Data Protection Regulation), personal data may also be processed where the processing is necessary for the performance of a contract to which the individual concerned is a party or where the processing is necessary for the purposes of taking steps at the request of the data subject prior to entering into a contract. We may process personal data for the purposes of the conclusion, performance or termination of a contract on the basis of the legal basis of performance of the contract.

6. Personal data processing in the company:

Our company provides photography and film production services to our clients. Our company offers its clients services in the field of wedding, children, family photography and filmmaking, as well as various events and portfolio photography. Personal data is also processed in connection with these activities.

  1. Our contractual partners can be both natural persons and legal entities. The conclusion of a contract is preceded by an invitation to tender, by e-mail or telephone, or by a message on social networking sites. The contracting party will provide its name and e-mail address, to which we will send our offer. If the offer is rejected, we will delete the personal data of the interested party. If the data subject orders the offered service, a service contract will be concluded. When concluding service contracts, we will obtain additional personal data of natural persons (partners and contacts).

  2. We will issue an invoice to our customers after the contracted service has been completed. The invoice will include the name, address and, where applicable, tax number of the customer.

  3. In the course of our activities, we process our partners' e-mail addresses and telephone numbers in order to fulfil our contractual obligations or with their individual consent.

  4. In the course of our work, we also have contractual relations with subcontractors, suppliers and service providers, which also provide a basis for the processing of personal data (data of contact persons, representatives). We are also in contact with event and wedding planning contractors, in which case personal data of the contractors or contacts will also be processed.

  5. We mainly present our activities and reference photos and recordings on our own website (www.juststaynatural.com). The website provides visitors with information on the prices and content of our services. The website operates using cookies, which also collect personal data about visitors.

  6. In the "Contact Us" section of our website, visitors have the possibility to contact us using a contact form. In the form, the name and e-mail address of the interested party must be provided. The purpose of processing the personal data is to contact the visitor of the site and the person interested in the photographer, film production service. If the service is not ordered after the contact, the personal data of the interested party will be deleted immediately, but within 3 working days at the latest.

  7. It is also possible to subscribe to a newsletter on our website. By subscribing to the newsletter, the visitor declares that he/she has read the Privacy Policy and that he/she gives his/her consent to the processing of his/her personal data for marketing purposes. The data subject shall have the rights set out in the Privacy Notice and shall be able to exercise those rights in the manner and at the places set out therein. Accordingly, the legal basis for the processing of personal data when sending the newsletter is the explicit and written consent of the subscriber.

  8. We also have a Facebook page to showcase our activities and references, and for marketing purposes. Here too, the data of the page's followers is processed.

  9. We take photos and videos as part of our activities. The production and use of the footage is always subject to the consent of the client. In the case of events, it is the contractual obligation of the clients to inform their guests or visitors to the event that photographs and videos may be taken.

  10. Sometimes natural persons submit CVs to us. Personal data are also processed in relation to CVs.

We keep a record of the processing described above. The register also includes the time limits for the deletion of personal data. The register is annexed to this Privacy Notice.

7. Data processors connected to the business:

If the processing is carried out on our behalf by another party, we may only use processors that provide adequate guarantees of compliance with the requirements of the General Data Protection Regulation or implement appropriate technical and organisational measures to ensure the protection of the rights of data subjects.

We hereby declare that, in the course of our work, we will only use data processors who provide adequate guarantees of compliance with the GDPR Regulation and implement appropriate technical and organisational measures to ensure the protection of the rights of data subjects. The relevant declarations of the data processors are available to us.

  • The data processor is the accounting firm we have appointed.

  • Our subcontractor and supplier (service provider) partners may also be data processors and data controllers.

  • The company that hosts our website is also a data processor.

  • If, for example, we electronically transmit the completed recordings to the customer, our mail server is also a data processor.

  • Our partner for sending newsletters is also a data processor.

  • The courier company we employ is also a data processor (and is also a data controller in its own right in the performance of its tasks).

  • When storing data in a cloud-based online database, the service provider is considered a data processor.

Our contracted data processing and data management partners process our partners' personal data only on the basis of our instructions (except where required by law) and under an obligation of confidentiality.

8. Data processing relating to contracts concluded by the company:

Customer contracts:

Our company provides photography and film production services to its clients. We mainly provide wedding, children and family photography and film production services, as well as various event shootings and portfolio photography. Personal data is also processed in connection with these activities.

  • Our contractual partners can be both natural persons and legal entities. The conclusion of a contract is preceded by a request for a quote, either by e-mail or telephone, or by a message on social networking sites. The contracting party will provide his name and e-mail address to which we will send our offer. The legal basis for processing at this stage is the consent of the data subject. If the offer is rejected, we will delete the personal data of the interested party without delay and at the latest within 3 working days.

  • If the data subject orders the offered service, a service contract will be concluded. When service contracts are concluded, we will obtain additional personal data of natural persons (partners and contacts). In this case, the legal basis for the processing of personal data is the fulfilment of the obligations undertaken in the service contract. The data thus obtained will be processed until the legal deadline for keeping an invoice for the service fee as set out in the service contract. In this case, the legal basis is the fulfilment of the legal obligation.

  • In each case, we will obtain the consent of the person representing the legal person to the processing of his/her personal data. The legal basis for the processing of personal data is the consent of the data subject.

Supplier contracts:

In the course of our work, we also have contractual relationships with subcontractors, suppliers and service providers, which also provide a basis for the processing of personal data (data of contacts, representatives).

We fill in a consent form with the representatives of these companies, informing them of their rights in relation to personal data and asking for their consent to process their personal data. In such cases, the legal basis for the processing of personal data is the performance of the contract and the explicit written consent of the data subject to the processing.

9. Processing invoices issued to customers and the personal data contained therein:

We issue invoices to our customers following the performance of our contractual obligations. The invoice contains the name, address and possibly the tax number of the customer. The legal basis for processing the data on the invoice is the fulfilment of a legal obligation. Article 169 of the Accounting Act provides for a mandatory retention period for invoices. We process invoices issued by us and also keep the personal data on them in accordance with this provision. The legal basis for the processing of personal data in this case is the fulfilment of a legal obligation.

10. Children's data, processing of special categories of personal data:

We process the data of children under the age of 16 when we take photographs or video recordings of a child, family, event or when we take photographs or video recordings of a child under the age of 16 during the taking of photographs or video recordings.The taking of photographs of children under the age of 16 and the use of the photographs or video recordings for any purpose is only possible with the consent of the legal representative. In such cases, the consent of the legal guardian is required in order to comply with this requirement. The consent may be given by the parent by signing a service contract with us (the service contract will contain the wording in this respect) or by countersigning a separate consent form.

We do not process any special data. We do not record such data that we have obtained or become aware of in any way. If such data has been entered into any of our systems without our knowledge, we will delete it from our systems immediately upon detection.

11. Keeping email addresses and phone numbers with the company:

In the course of our activities, we also obtain the e-mail addresses and telephone numbers of our partners. We process personal data entered into our system in this way, primarily to fulfil our contractual obligations. In case the contract with the partner has been terminated and the legal obligation to keep the data and documents no longer applies, the telephone numbers and e-mail addresses are deleted. In some cases, we may still have a legitimate interest in retaining the data, in which case we will ask for the explicit and written consent of the data subject to retain their personal data.

12. Managing applications and CVs received:

We sometimes receive CVs from natural persons. If the CV was submitted because we were looking for an employee and we advertised the job, the CV can only be used in connection with that job. If the applicant does not meet the conditions for the advertised position and another candidate is selected, the CV will be destroyed immediately.

If a candidate voluntarily sends us a CV without an advertisement, we will ask him/her to declare whether he/she consents to our processing of his/her personal data. It is also important to note that we may only use the CV in relation to vacancies for which the applicant has indicated a vacancy. CVs will normally be kept for 3 months, unless the data subject specifies a longer period in their consent.

13. Processing of personal data during the taking of photographs and videos at events and other locations:

We take photographs and video footage at certain events as part of our activities.

The recordings made by the camera and video recorder are considered personal data, as they can be associated with the data subject and inferences can be drawn from them. As mentioned above, the facial image and the behaviour of the data subjects fall within the scope of personal data as an inference about the data subject.

The creation and use of the images (on our website, social media pages) is always done with the consent of the customers. The consent of the data subject is not required for the making of the recording and the use of the recording made in the case of mass recordings and recordings of public appearances.

If the photography or filming takes place at an event where persons other than the client are also present (e.g. weddings, other events), the clients are contractually obliged to inform their guests or persons attending the event that photographs and videos may be taken. This information may be provided by means of an attention-grabbing image or sign, or by means of verbal information during the event, or before the event. For the purposes of this Policy, the processing of images as personal data is based on the consent of the data subject (persons in the event areas), which is deemed to be given by entering the event venue through the use of the image as a means of communication, in the knowledge of the warning signs, verbal information.

If the participant objects to the taking of a photograph or video recording, we are obliged to delete the recording immediately and to refrain from taking any further photographs of the guest.

If, after the publication of a photograph or video recording, the person who took the photograph or video recording informs the person who took the recording of his or her request to delete the recording, we are obliged to remove the recording immediately and permanently delete it from our database, but no later than within 3 working days. We are obliged to inform the data subject of the deletion.

At all events, we provide participating guests with the opportunity to familiarise themselves with our Privacy Notice, which contains the rights of data subjects, the techniques we use to process personal data and the information that data subjects can use to exercise their rights in the event of a breach.

14. Our website:

We mainly present our activities and reference photos and shots on our own website. The website informs visitors about the prices and content of our services.

Our company website: www.juststaynatural.com

Our website uses cookies in its operation. The legal basis for the processing of personal data obtained from them is the consent of the visitor.

Cookies (Cookies):

The purpose of cookies:

  • collect information about visitors and their devices;

  • remember visitors' individual preferences, which are used, for example, when they make online transactions, so they do not have to be re-entered;

  • facilitate the use of the website;

  • provide a quality user experience.

In order to provide a personalised service, a small piece of data called a cookie is placed on the user's computer and read back during a subsequent visit. When the browser returns a previously saved cookie, the cookie provider has the possibility to link the user's current visit to previous visits, but only in relation to its own content.

Session cookies are strictly necessary:

The purpose of these cookies is to allow visitors to browse the website, use its features and services fully and smoothly. This type of cookie is valid until the end of the session and is automatically deleted from the computer or other browsing device when the browser is closed.

The data subject's choice in relation to the Cookie:

Web Browser Cookies:

In the browser settings, the data subject can accept or reject new Cookies and delete existing Cookies. You can also set your browser to notify you each time a new cookie is placed on your computer or other device. You can find more information about how to manage cookies in the "help" function of your browser.

If a visitor chooses to disable some or all of the cookies, he or she will not be able to use all of the website's features.

Cookies placed by third parties (analytics):

Our website also uses Google Analytics as a third party cookie. Google Analytics is a web analytics service used to collect information about how visitors use the website for statistical purposes. This data is used to improve the website and the user experience. These cookies are also stored on the visitor's computer or other browsing device and browser until they expire or until they are deleted by the visitor.

In the context of Google Analytics, the IP address transmitted by the visitor's browser will not be merged with other Google data. You can prevent the storage of cookies by configuring your browser software accordingly. Please note that if you do this, you may not be able to use the full functionality of this website. In addition, the visitor can prevent the collection of data (including his IP address) generated by cookies and relating to the visitor's use of the website by Google and the processing of this data by Google by downloading and installing the browser plug-in under the link below. The current link is http://www.google.com/policies/privacy/ads/.

The contact form used on the website:

The "Say Hello!" section of the www.juststaynatural.com website allows visitors to contact us using a contact form. The form asks for the name and e-mail address of the interested party. The purpose of processing personal data is to contact the site visitor and the person interested in the photo and video service. If the service is not ordered after the contact has been made, the personal data of the interested party will be deleted immediately, but within 3 working days at the latest. In this case, the legal basis for the processing of personal data is the consent of the data subject.

If a contract of engagement is concluded between the parties, the legal basis for the processing of personal data is the performance of the contract.

The data subject declares that he or she is over 16 years of age in relation to the use of the website's customer contact form. A person under the age of 16 may not use the contact form, given that, pursuant to Article 8(1) of the GDPR, the validity of his/her declaration of consent to data processing requires the consent of his/her legal representative. The controller is not in a position to verify the age and eligibility of the person giving consent, so the data subject warrants that the data he or she has provided is accurate.

15. Subscribe to the newsletter:

It is possible to subscribe to a newsletter on our website. By subscribing to the newsletter, the visitor declares that he/she has read the Privacy Policy and gives his/her consent to the processing of his/her personal data for marketing purposes. The data subject shall have the rights set out in the Privacy Notice and shall be able to exercise those rights in the manner and at the places described therein. Accordingly, the legal basis for the processing of personal data when sending the newsletter is the explicit and written consent of the subscriber.

The purpose of the data processing related to the sending of the newsletter is to provide the recipient with complete general or personalised information about the latest news, promotions, events and news on our website, in accordance with the applicable and valid legislation. The subscription to the newsletter and/or the DM mailing is based on voluntary consent, of course we give the data subject the possibility to withdraw his/her consent and unsubscribe from the newsletter at any time.

Our partner for sending newsletters is ---

16. Our Facebook/Instagram page:

www.facebook.com/juststaynatural / www.instagram.com/juststaynatural

We also offer comprehensive personal support via Facebook/Instagram. If you contact us via Facebook/Instagram with a question, we will try to answer it as soon as possible. We will only use the information we receive on Facebook/Instagram to answer your question and not for any other advertising purposes.

The purpose of using the Facebook/Instagram page is to advertise on social media and to present our activities and references.

Facebook/Instagram may also use the data for its own purposes, including profiling the data subject and targeting him/her with other advertising.

To be able to contact us via Facebook/Instagram, you must be logged in. For this purpose, Facebook/Instagram may also request, store and process personal data. We have no control over the type, scope and processing of this data and do not receive any personal data from the operator of Facebook/Instagram. You can find more information on this on the Facebook/Instagram page.

17. Personal data processing in the use of cloud-based applications:

Our company primarily uses cloud-based services for the storage and backup of documents (recordings). The common feature of such services is that they are not provided by the user's computer, but by a remote server, a server centre located anywhere in the world. A major advantage of cloud applications is that they provide a highly secure, flexible and scalable IT storage and processing capacity that is essentially independent of geographic location.

In these cases, we are the data controllers and the cloud service provider can be considered as a data processor, processing personal data on behalf of the data controller. Cloud service providers are obliged to keep personal data confidential and may only process personal data on the instructions of the controller.

We take the utmost care when selecting our cloud service partners, and take all measures that are generally expected to ensure that we contract with them in the interests of our customers' data security, that their data processing principles are transparent to us and that data security is regularly monitored.

Cloud storage is password-protected and only we have access to the data stored there.

Our partners and customers expressly consent to the transfer of data necessary for the use of cloud-based applications by accepting this Privacy Policy and by entering into a service contract between us.

18. Handling complaints about our activities:

In this case, the purpose of data processing is to enable the communication of the complaint, to identify the data subject and his/her complaint, to record the data required to be recorded by law, to investigate the complaint and to maintain contact in connection with its resolution.

The lodging of a complaint is based on voluntary consent, but once a complaint has been lodged, the handling of the complaint and thus the processing of personal data is mandatory under Act CLV of 1997 on Consumer Protection.

The record of the complaint and a copy of the reply will be kept for 5 years, and personal data will be processed for this period.

19. Security of data processing:

We are committed to ensuring the security of the data, and to taking technical and organisational measures and maintaining procedures to ensure that the data we collect, store and process are protected and to prevent their destruction, unauthorised use or unauthorised alteration. We also undertake to require all third parties to whom we transfer or disclose data to comply with data security requirements.

We will ensure that the processed data cannot be accessed, disclosed, transmitted, modified or deleted by unauthorised persons. The processed data may only be accessed by us and our data processor(s) and will not be disclosed to third parties who are not authorised to access the data.

We take great care to protect the personal data of our partners and customers. We comply fully with all legal provisions and require all our partners to do the same. Personal data protection includes physical data protection (storage of documents in a lockable room) as well as IT protection.

The personal data provided by the data subject are stored primarily on the servers of the data processor(s) indicated in this Privacy Notice, equipped with the usual protection systems, and partly on our own IT equipment, in the case of paper media, at our headquarters, appropriately locked.

The data subjects acknowledge and accept that, if they provide their personal data, the data cannot be fully protected on the Internet and on computer systems. In the event of unauthorised access or disclosure, despite the efforts of the controller, it is necessary to proceed as described in this notice.

20. Rights of data subjects:

Transparent information:

The purpose of this Privacy Notice is also to provide clear, concise, transparent and understandable information about the processing activities of the controller.

Right of access:

The data subject has the right to receive feedback from the controller as to whether or not his or her personal data are being processed and, if such processing is ongoing, the right to access the personal data and the following information:

  • the purpose of the processing,

  • the purpose of the processing; the categories of personal data concerned,

  • the categories of recipients to whom the personal data have been disclosed,

  • the intended storage period of the personal data.

You can request information on the above data at the following address, e-mail address:

Balázs Sólyom, 2151 Fót, Kalász utca 22.
E-mail address: hello@juststaynatural.com

Please be informed that we will reply to your request within 30 days. Information requests sent by post will be answered by post, requests sent by e-mail will be answered by e-mail.

Right to rectification:

The data subject has the right to have inaccurate personal data relating to him or her corrected by the controller at his or her request.

The data controller may request information on the above data by sending an e-mail to the following address:

Balázs Sólyom, 2151 Fót, Kalász utca 22.
E-mail address: hello@juststaynatural.com

Please note that we will reply to your request within 30 days. Requests for information sent by post will be answered by post, requests sent by e-mail will be answered by e-mail.

Right to cancellation:

The data subject has the right to have personal data relating to him or her erased by the controller at his or her request. On the basis of this request, we are obliged to delete personal data if one of the following grounds applies:

  • the personal data are no longer necessary for the purposes for which they were collected,

  • the data subject withdraws his or her consent previously given and there is no other legal basis for the processing,

  • the data subject objects to the processing and there are no overriding legitimate grounds for the processing,

  • the personal data have been unlawfully processed,

  • the data must be erased in order to comply with a legal obligation under EU or Member State law.

You can request information about the above data at the following address, e-mail address:

Balázs Sólyom, 2151 Fót, Kalász utca 22.
E-mail address: hello@juststaynatural.com

Please be informed that we will reply to your request within 30 days. Information requests sent by post will be answered by post, requests sent by e-mail will be answered by e-mail.

Right to restriction of processing:

Data subjects have the right to request that we restrict processing, in particular where:

You contest the accuracy of the data,

The data subject may request the erasure of the data if the data subject considers that the processing is unlawful but does not request the erasure of the data for any reason.

You can request information about the above data at the following address, e-mail address:

Balázs Sólyom, 2151 Fót, Kalász utca 22.
E-mail address: hello@juststaynatural.com

Please be informed that we will reply to your request within 30 days. Information requests sent by post will be answered by post, requests sent by e-mail will be answered by e-mail.

Right to data portability:

The data subject has the right to receive personal data relating to him or her in a structured, commonly used, machine-readable format and the right to have that data transmitted to another controller.

You can request information about the above data at the following address, e-mail address:

Balázs Sólyom, 2151 Fót, Kalász utca 22.
E-mail address: hello@juststaynatural.com

Please be informed that we will reply to your request within 30 days. Information requests sent by post will be answered by post, requests sent by e-mail will be answered by e-mail.

Right to object:

The data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data, as provided for in Article 21 of Regulation (EU) 2016/679 of the European Parliament and of the Council.

You can request information about the above data at the following address, e-mail:

Balázs Sólyom, 2151 Fót, Kalász utca 22.
E-mail address: hello@juststaynatural.com

You are hereby informed that we will reply to your request within 30 days. Information requests sent by post will be answered by post, requests sent by e-mail will be answered by e-mail.

We undertake to inform all recipients to whom we have disclosed personal data of requests sent to us in relation to the above rights, unless this proves impossible. We also undertake to notify the data subject (applicant) of the decision on the processing of the above requests within 30 days at the latest.

21. Data protection incident:

A data breach is a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Examples of data breaches include:

  • the unlawful transmission of personal data on a document, portable device, storage medium or computer system (e.g. by correspondence),

  • unauthorised access to an IT system or application that processes personal data,

  • corruption or loss of part or all of a database containing personal data,

  • rendering part or all of an IT system unusable by a virus or other malicious software, etc.

In the event of a potential data breach (unless the data breach is unlikely to pose a risk to the rights and freedoms of natural persons), we will immediately notify the National Authority for Data Protection and Freedom of Information. As soon as we become aware of the incident, we are obliged to notify it without undue delay and, if possible, no later than 72 hours after the data breach has come to our attention. If the notification cannot be made within 72 hours, the notification must state the reason for the delay and provide the required information in detail without further undue delay.

For the notification of a personal data breach, the National Authority for Data Protection and Freedom of Information operates a dedicated system on its website through which notifications can be made electronically.

If the data protection incident is likely to pose a high risk to the rights and freedoms of our partners and customers, we will inform the affected partner without delay.

22. Information on the relevant legislation:

  • Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Info. tv.);

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation, GDPR);

  • Act V of 2013 - on the Civil Code (Civil Code);

  • Act C of 2000 - on Accounting (Accounting Act).

23. Right to apply to the courts:

The data subject may take the controller to court in the event of a breach of his or her rights. The court will rule on the case out of turn.

24. Data protection authority procedure:

You can lodge a complaint with the National Authority for Data Protection and Freedom of Information:

Name: Hungarian National Authority for Data Protection and Freedom of Information
Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Postal address: 1530 Budapest, PO Box 5.
Phone: +36 1 391 1400
Fax: +36 1 391 1410
E-mail: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu

25. Other provisions:

Information on data processing not listed in this notice is provided at the time of collection.

We inform our customers that the court, the prosecutor, the investigating authority, the law enforcement authority, the administrative authority, the National Authority for Data Protection and Freedom of Information, the Hungarian National Bank, or other bodies authorised by law may contact the data controller to provide information, to communicate or transfer data, or to make documents available. Our company shall disclose to the authorities - if the authorities have indicated the exact purpose and scope of the data - personal data only to the extent and to the extent that is indispensable for the purpose of the request.

The website of the Data Protection Authority contains further information on the data protection rights referred to in this Privacy Notice.

Budapest, 25 May 2018.