RULES AND INFORMATION ON DATA PROTECTION RELATING TO THE WEBSITE HYPERLINK “HTTP://WWW.NAMIBUDAPEST.HU” WWW.NAMIBUDAPEST.HU
TOC \O “1-1″ \F \T “HEADING 9,2,PART HEADINGS,3″ \* CAPS \* MERGEFORMAT
1. Preamble, Objective Of The Rules Pageref _Toc412793907 \H 1
2. Interpretation Of The Rules, Definitions Pageref _Toc412793908 \H 1
3. Name And Contact Information Of The Data Manager Pageref _Toc412793909 \H 3
4. Objective Of Data Management, Scope Of Managed Data Pageref _Toc412793910 \H 3
5. Legal Base And Duration Of Data Management Pageref _Toc412793911 \H 5
6. Access To The Managed Data, Data Processing And Data Transfer Pageref _Toc412793912 \H 5
7. Data Security Pageref _Toc412793913 \H 6
8. The Users’s Rights And Liabilities Pageref _Toc412793914 \H 6
9. Legal Remedy Pageref _Toc412793915 \H 7
10. Modification, Interpretation, Effective Date Of The Rules Pageref _Toc412793916 \H 8
PREAMBLE, OBJECTIVE OF THE RULES
Dia 2003 Ékszer Kereskedelmi Korlátolt Felelősségű Társaság (Seat: 1052 Budapest, Haris köz 3.; Registration number: Cg.01-09-715375; VAT number: 13030746-2-41.; hereinafter: the „Company”) is interested in that the users should hear about and purchase the largest possible scope of giftware distributed by the Company (hereinafter: the „Product”) via the website www.namibudapest.hu furthermore, based on this commitment, the Service provider has created the website www.namibudapest.hu (hereinafter: the „Homepage”).
These rules and information on data protection (hereinafter: the „Rules”) include the conditions of data management of the Homepage. The Homepage is owned and operated by the Company. The Company, as data controller, subjects itself to the contents of these Rules, furthermore undertakes liability to that all the data management connected to its activities shall be compliant to the requirements specified in these Rules and the valid Hungarian legal regulations.
The objective of these Rules is that the management of personal and incidental sensitive data
necessary for using the electronic trading services connected to the Homepage,
necessary for the popularisation of the Products distributed by the Company via the Homepage, and
necessary for the purchasing of the Products distributed by the Company via the Homepage
should take place pursuant to the provisions of the prevailing Hungarian legal regulations on data protection.
Furthermore, the objective of these Rules is that in the whole scope of services provided by the Company, the user can be assured of that – regardless of the user’s sex, nationality or home address – the user’s rights and basic rights of freedom, such as especially their right to private life will be respected while their personal information is processed electronically (data protection). The Company shall process the recorded personal information in confidence, by complying with the legal regulations and international recommendations on data protection and these Rules on data protection.
By using the Homepage, the user accepts the provisions of these Rules expressly and approves the data management specified below.
INTERPRETATION OF THE RULES, DEFINITIONS
These Rules shall be interpreted based on the principles of Hungarian language in consideration of the general legal principles of the Hungarian civil law. When interpreting these Rules, the words and phrases written in capital letters shall have the meaning conferred to them on their first place of appearance in the Rules – independently of their tense, mode and case, or whether they are singular or plural.
In harmony with the provisions of Act CXII of year 2011 on the right to possess personal information and the freedom of information (hereinafter: the „Info Law”) where it cannot be interpreted otherwise based on the context, the terms used in low-case letters in these Rules shall mean the following:
fulfilling technical tasks connected to data managing operations independently of the method and tools used for their realisation and the place of usage, provided that the technical tasks are realised with data;
the natural or legal entity or organisation without legal entity that based on its contract concluded with the data processing entity – including also a contract concluded pursuant to the provisions of laws – processes data;
independently of the applied procedure, any or all operations of the Company with data, such as collection, receiving, recording, systemising, storing, changing, using, transferring, disclosing, harmonising or connecting, blocking, deleting and destructing data and preventing the further usage of data. Taking photos, audio or image recording and the recording of physical features suitable for identifying a person (e.g. fingerprints or palm prints, DNA sample, iris image) shall be considered as data management as well;
the natural or legal entity or organisation without legal entity that, independently or jointly with others, specifies the objective of data management, brings and executes the decisions affecting data management (including the tool applied) or have these decisions executed by a data controller assigned by itself;
the complete physical destruction of data carrier containing the data;
making the data available to a specified third party;
making data unrecognisable in a way that their restoring is not possible any longer;
providing data with identification marking in order to limit its further management definitely or for a specified period; instead of deletion, the Company blocks the data where the definite deletion of the data would breach the lawful interests of the affected person; blocked data shall be treated exclusively as long as the objective of data management exists, which excluded the deletion of the personal or sensitive data;
any person or any specified person identified or that can be identified – either directly or indirectly – based on personal information that uses the services of the Company by using the Homepage or that uses the Homepage;
information, statement, method of appearance, aimed at promoting the sales or other usage of marketable movables that can be possessed – including money, securities and financial assets and natural resources that can be utilised as things – (hereinafter jointly: the product), services, real estates, rights constituting asset value (hereinafter all of these jointly: goods) or, in connection with this objective, aimed at popularising the name, trademark, activities of the corporation or goods or brands;
the natural or legal entity or organisation without legal entity that is not identical with the affected person, the Company, data manager or the data controller;
the voluntary and definite expression of the wish, intention of the affected person, which is based on appropriate information and by which that person gives its clear agreement to that the personal information relating to itself should be managed – in its full scope or only in connection with certain operations;
personal information relating to race, nationality, political opinion, party affiliation, religion, belief, membership in interest-representation organisations, sexual orientation, health condition, harmful addiction or personal criminal information;
making the data available to anyone;
data that can be connected to the affected person – such as particularly, the name, identification mark or one or more pieces of information relating to its physical, mental, economic, cultural or social identity – and consequences that can be drawn from the data and relating to the affected person;
personal identification information
the first and last name, maiden name, of the affected person, its sex, place and date of birth, its mother’s birth first name and last name, permanent address, place of stay, social security identification mark (hereinafter: TAJ number) jointly or any of them which is or may be suitable for identifying the affected person;
the statement of the affected person by objecting the management of its personal information and by which it requests the deletion of the managed data;
If it is not concluded differently from the text otherwise:
reference to any legal regulations in these Rules includes the incidental later modified, expanded, uniform structure of the legal regulation in question;
in these Rules the titles and paragraph numbers serve exclusively reference and they shall be considered only together with the interpretation of the text of these Rules;
all references to a person in these Rules mean reference to any person, company, association, government, state, state institution or authority;
any of the provisions of these Rules shall not be interpreted in a way that it would exclude the liability or legal remedy for fraudulent statements or procedures or statements or procedures made or initiated in bad faith.
NAME AND CONTACT INFORMATION OF THE DATA MANAGER
Name of the Company as data manager: Dia 2003 Ékszer Kereskedelmi Korlátolt Felelősségű Társaság
Seat of the data manager: 1052 Budapest, Haris köz 3.
Mail (postal) address of the data manager: 1052 Budapest, Haris köz 3.
Registration number of the data manager: Cg.01-09-715375
VAT number of the data manager: 13030746-2-41.
E-mail address of the data manager: email@example.com The affected person shall acknowledge that the Company will receive only the questions, complaints of the affected person relating to its own data management or to these Rules at the above e-mail address.
OBJECTIVE OF DATA MANAGEMENT, SCOPE OF MANAGED DATA
The Company shall use and store the data provided by the user only for specified purposes, exclusively (i) to maintain relations between the Company and the users; (ii) to provide the services – electronic marketing – of the Company efficiently, safely and in a customised way; (iii) to participate as a mediator during the settlement of disputes that may emerge in connection with using the Services; (iv) to provide clarification; (v) to eliminate problems of operation; (vi) to send newsletters and other advertisements for marketing purposes; (vii) to collect data for statistical purposes; (viii) to collect information for research purposes.
The Company as data manager shall be entitled to manage the following personal information subject to the approval of the affected person for the following data management purposes:
last name and first name of the affected person (corporate name of the legal entity), address of its domicile (seat of the legal entity), delivery address, e-mail address and telephone number, the purpose of managing such data is that (i) the Company can provide the Users with electronic trading services efficiently, safely and in a customised form and that the Company can deliver the Products ordered by the User to the User; (ii) such data should ensure the relations between the affected person and the Company via sending newsletter messages, SMS and e-mail messages and advertisements.
The Company informs the user that during the usage of services relating to the Homepage and during the usage of the Homepage no management of sensitive data takes place.
It is the voluntary decision of the affected person whether or not to give the personal information included in Point REF _Ref397678487 \r \h \* MERGEFORMAT 4.2 of the Rules to the Company but without the recording of personal information specified in Point 4.2. (a) above it is impossible to order the Products from the Company. While ordering the products, it is compulsory for the user to give the following personal information: name (corporate name), e-mail address, home address (seat), delivery address, telephone number. Should the user give the data of a third party while ordering a Product or should the user cause any harm while using the Homepage, the Company shall be entitled to claim compensation for damages from the user. The Company will not control the personal information given to the Company. Exclusively the person providing the data shall be liable for the authenticity, truth of the provided information. Any user, when providing its e-mail address shall undertake liability for that only this person that has provided the contact information will use the services from the e-mail address and mobile phone number.
While using the services, the Company may request the affected party to provide other personal information as well subject to the condition that the Company shall specify the purpose of data management before requesting so. Recording personal information shall be voluntary in each case and if certain personal information is not provided this fact shall not influence the usage of the Homepage.
The Company shall manage the personal information provided by the affected person until it has withdrawn its approval. Such personal information shall be deleted by the Company immediately but within 5 (five) working days the latest from the request of the affected party.
Furthermore, the Company shall not manage any personal or sensitive information based on the power provided by laws. Should the Company manage personal or sensitive information of the affected person pursuant to any provisions of laws, then the Company shall inform the affected person on such data management operation, the purpose and duration of the operation before executing the – by also specifying the legal reference. Before requesting any personal information, the Company shall inform the affected person that the provision of the information in question is voluntary and based on the approval of the affected person or it is compulsory and is based on legal regulations.
By accepting the Rules, the affected person shall acknowledge that the Company shall be entitled to use the personal information in a way that the information shall be deprived of its relationship to the affected person and for statistical purposes. The Company undertakes that it will be impossible to connect such information to any of the affected persons after their statistical processing.
The user shall acknowledge that the Company may control the provided personal information with the aim of safety data agreement, may request the copy of the user’s personal identity card with the aim of controlling the authenticity of personal information which the user can send to the Company either in a scanned form via e-mail or by regular mail but which shall be subject to special data management approval. The Company shall store the personal information recorded during safety data control in its protected information system and only temporarily and after the completion of the safety data control the Company shall destroy the photocopy sent by the user. The Company shall inform the user on the purpose and further conditions of data management realised via safety data control when requesting the information. The user shall acknowledge that courts, prosecutors, investigation authorities or authorities of minor infractions might contact the Company with the aim of requesting, transferring personal information or making documents available to them. The Company shall disclose to authorities personal information only in a quantity and to an extent, which is definitely necessary for achieving the purpose of the request upon the lawful requests from authorities – if the authority has specified the accurate purpose and the scope of information.
At specified frequency, the Company may send to the users newsletters, SMS and e-mail messages, geo-localisation messages and marketing and advertisement messages on the operation of the Homepage, the conditions of using the Services and in connection with the Services. By accepting these Rules, the user approves expressly that the Company sends messages as specified above. While using the Homepage, the user shall be entitled to withdraw the above approval at any time – by clicking on the correct icon of the Homepage.
The system used by the Company will identify the computer of the Homepage user by so-called cookies. In order that all contents of the Homepage can be viewed, the user should approve the cookies. Therefore, when downloading certain parts of the Homepage, cookies will be placed on the user’s computer, which are necessary for the operation of each function of the Homepage. Cookies are small text files, which are saved by the computer and the browser and the user will not receive any information on that from the Company. Cookies are not suitable for identifying the person of the user and they live only during the session. The objective of the Company with placing the cookies is to send essential information to the visitors in a targeted way. The above information shall be used by the Company exclusively for the operation of the Homepage, sending targeted newsletters, marketing and advertising messages and statistical purposes.
While browsing the Homepage, technical information is recorded (e.g. in the form of log files, which include the user’s IP address, the date and time, the URL of the visited page). The system logs such information continuously but it will not connect it to the information provided during usage. The users will not but only the Company will access to information collected in this way. The Company shall use the above information exclusively for the technical operation of the Homepage and for statistical purposes.
LEGAL BASE AND DURATION OF DATA MANAGEMENT
The Company manages data pursuant to provisions of §5 Clause (1) a) of Act CXII of year 2011 on the right to possess personal information and the freedom of information based on the users’ voluntary approval and pursuant to Act CVIII of year 2001 on electronic trading services and services relating to information society. The user will give its approval to each data management session by using the Homepage and by providing some pieces of information voluntarily.
While ordering the Product, the management of personal information starts with the acceptance of these Rules and it will last until the User withdraws its approval to managing its personal information. The user shall be entitled to ask the deletion or modification of its personal information at any time via the e-mail address firstname.lastname@example.org. After the arrival of the request, the Company will delete the user’s personal information from its system definitely which cannot be restored any longer. The deadline for deleting the information is 5 (five) working days from the arrival of the deletion request. The above provisions shall not affect the fulfilment of preservation liabilities specified in legal regulations and the data management operating based on further approvals given on the Homepage in some other ways (subscription to newsletter).
ACCESS TO THE MANAGED DATA, DATA PROCESSING AND DATA TRANSFER
Primarily the Company and the internal employees of the Company shall be entitled to know the personal information and they shall not publish or disclose the personal information to any third parties and they shall use the personal information for the purposes specified in the Rules.
Within the scope of operation of its information system, the Company may use the services of a data processing person (e.g. system operator, system administrator).
The Company shall be entitled to transfer the users’ personal information to its subcontractors. Before selecting its partners, the Company prepared such selections with utmost care. Such partners shall treat the confidential information acknowledged by them when fulfilling their liabilities and providing their services, subject to the provisions of legal regulations.
The Company stores the personal information on the server computer located at the address Netmask Interactive Kft, 1131 Budapest, Nővér u. 110. The Company shall ensure data security such as especially their protection from unauthorised access, change, transfer, publication, deletion or destruction and accidental destruction or damages.
The Company shall take all the measures necessary for ensuring the safety of personal information given by the users on the Homepage during network communication, data storage and guarding. Access is strictly limited to personal information in order that illegal learning, illegal change and usage of personal information can be prevented. The information system and network of the Company is protected appropriately against fraud, spying, sabotage, vandalism, fire, flood, computer bugs, computer breaking that might take place during computer usage.
When managing data, the Company shall preserve (1) secrecy: the Company protects personal information in a way that access to it can be possible to persons that are authorised to do so; (2) integrity: the Company protects the integrity and the accuracy of processing of personal data.
THE USERS’S RIGHTS AND LIABILITIES
The user’s rights related to the management of personal information
Right to information
The affected person shall be entitled to request information from the Company at any time on the management of its personal information – via the contact information shown in Point REF _Ref410726640 \r \h \* MERGEFORMAT 3 of the Rules. The shortest possible but up to 30 (thirty) days from the submission of the request, the Company shall inform the affected person in writing on the affected person’s information managed by the Company, the purpose, legal base, duration of data management and – where the information is transferred as well – who received the personal information and for what purposes.
Right to correct the information
The affected person shall be entitled to request the correction of its personal information if such information is not correct – via the contact information shown in Point REF _Ref410726655 \r \h \* MERGEFORMAT 3 of the Rules. The shortest possible but up to 5 (five) working days from the submission of the request, the Company shall correct the information and inform the affected person on that.
Right to have the personal information deleted
The affected person shall be entitled to request the deletion of its personal information at any time – via the contact information shown in Point REF _Ref410726671 \r \h \* MERGEFORMAT 3 of the Rules. If there is no legal dispute between the affected party and the Company and the Company does not have any obligation to store the personal information further, then the Company shall delete all the pieces of personal information of the affected person immediately but within 5 (five) working days the latest. The deletion shall not be applicable to data management required by legal regulations (e.g. laws on accounting) and such data shall be preserved by the Company for the required length of time.
The right to block data
The affected person shall be entitled to request the Company at any time – via the contact information shown in Point REF _Ref410726690 \r \h \* MERGEFORMAT 3 of the rules – to block the personal information instead of deleting it if the definite deletion of the information breached the lawful interest of the affected person. The personal information blocked in this way may be managed only for the period while the data management purpose is valid which excluded the deletion of the personal information.
The right to objection
The affected person shall be entitled to object the management of its personal information at any time – via the contact information shown in Point REF _Ref410726699 \r \h \* MERGEFORMAT 3 of the Rules if
the management (transfer) of personal information is needed only for claiming the Company’s right or lawful interest except where data management is ordered by laws;
usage or transfer of the personal information takes place with the purposes of direct business, public opinion survey or scientific research.
The Company shall examine the objection the shortest possible but up to 15 fifteen) days from the submission of the request and shall inform the affected person in writing on the result of the examination. Where the objection is grounded, the Company shall stop managing the information and shall inform all the parties on the objection and on the measures taken based on the objection to whom the Company transferred the personal information affected by the objection earlier and that shall be liable to take measures in order that the right to objection shall be executed. Where the affected person does not agree with the Company’s decision, then the affected person shall be entitled to go to court within 30 (thirty) days from the delivery of the Company’s decision – pursuant to the Info Law.
The liabilities of the affected person in connection with the management of personal information
The affected party shall provide true, authentic personal information and – if any of the pieces of information is changed – shall correct the personal information or ask the Company to correct the information.
The Company, without any further notice, reserves the right to itself to delete the data of an affected person that abuses the personal information of another person.
By accepting the Rules, the affected person shall acknowledge that during the usage of the Homepage, it shall not share content or shall not send messages, which
breaches other people’s honour, dignity;
impeaches other persons for their national, ethnic origin race, affiliation to a religious group or presumed debt;
impeaches any services, business companies, without grounds, in bad faith or with the aim of discrediting.
The Company will delete such personal information immediately and call the affected person to fulfil the above requirements. Should the affected person behave in the same way, by breaching the above rules after the notice, the Company, without any further notice, reserves the right to itself to delete the data of the affected person.
If the affected person believes that the Company by the data management realised by itself breached these Rules or the prevailing legal regulations, then, in order to stop the presumed unlawful data management, the affected person shall contact Nemzeti Adatvédelmi és Információszabadság Hatóság (Hungarian National Authority for Data Protection and Freedom of Information) (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/. Mail address: 1387 Budapest Pf 40.).
The affected person shall be entitled to initiate a legal procedure against the Company where it believes that the rights regulated in Point 8 of the Rules are breached by the Company. The court shall act in urgency. The tribunal shall have jurisdiction in the litigation – according to the affected person’s decision – based on the home address of the affected person or the seat of the Company.
MODIFICATION, INTERPRETATION, EFFECTIVE DATE OF THE RULES
Subject to sending electronic notice to the affected persons – the Company reserves the right to itself to modify these Rules unilaterally. By using the Homepage after the effective date of the modification, the affected person shall accept the modified Rules.
The Company states that all the modifications of the Rules will be compliant to the provisions on data protection of the legal regulations in effect on the date of modification.
The Company states that the Rules must be interpreted in harmony with the legal regulations in effect on the date of interpretation of the Rules. Should there be discrepancies between the Rules and the legal regulations in effect, the provisions of the legal regulations in effect shall be ruling.
The effective date of these Rules is 1st March 2015
Rules and Information on Data Protection
1 March 2015