PRIVACY POLICY

1. Introduction

Color Sport 2000 Kft.
(registered office: 1125 Budapest, Béla király út 16.,
tax number: 11914804-2-43,
company registration number: 01-09-683003)
(hereinafter referred to as: Data Controller) considers the protection of personal data to be of paramount importance.

This privacy policy covers all data processing activities related to the use of the website, the operation of the webshop, and contact with the Data Controller.

The Data Controller processes personal data in accordance with the relevant legislation, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), and Act CXII of 2011 on the right to informational self-determination (Infotv.).

This privacy policy is available at the following page:
https://colorsport.hu/adatvedelemiszabalyzat

The Data Controller strives to make information related to the processing of personal data available to data subjects in an understandable and transparent manner.

Amendments shall enter into force upon publication on the website and shall be applicable thereafter.

The Data Controller pays particular attention to ensuring that the processing of personal data is transparent, secure, and verifiable for users.

The Data Controller regularly reviews its data processing procedures to ensure that they comply with current legal and regulatory requirements.

 

 

2. Data of the Data Controller

Contact details of the Data Controller:

Name: Color Sport 2000 Kft.
Registered office: 1125 Budapest, Béla király út 16.
Postal address: 1125 Budapest, Béla király út 16.
Email: regina.colorsport2000kft@gmail.com
Phone: +36 30 934 8834
Website: https://colorsport.hu

The Data Controller has not appointed a data protection officer.

 

 

3. Definitions

Personal data: any information relating to an identified or identifiable natural person.

Data processing: any operation or set of operations performed on personal data or on sets of personal data, such as collection, recording, storage, use, transmission, erasure.

Data Controller: the natural or legal person who determines the purposes and means of the processing of personal data and processes or has processed the data.

Data Processor: a natural or legal person who processes personal data on behalf of the Data Controller and according to its instructions.

Recipient: a natural or legal person to whom personal data are disclosed or transmitted.

Data subject: the natural person whose personal data are processed by the Data Controller.

Consent of the data subject: any freely given, specific, informed and unambiguous indication of the data subject's wishes.

Personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

 

 

4. Principles of personal data processing

In the course of processing personal data, the Data Controller acts in accordance with the provisions of the GDPR and ensures that data processing is carried out according to the following principles: 

  • lawfulness, fairness and transparency 

  • purpose limitation 

  • data minimisation 

  • accuracy 

  • storage limitation 

  • integrity and confidentiality 

  • accountability 

The Data Controller declares that its data processing practices comply with the above principles and continuously ensures their enforcement.

The Data Controller designs its data processing activities in such a way that they respect the rights and interests of users to the greatest possible extent.

The Data Controller ensures that all data processing is carried out on a proper legal basis.

The Data Controller conducts a legitimate interest balancing test for data processing based on legitimate interest.

In the case of data processing based on legitimate interest, the Data Controller always performs a balancing test to determine whether the data processing does not disproportionately infringe the rights and freedoms of the data subjects.

The Data Controller documents the results of the balancing test if necessary.

 

 

5. Categories of processed data

Depending on the nature of each data processing activity, the Data Controller may process the following categories of data in particular:

  • identification and contact data 

  • order and billing data 

  • shipping data 

  • customer account-related data 

  • technical and usage data (e.g., IP address, browsing data) 

  • marketing preferences (e.g., newsletter subscription) 

  • other data provided during contact 

In all cases, the Data Controller processes only the data necessary for the given data processing purpose.

The Data Controller always strives to enforce the principle of data minimisation.

The Data Controller pays particular attention to ensuring that data processing is carried out only to the necessary and proportionate extent.

 

 

6. Source of data

The Data Controller may obtain personal data from the following sources:

  • directly from the data subject 

  • from data automatically collected during website use 

  • during the operation of services and systems used by the Data Controller 

 

 

7. Data processing related to webshop operation

7.1. Scope, purpose, and legal basis of processed data

Processed data: Username
Purpose: Identification, account creation
Legal basis: performance of contract

Processed data: Password (encrypted)
Purpose: Ensuring secure login
Legal basis: performance of contract

Processed data: Name (first name, last name)
Purpose: Contact, order fulfillment, invoicing
Legal basis: performance of contract

Processed data: Email address
Purpose: Contact, order confirmation
Legal basis: performance of contract

Processed data: Phone number
Purpose: Contact regarding delivery
Legal basis: performance of contract

Processed data: Billing name and address
Purpose: Issuance of invoice
Legal basis: legal obligation

Processed data: Shipping name and address
Purpose: Ensuring delivery
Legal basis: performance of contract

Processed data: Order date
Purpose: Technical operation, order tracking
Legal basis: legitimate interest

Processed data: IP address
Purpose: Technical security, prevention of abuse and maintenance of system security
Legal basis: legitimate interest

The legal basis for data processing is Article 6(1)(b) (performance of contract), (c) (legal obligation), and (f) (legitimate interest) of the GDPR.

The Data Controller ensures that only authorised persons have access to personal data during data processing.

7.2. Scope of data subjects

The data subjects are natural persons who register and purchase in the webshop.

7.3. Duration of data processing

  • user account data: until the account is deleted 

  • order data: until the end of the civil law limitation period 

  • billing data: for 8 years 

  • technical data: for the necessary period, and for the duration required to achieve security and operational goals 

The Data Controller deletes the data when the purpose of data processing ceases or the data subject requests deletion and there is no legal obstacle to it.

In determining the retention period, the Data Controller takes into account the relevant legal obligations and the purpose of data processing.

7.4. Persons authorised to access data

Personal data may be processed by the Data Controller and its authorised employees, to the extent necessary for data processing.

7.5. Necessity of data processing

Data processing is necessary for the performance of the contract.

If data is not provided, the Data Controller cannot provide the service.

If data processing does not occur, the Data Controller cannot ensure the proper functioning of the service.

 

 

8. Data Processors and Data Transfer

When selecting data processors, the Data Controller always strives to ensure that they provide adequate data protection guarantees.

The Data Controller uses data processors to operate the service, who process personal data on behalf of and according to the instructions of the Data Controller.

Data transfer always takes place in accordance with the relevant legislation.

Data processors only have access to personal data to the necessary extent and for the necessary period.

The Data Controller transfers personal data to third parties only for the performance of a contract, a legal obligation, or with the consent of the data subject.

The Data Controller always strives to ensure that data processing is transparent and verifiable.

8.1. Webshop platform

The Data Controller uses Shopify Inc.'s service to operate the webshop.

Shopify provides:

  • the technical operation of the webshop 

  • data storage 

  • order processing 

Shopify processes personal data on behalf of the Data Controller, as a data processor, and according to the Data Controller's instructions, and may access the data provided by users.

Further information:
https://www.shopify.com/legal/privacy

8.2. Payment service provider

Online payments are processed through the Shopify Payments system, whose technical backend service provider is Stripe Inc.

The payment service provider processes the data necessary for payment processing as an independent data controller.

The Data Controller does not process or store credit card data.

The payment service provider's privacy policy applies to its data processing.

8.3. Delivery

For order delivery, the Data Controller uses the following courier services:

  • DPD Hungary Kft. 

  • Foxpost Zrt. 

The following may be provided to the courier services:

  • name 

  • shipping address 

  • phone number 

  • email address 

8.4. Invoicing

For invoicing, the Data Controller uses the Számlázz.hu system operated by KBOSS.hu Kft.

The service provider processes the data on behalf of the Data Controller, as a data processor.

The following may be provided to the service provider:

  • name 

  • address 

  • phone number 

  • email address 

  • purchase data 

8.5. Analytics and marketing systems

The Data Controller is also present on social media platforms operated by Meta Platforms Inc. for communication and brand presence purposes.

Point 11 of this policy applies to data processing related to the use of social media pages.

These service providers provide communication and brand presence opportunities for the Data Controller through social media platforms.

The Data Controller does not use separate analytics or remarketing systems on the website.

8.6. Newsletter sending

The Data Controller uses the Shopify Email service provided by Shopify Inc. for sending newsletters and marketing messages.

The service provider processes the data on behalf of the Data Controller, as a data processor, and accesses the data necessary for sending newsletters, especially:

  • name 

  • email address 

8.7. Data transfer to third countries

Some data processors, such as Shopify or Meta, may also perform data processing in countries outside the European Union.

Data transfer takes place with appropriate safeguards, in particular:

  • based on an adequacy decision by the European Commission, or 

  • by applying standard contractual clauses 

The Data Controller always strives to ensure that data transfer occurs with appropriate data protection guarantees.

 

 

9. Handling of Cookies

The website uses cookies to improve user experience and ensure the operation of the service.

The use of cookies complies with electronic communication laws, especially Act C of 2003, and takes into account the European Union's ePrivacy Directive on electronic communication data protection.

9.1. What are cookies?

Cookies are small data packets placed on the user's device by the website, which store information about the visit.

Cookies alone are not capable of directly identifying the user, but in certain cases, they can be linked to other data.

Cookies are stored on the user's device and remain there for a specified period.

9.2. Scope of processed data

The data collected by cookies are generally not suitable for direct user identification and are used by the Data Controller solely for the purposes defined in this policy.

During the use of cookies, the following data may be processed:

  • unique identifier 

  • date, time 

  • browsing data 

  • device information 

9.3. Scope of data subjects

All natural persons visiting or using the services of the website.

9.4. Purpose of cookies

  • ensuring the operation of the website 

  • recording user settings and consent preferences 

  • improving user experience 

  • supporting legal compliance through cookie consent management 

The Data Controller uses cookies exclusively for the purposes defined above and does not use cookies for separate analytical or marketing purposes.

The Data Controller ensures that the use of cookies always complies with the relevant legislation.

The Data Controller ensures that the use of cookies does not result in unnecessary data processing.

9.5. Types and legal basis of cookies

a) Essential cookies
These cookies are essential for the proper functioning of the website and for recording user settings and cookie consents.
Legal basis: legitimate interest
Consent: not required

b) Consent management related cookies
These cookies are used to store the user's cookie settings and consent preferences.
Legal basis: fulfillment of legal obligation, or legitimate interest
Consent: no separate consent is required for their operation, as they serve to record the choice

The Data Controller currently does not use separate statistical, analytical, or marketing cookies.

9.6. Consent management

The website uses a cookie management interface (cookie banner) that allows users to consent to or reject the use of non-essential cookies.

If the website uses non-essential cookies in the future, they will only be used with the user's prior, explicit consent.

The user can also modify their cookie settings through their browser settings.

The user has the right to withdraw or modify their consent at any time using the cookie settings.

Regular checking of the operation and settings of the cookie banner on the website is advisable to ensure that the actual operation complies with the provisions of this policy.

Detailed settings for cookie usage are available through the cookie banner interface displayed on the website.

 

 

10. Newsletter and Direct Marketing (DM) Activity

The Data Controller carries out newsletter and direct marketing activities in accordance with the provisions of the GDPR and the legislation on commercial advertising, in particular Act XLVIII of 2008 (Act on Commercial Advertising).

The Data Controller strives to ensure that marketing communication is relevant and valuable to users.

10.1. Consent

The user may explicitly and in advance consent to the Data Controller contacting them electronically with promotional offers, discounts, and other marketing content.

The Data Controller only sends marketing messages based on consent and does not send unsolicited advertising messages.

Giving consent is voluntary and can be withdrawn at any time.

10.2. Scope, purpose, and legal basis of processed data

Processed data: Name
Purpose: Identification
Legal basis: consent

Processed data: Email address
Purpose: Sending newsletters
Legal basis: consent

Processed data: Subscription date
Purpose: Proof of consent
Legal basis: legal obligation

Processed data: IP address (at the time of subscription)
Purpose: Proof of consent
Legal basis: legal obligation

The legal basis for data processing is Article 6(1)(a) of the GDPR, and the relevant advertising legal regulations.

The Data Controller can provide proof of consent if necessary.

10.3. Scope of data subjects

The data subjects of data processing are all natural persons who subscribe to the newsletter service or give their explicit consent thereto.

10.4. Purpose of data processing

The purpose of data processing includes, in particular, the implementation of the following marketing and communication activities:

  • sending electronic messages containing advertisements 

  • providing information about products, promotions, and news 

  • marketing and customer relations activities 

10.5. Duration of data processing

The processing of personal data continues until the consent is withdrawn, i.e., until unsubscribing.

After unsubscribing, the Data Controller immediately ceases data processing related to newsletter sending.

10.6. Unsubscribing

Users can unsubscribe from the newsletter at any time, free of charge and without giving any reason:

  • using the unsubscribe link in the newsletter, or 

  • through the contact details of the Data Controller 

10.7. Other information

  • data processing is based on the user's consent 

  • providing personal data is a condition for sending newsletters 

  • if data is not provided, the Data Controller cannot send newsletters 

  • consent can be withdrawn at any time 

  • withdrawal does not affect the lawfulness of previous data processing 

 

 

11. Social media pages

The Data Controller is present on social media platforms operated by Meta Platforms Inc., particularly Facebook and Instagram, where it engages in communication and brand presence activities.

11.1. Scope of data subjects

The data subjects of data processing are all natural persons who follow, like the Data Controller's social media pages, or interact with the Data Controller through them.

11.2. Scope of processed data

During data processing, the following personal data may be processed, in particular:

  • username 

  • public profile data 

  • data shared or sent by the data subject 

11.3. Purpose of data processing

The purpose of data processing extends to the following, in particular:

  • contact 

  • marketing and communication 

  • sharing and promoting content 

11.4. Legal basis for data processing

The legal basis for data processing is Article 6(1)(a) of the GDPR (consent), and in certain cases, the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR).

11.5. Nature of data processing

Data processing takes place on the social media platforms, so the privacy policy of the respective platform also applies to the processing of data.

The Data Controller does not have full control over the data processing practices of social media platforms.

11.6. Joint controllership

The processing of statistical data related to social media pages is carried out under the joint controllership of the Data Controller and Meta Platforms Ireland Limited.

The details of joint controllership are set out in the terms and conditions published by Meta Platforms.

Further information:
https://www.facebook.com/legal/terms/page_controller_addendum

11.7. Messaging

The Data Controller processes the data subject's personal data on social media pages only if the data subject contacts them directly there, and only for the purpose of making contact.

11.8. Duration of data processing

The duration of data processing is as follows:

  • until consent is withdrawn 

  • for messages, up to 2 years 

The Data Controller does not collect personal data via social media and does not save it into a separate database.

The Data Controller strives not to retain data processed through social media platforms longer than necessary.

 

 

12. Customer Relations and Other Data Processing

12.1. Purpose of data processing

The data subject may contact the Data Controller by email, phone, or via social media platforms.

The purpose of data processing is to handle and respond to incoming inquiries and to ensure contact.

12.2. Scope of processed data

During data processing, the personal data provided by the data subject may be processed, in particular:

  • name 

  • email address 

  • phone number 

  • other data provided by the data subject 

12.3. Legal basis for data processing

The legal basis for data processing is Article 6(1)(a) of the GDPR (consent), or in certain cases, the Data Controller's legitimate interest (Article 6(1)(f) of the GDPR).

12.4. Duration of data processing

The Data Controller retains personal data for a maximum of 2 years or as long as the purpose of data processing persists.

The Data Controller strives not to process personal data longer than necessary.

12.5. Other provisions

The Data Controller uses personal data provided during contact solely for handling the inquiry.

In case of legal obligation or official inquiry, the Data Controller may transfer the necessary data to the authorities.

 

 

13. Rights of Data Subjects

The rights set out in this section are accorded to the data subject under Chapter III of the GDPR.

The data subject has the following rights regarding the processing of their personal data.

The Data Controller ensures that data subjects can exercise these rights easily, transparently, and effectively.

13.1. Right of access

The data subject has the right to obtain confirmation as to whether or not personal data concerning them are being processed, and, where that is the case, access to the personal data and details of the data processing.

13.2. Right to rectification

The data subject has the right to request the rectification of inaccurate personal data and the completion of incomplete data.

13.3. Right to erasure

The data subject has the right to request the erasure of their personal data if the purpose of data processing has ceased, the data subject withdraws their consent, the data processing is unlawful, and there is no other legal basis for data processing.

13.4. Right to restriction of processing

The data subject has the right to request the restriction of data processing if:

  • the accuracy of the personal data is contested 

  • the data processing is unlawful, but the data subject does not request erasure 

  • the Data Controller no longer needs the data, but the data subject requires it for the establishment, exercise or defence of legal claims 

in this case, data processing may only take place within the limits defined by the relevant laws during the period of restriction.

13.5. Right to data portability

The data subject has the right to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used and machine-readable format, and has the right to transmit those data to another controller.

13.6. Right to object

The data subject has the right to object to the processing of their personal data if the legal basis for data processing is the Data Controller's legitimate interest, and the data subject considers this justified due to reasons related to their particular situation.

13.7. Right to withdraw consent

The data subject has the right to withdraw their consent at any time, which does not affect the lawfulness of data processing before the withdrawal.

The Data Controller does not apply automated decision-making or profiling.

13.8. Automated decision-making
The Data Controller does not use automated decision-making or profiling.

 

 

14. Method of exercising rights

The data subject may exercise their rights specified in point 13 in accordance with Articles 12-23 of the GDPR, in the following manner.

The data subject may submit their request, in particular:

  • by mail: 1125 Budapest, Béla király út 16. 

  • by e-mail: regina.colorsport2000kft@gmail.com 

  • by phone: +36 30 934 8834 

Before fulfilling requests, the Data Controller is entitled to verify the identity of the data subject to prevent unauthorised access to personal data.

The Data Controller processes requests in accordance with the relevant legislation, without undue delay, and in a transparent manner.

If the data subject's request is manifestly unfounded or excessive, especially due to its repetitive nature, the Data Controller is entitled to refuse to act on the request or to charge a reasonable fee.

 

 

15. Response time

The Data Controller shall examine the data subject's request in accordance with Article 12 of the GDPR without undue delay, but at the latest within 1 month of receiving the request, and shall respond to it.

Where necessary, taking into account the complexity and number of the requests, this period may be extended by a further two months.

The Data Controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay.

If the Data Controller does not take action on the data subject's request, the Data Controller shall inform the data subject without undue delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

As a general rule, the Data Controller ensures that data subject requests are fulfilled free of charge. If the request is manifestly unfounded or excessive, in particular because of its repetitive character, the Data Controller may charge a reasonable fee or refuse to act on the request.

The Data Controller sends responses to requests in the contact method chosen by the data subject, or, failing this, in an appropriate method chosen by the Data Controller.

If the data subject has submitted the request by electronic means, the Data Controller shall provide the response in electronic form, unless otherwise requested by the data subject.

The Data Controller strives to ensure that the handling of data subject requests is always transparent, prompt, and respects the rights of the data subjects.

 

 

16. Data Processing Security

In processing personal data, the Data Controller applies appropriate technical and organizational measures in accordance with the GDPR to ensure the security of personal data.

The Data Controller particularly protects personal data with the following measures:

  • prevention of unauthorized access 

  • ensuring the confidentiality and integrity of data 

  • maintaining data availability 

  • protection against data loss, data destruction, and data corruption 

  • ensuring the continuous security of systems and services 

The Data Controller implements technical and organizational measures that take into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons.

The Data Controller ensures that only persons who need access to personal data for the performance of their duties and who are subject to appropriate confidentiality obligations have access to it.

The Data Controller regularly reviews and, if necessary, updates the security measures applied to ensure that they comply with current legal and technological requirements.

The Data Controller takes all reasonable measures to ensure that personal data processing is carried out securely.

The level of measures applied is proportionate to the risks of data processing.

 

 

17. Handling of Data Breaches

The Data Controller handles data breaches in accordance with the provisions of Articles 33-34 of the GDPR.

A personal data breach is a security incident leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

The Data Controller investigates all data breaches without undue delay and takes the necessary technical and organizational measures to mitigate the effects of the incident and prevent similar occurrences.

If the personal data breach is likely to result in a risk to the rights and freedoms of natural persons, the Data Controller shall notify the supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it, in accordance with Article 33 of the GDPR.

If the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Data Controller shall also communicate the personal data breach to the data subject without undue delay.

The information provided to data subjects shall include in particular:

  • the nature of the incident 

  • its likely consequences 

  • the measures taken or proposed by the Data Controller 

  • contact details for further information 

The Data Controller maintains a record of data breaches, which includes the circumstances of the incidents, their effects, and the measures taken.

 

 

18. Reporting of Data Breach

The Data Controller handles data breach notifications in accordance with the provisions of Articles 33-34 of the GDPR.

If the personal data breach is likely to result in a risk to the rights and freedoms of natural persons, the Data Controller shall notify the competent supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it, in accordance with Article 33 of the GDPR.

If the notification is not made within 72 hours, the Data Controller shall provide reasons for the delay in the notification.

The Data Controller ensures that the data breach notification is always accurate, complete, and based on available information, reflecting the actual circumstances.

The notification to the supervisory authority shall contain, in particular:

  • the nature of the personal data breach 

  • the categories and approximate number of data subjects and personal data records concerned 

  • the likely consequences of the breach 

  • the measures taken or proposed by the Data Controller 

  • the contact details of the Data Controller 

If the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Data Controller shall communicate the personal data breach to the data subject without undue delay, in accordance with Article 34 of the GDPR.

The data subjects shall be informed in a clear, plain, and transparent manner, and the information shall include, in particular:

  • the nature of the incident 

  • the likely consequences 

  • the measures taken or proposed by the Data Controller 

  • the recommended steps the data subject can take 

The Data Controller is entitled to refrain from informing the data subjects if the conditions set out in Article 34(3) of the GDPR are met.

 

 

19. Complaint Handling

The Data Controller ensures that data subjects and customers can submit their complaints regarding the service or data processing in a simple, transparent, and effective manner.

The Data Controller handles complaints in accordance with the provisions of the GDPR and Act CLV of 1997 on consumer protection.

19.1. Scope, purpose, and legal basis of processed data


During data processing, the following personal data may be processed:

Processed data: Name
Purpose: Identification, contact
Legal basis: legal obligation

Processed data: Email address
Purpose: Contact
Legal basis: legal obligation

Processed data: Phone number
Purpose: Contact
Legal basis: legal obligation

Processed data: Billing name and address
Purpose: Investigation of complaint, identification
Legal basis: legal obligation

The legal basis for data processing is Article 6(1)(c) of the GDPR (fulfillment of legal obligation).

19.2. Scope of data subjects

The data subjects of data processing are all natural persons who submit a complaint regarding the Data Controller's services.

19.3. Method of complaint handling

The data subject may submit their complaint through the Data Controller's contact details, particularly:

  • by postal mail 

  • by electronic mail 

  • by phone 

The Data Controller investigates the complaint and responds to it in accordance with the relevant legislation.

The Data Controller strives to ensure that complaint handling is always fast, transparent, and reassuring for data subjects.

19.4. Deadline for complaint handling

The Data Controller shall investigate and respond substantively to the complaint without undue delay, but at the latest within 30 days of its receipt.

19.5. Duration of data processing

The Data Controller retains data related to the complaint for a maximum of 3 years based on the relevant legislation.

19.6. Other information

Data processing is based on a legal obligation, therefore the data subject is obliged to provide the data necessary for the investigation of the complaint. If the data is not provided, the Data Controller cannot investigate the complaint.

The Data Controller strives to ensure that complaint handling is always transparent, fair, and maximally respectful of the rights of the data subjects.

 

 

20. Legal Remedies

In case of violation of their rights related to the processing of their personal data, the data subject is entitled to seek legal remedies.

The Data Controller strives to resolve any complaints primarily directly, in cooperation with the data subject.

20.1. Right to lodge a complaint with a supervisory authority

The data subject has the right to lodge a complaint with the competent supervisory authority, especially if they consider that the processing of their personal data infringes the provisions of the GDPR.

In Hungary, the competent supervisory authority is:

National Authority for Data Protection and Freedom of Information
Address: 1055 Budapest, Falk Miksa utca 9-11.
Postal address: 1363 Budapest, Pf. 9.
Phone: +36 (1) 391-1400
Email: ugyfelszolgalat@naih.hu
Website: https://www.naih.hu

20.2. Right to judicial remedy

The data subject has the right to a judicial remedy if they consider that their personal data has been processed unlawfully, in particular under Article 79 of the GDPR.

The case falls within the jurisdiction of the competent regional court.

The data subject may initiate proceedings before the court of their habitual residence or place of stay, at their choice.

20.3. Other enforcement options

The data subject is entitled to:

  • lodge a complaint with the supervisory authority 

  • seek judicial remedy 

  • claim compensation or damages under Article 82 of the GDPR, if they have suffered damage as a result of the data processing 

The detailed rules for the enforcement of rights related to data processing are contained in the GDPR and the relevant Hungarian legislation - particularly the Infotv.

 

 

21. Final Provisions

The purpose of this Privacy Policy is to provide comprehensive, understandable, and transparent information to data subjects regarding the processing of personal data.

The Data Controller reserves the right to unilaterally amend this policy, particularly in the event of changes in legislation, changes in official practice, or changes in the service.

Amendments shall enter into force upon publication on the website and shall be applicable to data subjects thereafter.

The Data Controller strives to ensure that the policy always complies with applicable laws, particularly the provisions of the GDPR and the Infotv.

If the data subject wishes to raise a question, comment, or complaint regarding this policy or data processing, they may do so through the Data Controller's contact details.

The Data Controller is committed to protecting personal data and makes every effort to ensure that data processing is transparent, fair, and secure, and complies with relevant legal requirements and serves to maintain user trust.