Detailed information on rights and remedies regarding the processing of personal data.

Privacy Notice and Policy

The purpose of this Privacy Notice is to inform visitors to the website https://webserve.hu operated by the Data Controller ("Website" or "Site") and customers ("Data Subject") about all facts related to the processing of their personal data, their rights and remedies before the processing of their personal data.

This Privacy Notice also contains the internal rules and measures applicable to the Data Controller to ensure that its processing complies with the legislation set out in point 3, and therefore constitutes the Data Controller's policy on the processing of the personal data of Data Subjects.

This Privacy Notice is published by the Data Controller on its Website.
For the purposes of this Privacy Notice:

'personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

"processing" means any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

"controller" means a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or specific criteria for the designation of the controller may also be determined by Union or Member State law;

"processor" means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;

"recipient" means a natural or legal person, public authority, agency or any other body to whom or with which personal data are disclosed, whether or not a third party. Public authorities which may have access to personal data in the context of an individual investigation in accordance with Union or Member State law are not recipients; the processing of those data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;
Data controller and data processor

Data Controller: webserve.hu ; [email protected]
Data processor, hosting provider: cweb.hu ; [email protected]

The data controller will take all reasonable steps to protect the personal data of users processed on the website.

Main legislation on data processing and their abbreviations

Regulation (EU) 2016/679 of the European Parliament and of the Council ("GDPR")
Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information ("Infotv.")
Act CVIII of 2001 on certain issues of information society services ("Eker tv.")
Principles of data management (quality policy)
Fairness, legality and transparency

The Data Controller shall carry out the processing operations (including the collection and processing of data) referred to in this Notice fairly, in accordance with the legal requirements for the processing of personal data and in a transparent manner for the Data Subject.

Goal orientation

The Data Controller collects, processes and uses personal data solely for the purposes set out in this Notice and discloses them only for the purposes of achieving those purposes, in accordance with this Notice and the applicable legal provisions on the processing of personal data. The personal data processed may be disclosed only to the persons involved in the purposes.
Data economy

The Data Controller will only ask the Data Subject to provide personal data which are adequate, relevant and strictly necessary for the purposes of the processing and without which the Data Controller would not be able to provide its services or would not be able to provide them as it undertakes to do.
Accuracy

Data Subjects are responsible for ensuring that the information provided on the website is true, accurate and up to date. However, it is also the responsibility and obligation of the Data Subject to obtain the Data Subject's prior consent if they do not provide their own personal data.

If the Data Subject notifies the Data Controller that his/her data are not accurate, the Data Controller shall promptly ensure the erasure or rectification of such data as set out in this Notice.
Limited shelf life

The Data Controller shall ensure that the personal data are stored in a form which permits identification of the Data Subject only for the time necessary to achieve the purposes for which the personal data are processed. The Data Controller shall therefore determine the duration of the storage of the data in accordance with this principle.
Data security

The Data Controller shall take all necessary measures to ensure the secure, non-destructive handling of both paper and electronically stored data and the establishment and operation of the necessary data management systems. The controller shall ensure that the data processed cannot be accessed, disclosed, transmitted, modified or deleted by unauthorised persons. The Controller shall make every reasonable effort to ensure that the data are not accidentally damaged or destroyed. The Data Controller shall also impose the above commitment on the processors used in the course of its processing activities.

This includes virus and firewall protection on computers and physical protection of data and storage devices. Computers and databases are password-protected, so that personal data can only be accessed by authorised persons. Electronic data is backed up.

The Data Controller will always comply with the latest requirements/standards, including the length and signing algorithms of SSL/TLS keys.

Order-related data processing

Purpose of data processing: fulfillment of the order, delivery of the product, contact for order confirmation and delivery

Legal basis for processing: necessary for the performance of the contract - Article 6 (1) (b) GDPR, § 13/A of the Eker tv.

Affected categories: customers placing orders via the website

Data processed: name of the customer, delivery address (county, municipality, postcode, street name, house number, floor, door, bell), e-mail address, telephone number, other comments on the order

Who has access to it? only the Data Controller

Duration of data processing: 5 years after completion. Email address, phone number and other comments will be deleted after the service is completed (except point 7).

Data transmission: courier company, storage provider.

Possible consequences of not providing the data: the Data Subject cannot place an order on the website.

Please be informed that if you do not consent to the use of your e-mail address and telephone number for marketing purposes (see point 7), these data will be deleted after the service has been completed.
Issuing an invoice

Purpose of processing: contact by e-mail, based on the completion of a request for proposal form by the Data Subject, to which the Data Subject must consent to the Request for proposal in the form of an invoice or an accounting voucher

Legal basis for processing: necessary for the performance of a contract - Article 6 (1) (b) GDPR, necessary for the performance of a legal obligation - Article 6 (1) (c) GDPR, Section 45 of Act XCII of 2003 on the Taxation Code, Section 169 (2) of the Act on the Tax Code

Affected categories: customers placing orders via the website

Data processed: billing name, billing address (county, municipality, postal code, street name, house number, floor, door, bell), payment method, issue, fulfillment, payment date, product name, net and gross price of products, total amount of order

Who has access to it? only the Data Controller

Duration of data processing: eight years in accordance with Section 169 (2) of the Act on the Payment of Bills of Accounts

Data transmission: invoices are transmitted to the accountant. The invoices are sent to the accountant.

Possible consequences of not providing the data: the Data Subject cannot place an order on the website.

Marketing contacts: sending newsletters, telemarketing

Purpose of data processing: information about discounts, promotions, new product launches

Legal basis for processing: consent of the data subject - Article 6(1)(a) GDPR.

You can give your consent by ticking the checkboxes when placing your order, and you can subscribe to our newsletter and telemarketing service at any time by clicking on this menu item on the Website. You can withdraw your consent at any time, without giving any reason, by sending an e-mail or a paper request, or unsubscribe by using the link in the newsletter. If you withdraw your consent, your personal data will be deleted (see point 12.3).

Categories of data subjects: customers who consent to data processing for marketing purposes

Data processed: name, email address, telephone number

Who has access to it? only the Data Controller

Duration of processing: until the withdrawal of the data subject's consent.

Data transmission: hosting provider.

Possible consequences of not providing the data: the Data Subject will not receive newsletters, telephone information about current discounts, promotions, newly introduced products.
Handling quality complaints

Purpose of processing: to handle quality complaints about the services provided by the Data Controller.

Legal basis for processing: necessary for the performance of a contract - Article 6 (1) (b) GDPR, necessary for the performance of a legal obligation - Article 6 (1) (c) GDPR, Article 17/A (3)-(7) of Act CLV of 1997 on Consumer Protection.

Categories of persons concerned: customer lodging a complaint or objection

Data processed: the unique identification number of the complaint, the name and address of the consumer, the place and time of the complaint, the method of lodging the complaint, the list of documents, records and other evidence submitted by the consumer, the description of the complaint, the place and time of the recording of the report and the name of the person who recorded the report, the signature and, in the case of withdrawal, the product.

Who has access to it? only the Data Controller

Duration of data processing: five years for the copies of the minutes of the complaint and the written replies to the complaints pursuant to Section 17/A (7) of the Act on the Protection of Consumer Rights and Fundamental Freedoms, and two years for the copies of the entries in the customer register.

Data transmission: none.

Possible consequences of not providing the data: the Data Subject cannot exercise his/her consumer rights.
Contacting the Data Controller

Please be informed that if you contact the Data Controller by e-mail, requesting information or information about the product or the Data Controller's service prior to placing an order, the Data Controller will be aware of your personal data contained in the e-mail. We inform you that you consent to the processing of your data in this case by sending the message (Article 6(1)(a) GDPR).

Purpose of processing: information, answering a question

Legal basis for processing: consent of the data subject - Article 6(1)(a) GDPR.

You give your consent by sending the message. You may withdraw your consent at any time, without giving any reason, by sending an e-mail or a paper request. In case of withdrawal of consent, your personal data will be deleted (see point 12.3).

Affected categories: customers sending a message

Data processed: name, email address

Who has access to it? only the Data Controller

Duration of processing: messages will be deleted once the communication has ended (unless there is another processing purpose).

Data transmission: none.

Possible consequences of not providing the data: the Data Subject cannot ask questions by e-mail.
Information about cookies

A cookie is a packet of variable alphanumeric information sent by a web server, which is stored on the User's computer and stored for a predetermined period of time. The use of cookies allows the User to retrieve certain data and to monitor his/her Internet usage.

The Data Controller informs the Data Subject that the Data Controller uses Google Analytics, Google Remarketing, AdWords Conversion Tracking to measure the number of visits to the Website and to monitor the behaviour of its visitors, to compile statistics and to monitor the effectiveness of its advertising.

These programs place cookies on the user's computer which collect user data. Visitors to the Website (Users) can authorise the use of Google Analytics, Google Remarketing, AdWords Conversion Tracking programs by the Data Controller in the pop-up page, and they also consent to the monitoring and tracking of their user behaviour and to the use of all services provided by the programs to the Data Controller.

In addition, the user has the option to opt-out of future cookie recording and storage at any time, as described below. According to Google, Google Analytics mainly uses first-party cookies to report on visitor interactions on your website. These cookies only record non-personally identifiable information. Browsers do not share their own cookies between domains. For more information about cookies, please see the Google Ads and Privacy FAQ at https://www.google.com/intl/hu/policies/technologies/ads/.

Google Analytics

The Data Controller uses Google Analytics primarily to produce statistics, including to measure the effectiveness of its activities. By using the program, the Data Controller mainly obtains information about the number of visitors to its Website and the time spent on the Website. The program recognises the IP address of the visitor and can therefore track whether the visitor is a returning or new visitor, and can also track the path the visitor has taken on the Website and where he or she has accessed.

Google Remarketing (Not currently in use)

In addition to the usual data from Google Analytics, the Data Controller also collects data from the DoubleClick cookie by using the Google Remarketing program. The DoubleClick cookie is used to use the remarketing service, which primarily ensures that visitors to the Website are subsequently exposed to the Controller's advertisements in free Google advertising spaces. The Controller uses Google Remarketing for its online advertising. The Data Controller's advertisements are also displayed on websites by third-party service providers, such as Google. The Data Controller and third party service providers, such as Google, use their own cookies (such as Google Analytics cookies) and third party cookies (such as the DoubleClick cookie) together to track users' previous visits to the Website and to optimise and display advertisements.

Google AdWords conversion tracking

The purpose of Google AdWords conversion tracking is to enable the Data Controller to measure the effectiveness of AdWords advertising. This is done by means of cookies placed on the User's computer, which exist for 30 days and do not collect any personal data.

The purpose of using the above cookies is to measure the number of visits to the site and to provide traffic analytics by collecting anonymised traffic data. This data does not allow the Data Subject to be identified, either directly or indirectly.

Disable cookies

You can delete the use of cookies in your internet browser or disable them in the privacy settings of your browser. You can find help on the following links:

Users who do not want Google Analytics to report on their visit can install a browser extension to block Google Analytics. This add-on instructs the Google Analytics JavaScript scripts (ga.js, analytics.js, and dc.js) to stop sending visit information to Google.

To disable Analytics web activity, visit the Google Analytics opt-out page and install the extension on your browser. For more information on installing and removing the add-on, please refer to the help for your browser.
Rights of the data subjects

11.1. Right of access

Data Subjects have the right to request information from the Data Controller about the processing of their personal data, in particular the purpose of the processing, the legal basis of the processing, the personal data processed, the identity of the data processor and the right to lodge a complaint.

The Data Controller shall provide the information to the Data Subject free of charge. If the Data Subject's request is clearly unfounded or excessive, in particular due to its repetitive nature, the Data Controller shall be entitled to claim a reasonable fee (in case of paper-based information: 30 HUF/ sheet).

The application may be submitted electronically or by post, the rules for which are set out in point 14.

The Data Controller shall respond to the request in an intelligible form within the shortest possible time from the date of the request, but not later than 25 days.

11.2. Right to rectification

The Data Subject may request the rectification of his/her personal data if they are not accurate. He/she also has the right to request the completion of incomplete personal data.

As soon as possible after receipt of the request, the Data Controller shall examine the legitimacy of the request. If the Data Controller finds the User's request to be unfounded and refuses to comply with it, it shall notify the Data Subject in writing of the refusal and the reasons for the refusal, together with the remedy, within 25 days of receipt of the request.

Right to erasure

The Controller shall delete personal data relating to the Data Subject if:

the processing is unlawful;
the Data Subject withdraws his or her consent to the processing of personal data and there is no other legal basis for the processing;
the User's personal data is incomplete or inaccurate and this situation cannot be lawfully remedied, provided that deletion is not excluded by law;
the purpose of the processing has ceased;
ordered by a court or the National Authority for Data Protection and Freedom of Information.

The deletion requested by the Data Subject may only concern the deletion of data processed on the basis of his or her consent, and therefore does not affect the scope of data subject to mandatory processing required by law. However, the Data Controller is entitled to process the Data Subject's personal data even after the Data Subject's request for erasure, if the processing of the Data Subject's data is necessary for the purposes of the performance of a contract, the fulfilment of a legal obligation or the pursuit of a legitimate interest pursued by the Data Controller.

The application must be made as set out in point 14.

11.4. Right to restriction of processing

At the request of the Data Subject, the Data Controller shall restrict the processing in the following cases:

the data subject contests the accuracy of the personal data, in which case the restriction applies for the period of time necessary to allow the controller to verify the accuracy of the personal data;
the data processing is unlawful and the data subject opposes the erasure of the data and requests instead the restriction of their use;
the controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or
the data subject has objected to the processing; in this case, the restriction applies for the period until it is established whether the legitimate grounds of the controller override those of the data subject.

The application must be made as set out in point 14.

11.5 Right to data portability

The Data Subject has the right to receive personal data provided to the Data Controller in machine-readable format or to have the Data Controller transmit such data to another controller designated by the Data Subject, where the processing is based on the data subject's consent or on a contract (Article 6(1)(a) and (b) GDPR).

The application must be made as set out in point 14.

11.6. Right to object

The Data Subject may object to the processing of his or her personal data if the processing or transfer of the personal data is necessary for the purposes of the legitimate interests pursued by the Controller or a third party (except in the case of mandatory processing).

The Data Subject may submit a request to the Data Controller in accordance with point 14.

If the Data Controller considers the Data Subject's objection to be justified, the Data Controller shall delete the personal data without undue delay.

Remedies available

In the event of unlawful data processing or refusal of a request for information, rectification, erasure, restriction, data portability or objection, the Data Subject may contact the National Authority for Data Protection and Freedom of Information (Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; Postal address: 1530 Budapest, Pf.:5; Email address: [email protected]) or the court of his/her place of residence or domicile.

Rules concerning the request sent by the Data Subject to the Controller

The Data Subject shall send the requests indicated in this Notice and the withdrawal of consent to data processing in writing to the following address:

Email: [email protected]

The Data Controller shall examine the requests received and shall comply with the request within 25 days of receipt of the request at the latest, or, if the Data Controller finds the Data Subject's request to be unfounded and refuses to comply with it, it shall notify the Data Subject in writing of the refusal and the reasons for the refusal, together with the remedy, within 25 days of receipt of the request. The Data Controller shall only send a written notification to the Data Subject in the event of refusal of the request, except for requests under point 11.1.

The Data Controller will only consider a request sent by e-mail to be authentic if it is sent from an e-mail address already provided by the Data Subject and treated as personal data. The Data Controller is entitled to request additional data to identify the Data Subject in case of doubt as to whether the person requesting the data is the Data Subject.

Procedure in the event of a data breach

Data breach: accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.

If you become aware of a data breach as defined above in relation to your personal data processed by the Data Controller, please notify us immediately using the contact details provided in section 9. The Data Controller will investigate the data breach without delay and notify the National Authority for Data Protection and Freedom of Information of the data breach within 72 hours of becoming aware of it, unless the data breach is unlikely to pose a risk to the rights and freedoms of data subjects, and will take measures to remedy the incident. The Data Controller shall keep records of data protection incidents.

Acceptance and amendment of the Privacy Notice

The Affected Persons in the Website or by placing an order, you accept the terms of this Privacy Policy.

The Data Controller is entitled to amend this Privacy Notice unilaterally. The amended Privacy Notice will be published on the Website.

Effective: from 1 May 2022.

New article release notification

 

 

 

Sign up!

Successful subscription!