Barion Pixel

Privacy Policy

Introduction

Nagy András János e.v., 7624 Pécs, Pacsirta utca 20., tax number: 14686924-2-02 (hereinafter referred to as: “Service Provider”, “Data Controller”) submits itself to the following information.

The following information is provided under the REGULATION (EU) 2016/679 OF THE EUROPEAN PARTIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and the repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation).

This Privacy Policy governs the processing of the following pages: printingit.hu

 

This data management information sheet regulates the data management of the following websites:
tszittoszerfutar.hu

The privacy policy is available at: https://printingit.hu/en/adatkezeles/
Amendments to this notice will enter into force upon publication at the above address

Data controller and contact details
Name: Nagy András János e.v.
Headquarters: 7624 Pécs, Pacsirta utca 20
E-mail: printingit.hu@gmail.com
Phone: +3620 484 9920

Contact details of the data protection officer
Name: Nagy András János
Headquarters: 7624 Pécs, Pacsirta utca 20
E-mail: printingit.hu@gmail.com
Phone: +3620 484 9920

Definition of terms

  • “personal data”: any information relating to an identified or identifiable natural person (“data subject”); a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable;

  • “data management”: any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or otherwise by making available, coordinating or connecting, limiting, deleting or destroying;

  • “data controller”: the natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others; if the purposes and means of data management are determined by EU or member state law, the data controller or the special aspects regarding the designation of the data controller may also be determined by EU or member state law;
  • “data processor”: the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller;

  • “recipient”: the natural or legal person, public authority, agency or any other body to whom or to which the personal data is communicated, regardless of whether it is a third party. Public authorities that have access to personal data in accordance with EU or Member State law in the context of an individual investigation are not considered recipients; the management of said data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of data management;
  •  
  • “consent of the data subject”: the voluntary, specific and clear declaration of the will of the data subject based on adequate information, with which the data subject indicates by means of a statement or an act clearly expressing the confirmation that he gives his consent to the processing of personal data concerning him;

  • “data protection incident”: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise handled.

Principles on the protection of personal data

Personal data:

(a) be processed lawfully and fairly and in a transparent manner (“lawfulness, fairness and transparency”);

(b) be collected only for specified, explicit and legitimate purposes and not processed in a way incompatible with those purposes; further processing for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes shall not be considered incompatible with the original purpose in accordance with Article 89(1). (“purpose limitation”)

(c) be adequate and relevant for the purposes of the processing and limited to what is necessary (“data economy”)

(d) be accurate and, where necessary, up to date; all reasonable steps must be taken to ensure that personal data which are inaccurate for the purposes for which they are processed are erased or rectified without delay (“accuracy”)

(e) it must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be kept for longer periods only if the personal data will be processed for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1), the persons concerned by this Regulation subject to the implementation of appropriate technical and organisational measures to safeguard the rights and freedoms of individuals as provided for in this Regulation (“limited storage”)

(f) be carried out in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, by using appropriate technical or organisational measures (“integrity and confidentiality”)

The controller is responsible for compliance with the above and must be able to demonstrate such compliance (“accountability”).

Data management

Data management related to website operation

1. The fact of data collection, the scope of processed data and the purpose of data management:

Personal data Purpose of data management
Surname and first name Required to contact you, to make a purchase and to issue a regular invoice
E-mail address Required to maintain contact
Phone number Maintaining contact, negotiating billing or delivery issues more efficiently
Billing name and address Issuing the regular invoice, as well as creating the contract, defining its content, amending it, monitoring its performance, invoicing the resulting fees, and asserting related claims.
Shipping name and address Enabling home delivery.
Date of purchase/registration Execution of a technical operation.
The IP address at the time of purchase/registration Execution of a technical operation.

Neither the username nor the e-mail address is required to
contain personal data.

2. Data subjects: all customers on the website are data subejcts.

3. Duration of data management, deadline for deletion of data: Immediately upon cancellation of registration. Based on Article 19 of the GDPR, the data controller informs the data subject electronically of the deletion of any personal data provided by the data subject. If the data subject’s deletion request also covers the e-mail address he/she has provided, the data controller will also delete the e-mail address after the information has been provided. Except in the case of accounting documents, as this data must be kept for 8 years based on § 169 (2) of Act C of 2000 on accounting.

The accounting documents directly and indirectly supporting the bookkeeping (including ledger accounts, analytical and detailed records) must be kept in legible form for at least 8 years, in a way that can be retrieved by reference to the accounting records.

4. Person of possible data controllers entitled to access the data, recipients of personal data: Personal data can be handled by the data controller’s sales and marketing staff, in compliance with the above principles.

5. Description of data subjects’ rights in relation to data processing:

    • The data subject may request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and
    • object to the processing of such personal data, and
    • the data subject has the right to data portability, and to withdraw consent at any time.

6. The data subject may object to the processing of pesonal data, the access, erasure, modification or restriction of processing, portability of data, withdrawal of consent in the following ways:

    • by post to the following address: Nagy András János ev., 7624 Pécs, Pacsirta u. 20.
    • by e-mail to: printingit.hu @gmail.com
    • by phone: +3620 484 9920

7. Legal basis for data processing

7.1. Article 6. (1) b) of the GDPR

7.2. Section 13/A (3) of Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (hereinafter: Elker Act):

The service provider may process personal data that are technically necessary for the provision of the service.The provider must, other conditions being equal, choose and in any case operate the means used in the provision of the information society service in such a way that personal data are processed only to the extent strictly necessary for the provision of the service and for the fulfilment of the other purposes laid down in this Act, but only to the extent and for the duration necessary.

7.3. In case of issuing invoice in accordance with accounting legislation, Article 6(1) paragraph 6(c).

7.4. In the event of enforcement of claims arising from the contract, 5 years pursuant to § 6:21 of Act V of 2013 on the Civil Code.

§ 6:22 [Limitation period]
(1) Unless otherwise provided by this Act, claims shall be time-barred after five years.
(2) The limitation period shall begin to run when the claim becomes due.
(3) An agreement to change the limitation period shall be in writing.
(4) An agreement excluding the limitation period is void.

8. Please be informed, that

    • data processing is necessary for the performance of a contract.
    • you must provide personal information so that we can fulfil your order.
    • failure to provide data will result in our inability to process your order.

Data prodessors used

Delivery

  • Activity provided by the data processor: Delivery of products, transport
     Nagy András ev.
  • The fact of the data management, the scope of the managed data: Delivery name, delivery address, telephone number, e-mail address.
  • Scope of stakeholders: All stakeholders requesting home delivery.
  • Purpose of data management: Delivery of the ordered product to your home.
  • Duration of data management, deadline for data deletion: It lasts until the home delivery is completed.
  • Legal basis for data processing: Article 6, paragraph 1, point b).

Hosting provider

  • Activity provided by data processor: Storage service
  • Name and contact information of the data processor:
    •  
      • Béla Mezey ev  (hosting provider)
        Headquarters: 7630 Pécs, Basamalom út 15.
        contact@belamezey.eu
  • Fact of data management, scope of managed data: All
    personal data provided by the data subject.
  • Scope of stakeholders: All stakeholders who use the website.
  • Purpose of data management: Making the website available and operating it properly.
  • Duration of data management, deadline for data deletion: Data management lasts until the termination of the agreement between the data manager and the
    storage provider, or until the
    deletion request addressed to the storage provider by the data subject.
  • Legal basis for data processing: Article 6 (1) points c) and f) and CVIII of 2001 on certain issues
    of electronic commerce services and services related to the information society. Act 13/A. (3) of §

Recipients with whom personal data is communicated (data transmission):

Online payment

  • Activity performed by the Recipient: Online payment
  • Online bank card payments are made through Barion’s system. The bank card data will not reach the merchant. Barion Payment Zrt., which provides the service, is an institution under the supervision of the Magyar Nemzeti Bank, license number: H-EN-I-1064/2013.
  • Recipient’s name and contact information:
    •  
      • Barion Payment Zrt.
        1117 Budapest
        Irinyi József utca 4-20. 2nd Floor.
        compliance@barion.com
        Phone number: +36 1 464 7099
  • The fact of the data management, the scope of the managed data: Billing data, name, e-mail address
  • Scope of stakeholders: All stakeholders who choose to pay on the website.
  • Purpose of data management: Online payment processing, transaction confirmation
    and fraud monitoring for the protection of users
  • Duration of data management, deadline for data deletion:
    Lasts until the online payment is completed.
  • Legal basis for data processing: Article 6, paragraph 1, point b) of the GDPR. Data processing is necessary for online payment at the request of the data subject.
  • The rights of the data subject:
    a. You can find out about the conditions of data management,
    b. You have the right to receive feedback from the data controller as to whether your
    personal data is being processed, and you have the right to access
    all information related to data processing.
    c. You have the right to receive your personal data in a segmented, widely
    used, machine-readable format.
    d. You are entitled to
    have your inaccurate personal data corrected without undue delay upon your request.

Management of cookies

  • Cookies typical for online stores are the so-called “cookie used for a password-protected session”, “cookies required for the shopping cart” and “security cookies”, the use of which does not require prior consent from the data subjects.
  • The fact of the data management, the scope of the managed data: Unique identification number, dates,
    times
  • Scope of stakeholders: All stakeholders visiting the website.
  • Purpose of data management: Identification of users, registration of the “shopping basket” and tracking of visitors.
  • Duration of data management, deadline for data deletion:
    •  
      • Cookie Type : Session cookies
      • Legal basis for data processing : Article 13/A (3) of Act CVIII of 2001 on certain aspects of electronic commerce services and information society services
      • Duration of processing until the end of the relevant visitor session
      • Data processed : connect.sid
  • Identity of the potential data controllers: no personal data are processed by the data controller through the use of cookies.
  • Description of data subjects’ rights in relation to data processing: data subjects have the possibility to delete cookies in the Tools/Preferences menu of their browsers, usually under the Privacy settings.
  • Legal basis for data processing: no consent is required from the data subject where the sole purpose of the use of cookies is to provide a communication over an electronic communications network or where the service provider strictly needs the cookies to provide an information society service explicitly requested by the subscriber or user.

Using Google Adwords conversion tracking

  • The data controller uses the online advertising program called “Google AdWords”, and also uses Google’s conversion tracking service within its framework. Google conversion tracking is an analytics service of Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; “Google”).
  • When a User accesses a website through a Google ad, a cookie required for conversion tracking is placed on their computer. The validity of these cookies is limited and they do not contain any personal data, so the User cannot be identified by them.
  • When the User browses certain pages of the website and the cookie has not yet expired, both Google and the data controller can see that the User has clicked on the ad.
  • Each Google AdWords customer receives a different cookie, so they cannot be tracked through the websites of AdWords customers.
  • The information – obtained with the help of conversion tracking cookies – serves the purpose of creating conversion statistics for customers who choose AdWords conversion tracking. In this way, clients are informed about the number of users who click on their ad and are redirected to a page with a conversion tracking tag. However, they do not get access to information that could identify any user.
  • If you do not want to participate in conversion tracking, you can refuse this by disabling the installation of cookies in your browser. After that, you will not be included in the conversion tracking statistics.
  • Further information and Google’s data protection statement
    are available on the following page:  https://policies.google.com/privacy?gl=hu

Use of Google Analytics

  • This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are saved on your computer, thus facilitating the analysis of the use of the website visited by the User.
  • The information created by cookies related to the website used by the User is usually sent to and stored on one of Google’s servers in the USA. By activating IP anonymization on the website, Google shortens the User’s IP address beforehand within the member states of the European Union or in other states that are parties to the Agreement on the European Economic Area.
  • The full IP address is transmitted to a Google server in the USA and shortened there only in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate how the User used the website, to prepare reports related to website activity for the website operator, and to provide additional services related to website and Internet use.
  • Within the scope of Google Analytics, the IP address transmitted by the User’s browser
    is not combined with other Google data. The User can prevent the storage of cookies by setting their browser accordingly, but please note that in this case, not all functions of this website may be fully usable. You can also prevent Google from collecting and processing the User’s website usage data (including IP address) through cookies by downloading and installing the browser plugin available at the following link. https://tools.google.com/dlpage/gaoptout?hl=en

Complaint handling

  • The fact of data collection, the scope of processed data and the purpose of data management:
Personal data Purpose of data management
Surname and first name Identification, contact.
E-mail address Keeping in touch.
Phone number Keeping in touch.
Billing name and address Identification, handling of quality objections, questions and problems arising in connection with the ordered products.
  • The scope of the affected parties: All those who buy on the webshop website and complain about the quality
  • Duration of data management, deadline for deletion of data: Copies of the minutes, transcripts and the response to the objection taken in the CLV of 1997 on consumer protection. Act 17/A. § (7) must be kept for 5 years.
  • Person of the possible data controllers entitled to access the data, recipients of the personal data: Personal data can be handled by the sales and marketing staff of the data controller, in compliance with the above principles.
  • Description of the rights of data subjects related to data management:
    •  
      • The data subject may request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and
      • you can object to the processing of such personal data, as well as
      • the data subject has the right to data portability and to withdraw consent at any time.
  •  
  • The data subject can initiate access to personal data, their deletion, modification or
    limitation of processing, portability of data,
    objection to data processing in the following ways:
    •  
      • by post to 7624 Pécs, Pacsirta u. at address 20,
      • by e-mail at the e-mail address printingit.hu@gmail.com,
      • by phone at +3620 484 9920.
  •  
  • Legal basis for data management: Article 6 (1) point c) and CLV of 1997 on consumer protection. Act 17/A. (7) of §
  • We inform you that
    •  
      • the provision of personal data is based on a contractual obligation.
      • the processing of personal data is a prerequisite for the conclusion of the contract.
      • must provide personal data so that we can handle your complaint.
      • Failure to provide data will result in us not being able to handle your complaint.

Community sites

  • The fact of data collection, the range of data processed: Facebook / Google+ / Twitter / Pinterest / YouTube / Instagram, etc. the name registered on social networking sites and the user’s public profile picture.
  • Scope of stakeholders: All stakeholders who are registered on Facebook / Google+ / Twitter / Pinterest / YouTube / Instagram, etc. on social networking sites and “liked” the website.
  • Purpose of data collection: To promote the sharing or “liking” of certain content elements, products, promotions or the website itself on social networking sites.
  • The duration of the data management, the deadline for the deletion of the data, the identity of the possible data controllers entitled to access the data and the description of the rights of the data subjects related to data management: The data subject can find information about the source of the data, its management, the method of transfer and its legal basis on the given social media page. Data management takes place on social networking sites, so the duration and method of data management, as well as the options for deleting and modifying data, are governed by the regulations of the respective social networking site.
  • The legal basis for data management: the voluntary consent of the concerned person to the processing of his personal data on social networking sites.

Customer relations and other data management

  • If a question arises when using our data management services, or if the data subject has a problem, you can contact the data manager using the methods provided on the website (telephone, e-mail, social media sites, etc.).
  • The data controller processes received e-mails, messages, on the phone, on Facebook, etc. data provided, together with the name and e-mail address of the interested party, as well as other voluntarily provided personal data, will be deleted after a maximum of 2 years from the date of data communication.
  • We provide information on data management not listed in this information when the data is collected.
  • The Service Provider is obliged to provide information, communicate and transfer data, and make documents available in the event of an exceptional official inquiry, or in the event of an inquiry by other bodies based on the authorization of the law.
  • In these cases, the Service Provider only releases personal data to the requester – if he has specified the exact purpose and the scope of the data – to the extent and to the extent that is absolutely necessary to achieve the purpose of the request.

Rights of data subjects

1. Right of access

You are entitled to receive feedback from the data controller as to whether your personal data is being processed, and if such data processing is underway, you are entitled to access the personal data and the information listed in the regulation.

2. Right to rectification

You have the right to request that the data controller correct inaccurate personal data concerning you without undue delay. Taking into account the purpose of data management, you are entitled to request the completion of incomplete personal data, including by means of a supplementary statement.

3. Right to erasure

You have the right to request that the data manager delete your personal data without undue delay, and the data manager is obliged to delete your personal data without undue delay under certain conditions.

4. The right to be forgotten

If the data controller has made the personal data public and is required to delete it, it will take reasonable steps, including technical measures, taking into account available technology and the costs of implementation, to inform the data controllers that you have requested the personal data in question the deletion of links or duplicates of these personal data.

5. The right to restrict data processing

You have the right to have the data controller restrict data processing at your request if one of the following conditions is met:

      • You dispute the accuracy of the personal data, in which case the limitation applies to the period that allows the controller to check the accuracy of the personal data;
  •  
      • the data processing is unlawful and you object to the deletion of the data and instead request the restriction of its use;
  •  
      • the data controller no longer needs the personal data for the purpose of data management, but you require them to submit, enforce or defend legal claims;
  •  
      • You have objected to data processing; in this case, the limitation applies to the period until it is determined whether the legitimate reasons of the data controller take precedence over your legitimate reasons.

6. The right to data portability

You have the right to receive the personal data about you that you have provided to a data controller in a segmented, widely used, machine-readable format, and you have the right to transfer this data to another data controller without being hindered by the data controller whose provided the personal data to you (…)

7. Right to protest

You are entitled to object at any time to the processing of your personal data by (…), including profiling based on the aforementioned provisions, for reasons related to your own situation.

8. Protest in the event of direct business acquisition

If personal data is processed for direct business acquisition, you have the right to object at any time to the processing of your personal data for this purpose, including profiling, if it is related to direct business acquisition. If you object to the processing of personal data for direct business purposes, then the personal data may no longer be processed for this purpose.

9. Automated decision-making in individual cases, including profiling

You have the right not to be subject to the
scope of a decision based solely on automated data management, including profiling, which would have legal effects on you or affect you to a similar extent. The previous paragraph does not apply if the decision:

  •  
  •  
      • It is necessary to conclude or fulfill the contract between you and the data controller;
  •  
      • it is made possible by EU or member state law applicable to the data controller, which also establishes appropriate measures for the protection of your rights and freedoms, as well as your legitimate interests; obsession
  •  
      • It is based on your express consent.

Action deadline

The data controller will inform you of the measures taken following the above requests without undue delay, but in any case within 1 month from the receipt of the request. If necessary, this can be extended by 2 months. The data controller will inform you of the extension of the deadline, indicating the reasons for the delay, within 1 month of receiving the request. If the data controller does not take measures following your request, it will inform you without delay, but at the latest within one month of the receipt of the request,
of the reasons for the failure to take action, as well as of the fact that you can file a complaint with a supervisory authority and exercise your right to judicial redress.

Security of data management

The data manager and the data processor implement appropriate technical and organizational measures, taking into account the state of science and technology and the costs of implementation, as well as the nature, scope, circumstances and purposes of data management, as well as the variable probability and severity of the risk to the rights and freedoms of natural persons. , to guarantee a level of data security appropriate to the degree of risk, including, among others, where appropriate:

a) pseudonymization and encryption of personal data;

b) ensuring the continuous confidentiality, integrity, availability and resilience of the systems and services used to manage personal data;

c) in the event of a physical or technical incident, the ability to restore access to personal data and the availability of data in a timely manner;

d) a procedure for
regularly testing, assessing and evaluating the effectiveness of technical and organizational measures taken to guarantee the security of data management.

Informing the data subject about a data protection incident

If the data protection incident likely entails a high risk for the rights and freedoms of natural persons, the data controller shall inform the data subject of the data protection incident without undue delay.

In the information provided to the data subject, the nature of the data protection incident must be clearly and comprehensibly described, and the name and contact information of the data protection officer or other contact person providing additional information must be provided; the likely consequences of the data protection incident must be described; the measures taken or planned by the data controller to remedy the data protection incident must be described, including, where applicable, measures aimed at mitigating any adverse consequences resulting from the data protection incident.

The data subject does not need to be informed if any of the following conditions are met:

      • the data controller has implemented appropriate technical and organizational protection measures and these measures have been applied to the data affected by the data protection incident, in particular those measures – such as the use of encryption – that make the personal data unintelligible to persons not authorized to access the personal data data;
      • after the data protection incident, the data controller has taken additional measures to ensure that the high risk to the rights and freedoms of the data subject is unlikely to materialize in the future;
      • providing information would require a disproportionate effort. In such cases, the data subjects must be informed through publicly published information, or a similar measure must be taken that ensures similarly effective information to the data subjects.

If the data controller has not yet notified the data subject of the data protection incident, the supervisory authority, after considering whether the data protection incident is likely to involve a high risk, may order the data subject to be informed.

Reporting a data protection incident to the authority

The data controller shall report the data protection incident to the competent supervisory authority pursuant to Article 55 without undue delay and, if possible, no later than 72 hours after becoming aware of the data protection incident, unless the data protection incident is likely to pose no risk to the rights of natural persons and freedoms. If the notification is not made within 72 hours, the reasons justifying the delay must also be attached.

Possibility of filing a complaint

You can file a complaint with the National Data Protection and Freedom of Information Authority against possible violations of the data controller:

National Data Protection and Freedom of Information Authority
1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, PO Box: 5.
Phone: +36 -1-391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu

Final word

During the preparation of the information, we paid attention to the following legislation:

      • REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL On the protection of natural persons with regard to the processing of personal data and on the free flow of such data and on the repeal of Regulation 95/46/EC (General Data Protection Regulation) (April 2016) 27.) CXII of 2011. Act – on the right to self-determination of information and freedom of information (hereinafter: Infotv.)
      • CVIII of 2001 Act – on certain issues of electronic commercial services and services related to the information society (mainly § 13/A)
      • XLVII of 2008 law – on the prohibition of unfair trade practices towards consumers;
      • XLVIII of 2008 Act – on the basic conditions and certain limitations of economic advertising (especially § 6.a)
      • XC of 2005. Act on Electronic Freedom of Information
      • Act C of 2003 on electronic communications (specifically § 155.a)
      • 16/2011. s. Opinion on the EASA/IAB Recommendation on Best Practices for Behavioral Online Advertising
      • The recommendation of the National Data Protection and Freedom of Information Authority on the data protection requirements of prior information
      • Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free flow of such data and repealing Regulation 95/46/EC

        02 May 2023personal data: any information relating to an identified or identifiable natural person (“data subject”);   an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

        data management / processing: any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, erasure or destruction 

        controller: a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by EU or member state law, the controller or the specific criteria for his nomination may be designated by EU or member state law

        processor: a natural or legal person, public authority, agency  or any other body which processes personal data on behalf of the controller

        recipient: a natural or legal person, public authority, agency or any other body to whom personal data are disclosed, wheter a third party or not. Public authorities which may have access to personal data in the context of an individual investigation in accordance with EU or member state law are not recipients; the processing of those data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing

        the data subject’s consent: any freely given specific, informed and explicit indication of the data subject’s wishes by which the data subject, either by statement or by clear affirmative action signifies agreement to personal data relating to them being processed

        data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processedThe data subject may request the controller to access, rectify, erase or restrict the processing of personal data related to the data subject, and7.2. Section 13/A (3) of Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (hereinafter: Elker Act):

        The service provider may process personal data that are technically necessary for the provision of the service.The provider must, other conditions being equal, choose and in any case operate the means used in the provision of the information society service in such a way that personal data are processed only to the extent strictly necessary for the provision of the service and for the fulfilment of the other purposes laid down in this Act, but only to the extent and for the duration necessary.you must provide personal information so that we can fulfil your order.Maintaining contact, negotiating billing or delivery issues more efficiently