Data Protection Notice

 

The present Data Protection Notice is published on the www.villagyetvai.hu website (hereinafter referred to as the "Website") and the webshop (hereinafter referred to as the "Webshop") (hereinafter referred toas the "Webshop")located therein, in accordance with the provisions of ActCXII of 2011 on the Rightof Informational Self-Determination and Freedom of Information (hereinafterreferred to as the "Data Protection Act") and the General Data Protection Regulation of the European Union (hereinafter referredto as the "GDPR").

Please note that by using this website, you accept the terms of this Data Protection Notice and consent to the processing of your personal data as detailed below.

Please be informed that our Company takes all technical and organisational measures to ensure the security of your data. If any of your questions are not answered in this Privacy Notice, please contact us info@villagyetvai.hu info@villagyetvai.hu.

  1. Definition

In order to comply with our legal obligation to inform you in a clear and comprehensible way about the processing of your personal data, it is first of all necessary to define the terms used in this policy.

  • Data subject:

A natural person identified or identifiable on the basis of any information.

An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.

  • Personal data:

Any information relating to the Data Subject.

  • Processing of personal data:

Any operation or set of operations which is performed on personal data, irrespective of the procedure by which it is carried out. The processing of personal data includes, inter alia, the collection, recording, organisation, storage, alteration, transmission, destruction of such data.

  • Data Controller:

A controller is a natural or legal person, public authority, agency or other body, or an unincorporated entity, which, alone or jointly with others, determines the purposes for which personal data are processed and makes decisions regarding the processing, including the means used for processing, and carries them out or has them carried out with a processor.

  • Data processor:

A data processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of or under the authority of the controller.

  • Processing of personal data:

The processing of personal data by a processor acting on behalf of the controller or on the controller's instructions.

  • Recipient:

The natural or legal person or unincorporated organisation to whom or which the personal data are made available by the controller or processor.

  • Third party:

A third party is a natural or legal person or an unincorporated body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, carry out operations for the processing of personal data.

  • Consent:

A freely given, explicit and properly informed indication of the data subject's wishes by which he or she signifies, by means of a statement or other conduct unambiguously expressing his or her wishes, his or her consent to the processing of personal data relating to him or her.

  • Pseudonymisation

Pseudonymisation means the processing of personal data in a way that makes it impossible to determine, without further information, to which data subject the personal data relate and to ensure, by technical and organisational measures, that the data cannot be linked to an identified or identifiable natural person.

  • Profiling:

Personal data is any processing of personal data by automated means intended to evaluate, analyse or predict personal aspects relating to the data subject, in particular his or her performance at work, economic situation, state of health, personal preferences or interests, reliability, behaviour, location or movements.

  • Data protection incident:

A breach of data security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure or transmission of, or access to, personal data transmitted, stored or otherwise processed.

  1. Data controller, data processor

The controller of personal data is Belvedere-bor Kft. (company registration number: 19-09-519106).

Contact details:
Headquarters: 8229 Paloznak, Kossuth u. 16.
Phone number: + 36-87-789-727
Website: www.villagyetvai.hu
E-mail address: info@villagyetvai.hu

The Service Provider uses the following Data Processors for the operation of the Website:

Website operator:
Wineglass Communication Ltd.
head office: 1118 Budapest, Rahó u. 24/A 2. floor, door 9
e-mail: info@wineglass-communication.hu

Shared space provider:
Microware Hungary Ltd.
head office: 1148 Budapest, Fogarasi út 3-5.
e-mail: domreg@microware.hu

  1. Processing of personal data
  • Legal basis and purpose of data processing

We process your personal data on the basis of your consent, in order to perform a contract or comply with our legal obligations, as set out in Article 6 (1) of the GDPR.

  • Duration of data processing

We will process your personal data processed solely on the basis of your consent until your consent is withdrawn or, in the case of processing for the performance of a contract or the fulfilment of a legal obligation, for the time necessary to achieve this. Where a time limit for the retention of personal data is set by law, the personal data may be deleted after the expiry of that time limit.

  • Source of personal data, Cookies

We process personal data provided by you in the operation of the Website and the Webshop.

The Service Provider's Website uses text files (hereinafter: Cookies) stored in the computer system via the Internet browser to provide a more convenient user experience, to implement data protection, to analyse website traffic or to achieve marketing goals. Some Cookies are placed by third party service providers (e.g. Barion, Google). Cookie) használ a kényelmesebb felhasználói élmény biztosítása, adatvédelem megvalósítása, a weboldal forgalmának elemzése, vagy marketingcélok megvalósítása érdekében. Néhány Cookie harmadik fél szolgáltató (pl. Barion, Google) részéről kerül elhelyezésre.

When you visit the Website, you can choose to allow the use of all or only selected Cookies. You can change your cookie settings or refuse the use of cookies at any time using your internet browser, and you can delete cookies already stored. If you restrict or disable the use of Cookies, you may not be able to fully use certain features of the Website.

Cookies are used to allow the website to be displayed or modified in real time, or for security purposes, to provide basic functionality.

Google Inc. uses analytics-type cookies through Google Analytics to analyse data about your visit to and use of the Website. The cookie stores the information anonymously and assigns a randomly generated number to recognise individual visitors.

The cookies used by Barion are designed to detect credit card fraud based on the digital fingerprint of the device you are using and your browsing habits. The different cookies ensure that

  • your browsing habits can be identified as coming from a single user
  • track your browsing habits between two sessions on the Website,
  • the session can be identified across websites,
  • the browser session can be identified within the Website.

Cookies used by Barion are stored for 30 minutes or up to 1.5 years from the last update.

More detailed information: https://www.barion.com/hu/suti-tajekoztato/

  • Webshop

You can make online purchases in our webshop without registering. You will be required to provide the following information: first name and surname or company name, billing address and, if different, delivery address, telephone number, e-mail address. If you are not a natural person, you must provide your tax number. In accordance with the provisions of Act C of 2000 on Accounting, the retention period for your personal data required for the issue of the invoice is 8 years.

The provision of the data is voluntary, and the legal basis for data processing is, on the one hand, contractual performance and, on the other hand, compliance with the legal obligations of the Service Provider pursuant to Article 6 (1) of the GDPR. Without the provision of the data, you will not be able to make a purchase in the Webshop.

When shopping in our webshop, you can pay the amount of your order on the payment page operated by Barion Payment Zrt. The data protection information of Barion Payment Zrt. is available via the following website: https://www.barion.com/hu/adatvedelmi-tajekoztato/

In connection with the purchase, the invoice will be issued via the szamlazz.hu website operated by KBOSS.hu Kft. Privacy Policy: https://www.szamlazz.hu/adatvedelem/

  • Delivery

In case of purchases made in the webshop, if you have not chosen personal delivery and the delivery is not carried out by our staff, the parcel delivery will be carried out through the website csomagnet.hu Kft. (headquarters: 8200 Veszprém, Kard köz 1/B). In this process, your data required for delivery will be transmitted.

Data protection notice: https://csomagnet.hu/

The provision of the data is voluntary, and the legal basis for data processing is, on the one hand, contractual performance and, on the other hand, compliance with the legal obligations of the Service Provider pursuant to Article 6 (1) of the GDPR.

  • Newsletter

Visitors of the Website have the possibility to subscribe to the newsletter. The newsletter is used by the Service Provider to inform subscribers about its offers, events, promotions or other news. When subscribing to the newsletter, the following personal data must be provided: first and last name, e-mail address. The personal data collected as part of the registration for the newsletter will be used only for the purpose of sending the newsletter. You can unsubscribe from the newsletter at any time by clicking on the "unsubscribe" button at the bottom of the newsletter or by sending info@villagyetvai.hu info@villagyetvai.hu.

The provision of data is voluntary and the legal basis for processing is your consent pursuant to Article 6 (1) of the GDPR.

The newsletter service is provided through the Mailchimp system, so for the purpose of sending newsletters, your data will be transmitted to the operator of the Mailchimp newsletter program, The Rocket Science Group, LLC (headquarters: 675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308 USA).

Cookie Notice: https://mailchimp.com/legal/cookies/

  1. Rights of the Data Subject
  • Right to information

The notifications and information to be provided in the cases specified in the Data Protection Act must be provided in an easily accessible and legible form, with a concise, clear and plain language.

In order to ensure the right to prior information, the controller shall make available to the data subject the information on the processing operations carried out by the controller or by a processor acting on his or her behalf or under his or her instructions, prior to the start of the processing operations or, at the latest, immediately after the start of the first processing operation, by the controller and, where a processing operation is carried out by a processor, the name and contact details of the data controller, the name and contact details of the data protection officer, the purposes of the planned processing and a description of the rights of the data subject under the Data Protection Act and the means of exercising them. In addition, the controller shall provide the data subject with information on the legal basis for the processing, the retention period of the personal data processed, the criteria for determining that period, the recipients of the personal data processed, including recipients in third countries and international organisations, in the case of a transfer or intended transfer, the source of the personal data processed and any other relevant facts relating to the circumstances of the processing.

  • Assessment of applications

A request for the exercise of the rights to which the Data Subject is entitled, submitted by the Data Subject, shall be adjudicated upon within the shortest possible time from the date of submission, but not later than twenty-five days, and the decision shall be notified to the Data Subject in writing or, if the Data Subject has submitted the request by electronic means, by electronic means.

According to Article 21 of Data Protection Act, if the data subject's request for the rectification, erasure or restriction of the processing of personal data processed by the controller or by a processor acting on his/her behalf or on his/her behalf is refused by the controller, the data subject shall be informed in writing without delay of the fact of refusal and the legal and factual grounds for the refusal, and of the rights of the data subject under the Data Protection Act and the means of exercising them, in particular the right to rectification, erasure or restriction of the processing of personal data processed by the controller or by a processor acting on his behalf or at his instructions, with the assistance of the Authority.

Where the controller rectifies, erases or restricts the processing of personal data processed by it or by a processor acting on its behalf or at its instructions, the controller shall notify the fact and the content of that measure to the controllers and processors to which the data were transmitted prior to that measure, in order to enable them to carry out the rectification, erasure or restriction of processing in respect of their own processing.

  • Right of access

Upon request, the controller shall inform the data subject whether his or her personal data are processed by the controller or by a processor acting on his or her behalf or at his or her instructions. If the Data Subject's personal data are processed by a processor, the controller shall also inform the Data Subject of the personal data processed. In addition, the processor shall inform the Data Subject of the following:

  • the source of the personal data processed,
  • the purposes and legal basis of the processing,
  • the scope of the personal data processed,
  • where personal data are transferred, the recipients of the transfer, including recipients in third countries and international organisations,
  • the period of retention of the personal data processed and the criteria for determining that period,
  • a description of the rights of the data subject under the Data Protection Act and the means of enforcing them,
  • where profiling is used, the fact and
  • the circumstances in which a personal data breach has occurred in relation to the processing of the personal data of the data subject, the effects of the personal data breach and the measures taken to address them.

The Data Controller may restrict or deny the exercise of the Data Subject's right of access in proportion to the aim pursued, if such a measure is indispensable to safeguard an interest as defined in points (a) to (f) of paragraph (3) of Article 16 of the Data Protection Act. In this case, the controller shall inform the Data Subject without undue delay in writing of the fact of the restriction or refusal of access and of the legal and factual grounds for such restriction or refusal, provided that the provision of such information to the Data Subject does not jeopardise the pursuit of an interest as defined in points (a) to (f) of paragraph (3)(a) of Article 16 of the Data Protection Act. In addition, the data controller shall inform the data subject of the rights to which he or she is entitled under the Data Protection Act and of the means of enforcing them, in particular that the data subject may exercise his or her right of access with the assistance of the National Authority for Data Protection and Freedom of Information (hereinafter referred AuthorityAuthority).

  • Right to rectification

In order to enforce the right to rectification, if the personal data processed by the controller or by a processor acting on its behalf or on its behalf are inaccurate, incorrect or incomplete, the controller shall, without undue delay, in particular upon request of the data subject, clarify or rectify them, or, if compatible with the purpose of the processing, supplement them with additional personal data provided by the data subject or with a declaration by the data subject on the processed personal data, subject to the provisions of Article 18 of the Data Protection Act.

  • Right to restriction

Each Data Subject has the right to restrict the processing of his or her data by the Controller in the following cases:

  • For the time it takes to resolve the outstanding doubt, if the Data Subject contests the accuracy, correctness or incompleteness of the data and the accuracy, correctness or incompleteness of the personal data processed cannot be established beyond reasonable doubt.
  • For the duration of the existence of a legitimate interest justifying the non-deletion, if the data could be deleted in accordance with point (a) of Article 20 of the Data Protection Act, but there are reasonable grounds to assume, on the basis of the data subject's written declaration or the information available to the controller, that the deletion of the data would harm the data subject's legitimate interests.
  • Until the final or legally binding conclusion of the investigation or proceedings, if the data would have to be erased pursuant to Article 20 (a) of the Data Protection Act, but the data must be kept as evidence in the course of investigations or proceedings, in particular criminal proceedings, carried out by or with the participation of the controller or other public sector body.
  • Until the date specified in Section 25/F (4) of the Data Protection Act, if the data would have to be deleted pursuant to Section 20 (a) of the Data Protection Act, but the data must be retained in order to fulfil the documentation obligation under Section 12 (2) of the Data Protection Act.

In order to enforce the right to restriction of processing, the controller may, during the period of restriction of processing, carry out processing operations other than storage of the personal data subject to the restriction, by the controller or by a processor acting on his behalf or under his instructions, solely for the purposes of the legitimate interests of the data subject or as provided for by law, international treaties or binding European Union acts.

  • Right to erasure

In order to enforce the right to erasure, the controller shall immediately erase the personal data of the Data Subject if the processing is unlawful, in particular if the processing is contrary to the principles set out in Section 4 of the Data Protection Act, the purpose of the processing has ceased or the further processing of the data is no longer necessary for the purpose of the processing, the period of time specified by law, international treaty or binding legal act of the European Union has expired or the legal basis for the processing has ceased and there is no other legal basis for the processing of the data. The controller shall also erase the personal data of the Data Subject where the Data Subject withdraws his or her consent to the processing or requests the erasure of his or her personal data, unless the processing is based on Article 5(1)(a) or (c) or (2)(b). In addition, the controller shall delete the personal data of the Data Subject if the deletion of the data has been ordered by law, an act of the European Union, the Authority or a court or if the period specified in points (b) to (d) of paragraph (1) of Article 19 of the Data Protection Act.

  • The Data Subject's means of enforcement

In order to enforce his/her rights, the Data Subject is entitled to the following under Chapter 6 of the Data Protection Act:

  • The Data Subject may initiate an investigation by the Authority to examine the lawfulness of the controller's action if the controller restricts the exercise of his or her rights under Article 14 of the Data Protection Act or rejects his or her request to exercise those rights.
  • The Authority may request a procedure before a data protection authority if it considers that, in processing your personal data, the controller or a processor acting on its behalf or under its instructions is in breach of the provisions on the processing of personal data laid down by law or by a legally binding act of the European Union.
  • The Data Subject may take legal action against the controller or the processor in relation to processing operations within the scope of the processor's activities, if the Data Subject considers that the controller or the processor acting on his or her behalf or under his or her instructions is processing his or her personal data in breach of the provisions on the processing of personal data laid down by law or by a legally binding act of the European Union.

If the data controller or a data processor acting on its behalf or under its instructions violates the provisions on the processing of personal data laid down by law or by a binding legal act of the European Union and causes damage to another person, it shall compensate the damage in accordance with Article 24 of the Data Protection Act.

  1. Authority

National Authority for Data Protection and Freedom of Information
headquarters: 1055 Budapest, Falk Miksa utca 9-11.
Postal address: 1363 Budapest, PO Box 9.
+36 (30) 683-5969, +36 (30) 549-6838, +36 (1) 391 1400
e-mail: ugyfelszolgalat@naih.hu
website: www.naih.hu