Data Management Notice - Regarding Cookie Usage

1. Name of the Data Controller

2. Legal Regulations Governing Data Processing

The following legal regulations apply to customer data processing:

• Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, consolidated version:

https://eur-lex.europa.eu/legal-content/HU/TXT/PDF/?uri=CELEX:32016R0679&from=HU 

• Act CXII of 2011 on the right to informational self-determination and freedom of information (hereinafter: Info Act), consolidated version:

https://net.jogtar.hu/jogszabaly?docid=A1100112.TV

• Act CLV of 1997 on consumer protection, consolidated version:
  https://net.jogtar.hu/jogszabaly?docid=99700155.TV 

3. Information Regarding the Processed Data

Scope of Data Processed by the Data Controller: The online identifier of the data subject.

Legal Basis for Data Processing: The consent of the data subject.

Duration of Data Processing: Until the withdrawal of consent.

4. General Information About Cookies

1. What are Cookies? Cookies are small data files placed on the user's computer by the visited website. The purpose of cookies is to facilitate and enhance the respective information and communication technology services. There are several types of cookies, but they can generally be categorized into two main groups. One is temporary cookies, which the website places on the user’s device only during a specific session (e.g., during the security identification of online banking). The other type is persistent cookies (e.g., language settings of a website), which remain on the computer until the user deletes them. According to the European Commission's guidelines, cookies can only be placed on the user's device with the user's consent, except for those that are essential for the use of the service.

2. Notification Requirement for Non-Consent Cookies: For cookies that do not require user consent, information must be provided during the first visit to the website. It is not necessary for the full text of the cookie notification to be displayed on the website; it is sufficient for the website operators to briefly summarize the essence of the information and refer to the full notification through a link.

3. Consent Requirement for Cookies: For cookies that require consent, the notification can be related to the user's first visit to the website if the data processing associated with the use of cookies begins with the visit to the page. If the application of the cookie is related to a function specifically requested by the user, the information can also be displayed in connection with that function. In this case, it is not necessary for the full text of the cookie notification to be displayed on the website; a brief summary of the essence of the information and a link to the full notification is sufficient.

4. Visitor Notification About Cookie Usage: The visitor must be informed about the use of cookies on the website. Through this notification, the Data Controller ensures that the visitor can become aware, before and during the use of the website's information society services, of which data types are processed for which data processing purposes, including the processing of data that cannot be directly associated with the user.

5. Cookies Used

The Data Controller informs its users that it employs Google Analytics, Google Remarketing, AdWords Conversion Tracking, and Facebook Remarketing programs to measure the traffic to its website and its subpages, monitor visitor behavior, generate statistics, and evaluate the effectiveness of advertisements. The referenced programs place cookies on the user's computer that collect user data. Visitors to the website (Data Subjects) consent to the Data Controller's use of Google Analytics, Google Remarketing, AdWords Conversion Tracking, and Facebook Remarketing programs. They also consent to the monitoring and tracking of their user behavior and the use of all services provided by these programs.

Additionally, users have the option to disable the data recording and storage of cookies for the future as described below.

We inform our users that the settings and usage of Google Analytics, Google Remarketing, AdWords Conversion Tracking, and Facebook Remarketing programs fully comply with the requirements of the data protection authority.

According to Google, Google Analytics primarily reports visitor interactions on its site using first-party cookies. These cookies only record information that is not suitable for personal identification. Browsers do not share their own cookies between domains. For more information about cookies, please refer to the Google Ads and Data Privacy FAQ.

1. Google Analytics:

The Data Controller primarily uses Google Analytics to produce statistics, including measuring the effectiveness of its campaigns. Through this program, the Data Controller gathers information on how many visitors accessed its website and how much time they spent on it. The program recognizes the visitor's IP address, allowing it to track whether the visitor is returning or new, as well as to monitor the visitor's navigation path on the website.

2. Google Remarketing:

Using the Google Remarketing program, the Data Controller collects data from Google Analytics as well as DoubleClick cookies. The DoubleClick cookie enables the remarketing service, which ensures that visitors to the website will later encounter the Data Controller's advertisement on various Google ad platforms. The Data Controller utilizes the Google Remarketing program for its online advertising. The Data Controller’s ads are displayed on websites by external service providers, such as Google. The Data Controller and these external providers use their own cookies (e.g., Google Analytics cookies) and third-party cookies (e.g., DoubleClick cookies) together to gather information based on users' previous visits to the website, optimizing and displaying ads accordingly.

3. Google AdWords Conversion Tracking:

The purpose of Google AdWords conversion tracking is to measure the effectiveness of AdWords advertisements for the Data Controller. This is done through cookies placed on the user's computer, which do not collect personal data.

4. Facebook Remarketing:

The Data Controller uses the Facebook remarketing pixel to enhance the effectiveness of Facebook ads and to build remarketing lists. This allows external service providers, such as Facebook, to display ads on websites after a visitor has accessed the Data Controller's website. Remarketing lists are not suitable for personal identification. They do not contain personal data about the visitor, only identifying the browser software.

5. Disabling Cookies:

Users can manage their cookie settings or disable the feature through their own user computers in their browsers. This option is typically found in the cookie/s cookies/tracking feature placement menu, usually under Tools > Settings > Privacy settings, where users can specify which tracking functions they want to enable/disable on their computers.

Users who do not wish for Google Analytics to report their visit can install the Google Analytics opt-out browser add-on. To disable Analytics web activity, visit the Google Analytics opt-out page and install the add-on for your browser. For further information on installing and uninstalling the add-on, please refer to the help documentation for your specific browser.

6. Access to Data and Data Security Measures

1. Access to Data and Data Transfer

Only the employees of the Data Controller who need access to your personal data to perform their tasks can access the personal data you provided. The Data Controller will transfer the processed personal data to the subcontractors specified in the appendix to this regulation.

The Data Controller will only transfer your personal data to other Data Controllers or government agencies in exceptional cases that are not listed in the appendix.

For example, if:

• A court proceeding is initiated concerning you, and the court requires the transfer of documents containing your personal data.

• The police contact the Data Controller and request the transfer of documents containing your personal data for an investigation.

2. Data Security Measures

The Data Controller stores the personal data you provided on its servers and, where applicable, in a paper-based archive. The Data Controller does not use another company's services for the storage of personal data. The Data Controller takes appropriate measures to protect personal data against unauthorized access or unauthorized modification. For instance, access to personal data stored on the server is logged by the Data Controller, meaning it is always verifiable who accessed what personal data and when.

7. Rights of the Data Subject Regarding Data Processing

1. Your Access Rights

As the data subject, you have the right to access your personal data.

If you request feedback from the Data Controller regarding whether your personal data is being processed, the Data Controller is obliged to provide information regarding the following:

1. what personal data is being processed,

2. on what legal basis,

3. for what purpose,

4. from what source,

5. for how long it is being processed.

Your right to receive feedback on whether the Data Controller is processing (or not processing) your personal data:

1. extends to your personal data;

2. does not extend to anonymous data;

3. does not extend to personal data that does not pertain to you; and

4. includes data that is clearly pseudonymized and can be linked to you.

Upon your request, the Data Controller will provide access to and a copy of your personal data. If you request an additional/repeated copy of your personal data, the Data Controller may charge a reasonable fee to cover the administrative costs incurred in fulfilling the request, which you will bear.

2. Your Right to Rectification

You have the right to rectify your personal data.

This right:

1. does not extend to anonymous data;

2. extends to your personal data;

3. does not extend to personal data that does not pertain to you; and

4. includes data that is clearly pseudonymized and can be linked to you.

Upon your request, the Data Controller will appropriately correct or supplement your personal data. The Data Controller will inform the recipients of your personal data (if there are any) about the rectification. However, the Data Controller will not notify the recipients about the rectification of personal data if informing them proves impossible or requires disproportionate effort.

3. Right to Deletion

Under certain conditions, you have the right to request the deletion of your personal data.

The Data Controller must delete your personal data without undue delay if:

1. the Data Controller processes your personal data, and

2. you request the deletion of your personal data, and

3. the personal data is no longer necessary for the purposes for which the Data Controller processes the personal data.

The Data Controller must delete your personal data without undue delay if:

1. the Data Controller processes your personal data, and

2. you request the deletion of your personal data, and

3. you withdraw your consent on which the processing of your data is based, and

4. there is no other legal basis for the further processing of your data.

The Data Controller must delete your personal data without undue delay if:

1. the processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or a third party, and

2. you object to the processing of your personal data, and

3. the legitimate grounds for such processing do not override your interests, rights, and freedoms.

The Data Controller must delete your personal data without undue delay if:

1. you request the deletion of your personal data, and

2. the processing of such data by the Data Controller is not unlawful, or

3. the deletion is required by applicable law, or

4. your data is collected in relation to information society services.

The Data Controller will inform the recipients of your personal data (if there are any) about the deletion of your personal data. However, the Data Controller will not notify the recipients about the deletion if informing them proves impossible or requires disproportionate effort.

4. Your Right to Restrict Processing

You may request the restriction of processing of your personal data.

Your right to request the restriction of processing your personal data:

1. does not extend to anonymous data;

2. applies to your personal data;

3. does not extend to personal data not concerning you; and

4. includes clearly identifiable pseudonymized data linked to you.

The Data Controller will restrict the processing of your personal data for the period during which it verifies the accuracy of such data if you request a restriction on the processing of your personal data and dispute the accuracy of that data.

The Data Controller will restrict the processing of your personal data if you request a restriction on the processing of data that is unlawful and you oppose the deletion of such data.

The Data Controller will restrict the processing of your personal data if:

1. you request the restriction of processing your personal data, and

2. the Data Controller no longer needs that data for the purposes of processing, and

3. you require your data for the establishment, exercise, or defense of legal claims.

The Data Controller will restrict the processing of your personal data if:

1. you object to the processing of your personal data that is necessary for the legitimate interests of the Data Controller, and

2. you are awaiting confirmation as to whether there is a legitimate basis for the processing of your personal data that overrides your objection.

The Data Controller will inform the recipients of your personal data (if any) about the restriction of processing your personal data. However, the Data Controller will not inform the recipients of such restrictions if doing so proves impossible or requires disproportionate effort.

If the Data Controller restricts the processing of your personal data, it may:

1. store such personal data,

2. process such personal data based on your consent,

3. process personal data for the establishment, exercise, or defense of legal claims or for the protection of the rights of another person.

5. Right to Data Portability

You have the right to receive your personal data concerning you, which you have provided to a data controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another data controller without hindrance (where technically feasible) to the data controller to whom you provided the personal data if the processing is based on consent or is necessary for the performance of a contract and is carried out in an automated manner.

Your right to data portability:

1. does not extend to anonymous data;

2. applies to your personal data;

3. does not extend to personal data not concerning you; and

4. does not extend to clearly pseudonymized data.

6. Deadline for Processing Your Requests as a Data Subject

The Data Controller will respond to requests concerning the rights you are entitled to as outlined above without undue delay, but no later than within one month.

7. Right to Lodge a Complaint

If you believe that your rights have been violated, the Data Controller recommends that you initiate a consultation with them through direct contact. If such a consultation does not lead to a resolution or if you do not wish to participate in such activities, you can turn to the court or the National Authority for Data Protection and Freedom of Information (NAIH). In the case of initiating court proceedings, you may choose to initiate the proceedings before the court that is competent according to your residence or place of stay.

The contact details for NAIH are as follows:

Address: 1055 Budapest, Falk Miksa utca 9-11.

Phone: +36 1 391 1400

Fax: +36 1 391 1410

Email: ugyfelszolgalat@naih.hu

Website: www.naih.hu

8. Amendments to This Notice

The Data Controller reserves the right to modify this notice at any time. The Data Controller will inform customers about such modifications by letter or email, as appropriate, and in all cases in accordance with the relevant legal provisions.