Privacy Notice

DEFINITIONS

Data subject: a natural person who is identified, or who can be identified – directly or indirectly – on the basis of any personal data processed in accordance with this privacy notice.

Personal data: data that can be linked to the data subject – in particular the data subject’s name, identification number, and one or more factors specific to their physical, physiological, mental, economic, cultural or social identity – as well as any conclusions drawn from such data concerning the data subject;

Consent: a voluntary and unequivocal declaration by the data subject, based on adequate information, by which they give their unambiguous consent to the processing of their personal data in accordance with this privacy notice;

Protest: a statement by the Data Subject objecting to the processing of their personal data and requesting that the processing be discontinued or that the data being processed be erased;

Data controller: a natural or legal person, or an organisation without legal personality, who or which determines the purposes of data processing and makes decisions regarding data processing (including the means used)

adopts and implements, or has implemented by a data processor appointed by it;

Data processing: any operation or set of operations performed on data, irrespective of the procedure used, including, in particular, the collection, recording, storage, organisation, storage, alteration, use, retrieval, disclosure, transmission, publication, alignment or combination, blocking, erasure and destruction, as well as the prevention of further use of the data, and the taking of photographs, sound recordings or video recordings;

Data transfer: if the data is made available to a specific third party;

Publication: if the data is made available to anyone;

Data erasure: rendering the data unrecognisable in such a way that it can no longer be recovered;

Data destruction: the complete physical destruction of the data storage medium containing the data;

Data processing: the performance of technical tasks relating to data processing operations, irrespective of the method or means used to carry out those operations and the location of the application, provided that the technical task is performed on the data;

Data processor: a natural or legal person, or an organisation without legal personality, which processes data on the basis of a contract concluded with the data controller – including a contract concluded pursuant to a statutory provision;

Third person: a natural or legal person, or an organisation without legal personality, who or which is not the Data Subject, the data controller or the data processor.

Info TV: Act CXII of 2011 on the right to informational self-determination and freedom of information, or any law currently in force that replaces it.


  1. INTRODUCTION

1.1. This privacy notice (hereinafter: Information leaflet) aims to provide information customer enquiries regarding data processing carried out within this framework. The handling of enquiries from customers is carried out by the

MINI MOBILI Ltd. (1095 Budapest, Ferenc tér 6–7, hereinafter: MINI MOBILI Ltd.) specific purpose. In order to fulfil this purpose, MINI MOBILI Kft., as the data controller (hereinafter: Data Controller) acts.

1.2. The Data Controller acknowledges that the contents of this Notice are binding upon it and undertakes ensure that all data processing carried out in the context of customer enquiries and other marketing-related communications complies with the provisions set out in this Notice and in the applicable legislation.

1.3. This Prospectus is available at all times on the website www.mobilan-konyhabutor.hu.

1.4. The data controller reserves the right to unilaterally amend this Notice in the event of any changes to Info.tv or the introduction of new, mandatory rules governing data processing, in order to ensure compliance with the provisions thereof, provided that data subjects are informed of such amendments in advance and in good time via the website(s) specified in section 1.3 of this Notice.

1.5. Contact details of the data controller:
Name: MINI MOBILI Ltd.
Registered office: 1095 Budapest, Ferenc tér 6–7.
Company registration number: 52597712
Name of the registering court: Company Registry of the Budapest Metropolitan Court
Tax number: 13205920243
Telephone number: +36 1 299 0990
Email: kapcsolat@mobilan.hu


  1. PRINCIPLES

2.1. The Data Controller processes the personal data provided by the Data Subject in response to enquiries from interested parties. The Data Controller pays particular attention to ensuring that, in the course of data processing, it acts in accordance with Info.tv and other applicable legislation relating to data processing, whilst also taking into account the key international recommendations relating to data processing.

2.2. The Data Controller shall process personal data solely for a specified purpose, for the purpose of exercising a right or fulfilling an obligation. At every stage of data processing, the processing shall be in accordance with the purpose of the processing, and the collection and processing of data shall be fair and lawful.

2.3. The Data Controller shall only process personal data that is essential for the fulfilment of the purpose of data processing and is suitable for achieving that purpose. Personal data may only be processed to the extent and for the duration necessary to fulfil that purpose. The duration of data processing may vary for individual sub-programmes; the exact duration of data processing is set out in each case for the relevant sub-programme.

2.4. Personal data retains this status throughout the data processing period for as long as its link to the Data Subject can be re-established. A link with the Data Subject can be re-established if the Data Controller has the technical capabilities necessary for such re-establishment.

2.5. During data processing, the accuracy, completeness and – where necessary in view of the purpose of the data processing – up-to-date nature of the data must be ensured, and the Data Subject must only be identifiable for as long as is necessary for the purpose of the data processing.

2.6. Personal data may be processed if
a. the Data Subject consents to this, or
b. it is required by law or – pursuant to authorisation granted by law, within the scope specified therein – by a local authority regulation for reasons of public interest (hereinafter: mandatory data processing).

2.7. The data subject’s consent to the processing of their personal data must, in all cases, be informed consent based on adequate information.

2.8. Where personal data has been collected with the Data Subject’s consent, the Data Controller shall, unless otherwise provided for by law, process the data collected (1) for the purpose of complying with a legal obligation to which it is subject, or (2) for the purposes of pursuing the legitimate interests of the Data Controller or a third party, provided that the pursuit of such interests is proportionate to the restriction of the right to the protection of personal data, the Data Controller may continue to process the data without separate consent, even after the Data Subject has withdrawn their consent.

2.9. Personal data may also be processed where it is impossible to obtain the data subject’s consent or where doing so would entail disproportionate costs, and the processing of personal data is (1) necessary for compliance with a legal obligation to which the data controller is subject, or (2) is necessary for the purposes of the legitimate interests pursued by the data controller or a third party, and the pursuit of such interests is proportionate to the restriction of the right to the protection of personal data.

2.10. In the case of mandatory data processing, the types of data to be processed, the purpose and conditions of data processing, access to the data, the duration of data processing, and the identity of the data controller are determined by the law or local authority regulation prescribing the data processing.

2.11. The Data Subject must be informed, prior to the commencement of data processing, whether the data processing is based on consent or is mandatory, or whether it is carried out in accordance with the provisions set out in sections 2.8 and 2.9 of this Notice.

2.12. The Data Subject must be informed – clearly, in plain language and in detail – of all facts relating to the processing of their data (in particular the purpose and legal basis of the processing, the identity of the person authorised to carry out the processing and data processing, the duration of the data processing, whether the Data Controller processes the Data Subject’s personal data with the Data Subject’s consent and for the purpose of fulfilling a legal obligation to which the Data Controller is subject or for the purposes of the legitimate interests of a third party, and who may have access to the data). The information must also cover the Data Subject’s rights and remedies in relation to the processing of their personal data.

2.13. The data controller must take appropriate security measures to protect personal data against accidental or unlawful destruction or accidental loss, as well as against unauthorised access, alteration or disclosure.


  1. THE RESPONSIBILITIES OF THE PARTIES CONCERNED

3.1. The Data Subject warrants that the personal data provided by them is accurate. The person providing false, falsified or incorrect data shall bear full liability for any damage arising from the provision of such data.


  1. RIGHTS RELATING TO DATA PROCESSING

4.1. The Data Subject may request
(a) information regarding the processing of your personal data,
(b) the rectification of their personal data, and
(c) the blocking or erasure of their personal data – except where data processing is mandatory

4.2. The Data Subject also has the right to object to the processing of their personal data. An objection is a statement by the Data Subject in which they object to the processing of their personal data and request that the processing be discontinued or that the data being processed be erased.

4.3. Information: You may request information from the Data Controller regarding the personal data relating to you that is processed by the Data Controller, the source of such data, the purpose, legal basis and duration of the data processing, where applicable, the name and address of the data processor and their activities in connection with the data processing, and, in the event of data transfer, the legal basis and the recipient of such transfer. You must send your request to one of the addresses specified in section 1.5 of this Notice. The Data Controller shall provide the information in an easily understandable form – in writing if so requested – as soon as possible after the request is submitted, but within a maximum of 25 days. The information is provided free of charge if no request for information relating to the same set of data has been submitted during the calendar year. Otherwise, the Data Controller may charge a fee.

4.4. Correction: The Data Controller shall rectify personal data if it does not correspond to the facts and the Data Controller has access to personal data that does correspond to the facts. If there has been a change to your personal data, please notify the Data Controller immediately at the address set out in section 1.5 of this Notice.

4.5. Lock: The Data Controller will block personal data if you request it, or if, based on the information available to it, it can be assumed that erasure would infringe your legitimate interests. Restricted personal data may only be processed for as long as the purpose of processing that precluded the erasure of the personal data remains valid.

4.6. Delete: The Data Controller shall erase personal data if (1) its processing is unlawful, (2) you request it, (3) the data being processed is incomplete or incorrect and this cannot be lawfully rectified – provided that erasure is not precluded by law – (4) the purpose of the data processing has ceased to exist, or the statutory retention period for the data has expired, (5) erasure has been ordered by a court or by the National Authority for Data Protection and Freedom of Information.

4.7. The Data Controller has 25 days to comply with your request regarding the matters set out in sections 4.5, 4.6 and 4.7 of this Notice. If the Data Controller does not comply with your request within 25 days, it will inform you in writing of the reasons for the refusal.

4.8. You have the right to object to the processing of your personal data if
(a) the processing or transfer of personal data is necessary solely for the fulfilment of a legal obligation to which the data controller is subject, or for the purposes of the legitimate interests pursued by the data controller, the recipient of the data or a third party, unless the processing is required by law;
(b) the personal data is used or disclosed for the purposes of direct marketing, opinion polling or scientific research;
(c) in other cases specified by law.

4.9. The data controller shall examine the objection as soon as possible after the submission of the relevant request, but within a maximum of 15 days, shall decide on the merits of the objection and shall inform you of its decision in writing. If your objection is well-founded, the Data Controller shall cease data processing – including any further data collection and data transfer – and shall erase the data or – if you so request, or if it can be assumed on the basis of the information available that erasure would prejudice your legitimate interests – block it, and shall also inform all those to whom the personal data of the data subject concerned was previously transferred of the objection, and the measures taken in response to it to all those to whom the personal data subject to the objection has previously been disclosed, and who are obliged to take action to ensure that the right to object is upheld.

4.10. If you disagree with the Data Controller’s decision regarding your objection, or if the Data Controller fails to comply with the time limit set out in point 4.10 of this Notice, you may bring the matter before a court within 30 days of receiving the decision or, in the absence of such a decision, from the last day of the time limit, in the manner set out in Section 5 of this Notice.


  1. LEGAL REMEDY

5.1. First and foremost, we recommend that if you feel your personal data has not been processed correctly, you should – in order to resolve the situation as quickly and easily as possible – you should submit a complaint setting out your grievance to the Data Controller using the contact details set out in section 1.5 of this Notice. The Data Controller will investigate the complaint as soon as possible, but within 15 working days at the latest, and will inform you of the outcome of the investigation.

5.2. Should the Data Controller cause damage through the unlawful processing of your personal data or by breaching data security requirements, it shall compensate you for the damage caused. In the event of a breach of your right to privacy, you may claim compensation for non-pecuniary damage (Section 2:52 of the Civil Code). If the Data Controller engages a data processor, the Data Controller shall also be liable for any damage caused by the data processor. The Data Controller shall be exempt from liability if the damage was caused by an unavoidable cause outside the scope of data processing or by the Data Subject’s intentional or grossly negligent conduct.

5.3. In the event that your request for information, rectification, erasure or restriction of processing, or your objection, is rejected, or in the event of a breach of your rights, you are entitled to bring the matter before a court. If you disagree with a measure taken by the Data Controller or with their failure to act, you may bring the matter before a court within 30 days of being notified of the measure or of the expiry of the deadline for such notification. The court will deal with the matter as a priority. You are entitled to bring legal proceedings before the court with jurisdiction over your place of residence or place of stay.

5.4. If you feel that your rights have been infringed in connection with the processing of your personal data or the exercise of your rights to access data of public interest or data made public in the public interest, or if there is an imminent risk of such an infringement, you are entitled to lodge a complaint with the National Authority for Data Protection and Freedom of Information.

National Authority for Data Protection and Freedom of Information
Registered office: 1055 Budapest, Falk Miksa u. 9–11.
Postal address: 1363 Budapest, PO Box 9.
Telephone: 06 1 391 1400
Fax: 06 1 391 1410
Email: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu


  1. THE PURPOSE, DURATION, LEGAL BASIS AND SCOPE OF DATA PROCESSING RELATING TO ENQUIRIES REGARDING INTEREST

6.1. Enquiries regarding interest


  1. DATA CONTROLLER:
    MINI MOBILI Ltd. (1095 Budapest, Ferenc tér 6–7)
    b. Purpose of data processing: to respond to enquiries and maintain contact in relation to the data subject’s interest in the service.
  2. Scope of data processed: (1) Name (3) email address (3) telephone number (4) message
  3. Duration of data processing:
    The data subject expresses their enquiry regarding the service via the „Contact” form. The data controller will contact the data subject regarding their enquiry within 5 working days. The data controller will store and process the data relating to the enquiry, as set out in sub-clause c of clause 6.1, on its own servers for a period of 6 months from the date of the data subject’s enquiry, after which it will be deleted.
  4. Data security

7.1. The Data Controller shall select the technical solutions and IT tools used in the processing of personal data in such a way as to – within reasonable limits – and taking into account the current state of the art, ensure that authorised persons have access to the data being processed and that the authenticity and integrity of the data are safeguarded. In this regard, the Data Controller pays particular attention to avoiding and preventing unauthorised access to the data being processed, as well as the unauthorised alteration, transfer, disclosure, erasure or damage of such data.

7.2. In order to protect the data files processed electronically in its various records, the data controller shall ensure, by means of appropriate technical measures, that the stored data cannot be directly linked to or attributed to the data subject. The data controller shall ensure security through server-level and application-level protection procedures.


  1. Use of cookies

8.1. MINI MOBILI Kft. always informs visitors and interested parties about the use of cookies when they first visit the website; furthermore, this notice provides detailed information and guidance on the use of cookies.

8.2. In order to ensure more effective use of the MINI MOBILI Kft. website by visitors and enquiries, and to provide a personalised service to enquiries, MINI MOBILI Kft. places a data packet, so-called ‘cookies’ on the visitor’s or prospective customer’s computer and reads them during subsequent visits. When a cookie is used, the browser in question sends a previously stored cookie back to the service provider managing the cookies, thereby enabling the provider to link the visitor’s or prospective customer’s current visit to previous ones, but solely in relation to this website.

8.3. MINI MOBILI Kft. allows the following types of cookies to be placed:

8.3.1. cookies that store data entered by the user („user-input cookies”),

8.3.2. authentication session cookies,

8.3.3. session cookies that assist with the customisation of the user interface („user interface customisation cookies”)

8.3.4. The use of Google Analytics, Google Remarketing, AdWords Conversion Tracking, and Facebook Remarketing and traditional conversion tracking programmes

8.4. The purpose of data processing: to identify users, to distinguish them from one another, to identify users’ current sessions, to store the data provided during those sessions, to prevent data loss, identifying and tracking users; displaying personalised offers using data recorded during website visits; remarketing; displaying personalised adverts on websites operated by third parties; and web analytics. Legal basis for data processing: the data subject’s consent. Scope of data processed: identification number, date, time, and the previously visited page.

8.5. When you visit the mobilan-konyhabutor.hu website, its web analytics system, Google Analytics, uses cookies. Further information on this can be found at the www.google.com/analytics and thehttp://www.google.com/intl/hu/policies/ is available at the following address.

8.6. Cookies placed on your device can be deleted at any time via the settings menu of your browser; this is usually found under the ‘Tools’ or ‘Settings’ menu, then under ‘Privacy’, ‘History’ or ‘Personalised settings’, where you can select ‘Cookies’, or ‘tracking’. It is also possible to opt out of remarketing adverts in Google’s Ad Settings.