Privacy policy

  • General information - Tattini Riding webshop

    Tattini Riding Ltd. undertakes, that the handling of the webshop’s customers data will at all times be in accordance with the current Data Protection Laws. We send newsletters only after consent, but we can send an automated (system) message without this consent.

    The customer agrees with the fact that Tattini Riding Ltd. will handle his or her personal details (name, address, phone number and e-mail address) to manage and fulfill orders and transfer them to cooperating individuals, organizations (courier service, the staff of Tattini Riding Ltd. and it’s parent company KLP Lovasfelszerelés Kft., accounting firm, bank). We undertake to store the data as safely as possible.

    For statistical purposes, Google (Analytics) records the data of each visitor's browser and the device used to view the page, which will automatically be deleted within a specified time.

    In addition to the above, we need to temporarily store the IP address of our site visitors and their browser's basic properties, but these data are automatically deleted after closing the browser.

    The customer declares that the personal information he or she provided is correct and agree to reimburse any damages, lost profits and costs that is incurred to avoid any harm, if the data provided is not accurate.

    Tattini Riding Ltd. will only use the data of the customer for issuing invoices, accounting purposes and (in case of a newsletter subscription) sending news/promotional information and won't provide it to third parties under any circumstances (without consent).

    Tattini Riding Ltd. agrees to modify or delete all the saved data of the customer from all of it's databases if he or she requests it in e-mail or in writing (with the exception of the data necessary for invoicing, because that must be preserved by the company).

    Checking, modifying or deleting this data is available for You as well, by using our webshop's Stored data page.

    To top
  • Introduction

    Tattini Riding Ltd. (202 Wallasey Road, CH44 2AG, Wallasey (Wirral) – United Kingdom, Tax nr.: GB 205 3853 25, UK Company registration number: 8020458) (hereinafter referred to as "Service Provider, Data Controller") will submit the following information.

    Data subject (here in the case of the webshop user, hereinafter "the user") must be informed prior to the processing of the data that the data management is based on a consent or binding.

    Before the data is processed, the affected person must be clearly and thoroughly informed of all the facts related to his or her data management, in particular the purpose and legal basis of data management, the Data Controller and the person entitled to process it, and the duration of the data handling.

    The affected person must be informed about personal data may be processed even if the consent acquisition of the person concerned is impossible or disproportionate, and the processing of personal data is

    • necessary for the fulfillment of a legal obligation for the Data Controller, or
    • necessary for the legitimate interests of the Data Controller or third party and the enforcement of this interest is proportionate to limiting the right to the protection of personal data.

    The information should also include the rights and remedies available to the data subject in question.

    If the information of the data subjects in person would be impossible or disproportionate (like in this case in a webshop), information may also be disclosed by disclosing the following information:

    • a) the fact of collecting data,
    • b) the affected subjects,
    • c) the purpose of data collection,
    • d) the duration of the data handling,
    • e) the person(s) getting access to this data,
    • f) a description of the rights and remedies of data subjects involved in data processing, and
    • g) if there is a place for data protection, the registration number of the Data Controller.

    This Privacy Policy describes the Data Controller of the following website: https://www.tattiniriding.com and is based on the content specification above. It is available on the following page: Privacy Policy

    Amendments to the policy will be published at the above address.

    To top
  • Interpretative concepts

    Affected subject/User: any identified or identifiable person - directly or indirectly - by personal data;

    Personal data: data related to the data subject - such as the name, identifier, and the knowledge of one or more physical, physiological, mental, economic, cultural or social identities -, as well as the conclusion that may be deduced from the data;

    Special data:

    • a) personal data relating to racial origin, nationality, political opinion or party affiliation, religious or other beliefs of the world, membership of an interest representation organization, personal data relating to sexual life,
    • b) personal data relating to the state of health, harmful passion and criminal personal data;

    Consent: a voluntary and decisive statement of the will of the person concerned, based on appropriate information and with which he or she gives his/her unambiguous consent to the handling of his/her personal data - covering all or part of operations;

    Protest: the statement of the person concerned with which he or she objected to the handling of his/her personal data and requests the termination of data processing and the cancellation of the data processed;

    Data Controller: a natural or legal person or an organization without legal personality, who either independently or with others determines the purpose of the processing of data, makes and executes decisions on data handling (including the equipment used), or performs it with the data processor entrusted to it;

    Data handling: regardless of the method used, any operation or all of the operations, such as collecting, capturing, recording, systematizing, storing, modifying, using, retrieving, transmitting, disclosing, aligning, linking, blocking, deleting and destroying data, to prevent further use, to take photographs, sound or images, and to record physical features (such as finger or palm print, DNA pattern, iris image) for identifying the person;

    Data transmission: making the data available to a specific third party;

    Disclosure: making data available to anyone;

    Data deletion: making the data unrecognizable in such a way that their restoration is no longer possible;

    Data marking: providing an identifier to the data in order to distinguishing it;

    Data locking: providing an identification mark to the data in order to limit the handling for a definite or fixed period of time;

    Data destruction: complete physical destruction of data-containing media;

    Data processing: performing technical tasks related to Data Controller operations, irrespective of the method and device used to perform the operations and the place of application, provided that the technical task is carried out on the data;

    Data processor: means a natural or legal person or an organization without legal personality who, by virtue of a contract concluded with the Data Controller - including the conclusion of a contract by law - processes data;

    Responsible for the data: the public service body which has generated the public interest information for obliged publication, or whose operation generated this data;

    Data publisher: the public service body which - if the body responsible for the data does not publish the data itself - publishes the data submitted by the body responsible for the data on the website;

    Data file: the totality of data processed in one register;

    Third party: means any natural or legal person or entity with no legal personality, which is not the same as the data subject, the Data Controller or the data processor;

    To top
  • Data management connected to operation the webshop

    The following should be set out in relation to the management of data related to the operation of a web store:

    • a) the fact of collecting data,
    • b) the affected subjects,
    • c) the purpose of data collection,
    • d) the duration of the data handling,
    • e) the person(s) getting access to this data,
    • f) a description of the rights and remedies of data subjects involved in data processing.

    The fact of collecting data, the affected subjects and the purpose of data collection:

    (Personal information: the purpose of data collection)

    Password (for registered users only): For secure access to the user account.

    First and last name (for registered users and one-time customers): It is necessary to communicate, for recording the purchase and for issuing an invoice.

    Company name (for registered users and one-time customers): It is necessary to communicate, for recording the purchase and for issuing an invoice.

    E-mail address (for registered users, one-time customers and newsletter subscribers): Communication (it doesn't necessarily contain personal information).

    Phone number (for registered users and one-time customers): Communication, more efficient way to contact the customer about invoicing or delivery.

    Billing address (for registered users and one-time customers): For issuing a proper invoice, the creation of the contract, the definition, modification, fulfillment of the fulfillment of the contract, the billing of the charges arising therefrom and the enforcement of the related claims.

    Delivery address (for registered users and one-time customers): For making home delivery possible.

    The date of ordering/-registration and (in case of registered users) -last login: Perform a technical operation.

    The affected subjects: All registered users, all one-time customers and all subscribers of the newsletter on the website are affected.

    The duration of the data handling, the time of data deletion:

    • For registered users: Immediately after deleting their registration.
    • For one-time customers: 14 days after the order has been fulfilled.
    • For users subscribed to the newsletter: Immediately after unsubscription.

    Excluding the accounting documents, which are mandatory to keep for 8 years.

    The person(s) getting access to this data: Personal data can be handled by the marketing, sales, accounting, delivering and contact staff of the controller, respecting these principles.

    A description of the rights and remedies of data subjects involved in data processing: The following information can be modified on the web pages: Password, first and last name, e-mail address, phone number, delivery address, billing address, company name. You can initiate the deletion or modification of your personal data in the following ways:

    • on the website on the Stored data page,
    • by mail on the 202 Wallasey Road, CH44 2AG, Wallasey (Wirral) – United Kingdom address,
    • by sending an e-mail to info@tattiniriding.co.uk.

    The details of the data processor (hosting provider) used for data handling:
    Company name: E.N.S. Informatikai és Rendszerintegrációs Zrt.
    Address: 1106 Budapest, Fehér út 10. II. em - Hungary (White Office)
    E-mail: info@ens.hu
    Phone: +36 30 555 1100

    Legal basis for data handling: the consent of User.

    To top
  • Principles for this Data Handling

    The service provider may manage the identity information, address and for the time of the service the location of these data, resulting from the contract for the provision of information society services.

    The service provider may manage the personal data necessary for the provision of the service for the purpose of providing the service. If the other conditions are identical, the service provider must choose and always operate the tools used to provide the information society service in such a way that the personal data is processed only if this is strictly necessary for the provision of the service and for the fulfillment of other purposes, but only for the extent of time required.

    The service provider may only manage the data required for the service for other purposes - such as increasing the efficiency of his or her service, sending an electronic advertisement or other content, like market research - only upon prior determination of the data management purpose and on the consent of the user.

    Prior to using and during the information society service, the subject must also be provided a way to prevent the processing of data.

    The data processed will be deleted if the contract becomes non-existent, or terminated and after the invoicing. The data must be deleted when the purpose of data management is terminated or when the subject so decides. Unless otherwise stated in the law, the deletion of the data shall be made immediately.

    The service provider must ensure that the subject can access prior and during the information society related service the handled data for what reasons, including the handling of data that can not be directly accessed by the user.

    To top
  • Information about the used cookies

    What are cookies?

    Cookies are files created by websites you visit to store browsing information, such as page settings or profile information. There are two types of cookies: the cookies created by the website you are currently browsing and third party cookies such as ads or embedded images on that page.

    All browser programs allow you to manage, delete, or disable cookies in the settings.

    Cookie handling

    The following has to be defined about cookie data management of the webshop:

    • a) the fact of collecting data,
    • b) the affected subjects,
    • c) the purpose of data collection,
    • d) the duration of the data handling,
    • e) the person(s) getting access to this data,
    • f) a description of the rights and remedies of data subjects involved in data processing.

    Websites feature cookies include so-called "cookies that are mandatory for the session," "functional cookies for shopping carts," and "security cookies", which require no prior consent from the affected users. Additionally, "cookies provided by a third party (such as a social networking site) may also appear on our pages.

    The fact of collecting data, the affected data: unique identification number, dates and times.

    The affected subjects: All webshop visitors are affected.

    The purpose of data collection: to identify users, save user comfort settings, create statistics, and track visitor clicks on our site.

    The duration of the data handling, the time of data deletion:

    • automatic login (for registered users only): identification at login (encrypted user ID), deleted after 60 days,
    • chosen currency: deleted after 1 year,
    • chosen language: deleted after 1 year,
    • selected size chart: deleted after 1 year,
    • visible products per page: deleted after 1 year,
    • php session id: deleted after closing the browser.

    The person(s) getting access to this data: Personal data can be handled by the Data Controller staff, respecting these principles.

    A description of the rights and remedies of data subjects involved in data processing: An affected person has the option to delete cookies in the Tools/Preferences menu of browsers, usually under the Privacy menu item.

    Legal basis for data handling: No consent is required if the sole purpose of the use of cookies are the communication service provided through the electronic communications network or expressly requested by the subscriber or user of the provision of information society services.

    To top
  • Google Adwords

    Use of Google Adwords Conversion Tracking

    Data Controller uses the online ad program "Google AdWords" and uses Google's conversion tracking feature within its framework. Google conversion tracking is Google Inc.'s analytics service (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; "Google").

    When a user reaches a web site through a Google ad, a conversion tracking cookie will be placed on his/her computer. These cookies have limited validity and do not contain any personal information, so the User can not be identified by them.

    When the user browses on certain pages of the website and the cookie has not expired, Google and the data administrator can see that the user clicked on the ad.

    Each Google AdWords customer receives a different cookie so they can not be tracked through the AdWords clients' websites.
    The information, obtained through conversion tracking cookies, is intended to make conversion statistics for AdWords conversion tracking customers. Customers will then be informed about the number of users who have been submitted to, and click on their ad with a conversion tracking tag. However, they do not have access to information that could identify any user.

    If you do not want to participate in conversion tracking, you can reject this by blocking the ability to install cookies in your browser. Then you will not be included in conversion tracking statistics.

    For more information and Google Privacy Statement, please visit: www.google.com/policies/privacy

    Data processing to provide Google Adwords service

    Details of the data processor:
    Criteo SA
    32 Rue Blanche
    PARIS 75009
    FRANCE
    E-mail: cil@criteo.com

    The fact of collecting data, the affected data: E-mail addresses that are encrypted during the service are pseudo-personalized so personal data is lost. More information: https://support.google.com/adwords/answer/6334160

    The affected subjects: All webshop visitors are affected.

    The purpose of data collection: Publish Google ads to users.

    The duration of the data handling, the time of data deletion: Data processing takes place until the consent statement is withdrawn.

    The person(s) getting access to this data: Data that no longer qualifies for personal data can be handled by the data processing staff, while respecting these principles.

    Subject can initiate to prevent the transfer of personal data to the data processor:

    • on the website on the Stored data page,
    • by mail on the 202 Wallasey Road, CH44 2AG, Wallasey (Wirral) – United Kingdom address,
    • by sending an e-mail to info@tattiniriding.co.uk.

    Legal basis for data handling: the voluntary contribution of the concerned.

    To top
  • Use of Google Analytics

    This site uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses "cookies", text files that are saved to your computer to help analyze a user-visited web page.

    Information generated by cookies associated with a web site used by the User is usually stored on a US Google server. By activating IP anonymization on a web site, Google has previously abbreviated the IP address of the User within the Member States of the European Union or in other States party to the Agreement on the European Economic Area.

    Sending to Google's US servers and abbreviating entire IP addresses take place in only exceptional cases. On behalf of the operator of this site, Google will use this information to evaluate how the User has used the Website and to report to the website operator about reports related to the activity of the website and to perform additional services related to website and Internet usage.

    Google does not associate an IP address from Google Analytics that is transmitted by the user's browser with other data. The storage of cookies can be prevented in the Browser's settings, but please note that in this case, you may not be able to fully use all of the feature on this site. You can also prevent Google from collecting and processing cookie information about User's website usage (including your IP address) by downloading and installing the browser plug-in available on the link below: https://tools.google.com/dlpage/gaoptout?hl=en

    To top
  • Newsletter, Direct Marketing Activity

    User at the time of registration may expressly consent to the Service Provider's promotional and any other offers.

    In addition, the Customer may, in keeping with the provisions of this document, consent to the Service Provider's handling of personal data necessary for the transmission of promotional offers.

    The Service Provider will not send unsolicited advertising messages and, without limitation or justification, Customer can unsubscribe free of charge from sending offers. In this case, the Service Provider removes all personal data from the registry - required for sending the advertisement messages - and stops sending promotional offers to User. You can unsubscribe from ads by clicking on the link in these messages.

    The following has to be defined about data management of the newsletter sending:

    • a) the fact of collecting data,
    • b) the affected subjects,
    • c) the purpose of data collection,
    • d) the duration of the data handling,
    • e) the person(s) getting access to this data,
    • f) a description of the rights and remedies of data subjects involved in data processing.

    The fact of collecting data, the affected data: name, e-mail address, date and time.

    The affected subjects: Every subscriber of the newsletter.

    The purpose of data collection: sending electronic messages containing advertisement to the person concerned, providing information about current offers, products, promotions, new features, etc.

    The duration of the data handling, the time of data deletion: until the consent statement is withdrawn, that is until the date of the unsubscription.

    The person(s) getting access to this data: personal data can be handled by the Data Controller staff, respecting these principles.

    A description of the rights and remedies of data subjects involved in data processing: User can opt-out of the newsletter at any time, free of charge.

    Legal basis for data handling: the voluntary contribution of the concerned.

    To top
  • Social networking sites

    The following has to be defined about data management of social networks:

    • a) the fact of collecting data,
    • b) the affected subjects,
    • c) the purpose of data collection,
    • d) the duration of the data handling,
    • e) the person(s) getting access to this data,
    • f) a description of the rights and remedies of data subjects involved in data processing.

    The fact of collecting data, the affected data: the name, and public profile picture of registered users on Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc. social networks.

    The affected subjects: every registered user of Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc. who has “liked or followed” the website.

    The purpose of data collection: sharing or "liking" on social networking sites, web site content, products, promotions, or the website itself.

    The duration of the data handling, the time of data deletion, the person(s) getting access to this data and a description of the rights and remedies of data subjects involved in data processing: the source of the data, how it is handled, how it is delivered and how it is based, can be found on the given social networking site. Data management takes place on the social networking sites, so the duration of the data handling, the ways of deleting and modifying the data are governed by the rules of the respective community site.

    Legal basis for data handling: subject's voluntary consent to managing his/her personal information on social networking sites.

    To top
  • Data processors

    Transporting

    Activity performed by data processor: delivery of goods, transportation

    Data processor's name and contact information:

    1. GLS General Logistics Systems Hungary Csomag-Logisztikai Kft.
      2351 Alsónémedi, Európa u. 2. - Hungary
      Phone: +36 1 802 0265
      E-mail: info@gls-hungary.com
      Web: https://gls-group.eu/HU/hu/adatvedelmi-szabalyzat
    2. Magyar Posta Zrt.
      3512 Miskolc (Magyar Posta Zrt. Ügyfélszolgálati Igazgatóság) – Hungary
      Phone: +36 1 767 8282
      E-mail: ugyfelszolgalat@posta.hu
      Web: https://www.posta.hu/adatkezelesi_tajekoztato

    The fact of collecting data, the affected data: delivery name, delivery address, telephone number.

    The affected subjects: every customer requesting home delivery is involved.

    The purpose of data collection: delivery of the ordered product(s) to your home.

    The duration of the data handling, the time of data deletion: until the completion of home delivery.

    Legal basis for data handling: the voluntary contribution of the concerned.

    Online payment

    Activity performed by data processor: online payment

    Data processor's name and contact information:

    1. PayPal Inc.
      2211 North First Street., San Jose, CA 95131. - USA
      Phone: 00 1 402-935-2050
      https://www.paypal.com/webapps/mpp/ua/privacy-full
    2. Wirecard Central Eastern Europe GmbH
      Primoschgasse 3, 9020 Klagenfurt - Austria
      Phone: +43 (0)316 / 81 36 81 -1300
      E-Mail: buchhaltung.at@wirecard.com
      Web: https://www.wirecard.com/privacy-protection/

    The fact of collecting data, the affected data: billing name, billing address, e-mail address.

    The affected subjects: every customer requesting online payment is involved.

    The purpose of data collection: performing online shopping, verifying transactions and fraud-monitoring in order to protect users.

    The duration of the data handling, the time of data deletion: until the completion of online payment.

    Legal basis for data handling: the voluntary contribution of the concerned.

    Other data processors

    1. HSBC
      Phone from the UK: 03456 040 626
      Phone from outside the UK: +44 1226 261 010
      Contact: https://www.hsbc.co.uk/1/2/contact-and-support
      Privacy statement: http://www.about.hsbc.co.uk/privacy-statement
    2. MXOffice Ltd.
      Unit 42, Price Street Business Centre, Birkenhead, CH41 4JQ - United Kingdom
      Phone: +44-151-808-0264
      E-mail: info@mxoffice.co.uk
      Web: http://www.angolcegalapitas.hu
    3. Safety Layne Accounting Ltd.
      35 Rodney Street, Liverpool, Merseyside, England, L1 9EN – United Kingdom
      E-mail: alison@fwbx.co.uk
    To top
  • Customer relations and other data collection

    In case user while using Data Controller's services has a question or problem, he/she may get in touch with Data Controller on the contact options available (phone, e-mail, social networking sites, etc.) on the website.

    Data collector will delete the information provided in received e-mails, messages, over the phone, on Facebook, etc. with the name and e-mail address of the interested party as well as with any other voluntarily entered personal data, not later than five years from the date of disclosure.

    Data collection forms not listed in this document is provided when data is collected.

    On the event of special occasions of authority request or with the authorization of the law to request of other bodies the Service Provider is obliged to provide information, communicate, transfer or make available documents.

    In these cases, the Service Provider shall - to the extent that it indicates the exact purpose and exact scope of the data - hand over personal information only to the extent that is indispensable to achieve the purpose of the request.

    To top
  • Data security

    The Data Controller plans and executes the data management operations to ensure that the privacy of the individuals concerned is protected.

    The Data Controller ensures the security of the data (password, antispyware), takes technical and organizational measures and establishes the procedural rules.

    Data are protected by appropriate measures by the Data Controller in particular

    • unauthorized access,
    • alteration,
    • transmission,
    • disclosure,
    • deletion or destruction,
    • accidental destruction and damage,
    • against unavailability because of the change of technology used.

    The Data Controller shall ensure by means of an appropriate technical solution that the data stored in the records can not be directly linked and assigned to the data subject.

    To prevent unauthorized access to personal data, to alter the data and to prevent unauthorized disclosure or use of the data, the Data Controller shall ensure:

    • the development and operation of the appropriate IT and technical environment,
    • the supervised selection and supervision of the staff involved in providing the service,
    • detailed operating, risk management and service procedures.

    Based on the above, the Service provider ensures that the data he manages

    • is available to the holder,
    • is credible and authentic,
    • is verifiable unaltered.

    The IT system of the Data Controller and its hosting provider protects against (among others)

    • computer fraud,
    • espionage,
    • computer viruses,
    • spam,
    • hacking,
    • and other attacks.
    To top
  • Rights of affected persons

    The person concerned may apply to the Service Provider to provide information on the processing of his/her personal data, to request the rectification of his/her personal data and to request the deletion or blocking of his or her personal data - except mandatory data handling.

    At the request of the data subject concerned, the Data Controller shall provide information on the data processed by him or by the data processor entrusted by him or by the data processor, the source of the data, the purpose, legal basis, duration of the data processing, the name and address of the data processor and Data Controller related to the data protection incident, its effects and the measures taken to remedy it, and, in the case of transmission of the personal data of the person concerned, the legal basis and the addressee of the transfer.

    The Data Controller - if he has an internal data protection officer, through the internal data protection officer - keeps a register of data protection incidents and keeps records for the data subject, including the scope of the personal data concerned, the scope and number of persons involved in the data protection incident, its circumstances, its effects and the measures taken to remedy it, as well as any other data specified in the law governing data management.

    The Data Controller shall keep a record of the data transmission of the personal data it manages, the legal basis and the addressee of the data transfer, the data specified in the transmission of personal data and other data specified in the statutory provision for the data management in order to inform the subject concerned.

    At the request of a User, the Service Provider shall provide information about the data it manages, their source, the purpose, legal basis, duration of the data processing, the name, address and data management of the data processor, and, in the case of transmission of the personal data of the data subject, the legal basis and the addressee of the data transfer. The Service Provider shall provide the information in writing, in the shortest possible time, but within 25 days of the submission of the request. Information is free of charge.

    The Service Provider, if the personal data does not comply with the reality and the personal data corresponding to the reality is available to the Data Controller, corrects the personal data.

    Instead of deleting, the Service Provider locks out personal data if the User so requests or if, based on the information available to him, it is assumed that deletion would violate the legitimate interests of the User. Locked personal data can only be handled as long as there is a data management target that excludes the deletion of personal data.

    Service Provider deletes personal data if its handling is unlawful, on User's request, the data is incomplete or incorrect - and this status can not be legally remedied - provided that the deletion is not excluded by law, the purpose of data management has ceased or the data storage has expired, the court or the National Data Protection and Information Authority has ordered it.

    The Data Controller shall mark the personal data he or she handles if the person concerned disputes its correctness or accuracy, but the incorrect or imprecise nature of the disputed personal data can not be clearly identified.

    Upon correction, locking, marking and deletion of data, the person concerned and all those who it have previously been transferred to have to be notified. Notification may be omitted if it does not prejudice the legitimate interest of the data concerned for the purpose of data handling.

    If the Data Controller fails to comply with user's correction, lock or deletion request, he shall within 25 days make known the factual and legal grounds for rejecting an application for rectification, locking or deletion. In the case of refusal of an application for rectification, deletion or locking, the Data Controller shall inform the person concerned of the legal remedy and the possibility of appeal to the Authority.

    To top
  • Legal remedy

    User may object to personal data being handled if

    • the handling or transmission of personal data is only necessary to comply with the legal obligation of the Service Provider or to enforce the legitimate interests of the Service Provider, Data Provider or third party, unless data management is prescribed by law;
    • the use or transmission of personal data is done for direct business acquisition, polling or scientific research;
    • in other cases, specified by law.

    The Service Provider shall examine the protest within the shortest time but not later than 15 days from the submission of the request, and decide on the matter of its validity and shall inform the applicant in writing. If the Service Provider determines the validity of the protest of the person concerned, data management - including further data collection and data transfer - will terminate, the data will be locked, and Service Provider informs those to who the personal data affected by the protest have previously been forwarded, and who are obliged to take action to enforce the right to protest.

    If the User disagrees with the decision of Service provider, he or she may appeal to the court - within 30 days from the date of its communication.

    To top
  • Judicial law enforcement

    The Data Controller must demonstrate that data management is in compliance with the law. The data receiver has to prove the legality of the transfer of data.

    The trial is governed by the jurisdiction of the court. The case may be initiated before the tribunal of the domicile or place of residence of the person concerned - according to his/her choice.

    Those who have no legal capacity may also be party to lawsuits. The Authority may intervene for the sake of the merits of the matter concerned.

    If the court upholds the request, the Data Controller is required to provide information, correction, locking, deleting, destruction of the automated data processing, taking into account the right of protest of the person concerned and the data receiver may be requested to hand over the data requested.

    If the court rejects the request of the data receiver, the Data Controller shall cancel the personal data of the data subject within 3 days of the delivery of the judgment. The Data Controller is also required to delete the data even if the data receiver does not appear before the court within the specified deadline.

    The court may order the disclosure of its judgment by publishing the identity of the Data Controller if it is required by data protection interests and by a larger number of protected rights of the data subject.

    To top
  • Compensation and grievance fees

    If the Data Controller causes harm to someone else's data by unlawful handling or violation of the data security requirements, he or she has to pay for the damages.

    If the Data Controller violates the personal rights of the data subject by unlawful handling of the data concerned or breaches the requirements of data security, the data subject may demand a charge for damages.

    The Data Controller is liable for the damage caused by the data processor to the data subject and the Data Controller is obliged to pay to the data subject the personal injury violation caused by the data processor. The Data Controller is exempt from liability for damages and grievance fees if it proves that the damage or harm to the personal rights of the person concerned is caused by an unavoidable cause beyond the scope of the data processing.

    No compensation is required and no damages can be claimed if the damage or the infringement of the right to privacy was caused by the deliberate or gross negligent conduct of the person concerned.

    To top
  • Closing Remarks

    During the preparation of this document we used the following legislation:

    • 2011. CXII. act (Hungary) – about information self-determination and freedom of information
    • 2001. CVIII. act (Hungary) – about electronic commerce services and certain aspects of information society services (mainly 13/A. §)
    • 2008. XLVII. act (Hungary) – about the prohibition of unfair commercial practices against consumers
    • 2008. XLVIII. act (Hungary) – about economic conditions of advertising and some of its limitations (mainly 6.§)
    • 2005. XC. act (Hungary) - about the freedom of electronic information
    • 2003. C. act (Hungary) - about electronic communications (mainly 155.§)
    • Nr. 16/2011. opinion about best practices in behavioral online advertising from EASA/IAB
    To top