Privacy Policy

  1. Name of data manager

Name of data manager: ACCELL Hunland Kft.

Company register number of data manager: Cg.16-09-006497

Registered seat of data manager: 5091 Tószeg, Parkoló tér 1.

Representative of data manager: Dr. Adriána Dóra Nagy

 

  1. Data management rules

Present data management rules are effective as of September 26, 2017.

Present information statement uses the same glossary that is included in the interpreting glossary that is defined in Section 3 of the Privacy Act. Therefore, the following expressions have the following meanings:

Person Involved: any natural person identified on the basis of a defined, personal data or who may be identified directly or indirectly;

Personal Data: a data that may be connected to the person involved – especially the name of the person involved, his identification code, or one or more information that is characteristic of his physical, physiological, mental, economic, cultural or social identity – and conclusions that may be derived in connection with the person involved from the data;

Contribution: declaration of the data of the involved person voluntarily and definitively, based on being appropriately informed and through which he gives his express agreement to having his personal data managed fully or as regards specific operations;

Data Manager: A natural person, or an organisation that is either a legal personality or does not have a legal personality, which either independently or together with others defines the purpose of data management, which makes and executes the decisions that refer to data management (including the devices used) or which has it executed by the data processor;

Data Management: any operation or all the operation that are implemented on the data independently of the procedure applied, thus especially the collection, recording, capturing, arranging, storing, changing, using, querying, forwarding, publishing, harmonising or linking, blocking, deleting and destroying the data, as well as preventing the further utilisation of the data, preparing photo, voice or image recordings, or the recording of physical properties that are suitable for identifying the person (e.g. fingerprint or palm print, DNA sample or iris image);

Data Forwarding: making the data available to a third person for a defined purpose;

Data Processing: carrying out the technical tasks that are connected to the data management operations, independently form the method and means that are applied for the implementation of the operations, and independently from the place of application, provided the technical task is implemented on the data;

Data Processor: a natural person or an organisation with legal personality or without a legal personality, which carries out the processing of the data based on a contract – including also contracts that are concluded on the basis of the provision of law.

Data Protection Incident: managing or processing personal data in an unlawful manner, especially accessing, changing, forwarding, publishing, deleting or destroying the data in an unlawful manner or destroying or damaging the data by incident.

The Company ensures that the management of personal data will take place only in the interest of exercising a right or for performing an obligation. The Company will not use the personal data it manages for any private purpose. The data management done by the Company will always fulfil the principle of being tied to a purpose.

The Company manages personal data only for a defined purpose, for exercising a right or performing an obligation, with the prior approval of the person involved, or on the basis of an authorisation provided by the law, exclusively up to the extent and for the time that is needed for achieving the given purpose. The data management activity done by the Company meets in each of its phase the defined purpose. If the purpose of data management will have terminated, or the management of the data is unlawful due to another reason, the data will be deleted.

The Company will inform the person involved in each case before recording the data about the purpose of data management and about the legal basis of data management.

The data managing employees of the Company and the employees of organisations participating in data management being appointed by the Company, who implement any of the data management operations do manage the personal data learnt by them as business secrets. The persons, who manage the personal data and who have access to these data have to issue a Confidentiality Statement.

If a person belonging under the effect of the rules learns that the data managed by the Company are incorrect, defective or obsolete, he has to correct it or initiate its correction at the colleague, who is responsible for recording the data.

The data protection rights and obligations concerning the natural persons or organisations that have a legal personality or which do not have a legal personality, and who or which implement data processing activities upon the order of the Company are included in the service contract that is concluded with the data processor.

The colleagues of the Company ensure in the course of their work that unauthorised persons are not able to view the personal data, and the storing and placement of the personal data are organised in such a manner that unauthorised persons cannot get acquainted with them, cannot change them and cannot destroy them.

The supervision of the data protection system is the task of the Executive.

 

  1. Enforcing the rights of the persons involved

The person involved may ask information at any time about the management of his personal data, and he may request the correction of his personal data, and – with the exception of data management ordered by law – he may ask the deleting of the data at the following electronic access address of the Company: adatkezeles@bad-bike.hu

 

3.1. Right to being informed

Upon the request of the involved person, the Company will inform him in respect of the following:

  1. those data of the involved person, which the Company manages or which have been processed according to the order of the Company by a data processor the company has assigned to do so
  2. about the source of the managed data,
  3. about the purpose of data management
  4. about the legal basis of data management,
  5. about the duration of data management,
  6. about the name, address of the data processor and its activities connected to data management,
  7. about the circumstances, impacts of the data protection incident, and the measures that had been taken to overcome them, and
  8. about the legal basis and the addressee of data forwarding.

The Company will respond in writing, in a plain understandable form to the request of the involved person concerning the management of his data at the latest within 15 days after the submission of the request – in the case of exercising the objection right within 5 days.

The information provided will cover the information that are defined in Section 15 (1) of the Privacy Act, provided providing the information for the person involved cannot be refused on the basis of the law.

The provision of information is free of charge according to the standard rule, and the Company may charge cost refunding only in the case that is defined in Section 15 (5) of the Privacy Act.

The Company will refuse a request only due to reasons that are defined in Sections 9 (1) and/or 19 of the Privacy Act, and this may be done only with reasoning, with providing the information in writing that is defined in Section 16 (2) of the Privacy Act.

The Data Manager will correct the incorrect data – provided the required data and the public deed that prove them are available – and it will take the required steps for having the managed personal data deleted if the reasons defined in Section 17 (2) of the Privacy Act exist.

 

3.2. Right to object

The person involved may object to the management of his personal data,

  1. if managing or forwarding the personal data is required exclusively for performing a legal obligation that refers to the data manager or if it is needed for enforcing the lawful interests of the data manager, data receiving party or a third person, except the case of mandatory management;
  2. if using or forwarding the personal data is done directly for the purpose of acquiring a business, for public opinion research or scientific research; and
  3. in other cases that are defined by the law.

The Company shall examine the objection within the shortest time possible after the submission of the request, but at most within 15 days, and if it is justified it will make a decision about it and it will inform the request submitting party about its decision.

If the objection is well-founded, the Company will terminate the management of the data, and will lock the data, and it will notify about the objection and about the steps taken on the basis of the objection all those, to whom it had forwarded previously the personal data involved in the objection, and who are obliged to take the necessary steps for enforcing the objection right.

If the party involved does not agree to the decision that is made in respect of the objection, or if the Company missed the deadline, the party involved may turn to the court defined according to Section 22 of the Privacy Act within 30 days after the communication of the decision or after the last day of the deadline.

If the objection is justified, the data manager will act according to the contents of Section 21 (3) of the Privacy Act.

 

3.3. Locking

The Company will lock the personal data, if this is requested by the person involved, or if based on the available information it may be assumed that deleting would violate the lawful interests of the person involved. The locked personal data may be exclusively managed until that purpose of data management exists, which excluded the deleting of the personal data.

3.4. Deleting

The Company will delete the personal data, if the management of the data is unlawful, it is requested by the person involved or the data managed is deficient or wrong – and this status cannot be remedied in a lawful manner – provided deleting is not excluded by law, the purpose of data management terminated, or the deadline for storing the data defined by the law expired, or it was ordered by the National Data Protection and Freedom of Information Authority (NAIH).

The Company has 30 days for deleting, locking or correcting the personal data. The Company will notify about the measure introduced the person involved and all those persons, whom it has forwarded the data previously for the purpose of managing the data.

Company will also refund the fee of the damage that is caused by the Company by managing unlawfully the data of the person involved, or by violating the requirements of data security, or by the infringement of personal rights caused by it or by the data processor it engaged. Data manager will be exempted from the liability for the damage caused and from the obligation to pay the infringement fee, if it proves that the damage or the infringement of the personal right of the person involved was caused by an unavertable reason that is outside its scope of data management. The same way, it will not refund the damage, if it has arisen from the intentional or seriously negligent act of the damage enduring party.

The person involved may turn to NAIH with his complaint that is connected to the data management procedure applied by the Company:

name: Hungarian National Authority for Data Protection and Freedom of Information

[Nemzeti Adatvédelmi és Információszabadság Hatóság – NAIH]

registered seat: 1024 Budapest, Szilágyi Erzsébet fasor 22/C.

website: www.naih.hu

 

  1. Data management activities implemented in the course of using the website of the Company

 

Place of data management

5091 Tószeg, Parkoló tér 1.

 

4.1. Data Management of the website

There is a software running on the website of the Company that analyses the visitors related data. The software does not manage any personal data that corresponds to the provisions of the Privacy Act, however, it records data about the visits. The Company receives automatically the following data about the visitors of its website: the address of the internet protocol of the visitor (IP-address), the time of the visit, the data of the pages viewed, the name of the browser programme used.

Based on the data protection right related practice of NAIH and that are internationally accepted, the IP address in certain cases may become relative personal data, therefore, the Company protects each data it learns in the course of the data management of the website with a protection that is due for personal data according to the present rules.

Therefore, the Company informs the visitors about the above collection of data through its website with the aid of present information statement.

The basis of this data management is the consent of the involved person [Sections 5 (1) a) and 6 (6) of the Privacy Act], according which, “the consent of the involved party has to be assumed in respect of the personal data that are given by him in the case of another task started upon the request of the person involved”.

Purpose of data management: examination of the website visiting habits

Scope of data managed: the internet protocol address of the visitor (IP-address), the time of the visit, the data of the pages visited, the name of the browser programme that was used

Legal basis of data management: the consent of the person involved corresponding to Section 5 (1) a) of the Privacy Act.

Deadline of data storage: one year after the recording of the data

Method of data storage: electronic

 

4.2. Newsletter related data management

The Company, upon the request of the person involved will send a newsletter on the product offers of the Company. Newsletters will be sent only and exclusively to those visitors, who separately subscribe themselves on the website of the Company. The person involved has to accept at the place of subscription the provisions of the data protection information statement. He may do so by placing a mark in the check box. The Company ensures at the bottom of each newsletter the possibility of cancelling the subscription.

Registration number of data management: NAIH-

Purpose of data management: informing the persons involved about the most important news of the Company

Scope of the data managed: name of the person involved, his email address

Legal basis of data management: consent of person involved corresponding to Section 5 (1) of the Privacy Act

Deadline of data storage: until the operation of the newsletter service, however, if the person involved requests the deleting of his data (cancels his subscription to the newsletter), straight away after his cancellation request

Method of data storage: electronic

 

4.3. Registration

The visitor may register himself on the website of the Company. The visitor by filling in a form sheet may give the required data. For being registered, the visitor has to accept the data protection information statement of the Company, which he may do by placing a mark in the relevant check box

Purpose of data management: the facilitate picking up contact with the Company, registration

Scope of the data managed: the name of the person involved, his email address, password, phone number, fax number

Legal basis of data management: consent of the person involved corresponding to Section 5 (1) a) of the Privacy Act

Deadline of data storage: lasts until the deleting of the registration, but at the latest until the termination of the Company

Method of data storage: electronic

 

  1. 4. Picking up contact

The person involved may send a message to the Company with the aid of the “Contact” function of the website.

Purpose of data management: picking up contact, sending messages

Scope of data managed: name of the person involved, his email address

Legal basis of data management: consent of the involved party corresponding to Section 5 (1) a) of the Privacy Act

Deadline of data storage: until the implementation of the purpose, but at the latest until deleting done upon the request of the person involved

Method of data storage: electronic

 

  1. 5. Event Calendar

The involved party may register himself to the events announced by the Company by reporting to the Event Calendar.

Registration number of data management: NAIH […]

Purpose of data management: registration to the events of the Company

Scope of data managed: name and email address of the person involved

Legal basis of data management: consent of the person involved corresponding to Section 5 (1) a) of the Privacy Act

Deadline of data storage: until the implementation of the purpose, but at the latest until deleting requested by the person involved

Method of data storage: electronic

 

  1. 6. Downloading

The person involved, by registration under the “Downloads” menu item, becomes entitled to download the contents that are uploaded by the Company

Registration number of data management: NAIH […]

Purpose of data management: ensuring access to the downloads

Scope of data managed: name and email address of the person involved

Legal basis of data management: consent of the person involved corresponding to Section 5 (1) a) of the Privacy Act

Deadline of data storage: until the implementation of the purpose, but at the latest until deleting done upon the request of the person involved

Method of data storage: electronic

 

  1. 7. Purchasing in the Webshop

The person involved may purchase on the website the products that are offered by the Company.

Purpose of data management: purchase and sale of products that are accessible in the webshop of the Company

Scope of data managed: the name and email address of the person involved, his delivery address and his invoicing address, his phone number

Legal basis of data management: consent of the person involved corresponding to Section 5 (1) of the Privacy Act

Deadline of data storage: in the case of retaining a product or an order, the name and phone number of the customer until his being notified; and in respect of additional data eight years in line with Section 169 (2) of the Accounting Act

Method of data storage: electronic

 

4.8. Client Management

In the interest of serving as fully as possible the demands of the clients, the Company will send emails to the person involved with the purpose of providing direct offers on the basis of the unambiguous and express prior consent of the person involved. The Company ensures the client the option to cancel the subscription from the marketing purpose emails free of charge at any time.

The Company defines client management from the aspect of the enforcement of the rights that are connected to the products sold, of accounting and implementing its marketing targets. Therefore, client management especially includes the following: consent to using the personal data of the person involved for this purpose, thus especially for sending notices (exclusively in email) about the new products and those new services that belong under the scope of products that had been purchased by the person involved previously.

For the case the person involved would request the deleting of his data, the Company manages a banning list in line with the contents of Act CXIX of year 1995 on the management of name and home address data that serve research or the purpose of acquiring businesses directly (hereinafter referred to as: Katv.). The Company commits itself to check prior to contacting the person involved for advertising purposes whether the person involved is included in the banning list or not.

Registration number of data management: NAIH […]

Purpose of data management: client management

Scope of data managed: name, address and email address of client

Legal basis of data management: consent of the person involved corresponding to Section 5 (1) a) of the Privacy Act.

Deadline of data storage: until the termination of the company or until deleting upon the request of the person involved

Method of data storage: electronic

 

  1. Data Processors

The Company in the course of managing the personal data will engage exclusively the following data processor for carrying out the tasks of  technical types:

Name of data processor: NTCOM Kft.

Address: 8053 Bodajk, Rigós utca 64.

Company Register Number: 07 09 010362

Purpose of data processing: Storage service provider

Data Processor implements data management according to the instructions of the Company, it may not make any significant decision concerning the management of the data, and it may process the personal data it learns only according to the instructions of the Company, it may not implement any data processing for its own purpose, moreover, it has to store and retain the personal data as stipulated by the Company.

 

  1. Changing the statement

The Company reserves itself the right to modify present statement. If the modification involves the utilisation of the personal data already given by the person involved, it will inform the user about the changes through an email letter. If the details of data management also change as a consequence of the modification of the statement, the Company will ask separately the consent of the person involved.

  1. Issues not defined in present information statement

The rules of the Privacy Act have to be applied in respect of issues that are not defined in the present information statement