EN
EN
BUT

General information on data processing

Data processing when subscribing to a newsletter

Data processing relating to the receipt and reply to messages

Data processing when entering a prize draw

Cookies


General information on data processing

I. Name of the data controller

Company name: Smilezor Kft.
Registered office: 1133 Budapest, 10 Véső Street, 1st floor, door 7
Company registration number: 01-09-326481
Tax number: 26366740-2-43
Represented by: Bálint Gere, as the website owner, hereinafter referred to as the Data Controller.

II. The legislation forming the basis for data processing

The following legislation applies to the processing of personal data that takes place during the newsletter subscription process:
· Regulation (EU) 2016/679 of the European Parliament and of the Council (27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, current version:
//eur-lex.europa.eu/legalcontent/HU/TXT/PDF/?uri=CELEX:32016R0679&from=HU
· Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: the Information Act), as currently in force:
//net.jogtar.hu/jogszabaly?docid=A1100112.TV
· Act XLVIII of 2008 on the fundamental conditions and certain restrictions on commercial advertising, as currently in force:
//net.jogtar.hu/jogszabaly?docid=A0800048.TV


Data processing when subscribing to a newsletter

I. Information regarding the data processed

The categories of data subjects:
newsletter subscribers.

The purpose of data processing:
Sending a newsletter / e-DM.

Legal basis for data processing:
personal consent given by signing up.

Scope of data:
name, email address.

Data controllers entitled to access the data:

Data controller:
Smilezor Kft., as the website owner,

Data processor 1:
Onlinemarketing.hu Ltd.,

Data Processor 2:
NLG-System Bt., as a web hosting provider.

How the data is stored:
electronic.

II. Access to data and data security measures

II.1. Access to data and data transfer

The Data Controller’s staff may access the personal data you have provided in order to carry out their duties. The Data Controller will transfer the personal data it processes to its subcontractors, as set out in the annex to this policy.
The Data Controller will only disclose your personal data to other Data Controllers or public bodies – not listed in the Annex – in exceptional circumstances.

For example, if

· legal proceedings are initiated in a case concerning you, and the court hearing the case requires documents containing your personal data to be provided,
· the police contact the Data Controller and request that documents containing your personal data be forwarded to them for the purposes of the investigation.

II.2. Data security measures

The Data Controller stores the personal data you provide on its own servers or, where applicable, in its paper-based records. The Data Controller does not use the services of any other company for the storage of personal data.
The Data Controller shall take appropriate measures to ensure that personal data is protected against, amongst other things, unauthorised access or unauthorised alteration. For example, the Data Controller logs access to personal data stored on the server, meaning it is always possible to verify who accessed which personal data and when.

III. Your rights in relation to the processing of your personal data

  1. Your rights of access

As the data subject, you have the right to access your personal data.

If you request that the Data Controller confirm whether it is processing your personal data, the Data Controller is obliged to provide you with information regarding the following:
(a) what personal data,
(b) on what legal basis,
(c) for what purpose the data is being processed,
(d) from what source,
(e) how long it will be processed.

You have the right to be informed as to whether or not the Data Controller is processing your personal data
your personal data,
(a) relates to your personal data;
(b) does not cover anonymous data;
(c) does not cover personal data relating to anyone other than you; and
(d) includes pseudonymised data that can be clearly linked to you.

The Data Controller will provide you with access to and a copy of your personal data at your request. If you request further or repeat copies of your personal data, the Data Controller may charge a reasonable fee to cover the administrative costs incurred in fulfilling the request, which you will be required to pay.

  1. Your right to rectification

You have the right to have your personal data rectified.
This right
(a) does not cover anonymous data;
(b) relates to your personal data;
(c) does not cover personal data relating to anyone other than you; and
(d) includes pseudonymised data that can be clearly linked to you.

The Data Controller shall, at your request, correct or supplement your personal data as appropriate. The Data Controller shall inform the recipients of your personal data (if any) of any rectification made to your personal data. However, the Data Controller shall not inform the recipients of the rectification of your personal data if informing them proves impossible or would involve a disproportionate effort.

  1. Right to erasure

Under certain circumstances, you have the right to have your personal data erased.

The Data Controller is obliged to erase your personal data without undue delay if
(a) the Data Controller processes this personal data, and
(b) You request the erasure of your personal data, and
(c) the personal data are not necessary for the purposes for which the Data Controller processes the personal data.

The Data Controller is obliged to erase your personal data without undue delay if
(a) the Data Controller processes your personal data, and
(b) You request the erasure of your personal data, and
(c) you withdraw your consent, on which the processing of your data is based, and
(d) there is no other legal basis for the further processing of your data.

The Data Controller is obliged to erase your personal data without undue delay if (a) the processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or a third party, and
(b) You object to the Data Controller processing your personal data, and
(c) the lawful ground on which the processing of such personal data is based does not take precedence over your objection.

The Data Controller is obliged to erase your personal data without undue delay if
(a) You request the erasure of your personal data, and
(b) the processing of such data by the Data Controller is not unlawful, or
(c) erasure is required under applicable law, or
(d) your data is collected in connection with information society services.

The Data Controller shall inform the recipients of your personal data (if any) of the erasure of your personal data. However, the Data Controller will not inform the recipients of the erasure of personal data if informing them is impossible or would require a disproportionate effort.

  1. Your right to restrict data processing

You may request that the processing of your personal data be restricted.
Your right to request a restriction on the processing of your personal data
(a) does not cover anonymous data;
(b) relates to your personal data;
(c) does not cover personal data relating to anyone other than you; and
(d) includes pseudonymised data that can be clearly linked to you.

The Data Controller shall restrict the processing of your personal data for the period during which it verifies the accuracy of such data, if you request the restriction of the processing of your personal data and you contest the accuracy of such data. The Data Controller shall restrict the processing of your personal data if you request the restriction of the processing of data which is being processed unlawfully and you object to the erasure of such data.

The Data Controller shall restrict the processing of your personal data if
(a) You request that the processing of your personal data be restricted, and
(b) the Data Controller no longer requires this data for the purposes of data processing, and
(c) You may use your data to bring, enforce or defend a legal claim
requires.

The Data Controller shall restrict the processing of your personal data if
(a) You object to the processing of your personal data that is necessary for the purposes of the Data Controller’s legitimate interests, and
(b) You are awaiting confirmation that your personal data has been

There is a lawful basis for the data controller to process your data, which does not take precedence over your objection.
The Data Controller shall inform the recipients of your personal data (if any) of the restriction on the processing of such personal data. However, the Data Controller will not inform the recipients of such a restriction if informing them is impossible or would require a disproportionate effort.

If the Data Controller restricts the processing of your personal data, then
(a) may store such personal data,
(b) may process such personal data on the basis of your consent,
(c) may process personal data for the purpose of establishing, exercising or defending a legal claim, or for the purpose of protecting the rights of another person.

  1. Your right to data portability

You have the right to receive the personal data concerning you, which you have provided to a data controller, in a structured, commonly used and machine-readable format, and you are also entitled to have that data transmitted to another data controller without hindrance (where technically possible) to the
the data controller to whom they have provided their personal data, where the processing is based on consent or is necessary for the performance of a contract and the processing is carried out by automated means.

Your right to data portability
(a) does not cover anonymous data;
(b) relates to your personal data;
(c) does not cover personal data relating to anyone other than you; and
(d) does not cover data that has been clearly pseudonymised.

  1. The deadline for processing your request as a data subject

The Data Controller will respond to requests concerning the rights to which you are entitled as set out above without undue delay, but within one month at the latest.

  1. The right to lodge a complaint

If you believe that your rights have been infringed, the Data Controller recommends that you initiate a consultation by contacting the Data Controller directly. If such a discussion proves unsuccessful, or if you do not wish to engage in such a process, you may bring the matter before the courts or the NAIH. Should you decide to initiate legal proceedings, you may choose to bring the case before the court with jurisdiction over your registered address or place of residence.

The NAIH’s contact details are as follows:
22/C Szilágyi Erzsébet fasor, Budapest 1125;
telephone: +36 1 391 1400; fax: +36 1 391 1410;
email: ugyfelszolgalat@naih.hu;
website: www.naih.hu

  1. Amendments to this information notice

The Data Controller reserves the right to amend this notice at any time. Where appropriate, the Data Controller will inform customers of such amendments by post or email, and in all cases in accordance with the relevant legislation.


Data processing when taking part in a prize draw

I. Information regarding the data processed

The categories of data subjects:
those registering for the prize draw.

The purpose of data processing:
organising prize draws, and establishing and maintaining contact in connection with prize draws.

Legal basis for data processing:
personal consent given upon registration.

The scope of personal data:
name, email address, telephone number.

Data controllers entitled to access the data:

Data controller:
Smilezor Kft., as the website owner,

Data processor 1:
Onlinemarketing.hu Ltd.,

Data Processor 2:
NLG-System Bt., as a web hosting provider.

How the data is stored:
electronic.

II. Access to data and data security measures

II.1. Access to data and data transfer

The Data Controller’s staff may access the personal data you have provided in order to carry out their duties.
The Data Controller transfers the personal data it processes to its subcontractors, as set out in the annex to this policy.
The Data Controller will only disclose your personal data to other Data Controllers or public bodies – not listed in the Annex – in exceptional circumstances.

For example, if

If legal proceedings are initiated in a case concerning you, and the court hearing the case requires documents containing your personal data to be handed over, the police will contact the Data Controller and request that documents containing your personal data be forwarded for the purposes of the investigation.

II.2. Data security measures

The Data Controller stores the personal data you provide on its own servers or, where applicable, in its paper-based records. The Data Controller does not use the services of any other company for the storage of personal data.

The Data Controller shall take appropriate measures to ensure that personal data is protected against, amongst other things, unauthorised access or unauthorised alteration. For example, the Data Controller logs access to personal data stored on the server, meaning it is always possible to verify who accessed which personal data and when.

III. Your rights in relation to the processing of your personal data

  1. Your rights of access

As the data subject, you have the right to access your personal data.

If you request that the Data Controller confirm whether it is processing your personal data, the Data Controller is obliged to provide you with information regarding the following:

(a) what personal data,
(b) on what legal basis,
(c) for what purpose the data is being processed,
(d) from what source,
(e) how long it will be processed.

Your right to receive confirmation as to whether or not the Data Controller is processing your personal data,

(a) relates to your personal data;
(b) does not cover anonymous data;
(c) does not cover personal data relating to anyone other than you; and
(d) includes pseudonymised data that can be clearly linked to you.

The Data Controller will provide you with access to and a copy of your personal data at your request. If you request further or repeat copies of your personal data, the Data Controller may charge a reasonable fee to cover the administrative costs incurred in fulfilling the request, which you will be required to pay.

  1. Your right to rectification

You have the right to have your personal data rectified. This right

(a) does not cover anonymous data;
(b) relates to your personal data;
(c) does not cover personal data relating to anyone other than you; and
(d) includes pseudonymised data that can be clearly linked to you.

The Data Controller shall, at your request, correct or supplement your personal data as appropriate. The Data Controller shall inform the recipients of your personal data (if any) of any rectification made to your personal data. However, the Data Controller shall not inform the recipients of the rectification of your personal data if informing them proves impossible or would involve a disproportionate effort.

  1. Right to erasure

Under certain circumstances, you have the right to have your personal data erased.

The Data Controller is obliged to erase your personal data without undue delay if

(a) the Data Controller processes this personal data, and
(b) You request the erasure of your personal data, and
(c) the personal data are not necessary for the purposes for which the Data Controller processes the personal data.

The Data Controller is obliged to erase your personal data without undue delay if

(a) the Data Controller processes your personal data, and
(b) You request the erasure of your personal data, and
(c) you withdraw your consent, on which the processing of your data is based, and
(d) there is no other legal basis for the further processing of your data.

The Data Controller is obliged to erase your personal data without undue delay if

(a) the processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or a third party, and
(b) You object to the Data Controller processing your personal data, and
(c) the lawful ground on which the processing of such personal data is based does not take precedence over your objection.

The Data Controller is obliged to erase your personal data without undue delay if

(a) You request the erasure of your personal data, and
(b) the processing of such data by the Data Controller is not unlawful, or
(c) erasure is required under applicable law, or
(d) your data is collected in connection with information society services.

The Data Controller shall inform the recipients of your personal data (if any) of the erasure of your personal data. However, the Data Controller will not inform the recipients of the erasure of personal data if informing them is impossible or would require a disproportionate effort.

  1. Your right to restrict data processing

You may request that the processing of your personal data be restricted.

Your right to request a restriction on the processing of your personal data

(a) does not cover anonymous data;
(b) relates to your personal data;
(c) does not cover personal data relating to anyone other than you; and
(d) includes pseudonymised data that can be clearly linked to you.

The Data Controller shall restrict the processing of your personal data to the period during which it verifies the accuracy of such data, if you request the restriction of the processing of your personal data and you contest the accuracy of such data.

The Data Controller will restrict the processing of your personal data if you request the restriction of the processing of data which is being processed unlawfully and you object to the erasure of such data.

The Data Controller shall restrict the processing of your personal data if

(a) You request that the processing of your personal data be restricted, and
(b) the Data Controller no longer requires this data for the purposes of data processing, and
(c) You require your data in order to bring, enforce or defend a legal claim.

The Data Controller shall restrict the processing of your personal data if

(a) You object to the processing of your personal data that is necessary for the

For the purposes of the data controller’s legitimate interests, and

(b) You are awaiting confirmation that there is a lawful basis for the Data Controller’s processing of your personal data which does not override your objection.

The Data Controller shall inform the recipients of your personal data (if any) of the restriction on the processing of such personal data. However, the Data Controller will not inform the recipients of such a restriction if informing them is impossible or would require a disproportionate effort.

If the Data Controller restricts the processing of your personal data, then

(a) may store such personal data,
(b) may process such personal data on the basis of your consent,
(c) may process personal data for the purpose of establishing, exercising or defending a legal claim, or for the purpose of protecting the rights of another person.

  1. Your right to data portability

You have the right to receive the personal data concerning you, which you have provided to a data controller, in a structured, commonly used and machine-readable format, and you are also entitled to have that data transmitted to another data controller without this preventing (where technically feasible) the data controller to whom you have provided the personal data, provided that the processing is based on consent or is necessary for the performance of a contract and the processing is carried out by automated means.

Your right to data portability

(a) does not cover anonymous data;
(b) relates to your personal data;
(c) does not cover personal data relating to anyone other than you; and
(d) does not cover data that has been clearly pseudonymised.

  1. The deadline for processing your request as a data subject

The Data Controller will respond to requests concerning the rights to which you are entitled as set out above without undue delay, but within one month at the latest.

  1. The right to lodge a complaint

If you believe that your rights have been infringed, the Data Controller recommends that you initiate a consultation by contacting the Data Controller directly. If such a discussion proves unsuccessful, or if you do not wish to engage in such a process, you may bring the matter before the courts or the NAIH. Should you decide to initiate legal proceedings, you may choose to bring the case before the court with jurisdiction over your registered address or place of residence.

The NAIH’s contact details are as follows:
22/C Szilágyi Erzsébet fasor, Budapest 1125;
Telephone: +36 1 391 1400;
Fax: +361 391 1410;
Email: ugyfelszolgalat@naih.hu;
Website: www.naih.hu

  1. Amendments to this information notice

The Data Controller reserves the right to amend this notice at any time. Where appropriate, the Data Controller will inform customers of such amendments by post or email, and in all cases in accordance with the relevant legislation.


Data processing relating to the receipt and reply to messages

The categories of data subjects:
Users who send a message to the Data Controller via the messaging interface accessible from the „Contact” menu on the website, or by email using the email address(es) provided on the website.

Legal basis for data processing: the User’s consent pursuant to Article 6(1)(a) of the GDPR. By voluntarily providing the data requested on the messaging interface, ticking the box next to the data processing statement displayed there, and voluntarily sending the message, or, in the case of a message sent by email, by voluntarily sending the email, the User consents to the processing of the data provided and any other data they may have included in their message.

Definition of the scope of data processed: In the case of users sending messages, data processing is limited to the as well as any additional data the User may provide in the message (including e-mail messages).

Scope of data:
name
email address
telephone number.

With regard to any additional data that the User may have provided in the message (e-mail), the Data Controller shall only process such data to the extent strictly necessary in connection with the content of the message upon its receipt; however, the Data Controller does not request the User to provide any personal data that may be included therein. Should such unexpected personal data be disclosed, the Data Controller will not store it but will delete it from its IT system without delay.

The purpose of data processing:
To enable the User to exchange messages with the Data Controller. The purpose of processing the personal data and contact details provided voluntarily by Users visiting the website, as indicated above, is to enable the User concerned to make use of the website’s messaging services.

Services related to this:
sending messages via the messaging interface (the „Contact” page),
receiving messages sent by email (using the email address(es) provided on the website),
responding to messages received by the Data Controller via the above methods, which the Data Controller shall do within 48 hours,
In the event that a user’s message contains a more complex enquiry, responding to that enquiry by telephone.

Duration of data processing:
The data controller will process the data until the purpose has been fulfilled.
Accordingly, in the case of Users sending messages, the duration of data processing extends until the message has been replied to or the User’s request has been fulfilled. The Data Controller shall delete the data processed for this purpose once the message has been replied to or the request fulfilled. Where the exchange of information takes place through a series of messages on related topics, the Data Controller shall delete the data once the exchange of information has been completed or the request has been fulfilled.

Method of data storage:
In a separate data processing list within the data controller’s IT system, until the end of the period of information exchange.

Cookies