Table of contents

  1. Introduction
  2. Scope of the Policy

2.1. Scope of the Policy Temporal scope

2.1.2. Scope of persons

2.1.3. Scope

2.2. Data transmitted online

2.3. Right of modification

  1. Application of applicable law
  2. Applicable law
  3. Definition of terms

5.1. Personal data

5.2. Processing of data

5.3. Controller

5.4. Processor

5.5. Data file

5.6. Recipient

5.7. Consent

5.8. Third party

5.9. Data protection incident

5.10. Partner

5.11. Collaborator

5.12. Website


6.1 Legality, fairness and transparency

6.2. Purpose limitation

6.3 Data economy

6.4 Accuracy

6.5. Limited shelf-life

6.6 Integrity and confidentiality

6.7 Accountability

  1. Rights of data subjects

7.1 Right to information

7.2 Right to rectification

7.3 Right to erasure

7.4 Right to restriction of processing

7.5. Procedural rules

7.6 Right to data portability

7.7. Right to object

7.8. Automated decision-making in individual cases, including profiling

  1. Security principles for data processing
  2. Data processing in relation to the operation of the Company
  3. Newsletter, Direct Marketing Activities, Registration

10.1 Newsletter, Direct Marketing


11.1 What is a cookie?

11.2. Types of cookies

  1. Google Adwords
  2. Google Analytics
  3. Use of social networking sites
  4. Complaints handling

15.1. Remedies

15.2. Compensation and damages

15.3 Complaints to the Data Protection Auditor

15.4 Right to apply to the courts

  1. Supervisory authority
  2. Declaration of rights


  1. Introduction, Data Controller's details, contact details

The following information is provided pursuant to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation).



Company name: MMV Magyar Magánvasút Zrt.

Registered office: 2040 Budaörs, Rubik Ernő u. 6.

Company registration number: 13-10-042165

Tax number: 13210931-2-13




Name: Károly Bauer

Address: 2040 Budaörs, Rubik Ernő u. 6.


Phone: +36-21-2000-361


The Data Controller shall endeavour to comply as closely as possible with the recommendations of the National Authority for Data Protection and Freedom of Information, in particular its Recommendation of 29 September 2015 on the data protection requirements of prior information, and shall therefore explain the data protection rules as clearly as possible, if necessary by giving examples, and shall describe in detail the individual processing activities, so that the data subject is informed of them

to decide whether or not to give their voluntary consent.


If you wish to contact our Company, you can do so by using the contact details provided in this notice, the contact details on the website or the form on the website.

The Company will delete all e-mails received by it, together with the sender's name, e-mail address, date, time and other personal data provided in the message, after five years from the date of the communication. Any processing not covered by this notice will be disclosed at the time of collection.

We inform the Data Subjects that the courts, prosecutors, investigative authorities, law enforcement authorities, law enforcement agencies, and other authorities may not be informed of the data

authority, administrative authority, the National Authority for Data Protection and Freedom of Information, or other bodies authorised by law to provide information, data, or documents.

The Company shall disclose personal data to the authorities only to the extent and to the extent strictly necessary for the purpose of the request, provided that the authorities have indicated the precise purpose and scope of the data.




2.1.1 Temporal scope:

This Policy is effective from 14.12.2020 until further notice or revocation.


This Regulation shall apply to all persons:

 the Data Controller, and

 the persons whose data are subject to the processing covered by this Policy

the data subject to the data subject to this Privacy Notice, and

 to persons whose rights or legitimate interests are affected by the processing covered by the data subject to the scope of this Privacy Notice.

The Data Controller therefore primarily processes the data of natural persons who

 by any means or in any way accessible to them, such as by electronic means, by sending their data to any e-mail address of the Controller, by means of a social networking site or by telephone or in person

o for the purpose of establishing contact,

o used or requested the services of the Data Controller;


o for a reason or purpose other than to establish contact;

 by the Data Controller's Staff;

 natural person Partners of the Controller, other than natural persons

Representatives, contact persons, possibly other employees of its Partners.


The scope of this Policy covers all processing of personal data carried out in all departments of the Data Controller, whether carried out electronically and/or on paper.


The scope of this Policy covers the processing of personal data transmitted on the Company's online portal at and at the Company's headquarters/premises/ in connection with the use of its services.

2.3. Right of modification

The Company reserves the right to modify this information at any time and will notify its partners of any changes in due time. Any changes to the information shall take effect upon publication on the Company's website. Should the Data Subjects have any questions,

that is not clear from this notice, please write to us and our team will answer your question.

The Company is committed to maintaining the highest level of service quality, but cannot be held responsible for any damage resulting from the use of the system.



Any disputes relating to the Company and its services shall be subject to the jurisdiction of the Hungarian courts, under Hungarian law.

  1. Applicable law

The data processing principles of the Company are in accordance with the applicable laws on data protection, in particular the following:

 Act CLV of 1997 on Consumer Protection (Fgytv.);

 Act XIX of 1998 - on Criminal Procedure (Be.);

 Act C of 2000 on Accounting (Act C of 2000 on Accounting);

 Act CVIII of 2001 - on certain aspects of electronic commerce services and information society services (Eker. tv.);

 Act C of 2003 - on Electronic Communications (Eht.);

 Act CXXXIII of 2005 - on the Rules of Personal and Property Protection and Private Investigation (Act on the Protection of Personal Data and Property and Private Investigation);

 Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions on Commercial Advertising (Act XLVIII of 2008),

 Act XLVII of 2008 on the Prohibition of Unfair Commercial Practices against Consumers,

 Act CXII of 2011 - on the Right to Informational Self-Determination and Freedom of Information (Infotv.);

 Act CLIX of 2012 on Postal Services (Postal Act).

 Act V of 2013 - on the Civil Code (Civil Code);

 Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).


5 Definition of terms

5.1 Personal Data:

Any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

5.2 Data Processing:

Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination

or otherwise making available, alignment or combination, restriction, erasure or destruction;


The natural or legal person or unincorporated body which, alone or jointly with others, determines the purposes for which the data are to be processed, takes and executes decisions regarding the processing (including the means used), or has

processor on its behalf, so that for the purposes of this Policy, the Data Controller is collectively the persons defined in Chapter 1;

5.4 Processor:

A natural or legal person, public authority, agency or any other body that processes Personal Data on behalf of the Controller;


The set of data processed in a single register;

5.6 Recipient:

The natural or legal person, public authority, agency or any other body with whom or to which the personal data is communicated, whether or not a third party. Public authorities that may have access to personal data in the context of an individual investigation in accordance with Union or Member State law are not recipients; the processing of such data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;

5.7 Consent:

A voluntary and explicit expression of the data subject's wishes, based on adequate information, by which he or she gives his or her unambiguous consent to the processing of personal data relating to him or her, whether in full or in relation to specific operations, and thus consent has 3 basic elements: the

voluntary, specific and informed;


A natural or legal person or an unincorporated entity other than the data subject, the controller or the processor;


The unlawful processing or handling of personal data, including in particular unauthorised access, alteration, disclosure, transmission, disclosure, erasure or destruction, as well as accidental destruction or accidental damage;

5.10. Partner:

Legal entities, unincorporated business entities, to which the Data Controller transfers or may transfer personal data, following the consent of the data subject, or which perform or may perform activities for the Data Controller in relation to data storage, processing, related IT and other activities facilitating secure data management, which are contracted to use the services of the Data Controller and/or facilitate the performance of the services of the Data Controller (performance facilitator);


A natural person who has a contract, employment or other legal relationship with the Data Controller, who is entrusted with the task of providing or performing the services of the Data Controller and who, in the course of his or her processing or data processing tasks, comes or may come into contact with Personal Data and in relation to whose activities the Data Controller assumes full responsibility towards the data subjects and third parties;


5.12. Website:

The Portal and all its sub-sites operated by the Data Controller;

5.13. Community Site:

The page on the Portal related to the Website and its content, which is maintained by the Data Controller.

6 List of principles (purpose limitation, accuracy, etc.)

6.1 Legality, fairness and transparency:

Personal data must be processed lawfully and fairly and in a transparent manner for the data subject;

6.2 Purpose limitation:

Personal data must be collected only for specified, explicit and legitimate purposes and not processed in a way incompatible with those purposes; further processing for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes shall not be considered incompatible with the original purposes in accordance with Article 89(1);

6.3 Data economy:

Personal data must be adequate, relevant and limited to what is necessary for the purposes for which they are processed;

6.4 Accuracy:

Personal data must be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that personal data which are inaccurate for the purposes of the processing are erased or rectified without undue delay;


Personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be kept for longer periods only if the personal data will be processed for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes in accordance with Article 89(1), subject to the implementation of appropriate technical and organisational measures as provided for in this Regulation to safeguard the rights and freedoms of data subjects;

6.6 Integrity and confidentiality:

Personal data shall be processed in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, by implementing appropriate technical or organisational measures.

6.7 Accountability:

The controller is responsible for compliance with the above and must be able to demonstrate such compliance.

7.Rights of data subjects (erasure, blocking, objection, etc.)

The Data Subject may request information about the processing of his/her personal data and may request the rectification, erasure or blocking of his/her personal data, except for mandatory processing, by filling in a request to that effect.

7.1 Right to information:

Upon the Data Subject's request, the Company, as Data Controller, shall provide information on the data processed by it or by a processor it has appointed, on the source of the data, the purpose, legal basis and duration of the processing, the name and address of the data processor and its activities related to the processing, the circumstances of the data breach, its effects and the measures taken to remedy it, and, in the case of a data transfer, its legal basis and the recipient.

The Company shall provide the information in writing, in an intelligible form and at the request of the data subject, within the shortest possible time from the date of the request, but not later than 25 days. This information shall be provided free of charge if the data subject has not yet submitted a request for information to the controller in the current year for the same set of data. In other cases, the Company shall charge a fee.


In the event of refusal to provide information, the Company shall inform the Data Subject in writing of the provision of the Information Act on the basis of which the refusal to provide information was made. In the event of refusal to provide information, the Company shall inform the Data Subject of the possibility of judicial remedy and of recourse to the Supervisory Authority (NAIH).

7.2 Right of rectification:

If the personal data is not accurate and the accurate personal data is available to the Company, the Company shall correct the personal data.

7.3 Right to erasure:

The Company will delete the personal data if:

  1. a) its processing is unlawful;
  2. b) the data subject requests it (unless the processing is required by law);
  3. c) it is incomplete or inaccurate - and this situation cannot be lawfully remedied - provided that erasure is not precluded by law;

(d) the purpose of the processing has ceased to exist or the period for which the data must be kept has expired (except for data whose data medium must be placed in archival custody pursuant to legislation on the protection of archival material);

(e) ordered by a court or the Authority.

The processing of data is unlawful if:

(a) the data is incomplete or inaccurate, a situation which cannot be lawfully remedied, provided that deletion is not precluded by law;

(b) the purpose of the processing has ceased to exist or the period for which the data must be kept has expired;

(c) it has been ordered by a court or the Authority.

  1. d) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

(e) the data subject objects to the processing and there are no overriding legitimate grounds for the processing;

Limits to the erasure of data:

  1. a) the exercise of the right to freedom of expression and information;

(b) the performance of an obligation under Union or Member State law to which the controller is subject to which requires the processing of personal data or the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(c) public interest in the field of public health;

(d) for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes in accordance with Article 89(1) of EU Regulation 2016/679, where the right of erasure would be likely to render impossible or seriously impair such processing; or

(e) the establishment, exercise or defence of legal claims.

7.4 Right to restriction of processing:

The data subject shall have the right to obtain, at his or her request, restriction of processing by the controller where one of the following conditions is met:

(a) the data subject contests the accuracy of the personal data, in which case the restriction shall apply for a period of time which allows the controller to verify the accuracy of the personal data;

(b) the processing is unlawful and the data subject opposes the erasure of the data and requests instead the restriction of their use;

(c) the controller no longer needs the personal data for the purposes of the processing but the data subject requires them for the establishment, exercise or defence of legal claims;


(a) the data subject has objected to the processing; in this case, the restriction shall apply for a period of time until it is established whether the legitimate grounds of the controller override the legitimate grounds of the data subject.

If the processing is subject to the restriction, such personal data shall, except for storage, only be processed with the consent of the Data Subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for the purposes of the Union or of a

important public interest of a Member State.

The Data Controller shall inform the Data Subject at whose request the processing has been restricted in advance of the lifting of the restriction of processing.


7.5 Procedural rules:

The Controller shall have 25 (twenty-five) days to erase, restrict or rectify the personal data. If necessary, and taking into account the complexity of the request and the number of requests, this period may be extended by a further two months. The controller shall inform the data subject of the extension of the time limit, stating the reasons for the delay, within one month of receipt of the request. Where the data subject has made the request by electronic means, the information shall be provided by electronic means, unless the data subject requests otherwise. If the Controller does not comply with the data subject's request for rectification, blocking or erasure, it shall communicate the reasons for the refusal in writing or, with the data subject's consent, by electronic means within 25 (twenty-five) days.

In the event of refusal of the request, the Data Controller shall inform the Data Subject of the possibility of judicial remedy and of recourse to the Authority. In the event of a breach of the Data Subject's rights, the Data Subject may take legal action. The Data Controller shall prove that the processing complies with the law.

A court of law shall have jurisdiction to rule on the case. A lawsuit may also be brought, at the choice of the Data Subject, before the courts for the place of residence or domicile of the Data Subject. The Data Controller shall notify the Data Subject of rectification, blocking, flagging and erasure, as well as any person to whom the data were previously transmitted for processing. It shall refrain from such notification where this does not harm the legitimate interests of the Data Subject in relation to the purposes of the processing.

7.6 Right to data portability

The Data Subject has the right to receive the personal data concerning him or her that he or she has provided to the Controller in a structured, commonly used, machine-readable format and to transmit such data to another controller.

7.7 Right to object:

The Data Subject may object to the processing of his or her personal data if

(b) the processing or transfer of personal data is necessary for the fulfilment of a legal obligation to which the controller is subject or for the purposes of the legitimate interests pursued by the controller, the recipient or a third party, unless the processing is required by law;

(c) the personal data are used or transmitted for direct marketing, public opinion polling or scientific research purposes;

(d) in other cases specified by law.

The Company shall examine the objection within the shortest possible time from the date of the request, but not later than 15 days, decide whether the objection is justified and inform the applicant in writing of its decision. If the Company finds that the objection of the person concerned is well-founded, it shall

processing, including further collection and transmission of data, shall cease and the data shall be blocked, and the Company shall notify the objection and the action taken on the basis of the objection to all those to whom the personal data concerned by the objection have been previously disclosed and who are obliged to take measures to exercise the right to object. If the Data Subject disagrees with the decision taken by the Company, he or she may challenge it in court within 30 days of its notification.

The Company may not delete the Data Subject's data if the processing is required by law. However, the data may not be transferred to the data subject if the Company has consented to the objection or if the court has ruled that the objection is justified.

7.8 Automated decision-making in individual cases, including profiling

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

The above right shall not apply where the processing is necessary for entering into, or the performance of, a contract between the data subject and the controller; is permitted by Union or Member State law applicable to the controller which also lays down appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; or is based on the data subject's explicit consent.


  1. Security Principles of processing

The Company selects and operates the IT tools used to process personal data in the course of providing the service in such a way that the processed data:

  1. a) accessible to those authorised to access it (availability);
  2. b) its authenticity and authenticity are ensured (authenticity of processing);

(c) its integrity can be verified (data integrity);

  1. d) protected against unauthorised access (data confidentiality).

The Company shall ensure that the security of data processing is protected by technical, organisational and organisational measures that provide a level of protection appropriate to the risks associated with the processing.

The Company shall retain the following during the processing

  1. a) confidentiality: it shall protect the information so that only authorised persons have access to it;
  2. b) integrity: to protect the accuracy and completeness of the information and the method of processing;

(c) availability: ensures that, when the authorised user needs it, he has effective access to the information required and the means to obtain it.

The Company's information technology system and network are protected against computer fraud, espionage, sabotage, vandalism, fire and flooding, computer viruses, computer intrusions and attacks that lead to denial of service. The operator ensures security through server-level and application-level protection procedures. Data subjects are informed that electronic messages transmitted over the Internet, regardless of the protocol

(email, web, ftp, etc.) are vulnerable to network threats that could lead to fraudulent activity, contract disputes, or disclosure or modification of information. The Company will take all reasonable precautions to protect against such threats. It monitors systems to record and provide evidence of any security incidents. System monitoring also allows the effectiveness of the precautions taken to be checked.


  1. Data processing in relation to the Company's operations


The list below is divided into the following 4 points:

  • Data subjects:
  • Data processed:
  • Purpose of processing:
  • Legal basis for processing:


Personal data Purpose

Administration of employment relationship.

Act CXII of 2011 (Infotv.), Act I of 2012, (Mt.), Act CL of 2017 (Art. or consent of the data subject.)


Company data provided.

To enable and facilitate cooperation and contacts between the Company and its partners.

Act CXII of 2011 (Infotv.), Act CLXIV of 2005 (Kertv.) and the consent of the data subject.


Company data provided. The purpose of data processing is to provide the data subject with appropriate information, offers and contact, to enable the communication of the complaint in the event of a complaint, to identify the complaint and to record the obligations and mandatory data arising from the law.

Act CXII of 2011 (Infotv.) or the consent of the data subject.

Newsletter subscribers

Name, e-mail address

The purpose of the processing of data related to the sending of the newsletter is to inform the recipient in a general or personalized way about the latest actions, events, news, notification of changes or cancellations of services of the Data Controller.

Act CXII of 2011 (Infotv.), Act CVIII of 2001 (Eker. tv.) or the consent of the data subject.


10.1 Newsletter and Direct Marketing

According to Article 6 of Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activities, the Data Subject may expressly consent in advance to being contacted by the Company with advertising offers and other mailings at the contact details provided at the time of registration.

In addition, the Data Subject may, subject to the provisions of this Policy, consent to the processing of personal data by the Company necessary for the sending of advertising offers. The Company will not send unsolicited commercial communications and the Data Subject may unsubscribe from receiving such communications free of charge, without restriction and without giving any reason. In this case, the Company will delete all your personal data necessary for the sending of advertising messages from its records and will not send you any further advertising offers.

contact the Data Subject with any further promotional offers. The Data Subject may unsubscribe from advertising by clicking on the link in the message.

The data subjects are all data subjects who subscribe to the newsletter.

The purpose of the processing: sending electronic messages (e-mail, SMS, push message) containing advertising to the data subject, providing information on current information, products, promotions, new features.

Duration of processing, deadline for deletion of data: until the consent is withdrawn,

the unsubscription period.

Cookie 11.

11.1 What is a cookie?

Cookies are small text files in which websites store information about visits for a specified period of time and for a specified purpose. During repeated visits, the website is able to recognise the text file, thereby identifying the previous visitor.

The primary function of cookies is to make your browsing experience more convenient and personalised, as they allow us to store various personal data and preferences. Cookies can also be used for well-targeted, personalised advertising campaigns.

With regard to the provisions of Article 155, paragraph 4 of Act C of 2003, according to which "Data may be stored on the terminal equipment of a subscriber or user of electronic communications or access to data stored therein may be granted only on the basis of the clear and full consent of the user or subscriber concerned, including the purpose of the processing", the website provides the following information on the analytical tools it uses, i.e. cookies.

The Company has created its website using the portal, the website uses its engine. The portal and the pages created through the portal may use the cookies set out below, but the Data Controller does not use these cookies in any way on its own.

The cookies used may communicate between the Data Subject's device and the portal, they do not transmit or transfer any data to the Data Controller, and the portal's own privacy policy applies to the cookies used.

11.2. Types of cookies

The cookies used on the Company's website fall into 4 different categories, according to the classification of the International Chamber of Commerce:

- strictly necessary for operation,

- performance-enhancing, personal preferences, web analytics and advertising targeting.


  1. Operationally essential

This type of cookie allows you to browse the website. Without these cookies, it is impossible to serve the content (including the use of secure protocols) visited on the Company's website.

The Company's website uses a cookie containing an encrypted string to identify you when you use the website. Each time you access the Contact Us interface, a cookie containing this unique identifier will be placed on your computer. For example: session cookie

These cookies are strictly necessary for the functioning of the website and cannot be disabled.

Please stop using the Company's website if you do not want these cookies to be downloaded to your browser.


These cookies collect information about how visitors use a website. For example, which pages are visited most often, where visitors encounter error messages.

These cookies do not store any information that would allow visitors to be identified by websites. The information they collect is used only in aggregate, anonymous form. Their purpose is to improve the functionality and user experience of the Company's website. For example: has_js__cdrop

Cookies that collect information about the performance of the website can be disabled or deleted in the browser settings.


These cookies allow you to store the user name, selected language preference used on the website. For example, a website may be able to serve local news based on the geographic location of the visitor stored in a cookie. These cookies can store changed font size and other similar preferences. The preferences stored in cookies are anonymous. Their stored values cannot be traced back to individual Data Subjects by the operator. For example: Drupal.tableDrag.showWeight Drupal.toolbar.collapsed

The cookies that store personal settings can be disabled or deleted in the browser settings.

Disabling this type of cookie will affect the functionality of the Company's website and thus the user experience.

  1. Web analytics and advertising targeting cookies

These cookies allow visitors to be presented with advertising messages that are relevant to their interests.

The Company's website operator uses Google Analytics to statistically analyse the behaviour of visitors. Even though the information transmitted to third parties does not contain any personal data, in some cases, the visit data can be traced back to the Data Subjects

The Company's website operator uses Google Adwords and other advertising systems to display its online advertisements. These service providers may store visitors' IP addresses and other identifying information that is not personal data in order to display the Company's advertisements on external websites. For example: id, RSMKTO1, _mkto_trk, __utma, __utmb, __utmc, __utmz


  1. Google Adwords

The online advertising program "Google AdWords" is used by the data controller, which also makes use of Google's conversion tracking service. Google conversion tracking is an analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;


When a Data Subject visits a website through a Google ad, a conversion tracking cookie is placed on his or her computer. These cookies have a limited validity and do not contain any personal data, so the Data Subject cannot be identified by them.

When the Data Subject browses certain pages of the website and the cookie has not expired, Google and the data controller may see that the Data Subject has clicked on the advertisement. Each Google AdWords Data Subject receives a different cookie, so they cannot be tracked through the AdWords Data Subjects' websites.

The information obtained through the conversion tracking cookies is used to provide conversion statistics to the Data Subjects who opt for AdWords conversion tracking. In this way, Contactees are informed about the number of Contactees who click on their ad and are referred to a page with a conversion tracking tag. However, they do not have access to information that would allow them to identify any of their Contacts.

If you do not wish to participate in conversion tracking, you can opt-out by disabling the option to set cookies in your browser. You will then not be included in the conversion tracking statistics.

More information and Google's privacy statement can be found below:

  1. Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. Google Analytics uses so-called "cookies", text files that are saved on your computer to help analyse the use of the website visited by the Data Subject.

The information generated by the cookie about the website used by the Data Subject is usually transmitted to and stored by Google on servers in the United States. By activating the IP anonymisation on the website, Google will previously shorten the IP address of the Data Subject within the Member States of the European Union or in other states party to the Agreement on the European Economic Area.

Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website,

and to provide the website operator with reports on website activity and to provide other services relating to website and internet usage.

Google Analytics will not associate the IP address transmitted by the Data Subject's browser with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You may also prevent Google from collecting and processing data (including IP address) about your use of this website by means of cookies by downloading and installing the browser plug-in available at the following link:


  1. Use of social networking sites

Pursuant to Article 20 (1) of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information, the following must be specified in the processing of data on social networking sites:

  1. a) the fact of data collection,
  2. b) the scope of the data subjects,
  3. c) the purpose of the data collection,

(d) the duration of the processing,

(e) the identity of the potential controllers who have access to the data,

(f) a description of the data subjects' rights in relation to the processing.

the fact of collection, the scope of the data processed:

Name registered on Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc. social networking sites and the public profile picture of the Data Subject.

Data Subjects.

Purpose of data collection. The duration of the processing, the time limit for the deletion of the data, the identity of the potential controllers who are entitled to access the data and the rights of the data subjects in relation to the processing:

The data subject can find out about the source of the data, the processing of the data and the method and legal basis of the transfer on the relevant community page. The data are processed on the social networking sites, so the duration of the processing, the way in which the data are processed and the possibilities for deleting and modifying the data are governed by the rules of the social networking site concerned.

Legal basis for processing: the data subject's voluntary consent to the processing of his or her personal data on social networking sites.


The Company is available on the Facebook community portal and other social networking sites.

The use of the social networking sites, in particular the Facebook page, and the contact, communication and other operations permitted by the social networking site with the Data Controller through the social networking site, are based on voluntary consent. The Data Controller communicates with the data subjects and thus the purpose of the data becomes relevant only when the data subject contacts the Data Controller through the social networking site. The purpose of the presence on social portals, in particular Facebook, and the processing of data related to it is the sharing, publication and marketing of the content of the website on the social networking site. The social networking site also allows the data subject to be informed about the latest promotions.

The data subject voluntarily consents to the following and liking of the Controller's content under the terms and conditions of the social networking site. By way of example, the data subject can subscribe to the news feed published on the Facebook wall by clicking on the "like" link on the Facebook wall, and thereby consent to the publication of news and offers of the Controller on his/her own wall, and unsubscribe by clicking on the "dislike" link on the same wall, and delete unwanted news feeds on the wall by using the settings on the wall.

You can rate the Data Controller textually and numerically, if the social networking site allows you to do so. The Data Controller may also publish on its social networking sites, in particular on Facebook, images/video clips of various events, services of the Data Controller, etc. The Data Controller may use Facebook

may link its Facebook page with other social networking sites in accordance with the rules of the social networking site, so that the publication on the Facebook page shall be understood to include publication on such linked social networking sites.

If it is not a public image or a public performance (Civil Code 2:48), the Data Controller will always ask for the written consent of the data subject before publishing the images.

The data subject may obtain information on the data processing of a given social networking site from the relevant social networking site, and accordingly, information on the data processing of the Facebook page may be obtained from the address.

Duration of processing: until deletion at the request of the data subject.



Compensation and damages:

The Company will compensate for any damage caused to others by unlawful processing of the Data Subject's data or by breach of data security requirements. In the event of a violation of the Data Subject's right to privacy, the Data Subject may claim damages (Civil Code, § 2:52).

The Company shall also be liable to the Data Subject for any damage caused by the data processor. The Company shall be exempt from liability if the damage was caused by an unavoidable cause outside the scope of the data processing.

The Company shall not compensate the damage and no compensation for damages may be claimed to the extent that the damage was caused by the intentional or grossly negligent conduct of the data subject or by the infringement of the right to privacy.

Complaint to the Data Protection Officer:

If you have any questions or concerns about the Company's data processing, please contact our Data Protection Officer.

If you have any questions or concerns regarding our privacy practices, please contact the Data Protection Authority:

Complaints can be made to the National Authority for Data Protection and Freedom of Information:

Name: National Authority for Data Protection and Freedom of Information

Registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Postal address: 1530 Budapest, PO Box 5.

Phone: 06.1.391.1400

Fax: 06.1.391.1410




  1. Supervisory Authority

Legal remedies and complaints can be lodged with the National Authority for Data Protection and Information:

 Name: National Authority for Data Protection and Information

 Registered office: 1125 Budapest Szilágyi Erzsébet fasor 22/c.

 Postal address: 1530 Budapest, PO Box 5.

 Phone: +36 (1) 391-1400

 Fax: +36 (1) 391-1410

 Website:

  1. Declaration of rights

The Company publishes information and documents on its website for information purposes only. The trademarks and logos displayed, as well as the information and other material available, are protected by copyright, the rights to which belong exclusively to the Data Controller. The trademarks on the website are protected by trademark law. They may not be used, copied, distributed or published by third parties in any way or for any purpose without the express prior written consent of the owner. You may not create a link to any other website without prior written consent. Unauthorised use may result in prosecution under copyright, civil and criminal law.

The Data Subject may use the information in its original form, download it to his/her computer or print it out for his/her own purposes only. This authorisation shall only allow the processing and archiving of an original copy of the website. The Company shall not be liable for any changes to the accuracy, reliability or content of the website displayed on the Data Subject's screen, independent of the Company, unless otherwise provided by law.

unless otherwise provided by law.

The Company reserves the right to modify the content of the website and to remove its availability.

The Company does not guarantee or warrant that access to the Website will be uninterrupted or error-free.

Any damage resulting from access to or use, directly or indirectly, of the Website or the information and documentation contained therein, from the unsuitability of the Website for use, or from the inadequate functioning, incompleteness, malfunction or unavailability of the Website, or from the

The Company disclaims any liability for any damage or loss. The Company shall not be liable for any damage or loss caused by the use, transmission or publication of

materials linked or referred to from the Company's website.

If a Data Subject provides written material to the Company, the Data Subject acknowledges that it is suitable for publication and agrees that the Company may publish it, without any liability, and use its content, in whole or in part, with attribution of authorship. The data subject hereby also undertakes that the document or content made available does not infringe the copyright or other rights of any third party, and shall not bring any legal proceedings against the Company in connection therewith, or make any claim or assert any claim, and shall indemnify the Company in the event of any third party claim.

The Company's website may also provide for provisions that differ from the present regulations in accordance with the legislation in force, so that the knowledge and acceptance of the current regulations and terms of use is a condition for the use of the services.

These Regulations constitute a copyright work and may not be copied, reproduced, retransmitted to the public, distorted, mutilated in any way, used, exploited, processed or sold in whole or in part without the written consent of the author. The author of this Policy is the Data Controller.