Concepts

The terms and concepts used in the Data Protection Notice are defined by Act LXIII of 1992 on the protection of personal data. Act CVIII of 2011 on electronic commercial services. shall be interpreted in accordance with the terms defined in the interpretative provisions of the Act, as well as in accordance with the Terms and Conditions of Purchase.

Personal data: any data that can be associated with a specific (identified or identifiable) natural person, a conclusion about the data subject that can be drawn from the data, in particular the data subject's name, identification mark, or one or more factors characteristic of their physical, physiological, mental, economic, cultural or social identity ;

Data subject: natural person identified or identifiable (directly or indirectly) based on any specific personal data;

Consent: the voluntary and decisive expression of the data subject's will, which is based on adequate information, and with which he gives his unequivocal consent to the personal data relating to him - complete or some

covering operations - for its management;

Data management: regardless of the procedure used, any operation or set of operations performed on the data, including in particular the collection, recording, recording, organization, storage, change, use, query, transmission, disclosure, coordination or connection, blocking, deletion and destruction of data , as well as preventing further use of the data;

Data controller: the natural or legal person or organization without legal personality who, independently or together with others, determines the purpose of data management, makes and implements decisions regarding data management (including the device used), or has them implemented by the data processor commissioned by it;

Data destruction: complete physical destruction of the data carrier containing the data;

Data deletion: making data unrecognizable in such a way that their recovery is no longer possible;

Data transfer: making the data available to a specific third party;

Disclosure: making the data available to anyone;

Data marking: providing the data with an identification mark for the purpose of distinguishing it;

Data blocking: providing the data with an identification mark for the purpose of limiting its further processing permanently or for a specified period of time;

Data processing: performing technical tasks related to data management operations, regardless of the method and tool used to perform the operations, as well as the place of application, provided that the technical task is performed on the data;

Data processor: a natural or legal person, or an organization without legal personality, who processes data on the basis of the contract with the data controller - including the conclusion of a contract based on the provisions of the law;

User: the natural person who registers on the Company's website

Scope of processed personal data

Data provided based on the user's decision: name, e-mail address, telephone number, place of residence, place of residence or billing address, possibly tax number in the case of a legal entity.

Technically recorded data during the operation of the system: the data of the user's logged-in computer, which are generated during the use of the service and which are recorded by the data management system as an automatic result of the technical processes. The automatically recorded data is automatically logged by the system upon entry and exit without the user's special declaration or action. These data cannot be combined with other personal user data, except in cases made mandatory by law. Only the data controller has access to the data.

Principles, legal basis, purpose and method of data management

Our company handles recorded personal data in accordance with the data protection legislation in force at all times, international conventions on data protection, EU legal acts and other governing legislation, in accordance with this information sheet.

During data management related to the operation and services of the Website, the collection and management of personal data is based on the voluntary consent of the person concerned.

The User gives the consent by using the service of the Website, by initiating it.

Our company only requests personal data that is absolutely necessary for the use of its services (sales) and uses them only for specific purposes.

As a data controller, Import Export Europa Kft. cannot and does not use the personal data provided for purposes other than those stated in these points. The release of personal data to third parties or authorities - unless otherwise required by law - is only possible with the prior express consent of the user.

The data manager does not check the personal data provided to him. The person providing the data is solely responsible for the accuracy of the data provided. When entering an e-mail address, any user assumes responsibility for the fact that only he/she uses the service from the given e-mail address. In view of this responsibility assumption, all kinds of responsibility related to logins to a given e-mail address are borne solely by the user who registered the e-mail address.

Duration of data management

The personal data provided by the user will be processed until the user unsubscribes from the service - with the given username. The date of deletion is 10 working days from the receipt of the user's unsubscribe (deletion request). In the event of illegal or misleading personal data being used, or in the event of a crime committed by the user or an attack against the system, the Data Controller is entitled to delete the user's data immediately upon termination of registration, and at the same time, in case of suspicion of a crime or suspicion of civil liability, the Data Controller is also entitled to keep the data for the duration of the procedure to be conducted.

The personal data provided by the user - even if the user does not unsubscribe from the service - can be processed by the Company as a data controller, until the user specifically requests in writing to stop processing them. The data will be deleted within 10 working days from the receipt of the request.

Data that are automatically and technically recorded during the operation of the system are stored in the system for a reasonable period of time from the time of their generation in terms of ensuring the operation of the system. The Company ensures that this automatically recorded data cannot be combined with other personal user data, except in cases made mandatory by law. If the user has terminated his consent to the processing of his personal data or has unsubscribed from the service, his identity will no longer be identifiable from the technical data.

Disposal of personal data

A change in personal data or a request for the deletion of personal data can be communicated by means of a written statement sent via the internal mail system of the service.

Some personal data can also be modified by modifying the personal profile page.

Once a request to delete or modify personal data has been fulfilled, the previous (deleted) data can no longer be restored.

Data processing

Our company does not use external data processors, it processes the personal data it manages itself.

Possibility of data transmission

The Company, as a data controller, is entitled and obliged to forward to the competent authorities all personal data it has at its disposal and which it legally stores, which it is obliged to transmit by law or legally binding official obligation. The data manager cannot be held responsible for such data transfer and the resulting consequences.

If the Company transfers the operation or utilization of the content service on www.budamall.com to a third party in whole or in part, it may completely transfer the data managed by it to this third party for further processing without requesting separate consent. This transfer of data may only serve to ensure the continuity of the registration of already registered users, however, it may not put the user in a more disadvantageous position than the data management and data security rules specified in the current text of these data management regulations.

The rights of users in relation to their personal data managed by the data controller

Users can request information about the management of their personal data from the Company, as the data controller, at any time in writing, by registered or registered letter sent to the address of the data controller, or by e-mail sent to the address ugyfelszolgalat@budamall.com. Information requests sent by e-mail are only considered authentic by the data controller if they are sent from the user's registered e-mail address. The request for information may cover the user's data managed by the data controller, their source, the purpose, legal basis, duration of the data management, the name and address of any data processors, the activities related to the data management, and in the case of forwarding personal data, who received it and for what purpose and user data.

The data controller is obliged to provide written information on questions related to data management as soon as possible, but no later than 30 days after receipt. In the case of e-mail, the date of receipt shall be considered the first working day after sending.

Claims enforcement

The Service Provider considers the request received from the email address previously provided to the Service Provider as a request received from the User. In the case of requests submitted from a different email address and in writing, the User may submit a request if he/she has properly verified his/her user status as defined by the Service Provider or by law.

If the Service Provider's data management is not based on the data subject's consent, but the data management was initiated abusively by a third party, the data subject may request the deletion of the personal data published about him by a User, as well as information about the data management, with appropriate proof of his identity and the relationship with the personal data.

Enforcement options

In the event of a perceived violation of rights related to the handling of his personal data, the data subject may contact the competent court or initiate an investigation at the National Data Protection and Information Freedom Authority (chairman: Dr. Attila Péterfalvi, 1024 Budapest, Szilágyi Erzsébet fasor 22/C., ugyfelszolgalat@naih.hu, + 36-1-3911400, www.naih.hu).

Data security

The Service Provider takes the necessary technical and organizational measures and establishes the necessary procedural rules in order to ensure the security of the personal data provided or made available by the User during the entire process of data management.

External intermediary service providers

With regard to the content made available within the Services and shared on various social media sites, the operator of external services (e.g. Facebook) enabling the sharing of content is considered the data controller of personal data, and its activities are governed by its own terms of use and data protection policy. With regard to services embedded within the Services but maintained by an external service provider, the operator of the given service also acts as a data controller.