Privacy notice
Purpose and scope of the Prospectus
1.The purpose of this Privacy and Data Protection Notice (hereinafter referred to as the "Notice") is to inform data subjects about the processing, use and transfer of data stored by Brain Activity Bt. (hereinafter referred to as the "Data Controller" or the "Company") and about the registration on the websites operated by the Company. This notice explains that:
o What data we collect, for what purposes and on what legal basis we collect it.
o How we use and for how long we process the data collected.
o Users' rights and how to exercise them, and the facilities offered by the Company, including access to information and how to update information.
2. The scope of the Notice shall cover all the Company's processes in the course of which any processing of personal data of data subjects as defined in Regulation 2016/679 of the European Parliament and of the Council is carried out, while its temporal scope shall be from the moment the User gives his/her consent until the User deletes his/her registration on the Website or the User explicitly requests the deletion of his/her Personal Data from the Company or until the Company deletes the Personal Data on the basis of the Notice.
3. Data Subjects are all natural persons whose Personal Data are processed by the Company, including in particular visitors to the Website who contact the Company, users of the Services, users who register through the Websites and subscribers to the Newsletter.
4. The Company respects the personal rights of Users; and the Personal Data recorded will be treated confidentially and in accordance with data protection legislation, in particular Regulation 2016/679 of the European Parliament and of the Council ("General Data Protection Regulation" or "GDPR"), Act CXII of 2011 on the Right to Information Self-Determination and Freedom of Information ("Infotv."), Act CVIII of 2001 on certain aspects of electronic commerce services and information society services ("E-commerce Act"), Act V of 2013 on the Civil Code ("Civil Code") and Act XLVIII of 2008 on the basic conditions and certain restrictions of commercial advertising ("Act XLVIII"), as set out in the Information Notice.
5. The scope of this Notice does not cover services and data processing related to services, promotions, sweepstakes or other campaigns of third parties other than the Data Controller or their published content, as well as services and data processing of websites and service providers to which there is a link on the websites operated by the Data Controller. Such services shall be governed by the provisions of the third party service provider's privacy policy and the Company excludes any liability for such processing.
Definitions of terms
6. Data processing: regardless of the procedure used, the processing of Personal Data shall be considered as data processing
any operation or set of operations which is performed, in particular any collection, recording, recording, organisation, storage, structuring, alteration, use, retrieval, disclosure, transmission, disclosure, alignment or combination, blocking, erasure and destruction of Personal Data, as well as the prevention of further use of Personal Data, the taking of photographs, audio or video recordings, and physical characteristics which can be used to identify a person.
(7) Data controller: the natural or legal person or unincorporated body which, alone or jointly with others, determines the purposes for which the data are to be processed, takes and implements decisions regarding the processing (including the means used) or has the data processed by a processor.
The Services referred to in this Policy are considered to be the Data Controller:
Brain Activity Bt. (registered office: 4029 Debrecen, Szatmár utca 5/A, company registration number: 09-06-015910, tax number: 24981653-2-09; contact details: hereinafter referred to as "Data Controller")
(8) Processing of data: the performance of technical tasks related to processing operations, irrespective of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data.
9. Data Processor: a natural or legal person or unincorporated body who or which, on the basis of a contract, including a contract concluded pursuant to a statutory provision, carries out the processing of Personal Data on behalf of the Data Controller.
10. Transfer: making data available to a specified third party.
11. Data Subject: any natural person who is identified or can be identified, directly or indirectly, on the basis of specific personal data.
12. User: any natural person over the age of 16 who uses the Service provided on the Website.
13. Third party: a natural or legal person or unincorporated body other than the data subject, the controller or the processor.
14. Website(s): the service provided on the brainactivity.online website operated by the Data Controller.
15. Consent: a voluntary and explicit expression of the data subject's wishes, based on appropriate information, by which he or she gives his or her unambiguous consent to the processing of personal data concerning him or her, whether in full or in relation to specific operations.
16) Personal data: any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
17. Service(s): services provided by the Data Controller and available on the Websites.
18. Partner service providers: third party service partners used by the Data Controller, whether directly or indirectly, in connection with the operation of the Websites or the provision of services available through the Websites, to which Personal Data are or may be transferred in order to provide their services and who may transfer Personal Data to the Data Controller. Service providers who access the websites of the Services, collect data from Users that may be used to identify the User, are also considered as partner service providers.
19. Objection: a declaration by the data subject objecting to the processing of his or her personal data and requesting the cessation of processing, the modification of the data or the erasure of the data processed.
Types of data recorded
20. Business mailing list: maintained with data recorded for the purpose of sending newsletters, messages, information material.
21. Prohibit list: a list of data which, at the request of the data subject, may no longer be processed for a specific purpose.
22.Data transfer register: the Data Controller shall keep a data transfer register for the purpose of monitoring the lawfulness of the transfer and informing the data subject, which shall contain the date of the transfer of personal data processed by the Data Controller, the legal basis and the recipient of the transfer, the scope of the personal data transferred and other data specified in the legislation providing for the processing.
23. Data Protection Incident Register: a register of unlawful processing or processing of personal data and the measures taken to rectify such unlawful processing or processing. The data controller processes the data in separate databases in the form of separate lists, as described above, in order to achieve the purposes of data processing.
Scope of Personal Data processed
24. The Data Controller declares that its processing does not cover the scope (special category) of personal data within the meaning of Article 9 of the GDPR, that no such personal data are processed, and that if such data are obtained, they will be deleted without delay.
25. Scope of the Personal Data processed:
The data that the User is required to provide:
o In case of registration on brainactivity.online: email address, username, password;
Data optionally provided by the User:
o for registration on brainactivity.online: first name, surname, phone number, profile picture
The data displayed on the profile page as a result of the User's voluntary activity:
o For registration on brainactivity.online: event date, username, followers, profiles followed, comments, replies to comments, best replies, time bookings. In addition, all events that occur within the account are recorded in a computer database. This data is automatically logged by the system.
Mail sent and received by the User.
26.If the User sends an e-mail (e.g. message, reader mail) to the Data Controller in connection with a Service, the Data Controller records the User's e-mail address and processes it to the extent and for the duration necessary for the provision of the Service.
Additional data processed by the Data Controller
28. The Data Controller shall place an anonymous identifier (so-called "cookie") on the User's computer, through which his/her browser(s) will be uniquely identifiable. The cookie, as a sequence of signals, is not in itself able to identify the client, i.e. the visitor, in any way, but only to recognise the visitor's computer. It is processed by the data controller in order to learn more about the information usage habits of customers and thus improve the quality of its services.
29. The cookie is not linked to the database of the Data Controller containing Personal Data, but cookies generated during visits to websites in the portfolio of the Data Controller and third parties under contract are linked in order to improve the quality of the service. If you do not want such an anonymous identifier to be placed on your computer, you can configure your browser so that it does not allow the anonymous identifier to be placed on your computer. In this case, you will be able to use most of our services in the same way, but in some cases (for example, on our customised solutions pages) we will not be able to serve you to the fullest extent.
30. Data technically recorded in the course of the operation of the systems: the data of the User's computer logging in, which are generated during the use of the Service and which are recorded by the Data Controllers' system as an automatic result of technical processes. The automatically recorded data are automatically logged by the system on logging in or logging out, without any specific declaration or action by the User.
Purpose, legal basis for processing
32. Purpose of the processing carried out by the Data Controllers:
o Identification of the User,
o contacting the User,
o Identification of the User's access rights (to the services the User may use),
o protect the rights of Users,
o technical development of the IT system,
o optional addition of services, as well as the proper functioning, analysis and post-testing of certain applications,
o providing the necessary information for requests from public authorities.
The Data Controller may process Personal Data for any of the processing purposes described above. The Data Controllers shall not use the Personal Data provided for purposes other than those described in these points.
33.The processing of data by the Data Controller is based on the voluntary, prior and duly informed declaration of the Users, which contains the express consent of the Users to the use of their Personal Data provided by them during the use of the Services and the Personal Data generated about them. In the case of processing based on consent, the User has the right to withdraw his/her consent at any time, without prejudice to the lawfulness of the processing prior to the withdrawal.
34. Transfers of Data to Processors may be made without the User's specific consent. Unless otherwise provided by law, the disclosure of personal data to third parties or public authorities shall be possible only on the basis of a legal provision or a decision of a public authority or with the prior express consent of the User.
35. The User is responsible for ensuring that the consent of the natural person concerned has been lawfully obtained for the processing of personal data provided or made available by him/her in the course of using the Services.
36. The User shall bear all responsibility for the User Content uploaded and shared by the User while using the Services.
37. The User shall ensure the security of his/her own data. If the User breaches this obligation and thereby enables a third party to take undue advantage, the User shall not be entitled to assert any claims against the Data Controller or any of its partners.
38. The User is obliged to notify the Data Controller if he/she suspects that his/her personal data is being misused by anyone while using the Website. The Data Controller shall investigate the irregularity by conducting an internal investigation within 30 days of the notification and shall notify the User of the results by electronic mail. In the event of suspected abuse, the Data Controller shall inform the User of the legal action to be taken and the means of enforcing such action and, if possible, shall immediately, within its own competence, remedy the abuse. If the User has taken the necessary legal action, the Data Controller shall comply with requests from the competent authorities and shall inform the User thereof.
39. By providing any User's e-mail address and the data provided during registration (e.g. user name, ID, password, etc.), the User also assumes responsibility for the fact that he/she will use the service exclusively from the e-mail address provided and using the data provided. In view of this assumption of responsibility, any liability for accessing the service from an e-mail address and/or using the data provided shall be borne solely by the User who registered the e-mail address and provided the data.
Principles of Data Processing
42. The Data Controller shall process Personal Data in accordance with the principles of good faith and fairness, transparency, accuracy and accountability, as well as the applicable law and the provisions of this Notice.
43. The Data Controller shall use Personal Data necessary for the use of the Services on the basis of the consent of the User concerned and only for the purposes for which they are intended, thus enforcing the principles of purpose limitation and data economy. The Data Controller's objective is that Personal Data should be adequate, relevant and limited to what is necessary for the purposes for which they are processed.
44. The Data Controller shall process Personal Data only for the purposes set out in this Notice and in the applicable legislation. The scope of the Personal Data processed shall be proportionate to the purpose of the processing and shall not go beyond that purpose.
45.If the Data Controller intends to use the Personal Data for a purpose other than that for which it was originally collected, the Data Controller shall notify the User and obtain the User's prior explicit consent and provide the User with the opportunity to prohibit the use, thus enforcing the principle of limited storage, i.e. the Data Controller shall process the Personal Data only until the purpose of the processing is achieved.
46. In the case of children under the age of 16, the processing of personal data of children is lawful only if and to the extent that consent has been given or authorised by the person having parental authority over the child. Accordingly, the Personal Data of a person under the age of 16 may only be processed with the consent of the person who has parental authority over him or her. The User or the person who has parental authority over him or her is responsible for ensuring that the consent is in accordance with the law, given that the Data Controller is not in a position to verify the eligibility of the person giving consent or the content of his or her declaration. The Controller shall not collect Personal Data relating to a data subject under the age of 16 without a consent form.
47. The Data Controller shall not transfer Personal Data processed by it to third parties other than the Data Processors specified in this Notice and, in certain cases referred to in this Notice, to Partner service providers, thereby enforcing the principles of integrity and confidentiality.
48. An exception to the provision in point 47 is the processing of data in aggregated statistical form, which may not contain any other form of data that can identify the User concerned, and therefore does not constitute Data Processing or Data Transmission.
In certain cases, the Data Controller may make available to third parties the existing Personal Data of the User concerned, in response to official police or judicial requests, legal proceedings, copyright, property or other infringements or reasonable suspicion of such infringements, or in case of prejudice to the interests of the Data Controller, or in case of threat to the provision of the Services, etc.
The Data Controller shall notify the User concerned and all those to whom the Personal Data was previously disclosed for the purposes of processing of the restriction, deletion or rectification of the Personal Data processed by the Data Controller. The notification may be omitted if this does not harm the legitimate interests of the data subject in relation to the purposes of the processing.
The Data Controller shall ensure the security of Personal Data and shall take technical and organisational measures and establish procedural rules to ensure that the personal data collected, stored or processed are protected and to prevent their accidental loss, destruction, unauthorised access, use, alteration or unauthorised disclosure. The Data Controller shall invite all third parties to whom it transfers Personal Data to comply with this obligation. The Controller shall make every effort to ensure adequate security of Personal Data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage.
51. The Data Controller is responsible for maintaining and verifying the above.
52. Data Protection Officer of the Data Controller Gergely Drótos
Contact: gergely.drotos@gmail.com
How the Data is processed
54. Personal Data is processed in the following ways.
o Managing the data of subscribers to the Newsletter and notifications;
The Data Controller sends newsletters or notifications to subscribers about its activities. You can subscribe to the newsletter on the Controller's Website. By subscribing to the Newsletter, Users give their voluntary, explicit and explicit consent to the Controller to process their data in accordance with the law. The Data Subject may unsubscribe from receiving the Newsletters at any time, free of charge, without any restriction and without giving any reason. At the same time, the Data Controller shall delete the data stored for the purpose of sending the newsletter from its system transmitted to third parties.
o Processing of personal data provided during registration on the Website;
By registering on the Controller's Website, Users voluntarily, expressly and explicitly consent to the Controller's processing of their data in accordance with the legal provisions set out in point 4 of the Notice and in the manner set out in the Notice.
Duration of Data Processing
55. In the case of data provided by the User on a mandatory basis, the processing of such data shall be carried out for the duration of the period during which the User's registration is active.
56. In the case of data optionally provided by the User, the processing will be carried out for as long as the User has withdrawn his/her consent to the processing of his/her data, or for as long as the User chooses to display them in his/her profile, or for as long as the User's registration is active.
57. In the case of data that appear on the profile page as a result of the User's voluntary activity, the duration of the processing is as follows: creation of the account, last successful login, last password change, last password reminder change, creation or deletion of an alias
58. In the case of e-mails sent by the User, if the User is not otherwise registered, the requested Data Controller shall delete the e-mail address 90 days after the closure of the case indicated in the request. Exceptions to this shall be made where, in a particular case, the legitimate interest of the Controller justifies the continued processing of the Personal Data, in which case the period of processing shall last until the legitimate interest of the Controller has been met.
59. Deleting the account will delete all data in the account.
60. The anonymous visitor identifier (cookie) is stored on the User's computer until the User deletes it.
61.The User's right to use the Service is not affected by the User's request to cease processing without unsubscribing from the Service, but the User may not be able to use certain Services due to the absence of Personal Data. In the event that the User requests the termination of the mandatory data listed in Section 25, the User will no longer be able to use the Website Service.
62.In the event of unlawful or fraudulent use of Personal Data or in the event of a criminal offence or system attack committed by the User, the Data Controller is entitled to delete Personal Data immediately upon termination of the User's registration, but is also entitled to retain Personal Data for the duration of the proceedings in the event of suspected criminal offences or civil liability.
63. Data which are automatically, technically recorded during the operation of the system are stored in the system for a period of time from the moment they are generated which is reasonable for the purpose of ensuring the operation of the system. The Data Controller shall ensure that these automatically recorded data cannot be linked to other Personal Data, except in cases required by law.
64. Where a court or public authority has issued a final order for the erasure of Personal Data, the erasure shall be carried out by the Data Controllers. Instead of deletion, the Data Controller shall, after informing the User, restrict the use of the Personal Data if the User so requests or if, on the basis of the information available to it, it is likely that deletion would harm the legitimate interests of the User. The Personal Data shall not be deleted by the Data Controller as long as the processing purpose which precluded the deletion of the Personal Data is still valid.
Rights of the User, how to enforce them
66. The User expressly agrees that the data and information provided by him/her and recorded by the Data Controller may be used by the Data Controller for any future products or services of the Data Controller, combined with the data collected during the service.
67. The User may use the Website solely at his/her own risk. The Data Controller shall not be liable for any damages resulting from the User's failure to exercise due care in the use of the Website or from the User's breach of any of the Website's rules, whether intentionally or negligently. The Data Controller shall not be liable if the User's data has come to the knowledge of a third party through the fault of the User.
68. The User is obliged to comply with the legislation in force and to refrain from any activity that is illegal or prejudicial to the interests of other Users. The User shall refrain from any activity that could interfere with the proper use of the Site. The User shall not engage in any communication/behaviour that may hinder or interfere with the proper use of the Site by others.
69. Each User shall refrain from any activity that may harm the interests of the Data Controller or of a third party contracted by it. The User shall refrain from interfering with or obstructing the operation of the Website or from any activity aimed at obtaining or using the trade secrets of the Data Controller, information or data kept secret by the Data Controller. The User shall not engage in any activity that may jeopardize the IT security of the Website or that may be aimed at advertising a product or service.
70. The User is obliged to notify the Data Controller if he/she suspects that his/her personal data is being misused by anyone while using the Website. The Data Controller shall investigate the irregularity by conducting an internal investigation within 30 days of the notification and shall notify the User of the results by electronic mail. In the event of suspected abuse, the Data Controller shall inform the User of the legal action to be taken and the means of enforcing such action and, if possible, shall immediately, within its own competence, remedy the abuse. If the User has taken the necessary legal action, the Data Controller shall comply with requests from the competent authorities and shall inform the User thereof.
71. The User has the right to request information at any time about the personal data concerning him/her processed by the Data Controller. In this regard, if the User so requests, the Controller shall provide information about the data relating to the User and processed by the Controller, the purpose, legal basis and duration of the processing, as well as about who has received or received his/her data and for what purpose. The Controller shall provide the requested information in writing within 30 days of the request.
72. The User has the right to request the rectification or deletion of incorrectly recorded data at any time using one of the contact details indicated in this Notice. The Data Controller shall delete the data within 30 days of receipt of the request, in which case they shall not be recoverable. The deletion shall not apply to data processing required by law, which shall be kept by the Data Controller for the necessary period.
73. The User may also request the blocking of his/her data. The Data Controller shall block the Personal Data if the User so requests or if, on the basis of the information available to it, it is likely that deletion would harm the legitimate interests of the User. The Personal Data blocked in this way may be processed only for as long as the processing purpose which precluded the deletion of the Personal Data persists.
74. Rectification, blocking and erasure must be notified to the User and to all those to whom the data were previously transmitted for processing. The notification may be omitted if this does not prejudice the legitimate interests of the User with regard to the purpose of the processing.
75.If the Data Controller does not or cannot comply with the User's request for rectification, blocking or erasure, the Data Controller shall, within 30 days of receipt of the request, inform the User in writing of the factual and legal grounds for refusing the request for rectification, blocking or erasure.
76. The User may object to the processing of his/her Personal Data. The Data Controller shall examine the objection within the shortest possible time from the date of the request, but not later than 30 days, and shall decide whether the objection is justified and inform the applicant in writing of its decision.
77. If the User intends to misuse any of his/her rights, the Data Controller shall be entitled to refuse or restrict the exercise of such rights.
78. The Data Controller excludes any liability for any pecuniary or non-pecuniary damage or injury to property or any other adverse consequence attributable to the interests of the User.
79. You have the right to have your Personal Data deleted. The User may delete his/her registration and all his/her data by entering his/her password in the settings menu or may request the Data Controller in writing to delete Personal Data concerning him/her without undue delay.
80. The account identifier (e-mail address), the date of registration, aliases, the date of their creation and deletion, the date of deletion of the mailbox, the version number of the Privacy Policy and the Terms of Use and the date of their acceptance are permanently stored by the Data Controller in its system for future retrieval.
81.Where the processing of personal data is carried out by automated means (i.e. exclusively by electronic means), the data subjects should be able to receive the Personal Data concerning them which they have provided to the Controller in a structured, commonly used, machine-readable and interoperable format (e.g. on disk in a format providing adequate security) and/or to transmit it to another Controller, in order to further strengthen their control over their own data. The right of portability may be exercised where the data subject has provided the Personal Data on the basis of his or her consent or where the processing is necessary for the performance of a contract. This right may not be exercised where the legal basis for the processing is other than the foregoing.
82. The data subject shall have the right to obtain, at his or her request, the direct transmission of data between data controllers, where technically feasible.
83.If a request to exercise the right of portability is received from any data subject, the Data Controller shall, within 30 days of becoming aware of the request, disclose the personal data concerned by the request to the data subject in a structured, commonly used, machine-readable and interoperable format or, at the data subject's request, to another controller.
84.Pursuant to Article 20 of the GDPR, the data subject has the right to receive the data that he or she has provided to the controller: to transmit it to another controller in a structured, commonly used, machine-readable format, to request the direct transfer of the data to the other controller - if technically feasible, except in the case of processing carried out for the purposes of public interest or for the exercise of a right of public authority.
Data processing
86. The Data Controller uses the following Data Processors to carry out its activities.
87. Data processors:
o Wix.com Inc. 40 Namal Tel Aviv St., Tel Aviv, Israel; 500 Terry A. Francois Boulevard, 6th Floor, San Francisco, CA, 94158. (GDPR represented at Wix Online Platforms Limited, 1 Grant's Row, Dublin 2 D02HX96, Ireland)
88. The Processor does not take independent decisions, but is entitled to act solely on the basis of the contract with the Controller and in accordance with the instructions set out therein. After 25 May 2018, the Processors shall record, process or handle Personal Data transmitted to them by the Controller and processed or handled by them in accordance with the provisions of the GDPR and shall make a declaration to the Controller to that effect.
89. The Data Controller shall monitor the work of the Processors.
90. Processors may only use an additional processor with the consent of the Data Controller.
Partner service providers
91. In certain cases, the Data Controller uses other service providers in connection with the provision of the Services, with which the Data Controller cooperates. The Personal Data processed in the systems of the Partner Service Providers shall be governed by the respective privacy notices of the External Service Providers. The Data Controller will use its best efforts to ensure that the Partner Service Provider processes the Personal Data transferred to it in accordance with the law and uses it only for the purposes specified by the User or set out in the Notice below. After May 25, 2018, the Partner Service Providers shall record, process or process the Personal Data transmitted to them by the Data Controllers and processed or processed by them in accordance with the provisions of the GDPR and shall provide a declaration to the Data Controller to that effect. The Data Controllers will inform Users of the transfers to Partner Service Providers in the context of this Notice. These Partner Service Providers will process the Personal Data transferred to them in accordance with their own privacy policies.
92. Partner service providers, in particular, but not limited to Wix.com Inc., Facebook Ireland LTD, Google LLC.
Data breach and information to the data subject
93.The controller shall notify any personal data breach to the competent supervisory authority without undue delay and, if possible, no later than 72 hours after the personal data breach has come to its attention, unless the personal data breach is unlikely to pose a risk to the rights and freedoms of natural persons.
94. If the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Data Controller shall inform the Data Subjects of the personal data breach without undue delay.
95.In the information provided to the Data Subject, the Controller shall clearly and prominently describe the nature of the personal data breach and shall provide at least the information and measures referred to in Article 34(2) of the GDPR.
96. The Data Controller is not obliged to inform the Data Subject of the personal data breach if any of the following conditions are met:
o the controller has implemented appropriate technical and organisational protection measures and these measures have been applied to the data affected by the personal data breach, in particular measures to render the data unintelligible to persons who are not authorised to access the personal data;
o the controller has taken measures following the personal data breach to ensure that the high risk to the rights and freedoms of the data subject is no longer likely to materialise;
o information would require a disproportionate effort. In such cases, the data subjects shall be informed by means of publicly disclosed information or by a similar measure ensuring that the data subjects are informed in an equally effective manner.
Possibility of data transfer
97. The Data Controller is entitled and obliged to transmit to the competent authorities any Personal Data at its disposal and lawfully stored by it, which Personal Data it is obliged to transmit by law or by a final administrative decision.
98. If the Controller transfers the operation or use of the Services on the Services' pages to a third party, in whole or in part, the Personal Data processed by the Controller may be transferred to such third party, in whole or in part, without the User's consent, but with the Users' prior information, provided that such transfer shall not place the User in a less favourable position than the data processing rules set out in the current version of this Policy. In the event of a transfer under this point, the Controller shall provide Users with the opportunity to object to the transfer prior to the transfer. In the event of an objection, the transfer of the User's data pursuant to this point shall not be possible.
99. The Data Controller shall keep records of data transfers for the purposes of monitoring the lawfulness of data transfers and providing information to the User.
Amendments to the Privacy Notice
100. The Data Controller reserves the right to amend this Notice at any time by unilateral decision.
101. The User accepts the current provisions of this Policy by entering the Site, without the need to seek the consent of individual Users.
Enforcement options
102. The Data Subject may send any requests related to the above to the Data Controller at the following e-mail address: gergely.drotos@gmail.com or at the postal address: 4029 Debrecen, Szatmár utca 5/A.
103.In the exercise of his/her rights in relation to the processing of personal data, the Data Subject may seek remedies before the National Authority for Data Protection and Freedom of Information (NAIH) or the courts in the event of refusal of his/her request or communication to the controller or failure to comply with the requirements of the GDPR and the Info Act.
104.In addition, in the event of a breach of your rights in relation to the processing of your personal data, you may seek redress for any damage caused by the unlawful processing of your data or by a breach of data security requirements, and may also seek damages for any infringement of your personality rights caused by the unlawful processing of your data or by a breach of data security requirements, in accordance with Articles 77-82 of the GDPR.
105. The Data Subject is entitled to all rights, remedies and other means of redress provided for by law, the GDPR and the Info Act.
106. Furthermore, the User may directly contact the National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; phone: +36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu; website: naih.hu) with any complaints regarding the Data Processing.