1 The purpose of this policy
In formulating these rules, the company has taken into account the provisions of Act CXII of 2011 on informational self-determination and freedom of information (hereinafter: Information Act), Act 1995 of CXIX on the Use of Name and Address Information Serving the Purpose of Research and Direct Marketing, the Strasbourg Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data dated 28 January 1981, Act 2008 of XLVIII on the essential requirements and restriction of commercial advertising activities (“Advertisement Act”) and the recommendations of „ONLINE PRIVACY ALLIANCE".
The purpose of this regulation is to ensure that the rights and freedoms, in particular privacy of any and all persons, irrespective of their nationality, residence are respected in the automatic procession of their Personal Data (data protection).
2 Definition of Terms
Personal Data: data relating to a particular natural person (hereinafter: data subject), in particular the name, ID number or one or more information about his/her identity.
Data pool: the entirety of data managed in a single data registry.
Data management: irrespective of the method applied, any action in relation to data, in particular collection, entry, recording, organisation, storage, change, use, search, forwarding, publication, harmonisation or linking, closure, deletion and destroying as well as preventing further use of the data.
a) a TranslaData Bt. (seat: 1117 Budapest, Hamzsabégi út 12. 2/3).
Data processing: performing of technical tasks relating to data management, irrespective of its method and tools, as well as place of application, provided that the technical tasks are in fact performed on the data.
Data deletion: full destroying of the data carrier containing the data;
Data transmission: making Personal Data accessible to a particular third party.
Data processing party: natural or legal person or an entity without legal personality, engaged in the procession of Personal Data at the instruction of the Data Manager;
Data deletion: rendering data illegible in a way that precludes their restoration into their original status;
Automated data pool: a range of data to be processed automatically;
Mechanical data processing: includes the following action, performed in part or in full by automatic tools: data storage, logical or arithmetic operations on data, change of data, deletion, search and dissemination of data;
User: natural person completing his/her registration on the webshop of the company (https://englishforlaw.info).
Publication: making personal data accessible to anyone.
3 Scope of Personal Data managed
3.1 Data that may be provided at the discretion of the User: e-mail address, phone number, name, place of residence, product category, manner of payment and manner of delivery, grand total of purchases by the User, the master data code created for the User in the loyalty program, EU VAT number (if applicable).
3.2 Data to be technically recorded during operating the system: data of computer used by the User in accessing the webshop generated during using the software, and which are recorded by the Data processor’s system as a result of the technical processes. The automatically generated data are automatically logged by the system without separate statement or action on the part of the User, at his/her entry and departure of the system. These data may not be linked to the Personal Data of the User, except as allowed by applicable law. These data may be accessed by the Data processing party only.
3.3. With a view to the provision of tailor-made content, the Company places small data packages („cookies”) on the computer of the User. The purpose of cookies is to ensure a high standard operation of the website, with a view to improved user experience. Cookies may be deleted by the User from its own computer, or may set his/her computer to disallow the operation of cookies. By disallowing the operation of cookies, the User accepts that the website will not operate perfectly.
4 Grounds, purpose and manner of data management
4.1 Data management is performed in reliance on the voluntary and informed consent of the Users of the content available at the webstore. Such content covers the Users’ express consent to the use of their Personal Data provided by them during using the webstore. The grounds of data management is the voluntary consent of the data owner in accordance with Article 5 (1) (a) of Act CXII of 2011.
4.2 The purpose of data management is to provide the services available at the https://englishforlaw.info webstore. The range of Personal Data necessary for the use of these services is set forth in the descriptive part of the relevant services.
4.3 The purpose of collecting automatically recorded data (see 3.2) is to provide the services available at the website of the Company, to display tailor-made content and advertisement, to prepare statistics, to develop the IT system and to protect the rights of the Users. The range of data provided during the use of the services by the Users may be used by the Data Manager to create user groups, and to display targeted content for the user groups and/or advertisements.
4.4 The Data Manager may not use the Personal Data provided by the Users for any other purposes. Personal Data may not be disclosed to any third party or authorities, unless otherwise provided by the law – except under the preliminary and express consent from the User.
4.5 The Data Manager will not check reliability of data provided by the Users. Responsibility for the correctness, completeness and reliability of data provided by the users shall be with the User provided such data. By providing his/her email address, any User will assume full liability for ensuring that any transaction performed by using such email address has been performed by such user. In view of this liability, all responsibility and liability arising from using a particular email address shall be with the User having registered on the webstore by using such email address.
4.6 The purpose of data management: sending of email newsletters containing also business advertisement for those interested, to provide information on current news and products. The grounds of data management: voluntary consent of the data subject and Article 6 (5) of Act XLVII of 2008 on key conditions of business advertisement and certain limitations. Range of data handled: ID number, name, email address, date and time. Deadline of deleting data: when the consent for data management is withdrawn. The request for withdrawal of consent for the receipt of newsletters and the request for the deletion or amendment of Personal Data may be submitted by clicking on the appropriate link in the newsletter or by sending an ordinary mail to the address set forth in Section 6 of this Policy.
5 Data Management principles
5.1 Personal Data may be obtained and processed in a fair and lawful manner only.
5.2 Personal Data may be stored for specific and lawful purposes, no other use is permitted.
5.3 Personal Data shall be proportionate to the purpose they are retained and shall comply with these purposes, no use in addition is allowed.
5.4 Personal Data shall be stored in a manner allowing identification of the particular User to the extent that the purpose of the data storage so necessitates.
5.5 Appropriate security measures shall be in place to ensure the protection of Personal Data in automated data pools to prevent accidental or unlawful destruction, accidental loss, and unlawful access, amendment or distribution.
6 Data protection measures applied by the Company
6.1 The Company will use the Personal Data necessary for the use of the services of the Company subject to the consent of the data subjects, for the purposes so consented only.
6.2 The Company, in its capacity as Data Manager, undertakes to handle in its possession in accordance with the data protection principles herein laid down, and shall not disclose the same to any third party. In the context of data transmission, the provisions set forth in this section shall not apply to the use of data in a statistically consolidated format, which will not include the name and other personally identifiable data of the User. Further exceptions include the cases described in Section 10.3 hereof.
6.3 In certain cases, the Company – in case of requests from courts, authorities and in case of legal procedures, and in case of suspicion of infringement of copyrights, damage to assets or other violation of rights and in case of infringement of the interests of the Company, and risk of damage to the provision of services etc. – may provide access to the data of the User so affected to third parties.
6.4 The Company’s system may collect data about the user’s activities within the webstore. These data may not be linked to the Personal Data of Users provided at registration to the webstore nor other data generated while using other websites or services.
6.5 The Company undertakes the obligation to clearly and expressly notify its Users before the entry, recording, and handling of Personal Data, informing them about the manner, purpose and principles of data recording. In addition, in each case where data recording, handling and management is made other than under law, the Company will draw the attention of users to the fact that provision of their Personal Data is absolutely voluntary. In case of mandatory provision of data, the law requiring the provision of data shall also be clearly specified. The data subject shall be informed about the purpose of data management and about the entity to handle and manage such data. Notification on data management is to be deemed to have been made by virtue of a law requiring data recording.
6.6 In each case where the Company wishes to use Personal Data for purposes other than the original purpose for which the data was collected, the company shall inform the User accordingly and shall obtain the User’s preliminary and express consent thereto, and shall provide an opportunity to prohibit the use of his/her Personal Data for such other purposes.
6.7 The Company, in its capacity as Data Manager, during the entry, recording and management of Personal Data, shall comply with any and all restrictions in effect under relevant laws, and shall inform the data subject – in line with his/her request – by email about its operations. The Company undertakes the obligation not to sanction any User rejecting the provision of non-mandatory data.
6.8 The Company undertakes the obligation to ensure the integrity of Personal Data, take every measure, both technical and organisational, puts in place procedural rules to ensure that the entered, stored and handled Personal Data are protected and to prevent their destruction, unauthorised use and unauthorised change of the same. The company furthermore undertakes to request any third party to which it might forward or hand over such date to likewise comply with this obligation.
6.9 In the event that the Personal Data is incorrect and the correct Personal Data is available to the Data Manager, such Personal Data shall be corrected by the Data Manager.
6.10 The Company, in its capacity as Data Manager, will delete the Personal Data if (i) its management is contrary to law, (ii) the User requests deletion of his/her Personal Data, (iii) the Personal Data is faulty or erroneous and it may not be lawfully remedied, except where such deletion is prohibited by the law, (iv) the purpose of data management no longer applies, or when the deadline for using such Personal Data has lapsed, (v) the deletion of Personal Data is prescribed by court or an authority.
6.11 In lieu of deletion, the Data Manager shall close off Personal Data if so requested by the data subject or when available information suggest that deletion would impair the lawful interests of the data subject. Personal Data so closed off may be handled as long as the data management purpose excluding deletion of the Personal Data is in place.
6.12 The data subject shall be informed of the fact of data correction, close off, marking and deletion. Furthermore, any party to whom or which such data has been transmitted shall also be duly notified of this fact. The Data Manager may dispense with notification, if it does not impair the lawful interests of the User, in view of the purpose of data management.
6.13 If the company, in its capacity as Data Manager, fails to comply with the request of the data correction, close off or deletion, the it shall notify the User within 30 days of the receipt of the request of the factual and legal grounds for rejecting the request for correction, close off or deletion and about the fact that the User may resort to court or the National Data Protection or Freedom of Information Authority to challenge the resolution made by the Data Manager.
7 Term of the data management
7.1 Personal Data provided by the Users are managed as long as the User withdraws from using the service under his/her name. The date of deleting such data is 10 business days from the receipt of the User’s request for withdrawal from using the service. In case of using a misleading Personal Data, or in case of crime committed by User, or in case of any action against the system, the Data Manager shall have the right to delete the data of the particular User – concurrently with deleting the registration of the user, and in case of suspected crime or suspicion of civil law liability, the Data Manager shall also have the right to retain such data for the period of the legal procedure to be conducted.
7.2 Personal Data provided by the User – even when the User does not withdraw from using the service – may be handled by the company in its capacity as Data Manager as long as the User expressly requests the discontinuation of management of such data in writing. The User’s request to the discontinuation of data management without withdrawing from using the service shall not affect such User’s right to use the services, however, the User may not be able to use certain services without his/her Personal Data being available. Personal Data shall be deleted within 10 business days from the receipt of the User’s request to this effect.
7.3 Data generated automatically and for technical reasons in the course of operation of the system shall be stored in the system for the period of time technically required for the operation of the system. The Company shall ensure that such automatically generated data will not be connected to other Personal Data of the User, except where the law so requires. In the event that the user has withdrawn his/her consent to the use of his/her Personal Data, or if s/he has withdrawn his/her intention to use the service, the technical data will not be suitable for identifying the person of the User.
8 Control over Personal Data
8.1 Messages relating to changes in Personal Data and the request for the deletion of Personal Data may be sent to the company to its email address, by way of a written request to this effect. Receipt of newsletters may be rejected by clicking on the appropriate link in the newsletter.
8.2 Certain Personal Data may also be amended by amending the data in the user’s personal account.
8.3 On fulfilment of the request for the deletion or amendment of Personal Data, such data may not be restored.
9 Data processing
9.1 The company does not resort to the services of a third party data processing entity, all Personal Data handled by the company are managed by the company.
10 Data transmission
10.1 The company, in its capacity as Data Manager, shall have the right and the obligation to transmit Personal Data stored by such company in a lawful manner to a competent authority. This obligation to transmit data is prescribed by the law or a court order. The Data Manager shall not be under any liability for any consequence of such transmission to authorities.
10.2 In the event that the Company transfers the operation or utilization of the service available at the https://englishforlaw.info webstore in part or in full to a third party, the Personal Data managed by the Data Manager shall have the right to further management of such Personal Data without seeking a separate permission thereto. Such data transmission may serve the purpose of continuing the registration of registered Users, however, it may not place the User in a situation less beneficial than the data management and data safely regulations as set forth in the Policy in force from time to time.
10.3 The Personal Data of Users may be transmitted for a particular purpose, subject to the consent of the User, as follows:
- the Company will retain the Personal Data of Users provided during registration – separately from Personal Data – and browsing data for statistical purposes.
- the Company will transmit certain data to the Courier Service for the purposes of delivering the product.
10.4 The company – to check lawfulness of data transmission and for the purposes of informing the data subject a data transmission registry, covering the date and time of transmission of Personal Data managed by the Data Manager, the grounds and recipient of data transmission, the range of data so transmitted, and other data prescribed by relevant laws.
11 The rights of the Users in relation to the Personal Data handled by the Data Manager
11.1 The Users may request information about the handling of their Personal Data from the company as Data Manager in writing, by sending a registered or recorded mail to the address of the Data Manager (TranslaData Bt. 1117 Budapest, Hamzsabégi út 12.2/3) or by sending an email to its address: email@example.com. Request for information from an email address shall be deemed an authentic request only when sent from the registered email address of the User.
11.2 The request for information may cover the range of data managed by the Data Manager, their source, the purpose, grounds, period of data management, the name and address of the data processing entities, if any, the activities in relation to data management, and in case of transmission of Personal Data, the range of persons(s) and the purposes of data management.
11.3 The Data Manager will answer any question in relation to data management within the shortest possible time from receipt of such questions, or within 30 days from receipt of such question in writing. In case of questions received by email address, the date of receipt is the day after such mail has been sent.
11.4 The User and all parties having received data for data management shall be informed about the correction, closing off or deletion of Personal Data managed. Such notification may be dispensed with, if such dispensing is not detrimental to the lawful interests of the data subject, in view of the purpose of data management.
11.5 The User may challenge data management of his/her Personal Data,
- if the management or transmission of Personal Data is necessary solely for the fulfilment of legal obligation relating the Data Manager or for the enforcement of the lawful interests of the Data Manager, the recipient of the Personal Data or a third party,
- if the use or transmission of the Personal Data is performed for direct business purposes, public opinion polling or scientific research, and
- in any other case provided for in relevant legislation.
The Company, in its capacity as Data Manager, shall examine the challenge within the shortest possible time, not later than 15 days, and shall resolve on whether the challenge is justified, and shall inform the User about its decision.
11.6 If the Company finds that the challenge on the part of the data subject is well grounded, the data management is discontinued – including discontinuation of data entry and data transmission – the Personal Data shall be closed off, and shall inform all persons having received the Personal Data subject to the challenge about the challenge and all measures taken in this respect, and these persons shall take all appropriate measures to give effect to the challange.
11.7 If the User disagrees with the decision of the Data Manager, or when the Data Manager misses the deadline set forth herein, the User may resort to court within 30 days from the receipt of the decision or from the lapse of the deadline.
12 Amendment of the Data Protection Policy
12.1 The Company reserves the right to unilaterally amend this Policy at any time at its sole discretion. All Users shall be duly informed about the amendment of this Policy (in a newsletter, or a popup window). By the continued use of the service, the Users are deemed to have accepted the amended data Protection Policy, without having to separately seek their consent thereto.
13.1 The Users may seek remedies at courts under the provisions of the Information Act and Act V of 2013 (new Hungarian Civil Code), and may also seek the assistance of the National Data Protection and Freedom of Information Authority in matters involving their Personal Data (H-1125 Budapest Szilágyi Erzsébet fasor 22/C; mailing address: H-1530 Budapest, Pf. 5.). You may also seek the assistance of the colleagues of the Data Manager with any question or note you may have, by writing to firstname.lastname@example.org e-mail address.