PRIVACY POLICY
Effective from 25th October 2024
on the Controller’s data processing activities on its websites (www.blshop.hu; https://kronika.hu/; https://www.hungarianconservative.com/; http://www.hungarianreview.com/).
Datas of Controller (hereinafter referred to as „Controller”) |
|
Name: |
BL Nonprofit Korlátolt Felelősségű Társaság |
Seat: |
HU-1067 Budapest, 24 of Eötvös street Floor 1 door 16 |
Registry No.: |
01-09-947934 |
Tax No.: |
22990600-2-42 |
Represented by: |
dr. Gergő Kereki CEO |
E-mail: |
|
Phone: |
0036 70 627 9086 |
The processing of personal data is lawful only if and to the extent that
Where the legal basis for the processing is the user’s consent, the user shall have the right to withdraw his or her consent at any time. Withdrawal of consent shall not affect the lawfulness of the processing based on the consent prior to its withdrawal.
|
|
Data subject |
The User |
The scope of the data processed |
IP address, the exact time of visiting the website |
The purpose of the processing |
providing online content, ensuring the use of the website, ensuring the smooth operation of the site, making the services provided on the website available, providing statistics |
The legal basis of processing |
Article 6 a) of the Regulation – consent of the user (which can be withdrawn in the user’s browser) |
Recipient (to whom the data will be communicated) |
Controller and Google Inc. (Privacy Policy: https://policies.google.com/privacy?hl=hu) |
Duration of data storage |
Until consent is withdrawn |
(B) Subscription/purchase via the website |
|
Data subject |
the subscribing user |
The scope of the data processed |
Full name, billing address, delivery address, email address, telephone number (name and delivery address of recipient for gift purchases) |
The purpose of the processing |
Conclusion of the contract for the sale of the product selected by the user and ordered on the website, performance of related tasks (e.g. delivery), performance of legal obligations related to the sale of the product (e.g. invoicing). |
The legal basis of processing |
Article 6(b) of the Regulation – conclusion and performance of contracts |
Recipient (to whom the data will be communicated) |
Controller and these Processors:
GLS Hungary Kft. (Privacy Policy: https://gls-group.com/HU/hu/adatkezelesi-tajekoztato/); Magyar Posta Zrt. (Privacy Policy: https://www.posta.hu/adatkezelesi_tajekoztato); Post2ME Kft. (Privacy Policy: https://www.post2me-fulfillment.eu/resources/post2me_Adatkezel%C3%A9si%20Szab%C3%A1lyzat_2021.pdf );
|
Duration of data storage |
Records will be kept for 30 days from the date of termination of the subscription, or 30 days in the case of a single purchase, and for 8 years. |
(C) Complaint handling |
|
Data subject |
the complaining user or third party |
The scope of the data processed |
name, e-mail address (contact address for complaints by post) |
The purpose of the processing |
complaint handling, identification of the user or third party concerned, contact, handling of the complaint in accordance with the law, verification of compliance with the law |
The legal basis of processing |
Article 6(c) of the Regulation – compliance with a legal obligation |
Recipient (to whom the data will be communicated) |
Controller |
Duration of data storage |
3 years from the date the case was closed |
Users are reminded that some of their activities under this point may give rise to processing for more than one purpose, which is in compliance with the Regulation, as the user gives specific consent for the different purposes of processing.
The user can ask the Controller to do this:
The Controller does not engage in profiling, automated decision-making or processing of personal data for purposes of public interest or in the exercise of official authority.
Right to information: the Controller shall provide the data subject, upon request, with information concerning the data processed by the Controller or by a processor appointed by or on behalf of the Controller, the source of the data, the purpose, legal basis and duration of the processing, the name and address of the processor and the activities of the processor in relation to the processing and, in the event of a transfer of personal data of the data subject, the legal basis and the recipients of the transfer.
The Controller shall respond to a request for information in writing and in an intelligible form within the shortest possible time from the date of the request and in any event within 30 days. The information shall be provided free of charge if the person requesting the information has not already made a request to the Controller for the same set of data in the current year. In other cases, the Controller may charge a fee:
Right to rectification: If the personal data is inaccurate and the accurate personal data is available to the Controller, the Controller shall correct the personal data.
Right to data portability: The data subject has the right to obtain the personal data relating to him or her which he or she has provided to the Controller in a machine-readable format and to have that data transmitted to another Controller without hindrance from the Controller to whom he or she has provided the personal data.
Right to erasure: Personal data must be erased if
Right to block data: Instead of erasure, the Controller shall block personal data if the data subject so requests or if the information available to the Controller indicates that erasure would undermine the data subject’s legitimate interests. The blocked personal data may be processed only for as long as the purpose of the processing which precluded the erasure of the personal data is fulfilled.
Right to restrict processing: at the request of the data subject, the Controller shall restrict processing if the data subject contests the accuracy of his or her personal data, if the processing is unlawful but the data subject opposes its erasure, if the Controller no longer needs the personal data but the data subject needs it for the establishment, exercise or defence of legal claims.
Rectification, blocking, referencing and erasure must be notified to the data subject and to all those to whom the data have previously been disclosed for processing. Notification may be omitted if it does not undermine the data subject’s legitimate interests having regard to the purposes of the processing. If the Controller does not comply with the data subject’s request for rectification, blocking or erasure, he shall, within 25 days of receipt of the request, provide in writing the factual and legal reasons for refusing to rectify, block or erase the data. In the event of a refusal of a request for rectification, erasure or blocking, the Controller shall inform the data subject of the possibility of judicial remedy and of recourse to a supervisory authority.
If the data subject is in doubt as to the lawfulness of the processing of his or her personal data, it is recommended that the data subject first contact the Controller using one of the Controller’s contact details in order to resolve the complaint promptly and amicably.
The Controller shall, as soon as possible and in any event not later than 25 days after the submission of the request by the data subject, examine the request, decide whether it is justified and inform the applicant in writing of its decision.
If the Controller finds that the data subject’s objection is justified, the Controller shall terminate the processing, including any further collection and transmission, and block the data and notify the objection and the measures taken on the basis of the objection to all those to whom the personal data concerned by the objection were previously disclosed and who are obliged to take measures to enforce the right of objection.
If the data subject does not agree with the decision taken by the Controller, if the Controller does not comply with the above time limit, or if the data subject considers that the Controller or a processor appointed or instructed by the Controller or the Controller has infringed the provisions on the processing of personal data laid down by law or by a legally binding act of the European Union, the data subject may, at his or her choice, bring the matter before a supervisory authority or a court. It is for the Controller to prove that the processing complies with the law. It is for the recipient to prove the lawfulness of the transfer.
The court (Törvényszék) has jurisdiction to hear the case. The action may also be brought, at the option of the person concerned, before the court of the place of residence or domicile of the person concerned. A person who does not otherwise have legal capacity may be a party to the proceedings. The National Authority for Data Protection and Freedom of Information may intervene in the proceedings to ensure that the data subject is successful.
If the Controller causes damage to another person by unlawfully processing the data subject’s data or by breaching data security requirements, the Controller must compensate for the damage. If the Controller violates the data subject’s right to privacy by unlawfully processing his or her data or by breaching data security requirements, the data subject may claim damages from the Controller. The Controller shall be liable to the data subject for the damage caused by the processor, and the Controller shall also be liable to the data subject for the damage caused to the data subject by the processor. The Controller shall be exempted from liability for the damage caused and from the obligation to pay compensation if he proves that the damage or the violation of the data subject’s personality rights was caused by an unavoidable cause outside the scope of the processing. No compensation shall be due and no damages shall be payable if the damage or the violation of the personality rights of the data subject was caused by the intentional or grossly negligent conduct of the data subject.
The data protection incident shall be notified by the Controller to the supervisory authority without undue delay and at the latest within 72 hours of the data protection incident coming to the attention of the Controller, unless the data protection incident is unlikely to pose a risk to the rights and freedoms of natural persons. If the notification is not made within 72 hours, it shall be accompanied by the reasons justifying the delay.
Where the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Controller shall notify the data subject of the personal data breach without undue delay. The information shall clearly and conspicuously state the contact details of the Controller or its contact person, the nature of the personal data breach, the likely consequences of the personal data breach, the measures taken or envisaged to remedy the personal data breach and the measures to mitigate any adverse legal consequences.
The Controller must keep a record of all data protection incidents for the purposes of possible audits and informing the data subject. The records must include the amount of personal data involved, the number and type of data subjects affected by the personal data breach, the date, circumstances, effects and measures taken to remedy the personal data breach, as well as other information required by law.
This policy is effective from the date of its publication and the Controller reserves the right to amend it from time to time.
HUNGARIAN REVIEW is
published by BL Nonprofit Kft.
Editorial office: 24 Eötvös Street, Budapest, 1067, HUNGARY
E-mail: hungarianreview@hungarianreview.com
Publisher: Gergő Kereki
Editor-in-Chief: Tamás Magyarics
Deputy Editor-in-Chief: István Kiss
Editors-at-Large: Gyula Kodolányi, John O’Sullivan
Managing Editor: Ildikó Geiger