1. Core data
1.1. Name of the Data Controller: Wax-Box Korlátolt Felelősségű Társaság (legal seat: 7623 Pécs, Tompa Mihály Street 45..; company registry number: 02-09-083487 ; statistical number: 26225492-9602-113-02; VAT No.: 26225492-2-02) (hereinafter referred to as the “Data Controller”).
1.2. As a User of this Website, you are hereby requested by the Data Controller to read and acknowledge the following General Terms and Conditions of Use, and Legal Notice, prior to start using the contents of this Website. By using this Website, you implicitly accept the General Terms and Conditions of Use, and this Legal Notice. If you cannot accept the General Terms and Conditions of Use, or this Legal Notice, please do not use our Website.
1.3. The Data Controller hereby authorises any User of this Website to view the contents of this Website, and to download, or save the same, in whole or in part, solely for the purposes of his/her own personal use, hereby excluding any possibility for using the same for any commercial purposes, or to make a financial gain. Nonetheless, the User shall not be entitled to amend, cut, change in any other way, copy, publicly use, sell, or use the contents of this Website for any other commercial or money-making purposes, without the Data Controller’s explicit consent provided. All elements of the Data Controller’s Website, and the entire Website, as a whole, is copyright protected, pursuant to Act LXXVI of 1999 on Copyright. Any violation of the copyright protection in any of the specific ways described above, or in any other way, shall trigger an indemnification liability.
1.4. Any option to download any parts of the Website offered by the Website can only be utilised by Users, whom have agreed to accept the General Terms and Conditions of Use related to the downloading of the given file, software, data form, or any other contents, automatically displayed on the Website, prior to starting the download. Any element of the contents downloaded from the Website shall only be used by the Users in line with the General Terms and Conditions of Use. The Data Controller uses a state-of-the-art antivirus software, being regularly updated. However, no guarantee can be given that the risk for the transfer of computer viruses or malware is completely eliminated. The Data Controller hereby refuses to take any liability for any possible damages caused to the recipient’s computer system, when downloading any file, software, data form, or any other contents from the Website.
1.5. The Data Controller carries out the data processing activities related to the personal data of the data subjects (hereinafter referred to as the “Data Subject”) in full compliance with the applicable laws (with special regard to Regulation 2016/679 of the European Parliament and of the Council, and Act CXII of 2011 on the Right of informational self-determination and the freedom of information), as well as general business ethics.
2. Legal basis for the data processing activities
2.1. Pursuant to section 5(1), point a) of the Infotv., the data processing activities are carried out based on the Data Subject’s voluntary consent granted.
2.2. The Data Subject grants his/her consent to his/her data being processed by using the services rendered by the Data Controller, and by voluntarily supplying his/her personal data.
2.3. The Data Subject’s consent granted shall cover the following data processing operations, in particular: the collection, recording, registration, organising, storing, changing, using, forwarding, publishing, combining or linking, blocking, erasing or destroying the data.
2.4. Minors, or persons with limited legal capacity, or no legal capacity can make a valid legal statement about their consent being granted in line with the applicable provisions of the Ptk. The Data Controller is not in the position to verify whether the person providing his/her consent had proper authorisation to do so, or to obtain a legal statement from the legal representative, therefore the Data Subject, or his/her legal representative shall warrant that the consent granted is in full compliance with the applicable laws. When using the services, it is automatically deemed by the Data Controller that an appropriate consent was granted by the legal representative.
3. Purpose of the data processing activities
3.1. The purpose of the data processing activities is to collect and process data required for sending Company Newsletters.
3.2. The Data Controller hereby retains the right to make the use of certain functions of the Website subject to registration/log-in into the Website. For successful registration, an e-mail address, a user name, and a password need to be supplied by the Users. The Data Controller hereby retains the right to change the data range required for successful registration/log-in, as specified herein, any time, at its own discretion, as required. All e-mail address, user names and passwords supplied by the Users shall be treated as confidential by the Data Controller, and shall solely be used for quality assurance and statistical purposes. The Data Controller shall not be entitled to use the data for any altering purposes, or to sell the data, and shall under no circumstances be entitled to transfer the same to any third party, either for money, or for free.
3.3. Users have the possibility to subscribe for the Company’s Newsletters on the Data Controller’s Website. The Data Controller shall send regular Newsletters to all Users, who have subscribed to the Newsletter, to the specific e-mail address provided. The specific contents of each Newsletter shall solely be determined by the Data Controller, at its own discretion, meaning that the subscribers cannot influence what is covered. By subscribing to the Newsletter, the User shall not automatically be entitled to receive the Newsletters, the Data Controller shall solely decide on sending the Newsletters. Users shall have the chance to unsubscribe from the Newsletter any time, in which case no more Newsletter will be sent to the User in the future. Newsletters are not automatically sent to the e-mail address supplied upon the User’s registration. Newsletters are only sent when the User has subscribed for it. The Data Controller hereby refuses to take any liability for any potential damages arising out of any operations of the Newsletter function altering from normal operations, or any changes made to, or any disruptions occurring to the Newsletter.
4. The scope of data being subject to the data processing activities
4.1. The data processing activities carried out by the Data Controller, for the specific data processing purposes defined, shall cover the Data Subjects’ following personal data:
- e-mail address
4.2. The Data Controller can also collect additional anonymised demographic or business data from the Data Subjects, which shall not qualify as personal data (due to their anonymised nature).
5. Duration of the data processing activities
5.1. The duration of the data processing activities related to the Data Subjects’ personal data shall commence on the date when being supplied to the Data Controller, and shall end when deleted by the Data Controller.
5.2. The data processing activities carried out by the Data Controller, for the specific data processing purposes defined, shall continue until the Data Subject explicitly requests his/her data being erased by the Data Controller (unless deleted earlier upon the Data Subject’s request).
5.3. The Data Subject shall be entitled to request the Data Controller to stop processing
his/her data by contacting the Data Controller’s customer service.
5.4. The Data Controller shall be obliged to erase the relevant data within 5 (five) calendar days upon receipt of the Data Subject’s relevant request.
5.5. The above provisions shall have no impact on compliance with the mandatory data retention periods stipulated by the law.
6. Data processing methods
6.1. The Data Subjects shall have the right to supply their personal data to the Data
Controller primarily via an electronic registration (over the Data Controller’s
Website), or via normal mail or e-mail, or in any other individual way.
6.2. The DataSubjects personal data shall be recorded in a segregated manner, in line with the specific data processing purposes determined.
6.3. The scope of persons provided with access to the Data Subjects’ personal data:
- the Data Controller’s staff members;
- various official authorities, with regards to any data requested during their relevant official proceedings, or otherwise mandatory to be supplied by the Data Controller;
- other persons, in line with the Data Subject’s explicit consent granted.
6.4. The Data Controller hereby undertakes a strict confidentiality obligation for the personal data processed by it, with no time limitation, and the Data Controller shall not be entitled to disclose the data to any third party (in any way altering from the Data Subject’s consent given).
6.5. Despite all efforts taken, the Data Controller is not in the position to guarantee that the contents displayed on its Website are full, complete or accurate. The Data Controller hereby retains the right to amend the contents of its Website any time, at its sole discretion, without any prior notification being sent to the registered Users or other parties, or to discontinue operating the Website. The Data Controller hereby explicitly refuses to take any liability for any potential damages (lost profits, data loss, or a suspension of the business activities) arising out of any of the acts described above.
6.6. The Data Controller shall solely be entitled to use any communication made by the Users (sent via e-mail to the e-mail address specified on the Website), or any contents published by the Users via the various applications available on the Website (chat window, forum function, other comments), or the Users’ data obtained, for quality assurance and statistical purposes. The Data Controller shall not be entitled to use the data for any altering purposes, or to sell the data, and shall under no circumstances be entitled to transfer the same to any third party, either for money, or for free. Users shall not display on the Website any contents that are against the law, or place any codes that have any influence on the activities of other Users, or the operations of the Data Controller’s system. The Data Controller hereby retains the right to moderate or delete any User comments made, or any other elements of the contents placed by Users any time, without stating the underlying causes. All User comments, or any other content elements placed by the Users shall qualify as User contents, in line with the applicable laws, therefore the Data Controller hereby refuses to take any liability for the same, and states that the same shall not be checked by the Data Controller, as for their contents, meaning that Users shall have sole criminal law, infringement, or civil law liability for all contents placed by them on the Website.
6.7. The Data Controller’s Website contains references and links to third party websites. When clicking on any such link, the User exits from the Data Controller’s Website. The Data Controller has not inspected, and shall not monitor the contents of such third party websites linked. Users reaching such third-party websites via the embedded links shall have sole responsibility to use such third party websites. The Data Controller shall not be responsible for the specific contents of such websites, and hereby explicitly refuses to take any liability arising in related to the use of such websites.
7. Data security
7.2. The Data Controller shall be obliged to particularly protect the personal data against any unauthorised access, change, forwarding, publishing, erasure or destruction, or any incidental destruction or damage.
8. Information request, rectification, erasure or blocking of the data
8.1. The Data Subject shall have the following rights:
- to request information from the Data Controller about his/her personal data being processed;
- to request the Data Controller to rectify his/her personal data;
- to request the Data Controller to erase or block his/her personal data;
- to object the processing of his/her personal data.
8.2. When requested so by the Data Subject, the Data Controller shall be obliged to supply information about the Data Subject’s data being processed by the Data Controller, or by any Data Processors involved, the exact purposes, legal basis, and duration of the relevant data processing activities carried out, the name, address and specific activities carried out by the Data Processors involved, and to provide a list of persons, to whom the data was transferred or will be transferred, and for what exact purposes. Such information shall be supplied by the Data Controller within 5 (five) calendar days upon the Data Subject’s relevant request filed, in writing.
8.3. All incorrect personal data shall be rectified by the Data Controller.
8.4. The personal data shall be erased when:
- the related data processing is unlawful;
- the Data Subject has requested it to be erased;
- the data is incomplete or incorrect (and such status cannot be lawfully corrected), provided that such data erasure is allowed by the law;
- the purpose of the data processing activities is no longer valid;
- the mandatory data retention period has expired;
- the erasure of the data has been ordered by any court, or by the National Authority for Data Protection and the Freedom of Information.
9. Legal remedy
9.1. The Data Subject shall have the right to object the processing of his/her personal data, for the specific purposes specified in section 21 of Infotv. In such case, the Data Controller shall be obliged to review the objection submitted within 5 (five) calendar days upon submission, and to inform the Data Subject in writing about the results of such review.
9.2. If the Data Subject disagrees with the Data Controller’s decision made, or if the applicable deadline set for the Data Controller to send a reply is missed, the Data Subject shall have the right to file for litigation (within 30 (thirty) calendar days upon such decision being communicated, or the last day of the deadline set).
9.3. Complaints and requests for legal remedy can also be submitted to the National Authority for Data Protection and the Freedom of Information:
- Name: National Authority for Data Protection and the Freedom of Information
- Legal seat: 1024 Budapest, Szilágyi Erzsébet fasor 22/C.
- Website: www.naih.hu
- Phone: +36 (1) 391-1400
- E-mail: firstname.lastname@example.org
10. Unilateral amendment