This document is to lay down the principles of www.tanity.eu concerning the data processing operations of the company (for detailed enumeration see point No. 3) This policy complies with the following existing regulations:
Name: Maileon Kft.
Seat: 1112 Budapest, Budaörsi út 153.
Name of data processor in Consignment traffic cases:
Name: Sprinter Futárszolgálat Kft.
Seat: 1097 Budapest, Táblás u. 39.
Name: Wanadis Kft.
Seat: 1112 Budapest, Budaörsi út 153.
Tax number: 14020362-2-43
Company registry number: 01-09-885144
Registry court: Capital City Court as Company Court
Data processing registry number: NAIH - 57196 (webshop), NAIH - 67338 (newsletter)
Processed data: date and time, opened pages, IP-Address, data concerning the visitor’s computer settings (such as browser, op. system, screen resolution) source page
Purpose: granting the harmless operation of the webpage, prevent from misuse
Legal basis: given consent of the data subject ( Act CXII of 2011. Tv. 5. § (1) a)), and Act CVIII of 2001 13/A. § (3).
Duration of the processing operation: 30 days after visiting the page.
The independent measuring and auditing of the attendance and other web analytic data is provided by Google Analytics. For detailed information see:
When subscribing on newsletters found on www.tanity.eu, and the business partners of the Controller, the following data will be recorded: name, e-mail address, date and IP address of subscribing, date and IP address of confirmation, opened letters, clicking on links of the newsletter
Purpose: Sending a newsletter on topic online marketing with useful contents. Information of the subscribers onour latest services
Legal basis: given consent of the data subject (subscribe), and Act XLVIII. of 2008 6. §.
Duration of the processing operation: 2 years after opening the last newsletter.
The Controller shall make arrangements for and carry out data processing operations in a way so as to ensure full respect for the right to privacy of data subjects during both the network communication and data storage. The Controller shall store the data on a 24/7 protected server in the territory of Hungary.
The Controller is entitled to amend this Policy with his unilateral declaration with prior notice to data subjects. With using the webpage/newsletter after the amendment enters into force, the data subject accepts the changes with his implied behavior. The amendment shall not affect the obligations prescribed in regulations
The data subject may request from the data controller: a) information when his personal data is being processed, b) the rectification of his personal data, and c) the erasure or blocking of his personal data, save where processing is rendered mandatory.
Upon the data subject’s request the data controller shall provide information concerning the data relating to him, the sources from where they were obtained, the purpose, grounds and duration of processing. Data processors must comply with requests for information without any delay, and provide the information requested in an intelligible form, in writing at the data subject’s request, within not more than thirty days.
The information prescribed in Subsection (4) shall be provided free of charge for any category of data once a year. Additional information concerning the same category of data may be subject to a charge. The amount of such charge may be fixed in an agreement between the parties. Where any payment is made in connection with data that was processed unlawfully, or the request led to rectification, it shall be refunded.
The data controller may refuse to provide information to the data subject in the cases defined under Subsection (1) of Section 9 and under Section 19 of Act CXII of 2011
Where information is refused, the data controller shall inform the data subject in writing as to the provision of this Act serving grounds for refusal.
Where information is refused, the data controller shall inform the data subject of the possibilities for seeking judicial remedy or lodging a complaint with the Nemzeti Adatvédelmi és Információszabadság Hatóság (National Authority for Data Protection and Freedom of Information) (hereinafter referred to as “Authority”).
Where a personal data is deemed inaccurate, and the correct personal data is at the controller’s disposal, the data controller shall rectify the personal data in question.
Personal data shall be erased if: a) processed unlawfully; b) so requested by the data subject in accordance with Paragraph c) of Section 14; c) incomplete or inaccurate and it cannot be lawfully rectified, provided that erasure is not disallowed by statutory provision; d) the purpose of processing no longer exists or the legal time limit for storage has expired; e) so instructed by court order or by the Authority. When a data is rectified, blocked, marked or erased, the data subject to whom it pertains and all recipients to whom it was transmitted for processing shall be notified. Notification is not required if it does not violate the rightful interest of the data subject in light of the purpose of processing.
If the data controller refuses to comply with the data subject’s request for rectification, blocking or erasure, the factual or legal reasons on which the decision for refusing the request for rectification, blocking or erasure is based shall be communicated in writing within thirty days of receipt of the request. Where rectification, blocking or erasure is refused, the data controller shall inform the data subject of the possibilities for seeking judicial remedy or lodging a complaint with the Authority.
The rights of data subjects afforded above may be restricted by an Act in order to safeguard the external and internal security of the State, such as defense, national security, the prevention and prosecution of criminal offences, the safety of penal institutions, to protect the economic and financial interests of central and local government, safeguard the important economic and financial interests of the European Union, guard against disciplinary and ethical breaches in regulated professions, prevent and detect breaches of obligation related to labor law and occupational safety - including in all cases control and supervision - and to protect data subjects or the rights and freedoms of others.
The data subject shall have the right to object to the processing of data relating to him: a) if processing or disclosure is carried out solely for the purpose of discharging the controller’s legal obligation or for enforcing the rights and legitimate interests of the controller, the recipient or a third party, unless processing is mandatory; b) if personal data is used or disclosed for the purposes of direct marketing, public opinion polling or scientific research; and c) in all other cases prescribed by law. In the event of objection, the controller shall investigate the cause of objection within the shortest possible time inside a fifteen-day time period, adopt a decision as to merits and shall notify the data subject in writing of its decision.
If, according to the findings of the controller, the data subject’s objection is justified, the controller shall terminate all processing operations (including data collection and transmission), block the data involved and notify all recipients to whom any of these data had previously been transferred concerning the objection and the ensuing measures, upon which these recipients shall also take measures regarding the enforcement of the objection.
If the data subject disagrees with the decision taken by the controller, or if the controller fails to meet the deadline specified above, the data subject shall have the right to bring action in the court of law within thirty days of the date of delivery of the decision or from the last day of the time limit.
If data that are necessary to assert the data recipient’s rights are withheld owing to the data subject’s objection, the data recipient shall have the right to file charges against the controller within fifteen days from the date the decision is delivered in order to obtain the data. The controller may give third-party notice to the data subject.
The controller shall not delete the data of the data subject if processing has been prescribed by law. However, data may not be disclosed to the data recipient if the controller agrees with the objection or if the court has found the objection justified. In the event of any infringement of his rights, the data subject may file for court action against the controller. The court shall hear such cases in priority proceedings. The burden of proof to show compliance with the law lies with the data controller.
The burden of proof concerning the lawfulness of receiving data lies with the data recipient. The action shall be heard by the competent general court. If so requested by the data subject, the action may be brought before the general court in whose jurisdiction the data subject’s home address or temporary residence is located.
Any person otherwise lacking legal capacity to be a party to legal proceedings may also be involved in such actions. The Authority may intervene in the action on the data subject’s behalf. When the court’s decision is in favor of the plaintiff, the court shall order the controller to provide the information, to rectify, block or erase the data in question, to annul the decision adopted by means of automated data-processing systems, to honor the data subject’s objection, or to disclose the data requested by the data recipient.
If the court rejects the petition filed by the data recipient, the controller shall be required to erase the data subject’s personal data within three days of delivery of the court ruling. The controller shall erase the data even if the data recipient does not file for court action within the time limit.