Privacy Policy

For visitors and registered users of the https://www.egroup.hu website.

Effective 8 April, 2021

Introductory Provisions

E-Group ICT Software Informatikai Zártkörűen Működő Részvénytársaság (11 Kacsa utca, Budapest 1027 Hungary.; Company registration number: 01-10-045390; Court of Registry: Court of Budapest-Capital Regional Court; official address: info@egroup.hu / https://egroup.hu/company/contact-us/ ), (hereinafter: “E-GROUP”, “service provider”, “data controller”) as a service provider and data controller handles the data of the persons registered on the website during the operation of the website in order to provide them with a suitable service.

By using the https://www.egroup.hu website (hereinafter: website), you agree to be bound by the provisions of this Privacy Policy.

As data controller, Service Provider acknowledges that the content of this Privacy Policy is obligatory and undertakes that all data management and data processing related to its activities comply with the requirements specified in this Privacy Policy and the applicable legislation. By publishing this Privacy Policy, Service Provider ensures that the natural persons using the Services become acquainted with the relevant data protection rules before using the Service.

Service Provider provides services to both natural and legal persons, unincorporated companies, individuals (including, for example, lawyers, patent attorneys, notaries, sole proprietors, sole proprietorships etc.). The service mostly involves the processing of personal data, which may not be separate from the processing of company data. As personal data is any information about the data subject (Section 3 (3) of the Privacy Act), the data of employees, senior executives and private owners of companies (e.g. name, email address, telephone number etc.) are also considered personal data.

Service Provider continuously publishes this Privacy Policy on the www.egroup.hu website, and reserves the right to modify this Privacy Policy at any time, in which case it publishes a notice of the relevant changes on the www.egroup.hu website.

Service Provider is committed to the protection of the personal data of its partners and users, and considers it crucial to respect the right of its customers to informational self-determination. We treat personal data confidentially, in accordance with the applicable legal regulations, ensure their security, take the technical and organizational measures and establish the procedural rules necessary to enforce the relevant legal provisions and other recommendations.

Service Provider describes the principles of data processing below, presents the expectations it has formulated and adheres to, and declares that its data processing principles are in accordance with the current data protection legislation in force, as contained in this Privacy Policy.

In order to avoid and prevent abuses, Service provider stores certain personal and transactional data about the affected user even after the termination of the contractual relationship (e.g. account suspension, exclusion). The data is stored only for the purpose and to the extent that it is possible to prevent the excluded user from opening a new account on Service provider’s website, for the benefit of other users of the platform, thus preserving and ensuring its secure operation.

1. Name and contact of service provider, data controller

Company name:	E-GROUP ICT SOFTWARE Informatikai Zártkörűen Működő Részvénytársaság
Address:	11 Kacsa utca, Budapest 1027
EU VAT number:	HU3665908
Name and address of website:	www.egroup.hu
The Privacy Policy is available at:	www.egroup.hu
E-mail:	info@egroup.hu / https://egroup.hu/company/contact-us/
Telephone number	+36-1-371-2555

2. Definitions

GDPR (General Data Protection Regulation) is the new Data Protection Regulation of the European Union;

Data processing: any operation or set of operations on personal data or data files, whether automated or non-automated, in particular collecting, recording, registering, classifying, storing, modifying, using, querying, transferring or otherwise disclosing, harmonizing or interconnecting, blocking, deleting and destructing the data, as well as preventing their further use;
Data controller: natural or legal person or organisation without legal personality, public authority, agency or any other body processing personal data on the grounds of a contract concluded with the Data controller;
Identifiable natural person: a natural person who, directly or indirectly identifiable, in particular by means of an identifier such as a name, identification number, location data, online identifier, or the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person identifiable by one or more relevant factors;
Personal data: any information relating to the identified or identifiable natural person (data subject); natural person can be identified who is identifiable directly or indirectly, in particular on the basis of an identifier such as name, number, location, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person;
Data subject: any natural person identified or directly or indirectly identifiable on the basis of personal data;
Data subject’s consent: a clear, voluntary and well-informed statement of the data subject’s will, by means of a statement or other conduct that unequivocally expresses his or her will, that he or she consents to the processing of personal data concerning him or her;
Data breach: a security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data that is transmitted, stored, or otherwise managed.
Recipient: any natural or legal person, public authority, agency or any other body to whom personal data are communicated, whether or not a third party. Public authorities that may have access to personal data in the context of an individual inquest in accordance with European Union or any Member State law shall not be considered as recipients; the processing of such data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of data control;
Third party: a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or persons who have been authorized to process personal data under the direct processing of the data controller or data processor.

3. Privacy Policy

The data controller declares that he/she manages personal data in accordance with the provisions of the Privacy Policy and complies with the provisions of the relevant legislation, in particular with regard to the following:

The processing of personal data must be carried out lawfully and fairly and in a way that is transparent to the data subject.
Personal data may only be collected for specified, explicit and legitimate purposes.
The purpose of the processing of personal data must be appropriate and relevant and only to the extent necessary.
Personal information must be accurate and up to date. Inaccurate personal data must be deleted immediately.
Personal data must be stored in such a way as to enable identification of data subjects only for as long as is necessary. Personal data may be stored for a longer period only if the storage is for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes.
The processing of personal data must be carried out in such a way as to ensure adequate security of the personal data, including protection against unauthorized or unlawful data control, accidental loss, destruction or damage, by means of appropriate technical or organizational measures.
The Service Provider must apply the principles of data protection to all information concerning all identified or identifiable natural persons.

4. Legal basis, purpose and scope of the processing of personal data

4.1. During Service Provider’s data control, personal data may be processed if at least one of the following criteria is met:

The User concerned has given his or her voluntary informed consent to the processing of his or her personal data for one or more specific purposes: Article 6 (1) (a) of the GDPR (hereinafter: Consent), including e.g. to receiving a newsletter, the use of cookies; obsession
Data processing is necessary for the performance of a contract in which the User is a concerned party, or it is necessary prior to the conclusion of the contract for taking steps at the request of the data subject: Article 6 (1) (b) of the GDPR (hereinafter: Performance of the contract)
Data processing is necessary for the fulfillment of a legal obligation of the data controller (such as the fulfillment of an accounting obligation): Article 6 (1) (c) GDPR (hereinafter: Fulfillment of a legal obligation); obsession
Data processing is necessary to safeguard the legitimate interests of the data controller or of a third party, unless those interests take precedence over the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular if the data subject is a child: GDPR Article 6 (1) (f) (‘hereinafter: Legitimate interest‘).

The processing of all personal data relating to a data subject is based on voluntary consent, a legitimate interest substantiated by a balancing test, the performance of a contract or the fulfillment of a legal obligation.

If those who provide data to the Service Provider do not provide their own personal data, they are always obliged to obtain the consent of the data subjects. Service Provider excludes all liability for non-consent.

4.2. Registration

The purpose of data processing is providing service and contact.

The legal basis for data processing for registration purposes is the consent of the data subject.

Those involved in data processing are registered users of the website.

Duration of data control. The data processingis carried out until the consent is withdrawn. The data subject may withdraw his or her consent to the data processing at any time by sending a letter to the contact e-mail address. Service Provider stores personal data – in cases not otherwise indicated in this Privacy Policy – until the existence of the customer relationship and the enforcement of civil law claims.

The data will be deleted when the consent to the data processing is revoked. The data subject may withdraw his or her consent to data processing at any time by sending a letter to the contact e-mail address.

The data controller and its employees have the right to access the data.

Data is stored electronically.

Modification or deletion of personal data can be initiated by e-mail, telephone or letter using the contact options provided above.

The provision of personal data is absolutely necessary for identification in the databases and for maintain communication.

4.3. Request for information

Service provider provides you with the opportunity for you to be able to send a request for information on the website.

To do this, you must provide the following information:

Name
E-mail address
Phone number
Additional information that may contain personal information

The purpose of data processing: making a personalized offer.

Legal basis for data processing: your voluntary consent under Article 6 (1) (a) of the GDPR, based on adequate information.

Duration of data processing: Until the consent is withdrawn.

Please note that the withdrawal of consent does not affect the lawfulness of the data processing carried out with your consent prior to the withdrawal.

4.4. Use of cookies

Technical cookie: the cookies listed below are essential for the operation of the website, the service provider is entitled to use them without your permission:

A cookie that stores the data you record: when you close your browser, these cookies are automatically deleted, they are only used to identify your computer, and your personal data is not stored.
User interface customization cookie: used to store user preferences related to the service that are not related to other persistent identifiers, such as cookies for the desired language or for the desired display format of results when querying.

The cookies listed below may only be used with your prior consent:

Cookies needed to increase performance: these cookies only identify your computer, they do not collect your personal data, only data related to the use of the Website, with Google Analytics cookies, e.g. to understand the behavior and characteristics of their users, which subpages did the user visit, how regularly and for how long did the visit last.
Functional cookies: allows you to restore your previous settings, thus providing a higher level of personalized service. It may also contain personal information you provide on the Website.
Targeted cookies: This allows us to deliver targeted, relevant advertisements to you, allow you to connect to social networking sites and they only identify your computer.

We use remarketing services to deliver our personalized ads to you:

Google Ads: It is used to remember your recent searches, past interactions with individual advertisers ‘ads or search results, and visits to advertisers’ websites. It uses cookies to track sales and other conversions that result from your ad and saves them to your computer when you click on an ad.
Google Analytics: Google Analytics is Google’s analytics tool that helps website and application owners get a more accurate picture of their visitors’ activities. The Service may use cookies to collect information and report statistics about the use of the Website without personally identifying visitors for Google. In addition to reporting from site usage statistics, Google Analytics, along with some of the advertising cookies described above, can also be used to show more relevant ads on Google products (such as Google Search) and across the web: http://www.google.com/analytics/
Facebook Pixel: it is a code embedded in the source code of the Website to serve personalized advertisements on Facebook to visitors of the Website: https://www.facebook.com/business/help/651294705016616

Legal basis for data processing: your voluntary consent under Article 6 (1) (a) of the GDPR, based on adequate information.

Duration of data processing: Until the consent is withdrawn.

Please note that the withdrawal of consent does not affect the lawfulness of the data processing carried out with your consent prior to the withdrawal.

4.5. Social media sites – extensions (facebook, instagram)

Extensions on the Website are disabled by default. Extensions will only be enabled if you click the button to enable them. By enabling the extension, you are connecting to facebook.com; instagram.com and agree to the transfer of your data to the given service provider.

When you click the appropriate button, your browser transmits the relevant information directly to that social network and stores it there. More information about data processing can be found at the following link: https://www.facebook.com/about/privacy https://help.instagram.com/519522125107875

4.6. Social media sites

In order to use the services, the system automatically logs the following data:

the dynamic IP address of your computer
depending on the settings of your computer, the type of browser and operating system you are using
activity related to your website
date of activity

Legal basis for data processing: legitimate interest of the service provider under Article 6 (1) (f) of the GDPR.

Duration of Data processing: 90 days from creation.

4.7. Balance of interest test

With regard to data processing under Article 6 (1) (f) of the GDPR.

Purpose of data processing: On the one hand, the use of this data is for technical purposes, such as analyzing the secure operation of servers, retrospective control, recording security deviations, and on the other hand, we use this data to compile site usage statistics and analyze user needs for improving the quality of services.

Legitimate interest of the data controller: Service provider has a legitimate interest in the availability and secure operation of the Website.

Rights and freedoms of the data subject with regard to the protection of personal data: The data controller is not able to identify the data subject from the above data. The data stored in the log files is not linked to any other information that would allow the person behind the data to be identified. The processing of the data does not affect the privacy of the data subject, his or her data protection rights and freedoms are not endangered by this data processing.

As a result of the balancing test, it can be concluded that the interest of the data subject does not take absolute precedence over the legitimate interest of the service provider, the data processing does not restrict the privacy of the data subject.

4.8. Data processing different from the above purposes

We may only process personal data relating to you for any purpose other than those set out above, in particular to increase the efficiency of the service or to conduct market research, with the prior determination of the processing of your data and with your consent.

This data may not be linked to your identifying data and may not be passed on to third parties without your consent.

We are obliged to delete this data if the purpose of data processing has ceased or if you have so provided.

Only our own employees, agents and other contributors who are required to know the data processed in order to fulfill their duties or perform the task to be performed by them have the right to access the personal data. We are obliged to ensure that those entitled to access the data we process comply with the provisions of this Privacy Policy and the applicable legislation at all times.

5. Processing the personal data of minors

The processing of personal data relating to information society services offered directly to children is lawful if the child has reached the age of 16.

Pursuant to Articles 6 (1) (a) and 8 of the GDPR, the processing of personal data of a minor who has reached the age of 16 is lawful only if and to the extent that the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes.

In the case of a child under the age of 16, the processing of children’s personal data is only lawful if and to the extent that the consent has been given or authorized by the person exercising parental control over the child. Service Provider hereby declares that it is not in a position to verify the consent described above.

6. Important data processing information

The purpose of data processing is to enable Service provider and Data Controller service provider to provide appropriate additional services to the visitors of the Website and the persons registered on the website during the operation of the Website.

The data subjects of the data processing are the visitors and registered users of the Website.

Duration of data processing. The duration of data processing always depends on the specific user purpose, but the data must be deleted immediately if the original purpose has already been achieved. Personal data is provided by the service provider in cases not otherwise indicated in this Privacy Policy. it is stored until the existence of the customer relationship and the enforcement of civil law claims.

The data subject may request the data controller to access, rectify, delete or restrict the processing of personal data concerning him or her and to object to the processing of such personal data, as well as to ensure the exercise of the data subject’s right to data portability.

Right to rectification and erasure of data. The data subject shall have the right, at the request of the data controller, to correct or supplement inaccurate personal data concerning him or her without undue delay, and shall have the right to delete personal data concerning him or her, whether accurate or inaccurate, without undue delay. The data controller is obliged to delete the personal data of the data subject without undue delay, unless there is another legal basis for the processing. If there is no legal impediment to the deletion, your data will be deleted.

Withdrawal of consent to data processing. The data subject may withdraw his or her consent at any time, but this shall not affect the lawfulness of the processing carried out prior to the withdrawal.

Modification or deletion of personal data, withdrawal of consent to data processing can be initiated by e-mail, telephone or letter using the contact options provided above.

The data controller and its employees have the right to access the data.

Filing a complaint. The person concerned may exercise the right to file a complaint with the supervisory authority at the contact details of the authority given below.

If the person concerned wishes to have the benefits of registration, e.g. to use the services of the Website in this regard, it is necessary to provide the requested personal data. The data subject is not obliged to provide personal data, and there are no adverse consequences for the non-provision of data. However, it is not possible to use certain functions of the Website without registration.

You can give your consent to the data processing by intentionally and explicitly ticking the blank checkbox on the website dedicated to this purpose.

In order to get to know the users, make the service provider’s activity easier as well as personalize the newsletter other direct marketing inquiries and services, additional information can be provided based on the data subject’s consent (e.g. where you first heard about the service provider’s services, gender, date of birth, education, occupation, marital status, field of work, at which bank you manage your current account, type of internet connection, operating system, type of browser, regularly visited pages, regularly visited e-commerce pages and interests).

In addition to the above, the database contains whether the user requested an e-mail newsletter or not, and if so, what content was requested pertaining to the newsletter, whether he or she consented to being served by the Service Provider for direct marketing purposes (e.g. by phone, SMS, and by e-mail or post).

You, as a data subject and user may object to the processing of your personal data, In this regard, you are entitled to proceed in accordance with the data processing information detailed above and this privacy notice, as well as the legislation described in this privacy notice.

Most of the information provided can be modified on the Website. You can initiate the deletion of the data from the user’s own personal menu / user account.

7. Website visitor details

When visiting Service Provider’s Website, Service Provider may record the users’ IP address and the date of the visit for technical reasons, and for the purpose of compiling statistics on user habits.

The legal basis for the processing of data is the legitimate interest of the service provider.

IP addresses are recorded anonymously, for statistical purposes, they do not contain the personal data of the visitors of the Website, they cannot be linked to them.

Duration of the storage of data: IP data is stored by the server for one month.

8. Newsletter

As the operator of the Website, we declare that we fully comply with the relevant legal provisions regarding the information and descriptions published by us. We further declare that when subscribing to the newsletter, we are not in a position to verify the authenticity of the contact information or to establish that the information provided relates to an individual or business. We treat companies that contact us as customer partners.

The purpose of data processing is to send professional brochures, electronic messages containing advertisements, information, newsletters, from which the recipient can unsubscribe at any time without consequences. The recipient may unsubscribe without any consequences, even if their business has been terminated, left the business, or someone has provided us with the recipient’s contact information.

The legal basis for data processing is the consent of the user. We inform you that the user may in advance and expressly consent to being contacted by Service Provider with advertising offers, information and other items at the e-mail address provided during registration. As a result, the user may consent to Service Provider processing the necessary personal data for this purpose. We would like to inform you that if you want to receive a newsletter from us, you must provide the necessary information. If you do not provide data, we will not be able to send you a newsletter.

Duration of data processing. The data will be processed until the consent is revoked. The user may revoke his or her consent to data processing at any time by sending a letter to the contact e-mail address. Personal data – in cases not otherwise indicated in this Privacy Policy – is provided by Service Provider and it is stored until the existence of the customer relationship and the enforcement of civil law claims.

The data will be deleted when the consent to the data processing is revoked. The user may revoke his consent to data processing at any time by sending an e-mail to the contact e-mail address. Consent can also be revoked based on the link in the newsletters sent out.

The data controller and its employees have the right to access the data.

Data is stored electronically.

Modification or deletion of data can be initiated by e-mail, telephone or letter using the contact options provided above.

Scope of data processed	Specific purpose for data processing
Name	Identification, contact.
E-mail	Identification, contact.
Date of subscription	Technical information operation.
IP address	Technical information operation.

Please note that neither your username nor your email address is required to include personally identifiable information. For example, it is not necessary for the user name or e-mail address to contain the user’s real name. The user is completely free to decide what username or email address to enter, it is not necessary for them to contain information indicating the user’s personal identity. An e-mail address, which is used for contact, is absolutely necessary for the newsletter or professional information sent to the user to reach its destination.

9. Data processors

Name and contact details of data processors:

1) Hosting provider: Service Provider also acts as a hosting provider as follows:

Name / Company name:	E-Group ICT SOFTWARE Zrt.
Headquarters:	11 Kacsa utca, Budapest 1027
Telephone number:	+36-1-371-2555
E-mail:	info@egroup.hu

The data provided by the user is stored on a server operated by the hosting provider. The data can only be accessed by Service Provider’s employees and the employees operating the server, but they are all responsible for the secure handling of the data.

Name of the activity: hosting service, server service.

The purpose of data processing: to make the website available and to ensure its operation.

Scope of data processed: all personal data provided by the data subject

Duration of data processing and deadline for deletion of data. Data processing is until the end of the operation of the website or a contractual agreement between the operator of the website and the hosting provider. If necessary, the user concerned can also request the deletion of his or her data by contacting the hosting provider.

Legal basis for data processing: the consent of the user concerned and statutory data processing (Section 5 (1), Article 6 (1) (a) of the Information Act, and Section 13 / A (3) of Act CVIII of 2001 on certain issues of electronic commerce services and information society services.)

Our servers, on which our egroup.hu system runs, are protected by a firewall, they are located in a secure physical environment, at a hosting provider or properly locked.

In the event of a physical or technical incident, the server service provider ensures the availability and restoration of the website data by means of a regular backup. Our server operator does not have access to personal data.

2.)

Name / Company name:	Google Inc.
Headquarters	1600 Amphitheatre Parkway, Mountain View, US, CA 94043
Privacy Policy:	http://www.google.com/intl/hu ALL/privacypolicy.html
Contact name:	Google Számítástechnikai Szolgáltató Korlátolt Felelősségű Társaság
Headquarters of contact:	26-28 Árpád fejedelem útja, Budapest 1023)
E-mail:	googlekft@google.com

We use Google Analytics software to obtain independent traffic and other web analytics data from the Website. By using the Website, you consent to the processing of your data by Google.

We reserve the right to use additional data processors in addition to those listed above by publishing the names and addresses of the additional data processors in a way that is accessible to users at the beginning of data processing at the latest.

10. Data processing rights

10.1. Right to request information and access

As a user, you can request information from us about the following via the contact details provided:

the categories of personal data concerned
the recipients with whom we have communicated or will communicate your personal data, in particular third country recipients or international organizations
the duration of the storage of personal data or, if this is not possible, the criteria for determining this period
your right to request us to rectify, delete or restrict the processing of your personal data and to object to the processing of such personal data;
the right to lodge a complaint with a supervisory authority;
if the data was not collected from you, all available information about their source

Upon your request, we will send you information immediately, but within 30 days, to the e-mail contact you provided. The information is free of charge. We will provide you with a copy of the personal data that is the subject of data processing. For any additional copies you request, the data controller will charge a reasonable fee based on administrative costs. If you have submitted your application electronically, we will provide the information in a widely used electronic format, unless you request otherwise.

If the request is manifestly unfounded or particularly repetitive due to its excessive nature, we may charge a reasonable fee, taking into account the administrative costs involved in providing the requested information or action or taking the requested action, or refuse to act on the request. It is in all cases up to us to prove that the request is manifestly unfounded or excessive.

10.2. Right of rectification

You, as an affected user, may request us to change any of your details through the contact details provided. We will take action on your request immediately, but within a maximum of 30 days, and we will send you information by e-mail. If true or additional information is not available, the rectifications and additions will be made through an supplementary declaration.

10.3. Right to cancellation

We are required to delete your personal data if

its processing is illegal;
you withdraw your consent on which the data processing is based or request the deletion of your data and there is no other legal basis for the data processing;
it is incomplete or incorrect – and this condition cannot be legally remedied – provided that cancellation is not precluded by law;
the purpose of data processing has ceased, or the term for the storage of data specified by law has expired;
the deletion of the data has been ordered by a court or the Authority.

10.4. Right to blocking

You, as the user concerned, may request that your data be blocked from us via the contact details provided or on the basis of the information available to you, it is presumed that the deletion would harm your legitimate interests. Personal data blocked in this way may only be processed for as long as the purpose of the data processing, which precluded the deletion of personal data, exists. At your request, we will do this immediately, but within a maximum of 30 days, and we will send information to the email contact you provided.

10.5. Right to object

You, as the user concerned, may object to the data processing via the contact details provided. We will investigate the objection as soon as possible after the submission of the application, but not later than within 15 days, we will make a decision on its merits and we will inform you about the decision by e-mail.

You may object to the processing of your personal data,

if the processing or transfer of personal data is necessary only for the fulfillment of our legal obligation or for the enforcement of a legitimate interest of us or a third party, except in the case of mandatory data processing;
if the use or transfer of personal data is for the purpose of direct business acquisition, public opinion polling or scientific research; and
in other cases specified by law.

If the objection is justified, we are obliged to terminate the processing of data, including further data collection and transfer, and to block the data, as well as to notify all persons to whom we have previously transferred the personal data concert by the objection and who are obliged to take action to enforce the right to objection. If you do not agree with our decision, or if we miss the 15-day deadline, you can appeal against the decision to the court upon receipt of the notification of the decision or within 30 days from the last day of the deadline.

10.6. Right to restrict data processing

We restrict data processing if any of the following is true:

You dispute the accuracy of personal information;
the data processing is illegal and you oppose the deletion of the data and instead ask for a restriction on its use;
we no longer need personal data for data processing purposes, but you require it to make, enforce or protect legal claims; or
You have objected to the data processing.

If the processing is subject to restrictions, such personal data may be processed, with the exception of storage, only with your consent or for the purpose of making, enforcing or protecting legal claims or protecting the rights of another natural or legal person or in the important public interest of the European Union or a Member State.

10.7. Right to data portability

You have the right to receive personal data about you provided to us in a structured, widely used, machine-readable format, if technically feasible, if the data processing is based on your consent or contract and the data processing is automated.

If your request for rectification, restriction or deletion cannot be complied with, we will inform you in writing within 25 days of receipt of the request of the rejection of the request and the reasons for the rejection.

Your rights under section 10 may be restricted by law for the external and internal security of the state, such as national defense, national security, the prevention or prosecution of criminal offenses, the security of law enforcement, and the economic or financial interests of the state or local government, or the significant economic or financial interests of the European Union, and to prevent and detect disciplinary and ethical violations related to the pursuit of occupations, breaches of employment law and health and safety obligations, including, in any case, inspection and supervision, and to protect the rights of the Data Subject or others.

10.8. Possibility of enforcement related to data processing

In case you of illegal data processing experienced by you, as the user concerned, notify Service Provider so that the legal status can be restored within a short time. We will do our best to solve the problem outlined.

10.8.1. Complaints management

Data collection, scope of data processed and purpose of data processing:

Personal data	The purpose of data processing
Surname and family name	Identification, contact
Telefonszám	Contact
E-mail	Contact
Other	Handling issues arising regarding the Services.

Data subjects: All data subjects who make a complaint using the service.

Duration of data processing, deadline for deleting data: Data are stored until the enforcement of civil law claims.

Identity of potential data controllers entitled to access the data, recipients of personal data: Personal data may be processed by the data controller’s employees, respecting the above principles.

Description of the data subject’s rights with regard to data processing: The data subject may request the data controller to access, rectify, delete or restrict the processing of personal data concerning him or her and may object to the processing of such personal data, and the data subject and has the right to data portability and withdrawal of consent at any time.

Access to, deletion, modification or restriction of the processing of personal data, portability of data, objection to data processing can be initiated by the data subject in the following ways:

By post at 11 Kacsa utca, 1027 Budapest;
By e-mail to info@egroup.hu; / https://egroup.hu/company/contact-us/
By phone at + 36-1-371-2555.

Legal basis for data processing: data subject’s consent, Article 6 (1) (c), Privacy Act Section 5 (1) and Article 17 A. § (7) of Act CLV of 1997 on consumer protection.

We inform you that the provision of personal data is based on a contractual obligation (a) the processing of personal data is a precondition for concluding the contract; (b) is required to provide personal information so that we can handle your complaint; (c) failure to provide information has the consequence that we are unable to handle your complaint received by us.

10.8.2. Data breach notice

If the data breach is likely to pose a high risk to the rights and freedoms of natural persons, we will inform you regarding the data breach without undue delay as follows:

The information provided to the data subject shall clearly and intelligibly describe the nature of the data breach and the name and contact details of the data protection officer or other contact person who provides further information; the likely consequences of the data breach must be disclosed; the measures taken or planned by the data controller to remedy the data breach must be disclosed, including, where appropriate, measures taken to mitigate any adverse consequences arising from the data breach.

The data subject need not be informed if any of the following conditions are met:

the data controller has implemented appropriate technical and organizational protection measures and these measures have been applied to the data affected by the data breach, in particular measures such as the use of encryption which make the data incomprehensible to persons not authorized to access personal data;
the data controller has taken further measures following the data breach to ensure that the high risk to the data subject’s rights and freedoms is no longer likely to materialize;
providing information to the data subject regarding the data breach would require a disproportionate effort. In such cases, data subjects shall be informed through publicly available information or a similar measure shall be taken to ensure that data subjects are informed in an equally effective manner.

If the data controller has not yet notified the data subject of the data breach, the supervisory authority may, after considering whether the data breach is likely to involve a high risk, order that the data subject be informed.

Report a data breach to the authority. The data breach shall be reported by the data controller without undue delay and, if possible, no later than 72 hours after becoming aware of the data breach to the competent supervisory authority under Article 55 of the GDPR (e.g. NAIH – Hungarian National Authority for Data Protection and Freedom of Information), unless the data breach is unlikely to incur risks to the rights and freedoms of natural persons. If the notification is not made within 72 hours, the reasons for the delay must be provided.

Possibility to make a complaint. If you consider that the legal situation cannot be restored, notify the authority or the court:

Complaints against possible violations of the data controller can be made to the Hungarian National Authority for Data Protection and Freedom of Information
Hungarian National Authority for Data Protection and Freedom of InformationPostal Address: 1363 Budapest, Pf.: 9.
Address: 9-11 Falk Miksa, Budapest 1055
Telephone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat (at) naih.hu
website: https://naih.hu
Competent court: your place of residence or the General Court with jurisdiction over the place of residence

11. Legislation underlying data processing

In preparing this Privacy Policy, we have complied with the following legislation:

REGULATION 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (EU) of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: GDPR)
Act CXII of 2011 on the Right to Information Self-Determination and Freedom of Information (hereinafter: Privacy Act)
Act LXVI of 1995 on Public Documents, Archives and the Protection of Private Archival Material
Act XLVII of 2008 on the Prohibition of Unfair Commercial Practices against Consumers
Act CVIII of 2001on Certain Issues of Electronic Commerce Services and Information Society Services (Mainly Section 13/A) (“Eker tv”)
Act XLVIII of 2008 on the basic conditions and certain restrictions of commercial advertising (especially § 6)
Act XC of 2005 Electronic Freedom of Information
Act C of 2003 on electronic communications (specifically § 155)
Opinion 16/2011 on the EASA / IAB Recommendation on Best Practices for Behavioral Online Advertising
Section 2: 43 e.) of Act V of 2013 on the Civil Code (“Civil Code”)
Act VI of 1998 promulgating the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, done at Strasbourg on 28 January 1981;
Act CXIX of 1995 on the management of name and address data for the purpose of research and direct business acquisition (“Katv.”)
Recommendation of the Hungarian National Authority for Data Protection and Freedom of Information on data protection requirements for prior information.