Privacy

Introduction

Magevolve Kft. [Magevolve Ltd.] (managing director: Attila Sági, E-mail: magevolve@magevolve.com, Telephone: +36-30-411-9720, Company registration number: 01-09-986286, Tax number: 23953741-1-43, Registered office: 1115 Budapest, Fraknó utca 22/B.) (hereinafter referred to as: the “Service Provider”, “data controller”) subjects itself to the provisions of the following policy:

Paragraph (1) of Section 20 of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information provides that prior to data control being initiated, the data subject (in the present case, the webshop user, hereinafter referred to as: the „user”) shall be informed whether his consent is required or control is mandatory.

Before control operations are carried out the data subject shall be clearly and elaborately informed of all aspects concerning the control of his personal data, such as the purpose for which his data is required and the legal basis, the person entitled to control the data and to carry out the processing, and the duration of the proposed control operation.

Under Paragraph (1) of Section 6 of the Privacy Act, the data subject must be also informed that personal data may be processed also if obtaining the data subject’s consent is impossible or it would give rise to disproportionate costs, and the control of personal data is necessary:

  • for compliance with a legal obligation pertaining to the data controller, or
  • for the purposes of the legitimate interests pursued by the controller or by a third party, and enforcing these interests is considered proportionate to the limitation of the right for the protection of personal data.

The information must include the data subject’s rights and remedies relating to data control.

If the provision of personal information to the data subject proves impossible or would involve disproportionate costs (for instance, like in the present case, in a webshop), the obligation of information may be satisfied by the public disclosure of the following:

a) an indication of the fact that data is being collected;

b) the data subjects targeted;

c) the purpose of data collection;

d) the duration of the proposed control operation;

e) the potential data controllers with the right of access;

f) the right of data subjects and remedies available relating to data control; and

g) where the control operation has to be registered, the number assigned in the data protection register.

This privacy policy regulates the data control of the following websites: magevolve.hu, magevolve.com, and it is based on the above provisions.

Any modifications of this privacy policy shall enter into effect upon being posted at the above websites. The respective legal references are indicated after the headings of this privacy policy.

Definitions (3.§)

1. ‘data subject/User’ shall mean any natural person directly or indirectly identifiable by reference to specific personal data;

2. ‘personal data’ shall mean data relating to the data subject, in particular by reference to the name and identification number of the data subject or one or more factors specific to his physical, physiological, mental, economic, cultural or social identity as well as conclusions drawn from the data in regard to the data subject;

3. ‘special data’ shall mean:

a) personal data revealing racial origin or nationality, political opinions and any affiliation with political parties, religious or philosophical beliefs or trade-union membership, and personal data concerning sex life,

b) personal data concerning health, pathological addictions, or criminal record;

4. ‘the data subject’s consent’ shall mean any freely and expressly given specific and informed indication of the will of the data subject by which he signifies his agreement to personal data relating to him being processed fully or to the extent of specific operations;

5. ‘the data subject’s objection’ shall mean a declaration made by the data subject objecting to the control of their personal data and requesting the termination of data control, as well as the deletion of the data processed;

6. ‘controller’ shall mean natural or legal person, or organisation without legal personality which alone or jointly with others determines the purposes and means of the control of data; makes and executes decisions concerning data control (including the means used) or contracts a data processor to execute it;

7. ‘data control’ shall mean any operation or the totality of operations performed on the data, irrespective of the procedure applied; in particular, collecting, recording, registering, classifying, storing, modifying, using, querying, transferring, disclosing, synchronising or connecting, blocking, deleting and destructing the data, as well as preventing their further use, taking photos, making audio or visual recordings, as well as registering physical characteristics suitable for personal identification (such as fingerprints or palm prints, DNA samples, iris scans);

8. ‘data transfer’ shall mean ensuring access to the data for a third party;

9. ‘disclosure’ shall mean ensuring open access to the data;

10. ‘data deletion’ shall mean making data unrecognisable in a way that it can never again be restored;

11. ‘tagging data’ shall mean marking data with a special ID tag to differentiate it;

12. ‘blocking of data’ shall mean marking data with a special ID tag to indefinitely or definitely restrict its further control;

13. ‘data destruction’ shall mean complete physical destruction of the data carrier recording the data;

14. ‘data processing’ shall mean performing technical tasks in connection with data control operations, irrespective of the method and means used for executing the operations, as well as the place of execution, provided that the technical task is performed on the data;

15. ‘data processor’ shall mean any natural or legal person or organisation without legal personality processing the data on the grounds of a contract concluded with the data controller, including contracts concluded pursuant to legislative provisions;

16. ‘data source’ shall mean the body responsible for undertaking the public responsibility which generated the data of public interest that must be disclosed through electronic means, or during the course of operation in which this data was generated;

17. ‘data disseminator’ shall mean the body responsible for undertaking the public responsibility which uploads the data sent by the data source it has not published the data;

18. ‘data set’ shall mean all data processed in a single file;

19. ‘third party’ any natural or legal person, or organisation without legal personality other than the data subject, the data controller or the data processor.

The legal basis of data control (5.-6.§)

1. Personal data may be processed under the following circumstances:

  • when the data subject has given his consent, or
  • when control is necessary as decreed by law or by a local authority based on authorization conferred by law concerning specific data defined therein for the performance of a task carried out in the public interest.

2. Personal data may be processed also if obtaining the data subject’s consent is impossible or it would give rise to disproportionate costs, and the control of personal data is necessary:

a) for compliance with a legal obligation pertaining to the data controller, or

b) for the purposes of the legitimate interests pursued by the controller or by a third party, and enforcing these interests is considered proportionate to the limitation of the right for the protection of personal data.

3. If the data subject is unable to give his consent on account of lacking legal capacity or for any other reason beyond his control, the control of his personal data is allowed to the extent necessary and for the length of time such reasons persist, to protect the vital interests of the data subject or of another person, or in order to prevent or avert an imminent danger posing a threat to the lives, physical integrity or property of persons.

4. The statement of consent of minors over the age of sixteen shall be considered valid without the permission or subsequent approval of their legal representative.

5. Where data control under consent is necessary for the performance of a contract with the controller in writing, the contract shall contain all information that is to be made available to the data subject in connection with the control of personal data, such as the description of the data involved, the duration of the proposed control operation, the purpose of control, the transmission of data, the recipients and the use of a data processor. The contract must clearly include that by affixing his signature, the data subject gives his consent for having his data processed as stipulated in the contract.

6. Where personal data is recorded under the data subject’s consent, the controller shall - unless otherwise provided for by law - be able to process the data recorded where this is necessary:

  • for compliance with a legal obligation pertaining to the controller, or
  • for the purposes of legitimate interests pursued by the controller or by a third party, if enforcing these interests is considered proportionate to the limitation of the right for the protection of personal data

Data control must be associated with a specific purpose (4.§ [1]-[2])

1. Personal data may be processed only for specified and explicit purposes, where it is necessary for the exercising of certain rights and fulfillment of obligations. The purpose of control must be satisfied in all stages of data control operations; recording of personal data shall be done under the principle of lawfulness and fairness.

2. The personal data processed must be essential for the purpose for which it was recorded, and it must be suitable to achieve that purpose. Personal data may be processed to the extent and for the duration necessary to achieve its purpose.

Other principles of data control (4.§ [3]-[4])

In the course of data control, the data in question shall be treated as personal as long as the data subject remains identifiable through it. The data subject shall - in particular - be considered identifiable if the data controller is in possession of the technical requirements which are necessary for identification.

The accuracy and completeness, and - if deemed necessary in the light of the aim of control - the up-to-date status of the data must be provided for throughout the control operation, and shall be kept in a way to permit identification of the data subject for no longer than is necessary for the purposes for which the data were recorded.

Functional data control

1. Under Paragraph (1) of Section 20 of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information, the following must be determined within the framework of the operation of the functionality of the webshop website:

a) an indication of the fact that data is being collected;

b) the data subjects targeted;

c) the purpose of data collection;

d) the duration of the proposed control operation;

e) the potential data controllers with the right of access;

f) the rights of data subjects relating to data control.

2. The fact that data is being collected, the scope of processed data: password, surname and first name, company name, e-mail address, fax number, telephone number, address, date of registration, IP address at the time of registration.

3. Data subjects targeted: all data subjects who register at the webshop website.

4. The purpose of data collection: The Service Provider processes the personal data of Users for the purposes of the full-scope use of the website, e.g. the conclusion of a contract aiming the provision of the services, the determination of the contents of such contract, the modification and the monitoring of the fulfilment of such contract, the invoicing og charges arising from such contract, and the enforcement of claims relating to such contract, as well as the provision of a newsletter sending service.

5. The duration of the data control, deadline for the deletion of data: immediately upon the deletion of registration, except in case of accounting documents because under Paragraph (2) of Section 169 of Act C of 2000 on Accounting, such data must be retained for 8 years.

The accounting documents for direct or indirect support of bookkeeping records (including ledger accounts, analytical records and registers) shall be retained for minimum 8 years, shall be readable and accessible by code of reference indicated in the bookkeeping records.

6. Potential data controllers with the right of access: The personal data may be processed by the employees of the controller in compliance with the above principles.

7. Information on the rights of data subjects relating to data control: The following data may be modified on the websites: password, surname and first name, company name, e-mail address, fax number, telephone number, address, date of registration, IP address at the time of registration. The data subject may request the deletion or modification of his personal data in the following manners:

- by post:  at the following address: 1115 Budapest, Fraknó utca 22/B., Hungary

- by e-mail: at the following e-mail address: magevolve@magevolve.com.

8. The legal basis of data control: the data subject’s consent, Paragraph (1) of Section 5 of the Privacy Act, and Paragraph (3) of Section 13/A of Act CVIII of 2001 on certain issues of electronic commerce services and information society services (hereinafter referred to as: „E-commerce Act”):

The Service Provider may – for the purpose of providing the service – process personal data indispensable for providing the service for technical reasons. Should other conditions be identical, the service provider shall select and operate the means applied in the course of providing information society service at all times, so that personal data be processed only if it is absolutely indispensable for providing the service or achieving other objectives stipulated in this Act, and only to the required extent and duration.

Our principles respecting functional data control (E-commerce Act, 13/A. §)

1. For the purpose of invoicing the charges arising under the contract for the information society service, the service provider may process personal data related to the use of such service, provided that such data are indispensable for establishing and invoicing the charge, thus, especially, the data regarding the time, duration and place of using the service.

 2. The Service Provider may – for the purpose of providing the service – process personal data indispensable for providing the service for technical reasons. Should other conditions be identical, the service provider shall select and operate the means applied in the course of providing information society service at all times, so that personal data be processed only if it is absolutely indispensable for providing the service or achieving other objectives stipulated in the E-commerce Act, and only to the required extent and duration.

3. The service provider may process data related to the use of the service for any other purpose, thus, in particular, for the purposes of enhancing the efficiency of the service, forwarding of electronic advertisements or other direct communications addressed to the recipient of the service, or market surveys only with the prior specification of the objective thereof and subject to the consent of the recipient of the service.

4. The recipient of the services shall be allowed, at all times, prior to and during the course of using the information society service to prohibit the data control.

5. The processed data shall be deleted if the contract is not concluded, is terminated and after the invoicing. The data shall be deleted if the objective of data control has ceased or upon the instruction of the recipient of the service to this effect. Unless provided otherwise by law, deletion of the data shall take place without delay.

6. The service provider shall ensure that the recipient of the service of the information society service may, at any time prior to and in the course of using the service, get acquainted with the types of data processed by the service provider and the objective of controlling such data, including the control of data directly not associated with the recipient of the service.

Cookies

1. Under Paragraph (1) of Section 20 of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information, the following must be determined within the framework of the processing of cookies by the webshop website.

a)  an indication of the fact that data is being collected;

b) the data subjects targeted;

c) the purpose of data collection;

d) the duration of the proposed control operation;

e) the potential data controllers with the right of access;

f) the rights of data subjects relating to data control.

2. The cookies usually used by webshops are the so-called „cookies used for password-protected sessions”, „cookies required for the shopping basket”, and „security cookies”, the use of which is not subject to the prior consent of data subjects.

3. The fact that data is being collected, the scope of processed data: unique identification number, dates and times.

4. Data subjects targeted: All data subjects visiting the website.

5. The purpose of data control: identification of users, recording the contents of the „shopping basket”, and the tracking of visitors.

6. The duration of the data control, deadline for the deletion of data:  In case of session cookies, the duration of the data control lasts until the end of the visit to the websites, and in other cases, the duration is 1 hour.

7. Potential data controllers with the right of access: The personal data may be processed by the employees of the controller in compliance with the above principles.

8. Information on the rights of data subjects relating to data control: Data subjects are able to delete cookies in the Tools/Settings menu of browsers, generally in the settings section under the Data protection menu.

9. The legal basis of data control:

The consent of data subjects is not required if it is necessary to carry out the transmission of an electronic communications network or if it is strictly necessary in order to provide an information society service explicitly requested by the subscriber or user to provide that service.

10. The Service Provider measures the attendance of the webshop by using the Google Analytics service. Data are transferred during the use of such service. The transferred data are not suitable for the identification of data subjects. For further information of the data protection guidelines of Google, please visit the following website: http://www.google.hu/policies/privacy/ads/

Newsletter, DM activities

1. Pursuant to Section 6 of Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions applying to Commercial Advertising Activities, the User may give his prior and express consent to the Service Provider’s contacting him with advertisements and other communications at the User’s contact details (e.g. e-mail address, telephone number) provided upon registration.

2. Furthermore, the Customer may give his consent, with regard to the provisions of this policy, to the Service Provider’s control his personal data necessary for the purposes of sending advertisements.

3. The Service Provider shall not send unsolicited advertising messages, and the User may unsubscribe from sending of offers free of charge, without any restrictions, and without having to provide his reasons. In such case, the Service Provider shall delete all his personal data necessary for sending advertising messages from the Service Provider’s registry, and shall not contact the User with further advertisements. The User can unsubscribe from advertisements by clicking on the ling included in the message.

4. Under Paragraph (1) of Section 20 of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information, the following must be determined within the framework of the data processing of newsletter circulation:

a) an indication of the fact that data is being collected;

b) the data subjects targeted;

c) the purpose of data collection;

d) the duration of the proposed control operation;

e) the potential data controllers with the right of access;

f) the rights of data subjects relating to data control.

5. The fact that data is being collected, the scope of controlled data: name, e-mail address, date, time.

6. Data subjects targeted: All data subjects subscribing to the newsletter.

7. The purpose of data control: sending electronic messages (e-mail) including advertisements to the data subject, the provision of information on current news, products, promotions, new functions, etc.

8. The duration of the data control, deadline for the deletion of data: data control shall last until the withdrawal of the data subject’s consent, that is, until unsubscription.

9. Potential data controllers with the right of access: The personal data may be processed by the employees of the controller in compliance with the above principles.

10. Information on the rights of data subjects relating to data control: The data subject may unsubscribe from the newsletter, free of charge.

11. The legal basis of data control: the data subject’s voluntarily given consent, Paragraph (1) of Section 5 of the Privacy Act, and Paragraph (5) of Section 6 of Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions applying to Commercial Advertising Activities:

Advertisers, advertising service providers and publishers of advertising shall maintain records on the personal data of persons who provided the statement of consent to the extent specified in the statement. The data contained in the aforesaid records – relating to the person to whom the advertisement is addressed – may be processed only for the purpose defined in the statement of consent, until withdrawn, and may be disclosed to third persons subject to the prior consent of the person affected.

Data transfer

1. Under Paragraph (1) of Section 20 of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information, the following must be determined within the framework of the data transferring activities of the webshop website:

a) an indication of the fact that data is being collected;

b) the data subjects targeted;

c) the purpose of data collection;

d) the duration of the proposed control operation;

e) the potential data controllers with the right of access;

f) the rights of data subjects relating to data control.

2. The fact that data is being collected, the scope of processed data: The scope of data transferred for the purpose of making online payment: Name, address, amount of transaction, legal grounds of the transaction.

3. Data subjects targeted: All data subjects making an online purchase.

4. The purpose of data control: The execution of online purchase.

5. The duration of the data control, deadline for the deletion of data: It lasts until the online payment is executed.

6. Potential data controllers with the right of access: The personal data may be processed by the following entities, in compliance with the above principles.

PayPal

Mother company: eBay Incorporated

Registered address: San Jose, California, USA

Contact details: https://www.paypal.com/hu

Their privacy policy: https://www.paypal.com/hu/cgi-bin/helpscr?cmd=p/gen/ua/policy_privacy-outside

 7. Information on the rights of data subjects relating to data control: The data subject may request the earliest deletion of his personal data from the data controller service provider providing the online payment service.

8. The legal basis of data transfer: the data subject’s consent, Paragraph (1) of Section 5 of the Privacy Act, and Paragraph (3) of Section 13/A of Act CVIII of 2001 on certain issues of electronic commerce services and information society services (hereinafter referred to as: „E-commerce Act”).

Data security (7.§)

1. Controllers shall make arrangements for and carry out data control operations in a way so as to ensure full respect for the right to privacy of data subjects.

 2. Controllers, and within their sphere of competence, data processors must implement adequate safeguards and appropriate technical and organizational measures to protect personal data, as well as adequate procedural rules to enforce the provisions of the Privacy Act and other regulations concerning confidentiality and security of data control.

 3. Data must be protected by means of suitable measures against unauthorized access, alteration, transmission, public disclosure, deletion or destruction, as well as damage and accidental loss, and to ensure that stored data cannot be corrupted and rendered inaccessible due to any changes in or modification of the applied technique.

 4. For the protection of data sets stored in different electronic filing systems, suitable technical solutions shall be introduced to prevent - unless this is permitted by law - the interconnection of data stored in these filing systems and the identification of the data subjects.

5. During the course of the automated processing of personal data, the controller and data processor ensures the following by taking additional measures:

a. prevents unauthorised data entry;

b. prevents the use of automatic data processing systems by unauthorised persons by using data transfer devices;

c. ensures the ability to control and determine which bodies the personal data have or can be sent to by using a data transfer device;

d. ensures the ability to control and determine which personal data has been registered in the automatic data processing systems, when this was done and who did it;

e. ensures the ability to restore the systems installed in the event of malfunctions and;

f. compiles a report on errors occurring during the course of automated processing.

6. The controller and data processor must take account of the current level of development of the relevant technology when determining and applying measures taken to protect the data. The solution which ensures a higher level protection of the personal data must be selected from among several possible control solutions, unless this proves far too difficult for the controller

The rights of data subjects (14.-19.§)

1. The data subject may request from the Service Provider to provide information on his personal data being processed, to rectify his personal data, and to delete or block his personal data, save where control is rendered mandatory.

2. Upon the data subject’s request the data controller shall provide information concerning the data relating to him, including those processed by a data processor on its behalf, the sources from where they were obtained, the purpose, grounds and duration of control, the name and address of the data processor and on its activities relating to data control, and - if the personal data of the data subject is made available to others - the legal basis and the recipients.

3. With a view to verifying legitimacy of data transfer and for the information of the data subject, the data controller shall maintain a transmission log, showing the date of time of transmission, the legal basis of transmission and the recipient, description of the personal data transmitted, and other information prescribed by the relevant legislation on data control.

4. Data controllers must comply with requests for information without any delay, and provide the information requested in an intelligible form, in writing at the data subject’s request, within not more than 30 days. The provision of information is free of charge.

5. Upon the User’s request the Service Provider shall provide information concerning the data relating to him, including those processed by a data processor on its behalf, the sources from where they were obtained, the purpose, grounds and duration of control, the name and address of the data processor and on its activities relating to data control, and - if the personal data of the data subject is made available to others - the legal basis and the recipients. The Service Provider shall comply with requests for information without any delay, and provide the information requested in an intelligible form, in writing at the data subject’s request, within not more than 30 days. The provision of information is free of charge

6. Where a personal data is deemed inaccurate, and the correct personal data is at the controller’s disposal, the Service Provider shall rectify the personal data in question.

7. Instead of deletion, the Service Provider shall block the personal data should the User request this, or in the event that the basis of the information available, deletion would presumably violate the rightful interests of the User. Personal data blocked through such means may exclusively be controlled while the control objective remains valid which barred the deletion of the personal data.

8. The Service Provider shall delete the personal data if Service Provider’s data control is unlawful; if it has been requested by the User; if the processed data is incomplete or inaccurate and this cannot be lawfully rectified, provided that deletion is not disallowed by statutory provision of an act; if the purpose of control no longer exists or the legal time limit for storage has expired; or if so ordered by court or by the Hungarian National Authority for Data Protection and Freedom of Information.

9. If the accuracy of an item of personal data is contested by the data subject and its accuracy or inaccuracy cannot be ascertained beyond doubt, the data controller shall mark that personal data for the purpose of referencing.

10. When a data is rectified, blocked, marked or deleted, the data subject and all recipients to whom it was transmitted for processing shall be notified. Notification is not required if it does not violate the rightful interest of the data subject in light of the purpose of control.

11. If the data controller refuses to comply with the data subject’s request for rectification, blocking or deletion, the factual or legal reasons on which the decision for refusing the request for rectification, blocking or deletion is based shall be communicated in writing within 30 days of receipt of the request. Where rectification, blocking or deletion is refused, the data controller shall inform the data subject of the possibilities for seeking judicial remedy or lodging a complaint with the Authority.

Legal remedies

1. The User shall have the right to object to the control of data relating to him:

a) if the personal data are controlled or transferred to fulfil the legal obligations of the Service Provider, or enforce the rightful interests of the Service Provider, data recipient or third party except in the case of mandatory data control;

b) if the personal data is used or transferred for direct marketing, public opinion polls or scientific research purposes, or

c) in other cases defined by law.

 2. The Service Provider shall assess the objection, decide as to merits thereof, and notify the applicant in writing of its decision within the shortest time possible but no later than within 15 days from the submission of the request. If, according to the findings of the Service Provider, the data subject’s objection is justified, the Service Provider shall terminate all control operations (including data collection and transmission), block the data involved and notify all recipients to whom any of these data had previously been transferred of the objection and the ensuing measures, upon which these recipients shall also take measures regarding the enforcement of the objection.

3. If the User disagrees with the decision taken by the Service Provider, the User shall have the right to turn to court within 30 days of the date of delivery of the decision or from the last day of the time limit. The court shall proceed in the case with priority.

4. In case of the data controller’s violation of the law, a complaint may be filed with the Hungarian National Authority for Data Protection and Freedom of Information:

Hungarian National Authority for Data Protection and Freedom of Information [Nemzeti Adatvédelmi és Információszabadság Hatóság]

1125 Budapest, Szilágyi Erzsébet fasor 22/C., Hungary

Mailing address: 1530 Budapest, Postafiók: 5., Hungary

Telephone: +36 -1-391-1400

Fax: +36-1-391-1410

E-mail: ugyfelszolgalat@naih.hu

Judicial remedy (22.§)

1. The burden of proof to show compliance with the law lies with the data controller. The burden of proof concerning the lawfulness of transfer of data lies with the data recipient.

 2. The lawsuit shall be heard by the competent tribunal. If so requested by the data subject, the lawsuit may be brought before the tribunal in whose jurisdiction the data subject’s home address or temporary residence is located.

 3. Any person otherwise lacking legal capacity to be a party to legal proceedings may also be involved in such lawsuits. The Authority may intervene in the lawsuit on the data subject’s behalf.

 4. When the court’s decision is in favour of the plaintiff, the court shall order the controller to provide the information, to rectify, block or delete the data in question, to annul the decision adopted by means of automated data-processing systems, to respect the data subject’s objection, or to disclose the data requested by the data recipient.

 5. If the court rejects the petition filed by the data recipient in, the controller shall be required to delete the data subject’s personal data within 3 days of delivery of the court ruling. The controller shall delete the data even if the data recipient does not file for court action within the specified time limit.

 6. The court may order publication of its decision, indicating the identification data of the controller as well, where this is deemed necessary for reasons of data protection or in connection with the rights of large numbers of data subjects.

Compensation for damages (23. §)

The data controller shall be liable for any damage caused to a data subject as a result of unlawful control or by any breach of data security requirements. The data controller shall also be liable for any damage caused by a data processor acting on its behalf. The data controller may be exempted from liability if he proves that the damage was caused by reasons beyond his control.

No compensation shall be paid where the damage was caused by intentional or serious negligent conduct on the part of the aggrieved party.

Closing provisions

In the course of preparing this privacy policy, we paid regard to the provisions of the following legal regulations:

- Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter referred to as: “Privacy Act”)

 - Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (Section 13/A. § in particular)

 - Act XLVII of 2008 on the Prohibition of Unfair Commercial Practices against Consumers

 - Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions applying to Commercial Advertising Activities (Section 6. § in particular)

 - Act XC of 2005. on the Freedom of Electronic Information

- Act C of 2003 on Electronic Communications (Section 155. § in particular)

- Opinion 16/2011 on EASA/IAB Best Practice Recommendation on Online Behavioural Advertising

Copyright © 2012-2018 Magevolve Ltd.