This Privacy Policy describes the data management practices of Zempléni Huszár Kft. (hereinafter referred to as the “Data Controller”) on the huszarpanzio.hu website (hereinafter referred to as the “Website”), particularly regarding data collection, storage, and usage.

This Privacy Policy has been effective since April 30, 2023. The current version of the Privacy Policy is made available by the Data Controller on the Website and at its headquarters.

The Privacy Policy is based on the Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as “GDPR”), taking into account the provisions of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter referred to as “Infotv.”). Its terminology aligns with the definitions provided in Article 4 of the GDPR, and in certain points, it is supplemented by the interpretative provisions of Section 3 of the Infotv. In matters not specified in this Privacy Policy, the provisions of the GDPR apply, and where allowed, the rules of the Infotv. are supplementary.

The Data Controller is entitled to prepare an extract from the content of this Privacy Policy regarding specific data processing operations. Additionally, it ensures that the data subjects acknowledge and accept the information in the extract by signing a document related to the processing of their personal data. The Data Controller reserves the right to modify this Privacy Policy. If the modification affects the use of personal data provided by the data subject, the Data Controller will inform the data subject in an appropriate manner, such as by email notification. If the details of the data processing change due to the modification of the Privacy Policy, the Data Controller will separately request the data subject’s consent.

Data Controller Information
Name: Zempléni Huszár Kft.
Address: 3950 Sárospatak, Kazinczy út 3.
Representative: Untener Géza Barna
Website: huszarpanzio.hu

Principles of Data Management
The Data Controller ensures the protection of personal data, compliance with legal requirements, and secure, fair data management. Personal data is handled confidentially, in line with GDPR principles such as lawfulness, fairness, transparency, and data minimization.

Method and Security of Data Management
The Data Controller takes necessary technical and organizational measures to protect data against unauthorized access, alteration, transmission, or destruction. Special attention is paid to the protection of electronically managed data to prevent direct association with the data subject unless legally permitted.

Data Processing through the Website
Contact
The Website allows users to contact the Data Controller through provided contact details or by filling out a contact form.

• Purpose: Responding to inquiries and maintaining contact.
• Data Processed: Name, email address, phone number (if contacted by phone), and message content.
• Legal Basis: Consent of the data subject under GDPR Article 6(1)(a).
• Data Retention: Until the inquiry is successfully answered, or the purpose is fulfilled, but no longer than the data subject’s request for deletion.
• Processing Method: Electronic.
• Source of Data: Provided by the data subject.
• Automated Decision-Making and Profiling: Not used by the Data Controller.
• Consequences of Non-Submission: If data is not provided, the Data Controller cannot be contacted.
• Access to Personal Data: Employees of the Data Controller and possible data processors.
• Data Transfer to Third Countries or International Organizations: No data transfer takes place.

Questionnaire Data Processing
The Data Controller may use questionnaires to expedite and simplify its service process.

• Purpose: Preparation of services and contact.
• Data Processed: Identification data (name, email address, phone number) and basic data related to the specific case type.
• Legal Basis: Consent of the data subject under GDPR Article 6(1)(a).
• Data Retention: One year from the submission of the questionnaire.
• Processing Method: Electronic.
• Source of Data: Provided by the data subject.
• Automated Decision-Making and Profiling: Not used by the Data Controller.
• Consequences of Non-Submission: Providing data is not mandatory but facilitates service preparation and contact.
• Access to Personal Data: Employees of the Data Controller and possible data processors.
• Data Transfer to Third Countries or International Organizations: No data transfer takes place.

Cookies
The Website uses cookies to ensure its operation. These cookies are necessary for navigating the Website and for its functions to work. Most browsers accept cookies by default, but users can choose settings that reject cookies or signal their arrival. Without accepting cookies, some parts of the Website may not function correctly.

• Purpose: Ensuring the operation of the Website.
• Data Processed: IP address, domain name, access data, client file requests (file name and URL), HTTP response code, website data where the request originated, bytes transmitted during the visit, time of visit, viewed pages.
• Legal Basis: Consent of the data subject under GDPR Article 6(1)(a) in accordance with Section 155(4) of Act C of 2003 on Electronic Communications.
• Data Retention: Until the relevant session ends.
• Processing Method: Electronic.
• Source of Data: Provided by the data subject.
• Automated Decision-Making and Profiling: Not used by the Data Controller.
• Consequences of Non-Submission: Providing data is not mandatory but facilitates service preparation and contact.
• Access to Personal Data: Only employees of the Data Controller may access the personal data related to the use of the Website.
• Data Transfer: No data transfer to third countries or international organizations.

Data Processors

Data processors do not make independent decisions but act according to the contract with the Data Controller and instructions provided. They handle and process personal data in compliance with GDPR. Data processing activities are conducted within the time frames specified in this privacy notice. The Data Controller uses the following data processors:

• Category: Hosting Provider
• Purpose: Hosting services
• Processor: Yopa Tanácsadó és Fejlesztő Kft., Miskolc, Előhegy utca 2/C 3534, Cg.: 05-09-029128

Rights of Data Subjects

You have the right to request information, rectification, restriction, and deletion of your personal data by contacting huszarpanzio@gmail.com. You also have the right to data portability, legal remedies, and withdrawal of consent. Complaints can be directed to the National Authority for Data Protection and Freedom of Information or the courts in Hungary.

Request Handling

If your request does not follow this privacy notice, the Data Controller may request additional information for identification. The time taken to provide this information does not count towards the response deadline. The Data Controller informs all relevant recipients of any corrections, deletions, or restrictions unless it requires disproportionate effort. You will be informed upon request.

Right to Access

You have the right to receive confirmation about whether your data is being processed and to access specific information, including processing purposes, data categories, recipients, storage periods, and your rights. The Data Controller must respond within one month, extendable by two months if necessary. Information is generally free, but a fee may apply in certain cases.

If the Data Controller does not act on your request, they must inform you of the reasons and your right to lodge a complaint within one month.

Right to Rectification

You can request the correction of inaccurate data without delay. While verifying accuracy, data processing may be restricted.

Right to Object

You can object to data processing based on public interest or legitimate interests under GDPR Article 6(1)(e) or (f). The Data Controller must stop processing unless there are compelling legitimate grounds or legal claims. The Data Controller will inform you of their decision.

Right to Restriction

You can request restriction of processing if:

• You contest the accuracy of the data.
• Processing is unlawful, and you oppose deletion.
• The Data Controller no longer needs the data, but you require it for legal claims.
• You object to processing under GDPR Article 21, pending verification.

Right to Erasure (“Right to be Forgotten”)

You can request the deletion of your data if:

• It is no longer necessary for the original purpose.
• You withdraw consent, and no other legal basis exists.
• You object under GDPR Article 21(1), and no overriding legitimate grounds exist.
• Processing is unlawful.
• Deletion is required by law.
• The data was collected in relation to information society services.

Exceptions to the right to erasure are listed in GDPR.

Right to Data Portability

You can receive your data in a structured, machine-readable format and transfer it to another controller if processing is based on consent or contract and is automated. The Data Controller will inform all relevant recipients of any corrections, deletions, or restrictions unless it requires disproportionate effort.

Right to Withdraw Consent

You can withdraw your consent at any time. The Data Controller may still process your data if necessary to fulfill legal obligations or legitimate interests.

Legal Remedies

If you believe data processing violates GDPR or the Infotv., you can contact the Data Controller at huszarpanzio@gmail.com or file a complaint with the National Authority for Data Protection and Freedom of Information (NAIH). You can also seek legal remedy in court, choosing either the court of your residence or temporary address.

Right to Rectification
As a data subject, you have the right to request that the Data Controller correct any inaccurate personal data concerning you without undue delay. Considering the purpose of data processing, you are also entitled to request the completion of incomplete personal data, including by providing a supplementary statement.

For the period during which the Data Controller verifies the accuracy of the personal data, the processing of the contested personal data may be restricted according to the provisions of this privacy notice.

Right to Object
As a data subject, you may object to the processing of your personal data by making a statement to the Data Controller if the legal basis for the data processing is:

• Public interest under GDPR Article 6(1)(e), or
• Legitimate interest under GDPR Article 6(1)(f).

If you exercise your right to object, the Data Controller may no longer process the personal data unless they can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is related to the establishment, exercise, or defense of legal claims.

Determining whether compelling legitimate grounds exist for the data processing is the responsibility of the Data Controller’s leadership. They will inform you of their decision regarding this matter.

Right to Restriction of Processing
You may request the restriction of data processing in the following cases:

• If you, as the data subject, contest the accuracy of the data, the Data Controller will restrict the processing of the personal data for the time necessary to verify its accuracy.
• If the data processing is unlawful, but you, as the data subject, oppose the erasure of the data and request the restriction of its use instead.
• If the Data Controller no longer needs the data, but you, as the data subject, require it for the establishment, exercise, or defense of legal claims.
• If you, as the data subject, object to the processing of your personal data under GDPR Article 21, pending the verification of whether the legitimate grounds of the Data Controller override your objection.

During the period while your objection to the processing of your personal data is being evaluated, the Data Controller will suspend data processing, examine the validity of the objection, and make a decision, which they will communicate to you.

If the objection is valid, the Data Controller will restrict the data processing, meaning that data will only be stored and not otherwise processed until:

• The data subject consents to the processing;
• The processing is necessary for the establishment, exercise, or defense of legal claims;
• The processing is necessary to protect the rights of another natural or legal person; or
• The processing is required by law for reasons of public interest.

If the data subject requests the restriction of data processing, the Data Controller will inform the data subject in advance about lifting the restriction.

Right to Erasure (“Right to be Forgotten”)
As a data subject, you have the right to request the Data Controller to erase personal data concerning you without undue delay, and the Data Controller is obliged to erase personal data without undue delay if one of the following grounds applies:

• The personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
• You, as the data subject, withdraw the consent on which the processing is based, and there is no other legal basis for the processing;
• You, as the data subject, object to the processing under GDPR Article 21(1), and there are no overriding legitimate grounds for the processing, or you object to the processing under GDPR Article 21(2);
• The personal data has been unlawfully processed;
• The personal data must be erased to comply with a legal obligation under Union or Member State law to which the Data Controller is subject; or
• The personal data has been collected in relation to the offer of information society services referred to in GDPR Article 8(1).

The right to erasure does not apply where the processing is necessary for:

• Exercising the right of freedom of expression and information;
• Compliance with a legal obligation requiring processing by Union or Member State law to which the Data Controller is subject;
• The establishment, exercise, or defense of legal claims.

Right to Data Portability
As a data subject, you have the right to receive your personal data, which you have provided to the Data Controller, in a structured, commonly used, and machine-readable format (.XML, .CSV). You also have the right to transmit this data to another data controller without hindrance from the original controller, provided that:

• The data processing is based on your consent or a contract where you are a party, and
• The processing is carried out by automated means.

The Data Controller must inform any recipients of corrections, deletions, or restrictions unless this is impossible or requires disproportionate effort. Upon request, the Data Controller will inform you about these recipients.

Right to Withdraw Consent
If your personal data processing is based on your consent, you may withdraw your consent at any time. The Data Controller may continue to process your personal data if necessary to comply with legal obligations or to protect legitimate interests, provided these interests are balanced with your rights.

Legal Remedies
If you believe that the processing of your personal data violates GDPR or other relevant laws, you can file a complaint with the Data Controller at huszarpanzio@gmail.com. You also have the right to lodge a complaint directly with the National Authority for Data Protection and Freedom of Information (NAIH) or seek legal remedy in court. You may choose to bring your case to the court in your place of residence (permanent or temporary address).

For more details, visit the National Authority for Data Protection and Freedom of Information website: www.naih.hu or find your local court using the following link: https://birosag.hu/birosag-kereso.