top of page

DATA SECURITY NOTICE

  1. Purpose, Scope, and Governing Laws of the Data Processing Notice

This notice aims to establish the data protection and data management principles applied by www.nagymarton.hu and the data protection and data management policy that the organization, as the data controller, acknowledges as binding.

When formulating the provisions of this Notice, the organization paid particular attention to the General Data Protection Regulation ("GDPR") of the European Parliament and Council (Regulation 2016/679), the Act CXII of 2011 on the right to informational self-determination and freedom of information ("Infotv."), Act V of 2013 on the Civil Code ("Ptk."), Act XLVIII of 2008 on the basic conditions and certain restrictions of economic advertising activities ("Grtv."), Act CLV of 1997 on Consumer Protection ("Fgytv."), and Act C of 2000 on Accounting ("Számtv.").

This Data Processing Notice applies to the data processing activities related to the website accessible at www.nagymarton.hu (hereinafter: "Website"). The Data Processing Notice remains in effect until revoked.

The purpose of this Data Processing Notice is to align the organization's internal regulations concerning data processing activities with the fundamental rights and freedoms of individuals and to ensure the appropriate management of personal data.

Another important purpose of issuing this Data Processing Notice is to ensure that the organization can lawfully process personal data by becoming familiar with and complying with its contents.

2. Data Controller Information

Name: Január 21 Bt.
Company Registration Number: 01-06-740525
Registered office: 1085 Budapest, Baross u. 34.
E-mail:  info@nagymarton.hu
Data protection officer: Nagy Márton

The data controller is an organization registered in Hungary.

 

3. Key Terms and Definitions

​​

  • GDPR (General Data Protection Regulation): The new Data Protection Regulation of the European Union.

  • Data Controller: A natural or legal person, public authority, agency, or other body that determines the purposes and means of processing personal data, either alone or jointly with others.

  • Data Processing: Any operation or set of operations performed on personal data, such as collection, recording, organization, structuring, storage, alteration, retrieval, consultation, use, disclosure, alignment, restriction, erasure, or destruction.

  • Data Processor: A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the data controller.

  • Personal Data: Any information relating to an identified or identifiable natural person.

  • Third Party: A natural or legal person, public authority, agency, or body other than the data subject, data controller, or data processor.

  • Consent of the Data Subject: A freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of personal data.

  • Restriction of Processing: The marking of stored personal data to limit their future processing.

  • Erasure: Making personal data unrecognizable in a way that they can no longer be restored.

  • Data Breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data.

  • Enterprise: A natural or legal person engaged in an economic activity, regardless of legal form.

  • Information Society Service: A service as defined in Article 1(1)(b) of Directive (EU) 2015/1535.

4. Principles of Data Processing

  • Processing must be carried out lawfully, fairly, and in a transparent manner for the data subject (“lawfulness, fairness, and transparency”).

  • Data must be collected for specified, explicit, and legitimate purposes and not processed in a manner incompatible with those purposes; further processing for public interest archiving, scientific or historical research, or statistical purposes shall not be considered incompatible with the original purposes in accordance with Article 89(1) (“purpose limitation”).

  • Data processing must be adequate, relevant, and limited to what is necessary for the purposes of processing (“data minimization”).

  • Data must be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that inaccurate personal data concerning the purposes of processing are erased or rectified without delay (“accuracy”).

  • Data must be stored in a form that allows identification of data subjects only for the time necessary to achieve the purposes of personal data processing; personal data may be stored for longer periods only if processed for public interest archiving, scientific or historical research, or statistical purposes in accordance with Article 89(1), subject to the implementation of appropriate technical and organizational measures required by this regulation to safeguard the rights and freedoms of data subjects (“storage limitation”).

  • Processing must be conducted in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage, using appropriate technical or organizational measures (“integrity and confidentiality”).

  • The data controller is responsible for compliance with the above principles and must be able to demonstrate such compliance (“accountability”).

5. Purpose of Data Processing

 

The Data Controller processes personal data solely for specified purposes, ensuring fairness and legality. The Data Controller strives to process only personal data essential for achieving the purpose and ensures data is handled only to the extent and for the duration necessary.

 

6. Scope of Processed Data

 

  • Contact Information Processing

    • Purpose: Contact initiation, communication, information sharing, inquiry response.

    • Legal Basis: Voluntary consent of the data subject (GDPR Article 6(1)(a)).

    • Data Processed: Name, email address, phone number.

    • Data Retention: 2 years from the last contact.

    • Data Transfer: None.

Personal data deletion or modification requests can be initiated via email at info@nagymarton.hu.

Visitors may browse the website without providing personal data, except for automatically collected technical data.

7. Method of Data Processing

The Data Controller stores personal data on its own servers and temporarily on its computers. Only the Data Controller has access to the processed personal data.

Data provision is always voluntary. If the data subject consents, the Data Controller processes the data in compliance with applicable laws and within the limits of the data subject’s consent.

The Data Controller implements extensive technical and operational security measures to prevent unauthorized use and misuse of personal data. Security procedures are regularly reviewed and developed in line with technological advancements.

8. Technical Data and Cookie Management

 

A cookie is a file containing letters and numbers with variable content that the web server sends to your device (computer, mobile phone) and stores there for a predetermined period. The use of cookies allows the web server to remember your actions and settings on the website. The website operator can also use cookies to gain insights into visitors’ habits related to the use of the website. These files cannot be executed, do not contain spyware or viruses, and cannot access the contents of users' hard drives.

Technical data and cookie management:

Since individuals can be associated with online identifiers provided by the devices, applications, tools, and protocols they use—such as IP addresses and cookie identifiers—these data, when combined with other information, can be used to create profiles and identify individuals.

Cookies can also store preferences, so users do not have to re-enter them when navigating to a new page. They remember previously entered data, eliminating the need to retype it. They analyze website usage to optimize the experience based on the collected information, ensuring the website functions according to user expectations, making information easy to find, and monitoring the effectiveness of advertisements.

If the website operator displays various content using external web services, this may result in the storage of certain cookies not managed by the operator, meaning they have no control over what data these external websites or domains collect.

The policies of the respective services provide information about these cookies. Users can configure their web browsers to accept all cookies, reject all cookies, or notify them when a cookie is being sent to their device. These settings are usually found in the browser's "Options" or "Settings" menu. Detailed information on configuring different browsers can be found on the English-language website www.aboutcookies.org.

Cookies used by the website:

  • Session Cookies: Essential for navigating the website, enabling key functions, and accessing protected content. These cookies store information necessary for filling out forms and, in some cases, the selected language. They do not collect identifiable personal information, are not used for marketing, and do not remember browsing history on other websites. These cookies are automatically deleted when the session ends and the browser is closed.

  • Functional Cookies: Enhance the user experience by detecting the type of device used to access the website and remembering previous user preferences (such as username, password, selected language, region, login status, text size, font style, or other customized website elements). These cookies enable better, personalized functionality but do not track activity on other websites or serve targeted ads.

  • Google Analytics Cookies: Google Analytics is a tool from Google that helps website and app owners better understand visitor behavior. It may use cookies to collect data and generate statistical reports about website usage without identifying individual users to Google. The primary cookie used by Google Analytics is "__ga." In addition to providing usage reports, Google Analytics can also be used to display more relevant ads within Google products (e.g., Google Search) and across the web.

Cookies required for website use:

​​

 

 

 

 

 

 

 

 

 

​​

​​

​​

​​

How to set or disable cookies?

When visiting the website, the site collects data using cookies. Upon accessing the website, you can choose which types of cookies you accept. Additionally, you can manage cookie settings through your browser settings. If you do not want cookies to collect information about your use of our website, you can partially or entirely disable cookies or modify cookie settings in your internet browser.

 

 

9. Data Forwarding

 

The Data Controller transfers personal data to a third party only if the data subject has given explicit consent—being fully informed about the scope of the transferred data and the recipient—or if the transfer is authorized by law. The Data Controller documents all data transfers and maintains records of them.

10. Data Processing

The Data Controller is entitled to engage a data processor to carry out its activities. Data processors do not make independent decisions; they are only authorized to act based on the contract concluded with the Data Controller and the instructions received. The Data Controller supervises the work of the data processors. Data processors may engage additional data processors only with the Data Controller's consent.

 

Data Processors Engaged by the Data Controller:

DATA PROCESSING RELATED TO WEB HOSTING SERVICES

Data Processor: WIX.com Ltd.
Registered Office: 40 Namal Tel Aviv Street, Tel Aviv, 6350671, Israel
Tax Number: -
Phone Number: -
Email: info@wix.com

All personal data provided by the data subject on the website is processed to ensure the proper operation of the site.

Data Processing Duration and Data Deletion Deadline:
Until the termination of the agreement between the Service Provider and the Hosting Provider or until the data subject submits a deletion request to the Hosting Provider.

Legal Basis for Data Processing:
User consent, Section 5 (1) of the Hungarian Data Protection Act (Infotv.), Article 6 (1)(a) of the GDPR, and Section 13/A (3) of Act CVIII of 2001 on electronic commerce and information society services.

DATA PROCESSING RELATED TO AGGREGATED DATA ANALYSIS VIA GOOGLE ANALTYTICS

Data Processor: Google, Mountain View, California, USA
Registered Office: Barrow Street 4, Dublin, Ireland
Email: –

Under a contract with the Data Controller, the Data Processor utilizes the Google Analytics service, which helps both the Data Controller and the Data Processor gain a more precise understanding of visitor activities.

DATA PROCESSING RELATED TO WEBSITE OPERATIONS

Data Processor: WIX.com Ltd.
Registered Office: 40 Namal Tel Aviv Street, Tel Aviv, 6350671, Israel
Tax Number: -
Phone Number: -
Email: -

Under a written agreement with the Data Controller, the Data Processor periodically maintains the website and performs security backups of its database.

11. Third Party Service Providers

The Data Controller engages external service providers in the operation of the website and cooperates with them.

For personal data processed within the systems of these external service providers, their respective privacy policies apply.

 

The Data Controller takes all reasonable steps to ensure that external service providers handle the transferred personal data in compliance with legal regulations and use it solely for the purposes defined by the User or specified in this Privacy Notice.

The Data Controller informs Users about data transfers to external service providers within this Privacy Notice.

 

External providers:

  • Meta Platforms, Inc. (Menlo Park, California, USA) – Marketing, social media communication (Facebook, Instagram, etc.).

  • Google (Mountain View, California, USA) – Google Analytics aggregated data analysis, Google Ads online advertising, YouTube social platform usage, etc.

12. Data Security and Access to Data

The Data Controller ensures the security of personal data by implementing the necessary technical and organizational measures and establishing procedural rules in compliance with applicable legal regulations and data protection laws. The Data Controller protects data against unauthorized access, modification, transmission, disclosure, deletion, or destruction, as well as accidental loss, damage, or inaccessibility due to technological changes.

The Data Controller maintains records of the processed data in accordance with relevant legal requirements, ensuring that only employees and other authorized persons (data processors) acting on behalf of the Data Controller can access the data. Such access is granted strictly on a need-to-know basis, determined by job roles and responsibilities. Within the organization, access to data is logged, and employees may perform individual searches or operations on the data only at the request of the User or if necessary for providing the requested service.

13. Duration of Data Processing

The Data Controller deletes personal data in the following cases:

  • Unlawful processing: If it is determined that the data processing is unlawful, the Data Controller will delete the data without delay.

  • Request by the data subject (except for legally required data processing): If the data is processed based on the voluntary consent of the data subject, they may request its deletion, and the Data Controller will comply.

  • Incomplete or incorrect data: If the data is incomplete or incorrect and cannot be lawfully rectified, and there is no legal restriction preventing its deletion.

  • Purpose of processing ceases or legal retention period expires: If the purpose of processing no longer exists or the legally prescribed storage period has expired. Since the Data Controller provides continuous services to the data subject without a fixed time limit, personal data will be processed as long as the relationship between the parties exists. However, if it becomes evident that the data will no longer be used in the future, it will be deleted.

  • Court or regulatory order: If a court or the National Authority for Data Protection and Freedom of Information (NAIH) orders the deletion of data, the Data Controller will comply with the order.

  • Instead of deletion, the Data Controller may block the personal data upon the data subject’s request or if it is assumed that deletion would infringe upon the data subject’s legitimate interests. Blocked data will only be processed for as long as the reason preventing its deletion exists.

  • If a data subject disputes the accuracy of their personal data and the issue cannot be clearly resolved, the Data Controller will mark the data to indicate that its accuracy is contested.

  • If data must be deleted, the Data Controller ensures that it is rendered unidentifiable. If required by law, the Data Controller will destroy the data-containing storage medium.

 

14. Customer Relations

 

  • If a data subject has any questions or encounters any issues while using the services of the Data Controller, they may contact the Data Controller through the communication channels provided on the website (e.g., phone, email, social media, etc.).

  • The Data Controller retains emails, messages, phone inquiries, and other communication data (such as those received via the Meta platform) along with the name, email address, and other voluntarily provided personal data for a maximum period of two years from the date of submission, after which the data is deleted.

  • If a specific data processing activity is not listed in this Privacy Notice, the Data Controller will provide information at the time of data collection.

  • In exceptional cases, if requested by authorities or mandated by law, the Data Controller is obligated to disclose, transfer, or provide access to the necessary data or documents to competent authorities.

  • In such cases, the Data Controller will only release the minimum amount of personal data necessary to fulfill the specific request, ensuring compliance with legal requirements.

15. Rights Related to Data Management

The right to request information: Any person may request information through the provided contact details regarding what data the organization processes, on what legal basis, for what purpose, from what source, and for how long. A response must be provided to the specified contact without delay, but no later than within 30 days.

The right to rectification: Any person may request the modification of any of their data through the provided contact details. This must be carried out without delay, but no later than within 30 days, and a notification must be sent to the specified contact.

The right to erasure: Any person may request the deletion of their data through the provided contact details. This must be done without delay, but no later than within 30 days, and a notification must be sent to the specified contact.

Data that must be retained due to legal, statutory, or contractual obligations for commercial record-keeping will be blocked instead of deleted to prevent their use for other purposes.

The right to restriction of processing: Any person may request the blocking of their data through the provided contact details. The blocking will remain in effect as long as the specified reason necessitates the retention of the data. This must be done without delay, but no later than within 30 days, and a notification must be sent to the specified contact.

The right to object: Any person may object to data processing through the provided contact details. The objection must be examined as soon as possible, but no later than within 15 days from the submission of the request, a decision must be made regarding its validity, and a notification of the decision must be sent to the specified contact.

16. The possibility of legal enforcement related to data management

National Authority for Data Protection and Freedom of Information
Mailing address: 1530 Budapest, P.O. Box: 5
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat@naih.hu
Web: https://naih.hu

Issues not specified in this notice:

For matters not specified in this notice, the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and Act CXII of 2011 on the right to informational self-determination and freedom of information (Infotv) shall apply.

 

Date of preparation: Budapest, 01.03.2025.

bottom of page