Information about Data Protection and Confidentiality
1. The legal basis of data management
The Seller respects the fundamental right of personal data protection, which says, everybody disposes about their personal data exploration and use.
In order to enforce the right to informational self-determination, the Seller ensures the understanding the cognition of which personal data, for which time period, based on which law title, for what kind of purpose are used, and in which cases are the personal data forwarded to a third person – with the publication of this Prospectus for the Customers and registered Users (hereinafter: “Stakeholders”). Furthermore, it also describes, how the Seller ensures the safety and confidentiality of personal data.
The Seller handles the personal data of the Stakeholders in balance with the Hungarian Law (2011/CXII.) about the informational self-determination and liberty of information. The Seller must adhire these laws in all phases of data management.
The entering of personal data is voluntary. The management of personal data is made by the Seller. The data management of the Seller is based on the permission of the Stakeholders.
By making a contract and by the registration, the Stakeholder gives its unconditional consent to the data management practice based on this Prospectus.
2. Personal data asked by The Seller
The personal and other data managed by The Seller are the following:
a) last name,
b) first name,
c) e-mail address,
d) phone number,
e) billing/shipping address
g) additional address data
i) Postal Code
Data given during the registration can be changed after signing in to the webstore, under the “Account” menu.
3. The purpose of Data Management
The Seller records and stores the given personal data of Stakeholders only for the purpose of completing the contract and for the future proof of the contract creation and content cognition.
In case of a Statement during the Registration and Order, The Seller is entitled to use the personal and other data of Stakeholder for marketing purposes, especially for improving the service quality, tracking the customers needs, and for providing information about the Service (e.g. for sending Newsletters).
4. Time period of Data Management
The Customer can modify its statement about data management in any time without any motivation. The Customer can ask the deletion of its personal and other data by sending a notification to firstname.lastname@example.org.
The Seller can store the data of the Customer until the withdrawal of the Customer’s consent. After the time period of Data Management, The Seller deletes the data of The Customer compulsorily.
5. Confidentiality of the Seller
It is an obligatory for the Seller, the manage the received personal data confidentially. It is not allowed to acquaint the personal data for a third party or for the public without the permission of the Customer. The Confidentiality is valid in the same way for the employees, members and representatives of the Seller, they are liable for the breach according to the responsibility in the law. The confidentiality is also valid on the employee/member/representative after the termination of the relationship.
6. Cases of Data Transmission
The Seller can transmit the managed data in the following cases:
a) for those, who are managing the billing, the claims, the distribution, information, transmission
b) in case of arranging billing and distribution disputes, for the authorized entities
c) in cases of national security, defense and public safety protection, for the authorized entities and organizations, investigating authorities, for the prosecutor and for the court.
With regard to the specific information they are receiving, these authorized entities and organizations have the same obligation about the received data as the Seller.
7. DATA PROCESSORS, PERSONS AUTHORIZED TO KNOW THE PERSONAL DATA
Employees of the Seller can handle personal data, and they are entitled to know it in compliance with the regulations and principles contained in the relevant legislation.
The seller uses the following data processors for its data management:
- Számlázz.hu – KBOSS.hu Kft (1031 Budapest, Záhony utca 7.) – issuance of electronic invoices
- OTP Mobil Szolgáltató Kft. (1143 Budapest, Hungária krt. 17-19.) – online bank card acceptance
Stakeholders give their consent to the transfer of the Data to the respective data processors by providing the data.
The User acknowledges that the following personal data stored by the Seller in the user database of www.romani.hu will be handed over to OTP Mobil Ltd. (1143 Budapest, Hungária körút 17-19.) and is trusted as data processor. The data transferred by the data controller are the following:
– e-mail address
– phone number
– billing address
– shipping address
8. DATA SECURITY
The security of personal data processed by Seller or communications transmitted to the Internet network using confidentiality is mainly a variety of computer abuse, threaten attacks.
Both the Seller and the Buyer shall take reasonable technical and organizational measures to reduce and troubleshoot the risks set out above.
The Seller provides the technical conditions, and establishes the rules of procedure, which enhanced level of protection, and as far as possible to prevent communications transmitted to the Internet network as the exploration of personal and other data required.
In order to avoid network viruses is recommended to delete any program without opening that comes to the customers’ inbox from unknown e-mail address. Also to filter out viruses is recommended to install anti-virus software to your computer.
In order to secure personal data and communications transmitted using the service confidentiality is a powerful tool to protect against computer misuse threatening to build a security firewall system.
9. STAKEHOLDERS RIGHTS AND REMEDIES
The Seller provides the opportunity for stakeholders to request information on the processing of personal data, ask for their deletion, blocking or rectification by requesting with a message sent to the e-mail address: email@example.com at any time. If the seller does not fullfil the request for rectification or blocking , the court concerned may appeal to the National Authority for Data Protection and Freedom of Information (hereinafter referred to as the “Authority”).
At the request of the Concerned Seller shall give out information about the data managed or processed by itself or its trustee, about the source of the data management purpose, grounds and duration of the data processing name, address and activities related to data management, and – personal data Affected in case of transmission – legal basis of transmission and about the recipient. In case of refusal of information the Concerned have the right to appeal the court or to the Authority.
The seller records a register to monitoring lawfulness of data transmission, for the purpose of informing the concerned. The record contents the date of the managed data, the legal basis of the data, the recipient of the data transfer and the definition of the scope of the personal data transferred and the data prescribing other information required by law.
In addition the Seller have the right to protest against the handling of personal data. If the protest decision taken by the controller does not agree with the seller or not a decision within the statutory deadline, the Affected goes to court.
In case of violation of the rights in question in relation to data management of appeal to the courts.
Concerned may decide to not continue to search for him by the Seller or his agent that he can take a disclaimer to the above address by sending an e-mail.
Seller obliged to compensate Concerned by treatment in case of data security damage was caused due to illegal violating. Exempt from liability if it can prove that the damage was outside the scope of data management triggered by falling unavoidable reasons. Seller have not to reimburse the damage in case the victim came negligent of intentional or grossly conduct.