For the users of the website at www.paunochbirtok.hu and its subpages
Paunoch Birtok Kft., the controller (“the Controller”) respects the privacy rights of the users of the website and webshop (www.paunochbirtok.hu and its subpages) (“the User(s)” or “the Data Subject(s)”), in particular, the data protection requirements set forth in the Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information, as well as the Regulation (EU) 2016/679 of the European Parliament and of the Council, and at all times observes such requirements on a mandatory basis in the course of its activities and considers these as binding, together with the rules set forth herein.
I. Principles relating to the processing of personal data
Personal data shall be:
- processed lawfully, fairly, and in a transparent manner in relation to the Data Subject
(“lawfulness, fairness and transparency”);
- collected for specified, explicit and legitimate purposes and not further processed in a manner
that is incompatible with those purposes (“purpose limitation”); further processing for
archiving purposes in the public interest, scientific or historical research purposes or statistical
purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant, and limited to what is necessary in relation to the purposes for which they
are processed (“data minimization”);
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data are inaccurate, having regard to the purposes for which they are
processed, are erased or rectified without delay (“accuracy”);
- kept in a form that permits identification of Data Subjects for no longer than is necessary for
the purposes for which the personal data are processed; personal data may be stored for longer
periods insofar as the personal data will be processed solely for archiving purposes in the
public interest, scientific or historical research purposes or statistical purposes (“storage
- processed in a manner that ensures appropriate security of the personal data, including
protection against unauthorised or unlawful processing and against accidental loss, destruction
or damage, using appropriate technical or organisational measures (“integrity and
- The Controller shall be responsible for and be able to demonstrate compliance with the
principles relating to processing of personal data (“accountability”).
II. The Controller
Details of the Controller:
- name: Paunoch Birtok Kft
- registered seat: H-3932 Erdőbénye, Kossuth Lajos street 46.
- Company Reg. No.: 05-09-030822
- e-mail: email@example.com
III. The purpose of the processing
The Controller shall process the personal data disclosed to it by the Users or made available to it in any other manner under the laws regulating trade secrets and data protection, for the purposes of the efficient operation of the webshop, sending of newsletters, direct marketing, as well as selling of products offered via the webshop and delivering them to the Users.
The Controller shall not use the personal data received by it for any purposes other than described herein.
IV. Scope of data subject to processing
Certain services offered by the www.paunochbirtok.hu website (such as purchasing or booking) are available solely after voluntary data-provision by the Users. In the course of disclosing their data, the Users may provide certain data qualifying as personal data under the Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information, therefore, these are subject to the provisions of this Act.
For the purposes of disclosure, the following data will be submitted on a voluntary basis, provided that these are required for completing a purchase or booking:
- any data submitted by the Users in the „Notes” section that qualify as personal data under the Act CXII of 2011.
Personal data shall mean any information relating to the Data Subject.
V. Security of personal data
The Controller endeavours to take all reasonable technical and organisational measures in order to ensure the security of IT systems used by it, in particular, to prevent any unauthorized access to the data stored on the site. The Controller shall not transfer the data of the User to third parties without the consent of the User.
VI. The period of processing
The Controller shall process the personal data as long as the purposes thereof exist, in this case, until revocation of the consent or upon successful delivery of the ordered products to Users.
VII. Rights of Users (Data Subjects) related to processing
In relation to their personal data processed by the Controller or the processor acting on its behalf or under its instructions, Users shall have the right:
a) to be informed about the facts related to the processing prior to the processing activities (right to prior information);
b) to request their personal information processed, as well as information about the processing (right of access);
c) to have their personal data rectified or completed by the Controller upon request or based on other grounds set forth by the laws (right to rectification);
d) to have the processing of his/her personal data restricted by the Controller upon request or based on other grounds set forth by the laws (right to restriction of processing);
e) to have their personal data erased by the Controller upon request or based on other grounds set forth by the laws (right to erasure).
The Controller shall maintain records of any processing activities pursued by it in connection with the personal data in its possession, the data breaches, as well as any measures it has taken in relation to the right of access of Data Subjects.
The Controller shall respond to requests from Data Subjects in writing, without undue delay but at the latest within 30 days from receipt, by using clear and plain language.
VIII. Transfer of data
The Controller hereby informs the Users that it transfers their personal data for the purposes of delivering the ordered product and issuance of accounting documents to one of the following companies:
- UPS Magyarország Kft. (2220 Vecsés, Lőrinci utca 154.)
- Sprinter Futárszolgálat Kft. (1097 Budapest, Táblás utca 39.)
The Controller is bound by disclosure obligations towards courts of law, the office of the public prosecutor, authorities dealing with administrative offences, administrative authorities, investigating authorities, as well as any other bodies as authorized by the laws for the purposes of information provision, disclosure and submission of data or granting access to documents. In doing so, the Controller shall not disclose any data other than strictly necessary in order to meet the goals of such authorities, provided that the latter clearly indicates the scope of data required, together with their goals to be met. The Controller shall not be held liable for fulfilling such data transfer requests or any consequences arising therefrom, and no claims may be asserted against it on such grounds.
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed (“personal data breach”), the Controller shall notify the Hungarian National Authority for Data Protection and Freedom of Information (Hungarian abbreviation: “NAIH”) as a competent supervisory authority without delay but at the latest within 72 hours from discovering such breach. The foregoing provision shall not apply to personal data breaches that are considered to be unlikely to result in a high risk to the rights and freedoms of natural persons.
Where a personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Controller shall inform the Data Subject about such breach without undue delay, by describing the nature of the personal data breach using clear and plain language.
The Controller hereby informs the Data Subjects that they have the right to lodge a complaint with the NAIH or bring the case before the court by filing a petition for judicial review. Data Subjects shall have the right to initiate such court procedure before the Regional Court having jurisdiction at their permanent address or place of residence.
The Controller shall reimburse any damages it caused by unlawful processing of the Data Subjects’ data or breaching the requirements of data security, and in the event that the Controller’s conduct entails the breach of the Data Subjects’ rights to personality, the latter may claim for restitution for any non-material violation suffered. The Controller shall be relieved from liability if it can prove that the damage or the breach of the Data Subjects’ rights to personality is the result of an unavoidable cause beyond the scope of processing.