Privacy Notice

PRIVACY NOTICE
Date of adoption: 24 June 2024.

The purpose of this Privacy Notice is to inform the individuals concerned in a clear and concise manner about the processing of their personal data in accordance with the General Data Protection Regulation of the European Union (Regulation 2016/679 (hereinafter referred to as "GDPR") and the Hungarian Information Act (Act CXII of 2011).
 TDS Consulting Ltd. (hereinafter referred to as the "Data Controller" or "Service Provider") acknowledges that it is bound by the rules set out in this information, which it has developed on the basis of the applicable legislation.

 The privacy policy related to the data management of the website at http://www.officialbacknumber.com is available at https://www.officialbacknumber.com/Adatvedelem.
1:
Controller: A natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law.
Data controller's data:

Name: TDS Consulting Kft
Title: HU-1131 Budapest, Kucsma u. 11.
Telegram: +36 70 669 3252
E-mail: info@officialbacknumber.com
Representative: Tamás Gábor Záhonyi Managing Director
Tax number: 27121140-2-41
Company registration number: Cg. 01-09-383945 (Metropolitan Court of Budapest)
Registration authority: Court of Justice of the Capital City Court
 
The Service Provider undertakes that its data management in connection with the operation of its website and its services complies with the applicable EU and Hungarian regulations.



 
2. GENERAL INFORMATION

Personal data: any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier, or to one or more factors.
Data Subject: any specified natural person who is identified or identifiable, directly or indirectly, on the basis of personal data.
 
Legal basis for processing: the legal bases for processing may include:
  • consent of the data subject
  • the performance of a contract to which the data subject is a party or is necessary to take steps at the request of the data subject prior to the conclusion of the contract;
  • to comply with a legal obligation to which the controller is subject;
  • to protect the vital interests of the data subject or of another natural person;
  • the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • the legitimate interests of the controller or of a third party, except where those interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.
 
Purpose of the processing: the processing of personal data must have a specific purpose, and the Service Provider must communicate these purposes to the data subject at the time of collection of the personal data. The Service Provider and other data controllers may not collect personal data for an unspecified purpose ("purpose limitation principle"). The most common purpose of the processing is to fulfil your order, to provide you with customer-related services.

A személyes adatok fajtái (példák): vezetéknév és utónév; lakcím és számlázási cím; e-mail cím; személyazonosító igazolvány száma; helymeghatározó adatok (pl. mobiltelefon helymeghatározási funkciója); IP-cím; süti (cookie)-azonosító; a telefon      advertising      identifier.

 In the event of an order or a customer relationship, the service provider will store the first and last name and the address (billing address) 
of the personal data for a period of 8 years in accordance with the accounting and tax legislation in force (Act C of 2000). The other personal data will be deleted after 1 year from the last purchase.

3. DATA PROCESSING

 
Processor: a natural or legal person, public authority, agency or any other body that processes personal data on behalf of the controller.
The Service Provider shall transfer data to service providers having a direct contractual relationship with the Service Provider in relation to the data provided. The data transmitted may be used by each data subject solely for the performance of his/her contractual task and may not be retained for further use or transmitted to third parties in any form. 
The purpose of the data transfer: to provide you with personalised service, to optimise the services provided by the Service Provider's partners, to fulfil the Service Provider's contractual obligations. Except in cases provided for by law (e.g. in the context of criminal proceedings) and for the performance of the Service Provider's contractual tasks, the Service Provider will not make the stored data available to any other third party.
DATA PROCESSORS:
3.1.
Name: DHL Express Hungary Shipping and Services Ltd.
Title: HU- 1185 Budapest, BUD International Airport 302. ép.
Telephone:  +36 1 2 45 45 45
E-mail: barnabas.hajdu@dhl.com
Representative: Ádám Mészáros Managing Director
Tax number: 10210798-2-44
Company registration number: 01-09-060665
- scope of data transmitted: name, delivery address, telephone number 
- purpose of processing: delivery of ordered, purchased products by courier service 
- duration of data processing: 8 years according to the Accounting Act, except for the telephone number, which is: 3 working days from delivery
3.2.
Name: GLS Ltd.
Title: 2351 Alsónémedi, GLS Európa u. 2.
Telephone:  +36 29 88 66 60
E-mail: ugyfelszolgalat@royal.hu
Contact: Gergely Hargitai
Tax number: 13-09-111755
Company registration number: 01-09-664861
- scope of data transmitted: name, delivery address, telephone number 
- purpose of processing: delivery of ordered, purchased products by courier service 
- duration of data processing: 8 years according to the Accounting Act, except for the telephone number, which is: 10 working days 
from delivery
3.3.
Name: OTP Bank Plc.
Title: HU- 1051 Budapest, Nádor u.16.
Telephone: (+36 1/20/30/70) 3 666 666
E-mail: informacio@otpbank.hu
Representative: Zoltán Gerendai
Tax number: 10537914-4-44
Company registration number: Cg. 01-10-041585
- scope of the data transferred: name of the service, purchase price 
- purpose of the processing: payment of the ordered, purchased product 
- duration of the processing: until the transaction is completed
3.4. Shared space provider:
Name: Y'Solutions PRG Informatikai Kft.
Title: HU- 2463 Tordas, Szabadság u. 2/B. ép.
Telephone: +36 70 317 069
E-mail: t.gabor[at]ysolutions.hu
Representative: Gábor Tóth
Tax number: 13821191-2-07
Company registration number: Cg. 07-09-024852
- scope of data transmitted: name, address, Tel/Fax, e-mail, tax number 
- purpose of processing: invoicing of ordered products 
- duration of data processing: 8 years
3.5. Accounting
Name: LIVRE'08 Ltd. 
Title: 1213 Budapest, Királyerdő út 2. fszt. 3
Telephone: +36 20 987 3576
E-mail: adrienn.torontali@gmail.com
Representative: Adrienn Torontali
Tax number: 14197998-2-43 
Company registration number: 01-09-893308
- scope of data transmitted: name, address, Tel/Fax, tax number 
- purpose of processing: invoicing of ordered products 
- duration of data processing: 8 years
 
4. PRIOR INFORMATION OF THE PERSON CONCERNED 


The Service Provider shall inform you in a concise, clear and detailed manner of all facts relating to the processing of your data, in particular the purpose and legal basis of the processing, the person who is authorised to process and process the data, the duration of the processing and who may access the data.
 The information provided by 
the Service Provider shall also cover the rights and remedies of the data subject in relation to the processing.
 
5. DETAILED DEFINITION OF THE PROCESSING ACTIVITY

5.1. Visitor data of the website
 
During the visit of the websites, the Service Provider as data controller records the IP address of the (non-identifiable) users, the time of the visit and the address of the page viewed - for technical reasons and for the purpose of compiling statistics on user habits. This data is statistical in nature and the Service Provider does not attribute the identity of the specific customer, so you cannot be identified.

 The data is stored on the server for a maximum of one month. 
 
Legal basis for processing: voluntary consent of the individual concerned.

 The Service Provider places a small data packet, a so-called cookie, on the user's computer in order to provide a personalized service. By using the websites, the user accepts that the Service Provider places a cookie on his/her computer.

 The Service Provider, as a technical intermediary, may ensure that third parties cooperating with the Service Provider, in particular Google Inc., store cookies during the visit of the websites if the user has previously visited the Service Provider's website and may display an advertisement to the user on this basis.

 The cookie can be deleted from the user's computer or the user can set their browser to refuse the use of cookies. In addition, Google ensures that the user can disable the cookies set by Google by going to the page where Google disables the display of advertisements (http://www.google.hu/privacy_ads.html). By disabling or deleting the use of cookies, the user may experience an inconvenient use of the websites.


5.2. Contacting us
 
When you contact us (via a form or by phone), the data you provide will be processed by the Service Provider until the contact is completed. The legal basis for the processing is your consent. Prior contact is not mandatory, you can place an order without it.


5.3. Completing the order form and processing the order
 
Processing of orders requires data processing activities in order to fulfil the contract.
 
In the course of data processing, the Service Provider and the data processor process your login name, full name, address, billing address, telephone number, e-mail address, the characteristics of the purchased product, order number, tax number, EU tax number and the date of purchase.
 
If you have placed an order in the webshop, the processing of the data and the provision of the data is essential for the performance of the contract.
 
The Service Provider processes data for 5 years according to the statute of limitations under civil law.

By accepting the terms and conditions of the data protection contract, you automatically consent to the use of the ordered product, including the name of the competitor and the pictures of the product, by the Service Provider for marketing purposes on its own websites, including its website, social media platforms and newsletter. The Service Provider declares that it will mask the face of the Contestant for marketing purposes, which you expressly accept.

The Service Provider will use the messages only for the intended purpose, if no business relationship is established, the data will be stored for a maximum of 30 days from the date of recording, and if a business relationship is established, the data will be stored and processed in accordance with accounting and tax rules. In this case, the period of data processing in relation to the invoicing data is 8 years pursuant to Article 169 (2) of Act C of 2000 on Accounting.

5.4. ISSUE OF THE INVOICE
 
The data processing is carried out in order to issue invoices in accordance with the law and to fulfil the obligation to keep accounting records. Pursuant to Article 169 (1) to (2) of the Tax Act, companies are required to keep accounting documents that directly and indirectly support the accounting.
 
In this context, the Service Provider and the data processor process your name, e-mail address and telephone number.
 
Invoices issued must be kept for 8 years from the date of issue of the invoice, pursuant to Section 169 (2) of the State Act.
 
Legal basis for data processing: legal obligation (Section 159 (1) of Act CXXVII of 2007 on Value Added Tax, paragraph 159 (1) and Section 169 (2) of Act C of 2000 on Accounting).
 
5.5. PROCESSING OF DATA RELATING TO THE TRANSPORT OF GOODS
 
The data processing is carried out in order to deliver the ordered product.
 
Legal basis for processing: performance of the contract.
 
As part of this, the Service Provider and the data processors (sections 3.1 and 3.2) process your name, e-mail address and telephone number.
 
The data is processed for the duration of the delivery of the ordered goods.
 
5.6. Management of warranty claims
 
In the case of warranty claims, the Service Provider shall act in accordance with the rules of Decree 19/2014 (IV. 29.) NGM, which also specifies how the claim is to be handled.
 
Processed data: the Service Provider is obliged to keep a record of the warranty claims notified to the Service Provider under the Regulation: 
  1. your name, address and a declaration that you consent to the processing of your data recorded in the minutes as provided for in the Regulation, 
  2. the name and purchase price of the movable property sold under the contract between you and us, 
  3. the date of performance of the contract, 
  4. the date of the error report, 
  5. a description of the error, 
  6. the right you wish to exercise under a warranty or guarantee claim; and
  7. how the warranty or guarantee claim is to be settled or the grounds for rejecting the claim or the right to enforce it.
 
If the Service Provider takes delivery of the purchased product from you, it must issue a receipt, which must indicate:
  1. your name and address, 
  2. the data necessary to identify the object, 
  3. the date of receipt of the item, and 
  4. the date when you can pick up the corrected item.
 
The Service Provider shall keep the record of the consumer's warranty claim for three years from the date of receipt and present it at the request of the supervisory authority.
 
Legal basis for data processing: legal obligation [§ 4 (1) paragraph 4 and § 6 (1) paragraph 6 of NGM Decree 19/2014 (IV. 29.)
 
5.7. Handling other consumer complaints
 
The data management process is carried out in order to handle consumer complaints. If you have made a complaint to the Service Provider, the processing of the data and the provision of the data is essential.
 
In this context, the Service Provider will process your customer name, telephone number, e-mail address and the content of the complaint.
 
The Service Provider will keep complaints for 5 years in accordance with the Consumer Protection Act.
 
The legal basis for processing is that you contact the Service Provider with a complaint. This is your voluntary choice and should be understood as consent.
 
5.8. Data processed in relation to the justification of consent
 
During the registration, ordering, newsletter subscription, the IT system stores the IT data related to the consent for later evidence. 
 
In this context, the Service Provider stores the date of consent and the IP address of the data subject. 
 
Duration of data processing: due to legal requirements, consent must be verifiable at a later date, therefore the duration of data storage is stored for a period of limitation after the termination of data processing. The legal basis for the processing is Article 7(1) of the Regulation which imposes this obligation.
 
5.9. Data processing in connection with the sending of newsletters
 
The data processing is carried out for the purpose of sending out newsletters. 
 
In this context, the Service Provider will process your name, e-mail address and telephone number. 
 
The period of processing lasts until the data subject's consent is withdrawn.
 
The legal basis for processing is your voluntary consent, which you provide to the Service Provider by subscribing to the newsletter.
 
 
5.10. Other data processing
 
The Service Provider shall provide detailed information and obtain the necessary consent for data processing not specified in this information before the data processing operation.
 
6. DATA STORAGE METHOD, SECURITY

The servers serving the websites of the data controller are located at http://www.ysolutions.hu/
Name: Y'Solutions PRG Informatikai Kft.
Title: HU- 2463 Tordas, Szabadság u. 2/B. ép.
Telephone: +36 70 317 069
E-mail: t.gabor@ysolutions.hu
Representative: Gábor Tóth
Tax number: 13821191-2-07
Company registration number: Cg. 07-09-024852
 
The data controller shall retain during the processing:
  • integrity and confidentiality: it protects the information so that only those who are authorised have access to it, and protects the accuracy and completeness of the information and the method of processing;
  • availability: ensuring that when the authorised user needs it, he or she can actually access the information and has the means to do so.
Electronic messages transmitted over the Internet, regardless of the protocol (e-mail, web, ftp, etc.) are vulnerable to network threats that could lead to fraudulent activity, contract disputes, or the disclosure or modification of information. The Service Provider will take all reasonable precautions to protect against such threats. It will monitor systems in order to record and provide evidence of any security incidents. System monitoring also allows the effectiveness of the precautions taken to be checked.

Data storage
The Data Controller shall select and operate its software and IT tools in such a way that the data processed:- is accessible to those authorised to access it (availability),- its authenticity and authentication are ensured (authenticity of data processing);- its integrity is verifiable (data integrity);- it is protected against unauthorised access (data confidentiality). 
The Data Controller shall ensure the security of data processing by technical, organisational and organisational measures that provide a level of protection appropriate to the risks associated with the processing.
 
7. DATA TRANSMISSION

 The data controller will, to the extent permitted by law, transfer personal data necessary for the order and its fulfilment to its partners providing the sales and/or services (see point 3).
 
8. DATA SUBJECTS' RIGHTS AND REMEDIES

During the period of processing, you have the following rights under the Regulation: 
  • right to information
  • the right to erasure (the so-called "right to be forgotten")
  • right to protest
  • right of access
  • right to rectification
  • the right to restriction of processing
  • the right to portability
  • the right to withdraw consent
  • the right to take action against automated decision-making
  • right to legal redress
If you wish to exercise your rights, this will involve your identification and the Service Provider will need to communicate with you. Therefore, in order to identify you, you will be required to provide personal data (but identification will only be based on data that the Service Provider already holds about you) and your complaints about the processing will be available on the Service Provider's email account for the period of time specified in this Notice in relation to complaints. If you have been a customer of the Service Provider and wish to be identified for the purposes of complaint handling or warranty handling, you will be required to provide your order ID for identification purposes. This will also enable the Service Provider to identify you as a customer. The Service Provider will respond to complaints about data processing within 30 days at the latest.
8.1. Right to information

The data subject may at any time request information about the processing of his or her personal data, the current processing, rights and guarantees, in particular the identity of the controller, the processor, the legal basis, the purpose, the duration of the processing, the place of storage, data security measures.
 At the request of 
the data subject, the controller shall provide information on its activities in relation to data processing,  or         on thedata processing activities and data transfers.

 The controller shall provide the information in writing and in an intelligible form within a reasonably short time 
from the date of the request, but not later than 30 days.

 The information shall be provided free of charge if the applicant has not yet submitted a request for information to the controller in respect of the same activity or the same set of data in the same year.      nyújtott            the data controller in the same year or in the same

Otherwise, the controller shall charge a fee and provide the information after payment of the fee.

8.2 Right to erasure (right to be forgotten)


You have the right to obtain from the controller the erasure of personal data concerning you without undue delay where one of the following grounds applies: 
  • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed by the controller;
  • You withdraw your consent and there is no other legal basis for the processing; 
  • You object to processing based on legitimate interest and there is no overriding legitimate ground (i.e. legitimate interest) for the processing, the personal data have been unlawfully processed by the controller and this has been established on the basis of the complaint, the personal data must be erased in order to comply with a legal obligation under EU or Member State law applicable to the controller.
If the controller has disclosed personal data about you for any lawful reason and is required to delete it for any of the reasons set out above, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform other controllers that have processed the data that you have requested the deletion of the links to or copies of the personal data in question. 
Erasure does not apply where the processing is necessary:
  • to exercise the right to freedom of expression and information;
  • to comply with an obligation under Union or Member State law that requires the controller to process personal data (such as processing in the context of invoicing, where the storage of the invoice is required by law) or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller; 
  • to lodge, exercise or defend legal claims (e.g. if the controller has a claim against you and has not yet satisfied it, or if a consumer or data controller complaint is pending).

8.3. Right to object

 The data subject may object to the processing of his or her personal data if.
  • the processing (transfer) of personal data is necessary solely for the purposes of the exercise of a right or legitimate interest pursued by the controller or the recipient, unless the processing is required by law;
  • the personal data are used or disclosed for direct marketing, public opinion polling or scientific research purposes;
  • the exercise of the right to object is otherwise permitted by law.
The data controller shall examine the objection, with simultaneous suspension of processing, within the shortest possible period of time from the date of the request, but not later than 15 days, and shall inform the applicant in writing of the outcome.

 Where the objection is justified, the controller shall terminate the processing, including further collection and further transmission, and block the data and notify the objection and the action taken on the basis of the objection to all those to whom the personal data concerned by the objection have been previously disclosed and who are obliged to take measures to enforce the right to object.

 If the data subject disagrees with the controller's decision, he or she may challenge it in court within 30 days of the notification.
 The controller may not delete the data of the data subject if the processing is required by law. However, the data may not be transferred to the data recipient if the controller has consented to the objection or if the court has ruled that the objection is justified.
8.4. Right of access
You have the right to receive feedback from the controller as to whether your personal data are being processed and, if processing is ongoing, you have the right to:
  • have access to the personal data processed 
  • and the following information to be provided by the controller:
    • the purposes of the processing;
    • the categories of personal data processed about you; 
    • information about the recipients or categories of recipients to whom or with which the personal data have been or will be disclosed by the Controller; 
    • the envisaged period of storage of the personal data or, if this is not possible, the criteria for determining that period; 
    • your right to request the Controller to rectify, erase or restrict the processing of personal data concerning you and to object to the processing of such personal data where the processing is based on legitimate interests;
    • the right to lodge a complaint with a supervisory authority;
    • where the data have not been collected from you, any available information about their source; the fact of automated decision-making (if such a process is used), including profiling, and, at least in these cases, clear information about the logic used and the significance and likely consequences for you of such processing.
The purpose of exercising the right may be to ascertain and verify the lawfulness of the processing, and therefore, in the event of repeated requests for information, the controller may charge reasonable compensation for the provision of the information.
 
Access to your personal data is ensured by the controller by sending you the personal data and information processed by email after you have identified yourself. If you are registered, the Service Provider will provide access by allowing you to view and verify the personal data processed about you by logging into your user account. 
 
In your request, please indicate whether you want access to your personal data or information on data management.
 
8.5. Right to rectification
 
You have the right to have inaccurate personal data relating to you corrected by the controller without delay at your request.
 
8.6 Right to portability
 
If the processing is automated or based on your voluntary consent, you have the right to request the controller to receive the data you have provided to the controller, which the controller will make available to you in xml, JSON or csv format, and if technically feasible, you may request that the controller transfer the data in this format to another controller.
 
8.7. Right to withdraw consent
 
You have the right to withdraw your consent to data processing at any time, in which case the Service Provider will delete the data from its systems. Please note that in case of an outstanding order, the withdrawal may result in the Service Provider not being able to deliver to you. In addition, if the purchase has already been made, the Service Provider may not delete the billing data from its systems in accordance with accounting regulations and, if you have a debt to the Service Provider, the Service Provider may process your data even if you withdraw your consent on the basis of a legitimate interest in the recovery of the debt.
 
 
8.8 Right to take action against automated decision-making
 
You have the right not to be subject to a decision based solely on automated processing (including profiling) that would have legal effects concerning you or similarly significantly affect you. In such cases, the controller must take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, including at least the right to obtain human intervention by the controller, to express his or her point of view and to object to the decision.
 
The above does not apply if the decision: 
  • necessary for the conclusion or performance of a contract between you and the controller; 
  • is permitted by Union or Member State law applicable to the controller, which also lays down appropriate measures to protect your rights and freedoms and legitimate interests; 
  • or based on your explicit consent.

8.9. Administrative and judicial redress

If you believe that the controller has violated a legal provision applicable to data processing or has not complied with a request, you may lodge a complaint against the controller's actions and initiate proceedings with the National Authority for Data Protection and Freedom of Information (NAIH) to stop the alleged unlawful processing.
Headquarters: 1055 Budapest, Falk Miksa utca 9-11
Address for correspondence: 1363 Budapest, Pf. 9. 
E-mail: ugyfelszolgalat@naih.hu
Phone numbers: +36 (30) 683-5969 +36 (30) 549-6838; +36 (1) 391 1400


The data subject may also take the controller to court if his or her rights are infringed.  The rules of jurisdiction of the courts determine the court before which proceedings may be brought in a particular case.
9. Amendments to the Privacy Notice 
The Service Provider reserves the right to modify this Privacy Policy in a way that does not affect the purpose and legal basis of the processing. By using the website after the amendment comes into force, you accept the amended privacy policy. If the Service Provider wishes to carry out further processing of the collected data for purposes other than those for which they were collected, it will inform you of the purposes of the processing and the information below before carrying out the further processing:
  • the duration of the storage of personal data or, where this is not possible, the criteria for determining that duration; 
  • the right to request the Service Provider to access, rectify, erase or restrict the processing of personal data concerning you and, in the case of processing based on legitimate interest, to object to the processing of personal data and, in the case of processing based on consent or a contractual relationship, to request the right to data portability; 
  • in the case of processing based on consent, that you can withdraw your consent at any time,
  • the right to lodge a complaint with a supervisory authority;
  • whether the provision of the personal data is based on a legal or contractual obligation or is a precondition for the conclusion of a contract, whether you are under an obligation to provide the personal data and the possible consequences of not providing the data; 
  • the fact of automated decision-making (where such a process is used), including profiling, and, at least in these cases, clear information about the logic used and the significance and likely consequences for you of such processing. 

 
Processing can only start after this, if the legal basis for the processing is consent, and you must give your consent in addition to the information.

Our website uses third-party cookies during its operation in order to provide you with the best user experience. Detail Allow