Privacy Notice

1. DATA CONTROLLER

This data processing policy aims at informing the involved private individuals clearly and briefly on the processing of their personal data, in accordance with the General Data Processing Regulation of the European Union (Regulation No. 2016/679 – "GDPR") and the Hungarian Privacy Act (Act CXII of 2011).

TDS Consulting Kft. (hereinafter: data controller) hereby expresses consent to be bound by the rules contained in this policy, established on the basis of the prevailing legislation.

The data protection policy on data processing by the website under http://www.officialbacknumber.com is available on http://www.ijfbacknumber.com/Privacy_Notice.html.

Data of the data controller:

Name:	TDS Consulting Kft
Address:	HU-1131 Budapest, Kucsma u. 11.
Telephone:	+36 70 930 4418
E-mail:	info[at]officialbacknumber.com
Represented by:	Záhonyi Tamás Gábor Managing Director
Tax number:	27121140-2-41
Company registration number:	Cg. 01-09-383945 Tribunal Court of Registration

The data controller undertakes to meet the prevailing regulations in force in the EU and in Hungary regarding data processing during the operation of its website and the provision of its services.

The data controller reserves the right to amend the policy at any time, but undertakes to publish and disclose it.

2. SCOPE OF THE PROCESSED DATA

General information

The data controller

stores personal data provided voluntarily, based on consent or necessary for
the performance of a legal obligation/contract

(legal bases), the purpose of which data processing is the execution of the buyer's order, service provision based on customer relationship.

Types of personal data: first and last name, phone number, mailing address and e-mail address, and if different, invoicing data as well.

Upon an order, i.e. the establishment of a customer relationship, the service provider shall store the name and address for a period of 8 years pursuant to the prevailing accounting and tax legislation in force (Act C of 2000), while the remaining personal data shall be deleted after 1 year following the last purchase.

3. DATA PROCESSORS

The Data controller transfers data made available to service providers in a direct contractual relationship with the data controller. The transferred data may be used by all involved parties exclusively in order to perform the contractual task and shall not retain the data for further use or disclose the data to third persons in any form. The purpose of data transfer: providing personalized service to the Users, optimizing the services provided by partners of the Data controller for the Users, performing the contractual tasks of the Data controller. The stored data are not made available for third persons with the exception of cases specified by law (e.g. criminal procedure) and the performance of the contractual tasks of TDS Consulting Kft.

3.1

Name:	DHL Express Magyarország Szállítmányozó és Szolgáltató Kft.
Address:	HU- 1185 Budapest, BUD Nemzetközi Repülőtér repülőtér 302. ép.
Telephone:	+36 1 2 45 45 45
E-mail:	barnabas.hajdu[at]dhl.com
Represented by:	Ádám Mészáros Managing Director
Tax number:	10210798-2-44
Company registration number:	01-09-060665

- scope of transferred data: name, delivery address, phone number
- purpose of data processing: delivery of ordered, purchased product through courier
- period of data processing: 8 years in accordance with the accounting act, except for the phone number, where the period is 3 working days following delivery

3.2

Name:	GLS Kft.
Address:	2351 Alsónémedi GLS Európa u. 2.
Telephone:	(+36 29) 88 66 60
E-mail:	info@gls-hungary.com
Represented by:	Major Lili
Tax number:	12369410-2-44
Company registration number:	13-09-111755

3.3.

Name:	OTP Bank Nyrt.
Address:	HU- 1051 Budapest, Nádor u.16.
Telephone:	(+36 1/20/30/70) 3 666 666
E-mail:	informacio[at]otpbank.hu
Represented by:	Zoltán Gerendai
Tax number:	10537914-4-44
Company registration number:	Cg. 01-10-041585

- scope of transferred data: service name, purchase price
- purpose of data processing: payment for ordered, purchased product
- period of data processing: until transaction closure

3.4.

Name:	Y’ Solutions PRG Informatikai Kft
Address:	HU- 2463 Tordas, Szabadság u. 2/B. ép.
Telephone:	+36 70 317 069
E-mail:	t.gabor[at]ysolutions.hu
Represented by:	Gábor Tóth
Tax number:	13821191-2-07
Company registration number:	Cg. 07-09-024852

- scope of transferred data:
- purpose of data processing: no processing of data, only storage
- period of data processing:

4. INFORMATION PROVISION TO THE INVOLVED PERSON IN ADVANCE

The involved person is informed – in a brief, clear and detailed manner – about all facts regarding the management of their data, especially the purpose of and legal basis for data processing, the person entitled to perform data management and data processing, the period of data processing and the persons who may have access to the data.

Our information also covers the rights and available legal remedies of the involved person regarding data processing.

5. PERSONAL DATA, PURPOSE, LEGAL BASIS AND TEMPORAL SCOPE OF DATA PROCESSING

The processing of all personal data of the involved person is based on voluntary consent or the performance of a legal obligation.

5.1. Data of visitors of the website

As data controller, during visits to the website, we record the IP address of (non-identifiable) users, the time of the visit and the address of the viewed page - for technical reasons and for creating statistics regarding user habits. These data are of statistical nature, the identity of specific buyers is not assigned to them, therefore the involved person cannot be identified.

The data are stored by the server for up to a month. The legal basis for data processing: the voluntary consent of the involved private individual.

In order to provide customized service, the service provider places a small data package, a so-called cookie on the computer of the user. By using the websites, the user accepts the placement of a cookie on their computer by the service provider.

As a technical contributor, service provider may ensure that third persons cooperating with the service provider, especially Google Inc. may store data with the help of cookies, if the user has already visited the website of the service provider, and may display ads to the user on this basis.

The user can delete the cookie from their own computer and can set their browser to disable the application of cookies. In addition, Google ensures that the user may disable the cookies placed by Google on the site for disabling the ads displayed by Google (http://www.google.hu/privacy_ads.html). By disabling the application of or deleting cookies, using the websites may be less convenient for the user.

5.2. Contact, completing the order form, customer mails

Scope of processed data: Login name, Full name, Invoicing address Country, Invoicing address Postal code, Invoicing address City, Invoicing address District, Invoicing address Street name, Invoicing address Street type, Invoicing address House number, Invoicing address Building, Invoicing address Staircase, Invoicing address Floor, Invoicing address Door, Delivery address Name, Delivery address Country, Delivery address Postal code, Delivery address City, Delivery address District, Delivery address Street name, Delivery address Street type, Delivery address House number, Delivery address Building, Delivery address Staircase, Delivery address Floor, Delivery address Door, Phone number, Tax number, EU tax number, E-mail, Login password

Messages are used by the recipient in an intended manner, if no business relationship is established, the data are stored for up to 30 days from recording, if a business relationship is established, the data are stored and processed pursuant to the accounting and tax regulations. The period of data management in this case: Based on paragraph (2) of Section 169 on Act C of 2000 on Accounting, the mandatory period regarding invoicing data: 8 years.

5.3. Other data processing

Regarding data processing not specified in this policy, data controller shall provide detailed information and shall obtain the required consent before commencing the data processing action.

6. MANNER OF DATA STORAGE, SECURITY

Servers serving the websites of data controller can be found at http://www.ysolutions.hu/

Name:	Y’ Solutions PRG Informatikai Kft
Address:	HU- 2463 Tordas, Szabadság u. 2/B. ép.
Telephone:	+36 70 317 069
E-mail:	t.gabor[at]ysolutions.hu
Represented by:	Gábor Tóth
Tax number:	13821191-2-07
Company registration number:	Cg. 07-09-024852

6.1. Data security

The data controller shall retain the following during data processing:

integrity and confidentiality: protecting the information so that it may only be accessed by eligible persons, protecting the correctness and fullness of the method of processing;
availability: ensuring that, when required, the entitled user may access the desired information and the required devices are available.

Electronic messages forwarded via the internet are vulnerable regardless of the protocol (e‑mail, web, ftp, etc.) to network threats that lead to fraudulent activities, disputes regarding the contract or the disclosure or modification of information. The service provider takes all precautionary measures to protect against such threats. The service provider monitors the systems in order to record all security deviations and provide evidence for all security events. In addition, system monitoring enables checking the efficiency of the applied precautionary measures.

6.2. Data storage
The data controller selects and operates its software and IT devices so that the processed data: - are available for the entitled persons (availability), - their authenticity and authentication is ensured (authenticity of data processing), - their integrity can be proven (data integrity), - are protected against unlawful access (data confidentiality).
The data controller ensures the protection of the security of data processing through technical and organizational measures that provide sufficient level of protection against risks (that arise) during data processing.

7. DATA TRANSFER

The data controller transfers the personal data necessary for ordering and the execution of the order to the sales and/or service provider partners based on legal opportunity.

8. POSSIBLE LEGAL REMEDIES

8.1. Information

The involved person may request information at any time about the processing of their personal data, the actual execution of data processing, their rights and guarantees, especially the person in charge of data control and data processing, the legal basis for data processing, its purpose, timely scope, the place of data storage and the data security measures.

For the request of the involved person, the data controller provides information about the activities related to data processing as well as data transfer.

The data controller shall provide the information in a clear manner in writing within a reasonably short time after the submission of the request, but within 30 days at the latest.

The information provision is free of charge if the requester has not submitted any information requests to the data controller for the same activity, data scope in the same year.

Otherwise the data controller defines a fee and provides the information after the payment of the fee.

8.2. Deletion

The data controller deletes the personal data if its processing is unlawful, if it is requested by the involved person, if the purpose of data processing has ceased to exist, if the legally defined deadline for data storage has expired, or if it has been ordered by court or the data protection authority.

The data controller shall inform the involved person and persons to whom the data has been previously transferred for the purpose of data processing about the correction or deletion of data. The notification can be omitted if it does not violate the legitimate interest of the involved person with regard to the purpose of data processing.

In addition, the involved person may request the correction or deletion of their personal data in the manner specified upon registration as well as through the customer service. The only possible obstacle to deletion shall be a legal limitation.

8.3. Protest

The involved person may protest against the processing of their personal data if

the processing (transfer) of personal data is exclusively necessary for the enforcement of the rights or legitimate interest of the data controller or data receiver, except if the data processing is required by law;
the use or transfer of the personal data is carried out for the purpose of direct marketing purposes, polling or scientific research;
practising the right to protest is otherwise enabled by law.

The data controller - while simultaneously suspending the processing of data - reviews the protest within the shortest possible time following the submission of the request, but within up to 15 days, and notifies the requester in writing of the result.

If the protest is justified, the data controller shall discontinue data processing – including any further data recording and data transfer –, shall lock the data, and shall notify everyone to whom the personal data involved in the protest have been transferred of the protest and the measures taken, who shall take action in order to enforce the right to protest.

If the involved person does not agree with the decision made by the data controller, they may appeal to court within 30 days following the communication thereof.
The data controller shall not delete the data of the involved person if data processing is required by law. However, the data cannot be transferred to the data recipient if the data controller agreed with the protest or the court has found that the protest is legitimate.

8.4. Administrative, judicial remedies

Complaints can be made and proceedings can be initiated against the activity of the data controller:
Name: Hungarian National Authority for Data Protection and Freedom of Information (NAIH)
Registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Postal address: 1534 Budapest, Pf.: 834
Telephone: +36 (1) 391-1400
Telefax: +36 (1) 391-1410
E-mail: ugyfelszolgalat[at]naih.hu

Upon the violation of their rights, the involved person may appeal to court. Jurisdiction rules define which Tribunal the proceedings may be initiated at in the specific case.