- Data controller's data
- Legal background, legal basis, purpose, scope of processed personal data, and data processing duration of activities on the website
- Data processing
- Data security measures
- The rights of the involved party
- Legal remedies
Data controller's name and contact information
The name of the data controller: Mof Club kft (hereinafter: Data controller)
The postal address of the data controller: 1037 Budapest Farkastorki lejtő 34/C
The email address of the data controller: email@example.com
The phone number of the data controller: +36 70 3344 377
Legal background, legal basis, purpose, scope of processed personal data, and data processing duration of activities on the website
Data management related to orders and invoicing
Legal Background and Legal Basis of Data Processing: The legal background for data processing is provided by Act CXII of 2011 on the Right to Informational Self-Determination and on Freedom of Information (Infotv.) and Act C of 2000 on Accounting (Sztv.). The legal basis for data processing is in line with Section 5. § (1)(a) of the Infotv., based on your consent, and - in case of withdrawal of consent - in line with Section 6. § (5)(a) of the Infotv., fulfilling the legal obligation defined in Sztv. Az adatkezelés célja: Issuing invoices in compliance with the law and fulfilling the obligation of accounting record retention. According to Section 169. § (1)-(2) of Sztv., economic companies must retain accounting records that directly and indirectly support accounting records for accounting purposes.
The Scope of Processed Data:
- Name / company name
- email address
- phone number.
Data Processing Duration: According to Section 169 § (2) of Sztv., issued invoices must be retained for 8 years from the date of issuance. We inform you that if you withdraw your consent for issuing invoices, the Data Controller is entitled to retain your personal data for 8 years based on Section 6 § (5)(a) of the Infotv., which allows further data processing (e.g., related to invoicing).
During registration, ordering, and subscribing to the newsletter, the IT system stores data related to consent for later proof of consent.
When paying by bank card (SimplePay Payment Service hereinafter referred to as:
"SimplePay"), the Data Controller records the following data necessary for processing the transaction:
- transaction identifier – required for completion;
- transaction status – required for completion;
- paid amount – required for completion;
OTP Mobil Korlátolt Felelősségű Társaság (registered office: 1093 Budapest, Közraktár utca 30-32; company registration number: Cg.01-09-174466; customer service: firstname.lastname@example.org; +36 1/20/30/70 3-666-611; hereinafter referred to as OTP Mobil Ltd.), as the operator of SimplePay, processes the following data for the purpose of processing payment transactions:
- phone number;
- email address;
- transaction amount;
- IP address;
- transaction date and time;
- delivery address;
- billing address;
Further data processing
If the Data Controller wishes to carry out further data processing, it shall provide prior information on the essential circumstances of data processing (legal basis and purpose of data processing, scope of processed data, duration of data processing). Please be informed that the Data Controller is obliged to fulfill the written data requests of authorities based on legal authorization. The Data Controller keeps records of data transfers in accordance with Section 15 § (2)-(3) of the Infotv. (which authority, what personal data, on what legal basis, when the Data Controller transmitted data), about which the Data Controller provides information upon request, unless prohibited by law.
Use of data processors and their activities related to data processing
Data processing aimed at storing personal data
Name of data processor: DreamHost
Contact details of data processor: Email address: ...
Based on a written contract with the data controller, the data processor performs the storage of personal data. The data processor is not authorized to access personal data.
Data security measures
The Data Controller declares that adequate security measures have been taken to protect personal data against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as against accidental destruction and damage, and against becoming inaccessible due to changes in the technology used.
Rights You have during data processing
During the data processing period, You have the following rights:
- the right to information,
- the right to rectify data,
- the right to erasure of data,
- the right to block data,
- the right to object,
Within the duration of data processing, you have the right to request information from the Data Controller about the handling of your personal data. The Data Controller will provide you with written, comprehensible information regarding the processed data, the purpose and legal basis of data processing, its duration, and – if data has been or is being transmitted – who has received or will receive the data and for what purpose, within the shortest possible time but no later than 25 days from the submission of the request. You may request the Data Controller to rectify your personal data within the duration of data processing. The Data Controller will fulfill this request within 15 days at the latest. You have the right to request the erasure of your personal data, and the Data Controller will comply with this request within 15 days at the latest. However, the right to erasure does not apply if the Data Controller is legally obliged to further store the data or if, in accordance with Section 6 § (5) of the Infotv., the Data Controller is entitled to further process the personal data (e.g., for billing purposes). You may request the Data Controller to block your personal data if the permanent erasure of data would violate your legitimate interests. The blocked personal data may only be processed as long as the purpose that prevented the erasure of personal data exists. You have the right to object to the processing of your personal data:
- if the processing or transmission of personal data is necessary solely for the fulfillment of a legal obligation that applies to the Data Controller or for the enforcement of the legitimate interests of the Data Controller, the data recipient, or a third party, except in cases of mandatory data processing and in cases specified in Section 6 § (5) of the Infotv;
- if personal data is used or transmitted for direct marketing, public opinion research, or scientific research purposes without your consent.
The Data Controller will examine the objection within the shortest possible time but no later than 15 days from the submission of the request, make a decision on its validity, and inform you in writing of the factual and legal reasons for the acceptance or rejection of your request for rectification, blocking, or erasure, within 25 days from the receipt of the request if the Data Controller does not fulfill your request for rectification, blocking, or erasure.
If you believe that the Data Controller has violated any legal provisions regarding data processing or has not fulfilled any of your requests, you have the option to initiate an investigation by the National Authority for Data Protection and Freedom of Information (address: 1530 Budapest, Pf.: 5., email: email@example.com) to remedy the presumed unlawful data processing. Additionally, if there has been a breach of legal provisions concerning data processing or if the Data Controller has not fulfilled your requests, you may also file a lawsuit against the Data Controller.
Registration with the data protection register
In accordance with the provisions of the Infotv., the Data Controller is required to register certain data processing activities in the data protection register.
Modification of the data processing information
The Data Controller reserves the right to modify this data processing information. By using the website after the effective date of the modification, you accept the modified data processing information.