Skip to main content

Privacy Policy

Valid as of June 14, 2019

What kind of information do you find in our Privacy Policy?

In our Privacy Policy (hereinafter: Policy), you will find all the information you need to know about which of your personal data, for what purpose and for how long will be processed by our Company and to which service provider we forward your personal data to. Besides you’ll find about that what data security measures we take to protect your data during our data processing, and what rights you have in relation to our data processing. We process your personal data prudently, in accordance with the applicable legislation. If you have any questions or complaints regarding to our data processing, feel free to contact us at the contact provided in present Policy.

I. The Data Controller

1. Who processes your data as a data controller?

Company name (short form): ANDA Present Ltd.

Registered and postal address: H-1087 Budapest, Könyves Kálmán krt. 48-52.
Registration number: 01-09-276783
Company Registry Court: Company Registry Court of Budapest - Capital Regional Court
Tax ID: 12084230-2-42 
Executive Director: András Attila
Website: www.andapresent.com 
Telephone: +36 1 210 0758 on workday between 9 am and 17 pm
E-mail: info@andapresent.hu

2. How can you contact us with questions and problems regarding to data processing?

Feel free to contact us at the following contacts, preferably by email for the quick and verifiable administration!

Anda Present Ltd.
H-1087 Budapest, Könyves Kálmán krt. 48-52.
E-mail: privacy@andapresent.hu

 

II. Details of each data processing

1. Data processing of contractual contacts

With respect to contractual contact persons, we process their personal data that is either public (e.g. published on websites) or obtained from our clients (on business cards, or in contracts etc.).

Purpose of data processing: concluding contracts and contracts, efficient communication, ensuring business continuity.

The processed data: 

  • name,
  • position,
  • company address, including sole proprietor (head office / establishment / place of business),
  • business telephone number (landline and / or mobile), sole proprietor,
  • company email address, including sole proprietor,
  • business fax number, including sole proprietor.  

If the contractor is a sole proprietor, we will not handle business or company information, but the information that the sole proprietor will provide to us in connection with the conclusion of the contract or on his website or business card.

Legal basis of the data processing: 

  • In case of contracts with a sole proprietor, if the contractor is also the contact person, than the performance of the contract (Article 6 (1) (b) of the GDPR).
  • In the case of contracts with other entities, the legitimate interest (Article 6 (1) (f) of the GDPR), which is the conclusion, performance of the contract, effective communication and ensuring business continuity.

Retention of data:

  • Contractual contact information will be retained during the term of the agreements and thereafter until the expiration of any applicable tax limitation period from the termination of the relevant agreement, which shall be 8 years from the date of issue of this Policy and shall commence with the disclosure.

2. Customer service data processing

Personal data received at info@andapresent.hu, as well as at customer service inquiries at +36 1 210 0758 (on business days from 8:30 am to 5:00 pm) and received at our head office is handled by those employees with appropriate access privileges whose job is related to customer support requests.

Purpose of data processing: to handle customer service requests we receive and answer questions.

Legal basis of data processing: legitimate interest (Article 6 (1) (f) of the GDPR) which is recording, responding to, and utilizing recorded customer service communications in case of any claims.

The processed data:  

When contacting us via email, the person who contacts us:

  • name
  • e-mail
  • additional personal data you provide (including in particular the contact details of the inquirer or other person involved and the circumstances of the case in which the inquirer contacted us)

When contacting us by phone, the person who contacts us:

  • name
  • phone number (landline or mobile)
  • data of the call
  • time of the call
  • additional personal  data you provide (including in particular the contact details of the inquirer or other person involved and the circumstances of the case in which the inquirer contacted us)

In case of request sent by post:

  • name of the sender 
  • address
  • date of delivery
  • additional personal  data you provide (including in particular the contact details of the inquirer or other person involved and the circumstances of the case in which the inquirer contacted us)

Duration of data processing: personal data (including emails) processed in connection with general inquiries will be deleted after the purpose of the data processing has ceased. Thus, if it’s unlikely to need the e-mail and the response for further administration and enforcement, we will delete those data, otherwise, the request and reply will be deleted after 5 years from the date of communication, in accordance with the civil statute of limitations.

3. Handling complaints

Purpose of data processing: handling incoming customer, client complaints.

Legal basis if data processing: legitimate interest (Article 6 (1) (f) of the GDPR) efficient and verifiable handling of customer, client complaints, use of such correspondence or personal communication in any official process or in any claim.

The processed data:

  • name
  • e-mail or postal address
  • additional personal  data you provide (including in particular the contact details of the inquirer or other person involved and the circumstances of the case in which the inquirer contacted us)

Duration of data processing: personal data processed in such case will be retained within the civil statute of limitations (currently 5 years), which begins with the disclosure.

4. Server logging

Purpose of data processing: troubleshooting, detection of system failures, security protection, for webshop users, restore the contents of the cart.

Legal basis of data processing: legitimate interest (Article 6 (1) (f) of the GDPR) troubleshooting, detection of various system failures, protection against various system hacking, restoring contents of the cart when used in the webshop. 

Duration of data processing: 1 year.

Server logging stores the data below on our own server:

  • IP address
  • User agent
  • Login time
  • Referer
  • Cookies
  • Set-Cookie

However, in the event of a major system failure, ad hoc logging may also result in the storage of personal data provided during registration.

 

III. Data processing principles, rights of the data subject and their enforcement, time limit of administration

1. Data processing principles

We will process your personal data in accordance with applicable legal requirements, so personal data will only be processed and stored for the purposes and for the period of time required for the purposes of this Policy, only as provided by you as the data subject or in a legitimate interest and in accordance with the applicable law and present Policy. 

If we intend to use your personal data for purposes other than for which it was originally collected, we will inform you in advance, by email or on our website, in order to obtain your consent and to provide you with the opportunity to prohibit data processing other than the original purpose.

In particular, the following data processing principles apply:

  • lawfulness, fairness and transparency
  • purpose limitation
  • data minimisation
  • accuracy
  • storage limitation
  • integrity and confidentiality
  • accountability

2. Rights of the data subject

You, as the data subject, are granted the following rights in accordance with the provisions of the GDPR:

2.1. Right to be informed

You as the data subject, have the right to be informed about all the legal basis of data processing. We strive to fulfill our obligation to provide information in a concise, clear, understandable and easily accessible form, with clear wording.

2.1.1. How will we inform you about the processing of your data?

We comply with our obligation to provide information primarily in writing - including by email. Oral information may be provided upon your express request, provided that you have properly verified your identity.

2.1.2. What is the deadline for informing you about our data processing?

Without undue delay, but in any case within 30 days of receipt of the request, we will inform you of the action we have taken in response to your request to exercise your right.

Where necessary, taking into account the complexity and the number of the requests, the 30-day time limit may be extended by a further 60 days. We will inform you of the extension within 30 days of receipt of the request, stating the reasons for the delay. If you have submitted your request electronically, the information will be provided electronically as far as possible, unless you request otherwise. Requests sent by post will also be answered by post.

2.1.3. Is there a charge for the information?

Information and measures are provided free of charge. If your request is manifestly unfounded or excessive - in particular because of its repetitive character - taking into account the administrative costs of providing the information or information requested or of taking the requested action:

  • we may charge a reasonable amount (see paragraph 2.2 below for the copy fee), or
  • refuse to act on the application.

It is for us to prove that the claim is manifestly unfounded or excessive.

2.2. Right to access

You have the right of access to all the legal bases of data processing. 

2.2.1. What information do we provide access to?

You have the right to receive feedback from us as to whether your personal data is being processed and, if so, to have access to your personal data and the following information: 

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipients to whom the personal data have been or will be communicated;
  • where applicable, the proposed period for which the personal data will be stored;
  • your right to request from us the rectification of your personal data, the deletion or limitation the processing of certain data in connection with a legal basis, and the right to object to the processing of such personal data in the case of certain legal data processing;
  • the right to lodge a complaint to the supervisory authority;
  • if the data have not been collected from you, any available information on their source;
  • the fact that automated decision-making, including profiling, and, at least in these cases, the logic used and the significance and foreseeable consequences for you of such data management

2.2.2. How do we provide access to your data?

From its receipt, within a maximum of 30 days, we will respond to your request for access by posting you a copy of your personal data that we process, to the contact information provided in the request.

If you submit your request electronically, our response letter will also be sent to you electronically, protected by a password thet we send to the mobile number you provided. (Pdf and Excel files can be encrypted.) If you are requesting another type of response, please indicate this in your request.

2.2.3. What personal data can you request a copy of?

We will provide you with a copy of your personal data subject to data processing at any time upon request.

2.2.4. Do I have to pay for a copy?

Usually, we will provide you with a free copy of your personal data we process. However, if you request more than one copy, we may charge you a reasonable fee based on administrative costs for the additional copies, as set out below:

Copy fee:

  • A4 sheet size: 15 HUF + VAT / page
  • A3 sheet size: 25 HUF + VAT / page 

If you request the information electronically, you will receive it in CD format at a cost of 1 000 HUF + VAT. We will deliver the CD by post to the address you provide.

2.3. Right to (completion) rectification

You have a right of rectification in respect of all data process legal bases.

2.3.1. What does the right of rectification mean?

If one or more of your personal data is incorrect or inaccuratein in our systems, you have the right to request the rectification of that personal data. If you request a correction, we will correct your inaccurately processed personal data without undue delay. 

You also have the right to request your personal data be completed. 

2.3.2. How do we ensure that your data is corrected or completed?

From its receipt, within a maximum of 30 days, we will respond to your request for rectification to the contact information provided in the request.

If you submit your request electronically, our response letter will also be sent to you electronically. If you are requesting another type of response, please indicate this in your request.

Your business information, billing information, email address may only be changed after consultation with your sales representative, so please address your request to your sales representative.

You can modify the following information at your own discretion:

  • phone number 
  • password
  • mailing address

2.4. Right to erasure (‘right to be forgotten’)

You are not automatically entitled to request erasure with regard to the processing of data relating to all legal basis. 

2.4.1. When do we delete personal data on your request?

We will delete your personal data without undue delay if any of the following applies:

  1. personal data are no longer necessary for the purpose for which they were collected or otherwise processed;
  2. you withdraw your consent to the processing of data (in case of consent based data processing) and there is no other legal basis for the processing;
  3. You object to the data processing, and there is no overriding legitimate reason for the processing of data on legal grounds based on public authority or legitimate interest;
  4. the personal data have been unlawfully processed;
  5. personal data must be deleted in order to comply with a legal obligation imposed by the EU or an applicable Member State law.

2.4.2. When will your personal data not be erased despite your request for deletion?

We will not comply with your request for deletion if processing is necessary to comply with a legal obligation applicable to our company that governs the processing of your personal data.

2.4.3. What actions can we take before deleting data?

When we receive a deletion request, firstly we will verify that the request is from the entitled person.

In order to the above, we may take the following actions:

  • request information to identify the contract between you and us (eg contract number, contract date),
  • we may ask for the ID number of the document we issued to you,
  • we may ask you to provide identity data recorded about you (however, we may not ask for any additional data that we do not record about you as identification).

2.4.4. How do we delete your personal data?

If we are required to comply with the deletion request, we are obliged to do our best to delete your personal data from all databases. 

A record of the deletion will be made so that we can confirm that the deletion has taken place, except that registration will be canceled. 

The record shall be signed by a representative of our company or by the person (s) authorized to do so by virtue of their job description. The deletion report shall include:

  1. the name of the data subject (ie you);
  2. the type of personal data deleted;
  3. the date of cancellation.

We will inform anyone to whom personal data have been transferred of the obligation to delete.

If the data processing is based on consent, you have the right to withdraw your consent at any time without justification. Upon withdrawal of your consent, your personal data – in the absence of any other legal basis - will be deleted. The withdrawal of consent shall not affect the lawfulness of the prior processing.

2.5. Right to restriction of processing 

You have the right to restriction in respect of all data protection legal bases.

  1. You dispute the accuracy of your personal data, in which case the limitation applies to the period of time that allows us to verify the accuracy of your personal data;
  2. the data processing is unlawful and you object to the deletion of the data and instead request a restriction on their use;
  3. we no longer need personal data for the purposes of data processing, but you request it for the purpose of making, enforcing or defending legal claims; or
  4. You have objected to the processing of data on the basis of a public authority license or a legitimate interest; in this case, the limitation applies for a period until it is determined that our legitimate interests have priority over your legitimate reasons.

2.5.1. When will we continue to process your personal data despite the restriction?

If data processing is restricted under the preceding paragraph, such personal data, with the exception of the storage, shall only be processed with your consent, or for the purpose of submitting, asserting or defending legal claims, or protecting the rights of other natural or legal persons it is in the public interest.

We inform all persons to whom personal data have been transferred of this obligation.

2.6. Right to object

You have the right to object for data processing which legal grounds based on public authority or legitimate interest.

2.6.1. What is the result of your protest against data processing? 

We may not further process your personal data in response to your request for objection, unless we have demonstrated that the processing is justified by compelling legitimate reasons, overriding your interests, rights and freedoms, or relating to the filing, enforcement or protection of legal claims.

2.6.2. How do you object to the processing of your personal data for direct business purposes?

If your personal data is processed for the purpose of direct marketing (newsletter), you have the right to object (unsubscribe) to the processing for this purpose at any time.

If you object to the processing of personal data for the purpose of direct marketing, personal data may no longer be processed for this purpose.

2.7. Right to data portability

In case of consent or contract based data processing, you have the right to data portability, given that the data procesing is automated.

2.7.1. What do we provide you with in terms of your data portability right?

We ensure that the personal data you provided to us will be provided to you in a structured, widely used, machine-readable format and that you may pass it on to another controller.

2.7.2. How do we ensure the right to data portability?

Customer information, registration data, shopping list and any data recorded by the system will be provided to you in the form of an Excel spreadsheet.

We will respond to your request without undue delay, but no later than 30 days from the date of receipt, and will be sent by post to the contact details provided in the request.

If you submit your request electronically, our reply letter will also be sent to you electronically protected by a password, which we will forward to your mobile number (Pdf and Excel files can be encrypted). If you are requesting another type of response, please indicate this in your request.

3. Complaint, common rules of procedure

3.1. Complaint

In the event of an alleged infringement of your personal data processing, we will investigate your complaint within 30 days at most. 

3.1.1. To what contact can you submit your complaint?

Please send your complaint to us first, by post, or email:

Anda Present Ltd.

head office: H-1087 Budapest, Könyves Kálmán krt. 48-52.

e-mail: privacy@andapresent.hu

Please only exercise your right to oral information if you are unable to contact us in any other way, given that written certainty protects both your interests and ours.

3.1.2. Where can you complain if you are not satisfied with our complaint handling?

If you are not satisfied with our complaint handling, you can also file a claim with the competent tribunal (Metropolitan Court or the place of residence or residence) or initiate an investigation with the Hungarian National Authority for Data Protection and Freedom of Information at:

  • postal address: H-1024 Budapest, Szilágyi Erzsébet fasor 22/C., 
  • e-mail: ugyfelszolgalat@naih.hu,
  • telephone: +36-1-3911400
  • representative, Head of the Authority: dr. Péterfalvi Attila
  • website: www.naih.hu 

3.2. Common rules of procedure

3.2.1. What data do we need to properly handle your complaint?

Please provide your personal identification information and mailing address when contacting us. If any doubts incurred about your identity or if the information provided is not sufficient for us to identify you, we are entitled to ask for additional identification.

3.2.2. How long does it take to respond to your inquiry?

We will endeavor to process your request as soon as possible. The administrative deadline is 30 days, which we are entitled to extend for another 60 days if necessary, about what we will send you - as an applicant or claimant – a reasoned notification, no later than 30 days after your request.

3.2.3. What form do we respond to you?

We will respond to requests in writing, in the form in which those were received, that is to say, by post, by email, unless specifically stated otherwise in the request.

3.2.4. Is there a fee for complaint handling?

Well-founded requests will be met free of charge. However, if the application is manifestly unfounded or - especially because of its repetitive nature - excessive, we reserve the right to charge a reasonable amount or even refuse to act on the application. (For the applicable rates, see section III./1.2.4 above under Copy fee.)

 

IV. Data transfer, data processors, other data controllers

1. Who do we transfer your personal data to?

Your data will be made available only to data processors and other data controllers whose services are absolutely necessary for the operation of our website, the provision of storage space, the fulfillment of accounting obligations, and the operation of IT systems. 

The contacts of the referenced companies are listed below, so that our company may at any time unilaterally choose to use another service provider. In such a case, we will amend present Policy accordingly.

In addition to the above, your personal data will only be forwarded to the authorities, courts, notaries and other organizations authorized by law to handle the data.

Legal basis of data transfer: Article 6 (1) (c) of the GDPR, fulfillment of legal obligation.

2. Data processors and their contacts

By visiting our website, you acknowledge that your personal data will be processed by the following service providers as data processors in a targeted and necessary manner:

2.1 Hosting-provider: 

  • Hosting-provider: Virgo Systems Kft.
  • Hosting-provider’s registered office: H-8200 Veszprém, Óváros tér 25.
  • Hosting-provider’s website: https://systems.virgo.hu/ 
  • Hosting-provider’s e-mail: info@virgo.hu 
  • Hosting-provider’s customer service: +36 1 336 0630

2.2 Web server operator:

  • Company name: Virgo Systems Kft.
  • Registered office: H-8200 Veszprém, Óváros tér 25.
  • Company registration number: 01-09-689231
  • Tax number: 12497278-2-42
  • Represented by: Laczkovich Bence

2.3 Auditor:

  • Company name: ICT Europa Holding Inc.
  • Registered office: H-1117 Budapest, Fehérvári út 50-52.
  • Company registration number: 01-09-998752
  • Tax number: 24266479-2-43
  • Contact: Gulyás Gábor 

 

V. IT data security

We guarantee data security in accordance with the provisions of the GDPR, including in particular the state of the art and the costs of implementation, the nature, scope, circumstances and purposes of data processing, taking into account the varying probability and severity of the risks to the rights and freedoms of natural persons, we shall implement appropriate technical and organizational measures to ensure a level of data security appropriate to the degree of risk. 

In order to prevent the destruction, unauthorized use or alteration of your personal information, we will, in particular, apply the following measures, which we will continually improve on a need-to-know basis:

  • We create automatic backups of our databases on a separate server,
  • We use mirroring,
  • Our server is a dedicated server located in Hungary, 24 hours protected,
  • We use a firewall to protect your personal data, as well as our server has an active and passive security system.

 

VI. Data breach

1. Definition of data breach

Data breach is any case in which an unauthorized person has access to personal data or the data is destroyed, lost or changed.

2. Risk assessment of data breach

In the event of a data breach - acting in accordance with GDPR - the impact and risks of that incident will be assessed by a team and based on that assessment, we will take the necessary steps to resolve it, notify the competent authority or the data subject, as appropriate. 

3. Informing the data subject 

If the result of the risk analysis is that a data breach is likely to pose a high risk to the rights of those affected, ie your rights, we will notify you of the data breach. Depending on the nature of the data breach, the information will be provided through our website or through other more direct means (eg email).  

4. Data breach policy – incident management

We have a separate internal incident management policy for dealing with data incidents, which ensures that when a privacy incident occurs, we can deal with it efficiently and quickly, also make the appropriate notifications, but first and foremost, under the circumstances, to minimize the risk of potential data corruption or loss, and to minimize any damage.

 

VII. Definitions, Governing Law, disclosure and amendments of the Policy

1. Definitions

1.1. Privacy legislation: all applicable data protection, privacy and information security laws, especially but not exclusively, the General Data Protection Regulation (GDPR) any related national transposition, amendment or replacement legislation from time to time also the Act CXIII of 2011 on the Right of Informational Self-Determination and on Freedom of Information. 

1.2. Personal data: means any personal data as defined by applicable data protection legislation, including, in particular, any information relating to an identified or identifiable natural person ("data subject") as defined in the GDPR; identifiable a natural person who, directly or indirectly, in particular by virtue of one or more factors such as name, number, position, online identification or physical, physiological, genetic, intellectual, economic, cultural or social identity of the natural person identified.

1.3. Data controller: means a natural or legal person, public authority, agency or any other body which determines the purposes and means of the processing of personal data, alone or in association with others.

1.4. Data processor: means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.

1.5. Recipient: means a natural or legal person, public authority, agency or any other body to whom personal data are disclosed, whether a third party or not. Public authorities which have access to personal data in the framework of a specific inquiry in accordance with Union or Member State law shall not be considered as recipients; the processing of such data by these public authorities shall comply with the applicable data protection rules in accordance with the purposes of the processing.

1.6. Third party: means any natural or legal person, public authority, agency or any other body which is not the data subject, the controller, the processor or any person authorized to process personal data under the direct control of the controller or processor.

1.7. Data processing: means any or all of the operations carried out in an automated or non-automated way on personal data or data files, such as collection, recording, systematization, classification, storage, transformation or alteration, retrieval, access, use, communication, distribution or otherwise making available, coordinating or linking, limiting, deleting or destroying.

1.8. Consent of the data subject: means the voluntary, explicit and unambiguous expression of the will of the data subject, by which the data subject indicates his or her consent to the processing of personal data concerning him or her by means of a statement or act of an unambiguous confirmation;

1.9. Data breach – privacy incident: means a security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access of personal data transmitted, stored or otherwise processed;

1.10. Filing system: means a set of personal data, in any form- centralized, decentralized, functional or geographical -, accessible according to specified criteria;

1.11. Data stock: a document to assess the scope and nature of personal data managed by the controller.

2. Governing Law

Present Policy is made and interpreted in accordance with current Hungarian law. The Policy – in particular, but not limited to - is governed by the following legislation:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – „GDPR”)
  • Act CXIII of 2011 on the Right of Informational Self-Determination and on Freedom of Information („Infotv.”)
  • Act V of 2013 on the Civil Code („Ptk”)
  • Act C of 2000 on accounting („Sztv.”)
  • Act CVIII on certain issues of electronic commerce activities and information society services („Ekertv.”)
  • Act XLVIII of 2008 on the essential conditions and certain limitations of business advertising activity („Grt.”)

3. Disclosure of the Privacy Policy

The Privacy Policy is published on our website under the Privacy Policy menu item and is permanently available there.

4. Amendment of the Privacy Policy

We reserve the right to unilaterally modify present Policy at any time. In case of changes we will inform you in our news.

The amended provisions will become effective upon publication on our website or otherwise notified to you.