Privacy Policy

Introduction

Voxinfo Ltd. (1037 Budapest, Bécsi út 269), Tax number: 12180439-2-41, Company registration number: 01-09-562739 (hereinafter: Service Provider, Data Controller) considers the following policy binding upon itself:

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (of 27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), we provide the following information.

This privacy policy governs the data processing on the following website and related services: europe-vignette.eu

Voxinfo Ltd. may unilaterally modify this Privacy Policy at any time. The current version of the Privacy Policy is published on the website europe-vignette.eu. The changes to the policy take effect upon publication at the above address.

Data Controller and Contact Information:

Name: Voxinfo Ltd.

Head Office: 1037 Budapest, Bécsi út 269

Operational Address: 1037 Budapest, Bécsi út 269

Email: info@voxinfo.hu

Phone: +36-1-225-7603

Definitions

“Personal data”: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

“Processing”: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

“Data controller”: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

“Processor”: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

“Recipient”: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

“Data subject’s consent”: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

“Personal data breach”: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Principles relating to processing of personal data

Personal data shall be:

  • a) processed lawfully, fairly, and in a transparent manner in relation to the data subject (“lawfulness, fairness and transparency”);
  • b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (“purpose limitation”);
  • c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimisation”);
  • d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (“accuracy”);
  • e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organizational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (“storage limitation”);
  • f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (“integrity and confidentiality”).

The data controller shall be responsible for, and be able to demonstrate compliance with, the above principles (“accountability”).

The data controller declares that data processing is carried out in accordance with the principles laid out in this section.

Data Processing Activities

Highway Vignette Purchase

Personal Data - Provided by the Data SubjectPurpose of Data Processing
License plate number *Provision of the service
Type of vehicle *Provision of the service
Phone numberProvision of the service, communication, and more efficient coordination of billing-related matters, SMS Service.
Billing name and addressIssuance of a proper invoice, creation and definition of the contract, modification, monitoring of its fulfillment, billing of fees arising from it, and enforcement of related claims.
Date and time of purchase/registration *Execution of technical operations.

Data marked with an asterisk (*) are mandatory. Without them, the Service cannot be used.

In the case of the email address, it is not necessary for it to contain personal data.

In the case of the phone number:
Purpose of data processing: SMS notification about the purchase
Processed data: phone number
Legal basis: GDPR Article 6(1)(b) (performance of a contract, as the Customer specifically requests it)
Duration: until withdrawal
Name and contact details of the data processor: Magyar Telekom Nyrt.
Registered office: 1097 Budapest, Könyves Kálmán körút 36.
Phone: 1414
Email: ugyfelszolgalat@telekom
Scope of data subjects: all data subjects using the SMS service.

Duration of data processing and deadline for data deletion: If any of the conditions in Article 17(1) of the GDPR apply, the data will be stored until the data subject requests its deletion. The controller shall inform the data subject electronically about the deletion of any personal data provided by the subject, pursuant to Article 19 of the GDPR. If the deletion request includes the email address, the controller will also delete that email address following notification. Exceptions are accounting documents, which must be retained for 8 years based on Act C of 2000 on Accounting, Section 169(2). Contractual data may be deleted after the civil statute of limitations has expired.

Accounting records that directly or indirectly support bookkeeping (including general ledger accounts, analytical or detailed records) must be retained in a readable form and retrievable manner for at least 8 years based on bookkeeping references.

Authorized data processors and potential recipients of the personal data: The data may be processed by employees of the controller in the sales and marketing departments, in compliance with the above principles.

Rights of the Data Subjects Related to Data Processing:

The data subject may request access to, rectification or deletion of their personal data, or restriction of processing from the controller. The data subject also has the right to data portability and may withdraw consent at any time. Access, deletion, modification, or restriction of processing, as well as portability, may be requested by:

  • postal mail to: Voxinfo Ltd., 1037 Budapest, Bécsi út 269.
  • email to: support@europe-vignette.eu

Legal Basis for Data Processing:

  1. Article 6(1)(b) and (c) of the GDPR
  2. Section 13/A(3) of Act CVIII of 2001 on certain issues of electronic commerce services and information society services (hereinafter: "Elker Act")

The service provider may process personal data that are technically essential for providing the service. Where all other conditions are equal, the service provider must choose and operate tools used in the provision of the service in a way that personal data is only processed if strictly necessary for the service or for fulfilling the other purposes set forth in the law, and even then only to the extent and duration necessary.

  1. For issuing invoices in compliance with accounting laws, Article 6(1)(c) of the GDPR applies.
  2. For enforcing claims arising from contracts, Section 6:21 of Act V of 2013 on the Civil Code applies: 5 years.

Section 6:22 [Limitation]

(1) Unless otherwise provided by law, claims shall lapse after five years.

(2) The limitation period begins when the claim becomes due.

(3) Agreements to change the limitation period must be made in writing.

(4) Agreements excluding limitation are void.

Customer Contact

Nature of data collection, scope of processed data, and purpose of data processing:

Personal DataPurpose of Data Processing
Name, email address, phone number, license plate numberCommunication, identification, contract fulfillment, business purposes

Scope of data subjects: All individuals who are in contact with the data controller via phone/email/in person or are in a contractual relationship with the controller.

Duration of data processing and deadline for data deletion: Data processing lasts until the legal relationship between the controller and the data subject ends, or in the case of a contract, until the expiration of the civil statute of limitations.

Authorized data processors and potential recipients of the personal data: Personal data may be processed by authorized employees of the controller, in compliance with the principles stated above.

Rights of the Data Subjects Related to Data Processing:

The data subject may request access to, rectification or deletion of their personal data, or restriction of processing from the controller. The data subject also has the right to data portability and may withdraw consent at any time. Access, deletion, modification, or restriction of processing, as well as portability, may be requested by:

  • postal mail to: Voxinfo Ltd., 1037 Budapest, Bécsi út 269.
  • email to: support@europe-vignette.eu

Legal Basis for Data Processing:

7.1. Article 6(1)(b) and (c) of the GDPR

7.2. For enforcing claims arising from contracts, Section 6:21 of Act V of 2013 on the Civil Code: 5 years

Section 6:22 [Limitation]

(1) Unless otherwise provided by law, claims shall lapse after five years.

(2) The limitation period begins when the claim becomes due.

(3) Agreements to change the limitation period must be made in writing.

(4) Agreements excluding limitation are void.

Please note that:

  • data processing is necessary for fulfilling the contract and providing an offer.
  • providing your personal data is required for us to process your order/other request.
  • failure to provide data will result in our inability to process your order/request.

Data Processors Involved

Payment System – Barion Payment Inc. Card Payment Service Provider

I acknowledge that the following personal data stored in the user database of www.europe-vignette.eu by the data controller Voxinfo Ltd. (1037 Budapest, Bécsi út 269) will be transferred to Barion Payment Inc. as the data processor. The scope of data transferred by the data controller includes: name, email address, and billing information. Barion Payment Inc. provides the payment service as an independent data controller under its own privacy policy available at https://www.barion.com/hu/adatvedelmi-tajekoztato.

Hosting Provider

Activity performed by the data processor: Hosting services

Name and contact information of the data processor:

  • Name: 23VNet Ltd.
  • Address: 1094 Budapest, Liliom u. 24–26.
  • Phone: +36 1 450 1222

Scope of data processing: All personal data provided by the data subject.

Scope of data subjects: All users of the website.

Purpose of data processing: To make the website available and ensure its proper operation.

Duration of data processing: Until the termination of the agreement between the data controller and the hosting provider, or until the data subject requests deletion from the hosting provider.

Legal basis for data processing: Article 6(1)(f) of the GDPR, and Section 13/A(3) of Act CVIII of 2001 on Electronic Commerce and Information Society Services.

Rights of the data subject:

  • You can inquire about the circumstances of data processing.
  • You are entitled to receive feedback from the controller on whether your personal data is being processed and to access all information related to data processing.
  • You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • You have the right to request that the controller rectify inaccurate personal data without undue delay.
  • You may object to the processing of your personal data.

Website Operation

Activity performed by the data processor: website operation (monitoring, technical updates, security system development, other development and repair tasks)

Name and contact information of the data processor:

  • Name: DOCCA OutSource IT Ltd.
  • Address: Apor Vilmos tér 25–26., Budapest
  • Email: contact@docca-europe.com
  • Phone: +36 1 488 7490

Scope of data processing: All personal data provided by the data subject.

Scope of data subjects: All users of the website who register or place an order.

Purpose of data processing: Website operation (development, monitoring, bug fixing).

Duration of data processing: Until the termination of the agreement between the Service Provider and the website operator, or until a deletion request is made by the data subject.

Legal basis for data processing: Article 6(1)(f) of the GDPR, and Section 13/A(3) of Act CVIII of 2001 on Electronic Commerce and Information Society Services.

Accounting and Invoicing

Name and contact information of the data processor:

  • Name: aPlus Consulting Ltd.
  • Company registration number: 01 09 910002
  • Address: 1037 Budapest, Bécsi út 269
  • Tax number: 14571961-2-41
  • Email: penzugy@aplus.hu

Scope of data processing: Name, billing name, and billing address.

Scope of data subjects: All users who place orders on the website.

Purpose of data processing: Issuance of electronic invoices/accounting tasks.

Duration of data processing: 8 years, in accordance with Section 169(2) of Act C of 2000 on Accounting.

Legal basis for data processing: Article 6(1)(c) of the GDPR, and Section 13/A(3) of Act CVIII of 2001 on Electronic Commerce and Information Society Services.

Data Recipients (Data Transfers):

In addition to the above data processors, your personal data may also be shared with the following recipients based on contractual agreements. These data are used solely for the purpose of completing purchases and verifying road usage authorizations, in compliance with data protection regulations.

Recipient of Data TransferTransferred Data
Autobahnen- und Schnellstraßen-Finanzierungs-Aktiengesellschaft
Austro Tower, Schnirchgasse 17, 1030 Vienna
Legal form: Aktiengesellschaft, Registered office: Vienna, FN 92191 a
Commercial Court of Vienna, VAT No.: ATU 43143200		In the case of Austrian motorway vignette purchase: license plate number, country code, vehicle type, details of purchased vignette (type, validity period)
KBOSS.hu Ltd. (1031 Budapest, Záhony utca 7/C., Company reg. no.: 01-09-303201; Tax no.: 13421739-2-41)Name, billing data, email address

Cookie Management

Our website uses Cookie-Script in accordance with Google Consent Mode v2 and GDPR regulations.

Typical cookies for online stores include “password-protected session cookies,” “shopping cart cookies,” “security cookies,” “necessary cookies,” “functional cookies,” and “cookies responsible for website statistics.” These do not require prior consent from the data subject.

Data processing fact and scope of data: Unique identifier, dates, times.

Scope of data subjects: All visitors of the website.

Purpose of data processing: Identifying users, maintaining the shopping cart, and tracking visitor behavior.

Duration of data processing and deletion deadline:

Type of CookieLegal Basis for ProcessingDuration of ProcessingScope of Processed Data
Session cookiesSection 13/A(3) of Act CVIII of 2001 on electronic commerce services and information society services (Elkertv.)Until the end of the respective visitor sessionconnect.sid
Persistent or saved cookiesSection 13/A(3) of the Elkertv.Until deleted by the data subject
Statistical cookiesSection 13/A(3) of the Elkertv.1–2 months

Authorized persons to access the data: The controller does not process personal data through the use of cookies.

Data subjects’ rights regarding data processing: Users can delete cookies via their browser’s Tools/Settings menu, typically under the Privacy settings.

Legal basis for processing: No consent is required from the data subject if the sole purpose of using cookies is to transmit communication over an electronic communications network or if the service provider absolutely needs them to provide an information society service explicitly requested by the subscriber or user.

Use of Google Ads Conversion Tracking

The data controller uses the online advertising program "Google Ads," and within its framework, the conversion tracking service of Google. Google Conversion Tracking is an analytics service by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). When a user accesses a website via a Google ad, a cookie necessary for conversion tracking is placed on their device. These cookies are valid for a limited time and do not contain any personal data, meaning the user cannot be identified. If the user visits certain pages of the website and the cookie has not expired, both Google and the data controller can see that the user clicked on the ad.

Each Google Ads customer receives a different cookie, so cookies cannot be tracked across the websites of other Ads customers. Information collected using conversion cookies is used to compile conversion statistics for Ads customers who opted into conversion tracking. These customers are informed of the number of users who clicked their ad and were redirected to a page tagged with a conversion tracking label. However, they do not receive information that would personally identify users.

If you do not wish to participate in conversion tracking, you can opt out by disabling cookie storage in your browser settings. In that case, you will not appear in the conversion statistics. More information and Google's privacy policy can be found at: https://policies.google.com/privacy 

Use of Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses "cookies," which are text files placed on your computer to help analyze how users use the website. The information generated by the cookie about your use of the website is generally transmitted to and stored by Google on servers in the United States.

With IP anonymization activated on this website, Google will truncate your IP address within the European Union or in other countries that are parties to the Agreement on the European Economic Area before transmission. Only in exceptional cases is the full IP address sent to a Google server in the USA and truncated there.

On behalf of this website’s operator, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and internet usage. The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google.

You may refuse the use of cookies by selecting the appropriate settings in your browser. However, please note that doing so may affect the full functionality of this website. You can also prevent Google from collecting and processing the data generated by the cookie (including your IP address) by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout?hl=hu

Microsoft Clarity

In order to optimize our website and improve user experience, we use the Microsoft Clarity system ( https://clarity.microsoft.com/ ). Data is collected and stored for marketing and optimization purposes.

Microsoft Clarity handles user data protection by default: it automatically detects and masks (hides) personally identifiable information (PII), such as input fields and numbers, before they are transmitted to the servers. It complies with GDPR requirements, stores recorded data in encrypted form, and filters out bot traffic. Further information and the Microsoft Clarity statement are available at the following page: https://clarity.microsoft.com/privacy 

Barion Pixel

The Barion Pixel is a JavaScript-based tracking code placed on the merchant’s website, which monitors visitor activity using cookies stored in the visitor's browser. After the cookie is placed, it collects data about the visitors and their browsing behavior and sends the data directly to Barion’s server. This data is used by Barion for fraud prevention purposes—risk analysis and evaluation (as described in section 5.4 of Barion's Privacy Policy)—and for marketing purposes such as analyzing behavior to personalize ads and recommendations (see section 5.12 of the Privacy Policy). There are two versions: Barion Pixel Basic and Barion Pixel Full.

Barion Pixel Basic: This version collects data solely for fraud prevention through risk analysis and evaluation.

Barion Pixel Full: This version collects data both for fraud prevention and for marketing purposes to analyze user behavior for personalized ads and recommendations.

Barion Cookie Information

Cookie NameDescription and PurposeProviderRetention Period
ba_vidUsed during the Barion Smart Gateway service to detect bank card fraud based on your device’s digital fingerprint and browsing habits. Ensures that browsing data can be associated with a single user.Barion Payment Inc.1.5 years from last update
ba_vid.xxxTracks browsing behavior across sessions on the same website to detect fraud. Collects: ba_vid, user ID based on browser properties, timestamps of first/current/last visit, session ID, third-party cookie permissions.Barion Payment Inc.1.5 years from last update
ba_sidIdentifies your session across websites to detect fraud based on digital fingerprint and behavior.Barion Payment Inc.30 minutes
ba_sid.xxxIdentifies session within the website for fraud prevention.Barion Payment Inc.30 minutes

If the cookie’s lifespan is defined from the last update, every visit extends the expiration by 1.5 years. This data collection does not require user consent and is based on Barion Payment Inc.’s legitimate interest for fraud prevention. More info can be found in their Privacy Notice.

Other Technologies

Browser Fingerprinting: This is used to detect fraudulent sessions based on visitor behavior and browser characteristics. It helps identify browsers on specific devices and is used across websites using the Barion Smart Gateway. Details are in section 5.4 of the Barion Privacy Notice.

Cookie NameDescription and PurposeProviderRetention Period
BarionMarketingConsent.xxxStores user’s consent for collecting browsing and purchase behavior data for personalized advertising. If consent is given, data from fraud-prevention cookies is also used for marketing.Barion Payment Inc.1.5 years from last update
Media and advertiser partners' cookiesSynchronizes user identifiers between Barion and third-party advertising systems. Allows partners to store their own user identifiers in the visitor’s browser.See Privacy NoticeSee each partner's cookie policy for details

Data Processor Partners for Barion Marketing Cloud and Pixel

  • DataMe Ltd., 1118 Budapest, Ugron Gábor utca 35.
  • Dentsu Hungary Ltd., 1027 Budapest, Kacsa utca 15–23.
  • GroupM, 1123 Budapest, Alkotás utca 53., MOM Park, B/1st Floor
  • Matterkind CEE, 1082 Budapest, Vajdahunyad utca 41.
  • Vodafone Hungary, 1096 Budapest, Lechner Ödön fasor 6.

Newsletter and Direct Marketing Activity

Data Processor Name and Address: Founder Bits Inc. DBA BigMailer.io
80 Theodore Fremd Avenue
Rye, New York 10580
United States
Customer Support: hey@bigmailer.io

In accordance with Section 6 of Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activities, the user may give prior and express consent to the service provider to be contacted via the contact details provided at registration or during ordering with marketing communications and other messages.

The user may also consent to the service provider processing their personal data for the purpose of sending marketing offers, in accordance with this privacy policy.

The service provider does not send unsolicited messages, and the user may unsubscribe at any time without restriction or justification and free of charge. In this case, the service provider will delete all personal data required for sending advertising messages and will no longer contact the user. Users can unsubscribe via the link provided in the newsletter.

Scope of Data Collected, Purpose of Processing:

Personal DataPurpose of Data Processing
Name, email addressIdentification and enabling newsletter subscription
Subscription dateTechnical operation
IP address at time of subscriptionTechnical operation

Data Subjects: All users who subscribe to the newsletter.

Purpose: To send promotional emails (newsletters) to the data subject, and to inform them about current news, products, promotions, and new features.

Duration of Processing: Until the withdrawal of consent, i.e., until the user unsubscribes.

Authorized Personnel: The personal data may be processed by the data controller’s sales and marketing staff in compliance with the above principles.

Rights of the Data Subject:

  • The data subject may request access to, rectification, deletion, or restriction of processing of their personal data.
  • They may object to the processing of their personal data.
  • They have the right to data portability and to withdraw their consent at any time.

Requests regarding personal data (access, deletion, modification, restriction, portability, objection) can be made via:

  • Postal mail: Voxinfo Ltd., 1037 Budapest, Bécsi út 269.
  • Email: support@europe-vignette.eu

The data subject may unsubscribe from the newsletter at any time, free of charge.

Legal Basis: Data subject’s consent under Article 6(1)(a) and (f) of the GDPR, and Section 6(5) of Act XLVIII of 2008 on Advertising:

The advertiser, advertising service provider, or publisher shall keep a record of those who have provided consent. Personal data recorded in this registry may only be processed according to the consent and until it is withdrawn, and may only be disclosed to third parties with prior consent of the data subject.

Please Note:

  • Data processing is based on your consent and the legitimate interest of the service provider.
  • You are required to provide your personal data if you wish to receive the newsletter.
  • Failure to provide data will result in our inability to send you the newsletter.

Complaint Management and Customer Service

To ensure full communication with customers, we provide a Contact Center.

The “Service Provider” or “Operator” is Daktela s.r.o., officially registered at:

Vinohradská 2828/151, Praha 3 – Žižkov, 130 00, ID No. 27232263, VAT No. CZ27232263, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert 106338. Phone: +420 226 211 245, Website: http://www.daktela.com, Email: daktela@daktela.com.

Fact of data collection, scope of data processed, and purpose of data processing:

Personal DataPurpose of Data Processing
Full nameIdentification, contact.
Email addressIdentification, contact.
Phone numberIdentification, contact, SMS Service.
License plateIdentification
Billing name and addressIdentification, handling of quality complaints, inquiries, and issues related to ordered products.

Scope of data subjects: All individuals who make purchases through the website and file quality complaints.

Duration of data processing and data deletion deadline: According to Section 17/A (7) of Act CLV of 1997 on Consumer Protection, records of complaints and responses must be retained for 5 years.

Potential data controllers authorized to access the data and recipients of personal data: The personal data may be handled by the Service Provider’s sales and marketing personnel in compliance with the above principles.

Rights of data subjects concerning data processing:

  • The data subject may request access, rectification, deletion, or restriction of their personal data from the data controller.
  • The data subject has the right to data portability and to withdraw consent at any time.

Data access, deletion, modification, or restriction of processing, and data portability may be requested by:

  • Postal mail: Voxinfo Kft., 1037 Budapest, Bécsi út 269.
  • Email: support@europe-vignette.eu

Legal basis of data processing: The data subject’s consent under Article 6(1)(c) of the GDPR and Section 17/A (7) of Act CLV of 1997 on Consumer Protection.

Please note that:

  • Providing personal data is a legal obligation.
  • Processing of personal data is a prerequisite for entering into a contract.
  • You are required to provide personal data to allow us to process your complaint.
  • If data is not provided, we will be unable to handle your complaint.

Customer Relations and Other Data Processing

If you have questions or issues while using our services, you can contact the data controller via the methods provided on the website (phone, email, social media, etc.).

Messages, emails, and data provided through phone or social media (e.g., Facebook), including the inquirer’s name, email address, and other voluntarily provided data, will be deleted no later than 2 years after receipt.

For data processing not listed in this notice, information will be provided at the time of data collection.

In case of requests by authorities or organizations authorized by law, the Service Provider is obligated to provide data or documents. Only the data necessary to fulfill the request will be disclosed, and only to the extent required.

Rights of the Data Subjects

Right of Access: You have the right to obtain confirmation as to whether your personal data is being processed, and access to such data and relevant information.

Right to Rectification: You may request the correction of inaccurate data and the completion of incomplete data.

Right to Erasure: You may request the erasure of your personal data without undue delay under specific conditions.

Right to Be Forgotten: If personal data was made public, reasonable steps will be taken to inform other controllers to erase any links to or copies of the data.

Right to Restriction of Processing: You can request restriction if:

  • You contest the accuracy of the data;
  • The processing is unlawful and you oppose deletion;
  • The controller no longer needs the data but you need it for legal claims;
  • You have objected to processing and it is under review.

Right to Data Portability: You may request your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

Right to Object: You may object at any time to processing based on legitimate interest or public authority.

Right to Object to Direct Marketing: You may object to processing for direct marketing purposes, including profiling related to such marketing.

Right Not to Be Subject to Automated Individual Decision-Making: You have the right not to be subject to decisions based solely on automated processing, including profiling, that significantly affects you.

This does not apply if:

  • It is necessary for contract performance;
  • It is authorized by law that includes suitable safeguards;
  • You have given explicit consent.

Deadline for Action

The controller shall respond without undue delay, but within 1 month of receiving the request. This may be extended by 2 months if necessary, in which case you will be notified within 1 month with reasons for the delay.

If no action is taken, you will be informed of the reasons and your right to file a complaint with a supervisory authority or seek judicial remedy.

Data Security

The controller and processor implement appropriate technical and organizational measures, including:

  • Pseudonymization and encryption;
  • Ensuring ongoing confidentiality, integrity, and availability of systems;
  • Restoration capabilities in case of incidents;
  • Regular testing and evaluation of security measures.

Notification of a Data Breach

If the breach is likely to result in high risk to your rights and freedoms, you will be informed without undue delay. The notification must include:

  • The nature of the breach;
  • Contact details of the data protection officer or contact point;
  • Likely consequences of the breach;
  • Measures taken or proposed to address it.

You may not be notified if:

  • Appropriate measures (e.g. encryption) render the data unintelligible;
  • Further measures eliminate the risk;
  • Notification would require disproportionate effort, in which case public communication is used.

The supervisory authority may require notification if it considers the risk significant.

Reporting a Data Breach to Authorities

The controller shall report a breach to the supervisory authority within 72 hours unless the breach is unlikely to result in a risk to rights and freedoms. If the report is delayed, reasons must be provided.

Right to Lodge a Complaint

If you believe your rights have been violated, you may lodge a complaint with:

National Authority for Data Protection and Freedom of Information

Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Mailing Address: 1530 Budapest, P.O. Box: 5.

Phone: +36-1-391-1400

Fax: +36-1-391-1410

Email: ugyfelszolgalat@naih.hu

Closing Remarks

This privacy notice has been prepared in accordance with the following laws and regulations:

  • Regulation (EU) 2016/679 (GDPR) – Protection of natural persons regarding personal data processing;
  • Act CXII of 2011 on Information Self-Determination and Freedom of Information (Infotv.);
  • Act CVIII of 2001 on Electronic Commerce and Information Society Services (especially Section 13/A);
  • Act XLVII of 2008 on the Prohibition of Unfair Commercial Practices against Consumers;
  • Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising;
  • Act XC of 2005 on Electronic Freedom of Information;
  • Act C of 2003 on Electronic Communications (especially Section 155);
  • Opinion No. 16/2011 on EASA/IAB best practices for behavioral online advertising;
  • Recommendations of the National Authority for Data Protection and Freedom of Information on prior information obligations.

Date: 02/03/2026

Voxinfo Kft.