+36 (1) 320-2100

Data processing guide

Introduction

WWW.SCORPIO - SCORPIO Kft. (registered office: 1037 Budapest, Pomázi út 15., company registration number: 01-09-710253, tax number: 12194432-2-41, represented by Mrs Júlia Farkas Seres, e-mail: info@scorpio.hu) as the Service Provider undertakes to be bound by the contents of this Privacy Policy.

The primary purpose of this Policy is to provide the users of SCORPIO Kft.’s webshop - WWW.SCORPIO.HU - with all the information necessary to make a well-informed decision about the processing of their personal data.

SCORPIO Kft.’s aim in drafting this Privacy Policy is to define the range of personal data processed by the Service Provider and the method of processing; to ensure compliance with the constitutional principles of data protection and the requirements of data security, and to prevent unauthorised access to User data or alteration to such data and their unauthorised disclosure or use.

SCORPIO Kft.will handle all personal data received from Users confidentially and will take all necessary measures that promote the safe processing of data.

SCORPIO Kft. is committed to ensuring the protection of personal data.

In order to fulfil orders placed in the www.scorpio.hu webshop, SCORPIO Kft. needs certain personal data of its customers as without these the contract constituting the legal basis of the purchase cannot be concluded and thus an order cannot be placed.

Data processing is based on the freely given consent of the users of the online contents to be found on the www.scorpio.hu website given after receiving due information. This statement contains the users’ explicit consent to the use of their personal data disclosed in the course of using the website.

The personal data given in the course of ordering are also used by contractual partners providing the webshop service but sometimes the company performing the home delivery of goods also needs such data. SCORPIO Kft. will store its customers’ personal data for the period of time required to fulfil the order and for longer if this is necessary to fulfil other requirements related to the order.

In view of the above, in accordance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the ‘GDPR’), we provide the following information.

This Privacy Policy regulates the data processing of the following website:

www.SCORPIO.hu

The Privacy Policy is accessible on the following page: link

Any amendments to this Policy will enter into force upon publication on the above page.

Contact details of the data controller:

  1. Details of the Service Provider:

Company name: SCORPIO Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság
Abbreviated company name: Scorpio Kft.
Registered office: 1037 Budapest, Pomázi út 15.
Address of premises – shop: 1037 Budapest, Pomázi út 15.
Tax number: 12194432-2-41
Company registration number: 01-09-710253
Data processing registration number: NAIH-56149/2012
Issuing company court, Record office: Company Registry Court of Budapest-Capital Regional Court
Language of the contract: Hungarian
E-mail address: info@scorpio.hu

Telephone number: +36 (1) 320 -2100
Fax number: 06 1 349 7571

Name of shipping partner(s): GLS Kft. or ad-hoc shipper
Option for collection in person: 1037 Budapest, Pomázi út 15.
Orders are processed on weekdays between 8 am and 5 pm
Average time for fulfilling orders in working days: 1 to 3 working days
Webshop domain: www.scorpio.hu

Definitions

  1. ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  1. ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  1. ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
  1. ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
  1. ‘recipient’ means a natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law are not regarded as recipients; the processing of those data by those public authorities must be in compliance with the applicable data protection rules according to the purposes of the processing;
  1. ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
  1. ‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Principles relating to processing personal data

Personal data must be:

a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);

b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes must, in accordance with Article 89(1) of the GDPR, not be considered to be incompatible with the initial purposes (‘purpose limitation’);

c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);

d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);

e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);

f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

The controller is responsible for and must be able to demonstrate compliance with the above (‘accountability’).

Data processing

Data processing related to the operation of the webshop

  1. Fact of data collection, range of processed data and purpose of data processing:

Personal data

Purpose of data processing

User name

Making identification, registration possible.

Password

To ensure secure log-in to the user’s account.

Surname, given name

Required in order to establish contact, to make a purchase and to duly issue an invoice.

E-mail address

Communication.

Telephone number

Communication, effectively checking issues related to invoicing or delivery.

Invoicing name and address

To duly issue an invoice, to conclude the contract, to define or amend its contents, to monitor its fulfilment, to invoice resultant fees and to enforce related claims.

Name and address for delivery

To enable home delivery.

Date of purchase/registration

To carry out the technical transaction.

IP address at the time of purchase/registration

To carry out the technical transaction.

Neither the user name nor the e-mail address needs to contain any personal data.

  1. Range of data subjects: all data subjects who register or make a purchase on the website of the webshop.
  1. Duration of data processing, time-limit for erasure of data: immediately upon deleting registration, except for accounting documents, as such data must be retained for 8 years under Section 169(2) of Act C of 2000 on Accounting.

The accounting documents underlying the accounting records directly or indirectly (including ledger accounts, analytical records and registers) shall be retained for a minimum of eight years, and shall be legible and retrievable by means of the code of reference indicated in the accounting records.

  1. Identity of potential data controllers entitled to access data, recipients of personal data: personal data are accessed by the data controller’s sales and marketing personnel observing the above principles.
  1. Data subjects’ rights related to data processing:
  1. Data subjects can request access to personal data, the erasure and rectification of data, the restriction of data processing, the transfer of their data, and object to data processing by the following means:

Postal address: 1037 Budapest, Pomázi út 15.

E-mail address: info@scorpio.hu

Telephone number: +36 (1) 320 2100

Legal basis of data processing:

6.1.the data subject’s consent, Article 6(1)(a) of the GDPR, Section 5(1) of Act CXII of 2011 on Informational Self-Determination and Freedom of Information (‘Privacy Act’),

6.2.Section 13/A(3) of Act CVIII of 2001 on Certain Aspects of Electronic Commerce and Information Society Services (‘Electronic Commerce Act’):

[...] for the purpose of providing the service, the service provider may process personal data which are strictly necessary for the performance of the service for technical reasons. If the other conditions are met, the service provider shall at all times select and operate the means applied in the provision of an information society service ensuring that personal data are only processed provided this is strictly necessary for the performance of the service or in order to achieve other objectives set out in this Act, but only to the extent and for such time as is necessary.

6.3.if an invoice compliant with accounting legislation is issued, Article 6(1)(c) of the GDPR.

  1. Please note that

Data processors used

Shipment

  1. Activity performed by the data processor: delivery and transport of products
  1. Name and contact details of the data processor:

GLS Kft. or ad-hoc shipper

Name of courier service

GLS General Logistics Systems Hungary Csomag-Logisztikai Kft.

Address: 2351 Alsónémedi, GLS Európa u. 2.

E-mail address: info@gls-hungary.com

Company registration number: 13-09-111755

Tax number: 12369410-2-44

EU VAT registration number: HU12369410

  1. Fact of data processing, range of data processed:

name and address for delivery, telephone number, e-mail address.

  1. Range of data subjects: all data subjects requesting home delivery.
  1. Purpose of data processing: home delivery of ordered products.
  1. Duration of data processing, time-limit for the erasure of data: until the home delivery is completed.
  1. Legal basis of data processing: the User’s consent, Article 6(1)(a) of the GDPR, Section 5(1) of the Privacy Act.

Hosting provider

  1. 1. Activity performed by the data processor: hosting
  1. Name and contact details of the data processor:

Name of hosting company: EVOLUTIONET Szolgáltató és Kereskedelmi Kft.
Registered office/address of hosting provider: 7342 Mágocs, Széchenyi utca 75.
E-mail address of hosting provider: info@evolutionet.hu

  1. Fact of data processing, range of data processed: all personal data provided by the data subject.
  1. Range of data subjects: all data subjects using the website.
  1. Purpose of data processing: to provide access to the website and ensure its proper functioning.
  1. Duration of data processing, time-limit for the erasure of data: the data given by users are kept for 1 year from the date of purchase and thereafter the order is stored in a non-identifiable manner.
  1. Legal basis of data processing: the User’s consent, Section 5(1) of the Privacy Act, Article 6(1)(a) of the GDPR and Section 13/A(3) of Act CVIII of 2001 on Certain Aspects of Electronic Commerce and Information Society Services.

Use of cookies

  1. Cookies typical of webshops are cookies used for password-protected sessions, cookies necessary for the shopping cart and security cookies, which may be used without asking for the prior consent of data subjects.
  1. Fact of data processing, range of data processed: individual identification number, dates and times.
  1. Range of data subjects: all data subjects visiting the website.
  1. Purpose of data processing: to identify users, to record the shopping cart, and to monitor users.
  1. Duration of data processing, time-limit for the erasure of data:

Cookie type

Legal basis of data processing

Duration of data processing

Range of data processed

Session cookies

Section 13/A(3) of Act CVIII of 2001 on Certain Aspects of Electronic Commerce and Information Society Services (the ‘Electronic Commerce Act’)

The period until the end of the relevant visitor session

connect.sid

  1. Identity of potential data controllers entitled to access data: the data controller does not process personal data by using cookies.
  1. Data subjects’ rights related to data processing: data subjects can delete cookies usually under Privacy in the Tools/Settings menu of browsers.
  1. Most internet browsers are configured to accept cookies without separate user intervention and/or notice. Certain cookies are indispensable for the operation of the site, while others are used in order to enhance performance and user experience. You can change these settings in order to block cookies or may request a warning when a website visited by you sets cookies on your device.

There are numerous ways to manage cookies:

You will find information on how to set cookies for the most popular browsers below:

  1. Legal basis of data processing: the consent of the data subject is not required if the sole purpose of the use of cookies is the transmission of a communication over an electronic communications network or they are strictly necessary for the service provider to provide an information society-related service specifically requested by the subscriber or user.
  1. Nevertheless, please note that sometimes certain website functions or services may not function properly without the use of cookies.

Use of Google AdWords conversion tracking

  1. The data controller uses the online advertising program ‘Google AdWords’ and in particular Google’s conversion tracking service. Google conversion tracking is an analysis service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; ‘Google’).
  1. When the User reaches a website via a Google advert, a cookie for conversion tracking is placed on the User’s computer. The validity of these cookies is restricted and they do not contain any personal data, thus the User cannot be identified through them.
  1. When the User browses certain pages of the website and the cookie has not expired yet, both Google and the data controller can see that the User has clicked on the advert.
  1. Each Google AdWords customer receives a different cookie, thus they cannot be tracked through the websites of the AdWords customers.
  1. The information obtained through conversion tracking cookies is used to prepare conversion statistics for customers choosing AdWords conversion tracking. In this way customers receive information about the number of users who clicked on the ads and were forwarded to a site with a conversion tracking label. However, no information is transmitted that would enable the identification of users.
  1. If you do not wish to take part in conversion tracking, you may opt out by blocking the option of installing cookies in your browser. Thereafter you will not appear in the conversion tracking statistics.
  1. Further information as well as Google’s privacy policy is accessible on the following website: www.google.de/policies/privacy/

Use of Google Analytics

  1. This website uses the application Google Analytics, which is the web analysis service of Google Inc. (‘Google’). Google Analytics uses cookies, which are text files saved onto computers, thus aiding the analysis of the use of the website visited by the User.
  1. Information generated by the cookies in relation to the website used by the User is usually transmitted and stored on one of Google’s servers in the US. By activating IP anonymity on websites, Google previously abbreviates the User’s IP address within the EU member states or other states party to the Agreement on the European Economic Area.
  1. Transmission of the entire IP address to Google’s US server and abbreviating it there only happens in exceptional cases. On behalf of the operator of this website, Google uses this information to assess how the User used the website and to make reports to the operator of this website about activity on the website as well as performing other services related to the use of the website and the internet.
  1. Within the framework of Google Analytics, Google does not connect the IP address transmitted by the User’s browser with other data. The User may prevent the storage of cookies by making the right settings in the browser but it is worth noting that in this case it is possible that some functions of the website may not be fully used. The User may also prevent Google collecting and storing User data related to the use of the website through the cookies (including the IP address) by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=hu

Newsletter, DM activity

  1. Pursuant to Section 6 of Act XLVIII of 2008 on the Basic Requirements of and Certain Restrictions on Commercial Advertising Activity, the User may grant explicit prior consent to being approached by the Service Provider with advertising offers and other mail sent to the contact details given at the time of registration.
  1. Furthermore, bearing the provisions of this Privacy Policy in mind, the Customer may grant consent to the Service Provider processing his or her personal data necessary for sending advertising offers.
  1. The Service Provider does not send unsolicited commercial communications and the User may unsubscribe from being sent offers without any restriction or giving any reason free of charge. In this case the Service Provider deletes all the User’s personal data required for sending commercial messages from its records and will not contact the User with further advertising offers. The User may unsubscribe from being sent advertisements by clicking on the link in the message.
  1. Fact of data collection, range of processed data and purpose of data processing:

Personal data

Purpose of data processing

Name, e-mail address

Making identification, and subscription to the newsletter possible.

Date of subscription

To carry out the technical transaction.

IP address at the time of subscription

To carry out the technical transaction.

  1. Range of data subjects: all data subjects subscribing to the newsletter.
  1. Purpose of data processing: sending electronic messages containing advertisements (e-mail, sms text message, push message) to the data subject, providing information about current news, products, campaigns, new functions, etc.
  1. Duration of data processing, time-limit for the erasure of data: until the withdrawal of consent, i.e. until the user unsubscribes.

  1. Identity of potential data controllers entitled to access data, recipients of personal data: personal data are accessed by the data controller’s sales and marketing personnel observing the above principles.

  1. Data subjects’ rights related to data processing:
  1. Data subjects can request access to personal data, the erasure and rectification of data, the restriction of data processing, the transfer of their data, and object to data processing by the following means:

Postal address: 1037 Budapest, Pomázi út 15.

E-mail address: info@scorpio.hu

Telephone number: +36 (1) 320 2100

  1. The data subject may unsubscribe free of charge from the newsletter at any time.
  1. Legal basis of data processing: the User’s consent, Article 6(1)(a) of the GDPR, Section 5(1) of the Privacy Act, and Section 6(5) of Act XLVIII of 2008 on the Basic Requirements of and Certain Restrictions on Commercial Advertising Activity:

Advertisers, advertising service providers and publishers of advertising shall maintain records on the personal data of persons who provided the statement of consent to the extent specified in the statement. The data contained in the aforesaid records relating to the recipient of the advertisement may be processed only in accordance with the statement of consent until consent is withdrawn and may be disclosed to third parties only with prior consent of the person concerned.

  1. Please note that

Complaint handling

  1. Fact of data collection, range of processed data and purpose of data processing:

Personal data

Purpose of data processing

Surname, given name

Identification, communication.

E-mail address

Communication.

Telephone number

Communication.

Invoicing name and address

Identification, handling objections about the quality of ordered products, as well as questions and problems.

  1. Range of data subjects: all data subjects shopping in the website’s webshop and raising a quality objection or complaint.
  1. Duration of data processing, time-limit for the erasure of data: copies of the record made of the objection, the transcription and the response given must be kept for 5 years pursuant to Section 17/A(7) of Act CLV of 1997 on Consumer Protection.

  1. Identity of potential data controllers entitled to access data, recipients of personal data: personal data are accessed by the data controller’s sales and marketing personnel observing the above principles.

  1. Data subjects’ rights related to data processing:
  1. Data subjects can request access to personal data, the erasure and rectification of data, the restriction of data processing, the transfer of their data, and object to data processing by the following means:

Postal address: 1037 Budapest, Pomázi út 15.

E-mail address: info@scorpio.hu

Telephone number: +36 (1) 320 2100

  1. Legal basis of data processing: the User’s consent, Article 6(1)(c) of the GDPR, Section 5(1) of the Privacy Act and Section 17/A(7) of Act CLV of 1997 on Consumer Protection.
  1. Please note that

Social media sites

  1. Fact of data collection, range of data processed: name registered on the Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc. social media sites and the public profile picture of the user.
  1. Range of data subjects: all data subjects who registered on the Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc. social media sites and ‘liked’ the page.
  1. Purpose of data collection: Sharing, ‘liking’, popularising on social media sites certain content elements, products, campaigns of the website or the website itself.
  1. Duration of data processing, time-limit for the erasure of data, identity of potential data controllers entitled to access data, and data subjects’ rights related to data processing: data subjects can find information about the source of data, processing data, and the method of and legal basis for transferring data on the social media site in question. Data processing occurs on the social media sites and thus the policy of the social media site in question applies to the duration and method of data processing, and the options for erasing or changing data.
  1. Legal basis of data processing: the User’s freely given consent to his or her personal data being processed on the social media sites.

Customer relations and other data processing

  1. Should the data subject have any questions or problems in the course of using our services concerning data processing, the data controller can be contacted by the means described on the website (by phone, e-mail, social media sites, etc.).

Postal address: 1037 Budapest, Pomázi út 15.

E-mail address: info@scorpio.hu

Telephone number: +36 (1) 320 2100

  1. The data controller deletes incoming e-mails, messages, data provided by phone or Facebook, etc. together with the name and e-mail address of the user and any other freely given personal data at most 2 years after the time of providing the data.
  1. Information on data processing not given in this Policy is provided when the data are received.
  1. In response to exceptional requests by the authorities or, when authorised by legislation, by other entities, the Service Provider is obliged to provide information and to disclose and transfer data, or to make documents available.
  1. In such cases the Service Provider provides personal data – provided the precise purpose and range of data has been specified – to the authority only in the amount and to the extent that is strictly necessary for the purpose of the request.

The data subject’s rights:

  1. Right of access

You are entitled to obtain confirmation from the data controller as to whether your personal data are currently being processed and, if that is the case, you are entitled to access your personal data and the information specified by law.

  1. Right to rectification

You are entitled to have your data rectified due to any inaccuracy by the data controller at your request without undue delay. Considering the purpose of the data processing, you are entitled to request that incomplete personal data are completed, including by means of providing a supplementary statement.

  1. Right to erasure

You are entitled to have your personal data erased by the data controller at your request without undue delay and the controller is under an obligation to erase relevant personal data without undue delay when certain conditions exist.

  1. Right to be forgotten

If the data controller has disclosed personal data which it is obliged to erase, it will take reasonable steps, including technical measures, taking account of available technology and the cost of implementation, to inform data controllers processing your data that you have requested the erasure of links to the relevant personal data or of copies of those personal data.

  1. Request to restrict processing

You are entitled to request the data controller to restrict the processing of your data where one of the following conditions applies:

  1. Right to data portability

You are entitled to receive your personal data, which you have provided to a data controller, in a structured, commonly used and machine-readable format and to transmit those data to another data controller without hindrance from the data controller to which the personal data have been provided.

  1. Right to object

You are entitled to object to the processing of your data on grounds relating to your particular situation at any time, including profiling based on the aforementioned provisions.

  1. Objection to direct marketing

Where personal data are processed for direct marketing purposes, you are entitled to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to the processing of your personal data for direct marketing purposes, your personal data may no longer be processed for such purposes.

  1. Automated individual decision-making, including profiling

You are entitled not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

The previous paragraph will not apply if the decision

Deadline for taking measures

The data controller will inform you of the measures taken in response to the above requests without undue delay and in any event within 1 month of receipt of the request.

If necessary, this period may be extended by 2 months. The data controller will inform you of any such extension together with the reasons for the delay within 1 month of receipt of the request.

If the data controller does not take action in response to your request, it will inform you of the reasons for not taking action without undue delay but within one month of receipt of the request at the latest, and advise you of the option of lodging a complaint with a supervisory authority and seeking a judicial remedy.

Security of data processing

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the data controller and the data processor must implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

a) the pseudonymisation and encryption of personal data;

b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

c) the ability to restore the availability of and access to personal data in a timely manner in the event of a physical or technical incident;

d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

Communication of a personal data breach to the data subject

When a personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the data controller must communicate the personal data breach to the data subject without undue delay.

The communication to the data subject must describe in clear and plain language the nature of the personal data breach, and communicate the name and contact details of the data protection officer or other contact point where more information can be obtained; describe the likely consequences of the personal data breach, and describe the measures taken or proposed to be taken by the data controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

The data subject does not have to be informed if any of the following conditions are met:

If the data controller has not already communicated the personal data breach to the data subject, the supervisory authority, having considered the likelihood of the personal data breach resulting in a high risk, may require it to do so.

Notification of a personal data breach to the supervisory authority

In the case of a personal data breach, the data controller will without undue delay and, where feasible, not later than 72 hours after having become aware of it notify the personal data breach to the competent supervisory authority in accordance with Article 55 of the GDPR unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it must be accompanied by reasons for the delay.

Right to complaint

In the event of the data controller’s potential infringement of the law, a complaint may be lodged to the Hungarian National Authority for Data Protection and Freedom of Information:

Nemzeti Adatvédelmi és Információszabadság Hatóság (Hungarian National Authority for Data Protection and Freedom of Information)

1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Postal address: 1530 Budapest, Pf.: 5.

Telephone: +36-1-391-1400

Fax: +36-1-391-1410

E-mail: ugyfelszolgalat@naih.hu

Endnote

In compiling this Privacy Policy, the following laws have been taken into account:

- REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

- Act CXII of 2011 on informational self-determination and freedom of information (‘Privacy Act’)

- Act CVIII of 2001 on certain aspects of electronic commerce and information society services (particularly Section 13/A)

- Act XLVII of 2008 on the prohibition of unfair commercial practices against consumers

- Act XLVIII of 2008 on the basic requirements of and certain restrictions on commercial advertising activity (particularly Section 6)

- Act XC of 2005 on the freedom of electronic information

- Act C of 2003 on electronic communications (in particular Section 155)

- Opinion 16/2011 on EASA/IAB Best Practice Recommendation on Online Behavioural Advertising

- Recommendation of the Hungarian National Authority for Data Protection and Freedom of Information on the data protection requirements of preliminary information

- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

Dated: Budapest, May 24, 2018

__________________________

SCORPIO Kft.

Mrs Júlia Farkas Seres,

Managing Director