Data protection

BPW-Hungária Kft. (H-9700 Szombathely, Körmendi út 98., the ‘controller’) as the operator of the website bpw.hu accepts the content of the present legal statement as binding. It undertakes to perform data processing in connection with its activity in accordance with the requirements set forth in this code and legislation in effect.
BPW-Hungária Kft. is committed to protect the personal data of its clients and partners and the visitors of its website (together referred to as ‘user’), with special emphasis on the users’ right of informational self-determination. BPW-Hungária Kft, as the controller of this website, shall treat personal data confidentially and take all security, technical and organisation measures to ensure data security.
The controller, in this document, outlines its data processing principles, the activities and rules relating to data processed by the site. The data processing principles connected to the website operation comply with the relevant data protection legislation in effect, particularly with:
Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (the ‘Privacy Act’);
Act CVIII of 2001 on certain issues of electronic commerce activities and information society services (the ‘Act on E-Commerce’);
Act XLVIII of 2008 on Essential Conditions of and Certain Limitations to Business Advertising (the ‘Advertising Act’).

1., Definitions

1.1. ‘data subject’ shall mean any defined natural person identified or identifiable directly or indirectly on the basis of personal data;
1.2. 'personal data' shall mean any information relating to the data subject in particular by reference to an identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural or social identity; or any conclusion relating to the data subject that might be drawn therefrom;
1.3. 'the data subject's consent' shall mean any freely given specific and informed indication of his/her wishes by which the data subject signifies his/her agreement to personal data relating to him/her being processed, wholly or partly;
1.4. ‘the data subject’s objection’ shall mean a declaration made by the data subject objecting to the processing of his/her personal data and requesting the termination of data processing, as well as the deletion of the data processed;
1.5. 'controller' shall mean the natural or legal person, or unincorporated body which alone or jointly with others determines the purposes of the processing of data, makes decisions regarding data processing (including the means) and implements such decisions itself or engages a data processor to execute them;
1.6. ‘processing of data’ shall mean any operation or set of operations that is performed upon data, whether or not by automatic means, such as in particular collection, recording, organization, storage, adaptation or alteration, use, retrieval, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction, and blocking them from further use, photographing, sound and video recording, and the recording of physical attributes for identification purposes (such as fingerprints and palm prints, DNA samples and retinal images) ;
1.7. ‘disclosure by transmission’ shall mean making data available to a specific third party;
1.8. ‘public disclosure’ shall mean making data available to the general public;
1.9. ‘erasure of data’ shall mean the destruction or elimination of data sufficient to make them irretrievable;
1.10. ‘tagging data’ shall mean marking data with a special ID tag to differentiate it;
1.11. ‘blocking of data’ shall mean the marking of stored data with the aim of limiting their processing in future permanently or for a predetermined period;
1.12. ‘destruction of data’ shall mean the complete physical destruction of the medium containing data;
1.13. ‘data process’ shall mean performing technical tasks in connection with data processing operations, irrespective of the method and means used for executing the operations, as well as the place of execution, provided that the technical task is performed on the data;
1.14. ‘data processor’ shall mean any natural or legal person or organisation without legal personality processing the data on the grounds of a contract, including contracts concluded pursuant to legislative provisions;
(e) 'processor' shall mean a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
1.15.‘third party’ shall mean any natural or legal person or unincorporated organization other than the data subject, the controller or the processor
1.16. ‘third country’ any State that is not an EEA State.


2., Data processing principles in website operation

Personal data may be processed under the following circumstances:
a) when the data subject has given his consent, or
b) when processing is necessary as decreed by law or by a local authority based on authorization conferred by law concerning specific data defined therein for the performance of a task carried out in the public interest (hereinafter referred to as ‘mandatory processing’).
Personal data may be processed also if obtaining the data subject’s consent is impossible or it would give rise to disproportionate costs, and the processing of personal data is necessary for compliance with a legal obligation pertaining to the data controller, or for the purposes of the legitimate interests pursued by the controller or by a third party, and enforcing these interests is considered proportionate to the limitation of the right for the protection of personal data.
Where personal data is recorded under the data subject’s consent, the controller shall - unless otherwise provided for by law - be able to process the data recorded where this is necessary:
a) for compliance with a legal obligation pertaining to the controller, or
b) for the purposes of legitimate interests pursued by the controller or by a third party, if enforcing these interests is considered proportionate to the limitation of the right for the protection of personal data, without the data subject’s further consent, or after the data subject having withdrawn his consent
Personal data may be processed only for specified and explicit purposes, where it is necessary for the exercising of certain rights and fulfilment of obligations. The purpose of processing must be satisfied in all stages of data processing operations; recording of personal data shall be done under the principle of lawfulness.
The personal data processed must be essential for the purpose for which it was recorded, and it must be suitable to achieve that purpose. Personal data may be processed to the extent and for the duration necessary to achieve its purpose.
Personal data may be processed only if the data subject signifies his/her agreement after obtaining proper information.
Prior to data processing being initiated the data subject shall be informed whether his consent is required or processing is mandatory. Before processing operations are carried out the data subject shall be clearly and elaborately informed of all aspects concerning the processing of his personal data, such as the purpose for which his data is required and the legal basis, the person entitled to control the data and to carry out the processing, the duration of the proposed processing operation, whether personal data is recorded under the data subject’s consent, for compliance with a legal obligation pertaining to the controller, or for the purposes of legitimate interests pursued by a third party, and the persons to whom his data may be disclosed. Information shall also be provided on the data subject’s rights and remedies
The accuracy and completeness, and the up-to-dateness of the data must be provided for throughout the processing operation, and shall be kept in a way to permit identification of the data subject for no longer than is necessary for the purposes for which the data were recorded.
Personal data may be transmitted to a data controller or processor operating in a third country, if the data subject has given his explicit consent, or the conditions laid down in Article 5 and 6 of the Privacy Act for data processing are satisfied and - save where Article 6(2) applies – the adequate level of protection of the personal data have been ensured in the third country during the course of the control and processing of the data transferred. Transfer of data to EEA Member States shall be considered as if the transmission took place within the territory of Hungary

3., Personal data processed and features of data processing

Data processing in connection with the activities of the website bpw.hu is based on voluntary consent. However, in some cases the processing, storage or transmission of certain data are set forth by law, about which the visitors, users are notified.

3/1. Data of bpw.hu website users
Purpose of the data processing: the web hosting service provider records users’ data during their visit to the website in order to monitor the operation of the service and to prevent misuse.
Legal basis of data processing: the consent given by the user or Article 13/A(3) of the Act on E-Commerce.
Data processed: date, time, user computer IP address, address of page visited, address of previous page visited, data in connection with the operating system and browser of the user.
The web analytics software and external server of Google Analytics assists the independent measuring and auditing of the website’s visitor information and other web analytics. Controllers shall be able to give detailed information on the processing of data at the address www.google-analytics.com.
External service providers place and read small data packages called cookies on the user’s computer to provide custom service.
In case the web browser returns a cookie previously saved, the service providers can associate the user’s current visit with the previous ones, but only in terms of their own content.
No web beacons are used at the website bpw.hu.

3/2. Data on making contact, application, requesting information at bpw.hu
Purpose of the data processing: making contact, keeping contact, requesting information.
Legal basis of data processing: the consent given by the user.
Data processed: name, e-mail address, phone number, subject and text of message, date and time, other personal data provided by the data subject.
Deadline of data erasure: when the purpose of data processing is terminated.

Erasure or modification of personal data may be requested:
► by post: BPW-Hungária Kft. H-9700 Szombathely, Körmendi út 98,
► by e-mail: bpw@bpw-hu.

4., Storage of personal data, and data processing

The information technology tools, data storage solutions of BPW-Hungária Kft. are located at the web hosting server operated by X-Meditor Kft. (H-9023 Győr, Csaba u. 21.) and Magyar Telekom Nyrt. (Company registry number: 01-10-041928) (data park: H-9021 Győr, Teleki László u. 36).

5., Controller’s data, contact data

Name: BPW-Hungária Kft. and its employees performing their tasks set forth in their job descriptions in connection with the given contract.
Registered seat: H-9700 Szombathely, Körmendi út 98
Online contact data: bpw@bpw.hu

6., Data processor’s data, contact data

Name: BPW-Hungária Kft. and its employees performing their tasks set forth in their job descriptions in connection with the given contract.
Registered seat: H-9700 Szombathely, Körmendi út 98
Online contact data: bpw@bpw.hu

7., Exercising users’ rights in connection with data protection, and the rights to remedies

The legal rights and obligations of users are determined by Articles 14 to 21 of the Privacy Act. As set forth in this Act, the user has the right to information and is entitled to request the erasure, rectification or blocking of his personal data. Detailed information on the rights and obligations can be obtained at this website: http://njt.hu/cgi_bin/njt_doc.cgi?docid=139257.296244 (Articles 14 to 21 of the Privacy Act)
The rights to remedies in connection with data processing: the rights to remedies of the user concerned are specified in Articles 22-23 of the Privacy Act: http://njt.hu/cgi_bin/njt_doc.cgi?docid=139257.296244
Detailed information on data processing may be requested from the website controller at the e-mail address bpw@bpw.hu, or from the National Authority for Data Protection and Freedom of Information (Seat: H-1125 Budapest Szilágyi Erzsébet fasor 22/c, Postal address: 1530 Budapest, Pf.: 5., Phone:+36 (1) 391-1400).
In case of violation of rights connected to the processing of personal data, complaints may be sent to and inspection may be initiated by the National Authority for Data Protection and Freedom of Information. Contact data:
Nemzeti Adatvédelmi és Információszabadság Hatóság
H-1024 Budapest, Szilágyi Erzsébet fasor 22/C.
Website: http://www.naih.hu