Data Processing Policy

Created: 25th May 2018

Dear Reader,

WHAT IS THIS POLICY ABOUT?

The foundation of our agency is the trust of our Customers, therefore it is crucial to us that you know your data is secure with us.

The aim of this policy is to assess the data protection and processing principals applied by RÓZSA PR ÜGYNÖKSÉG KFT. (the controller) and the data protection and processing policy of our company which are fully acknowledged by us as a legally binding document.

This policy covers the web sites of the controller, the means of contacting Customers through the web sites, other means of communication with persons asking for quotation and processing of contracting and accounting data of our Customers.

Further aim of this policy is to inform Data subjects in a comprehensible and concise language about the following:

  • The type of data processed (that is what kind of data is handled by us),
  • Means of obtaining, processing and protecting data,
  • Legal basis of processing data (the basis of obtaining data)
  • Duration of storing data (how long data is processed and when it will be deleted),
  • Data security and,
  • Customer rights. (what rights Customer have regarding data handled by our company)

The the controller acknowledges that Data processing and Protection is conducted based on the General Data Protection Regulation (Regulation 2016/679. – „GDPR”) of the European Union and Act CXII of 2011 on Informational Self-Determination and Freedom of Information.

The the controller acknowledges to be bound by the regulations of the current policy, which has been written based on the legal regulation in force.

The the controller publishes current data protection policy on their own website under Data Protection Policy menu.

Websites operated by the controller:

www.rozsapr.hu

www.oroszbal.hu

www.musicalszilveszter.hu

The the controller pertains the right to change current policy but is liable to make its content public.

CONTROLLER

Name:                                                  RÓZSA PR ÜGYNÖKSÉG KFT.

Seat:                                                     1027 Budapest, Csalogány utca 3/c

Office and mailing address:             1066 Budapest, Teréz krt. 38.

Phone:                                                 +36 1 413 0745

mobile phone number:                     +36 30 948 9638

E-mail:                                                  media@rozsapr.hu
Representative:                                  György Rózsa B.
Tax number:                                      12006405-2-41
Company registration number:  Cg. 01-09-366889

DATA PROTECTION OFFICER

The the controller does NOT pursue any activity that would require the services of a Data Protection Officer.

terminology

‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

‘the controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

„website” or „web pages”internet pages and media maintained by the controller.

WHAT DATA DO WE HANDLE, WITH WHAT PURPOSE, RIGHTS AND DURATION REGARDING PROCESSING AND STORING DATA.

The main activity of RÓZSA PR ÜGYNÖKSÉG KFT. is the organization of balls. RÓZSA PR ÜGYNÖKSÉG KFT. is both receiver of services and organizer.

To ensure that we comply with GDPR, we inform recipient as per Ch. III., Section 2, Article 14 of the GDPR in each case we receive his/her personal data from a third party:

  1. a) Name and contact of the controller and data protection officer – if any;
    b) Contact of data protection officer – if any;
    c) Purpose and legal basis of possible data processing;
    d) Categories of personal data in question;
    e) Recipients of personal data and categories of Recipient if any;

Purpose of data processing with the consent of data subject: provision of services, completion certificate, proof of order and compliance with legal obligations (e.g. invoicing). Within the boundaries of obligatory data handling, the controller fulfills his/her legal obligations concerning the processing of data for a specified period of time, for the data that is mandatory for the applicable legislation. The the controller is not liable for the authenticity of data.

DATA PROCESSING

DATA OF CONTRACTING PARTNERS – CONTACT DATA
Personal data of the contact person is processed within the boundaries of communication with contracting partners

Processed data: name, phone, e-mail address
Purpose of data processing: Communication and data necessary for contracting.
Legal basis of data processing: Data necessary for performance of the contract (Article 6 (1) (b) of 2016/679 (GDPR))
Duration of data processing: 5 years after termination of order and contracts (according to statutory regulations).

Data processing: in a lockable room, on a firewall and password-protected computer. Service can only be used with user name and password. Service is to be accessed through “https” protocol.

INVITEE DATA – PAYER
The main activity of RÓZSA PR ÜGYNÖKSÉG KFT. is the organization of balls. RÓZSA PR ÜGYNÖKSÉG KFT. is both receiver of services and organizer of these. Our company handles the personal data of invitees.

Processed data: Name, phone, e-mail, address
Purpose of data processing: Data essential for performance of the contract.
Legal basis of data processing: Data necessary for performance of the contract (Article 6 (1) (b) of 2016/679 (GDPR))
Duration of data processing: 5 years after termination of orders, contracts (according to statutory regulations).
Data processing: in a lockable room, on a firewall and password-protected computer. The service can only be used with user name and password. Service is to be accessed through „https” protocol. Data storage servers are placed in protected server rooms, their physical access is possible under strict control only. Our server administrator partner complies with and is responsible for meeting the requirements of GDPR.

INVITEE DATA – ONLINE TICKET ORDER
The main activity of RÓZSA PR ÜGYNÖKSÉG KFT. is the organization of balls. RÓZSA PR ÜGYNÖKSÉG KFT. is both receiver of services and organizer of these. Our company handles the personal data of invitees.

Processed data: Name, phone, e-mail, address, national tax number
Purpose of data processing: Data essential for performance of the contract.
Legal basis of data processing: Data necessary for performance of the contract (Article 6 (1) (b) of 2016/679 (GDPR))
Duration of data processing: 5 years after termination of orders, contracts (according to statutory regulations).
Data processing: in a lockable room, on a firewall and password-protected computer. The service can only be used with user name and password. Service is to be accessed through „https” protocol. Data storage servers are placed in protected server rooms, their physical access is possible under strict control only. Our server administrator partner complies with and is responsible for meeting the requirements of GDPR.

INVITEE DATA – PAYER, VIA SIMPLEPAY
The main activity of RÓZSA PR ÜGYNÖKSÉG KFT. is the organization of balls. RÓZSA PR ÜGYNÖKSÉG KFT. is both receiver of services and organizer of these. Our company handles the personal data of invitees.

Processed data: Name, phone, e-mail, address, bank card data
Purpose of data processing: Data essential for performance of the contract.
Legal basis of data processing: Data necessary for performance of the contract (Article 6 (1) (b) of 2016/679 (GDPR))
Duration of data processing: 5 years after termination of orders, contracts (according to statutory regulations).
Data processing: in a lockable room, on a firewall and password-protected computer. The service can only be used with user name and password. Only the „https” protocol can access the service. Data storage servers are placed in protected server rooms, their physical access is possible under strict control only. Our server administrator partner complies with and is responsible for meeting the requirements of GDPR.

INVITEE DATA – ATTENDANT
The main activity of RÓZSA PR ÜGYNÖKSÉG KFT. is the organization of balls. RÓZSA PR ÜGYNÖKSÉG KFT. is both receiver of services and organizer of these. Our company handles the personal data of invitees.

Processed data: Name, phone, e-mail, address
Purpose of data processing: Data essential for performance of the contract.
Legal basis of data processing: consent of data subject. (Article 6/ 1a of 2016/679 (GDPR))
Duration of data processing: data of persons not requesting further information are revised and deleted after each ball.
Data processing: in a lockable room, on a firewall and password-protected computer. The service can only be used with user name and password. Service is to be accessed through „https” protocol. Data storage servers are placed in protected server rooms, their physical access is possible under strict control only. Our server administrator partner complies with and is responsible for meeting the requirements of GDPR.

STORING AND HANDLING OF DATA SENT TO ONE OF THE E-MAIL ADDRESSES NOT CONNECTED TO THE PROVIDED SERVICES.

Processed data: e-mail address, name, phone, if writer has shared this information.
Purpose of data processing: communication.
Legal basis of data processing: consent of data subject. (Article 6/ 1a of 2016/679 (GDPR))
Duration of data processing: Within 120 days of the closure of the case referred to in the request, revision and termination is carried out if the case is closed, unless the controller has a legitimate right to the further handling of the Personal Data, until it is in the legitimate interest of the controller.

HANDLING OF OTHER DATA

Processing activities not listed in this policy are provided when data is included. Controller may be contacted for information-, data provision or transfer and filing of documents by the Court, a public prosecutor, a detective authority, an authority dealing with administrative offences, an administrative authority, the National Authority of Data Protection and Freedom of Information or other authorities if empowered by law. To public authorities, if the authority indicates the exact purpose and scope of the data, it publishes personal data only to the extent that it is indispensable to achieve the purpose of the request.

HANDLING OF Cookies

ROLES OF COOKIES

Cookies collect information about visitors and their tools; store the custom settings of visitors, which may be used (e.g. in case of online transactions, so they do not need to be typed again; simplify the use of the website; ensure quality user experience.

To provide a tailor-made service, a small data packet, a so called cookie is placed on the user’s computer, and is read during a later visit to the website. If the browser returns a previously saved cookie, the cookie operator can link the user’s current visit with the past ones, regarding their own content.

ESSENTIAL SESSION COOKIES

The purpose of these cookies is to allow the visitors to browse the web pages of the controller fully and without issues, to use its functions and the available services. The validity of these of cookies expires at end of the session (browsing), and by closing the browser, they are automatically deleted from the computer or other device used for browsing.

 

THIRD PARTY COOKIES (ANALIYICS)

Google Analytics as third-party cookies are used on the web pages of the controller. Controller collects information about the way visitors use the company’s web pages for statistical purposes using Google Analytics. Collected data is used to improve the site and user experience. These cookies will remain in the browser of Visitor’s PC or other browser of other device, until they are cancelled.

 

LIST OF COOKIES ON THE CONTROLLER WEB SITE

Name Service provider Detailed description Expiry Type
_ga Google.com Google Analytics cookies are used to measure traffic on our website. A single text bar will be saved to identify the browser, the time stamp of the interactions, and the browser / source page that policy the user to our website. 2 years does not collect personal data
_gat Google.com Google Analytics cookies are used to measure traffic on our website. A single text bar will be saved to identify the browser, the time stamp of the interactions, and the browser / source page that policy the user to our website. 2 years does not collect personal data
_gid Google.com Google Analytics cookies are used to measure traffic on our website. A single text bar will be saved to identify the browser, the time stamp of the interactions, and the browser / source page that policy the user to our website. 2 year does not collect personal data
_icl_current_language websites of Rózsa PR Supports the selected language of the page. 24 hours does not collect personal data
woocommerce_items_in_cart websites of Rózsa PR This site helps to keep the contents of the basket while shopping. one-time access does not collect personal data
wp_woocommerce_session websites of Rózsa PR Supports purchase on the site. 48 hours does not collect personal data
wpml_referer_url websites of Rózsa PR URL of previously viewed page 24 hours does not collect personal data
woocommerce_cart_hash websites of Rózsa PR This site helps to keep the contents of the basket while shopping one-time access does not collect personal data

Understanding the rights of Data subjects involved in data management: Data subjects may delete cookies from the Tools / Preferences menu of browsers, usually found under menu point Data processing.

Legal basis of data processing: No consent is required from Data subjects if the exclusive purpose of the use of cookies is the need to provide information through the electronic communication network or if the information is essential for the service related to the network society expressly requested by the subscriber or user and is provided by the controller.

About GOOGLE ANALYTICS APPLICATION – SUPPLEMENT

The websites of RÓZSA PR ÜGYNÖKSÉG KFT. use the Google Analytics application, a Google Inc. (“Google”) web analytics service. Google Analytics uses so called “cookies” or text files that are saved to your computer to help the analysis of web pages visited by User.

Information generated by the cookies associated with a web site visited by User is usually saved and stored on a server of Google in the US. By activating IP anonymization on the web, Google abbreviates the IP address of the User within the Member States of the European Union or in other States taking part in the Agreement on the European Economic Area in advance.

Sending of the complete IP address to Google’s US vending server and its alteration will take place in exceptional cases only. Google will use this information to evaluate User activities on the Website on behalf of the operator of this site, to create reports related to the activity on the website and to perform additional services related to website and Internet usage.

Within Google Analytics, the IP address transmitted by the user’s browser is not associated with other Google data. The storage of cookies can be prevented by modification of the Browser’s settings. Please note that in this case, you may not be able to use all features of this website. You can also prevent Google from collecting and processing cookie information (including IP address) about User’s site usage by downloading and installing the browser plug-in available on the link below. https://tools.google.com/dlpage/gaoptout?hl=hu

WHO MAY HAVE ACCESS TO THE DATA PROCESSED BY OUR COMPANY?

Depending on the service, your data may only be disclosed by companies who declare that Data processing and Protection are carried out according to the General Data Protection Act of the European Union (Regulation 2016/679 – “GDPR”) and act CXII of 2011 on the right of informational self-determination and on freedom of information).

Internet hosting
BlazeArts Kft (forpsi.hu), 6090 Kunszentmiklós, Damjanich utca 36 1/8.

Data transferred: physical access to storage

Duration of data handling: duration of contract

Legal basis: fulfillment of contractual obligations

System administrator

István Kálmán sole enterpreneur, 1136 Budapest, Hegedűs Gyula utca 43. 2.em 3.

Data transferred: physical access to office machines

Duration of data handling: duration of contract

Legal basis: fulfillment of contractual obligations

 

Developer and maintainer of the billing software

ARendszergazda Kft 1024 Budapest Kis Rókus utca 24

Data transferred: billing details of individuals

Duration of data handling: duration of contract

Legal basis: fulfillment of contractual obligations

Payment system

OTP Mobil Szolgáltató Kft.; Seat: 1093 Budapest, Közraktár u. 30-32. (Simplepay)

Data transferred: name, address, e-mail, card data

Duration of data handling: duration of contract and further 5 years afterwards

Legal basis: fulfillment of contractual obligations

 

Video Documentation of events

3D Film Production Kft.; 1064 Budapest, Vörösmarty utca 47/A

Data transferred: personal image (in video material)
Duration of data handling: duration of contract

Legal basis: fulfillment of contractual obligations

Accounting
Ezüst Toll Kft.; 1011 Budapest Fő u. 40.

Data transferred: personal data, name and address, and payroll calculation

Duration of data handling: duration of contract

Legal basis: legislation and accounting law

Hostess company

Cover Hostess Kft.; 1204 Budapest Damjanich u. 55.

Data transferred: access data required for identification

Duration of data handling: duration of event

Legal basis: fulfillment of contractual obligations

Mailing services

Magyar Posta Zrt.; Budapest, 1138 Budapest, Dunavirág utca 2-6.

Data transferred: name and address of Invitees whose invitation is delivered by mail

Duration of data handling: until the time of delivery

Legal basis: fulfillment of contractual obligations

GOOGLE ÉS FACEBOOK DATA FORWARDING

Rózsa PR Ügynökség Kft. uses Google LLC’s (1600 Amphitheater Parkway Mountain View CA 94043), – part of the EU-U.S. data protection shield – web analysis services of (headquarters: 1600 Amphitheater Parkway, Mountain View, CA 94043, USA), Google Adwords, Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland).

Web analysis services also use cookies designed to help us analyze the use of online interface. With a special and explicit consent, Data subject allows the information created by cookies on the use of online platform to be transmitted by Google Adwords to Google’s US servers. The rest of managed cookies will be stored on servers within the European Union. By providing a separate contribution to the website, user agrees to the collection of his / her data. The above providers use this information to evaluate, analyze, use and evaluate the use of on-line surfaces by the person concerned, to provide reports on activities carried out on online surfaces, and to provide other services related to activities and Internet use.

Cookies not created by the web analysis services will be stored on servers within the European Union. By giving explicit consent, Data subject agrees to the collection of his / her data on the website. Above providers use this information to evaluate, analyze, provide reports on the activities carried out by Data subject on the online platform and to provide further services related to the activities regarding the activities on the platform and the use of Internet.

RIGHTS OF DATA SUBJECTS

RIGHT OF ACCESS

You are entitled to receive confirmation from the controller as to whether your personal data is being processed and, if such processing is in progress, you have the right to access your personal information and the information listed in the regulation.

RIGHT TO RECTIFICATION

You are entitled to request the controller to correct inaccurate personal data on your request without undue delay. Taking into account the purpose of the processing, you have the right to request the supplementation of incomplete personal data by means of a supplementary statement.

THE RIGHT TO ERASURE

You are entitled to request the controller to delete your personal data without undue delay, and the controller is obliged to delete personal data about you, without undue delay, under certain conditions.

RIGHT TO BE FORGOTTEN’

If the controller has disclosed personal data and is required to cancel it, they are bound to take reasonable steps, including technical measures, taking into account the cost of technology available and the costs of implementation, in order to inform other the controllers processing the data that you have applied for the erasure of links pointing to your personal data in question, the copy of your personal data or its duplicate.

RIGHT TO RESTRICT PROCESSING

You are entitled to request that the controller restricts processing your data if one of the following conditions is met:

You dispute the accuracy of your personal data; in this case, the restriction applies to the length of time it takes for the controller to check the accuracy of personal data;

Data processing is unlawful and you are opposed to the deletion of the data and ask to limit their use instead;

Controller no longer needs personal data for processing but you require them to submit, enforce, or protect legal claims;

You have objected to data processing; in this case, the restriction applies to the period of time it takes to ascertain if the legitimate reasons for the controller have priority over your legitimate reasons.

RIGHT TO DATA PORTABILITY

You are entitled to receive your personal data made available to you by the controller in a subdivided, widely used machine-readable format and are entitled to transfer this data to another the controller without being obstructed by the controller who provided personal information to you (…)

RIGHT TO OBJECT

You are entitled to object to the (…) handling of your personal information for reasons relating to your own situation, including profiling done based on the above provisions.

EXCLUSION FROM DIRECT MARKETING

When your personal data is processed for the purposes of direct marketing, you are entitled to object at any time against using your personal information to such processing, including profiling, if it is related to direct marketing. If you object to personal data being handled for direct marketing purposes, your personal information can no longer be processed for that purpose.

AUTOMATIZED DECISION-MAKING IN SPECIAL CASES, INCLUDING PROFILING

You are entitled not to be subject of any decision based solely on automated data processing, including profiling, which produces legal effects concerning you or similarly significantly affects your person.

The preceding paragraph shall not apply if the decision:

Is necessary for entering into, or performance of, a contract between you and the controller;

Is authorised by Union or Member State law to which the controller is subject to and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or

Is based on the data subject’s explicit consent.

MEASUREMENT DEADLINE

Controller informs you of the action taken in response to your request without undue delay but in any way within one month of receiving the request.

If necessary, the deadline may be extended by further 2 months. The the controller shall inform you of any such extension within one month of receiving the request, together with the reasons for the delay.

If the controller fails to take action on your request, the controller will notify you without undue delay and at the latest within one month of receiving the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

SECURITY OF PROCESSING

RÓZSA PR ÜGYNÖKSÉG KFT. commits to taking necessary data security measures. In that regard, the controller accepts, develops, and regularly reviews all technical and organizational measures and procedural rules that ensure the security of personal data; the controller does its utmost to prevent the destruction, unauthorized use or modification of data, and that no unauthorized person has access to, may disclose, transmit, modify or delete any personal data processed. RÓZSA PR ÜGYNÖKSÉG KFT. draws attention to those Processors who transmit personal data on the basis of the consent of the data subjects to comply with the requirement of data security.

RÓZSA PR ÜGYNÖKSÉG KFT. in the context of the above, the controller establishes and chooses information technology solutions to ensure the exclusive access of persons with rightful access to data and to retain their authenticity and their integrity. This includes, among others, password-protected access to systems, activity logging, and regular backups.

RÓZSA PR ÜGYNÖKSÉG KFT. constantly monitors the development of technology, available technical, technological, and organizational solutions and utilizes solutions that meet the level of protection required by its data management.

RECIPIENTS NOTIFICATION OF PERSONAL DATA BREACH

Where personal data breach is likely to result in a high risk to the rights and freedoms of the natural person the controller should communicate to the data subject a personal data breach, without undue delay.

The communication should describe the nature of the personal data breach in a clear and plain language as well as

the name and contact details of the data protection officer or other contact person able to provide additional information; likely consequences of the personal data breach should be described; including measures taken or planned by the controller to remedy the personal data breach, including, where appropriate, measures to mitigate any adverse consequences of a personal data breach.

Controller is not obliged to inform Data subject, if any of the following conditions are met:

The the controller has implemented appropriate technical and organizational protection measures and applies these measures to data covered by the personal data breach incident. In particular, measures such as the use of encryption which make data unenforceable for unauthorized persons; after the personal data breach, the controller has taken further measures to ensure that high risk for the rights and freedoms of the recipient is no longer likely to be realized; the information would require disproportionate effort. In such cases, the data subject shall be informed by means of publicly disclosed information or a similar measure shall be taken to ensure that such information is equally effective.

If the controller has not yet notified the data subject of the personal data breach, the supervisory authority may, after considering whether the privacy incident is likely to pose a high risk, may inform the data subject.

NOTIFICATION OF PERSONAL DATA BREACH TO THE SUPERVISORY AUTHORITY

Personal data breach shall be reported by the controller to the supervisory authority competent under Article 55 without undue delay and, if possible, no later than 72 hours after the personal data breach becomes apparent, except for the case when the data incident is unlikely to pose a risk to the rights and freedom of natural persons. If the notification is not filed within 72 hours, the reasons for proving the delay must also be enclosed.

SUBMISSION AND RESPONSE OF REQUEST

If you wish to claim any of the above rights you are kindly requested to contact us in writing by email at media@rozsapr.hu or by mail to RÓZSA PR ÜGYNÖKSÉG KFT. 1064 Budapest, Vörösmarty utca 47/A. Please provide your personal data and mailing address in the email/mail. If we have any doubts about your identity or the information provided for identification is insufficient we are entitled to request additional identification information from you.

Your request will be completed within 1 month. If necessary, we are entitled to extend this deadline by further 2 months from which we will send reasoned information to you.

Well-founded requests are completed free of charge. However, if the request is manifestly unfounded or excessive, in particular because of their repetitive character, we are entitled to charge a reasonable amount or even refuse to act on the request.

We will inform those persons of any correction, deletion, or limitation of the data to whom we have transmitted it; unless it proves impossible or requires disproportionate effort. At your request, we will inform you about the addressees we will inform/have informed as per the above.

COMPLEMENTARY OPPORTUNITY

You can lodge a complaint against a possible infringement of the controller with the National Data Protection and Information Authority:

Hungarian National Authority for Data Protection and Freedom of Information

1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Postal address: 1530 Budapest, Postafiók: 5.

Phone: +36 -1-391-1400

Fax: +36-1-391-1410

E-mail: ugyfelszolgalat@naih.hu

LEGISLATIVE REFERENCES

we have used the following legislation as references for this policy:

REGULATION (EC) No 2016/67 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (April 2016) on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation No 95/46/EK (General Data Protection Regulation) 27.)

Act CXII of 2011 on the right of informational self-determination and on freedom of information (hereinafter: Info ACT.)

CVIII. Act OF 2001. on CERTAIN ASPECTS OF Electronic Commerce Services and Information Society Services (in particular Section 13 / A)

ACT XLVII. OF 2008. on the Prohibition of Unfair Commercial Practices against Consumers;

Act XLVIII. OF 2008. on the Basic Requirements and Certain Restrictions of Commercial

Advertising Activities (in particular Article 6)

ACT XV. OF 2005. on Electronic Freedom of Information

Act C of 2003 on Electronic Communications (specifically Article 155)

16/2011. opinion on the EASA / IAB Best Practice Recommendation on Online Behavioral Advertising

Recommendation of the National Data Protection and Information Authority on the data protection requirements for prior information.

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46.