General provisions

 

Vanilla ImpexKft. (hereinafter referred to as data controller) provides the following information on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) according to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.

 

The data controller and contact details

 

Company name: Vanilla Impex Kft.

Registered seat: 2011 Budakalász,  Csapás utca 7.

Registration number: 13-09-203430

Tax number: 24243856-2-13

E-mail address: info@vanillaimpex.com

Website: www.vanillaimpex.com

Representative: Karsai Barbora

Phone number: +36202000002

 

The data controller endeavours to comply – as closely as possible – with the recommendations of the National Authority for Data Protection and Freedom of Information, particularly, with the recommendation on the aspects of data protection regarding providing prior information. Therefore data controller aims the express the rules of data protection in the most understandable manner, in order to ensure that the data subjects are able to make the decision regarding giving voluntary consent to data processing. Data controller provides the necessary information, and responds to inquiries regarding data processing through the contacts mentioned above. The rules for data processing are published on the data controller’s website.

 

VANILLA IMPEX KFT. shall erase all e-mails and simultaneously any data concerning the sender's name, email address and date and time, including any other personal data provided in the message after five years from disclosure.

 

Information on any data processing - not mentioned in this brief – will be given upon disclosure.

 

Please be advised that courts, investigative authorities, administrative authorities, the National Data Protection and Freedom of Information Authority, and other bodies and third parties authorized by law can contact the data controller in order to obtain information, data and other documents. In case of an inquiry by an authority – provided that the authority accurately marks the purpose and scope of the requested data – VANILLA IMPEX KFT. discloses personal data only in such a manner and scope that is necessary to fulfil the marked purpose.

 

VANILLA IMPEX KFT. retains the right to issue modifications to these rules, provided that VANILLA IMPEX KFT. notifies it’s members, and data subjects - within an appropriate time frame – regarding the scope of modifications and their effective date.

 

Any legal dispute in connection with VANILLA IMPEX KFT., or any of it’s services or activity falls under the Hungarian jurisdiction, and shall be settled by the competent Hungarian judiciary body applying Hungarian law.

 

  1. Scope of the rules for data processing

 

Period of validity. These rules shall be applicable from 2020.04.16 until further notice, modification or revocation.

 

 

Persons covered. The scope of these rules shall be applicable to the data controller, to persons whose data are being processed accordingly and to persons concerned by the data processing due to their rights or legitimate interests. The data controller primarily processes data of those natural persons who, through any means available to them (e.g. via e-mail, social media, personally or electronically) – with the purpose of establishing a relationship or a membership - applied or used, required the services of the data controller, or for purposes other than establishing a relationship applied, including but not limited to, the data controller’s colleagues, partners and legal entity’s representatives and contacts.

 

Objects covered. The scope these rules shall be applicable to any-and-all processing of personal data in all units of the data controller, regardless of it being done electronically or on paper. Furthermore it shall be applicable to the processing of personal data disclosed in connection with the use of services at website www.frischkost.eu, at the registered seat of VANILLA IMPEX KFT., at any additional regional centres or at other departments.

 

  1. Definitions

 

Data subject: means a natural person who has been identified or is identifiable by reference to any information.

Identifiable natural person: means a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Personal data: means any information relating to a data subject.

Sensitive data: means data included in the special categories of personal data, such as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, furthermore, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Genetic data: means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question.

Biometric data: means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data.

Data concerning health: means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.

Personal data processed in criminal matters: means personal data that might be related to the data subject or that pertain to any prior criminal offense committed by the data subject and that is obtained by organizations authorized to conduct criminal proceedings or investigations or by penal institutions during or prior to criminal proceedings in connection with a crime or criminal proceedings.

Public information: means any known fact, data and information, other than personal data, that are processed and/or used by any person or body attending to statutory State or municipal government functions or performing other public duties provided for by the relevant legislation (including those data pertaining to the activities of the given person or body), irrespective of the method or format in which it is recorded, and whether autonomous or part of a compilation, such as, in particular, data relating to powers and competencies, organizational structures, professional activities and the evaluation of such activities covering various aspects thereof, such as efficiency, the types of data held and the regulations governing operations, as well as data relating to financial management and to contracts concluded.

Information of public interest: means any data, other than public information, that are prescribed by law to be published, made available or otherwise disclosed for the benefit of the general public.

Consent: means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which the data subject, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Controller: means the natural or legal person, or unincorporated body which alone or jointly with others determines the purposes of the processing of data within the framework of law or binding legislation of the European Union, makes decisions regarding data processing (including the means) and implements such decisions itself or engages a data processor to execute them.

Joint controller: means a data controller who determines - within the framework of an act or any binding legislation of the European Union - the purposes and means of data processing jointly with two or more data controllers, who makes decisions regarding data processing (including the means) and implements such decisions jointly with two or more data controllers or engages a data processor to execute them.

Processing of data: means any operation or set of operations that is performed upon data, whether or not by automatic means, such as in particular collection, recording, organization, storage, adaptation or alteration, use, retrieval, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction, and blocking them from further use, photographing, sound and video recording, and the recording of physical attributes for identification purposes (such as fingerprints and palm prints, DNA samples and retinal images).

Data processing for law enforcement purpose: means data processing carried out by a body or person engaged in the pursuit of activities within its powers and responsibilities provided for by other legislation for safeguarding against and the prevention of threats to public order or security, for the prevention and investigation of criminal offenses, for conducting or partaking in criminal proceedings, for conducting or partaking in misdemeanour proceedings, furthermore, for the execution of legal consequences established in criminal proceedings or misdemeanour proceedings (hereinafter referred to as “body processing data for law enforcement purposes”), in the context and for the purpose of such activity, including the processing of personal data relating to these activities for archival, scientific, statistical or historical purposes (hereinafter referred to as “law enforcement purposes”)

Data processing for national security purposes: means data processing carried out by the national security services within its powers and responsibilities provided for by other legislation, and data processing carried out by the anti-terrorist organization of the police within its powers and responsibilities provided for by other legislation, under the Act on National Security Agencies.

Data processing for defence purposes: means data processing carried out under the Act on Data Processing for Military Purposes, the Act on Home Defence and on the Hungarian Armed Forces, and on Measures to be Introduced Under Particular Legal Order, and the Act on the Registration of Foreign Armed Forces Stationed in the Territory of the Republic of Hungary on Official Business and International Military Command Posts, and Their Staff, Deployed in the Territory of the Republic of Hungary, and on Regulations Relating to Their Legal Status.

Disclosure by transmission: means making data available to a specific third party.

Indirect data transfer: means the transfer of personal data to a data controller or data processor operating in a third country or within the framework of an international organization by way of transfer through a data controller or data processor operating in a third country or within the framework of an international organization.

International organization: means an organization and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries.

Public disclosure: means making data available to the general public.

Erasure of data: means the destruction or elimination of data sufficient to make them irretrievable.

Restriction of data processing: means the marking of stored data with the aim of limiting their processing in the future.

Destruction of data: means the complete physical destruction of the medium containing data.

Data processing: means any operation or set of operations which is performed by a data processor on behalf of, or as instructed by, the data controller.

Data processor: means a natural or legal person or unincorporated organization that is engaged in processing operations within the framework of and under the conditions set out by law or binding legislation of the European Union, acting on the controller’s behalf or following the controller’s instructions.

Data source: means a body having public service functions, that is responsible for the inception - in the course of operations or otherwise - of any statutory public information to be published by way of electronic means.

Data disseminator: means a body having public service functions, that shall publish data received from the data source on a website, unless it is published by the data source himself.

Data set: means all data contained in a filing system.

Third party: means any natural or legal person or unincorporated organization other than the data subject, the data controller, the data processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

EEA Member State: means any Member State of the European Union and any State that is a party to the Agreement on the European Economic Area, furthermore, any other country whose citizens are enjoying the same treatment as nationals of States who are parties to the Agreement on the European Economic Area by virtue of an agreement between the European Union and its Member States and a State that is not a party to the Agreement on the European Economic Area.

Third country: means any State other than EEA Member States.

Personal data breach: means a breach of data security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Profiling: means any form of automated processing of personal data with the aim to evaluate certain personal aspects relating to the data subject, in particular to analyse or predict aspects concerning that data subject’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Recipient: means a natural or legal person, and/or unincorporated organization, to which the personal data are made accessible by the data controller and/or the data processor.

Pseudonymization: means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Colleague: means a natural person in a position of commission, employment or other legal relationship with the data controller who is entrusted with providing and carrying out the data controller’s services, and who may come into contact with personal data in the course of his/her data processing tasks, and for whose activity the data controller bears complete liability towards the data subjects and third parties.

 

  1. Principles of data processing

 

Lawfulness, fair procedure and transparency – The processing of personal data shall be carried out under the principle of fairness and lawfulness, and shall be done in a manner that is transparent to the data subject.

 

Purpose limitation - Personal data shall only be collected for specified, explicit and legitimate purposes. Processing of data is prohibited in a manner that is incompatible with these principles. Further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes.

 

Data minimisation – Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

 

Accuracy – Personal data shall be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.

 

Storage limitation – Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR regulation in order to safeguard the rights and freedoms of the data subject.

 

Integrity and confidentiality – Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

 

Accountability - The controller shall be responsible for, and be able to demonstrate compliance with the above mentioned principles.

 

  1. Rights of the data subject

 

5.1. Right to information:

The data subject can request – with submitting a written request - information regarding the processing of personal data, the rectification of personal data and – not including the case of mandatory processing of data - the erasure or restricting of personal data. Upon the request of the data subject the data controller provides information regarding the data - controlled by the data controller or processed by the data controller’s agent processor – and it’s source, the purpose, legal basis and duration of the data processing, the name, address and concerned activity of the data processor, upon the incidental breach of personal data, the breach’s effects, circumstances and the applied countermeasures, in case of further data disclosure through transmission, the legal basis, and recipient. VANILLA IMPEX KFT. provides the requested information as soon as possible, but within 15 days of submitting the request at the latest, using clear and plain language, in written format.

 

The information is free of charge if the data subject – in the current year - has not yet submitted a request regarding the same scope of data. In other cases the data controller will charge a fee.

 

Providing information can only be denied in cases specified in statutes. In such event VANILLA IMPEX KFT. discloses the alluded statutory provision - serving as the legal basis of the denial – with the data subject, while simultaneously informing the data subject regarding the option for administrative (National Authority for Data Protection and Freedom of Information) and judicial redress.

 

5.2. Right to rectification:

If the personal data – available to VANILLA IMPEX KFT. – is not genuine, VANILLA IMPEX KFT. rectifies the personal data.

 

5.3. Right to erasure:

VANILLA IMPEX KFT. erases the personal data if:

  1. the data processing is unlawful;

  2. the data subject requests it (not including the case of mandatory processing of data);

  3. the data are incomplete or erroneous, provided the erasure is not prohibited by the statutory regulation and data cannot be lawfully remedied;

  4. the purpose of processing no longer exists or the statutory time limit for storing data has expired (with the exception of data whose media must be filed under archival protection according to the governing statutory regulation);

  5. it was ordered by court or other authority.

 

The data processing shall be deemed as unlawful if:

  1. the data are incomplete or erroneous, provided the erasure is not prohibited by the statutory regulation and data cannot be lawfully remedied;

  2. the purpose of processing no longer exists or the statutory deadline for storing data has expired (with the exception of data whose media must be filed under archival protection according to the governing statutory regulation);

  3. it was determined by court or other authority;

  4. the personal data are no longer required for the purpose for which it were collected or it were controlled in a different manner;

  5. data subject objects against the data processing, provided there is no overriding legitimate reason for data processing.

 

Restriction of data erasure: 

The data controller is not entitled to erase the personal data if the data processing is necessary for:

  1. exercising the right of freedom of expression and information;

  2. compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

  3. reasons of public interest in the area of public health;

  4. archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Regulation (EU) 2016/679  Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing;

  5. the establishment, exercise or defence of legal claims.

 

5.4. Right to restriction of data processing:

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

  1. the accuracy of the personal data are contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;

  2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

  3. the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

  4. data subject has objected to processing; in this case pending the verification whether the legitimate grounds of the controller override those of the data subject.

 

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. A data subject who has obtained restriction of processing shall be informed by the data controller before the restriction of processing is lifted.

 

5.5. Rules of procedure

The data controller has 15 (fifteen) days to issue an erasure, a restriction or a rectification regarding personal data. That period may be extended by 15 days where necessary, taking into account the complexity and number of the requests. The controller shall inform the data subject of any such extension within 8 days of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means, unless otherwise requested by the data subject. If the data controller does not issue the requested erasure, restriction or rectification, the data controller discloses the reasons behind rejection within 15 days in writing or – with the data subject’s consent – through electronic means.

 

In case the data controller rejects the request, the data controller informs the data subject on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy. Upon the infractions of the data subject’s rights, the data subject is entitled to seek judicial remedy. Regarding whether the data processing was in compliance with legal regulations, the burden of proof lies with the data controller. The data subject may choose to bring the action before the general court in whose jurisdiction the data subject’s home address or habitual residence is located. The data controller notifies the data subject, and anyone to whom the data controller has previously transmitted data for data processing, regarding the requested erasure, restriction, marking or rectification. The data controller neglects the notification if – with respect to the purpose of the data processing – it does not infringe the data subject’s legitimate interests.

 

5.6. Right to data portability

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.

 

5.7. Right to object

The data subject shall have the right to object to the processing of personal data if:

  1. the data processing or data transfer is only necessary for compliance with a legal obligation to which the controller is subject to, or for the enforcement of the rights of the data controller, data-recipient or a third-party, unless such processing is mandated by law;

  2. the personal data are processed or transferred for direct marketing, polling or scientific research purposes;

  3. in other cases specified by law.

 

VANILLA IMPEX KFT. examines the submitted objection with respect to its reasoning, makes a decision accordingly as soon as possible, but within 15 days of submitting the objection at the latest, and notifies the data subject in written format. In case the objection is deemed reasoned, VANILLA IMPEX KFT. ceases the data processing – including further data collection and transfer – restricts the concerning data and notifies - regarding the submitted objection and applied measures - those to whom the affected data has been previously transferred, and those that are obligated to take actions in order to enforce the right to protest. If the data subject does not agree with the decision, the data subject may - within 30 days of the date of notification - go to court.

 

VANILLA IMPEX KFT. is prohibited to erase the data subject’s data where the data processing is mandatory under the law. However it is prohibited the data to be transferred to the data-recipient if VANILLA IMPEX KFT. agreed with the objection, or the court decided on the lawfulness of the objection.

 

5.8. Automated individual decision-making, including profiling

 

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. The above mentioned shall not apply if the decision is necessary for entering into, or performing contract between the data subject and the data controller; or it is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or is based on the data subject's explicit consent.

 

  1. Principles for security of data processing

 

VANILLA IMPEX KFT. selects and operates the IT tools – used for personal data processing – in the course of the provision of services, in order to ensure 

  1. the availability of the processed data to the authorised persons (availability);

  2. the authenticity and authentication of the processed data (authenticity of data processing);

  3. the verifiability of the processed data’s unamended state (integrity of data);

  4. the appropriate protection against the unauthorised access to the processed data (confidentiality of data).

 

VANILLA IMPEX KFT. applies such technical, organizational, and structural measures to the protection of the security of data processing that provide a level of protection appropriate to the risks associated with the data processing. VANILLA IMPEX KFT. - in the course of data processing – maintains

  1. secrecy: in order to protect the information, thus only the authorised persons can access it;

  2. integrity: in order to protect the information and the accuracy and completeness of the method of data processing

  3. availability: in order to ensure that the authorised persons can access the information and the tools necessary when required

 

VANILLA IMPEX KFT.'s IT system and network are protected against computer-aided fraud, espionage, sabotage, vandalism, fire and flood, as well as computer viruses, hacking and attacks leading to denial of service. The operator maintains security through server-level and application-level security procedures.

 

VANILLA IMPEX KFT. informs data subjects that electronic messages transmitted over the Internet - regardless of protocol (email, web, ftp, etc.) - are vulnerable to network threats that lead to fraudulent activity, contract disputes, disclosure or amendment of information. In order to protect against such threats, VANILLA IMPEX KFT. takes all precautionary measures necessary. Systems are monitored to record any security inconsistencies and provide evidence for each security incident. System monitoring also allows to monitor the effectiveness of the precautions applied.

 

  1. Data processing concerning the activity of VANILLA IMPEX KFT.

 

 

Data subject

 

Processed data

 

Purpose of data processing

 

Legal basis of data processing

Employees

name, address, mother's name, place and date of birth; Bank account number; Social security number; tax identification number

Administration concerning employment relationship.

Act CXII of 2011,

Act I of 2012,

Act CL of 2017,

the consent of the data subject

Partners, sponsors

name, phone number, e-mail address

Enabling, maintaining and facilitating cooperation, networking and contractual relationships between VANILLA IMPEX KFT. and its partners, sponsors, furthermore providing the data subject with adequate information, offers and contacts, enabling complaints to be communicated in the event of a complaint, identifying the complaint and recording statutory obligations and mandatory data; moreover administration and communication with the partner regarding the sending and receiving of donations and support.

Act CXII of 2011;

the consent of the data subject

 

 

  1. Usage of social networking sites

 

Regarding the subject of data processing concerning social media sites, VANILLA IMPEX KFT. gives the following information.

 

The fact of data collection, scope of processed data: the name and public profile picture of those registered on Facebook / Google + / Twitter / Pinterest / Youtube / Instagram.

 

Scope of data subjects: natural persons who voluntarily follow, share or like the data controller’s social networking sites, especially the content on facebook.com.

 

Purpose of data collection: sharing, “liking” or promoting VANILLA IMPEX KFT.’ website, or parts of its content on social networking sites; furthermore, informing VANILLA IMPEX KFT.’ partners, prospective partners, customers and third parties.

 

Duration of the data processing, time limit for erasure of data, identity of potential data controllers authorised to access data and description of data subjects' rights regarding data processing: for information on the source of the data, on the manner of processing and transferring data, and the concerning legal basis, the data subject can consult the relevant social networking site. Data processing is done on the social networking sites, thus the duration, method of data processing, and the options for erasing and amending data are governed by the relevant social networking site’s rules.

 

The legal basis of data processing: the voluntary consent of the data subject to data processing done on social networking sites.

 

VANILLA IMPEX KFT. can be contacted via Facebook, and other social networking sites. The usage of social networking sites - in particular Facebook -, and contacting, interacting with the data controller through the sites, or otherwise using any function of the site is based on voluntary consent. The data subject voluntarily consents – pursuant to the terms and conditions of the relevant social networking site - to the data processing by following and liking the contents of the data controller. The data controller only communicates with data subjects, and so the purpose of the data become relevant only when the data subject contacts the data controller through a social networking site.

 

The data controller posts – amongst other things - pictures / video recordings of various events, its activities and events organized by the data controller on its social networking site, especially on Facebook. The Controller may link the Facebook page to other social sites in accordance with the Facebook community guidelines, therefore posting on Facebook includes posting on such linked social networking sites.

 

Regarding non-mass or public recordings (Section 2:48 of Act No V of 2013), the data controller shall always seek the written consent of the data subject before publishing the images. For information on the data processing of the relevant social networking site, the data subject can inquire at the relevant social networking site, therefore information on the data processing of Facebook can be obtained at the address indicated there. Duration of data management: until the data subject’s request for erasure.

 

  1. Handling complaints

 

9.1. Compensation and restitution

VANILLA IMPEX KFT. shall compensate any damage which a data subject may suffer as a result of unlawful processing or processing that infringes the requirements of data protection. The data subject whose rights relating to personality had been violated shall be entitled to restitution (Section 2:52 of Act No V of 2013). VANILLA IMPEX KFT. shall be liable for damages caused by its data processors towards the data subject.

 

VANILLA IMPEX KFT. shall be relieved from liability if the damage occurred due to an unavoidable cause that falls beyond the realm of data processing. VANILLA IMPEX KFT. shall not compensate, and restitution cannot be demanded concerning damages caused by the injured party or caused deliberately or as a result of gross negligence.

 

9.2. Complaints regarding data processing

If case of questions or concerns regarding VANILLA IMPEX KFT.’ data processing, the complaint must be submitted in writing or electronically addressed to the data controller via the contact details given above.

 

9.3. Procedure of the data protection authority

Complaints regarding data processing can be made via submitting a request to the National Data Protection and Freedom of Information Authority:

            

Name: National Data Protection                                                       Phone: +36 1 391 1400

and Freedom of Information Authority                                              Fax: + 36 1 391 1410

Registered seat: 1125 Budapest, Szilágyi Erzsébet fasor 22 / C.             E-mail: ugyfelszolgalat@naih.hu      

Mailing address: 1530 Budapest, Pf .: 5.                                              Website: http://www.naih.hu

 

  1. Supervisory authority

Legal remedies and complaints regarding data processing can be submitted to the National Data Protection and Information Authority acting as supervisory authority.

 

Name: National Data Protection                                                       Phone: +36 1 391 1400

and Freedom of Information Authority                                              Fax: + 36 1 391 1410

Registered seat: 1125 Budapest, Szilágyi Erzsébet fasor 22 / C.             E-mail: ugyfelszolgalat@naih.hu      

Mailing address: 1530 Budapest, Pf .: 5.                                              Website: http://www.naih.hu

 

Exceeding the above mentioned, legal remedies can be sought through judicial redress.

 

  1. Amendment of the rules

VANILLA IMPEX KFT. is entitled to make amendments to the rules as follows:

  • in case the amendment does not affects the essential elements of the data processing, VANILLA IMPEX KFT. is entitled to unilaterally amend the rules with prior notice to the member.

  • if a substantial amendment is to be made to the existing essential elements of these rules (in particular an amendment in relation to the legal basis for data processing, or an increase in the scope of processed data), VANILLA IMPEX KFT. will give prior notice to the data subjects and will only continue or begin processing data with the explicit consent of the member.

  • if the rules are to be extended to include a new data processing case, VANILLA IMPEX KFT. will give prior notice to the data subject and will only begin processing data with the data subject’s explicit consent.

 

  1. Legal declaration

VANILLA IMPEX KFT. publishes information and documents displayed on XXXXXXXXX for information purposes only. The displayed trademarks, logos and information and other materials available are subject to copyright and the rights to them are solely those of the data controller or the right holder indicated therein. The trademarks displayed on the website are protected by copyright. It is prohibited for third parties to use, copy, distribute or publish them in any way or on any legal basis whatsoever without having an explicit preliminary written consent. It is prohibited to embed a link - leading to another website - in the website without having a preliminary written consent. Misuse may result in civil or criminal legal consequences.

 

The data subject may use the information in its original state solely for the data subject’s own purpose. Unless otherwise stipulated by law, VANILLA IMPEX KFT. bears no responsibility for changes independent of VANILLA IMPEX KFT. in relation to the accuracy, reliability or content of the website displayed on the data subject’s screen. VANILLA IMPEX KFT. reserves the right to amend the contents displayed on the website and to terminate their availability. VANILLA IMPEX KFT. does not warrant or give legal cover for the continuity or error-free access to the website.

 

VANILLA IMPEX KFT. excludes any liability for any damage or expense arising – directly or indirectly - from access to the website or any information or documentation contained therein or from their direct or indirect use, or from the malfunction, deficiencies, inoperable state or ambiguities connected with the website.

 

VANILLA IMPEX KFT. bears no liability for materials created, transmitted or published by third parties which link to or allude to the website, or for which are alluded or linked by the website.

 

By providing written material to VANILLA IMPEX KFT., the data subject acknowledges that it is suitable for publication and explicitly acknowledges that by submitting it VANILLA IMPEX KFT. may - without assuming liability – publish it, and with indicating copyright quality use it in whole or in part. The data subject also undertakes that the document, content, file, data provided will not infringe upon the rights or legitimate interests of any third party and that it can be used by VANILLA IMPEX KFT. freely, without any restriction. Moreover, the data subject undertakes that third parties will not initiate legal or judicial proceedings against VANILLA IMPEX KFT. regarding the data or documents provided. Should such a procedure be initiated, the data subject shall immediately absolve VANILLA IMPEX KFT. and - upon request - reimburse the resulting costs and expenses in full.

 

Budapest, 2020.04.16