Check out the New Arrivals! We constantly update our catalog of tobacco-free niconite products.

Data Management Information

The English translation of our legal documents is in progress.

PRIVACY POLICY

Privacy policy of the podsandbars.com website
(hereinafter referred to as the Bulletin)

Effective: as of 14 February 2023

1. PURPOSE OF THE BULLETIN

The purpose of this notice is to set out the data protection and data management principles applied by the Service Provider on the www.pondsandbars.com website and the Service Provider’s data protection and data management policy, which the Service Provider acknowledges as binding on it.

The Service Provider shall carry out its activities in compliance with the protection of the privacy rights of its Users and in compliance with the provisions of the relevant legislation, in particular the Civil Code, Act CXII of 2011 on the Right to Information Self-Determination and Freedom of Information (hereinafter: the “Info Act”) and Regulation (EU) 2016/679 of the EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation) (hereinafter: GDPR).

2. NAME AND DETAILS OF THE SERVICE PROVIDER (AS DATA CONTROLLER)

  • The name of the service provider is Never Smoke Kft.
  • The registered office of the service provider (and the place of the postal complaint handling) is 1152 Budapest, Illyés Gyula utca 2-4. A. ép. fszt. 7.
  • The contact details of the service provider and the e-mail address regularly used for contacting customers: info@pondsandbars.com
  • Company registry no.: Cg.01-09-403906
  • Tax number: 32038224-1-42
  • Name of registering authority: Fővárosi Törvényszék Cégbírósága
  • Phone number: +36709420692
  • Website contact: pondsandbars.com

3. DEFINITIONS

Terms used in this leaflet should be understood as follows.

3.1. User: any person using the website in any form

3.2. Personal data: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

3.3. Consent of the data subject: a voluntary, specific, informed and unambiguous indication of the data subject’s wishes by which he or she signifies his or her agreement to the processing of personal data concerning him or her by means of a statement or an unambiguous act of affirmation;

3.4. Data controller (i.e. the Service Provider): a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law;

3.5. Processing: any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

3.6. Processor: a natural or legal person, public authority, agency or any other body that processes personal data on behalf of the controller;

3.7. Data Subject: a person who is identified or identifiable, directly or indirectly, on the basis of personal data, which must always be a specific person. Only natural persons are considered as data subjects, and therefore not legal persons, thus data protection only protects the data of natural persons. However, personal data also include, for example, the data of a sole trader or a representative of a company (e.g. telephone number, email address, place and date of birth, etc.).

3.8. Third party: a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data;

3.9. Recipient: a natural or legal person, public authority, agency or any other body to whom or with which personal data is disclosed, whether or not a third party. Public authorities which may have access to personal data in the context of an individual investigation in accordance with Union or Member State law are not recipients; the processing of such data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;

3.10. Transfer of data: making data available to a specified third party.

3.11. Data Breach: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

4. A DESCRIPTION OF THE PRINCIPLES GOVERNING THE PROCESSING OF PERSONAL DATA

4.1. Legality, fairness and transparency

The Data Controller shall process personal data lawfully and fairly and in a transparent manner for the data subject.

4.2. The purpose limitation principle

The Controller may collect personal data only for specified, explicit and legitimate purposes and may not process them in a way incompatible with those purposes.

4.3. Data economy principle

Processing must be limited to what is necessary to achieve the purposes of the Controller.

4.4. Principle of accuracy

In accordance with the principle of accuracy, the Data Controller shall ensure that the personal data it processes are accurate and up-to-date, and to this end, the Data Controller shall take all reasonable steps to promptly delete or rectify personal data that are inaccurate for the purposes of processing.

4.5. Limited shelf-life principle

The Controller may store personal data only for the time necessary to achieve its purposes. Personal data may only be stored for a longer period if the personal data will be processed for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR, subject to the implementation of appropriate technical and organisational measures as required by the GDPR Regulation to protect the rights and freedoms of data subjects.


4.6. Integrity and confidentiality

The Data Controller shall process the data in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, by implementing appropriate technical or organisational measures.

4.7. Accountability principle

The Data Controller keeps internal data management records for each of its processing operations to demonstrate compliance with the principles described above.

5. INFORMATION ON CERTAIN DATA PROCESSING

5.1. Complaint handling data management

In the case of complaint handling, the purpose of the processing is to handle any complaints about the service provided by the Data Controller. Legal basis for processing: the data subject’s voluntary consent pursuant to Article 6 (1) (a) of the GDPR and Article 17/A (7) of the GDPR. The type of personal data processed: unique identification number, name and address of the consumer, name of the product or service complained about, purchase price, date of purchase, description of the defect, the claim the consumer wishes to assert and the method of settling the complaint. The period of data processing in respect of the minutes of the complaint and copies of the replies to written complaints is three years pursuant to Article 17/A (7) of the Consumer Protection Act.

Data subjects: all data subjects who complain about the service offered on the website.

Description of data subjects’ rights in relation to data processing:
The data subject may request the controller to access, rectify, erase or restrict the processing of personal data relating to him or her, and the data subject shall have the right to data portability and to withdraw consent at any time.

The data subject may initiate the access to, deletion, modification or restriction of processing of personal data, data portability and objection to processing in the following ways:

  • by post to 1152 Budapest, Illyés Gyula utca 2-4. A. ép. fszt. 7. címen,
  • by e-mail to info@pondsandbars.com e-mail címen,
  • by phone on +36709420692 számon.

5.2. Data processing in relation to evaluation

On the Website, the User may, at his/her own discretion, evaluate the product, i.e. give his/her opinion on the products, which will be displayed on the Website by clicking on the “Submit” icon. By clicking on the “Submit” icon, the User consents to the processing of his/her data and to the inclusion of his/her opinion and rating on the Website.

The Service Provider is entitled to remove the rating at any time without giving any reason and without notice, together with the deletion of the User’s personal data. The Service Provider has the right to ban the User from the Website if he/she gives at least 3 (three) unlawfully negative, obscene, obscene or otherwise inappropriate reviews. The purpose of this is to ensure that the Website provides objective information to Users.

The User may withdraw his/her consent at any time, without limitation and without giving any reason, free of charge, by using the appropriate function on the website or by sending a letter to the Service Provider’s address or an e-mail to the following e-mail address: info@pondsandbars.com.


Based on the above, the User is therefore entitled to publish his/her review on the Website under the corresponding product.

The User is entitled to withdraw his/her voluntary consent at any time in the manner detailed above. In this case, the Service Provider will remove the User’s evaluation and delete the User’s data after the withdrawal.

The main purpose of data processing is to enable Users, i.e. those interested in the products, to form an objective opinion about the products.

Legal basis for processing: consent pursuant to Article 6(1)(a) of the GDPR.

The scope of the data processed, the purpose and duration of the processing:

The data processed: name, e-mail address.

Purpose of data processing: to collect real evaluations of products in order to provide objective opinions.

Duration of data processing: data processing is carried out until the user’s consent is withdrawn or until the assessment is arbitrarily deleted by the Service Provider. Consent may be withdrawn at any time by sending an email to info@pondsandbars.com


Description of data subjects’ rights in relation to data processing
:

The data subject may request the controller to access, rectify, erase or restrict the processing of personal data relating to him or her, and the data subject shall have the right to data portability and to withdraw consent at any time.

The data subject may request access to, erasure, modification or restriction of processing of personal data, data portability and objection to processing in the following ways:

  • by post to 1152 Budapest, Illyés Gyula utca 2-4. A. ép. fszt. 7. címen,
  • by e-mail to info@pondsandbars.com e-mail címen,
  • by phone on +36709420692 számon.

5.3. Data management in relation to the newsletter

By selecting the appropriate option, visitors to the Website expressly and voluntarily consent in advance to subscribe to the Service Provider’s newsletter.

The User may withdraw his/her consent at any time, without limitation and without giving any reason, free of charge, by using the appropriate function on the website or by sending a letter to the Service Provider’s address or an e-mail to the following e-mail address: info@pondsandbars.com.


On the basis of the above, the Service Provider is entitled to send the User a newsletter or other advertising mail, business advertising or to contact the User for direct marketing purposes, provided that the User has given his/her prior, unambiguous, express and voluntary consent. The Service Provider shall not be obliged to verify that the data provided by the User at the time of giving his/her consent are true and correct.

The User is entitled to withdraw his/her voluntary consent at any time in the manner detailed above. In this case, the Service Provider shall not send the User any further newsletters or other advertising mailings or direct marketing enquiries after the withdrawal, and shall delete the User’s data from the data of the users subscribed to the newsletter.

The main purpose of the processing is to send marketing enquiries to the data subjects. The Data Controller may use the data for marketing research and surveys. In accordance with the applicable legal requirements, the Data Controller keeps a register of natural persons who have subscribed to the newsletter service. The Data Controller does not send newsletters to natural persons not included in the register.

Legal basis for data processing: consent to the use of the Info. tv. § 5 (1) a) and Article 6 (1) a) of the GDPR, § 13/A of the Eker. tv. and § 13/A of the Grt. § 6 (1).

The scope of the data processed, the purpose and duration of the processing:

The data processed: e-mail address. The Data Controller’s system also stores the consent given for direct marketing enquiries, analytical data related to subscriptions and unsubscriptions, sending, delivery and opening of messages (e.g. date and time of events, IP address of the computer, reason for undeliverability).

Purpose of data processing: sending an e-mail containing commercial advertising, direct marketing and marketing enquiries.

Duration of data processing: in case of newsletter subscription, data processing is carried out until the user’s consent is withdrawn. Consent can be withdrawn at any time by sending an email to info@pondsandbars.com or by clicking on the link in the newsletter.

Description of data subjects’ rights in relation to data processing:

The data subject may request the controller to access, rectify, erase or restrict the processing of personal data relating to him or her, and the data subject shall have the right to data portability and to withdraw consent at any time.

The data subject may initiate the access to, deletion, modification or restriction of processing of personal data, data portability and objection to processing in the following ways:

  • by post to 1152 Budapest, Illyés Gyula utca 2-4. A. ép. fszt. 7. címen,
  • by e-mail to info@pondsandbars.com e-mail címen,
  • by phone on +36709420692 számon.

5.4. Registration-related data processing

In case of registration, the data processed are: username, email address.

Registration is optional. You can register by creating a user account on the Data Controller’s website.

Data subjects: users registered on the website.
The data processing is necessary for the use of discounts and for monitoring and tracking product prices. The data subject is entitled to benefit from a discount or to monitor the prices of selected products if he/she provides the above personal data and registers.

Purpose of data processing: to provide discounts on product sales, to monitor product prices and to identify and contact the user.

Duration of processing: processing is carried out until the user’s consent is withdrawn. Consent may be withdrawn at any time by sending an e-mail to info@pondsandbars.com


Legal basis for processing
:
consent of the data subject pursuant to Article 6(1)(a) of the GDPR.
The identification of and contact with the user as the recipient of the service is based on the consent of the data subject in accordance with Article 6(1)(a) of the GDPR.

 

Description of data subjects’ rights in relation to data processing:
The data subject may request the controller to access, rectify, erase or restrict the processing of personal data relating to him or her, and has the right to data portability and the right to withdraw consent at any time.

The data subject may initiate the access to, deletion, modification or restriction of processing of personal data, data portability and objection to processing in the following ways:

  • by post to 1152 Budapest, Illyés Gyula utca 2-4. A. ép. fszt. 7. címen,
  • by e-mail to info@pondsandbars.com e-mail címen,
  • by phone on +36709420692 számon.

6. THE DATA PROCESSORS USED FOR THE PERFORMANCE OF THE CONTRACT

6.1. Hosting provider

Activity provided by the Processor: Hosting

Name and contact details of the data processor:

  • Company Name: SiteGround Spain S.L.
  • Address: Calle Prim 19, 28004 Madrid, Spain B - 87194171
  • Registered: Inscrita en el Registro Mercantil de Madrid, Tomo 33085, folio 1, hoja M-595464

Scope of data processed: all personal data provided by the data subject.
Data subjects: all data subjects using the website.

Az érintettek köre: A weboldalt használó valamennyi érintett.

Purpose of data processing: to make the website available and to ensure its proper operation.

Duration of processing, deadline for deletion of data: until the termination of the contract between the data controller and the hosting provider or until the data subject’s request for deletion to the hosting provider.

The legal basis for processing is the fulfilment of a legal obligation pursuant to Article 6 (1) (c) and (f) of the GDPR and the legitimate interests of the controller or a third party, and Article 13/A (3) of the Eker Act. Legitimate interest is the operation of the website, protection against attacks, fraud.

7. OTHER INFORMATION

7.1. Management of cookies

The website is Wordpess based and therefore uses the cookies associated with Wordpess.

The Service Provider uses and stores website cookies (“cookies”) as follows:

Cookies are small text, image or software files that the Service Provider places and stores on the data subject’s computer, smartphone or other electronic device used to access the Internet. Cookies are tools that allow the website to recognise the data subject on a subsequent browsing session and to log the times when the data subject visits the website.

The Service Provider uses cookies to facilitate navigation on the website and to tailor the content of a particular page to the interests of the data subject. Cookies provide information about whether the data subject has visited the website before or is visiting it for the first time.

Duration of processing for session cookies: until the end of the relevant visitor session.

The purpose of data processing is to identify and distinguish users, to identify the current session of users, to store the data provided during the session, to prevent data loss, to identify and track users, to display personalized offers using the data recorded during previous visits to the website, and to operate the webshop properly.

Legal basis for processing: the data controller has a legitimate interest in identifying users and preventing abuse under Article 6(1)(f) of the GDPR
Data processed: websites visited, ads clicked, type of browser used by the data subject; IP address of the data subject.

A kezelt adatok köre: látogatott weboldalak, a kattintott hirdetések, érintett által használt böngésző típusa; az érintett IP-címe.

Data subjects have the possibility to delete cookies in the Tools/Settings menu of their browsers.

7.2. Using Google Ads

The Data Controller informs you that you use the online advertising program “Google Ads” and that you use Google’s conversion tracking service within the framework of this program. Google Conversion Tracking is an analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).

Further information and Google’s privacy notice are available at: https://policies.google.com/privacy

 

7.3. Using Google Analytics

The Website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site.

The Service Provider hereby informs you that the information generated by the cookies on the website used by the User is usually transferred to a Google server in the USA and stored there.

You can read the Google Analytics Privacy Policy by clicking on the following link: https://policies.google.com/?hl=hu

8. RIGHTS OF DATA SUBJECTS

8.1. Right of access

The data subject shall have the right to obtain from the controller feedback as to whether or not his or her personal data are being processed and, if such processing is taking place, the right to access the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom or which the personal data have been or will be disclosed, including in particular recipients in third countries or international organisations; where applicable, the envisaged period of storage of the personal data or, if this is not possible, the criteria for determining that period; the data subject’s right to obtain from the controller the rectification, erasure or restriction of the processing of personal data relating to him or her and to object to the processing of such personal data; the right to lodge a complaint with a supervisory authority; where the data have not been collected from the data subject, any available information concerning their source.

The data controller shall provide the data subject with a copy of the personal data processed.

8.2. Right to rectification

The data subject shall have the right to obtain, upon his or her request and without undue delay, the rectification of inaccurate personal data relating to him or her. Having regard to the purposes of the processing, the data subject shall have the right to obtain the rectification of incomplete personal data, including by means of a supplementary declaration.

8.3. Right to erasure

The data subject shall have the right to obtain from the controller the erasure of personal data relating to him or her without undue delay upon his or her request, and the controller shall be obliged to erase personal data relating to him or her without undue delay where certain grounds are given.

8.4. Right to be forgotten

The data subject shall have the right, upon request and without undue delay, to obtain the erasure of personal data concerning him or her by the Data Controller on one of the following grounds:

– the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
– the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;
– the data subject objects to the processing and there are no overriding legitimate grounds for the processing or where the processing would be for direct marketing purposes;
– the personal data have been unlawfully processed;
– the personal data must be erased in order to comply with a legal obligation under Union or Member State law applicable to the controller;
– personal data are collected in connection with the provision of information society services.

The erasure of data cannot be initiated if the processing is necessary:
– to exercise the right to freedom of expression and information;
– to comply with an obligation under Union or Member State law that requires the controller to process personal data or in the public interest;
– for preventive health or occupational health purposes, to assess an employee’s ability to work, to make a medical diagnosis, to provide health or social care or treatment, or to manage health or social care systems and services, under EU or Member State law or under a contract with a health professional and the processing of that data is carried out by or under the responsibility of that professional, who is subject to a duty of professional secrecy under Union or Member State law or under rules laid down by the competent authorities of the Member States or by another person who is also subject to a duty of secrecy under Union or Member State law or under rules laid down by the competent authorities of the Member States;
– in the public interest in the field of public health, such as protection against serious cross-border threats to health or ensuring a high level of quality and safety of healthcare, medicines and medical devices, and on the basis of Union or Member State law which provides for adequate and specific measures to safeguard the rights and freedoms of the persons concerned, in
particular professional secrecy;
– on grounds of public interest in the field of public health and the processing of such data is carried out by or under the responsibility of a professional subject to the obligation of professional secrecy under Union or Member State law or the rules established by the competent authorities of the Member States, or by another person who is also subject to the obligation of professional secrecy under Union or Member State law or the rules established by the competent authorities of the Member States;
– archiving in the public interest, for scientific or historical research purposes or for statistical purposes, where the right of erasure would be likely to render such processing impossible or seriously jeopardise it1; or
– to bring, enforce or defend legal claims.

8.5. Right to restriction of processing

The data subject shall have the right to obtain, at his or her request, the restriction of processing by the controller if one of the following conditions is met:

– the data subject contests the accuracy of the personal data, in which case the restriction applies for the period of time necessary to allow the controller to verify the accuracy of the personal data;
– the data processing is unlawful and the data subject opposes the erasure of the data and requests instead the restriction of their use;
– the controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or
– the data subject has objected to the processing; in this case, the restriction applies for the period until it is established whether the legitimate grounds of the controller override those of the data subject.

Where processing is restricted as set out above, such personal data, except for storage, may be processed only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the Union or of a Member State.

The data controller shall inform the data subject whose request for restriction of processing has been made on the basis of the above in advance of the lifting of the restriction.

8.6. Right to data portability

The data subject shall have the right to receive personal data relating to him or her which he or she has provided to a controller in a structured, commonly used, machine-readable format and the right to transmit those data to another controller without hindrance from the controller to which he or she has provided the personal data, if:- the processing is based on consent within the meaning of Article 6(1)(a) or Article 9(2)(a) of the GDPR or on a contract within the meaning of Article 6(1)(b); and
– the processing is carried out by automated means.

In exercising the right to data portability as set out above, the data subject shall have the right to request, where technically feasible, the direct transfer of personal data between controllers. The right to data portability shall not adversely affect the rights and freedoms of others.

8.7. Right to object

The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data on the basis of Article 6(1)(e) or (f) of the GDPR, i.e. where the processing is based on a legitimate interest of the public or on the performance of a task carried out in the exercise of official authority vested in the controller, or on the need to protect the legitimate interests of the controller or of a third party, including profiling based on those provisions.

In such a case, the controller may no longer process the personal data, unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such purposes, including profiling, where it is related to direct marketing. If the data subject objects to the processing of personal data for direct marketing purposes, the personal data may no longer be processed for those purposes.

 

8.8. Right of withdrawal

The data subject shall have the right to withdraw his or her consent at any time, provided that the data controller’s processing is based on the data subject’s consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal.

Procedure and time limit for action in case of exercise of the above rights by the data subject:

The controller shall inform you of the action taken on such requests without undue delay and in any event within 1 month (30 days) of receipt of the request.

If necessary, taking into account the complexity of the application and the number of requests, this may be extended by 2 months. The data controller shall inform the data subject of the extension of the time limit within 1 month of receipt of the request, stating the reasons for the delay.

If the controller fails to act on your request, it will inform you without delay and at the latest within one month of receipt of the request of the reasons for the failure to act and of your right to lodge a complaint with a supervisory authority and to seek judicial remedy.

The Data Controller shall provide the requested information and data free of charge. However, where the requests are manifestly unfounded or excessive, in particular because of their repetitive nature, the Controller may charge a reasonable fee based on administrative costs or refuse to act on the request.

 

9. OTHER INFORMATION, NOTICES

If you have any questions or comments about the processing of your data, you can contact the data controller by the means indicated on the website (but primarily by e-mail). The Service Provider is only able to provide information or take action in relation to the processing of personal data if the data subject has provided credible proof of his or her identity.

Please contact the data controller in the first instance in the event of any problems.

 

Informing the data subject about the personal data breach

Data breach: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Where the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Data Controller shall inform the data subject of the personal data breach without undue delay and in a clear and plain language.

The data subject need not be informed if any of the following conditions are met:

 – the controller has implemented appropriate technical and organisational protection measures and these measures have been applied to the data affected by the personal data breach, in particular measures, such as the use of encryption, which render the data unintelligible to persons not authorised to access the personal data;
– the controller has taken additional measures following the personal data breach to ensure that the high risk to the rights and freedoms of the data subject is no longer likely to materialise;
– information would require a disproportionate effort. In such cases, the data subjects should be informed by means of publicly disclosed information or by a similar measure which ensures that the data subjects are informed in an equally effective manner.

Complaint possibility

Complaints against possible infringements by the data controller can be lodged with the National Authority for Data Protection and Freedom of Information:

  • Head office: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
  • Postal address: 1530 Budapest, Postafiók: 5.
  • Phone: +36 -1-391-1400
  • Fax: +36-1-391-1410
  • E-mail: ugyfelszolgalat@naih.hu

The data subject may take the Data Controller to court in the event of a breach of his or her rights. The court shall rule on the case out of turn. The Data Controller shall prove that the processing complies with the law. The tribunal shall have jurisdiction to rule on the case. The action may also be brought, at the choice of the data subject, before the courts for the place where the data subject resides or is domiciled.

The Data Controller shall compensate any damage caused to others by the unlawful processing of the data subject’s data or by the breach of data security requirements. In the event of a violation of his/her personal rights, the data subject may claim damages (Civil Code, § 2:52). The Controller shall be exempt from liability if the damage was caused by an unavoidable cause outside the scope of the processing. The Data Controller shall not compensate the damage and shall not be entitled to claim damages to the extent that the damage was caused by the intentional or grossly negligent conduct of the injured party.

Done and closed: Budapest, 14 February 2023