DATA PROTECTION AND DATA MANAGEMENT POLICY
I. GENERAL PROVISIONS
Cellarius Kereskedőház limited liability company (hereinafter: “Controller”), in order to comply with the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: “Regulation”), and the Act CXII of 2011 on Information self-determination right and the freedom of information (hereinafter: “Privacy Act”), adopts the following rules.
The purpose of this Policy is to establish the data protection and data-processing provisions, principles of the Controller and the data protection and data-processing policy of the Controller.
The scope of this Policy shall include the website accessible at https://www.airocide-europe.com/ (hereinafter: “Website”) and the Controller’s data processings related to the trading activity.
Unless otherwise specified, the scope of the Policy shall not include services and data management related to the promotions, sweepstakes, services, other campaigns and contents of third parties advertised or otherwise displayed on the Website.
Unless otherwise specified, the scope of the Policy shall not include the services and data management of websites, service providers and information managers to which the link on the websites refers. The scope of the Policy shall not include the data processing of individuals (organizations, firms) for which the Data Subject has been informed of the Website by means of information note, newsletter or direct mail.
The Controller shall reserve the right to amend the Policy by unilateral decision.
By entering the Website, the Data Subject shall accept the provisions in force of the Policy and the further agreement of the Data Subject shall not be required unless otherwise specified in the Policy.
II. DEFINITIONS
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Personal data or data means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
Data Subject means a natural person who makes personal data available to the Controller or whose personal data are made available to the Controller.
External service provider means any third party providers used by the Controller or the Website operator directly or indirectly in connection with the provision of specific services, to whom Personal data are or may be transferred to provide their services and who may provide personal data to Controller. External service provider shall also mean any provider that do not cooperate with either the Controller or the operator of the services; however, by accessing the Website, they may collect data on the Data Subject which, either individually or in combination with other data, may identify the Data Subject. The Controller shall also consider the Data Subject as an external service provider during the provision of hosting services regarding the processing activity carried out by the Data Subject.
Privacy Policy: this Privacy Policy of the Controller.
The definitions of this Policy comply with the definitions of Article 4 of the Regulation and Section 3 of Infotv.
In so far as the definitions laid down by the applicable data processing legislation in force deviate from the definitions laid down by the Policy, the definitions shall be governed by the data processing legislation.
In so far as the Policy’s or the Controller’s other document regulating the processing of personal data refers to processing or data, it shall be regarded as personal data processing or personal data, unless otherwise specified.
III. THE CONTROLLER
Name of the Controller: Cellarius Kereskedőház limited liability company
Company registration number of the Controller: 02-09-069440
Principal place of business of the Controller: 7900 Szigetvár, Dencsházai út 12.
Website: https://www.airocide-europe.com/
Electronic address of the Controller:
The Controller’s representative: Ruppert Ignác Miklós executive director
Data Protection Officer: Pursuant to the Regulation, the Controller shall not be obliged to appoint a data protection officer.
The Controller shall operate the Website established to purchase the Controller’s products on the Internet, shall have commercial relations with suppliers and customers and may operate trading units.
IV. PRINCIPLES RELATING TO PROCESSING OF PERSONAL DATA
Lawfulness, fairness and transparency
Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the Data Subject. The Controller shall process the data specified in the legislation or data provided by the Data Subjects or their employers/principals/clients for the purposes set out below. The scope of personal data shall be commensurate with the purpose of the processing and shall not extend over it.
Accuracy
The accuracy and completeness, and, if deemed necessary with respect to the purpose of
the processing, the up-to-date status of the data shall be ensured throughout the processing.
Purpose limitation
Where the Controller intends to further process the personal data for a purpose other than that for which the personal data were collected, the Controller shall provide the data subject prior to that further processing with information on that other purpose, shall request prior explicit consent of the Data Subject and shall provide the Data Subject the opportunity to object and prohibit the processing of personal data.
Conformity
The Controller shall not verify the personal data provided to him. The person providing the personal data shall be exclusively responsible for the adequacy of the data provided.
Limited storage
Personal data shall be kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the personal data are processed.
Personal data protection of people aged under 16
The personal data of people under 16 shall be processed only with the consent of the adult exercising parental responsibility over them. The Controller cannot verify the consent and the content of the declaration of the contributing person; therefore, the Data Subject or the person exercising parental responsibility over the Data Subject warrants that the consent given complies with relevant laws. In the absence of consent, the Controller shall not collect personal data relating to a Data Subject aged under 16.
The Controller shall not transfer personal data to a third party other than the Data Processors and external service providers specified in the Policy.
During processing, appropriate technical or organisational measures shall be applied to ensure the appropriate security of personal data.
Exception to the provision of the present section is the use of the data in statistically summarized form, which shall not include any other data suitable for identifying the Data Subject in any form.
In some cases, including official court, police requests, legal proceedings because of copyright, property or other infringement or their reasonable suspicion and therefore the violation of the Controller’s interests, jeopardising of service providing, etc., the Controller shall make the personal data of the concerned Data Subject available to third parties.
The Controller shall notify the Data Subject and those to whom the personal data were previously transferred for data processing in case of rectification, limitation and deletion of the personal data processed. Notification may be omitted if it does not violate the legitimate interest of the Data Subject with respect to the purpose of data processing.
V. PURPOSE & LEGAL BASIS
Your personal data may be processed for different purposes and lawful bases depending on the functions of the Web shop to conclude and execute contracts with you, conduct marketing activities, for market and statistical analyzes, to improve quality and services, or to fulfill the relevant legal obligations of the Controller and identify ad frauds.
WEB SHOP
Entering your name and phone number is voluntary to allow our colleagues to be able to contact you.
a) We handle your data your data in a way that provides you the benefits of the Website (for example, placing orders without always having to fill out forms, accessing your purchase history, managing your contributions to the service, etc., and allowing you to use other services available on our website – Article 6(1)(b) GDPR), that is, to execute the contract, which is concluded by creating the account and accepting Privacy Policy of the Web shop.
b) The Controller and the companies in the group or their partners, or third parties (see section 11 of Cookie Policy for the list of third parties) with whom we cooperate in presenting advertising materials and offers (discounts) tailored to your needs based on profiling (that is, we analyze your activity on our website, your purchase history and behavior), so we can not only adapt to a specific customer group but also to your specific needs. However, our activities do not affect your decisions significantly, such as your purchasing decisions – [Article 6(1)(f) GDPR], the lawful basis of which is the legitimate interests pursued by the Controller or by a third party.
c) For the purposes of establishing, protecting and enforcing claims arising as part of the agreement between a you and the Controller and other purposes, such as of pursuing the legitimate interests of the Controller or third party (Article 6(1)(f) GDPR), which is in the legitimate interest of the Controller or the third party.
As a general rule, your personal data shall be processed for the purposes of contractual relations and marketing activities until you complain, except as required by law to process personal data for a longer period of time, but we shall also store personal data in case of a possible claim, which is defined by the law in the civil code, in particular, for a specific limitation period or other purposes for achieving our legitimate interests. In any cases, the longer storage period of personal data is decisive.
PLACE AN ORDER
Personal data provided during placing an order, other data collected in connection with your activities on the Website and the use of our services (in particular: name and surname, e-mail address, telephone number, address [street, number, apartment number, postal code, city, country)], address of domicile/business/registered office (if different from delivery address), bank account and, additionally, in the case of customers who are not consumers [(company) name and tax identification number)], may be processed for the following purposes:
a) Fulfilling your order and the contract concluded, with particular regard to its submission and confirmation of its reservation (if available and selected), or when delivering the selected product to the receiving point, or when contact is necessary for delivery (Article 6(1)(b) GDPR), which is essential to the sales contract concluded after ordering or reserving (if available and selected);
b) The Controller and the companies in the group or their partners, or third parties (see section 11 of Cookie Policy for the list of third parties) with whom we cooperate in presenting advertising materials and offers (discounts) tailored to your needs based on profiling (that is, we analyze your activity on our website, your purchase history and behavior), so we can not only adapt to a specific customer group but also to your specific needs; However, our activities do not affect your decisions significantly, such as your purchasing decisions – [Article 6(1)(f) GDPR], the lawful basis of which is the legitimate interests pursued by the Controller or by a third party.
c) For marketing, analytical and statistical purposes by other companies of the group as separate controllers of your personal data due to the promotion and development guidelines conducted jointly by our group has (see point XI below).
d) Establishing, protecting and enforcing claims arising as part of the agreement between a you and the Controller and other purposes, such as of pursuing the legitimate interests of the Controller or third party (Article 6(1)(f) GDPR), which is in the legitimate interest of the Controller or the third party.
e) Issuing and storing invoices, accounting documents and assessing complaints and goods returned within the deadline in the form laid down in the Code (Article 6(1)(c) GDPR), the lawful basis of which is the need to fulfill the legal obligation on the Controller.
For the purpose of fulfilling your order your personal data shall be processed during the contract period and stored for the period prescribed by law (taxation, accounting) and, in the case of marketing activities, until you file a complaint, except as required by law to process personal data for a longer period; we shall also store personal data in case of a possible claim, which is laid down by law in the civil code, in particular, for a specific limitation period or other purposes of our legitimate interests. In any cases, the longer storage period of personal data is decisive.
COMPLAINT FORM
Your personal data which you provided in connection with lodging a complaint (complaint form) and which we have collected for further communications may be processed for the following purposes:
a) Issuing and storing invoices, accounting documents and assessing complaints (Article 6(1)(c) GDPR), the lawful basis of which is the need to fulfill the legal obligation on the Controller.
b) Establishing, protecting and enforcing claims arising as part of the agreement between a you and the Controller and other purposes, such as of pursuing the legitimate interests of the Controller or third party (Article 6(1)(f) GDPR), which is in the legitimate interest of the Controller or the third party.
Your personal data shall be processed during the complaints handling period except as required by law to process personal data for a longer period (e.g. accounting); we shall also store personal data in case of a possible claim, which is laid down by law in the civil code, in particular, for a specific limitation period or other purposes of our legitimate interests. In any cases, the longer storage period of personal data is decisive.
CONTACT FORM
The Controller of your personal data shall be the entity listed in Section II of this Policy.
Your personal data which you provided in the contact form and which we have collected for further communications may be processed for the following purposes:
(a) For the purpose of communicating and answering to you (Article 6(1)(f) of the GDPR), the lawful basis of which is the legitimate interest of the Controller.
(b) Depending on the content of the communication, before the conclusion of the contract, we shall act on your request (Article 6(1)(b) GDPR), that is, the necessity for action prior to the conclusion of the contract.
c) Depending on the content, communication may be used for marketing, analytical and statistical activities (Article 6(1)(f) GDPR) performed by the Controller or its partners (see section 11), the lawful basis of which is the legitimate interest of the Controller or third party.
d) Establishing, protecting and enforcing claims arising as part of the agreement between a you and the Controller and other purposes, such as of pursuing the legitimate interests of the Controller or third party (Article 6(1)(f) GDPR), which is in the legitimate interest of the Controller or the third party.
The provision of personal data is voluntary but is necessary for effective communication.
Your personal data shall be processed during communication with you and, in the case of marketing activities, until you file a complaint, except as required by law to process personal data for a longer period; we shall also store personal data in case of a possible claim, which is laid down by law in the civil code, in particular, for a specific limitation period or other purposes of our legitimate interests. In any cases, the longer storage period of personal data is decisive.
NEWSLETTER
Your personal data that you provided when you subscribed to the newsletter may be processed for the following purposes:
(a) Completing the contract on newsletter service – the lawful basis of which is [Article [GDPR 6(1)(b)], that is, the need to perform the contract concluded (newsletter service policy) –, sending compelling ads and offers (discounts), for example by e-mail, SMS, MMS, push or instant messaging through applications e.g. Messenger, WhatsApp) to which your phone number is directly assigned. You may unsubscribe from the newsletter at any time.
b) The Controller and its partners or third parties (see section 11 of Cookie Policy for the list of third parties) for marketing, statistical and analytical purposes with whom we cooperate in presenting advertising materials and offers (discounts) tailored to your needs based on profiling (that is, we analyze your activity on our website, your purchase history and behavior), so we can adapt not only to a specific customer group but also to your specific needs. However, our activities do not affect your decisions significantly, such as your purchasing decisions – [Article 6(1)(f) GDPR] – the lawful basis of which is the legitimate interests pursued by the controller or by a third party.
c) For marketing, analytical and statistical purposes by other companies of the group as separate controllers of your personal data due to the promotion and development guidelines conducted jointly by our group has (see point XI below).
d) Establishing, protecting and enforcing claims arising as part of the agreement between a you and the Controller and other purposes, such as of pursuing the legitimate interests of the controller or third party (Article 6(1)(f) GDPR), which is in the legitimate interest of the controller or the third party.
The provision of personal data is voluntary but is necessary for newsletter subscription.
Your personal data shall be processed until the performance of the contract (Unsubscribe from newsletter) or until you file a complaint, except as required by law to process personal data for a longer period (taxation, accounting); we shall also store personal data in case of a possible claim, which is laid down by law in the civil code, in particular, for a specific limitation period or other purposes of our legitimate interests. In any cases, the longer storage period of personal data is decisive.
SOCIAL MEDIA PROFILES
The Controller of the personal data shall be the entity listed in this Policy and the Controller managing social media.
Your personal data, including those that you leave when you visit our social media profiles (including comments, likes, online identifiers, etc.), may be processed for the following purposes:
a) Marketing, analytical and statistical activities that enable you to actively use our profile and enables good operation for our website by providing information on initiatives and other activities in connection to the promotion of various events, services and products including activities of our third party partners (see section 11 of Cookie Policy) or other third parties with whom we cooperate, the lawful basis of which is [Article 6(1)(f) GDPR], the legitimate interest of the Controller or the third party.
b) Establishing, protecting and enforcing claims arising as part of the agreement between a you and the Controller and other purposes, such as of pursuing the legitimate interests of the Controller or third party (Article 6(1)(f) GDPR), which is in the legitimate interest of the Controller or the third party.
The provision of personal data is voluntary but it is necessary to use all the features of our social media sites.
Your personal data shall be processed until the period required to perform the conditions mentioned above or until you file a complaint, except as required by law to process personal data for a longer period; we shall also store personal data in case of a possible claim, which is laid down by law in the civil code, in particular, for a specific limitation period or other purposes of our legitimate interests. In any cases, the longer storage period of personal data is decisive.
SMS
The Controller of your personal data shall be the entity listed in Section II of this Policy.
Your personal data you’ve provided on the Web shop via text message may be processed for the following purposes:
(a) In case of inquires received via text message, the lawful basis of which is [Article 6(1)(f) GDPR], the legitimate interest of the Controller.
(b) Depending on the content of the communication, before the conclusion of the contract, we shall act on your request (Article 6(1)(b) GDPR), that is, the necessity for action prior to the conclusion of the contract.
c) Depending on the content, communication may be used for marketing, analytical and statistical activities (Article 6(1)(f) GDPR) performed by the Controller or its partners (see section 11), the lawful basis of which is the legitimate interest of the Controller or third party.
d) Establishing, protecting and enforcing claims arising as part of the agreement between a you and the Controller and other purposes, such as of pursuing the legitimate interests of the controller or third party (Article 6(1)(f) GDPR), which is in the legitimate interest of the controller or the third party.
Your personal data shall be processed during communication with you and, in the case of marketing activities, until you file a complaint, except as required by law to process personal data for a longer period; we shall also store personal data in case of a possible claim, which is laid down by law in the civil code, in particular, for a specific limitation period or other purposes of our legitimate interests. In any cases, the longer storage period of personal data is decisive.
VI. SOURCE OF DATA
The Company shall process personal data provided only by the Data Subjects or by legal entities using the service (work) of the Data Subjects for the preparation and completion of transaction and shall not process data from any other source.
The provision of personal data shall be based on the active contribution of the data subject through the website, phone, social media or other ways. In this regard, the Data Subject shall provide his name, e-mail address and telephone number.
VII. DATA MANAGEMENT FOR ADVERTISING PURPOSES, SENDING OF NEWSLETTERS
If the Data Subject has given his consent, the Company shall contact the Data Subject using the contact details provided and shall send him advertisements by direct request. The advertisement may be sent by post, by telephone (including SMS) or by e-mail (including Messenger); in any case this requires Data Subject’s consent. The Data Subject may withdraw the consent at any time without specifying a reason.
ARTICLE 8 COOKIES
The system of the Company may automatically record the IP address of the Data Subject’s computer, the starting date of the visit, and in some cases, depending on the settings of the computer, the browser and the type of the operating system. The recorded data in such manner shall not be interconnected with other personal data. Data management shall be used exclusively for statistical purposes. Cookies allow the Website to recognize, identify and register previous visitors. Cookies help the Company as the Website operator to optimize the Website and to customize the services of the Website to the Data Subject’s behaviour. Also, cookies remember the settings so they do not have to be re-registered if the Data Subject visits a new page, they remember the data entered earlier which do not have to be entered again, analyze the use of the Website to ensure that it functions as expected by the Data Subject to the fullest extent as a result of the developments carried out by using the processed data, allow the Data Subject to find the information easily and monitor the effectiveness of our advertisements.
If the Company uses external web services to show content it may result in the storage of some cookies that are not controlled by the Company with no control over the data that these websites or external domains collect. Information on these cookies are found in the relevant regulation of the given services.
The Company uses cookies to display advertisements to those affected by Google and Facebook. Data processing is carried out without human intervention.
The Data Subject has the option to delete cookies in his browser (Data Privacy Settings). By declining the use of cookies the Data Subject acknowledges that without cookies the Website is not fully functional.
IX. DATA TRANSFER
The Company shall transfer personal data to a third party only if the Data Subject – being aware of the scope of data transferred and the recipient of the data transfer – has given explicit consent to the transfer or where it is authorized by law.
The Company is entitled and obliged to transfer all available and properly stored Personal data to the competent authorities for which data transfer the Company is bound to by law or by legally binding magisterial obligation. The Company shall not be held liable for such transfer and the resulting consequences.
In all cases, the Company shall document the data transfers and keep records of the transfers.
X. DATA PROCESSING
The Company shall have access to a Data Processor to carry out its activities. The Data Processors shall not make an independent decision; they may proceed solely according to the contract concluded with the Controllers and the orders received. The Company shall monitor the work of the Processors. The Data Processors may only engage another Data Processors only upon the consent of the Company. The Controller shall use only Processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirement of lawfulness and ensure the protection of the rights of the Data Subject.
The Processor shall not engage another Processor without prior specific or general written authorisation of the Controller. In the case of general written authorisation, the Processor shall inform the Controller of any intended changes concerning the addition or replacement of other Processors, thereby giving the Controller the opportunity to object to such changes.
The Company shall indicate in the Policy the Data Processors engaged.
Processors engaged by the Company:
Anima-Labor Kft. (registered office: 7624 Pécs, Ferencesek utcája 14., 1. em. 4; tax number 24989273-1-02; company registration number: 02-09-081081, represented by Miklós Takács executive director), which develops, manages and improves the Website at https://airocide.hu and the web store available on it, and conducts online marketing for the Website. The Controller shall have access to the personal data of the persons involved in the processing without restriction, but only within the limits set by the purpose of and legal basis for the processing. As the operator of a website, the Processor may carry out the same operations as the Controller.
adMinister Könyvelőiroda Kft. (registered office: 2051 Biatorbágy, Ritsman Pál utca 8.; tax number: 1095391-2-13; company registration number 13-09-213830; represented by: Vass Ingrid Laura executive director) as the company responsible for the accounting of the Controller. With regard to the processing and in order to comply with the provisions of the Law on accounting, the Controller shall have access to personal data to the extent strictly necessary for that purpose.
Benedek és Társa Ügyvédi Iroda (7621 Pécs, Rákóczi út 46., represented by Dr Tamás Zsolt, lawyer) as the law firm authorised by the Controller. It shall access to the personal data in case of enforcement of claims.
XI. EXTERNAL SERVICE PROVIDERS
The Company shall engage external service providers with whom the Company cooperates.
Personal data processed in the systems of the external service providers shall be governed by the privacy policy of the external service provider. The Company shall use its best endeavours to ensure that the external service provider manages the personal data transferred in compliance with the law, and that the personal data are used exclusively for the purpose determined by the Data Subject or specified below in the Policy.
The Company shall inform the Data Subjects of the transfer of data to the external service providers in the context of the Policy.
External service providers:
GLS General Logistics Systems Hungary Kft. (2351 Alsonémedi, GLS Európa utca 2.)
Magyar Posta Zrt. (1191 Budapest, Üllői út 114-116.)
Facebook Ireland Ltd., 4 Grand Canal square, Grand Canal Harbor, Dublin 2, Ireland)
Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, United States of America)
Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-7329, USA)
XII. DATA SECURITY TASKS
The Company shall ensure the security of the data, implement the technical and organizational measures and establish the procedural rules necessary for the enforcement of the applicable legislations, data protection rules and confidentiality rules. The Company shall take appropriate measures to protect the data against unauthorized access, modification, transfer, disclosure, erasure or destruction, accidental destruction and damage as well as inaccessibility due to technological changes.
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Company and the Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
Within this framework, the Company:
- shall ensure the measures for protection against unauthorised access, including the protection of software and hardware devices, as well as physical protection (access control, network protection);
- shall implement measures to ensure the recovery of data files, including regular backup;
- shall provide anti-virus protection.
XIII. PROCEDURE FOR THE ENFORCEMENT OF THE DATA SUBJECT’S RIGHTS
The Data Subject may exercise these rights by electronic mail sent to or by post sent to the branch of Cellarius Kereskedőház limited liability company (7622 Pécs, Siklósi út 22.). Cellarius Kereskedőház limited liability company shall commence the investigation and fulfillment of the Data Subject’s request without undue delay after receipt of request. The Company shall inform the Data Subject of the actions taken on its request within 30 days of receipt of request. If the Company is unable to comply with the request, it shall inform the Data Subject within 30 days of the reasons of refusal and the rights of remedies.
XIV. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
Without prejudice to any other administrative or judicial remedy, every Data Subject shall have the right to lodge a complaint with a supervisory authority if the Data Subject considers that the processing of personal data relating to him or her infringes this Regulation or the Infotv. The Authority shall investigate the complaint and inform the complainant on the progress and the outcome of the complaint. The Data Subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement. Please read the contact details of the Hungarian National Authority for Data Protection and Freedom of Information below.
Without prejudice to any available administrative or non-judicial remedy, each Data Subject shall have the right to an effective judicial remedy where he or she considers that his or her rights under this Regulation have been infringed by Cellarius Kereskedőház limited liability company, or by the Processor or joint Controller acting on behalf of, or instructed by Cellarius Kereskedőház limited liability company as a result of the processing of his or her personal data in non-compliance with this Regulation.
The court shall act promptly in such case. The action shall be decided by the court. The litigation may, at the Data Subject’s discretion, also be started before the court with territorial competence over the domicile or place of residence of the Data Subject or the court of Cellarius Kereskedőház limited liability company’s registered office.
Anyone may initiate an investigation against Cellarius Kereskedőház limited liability company by making a report to the National Authority for Data Protection and Freedom of Information on the grounds of impairment with regard to the handling of personal data or a direct threat to that event as well as should Cellarius Kereskedőház limited liability company restrict the enforcement of Data Subject’s rights or refuse the request aimed at the enforcement of such rights. The notification may be submitted through one of the following contact details:
National Authority for Data Protection and Freedom of Information
[Postal address: 1530 Budapest, PO box: 5. 1125 Budapest, Szilágyi Erzsébet avenue 22/c,
Phone: +36 (1) 391-1400, Fax: +36 (1) 391-1410, email: ,URL: http://naih.hu]