PRIVACY NOTICE

www.jura.hu

1

Table of content

1. Who processes your personal data ?..................................................................................................... 3

2. What types of personal data we process? (Data processing operations) ............................................3

2.1 If you visit the www.jura.hu website (data recorded automatically and cookies) ......................... 3

2.1.1 Data recorded automatically ....................................................................................................... 3

2.1.2 Use of cookies .............................................................................................................................. 3

2.2 Facebook ......................................................................................................................................... 6

2.3 If you apply for a job ....................................................................................................................... 6

2.4 Newsletters ..................................................................................................................................... 7

2.5 Reporting the need for repair service ............................................................................................. 7

2.6 If you contact us ............................................................................................................................. 7

2.7 Our company operates an access control system .......................................................................... 8

2.8 A video surveillance (CCTV) system is in place at our company ..................................................... 9

2.9 Business relationships ..................................................................................................................... 9

2.10 Application of Jura.......................................................................................................................9

3.Your rights ...............................................................................................................................................9

3.1 You may withdraw your consen t .................................................................................................. 10

3.2 You may request information (access to your data)..................................................................... 10

3.3 You may request the rectification of your data………………………………………………………………………….11

3.4 You may request the erasure of your personal data („right to be forgotten”)................... ……..11

3.5 You may request us to restrict the processing your personal data .............................................. 11

3.6 You may request us to transfer your personal data (right to data portability) ............................ 12

3.7 You may object to the processing of your personal data ............................................................. 12

4. Available legal remedie s ................................................................................................................. 12

4.1 You may lodge a complaint with NAIH ......................................................................................... 12

4.2 Right to seek a judicial remedy ..................................................................................................... 13

4.3 Compensation for damages and restitutio n ................................................................................. 13

5. Data security ................................................................................................................................... 13

6. Data transfers ................................................................................................................................. 13

7. Miscellaneou s ................................................................................................................................. 14

Appendix 1: Principles and legislation governing our processing of personal dat a ................................ 15

Appendix 2: What do these terms mean? (Definition of the terms used in this Privacy Notice) ........... 16

2

1. Who processes your personal data?

Controller: JURA-TRADE Kereskedelmi Kft.

Short name: JURA-TRADE Kft.

Registered office: Fészek utca 3, HU-1125 Budapest, Hungary

Company registration number: 01-09-261145

Registration authority: Commercial Court of the Metropolitan Court

VAT number: 10809257-2-43

E-mail: adatkezeles@jura.hu

Phone number: +36 1 275 1250

Represented by: Koltainé Agnes Bakonyi

Name of the privacy officer: Arpad Papp

Contact details of the privacy officer: privacy@jura.hu

(hereinafter referred to as “Controller”)

2. What types of personal data we process? (Data processing operations)

2.1 If you visit the www.jura.hu website (data recorded automatically and cookies)

2.1.1 Data recorded automatically

If you visit our website, certain information will be recorded automatically about your device (e.g. laptop,

PC, phone or tablet). This information includes your IP address, date and time of your visit, the pages

visited, website from which access was made or from which you were directed to our website, type of

browser and operating system used, and domain name and address of your Internet service provider. This

information will be automatically logged by the web server that hosts our website without any special

statement or action from you. Statistical data are automatically generated by our system based on this

information. These data cannot be linked to other personal data except in cases provided for by the law.

We use these data solely in an aggregated and processed form in order to correct any faults in our systems

and improve the quality of our services, as well as for statistical purposes.

Purpose of data processing: Technical development of our IT system, control of the functioning of the

service, production of statistics and protection of the visitors’ rights. In the event of abuses, personal data

can also be used to determine the perpetrators of such abuses in cooperation with the Internet service

provider of visitors and the competent authorities.

Legal basis of data processing: Our legitimate interest on proper functioning of the site based on Section

13/A (3) of Act CVIII of 2011 on Certain Issues of Electronic Commerce Activities and Information Society

Services.

Duration of data processing: 30 days from the time when the website was visited.

2.1.2 Use of cookies

What is a cookie?

A cookie is a small text file that is stored on the hard drive of your computer or mobile device until the

expiration date set in the given cookie, and is activated (sends information back to the web server) during

later visits. Websites use cookies to capture information concerning visits (pages visited, time spent on

3

individual pages, browsing data, when the user leaves a page, etc.) and personal settings. Cookies help us

build a user-friendly website and enhance the visitors’ online experience.

On other platforms, where cookies are unavailable or cannot be used, other technologies having a similar

purpose may be used, such as advertising IDs on Android devices.

There are two types of cookies, the so-called “session (or transient) cookies” and “persistent cookies”.

Both types of cookies are stored in the browser’s file directory until the user deletes them.

•

“Session cookies” are stored in the temporary memory of your computer, notebook or mobile

device and they are not retained after you have left the website. These cookies help the system

remember your information so that you do not have to re-enter or complete that information

again and again. Session cookies expire at the end of each user session, and are intended to

prevent data loss (for example, when completing a long form). This type of cookies is

automatically deleted from the user’s computer when the session ends or the browser is closed.

•

“Persistent cookies” are stored on your computer, notebook or mobile device even after you exit

the site. These cookies allow the site to recognize you as a returning visitor. Persistent cookies, by

associating IDs with users on the server side, are capable of identifying you, for example, in all

cases where user authentication is indispensable (e.g. webshop, online banking, webmail) and a

necessary condition for proper operation. Persistent cookies do not store personal data, and can

only be used to identify a user together with the associated information stored in the server’s

database. The risk inherent in this type of cookies is that they do not actually identify the user but

the browser, and therefore, if someone logs into an online store in a public place (e.g. an Internet

café) and forgets to log out upon leaving the workstation, another person, using the same

computer may gain unauthorized access to the online store in the original user’s name.

What types of cookies we use?

A. Cookies essential for the functioning of our website:

Legal basis of data processing: Our legitimate interest on proper functioning of the site based on section

13/A (3) of Act CVIII of 2011 on Certain Issues of Electronic Commerce Activities and Information Society

Services.

name

purpose

duration of

data

Provider

(privacy notice)

processing

PHPSESSID

Our site only uses one type of session Session

cookies for the purpose of collecting

information on the steps you take during

your visit on the site, including the text

you enter in the “Request a quote” form,

as long as you stay on the page you are

currently viewing, and also for the

purpose of capturing the menu items you

visit in order to allow you to go back.

Our cookie

4

B. Cookies collecting statistical data

Legal basis of data processing: Your consent. You may withdraw your consent at any time; however, such

withdrawal shall be without prejudice to any legitimate data processing carried out prior to that date.

name

purpose

duration of

data

Provider

(privacy notice)

processing

_ga

These cookies only collect statistical data. 2 years

Our cookie

They are used to collect information about

your use of the site, which topics you view,

_gid

1 day

collect

Session

Google

Analitics)

Privacy notice:

https://support.google.

com/analytics/answer/6

004245?hl=hu

(Google

which links you click on, how you scroll up

and down the website, and which pages

you visit. These statistical data also allow

us to better adapt our site to user

requirements.

How can I enable or disable cookies?

Most web browsers enable cookies automatically, but visitors have the option to delete or disable them.

Since each browser is different, you can set individually your preferences regarding cookies using the

browser toolbar. Furthermore, you can delete the cookies stored on your computer or mobile device at

any time. For more information on these settings, please visit the “Help” menu item in your browser.

Please note that if you choose to disable cookies, you will not be able to use the above-mentioned features

of our website.

Link to the cookie settings guide of Microsoft.

Link to the cookie settings guide of Mozilla Firefox.

Link to the cookie settings guide of Google Chrome.

Link to the cookie settings guide of Opera

Link to the cookie settings guide of Apple Safari.

5

2.2 Facebook

We are available on Facebook under the username Jura-Trade Kereskedelmi Kft.

Facebook users can subscribe to the News Feed of Jura-Trade Kereskedelmi Kft. by clicking on the “Like”

or “Follow” button and unsubscribe by clicking on the “Dislike” or “Unfollow” button. Using the Wall

settings, you can delete any unwanted news appearing on your Facebook Wall.

By following us, your profile will become available to us, but we will not process or record any data from

your profile in our internal system. We will not use your data for any purposes other than sending you

updates.

Purposes of data processing: Sending you current information about our products, the latest news,

educational articles and materials.

Legal basis of data processing: Your consent. You may withdraw your consent at any time by “unfollowing”

us. Such withdrawal shall be without prejudice to any legitimate data processing carried out prior to that

date.

Duration of data processing: Our news will only appear on your News Feed for as long as you want. If you

“unfollow” us, our posts will no longer appear in your News Feed. You can also have access to our News

Feed if you are not following us, but you will not get separate notifications.

Facebook is a controller that is independent of us. For information on how personal data provided on

Facebook are processed, please visit the following links: https://www.facebook.com/policies/cookies/

andhttps://www.facebook.com/about/privacy/update

2.3 If you apply for a job

If you send us a job application through our website, by e-mail or post (whether to an advertised job

opening or in general), you give your consent to the processing of your personal data.

Purpose of data processing: Keeping contact with job applicants and selecting the right candidates.

Legal basis of data processing: Your consent. You may withdraw your consent at any time; however, such

withdrawal shall be without prejudice to any legitimate data processing carried out prior to that date.

Please note that the processing of the personal data provided by you and/or requested by us is essential

for us to evaluate your application and select the right candidate.

Duration of data processing: After deciding who will fill a vacancy, the CVs of applicants responding to

that specific job advertisement and the personal data and documents sent in connection with their

application will be handled as follows:

– unsuccessful applicants will be asked by e-mail or on paper whether or not they want us to store their

application in our database for an additional year, and contact them about job openings. If a negative

answer or no answer is received within 30 days, the application and the applicant’s data will be erased

from our system.

– the data of the successful applicant will be transferred to our employee database and erased from the

applicants’ database.

6

Generic applications sent by post or e-mail to unadvertised jobs will be stored in our database for a year.

After one year, CVs and any other personal information will be erased.

Regardless of the above, you have the right to request the erasure of your personal data at any time, and

the personal data you provided will be erased from our database immediately.

It is possible that we receive your application package from a recruitment agency or an HR portal. Those

companies are separate controllers, and therefore you can find information about their data processing

activities on their corporate websites.

2.4 Newsletters

We will process your name and e-mail address for the purpose of sending you newsletters. It is not

mandatory to specify the name and activities of your company (where applicable), but if you do so, we

will send you personalised newsletters.

Purpose of data processing: Keeping you informed about the latest news.

Legal basis of data processing: Your consent. Please note that if you do not consent to the processing of

your data, we will not be able to send you newsletters.

Duration of data processing: You will only receive our newsletters for as long as you want. If you do not

want to receive further newsletters, you can unsubscribe at any time by clicking on the link at the bottom

of the newsletter or by sending an e-mail to newsletter@jura.hu . Such withdrawal of consent shall be

without prejudice to any legitimate data processing carried out prior to that date.

2.5 Reporting the need for repair service

If you would like to use our repair or maintenance service, please contact us by e-mail at support@jura.hu

or by telephone or post. Our service engineers will be at your disposal.

Purpose of data processing: Keeping contact with inquirers, providing repair services.

Legal basis of data processing:

✓If we provide our services to you, our legal basis is the performance of contract concluded with you.

The provision of data is mandatory. If we are not allowed to process your personal data, we will not be

able to provide you repair services

✓If we provide our services to your company, our legal basis is our legitimate interest on performance

of contract concluded with your company.

Duration of data processing:

✓Data included in invoices in accordance with the applicable tax or accounting legislation are stored for

8 years;

✓Any other data and correspondence related to your orders and your use of our services are stored for

the limitation period under civil law, i.e. 5 years.

2.6 If you contact us

You can contact us using any of our contact details (through our website, by e-mail, telephone, post or via

7

Facebook). Options are available on our website to request a quote or send an inquiry.

In the cases mentioned above, you give your consent to the processing of your personal data.

Purpose of data processing: Keeping in contact with inquirers; responding to their inquiries and/or acting

on their requests.

Legal basis of data processing: Your consent. You may withdraw your consent at any time; however, such

withdrawal shall be without prejudice to any legitimate data processing carried out prior to that date.

Please note that if we are not allowed to process the personal data you provided, we may not be able to

respond to your inquiry or act on your request.

Duration of data processing: These messages and any personal data included in them will be deleted after

responding to your request, question or complaint. However, where this is necessary for tax or accounting

purposes or for the protection of the rights and interests of the Controller or of the inquirer, the data will

be archived and stored for the required period of time, which will be determined on a case-by-case basis.

2.7 Our company operates an access control system

If you have received an access badge, we will process the following personal data concerning you:

✓first and last name;

✓identity card number;

✓access badge number;

✓time and place of arrivals and departures.

These data are processed solely for the purpose of ensuring the security of the building and any assets

and persons located in the building.

Purpose of data processing: Ensuring the safety and security of the office building, employees and visitors.

Legal basis of data processing: Our legitimate interest on ensuring the safety and security of the office

building, employees and visitors.

Duration of data processing:

The identification data (name, personal identity card number, access badge number) of the persons

authorized to access the building, which are processed for the purpose of operating an electronic access

control system, will be erased:

(a) in the case of regular access, immediately upon cessation of the entitlement to access the building.

(b) in the case of one-time visits, 24 hours after the person left the building.

Data generated during the operation of the electronic access control system (date and time of arrivals and

departures) will be erased:

(a) in the case of regular access, upon cessation of the entitlement to access the building, but no later

than six (6) months after the date when the data was generated,

(b) in the case of one-time visits, 24 hours after the person left the building.

An exception is when the above data are transferred to a competent authority.

Data can be accessed by the private security company B CONSULTING SERVICE Vagyonvédelmi Kft., H-

1102 Budapest, Kőrösi Csoma Sándor út 18-20. as controller. Where necessary, data may also be accessed

by an employee appointed by the Controller.

8

2.8 A video surveillance (CCTV) system is in place at our company

Our company operates a video surveillance system in order to ensure the security of individuals and their

property. Symbols and warning signs advise the people entering the premises about the video surveillance

system.

You can find further information about the video surveillance system on the spot, in the given office

building. Upon request, we will send you by e-mail a copy of the privacy notice concerning the video

surveillance system.

2.9 Business relationships

In the contracts concluded with our business partners or during business contacts, we share the contact

details of our contact persons and process the contact details provided by our business partners.

Purpose of data processing: Keeping in contact to ensure the preparation or performance of contracts or

for other business purposes.

Legal basis of data processing: We have a legitimate interest in performing our contracts and liaising with

partner companies.

Duration of data processing: The contact details of contact persons are processed throughout the

existence of a business relationship, until our business partner notifies us about a change in their contact

details/person.

2.10 Application of Jura

If you create a user account to use the application, We will process your name and e-mail address. It is

not mandatory to specify the name and e-mail address to use the application, but if you do so, you will

also have access to non-public projects.

Purpose of data processing: Verification of eligibility for access to non-public projects.

Legal basis of data processing: Your freely given consent. Please note that if you do not consent to the

processing of your data, we will not be able to grant you access to non-public projects.

Duration of data processing: We will only process your personal data for as long as you maintain your user

account. If you no longer wish to maintain your user account, you can terminate it at any time, in which

case your personal data will also be deleted. Such withdrawal of consent shall be without prejudice to any

legitimate data processing carried out prior to that date. User accounts will be deleted after 2 years of

inactivity.

3. Your rights

You have the rights detailed in Sections 3.1 to 3.7 concerning the processing of your personal data. If you

would like to exercise any of these rights, please notify us in writing using one of the following contact

details:

9

Address: Fészek utca 3, HU-1125 Budapest, Hungary

E-mail: adatkezeles@jura.hu

Identification

Before acting on your request, we are always required to verify your identity. If we cannot identify you,

unfortunately we will not be able to act on your request.

Responding to the request

After identification, we will respond to your request in writing, electronically or, if you request so, orally.

Please note that if you have submitted your request by electronic means, we will also respond by

electronic means. Of course, even in this case, you have the right to request us to reply in a manner

alternate to e-mail.

Time limit for response

You will be provided information on the action taken on your request without undue delay and in any

event within twenty-five (25) day of receipt of your request.

We are required to inform you without delay and at the latest within twenty-five (25) day of receipt of

your request of the reasons for not taking action on the request. In this case, you may lodge a complaint

with the National Authority for Data Protection and Freedom of Information (NAIH) (see Section 4.1) or

exercise your right to judicial remedy (see Section 4.2).

Administrative fee

The requested information will be sent to you and measures will be taken free of charge. The only

exception from this is where requests are manifestly unfounded or excessive, in particular because of

their repetitive character. In this case, we may charge a fee or refuse to act on your request.

3.1 You may withdraw your consent

In the case of data processing based on consent, you may withdraw your consent at any time. In such a

case, we will erase your personal data in respect of that processing within five (5) working days after the

receipt of your relevant notice. Please note that this withdrawal shall be without prejudice to the

lawfulness of the processing carried out earlier based on your consent.

3.2 You may request information (access to your data)

✓ You may be request information as to whether personal data is being processed concerning you, and

if so:

✓ What is the purpose of the processing?

✓ What data do we process exactly?

✓ To whom do we transfer these data?

✓ How long do we store these data?

✓ What rights do you have and what legal remedies are available to you in this regard?

✓ From what source did we receive your data?

✓ Is there any automated decision-making about you using your personal data? In such cases, you may

also request information about the logic (means) involved, as well as the significance and the envisaged

consequences of such processing for you.

10

✓ If you have found that your data have been forwarded to an international organization or to a third

country (non-EU Member State), you may request that we demonstrate the existence of suitable

safeguards to ensure the proper processing of your personal data.

You may request a copy of your personal data being processed. (For any additional copies, an

administrative fee will be charged).

3.3 You may request the rectification of your data

You have the right to request the rectification of inaccurate personal data from us concerning you or to

have incomplete personal data completed.

3.4 You may request the erasure of your personal data („right to be forgotten”)

You have the right to request from us the erasure of personal data concerning you where one of the

following grounds applies:

✓the personal data are no longer necessary in relation to the purposes for which they were processed;

✓in cases where the processing was based on solely your consent;

✓it is established that the personal data have been unlawfully processed by us;

✓this is required by Union or Member State law;

✓the personal data have to be erased for compliance with a legal obligation in Union or Member State

law to which the controller is subject;

✓the personal data have been collected in relation to the offer of information society services to

children.

Personal data may not be erased to the extent where processing is necessary:

✓for exercising the right of freedom of expression and information;

✓for compliance with a legal obligation which requires processing by Union or Member State law to

which the controller is subject or for the performance of a task carried out in the public interest;

✓for reasons of public interest in the area of public health;

✓for archiving purposes in the public interest, scientific or historical research purposes or statistical

purposes in so far as the right referred to in paragraph 1 is likely to render impossible or seriously

impair the achievement of the objectives of that processing; or

✓for the establishment, exercise or defence of legal claims.

3.5 You may request us to restrict the processing your personal data

You have the right to request from us the restriction of processing where one of the following applies:

✓The accuracy of the personal data is contested by you for a period that enables us to verify the accuracy

of the personal data;

✓The processing is unlawful but you oppose the erasure of the personal data and request the restriction

of their use instead;

✓We no longer need the personal data for the purposes of the processing, but they are required by you

for the establishment, exercise or defence of legal claims;

✓You have objected to processing, pending the verification whether the legitimate grounds of the

controller override your legitimate grounds.

✓Where the processing has been restricted, such personal data shall, with the exception of storage, only

11

be processed with your consent or for the establishment, exercise or defence of legal claims or for the

protection of the rights of another natural or legal person or for reasons of important public interest

of the Union or of a Member State.

We will inform you before the restriction of processing is lifted.

3.6 You may request us to transfer your personal data (right to data portability)

You have the right to receive the personal data that we process concerning you in a structured, commonly

used and machine-readable format and have the right to transmit – or request us to transmit – those data

to another controller, where the processing is based on your consent or on a contract concluded with you

or in your favour, or the processing is carried out by automated means.

The above right may not be exercised where processing is necessary for the performance of a task carried

out in the public interest. This right may not infringe the right to erasure, and may not adversely affect

the rights and freedoms of others.

3.7 You may object to the processing of your personal data

You have the right to object to the processing of your personal data, where:

✓Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a

third party, including profiling carried out based on such processing.

✓In the cases mentioned above, personal data will be erased, unless we demonstrate compelling

legitimate grounds for the processing which override your interests, rights and freedoms or for the

establishment, exercise or defence of legal claims.

You may also object to the processing of your personal data, where:

✓

Processing is carried out for direct marketing purposes (in this context, you may also object to

profiling). In this case, your personal data will be erased.

✓

Processing is carried out for scientific or historical research purposes or statistical purposes. In this

case, your personal data will be erased, unless the processing is necessary for the performance of a

task carried out for reasons of public interest.

4. Available legal remedies

4.1 You may lodge a complaint with NAIH

If you believe that personal data concerning you are processed in violation of the General Data Protection

Regulation, you have the right to lodge a complaint with a supervisory authority in the Member State of

your habitual residence, your workplace or the place of the supposed infringement. In Hungary,

complaints should be filed with the National Authority for Data Protection and Freedom of Information

(NAIH).

NAIH:

Chairman: dr. Attila Péterfalvi

Postal address: 1363 Budapest, Pf.: 9

Address: 1055 Budapest, Falk Miksa utca 9-11.

Telephone: +36 1 391-1400

Fax: +36 1 391-1410

Web: http://naih.hu

12

E-mail: ugyfelszolgalat@naih.hu

4.2 Right to seek a judicial remedy

If you believe that personal data concerning you are processed in violation of the General Data Protection

Regulation, and therefore your rights under the General Data Protection Regulation have been infringed,

you have the right to seek a judicial remedy.

For proceedings against a controller or processor, the action should be brought before the courts of the

Member State where the controller or processor has an establishment. Such action may also be brought

before the courts of the Member State of your habitual residence.

In Hungary, these legal proceedings fall within the jurisdiction of general courts (törvényszék). Upon the

data subject’s request, the action may be brought before the court that is competent based on the

domicile or the place of residence of the data subject. Even those may be party to these proceedings who

otherwise have no capacity to be a party to judicial proceedings. The Authority may intervene in these

proceedings to ensure that the data subject will be the successful party. These court proceedings shall be

governed, in addition to the General Data Protection Regulation, by the provisions laid down in Book Two,

Part Three, Title XII (Sections 2:51 to 2:54) of Act V of 2013 on the Civil Code as well as other regulations

applicable to court proceedings.

4.3 Compensation for damages and restitution

Where the Controller causes any damage as a result of the unlawful processing of the data subject’s

personal data or infringes any of the data subject’s personality rights, the Controller may be required to

pay restitution (in Hungarian: “sérelemdíj”). The Controller may be exempted from the liability to pay

damages or restitution, where it can prove that the damage was caused by, or the violation of the

personality rights of the data subject is attributable to, inevitable reasons beyond its control.

5. Data security

Taking into account the state of the art, the costs of implementation and the nature, scope, context and

purposes of processing as well as the risk for the rights and freedoms of natural persons, we use our best

endeavours to implement appropriate technical and organizational measures to ensure a level of security

appropriate to the risk.

Personal data are always processed confidentially, with limited access, using encryption and maximizing

resilience as much as possible, and in case of arising issues, we ensure restorability of the data. Our system

is tested regularly to guarantee maximum security. In assessing the appropriate level of security, we take

into account in particular of the risks that are presented by processing, in particular from accidental or

unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted,

stored or otherwise processed.

We will use our best endeavors to ensure that any person acting under our authority who has access to

personal data does not process them except on our instructions, unless he or she is required to do so by

Union or Member State law.

6. Data transfers

We will only transfer your personal data to processors and controllers specified in this Privacy Notice and

solely in accordance with the provisions of this Privacy Notice. The Controller may only transfer your

13

personal data to other controllers with your prior consent.

In the cases specified by the law, we reserve the right to disclose the personal data we process to the

competent authorities or courts in accordance with their request, without a specific consent of the data

subject.

7. Miscellaneous

The Controller may modify the terms and conditions of this Privacy Notice at any time. Any modification

shall come into effect concurrently with its publication on the website. Visitors of the website will be

informed of any modification in a pop-up window.

Last update: November 2025

14

Appendix 1: Principles and legislation governing our processing of personal data

When processing personal data, we are bound by the following legislation:

✓General Data Protection Regulation (“GDPR”) – Regulation (EU) 2016/679 of the European Parliament

and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing

of personal data and on the free movement of such data, and repealing Directive 95/46/EC;

✓Data Protection Act – Hungarian Act CXII of 2011 on the Right to Informational Self-Determination and

Freedom of Information and subsequent implementing legislation;

✓Act CVIII of 2001 on Certain Issues of Electronic Commerce Activities and Information Society Services;

✓Act V of 2013 on the Civil Code;

✓Act CL of 2017 on the Rules of Taxation and subsequent implementing legislation;

✓Act C of 2000 on Accounting and subsequent implementing legislation;

✓Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising

Activities;

✓Act CXXXIII of 2005 on Security Services and the Activities of Private Investigators;

✓Act C of 2003 on Electronic Communications (Section 155);

✓DIRECTIVE 2002/58/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 July 2002

concerning the processing of personal data and the protection of privacy in the electronic

communications sector (Directive on privacy and electronic communications).

When processing personal data, we observe the following principles:

a) The Controller only processes personal data for the purposes and duration specified herein. The

Controller only processes personal data that are necessary and appropriate to achieve the purposes of

the processing.

b) When processing data, only those people engaged or employed by the Controller whose job duties

require access to the data may have access to the personal data that have become known to the

Controller.

15

Appendix 2: What do these terms mean? (Definition of the terms used in this Privacy Notice)

“personal data” means any information relating to a natural person (“data subject”) (a name, an

identification number, location data, an online identifier or one or more factors specific to the physical,

physiological, genetic, mental, economic, cultural or social identity of that natural person);

“sensitive data” means personal data revealing racial or ethnic origin, political opinions, religious or

philosophical beliefs or trade union membership, genetic data, biometric data for the purpose of uniquely

identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual

orientation;

“data concerning health” means personal data related to the physical or mental health of a natural

person, including the provision of health care services, which reveal information about the health status

of the natural person;

“data subject” means any identifiable natural person whom the specific personal data concern (such as a

visitor to our website, a person who subscribes to our newsletter, a job applicant);

“processing” means any operation or set of operations, which are performed on personal data or on sets

of personal data, whether or not by automated means, such as collection, recording, organization,

structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission,

dissemination or otherwise making available, alignment or combination, restriction, erasure or

destruction;

“controller” means the natural or legal person, public authority, agency or other body which, alone or

jointly with others, determines the purposes and means of the processing of personal data;

“data management” means the performance of any technical operation in connection with the data

processing;

“processor” means a natural or legal person, public authority, agency or other body which processes

personal data on behalf of (and based on the instructions and by decision of) the controller;

“profiling” means any form of automated processing of personal data consisting of the use of personal

data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict

aspects concerning that natural person’s performance at work, economic situation, health, personal

preferences, interests, reliability, behavior, location or movements;

“third party” means a natural or legal person, public authority, agency or body other than the data

subject, controller, processor and persons who, under the direct authority of the controller or processor,

are authorized to process personal data;

“consent” of the data subject means any freely given, specific, informed and unambiguous indication of

the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies

agreement to the processing of personal data relating to him or her.

16