DND Telecom Center Telecommunications, Information Technology, Services Ltd. (hereinafter referred to as the "Data Controller" or "DND Ltd.") as the operator of the website available under the domain name www.dnd.hu (hereinafter referred to as the "Website") hereby publishes information on the processing of data within the framework of the Website, the services related to the Website and other services provided by the Data Controller.
By accessing the Website and by using the services of the Data Controller, users accessing the Website and using the telephone helpline (hereinafter referred to as "User" or "Data Subject" or "you") accept all the terms and conditions set out in this Privacy Notice (hereinafter referred to as "Notice"), and therefore please read this Notice carefully before using the Website or the services.
By providing this Data Protection Notice, DND Ltd. intends to comply with the provisions of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (hereinafter referred to as the GDPR Regulation or the Regulation) and Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter referred to as the Infotv.). The Data Controller shall endeavour to provide the data subject with all information relating to the processing of personal data in a concise, transparent, intelligible and easily accessible form, in clear and plain language, and to facilitate the exercise of the data subject's rights.
DND Ltd. reserves the right to amend this notice unilaterally, with effect from the date of its amendment. In this regard, it is recommended that you visit the website regularly in order to monitor changes.
Operator of the Site
Name: DND Telecom Center Communications, Information Technology, Information Technology, Services Ltd.
Registered office: Hungary, 1089 Budapest, Elnök street. 1.
Phone number: +36-1-459-8050
Fax number: +36-1-210-1757
Represented by: Sándor Csányi, Managing Director
EU tax number: HU12275085
Company registration number: 01-09-661564
E-mail address: dndATdndDOThu
Data protection contact: Sándor Csányi, Managing Director, e-mail: dndATdndDOThu
2. Visiting the Website without making a purchase
You may visit the Website free of charge and without providing any personal information about yourself. By accessing the Website, you and DND Ltd. are connected by means of a telecommunication device, the information being provided over an open network (Internet). This requires DND Ltd to comply with enhanced control and security requirements.
The data controller reserves the right to grant access to certain content only after prior registration, and will inform the user of the detailed data protection principles prior to registration.
The Data Controller reserves the right to restrict some or all of the free content available to certain users if the user's activity or activities cause disruption or damage to the operation and maintenance of the website or are contrary to the interests of the rights holder.
DND Ltd. will endeavour to ensure that its service is secure from a technical point of view, in accordance with the legal provisions in force concerning the processing of personal data. The same applies to the service provider who makes our web pages available, who is obliged to treat the information that comes to their knowledge as a trade secret. The web hosting service is provided by the National Association for Radio Emergency Call and Infocommunication (1089 Budapest, Elnök u. 1.). The National Association for Radio Emergency and Infocommunication is a data processor.
3. Scope of the data processed
In the registration interface you have the possibility to provide your data in order to use the services of the Website. During registration, you will be required to provide the following personal data (data marked with * are mandatory):
• full name*
• e-mail address*
• newsletter subscription
When shopping in the online store
If you select a product on the Website, you will have the opportunity to enter your details in the shopping interface so that DND Ltd can fulfil your order. When making a purchase, you will be required to provide the following personal data (data marked with * are mandatory):
• full name*
• billing address (country, city, street, house number, postal code)*
• e-mail address*
• shipping address (if different from billing address)*
• telephone number**
You may also provide the following information during the purchase process:
• payment method*
• delivery method*
• newsletter subscription
DND Ltd. declares that in the case of payment by credit card, DND Ltd. does not process, collect, store or have access to any card data necessary for the payment transaction. DND Kft. declares that the transaction data is stored, processed, used, stored, processed, stored and not used by K&H Bank Zrt. (hereinafter referred to as the "Bank") does not assume any liability for the lawfulness of the processing of the data by the Bank (hereinafter referred to as the "Bank"). The User may obtain information on the Bank's data processing from the Bank's website or other contact details.
After registration, the system will create your User Profile, which contains the following information:
• the data you provided during registration
• your registration data, which you have provided during the registration process.
When using your User Profile, you will be able to provide the information necessary to make a purchase in the online store, modify the information you have provided, delete information except for optional information, subscribe or unsubscribe to newsletters, consent or withdraw consent to profiling and set up product tracking.
Subscribe to the newsletter
On the Website, you also have the possibility to subscribe to the DND Ltd. newsletter via a dedicated interface. In order to subscribe to the newsletter, you will be required to provide the following personal data (data marked with * are mandatory):
• full name*
• e-mail address*
• contribution to profiling.
By subscribing to the newsletter, you consent to DND Kft. sending targeted, personalised advertising and offers to the e-mail address you have provided. In the course of profiling, DND Ltd. uses the following personal data and information that constitutes personal data:
• full name
• e-mail address
• data relating to products purchased in DND Ltd's shop (data provided during purchase, billing information)
In the DND Kft. shop, customers and visitors have the possibility to subscribe to the DND Kft. newsletter on a special paper form (hereinafter referred to as the "Data Sheet"). In order to subscribe to the newsletter, the following information must be provided (information marked with * is mandatory):
• full name*
• e-mail address*
• contribution to profiling.
When handling complaints
In the case of a written complaint: name; postal or e-mail address; subject and content of the complaint.
In the case of an oral complaint, or an oral complaint made by telephone if the complaint is not immediately resolved, the Data Controller shall keep a record of the following data: name; address; place, time, manner, subject and content of the complaint; unique identification number of the complaint.
Only persons over the age of 16 are entitled to submit data on the Website or the Data Sheet.
4. Purpose and duration of data processing
DND Ltd. uses the data for the following purposes in connection with the provision of services available from the Website:
• Registration on the Website and use (purchase) of the Website: The purpose of the processing is to provide the services of the Website and the webshop available on the Website, such as the registration and performance of the contract for the purchase, the delivery of the purchased products, the contact with the Users in connection with the purchase; (Data Management Registration Number: NAIH-116611/2017)
• In case of creation of a User profile: Management, modification, deletion of data stored in the User profile, purchases, use of data to facilitate purchases in the online store.
• In case of subscribing to a newsletter on the Website or on the Data Sheet: Sending an electronic newsletter, advertising message about products, services, promotions, promotions and competitions related to DND Ltd. to the e-mail address provided by the Data Subject (hereinafter collectively referred to as the "Newsletter"). (Data Management Registration Number: NAIH-116611/2017)
• In case of complaint: The purpose of the processing is to handle complaints received by DND Ltd. orally, by telephone, in writing and by e-mail, to document the identity of the User, the exact time of the complaint, the content of the complaint and the information provided by the Data Controller regarding the complaint, for the purpose of tracing the complaint.
DND Ltd. will process personal data for the duration of the purpose of the processing, such as in the case of registration on the Website, profiling and sending newsletters, until the User requests the deletion of his/her data or withdraws his/her consent to the processing of his/her personal data or to the receipt of newsletters.
The personal data will be deleted immediately upon the termination of the purpose of the processing or upon the User's request, except for the data that DND Ltd. is legally obliged to keep for the period specified in the legislation imposing the mandatory processing.
In the case of purchases made in the online store available on the Website, the necessary data for the enforcement of claims and rights arising from the contract between the User and the Data Controller shall be processed for 5 (five) years after the purchase in accordance with Act V of 2013 on the Civil Code, Act 6:22. § In addition, in order to fulfil the retention obligation of the Data Controller, the Data Controller shall retain the name and address of the User on the accounting voucher for 8 years, solely for the purpose of fulfilling the accounting obligation, pursuant to Article 169 of Act C. on Accounting (hereinafter referred to as the Accounting Act).
In the case of complaint handling, the Service Provider shall keep the minutes of the oral complaint, the written complaint and the response to it for 5 (five) years pursuant to Article 17/B of Act CLV of 1997 on Consumer Protection.
DND Ltd. reserves the right to delete the User profile if you do not log in to your User profile within one year of your registration and do not request that your User profile not be deleted within the time limit specified in the e-mail sent to the e-mail address provided during registration.
5. Legal basis for processing personal data
By registering, using your User Profile, creating a Profile or subscribing to the Newsletter, you consent to DND Ltd. processing your personal data as described in this Notice. The processing of personal data is based on your voluntary consent given in the knowledge of this information.
The legal basis for processing personal data processed in the course of placing an order or making a purchase on the Website is the statutory provision imposing mandatory data processing, i.e. Section 169 of the Accounting Act, irrespective of the consent of the data subject (or its withdrawal).
Users may only provide their own personal data on the Website. If they do not provide their own personal data, the data provider is obliged to obtain the consent of the data subject.
In addition, unless otherwise provided by law, DND Ltd. may process the personal data collected for the purpose of fulfilling a legal obligation to which it is subject or for the purpose of pursuing its own legitimate interests or the legitimate interests of third parties, where such interests are proportionate to the restriction of the right to the protection of personal data, without any further specific consent and even after the withdrawal of the User's consent.
6. Data security
DND Ltd. undertakes to ensure the security of the data, to take technical and organisational measures and to establish procedural rules to ensure that the data collected, stored and processed are protected and to prevent their destruction, unauthorised use and unauthorised alteration. It also undertakes to require all third parties to whom it transfers or discloses data on the basis of the consent of the Users to comply with the requirement of data security.
DND Ltd. shall ensure that the data processed cannot be accessed, disclosed, transmitted, modified or deleted by unauthorised persons. The processed data may only be accessed by DND Ltd. and its employees or the Data Processor it has engaged, and DND Ltd. will not disclose them to third parties who are not authorised to access the data.
DND Ltd. will make every effort to ensure that the data is not accidentally damaged or destroyed. DND Ltd. shall require the above commitment from its employees involved in the data processing activities.
You acknowledge and accept that if you provide your personal data on the Website, even though DND Ltd. has state-of-the-art security measures in place to prevent unauthorised access to or disclosure of your data, the protection of your data on the Internet cannot be fully guaranteed. In the event of unauthorised access or disclosure of data despite our efforts, DND Ltd. shall not be liable for any such acquisition or unauthorised access or for any damage suffered by the User as a result thereof. In addition, you may also provide your personal data to third parties who may use it for unlawful purposes or in unlawful ways.
Under no circumstances will DND Ltd collect sensitive data, i.e. data concerning racial or ethnic origin, membership of national or ethnic minorities, political opinions or party affiliations, religious or other beliefs, membership of interest groups, health, disability, sexual life or criminal records.
The security of the data is ensured by DND Ltd in the most up-to-date manner possible. DND Ltd. undertakes to immediately suspend the service and publish a statement in the event of a data protection incident that occurs despite the measures set out above, until the fault is rectified, and to keep records of the data protection incident and the measures taken.
7. Who has access to personal data, processing of data
DND Ltd and its Data Processors are entitled to access personal data in accordance with the applicable legislation.
• Radio Emergency and Infocommunication National Association (1089 Budapest, Elnök utca 1. E-mail: infoATrsoeDOThu; Tel.: 06-1-303-0168; Contact: Csaba Kovács) The purpose of the processing is to provide the hosting service necessary for the operation of the Website.
• DPD Hungária Kft. (1158 Budapest, Késmárk u. 14. B., E-mail: dpdATdpdDOThu; Tel.: 06-1-501-6200; Contact: Rebeka Jamrik) The purpose of the processing is to provide parcel delivery and courier services.
• GLS Hungary Kft. (2351 Alsónémedi, GLS Európa u. 2., E-mail: infoATgls-hungaryDOTcom; Tel.: 06-29-886-660; Contact: Balázs Stelkovics) Purpose of the processing: parcel delivery, courier service.
• Magyar Posta Zrt. (1138 Budapest, Dunavirág utca 2-6., E-mail: ugyfelszolgalatATpostaDOThu; Tel.: 06-1-767-8282) Purpose of data processing: parcel delivery, courier service.
The Data Controller reserves the right to involve additional data processors in the future, which it will inform Users of by amending this Notice.
In the absence of an express legal provision, the Data Controller shall only disclose personally identifiable data to third parties with the express consent of the User concerned.
8. Rights of the User
a) Right to prior information and right of access of the data subject (Articles 13-15 GDPR Regulation)
AThe Data Subject shall have the right to be informed of the facts and information relating to the processing prior to the start of the processing. The Data Controller shall, upon the User's request, provide information about the personal data processed by the Data Controller, the source of the data, the purposes, legal basis and duration of the processing, the name and address of the data processor and the activities of the data processor in relation to the processing, and, in the case of transfer of the data subject's personal data, the legal basis and the recipient of the transfer. The information may be requested by e-mail to dndATdndDOThu and by post to DND Telecom Center Kft., 1089 Budapest, Elnök utca 1. The Data Controller shall reply in writing within 30 (thirty) days of receipt of the request at the latest.
b) Right to rectification (Article 16 GDPR Regulation)
The User shall have the right to request the rectification of his/her personal data (indicating the correct data) also by e-mail to dndATdndDOThu and by post to DND Telecom Center Kft., 1089 Budapest, Elnök utca 1. The Data Controller shall promptly make the correction in its records and shall notify the data subject in writing of the correction.
c) Right to erasure (Article 17 GDPR Regulation)
The Data Subject shall have the right to obtain, upon his or her request, the erasure of personal data relating to him or her by the Controller without undue delay and the Controller shall be obliged to erase personal data relating to the Data Subject without undue delay where one of the grounds set out in the Regulation applies:
• the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
• the data subject withdraws the consent on the basis of which the processing was carried out and there is no other legal basis for the processing;
• the Data Subject objects to the processing and there are no overriding legitimate grounds for the processing;
• the personal data have been unlawfully processed;
• the personal data must be erased in order to comply with a legal obligation under Union or Member State law applicable to the controller;
• the personal data have been collected in connection with the provision of information society services.
The erasure of the data may not be initiated if the processing is necessary: for the exercise of the right to freedom of expression and information; for compliance with an obligation under Union or Member State law to process personal data or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for public health purposes or for archiving, scientific or historical research purposes or statistical purposes in the public interest; or for the establishment, exercise or defence of legal claims.
The User may request the deletion of his/her data, in whole or in part, at any time, as described above, by e-mail to dndATdndDOThu and by post to DND Telecom Center Kft., 1089 Budapest, Elnök utca 1., free of charge, without giving any reason, by providing proof of his/her identity and a postal address. Upon receipt of the request for erasure, the Data Controller shall, without undue delay, ensure the cessation of the processing of personal data, except for personal data specified in the law imposing mandatory processing, and shall erase the User from its records.
d) Right to restriction of processing (Article 18 GDPR Regulation)
The Data Subject shall have the right to obtain, at his or her request, restriction of processing by the controller if one of the conditions set out in the Regulation is fulfilled:
• the Data Subject contests the accuracy of the personal data, in which case the restriction shall apply for a period of time which allows the accuracy of the personal data to be verified;
• the processing is unlawful and the data subject opposes the erasure of the data and requests instead the restriction of their use;
• the controller no longer needs the personal data for the purposes of the processing but the data subject requires them for the establishment, exercise or defence of legal claims; or
• the Data Subject has objected to the processing; in this case, the restriction shall apply for a period of time until it is established whether the legitimate grounds of the Controller prevail over the legitimate grounds of the Data Subject.
Where processing is subject to restriction, personal data other than storage may be processed only with the consent of the Data Subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the Union or of a Member State.
The User may request the restriction of the processing, in whole or in part, as set out above, by sending an e-mail to dndATdndDOThu and by post to DND Telecom Center Kft., 1089 Budapest, Elnök utca 1., free of charge, without giving any reason, by providing proof of his/her identity and indicating the postal address. Upon receipt of the request, the controller shall ensure that the processing is restricted without undue delay, except for personal data specified in the law imposing mandatory processing.
e) Obligation to notify the rectification or erasure of personal data or restriction of processing (Article 19 GDPR Regulation)
The Controller shall inform each recipient to whom or with which the personal data have been disclosed of any rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. Upon request, the Data Subject shall be informed by the Controller of these recipients.
If the Data Controller does not comply with the User's request for rectification, restriction or erasure, it shall, within 25 (twenty-five) days of receipt of the request, communicate in writing the factual and legal grounds for refusing the request for rectification, restriction or erasure. In the event of refusal of a request for rectification, erasure or restriction, the Data Controller shall inform the User of the possibility of judicial remedy and of recourse to the National Authority for Data Protection and Freedom of Information.
Furthermore, the User may at any time decide that the Data Controller shall no longer send him/her the Newsletter or shall no longer apply profiling to him/her. The User may withdraw his/her consent to receive the Newsletters or to profiling at any time, free of charge, without any justification and without any limitation, by clicking on the unsubscribe button at the bottom of the Newsletters or by sending a letter to the address dndATdndDOThu or to the postal address Hungary, 1089 Budapest, Elnök street 1. (indicating his/her precise personal data). Upon receipt of the unsubscription request, the Data Controller will immediately delete the unsubscribed User's data from its direct marketing database and will no longer send the User any newsletters or use profiling.
If the withdrawal of consent concerns only data processing for direct marketing purposes (sending newsletters, profiling), the Data Controller shall delete the User from the direct marketing database without delay, but shall otherwise continue to be entitled to process the User's data in order to provide the Website services used by the User.
f) Right to data portability (Article 20 GDPR Regulation)
Subject to the conditions set out in the Regulation, the Data Subject has the right to receive personal data relating to him or her which he or she has provided to a controller in a structured, commonly used, machine-readable format and the right to transmit such data to another controller without hindrance from the controller.
The User may request the data concerning him or her and the transmission of the data, in whole or in part, as described above, by e-mail to dndATdndDOThu and by post to DND Telecom Center Kft., 1089 Budapest, Elnök utca 1., free of charge, without giving any reason, by providing proof of his or her identity and indicating the postal address. The Data Controller shall ensure the transmission of the data immediately upon receipt of the request.
g) Right to object (Article 20 GDPR Regulation)
The Data Subject shall have the right to object at any time, on grounds relating to his or her particular situation, to processing of his or her personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions.
In the event of an objection, the Controller may no longer process the personal data, unless there are compelling legitimate grounds for doing so which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the Data Subject shall have the right to object at any time to the processing of personal data concerning him or her for such purposes, including profiling, where it is related to direct marketing.
In the event of an objection to the processing of personal data for direct marketing purposes, the data shall not be processed by the Company for such purposes.
The Data Controller shall examine the objection within the shortest possible time from the date of the request, but not later than 15 days, decide whether it is justified and inform the applicant in writing of its decision. If the User does not agree with the decision of the Data Controller or if the Data Controller fails to comply with the above time limit, the User may, within 30 days of the notification of the decision or the last day of the time limit, take the matter to court.
h) Automated decision-making in individual cases, including profiling (Article 22 GDPR Regulation)
The Data Subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. (see under 8(e))
i) Informing the data subject of the personal data breach (Article 34 GDPR Regulation)
If the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Data Controller shall inform the Data Subject of the personal data breach without undue delay.
9. Legal remedies
All natural and legal persons shall have the right to an effective judicial remedy against a legally binding decision of a supervisory authority which is addressed to them, or where the supervisory authority does not deal with the complaint or does not inform the data subject within three months of the procedural developments concerning the complaint lodged or of the outcome of the complaint. (Article 34 of the GDPR Regulation) Any data subject shall have an effective judicial remedy if he or she considers that his or her rights under this Regulation have been infringed as a result of the processing of his or her personal data not in accordance with this Regulation. (Article 34 GDPR Regulation)
Any Data Subject may, in the event of an alleged violation of his or her rights in relation to the processing of his or her personal data, also apply to the competent court, in the capital city to the Metropolitan Court or lodge a complaint with the National Authority for Data Protection and Freedom of Information (President: Dr. Attila Péterfalvi, 1024 Budapest, Szilágyi Erzsébet fasor 22/C., ugyfelszolgalatATnaihDOThu, +36-1-3911400, https://www.naih.hu).
10. Other provisions
Measures taken on the basis of a request by the data subject
Requests and requests addressed to the Data Controller must be sent to the address provided.
The Data Controller shall inform the data subject of the measures taken in response to his/her request to exercise his/her rights without undue delay and in any event within one month of receipt of the request.
If necessary, taking into account the complexity of the request and the number of requests, this time limit may be extended by a further two months. The Data Controller shall inform the Data Subject of the extension of the time limit within one month of receipt of the request, stating the reasons for the delay.
Where the Data Subject has submitted the request by electronic means, the information shall be provided by electronic means where possible, unless the Data Subject requests otherwise.
If the controller does not take action on the data subject's request, it shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for the lack of action and of the possibility for the data subject to lodge a complaint with a supervisory authority and to exercise his or her right of judicial remedy.
The Controller shall provide the information and information on the rights of the data subject (Articles 13 and 14 of the GDPR Regulation) and the action (Articles 15 to 22 and 34 of the GDPR Regulation) free of charge.
If the Data Subject's request is manifestly unfounded or excessive, in particular because of its repetitive nature, the Controller shall, taking into account the administrative costs of providing the requested information or information or of taking the requested action:
• a) charge a fee of HUF 20.000,-, or
• b) refuse to act on the request.
The burden of proving that the request is manifestly unfounded or excessive shall lie with the Data Controller.
If the Data Controller has reasonable doubts as to the identity of the natural person making the request, it may request additional information necessary to confirm the identity of the Data Subject.
This Information Notice is governed by the GDPR and the provisions of Hungarian law, in particular Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information.