1: Data controller

Name: Resysten Hungary Korlátolt Felelősségű Társaság

Address: 2051 Biatorbágy, Füzes u.70.

Fiscal number: 24997421-2-13

Company registration number: 13-09-171345

Represented by: Péter Sándor Lehoczky, Managing Director

2. Rules of data management

This Privacy Policy is valid from its publication on the website until its withdrawal. The Data Controller (from now on referred to as the “Company”) processes personal data in connection with this interface based on its Privacy and Data Security Policy. The scope of the Policy covers all processes in all departments of the Company in which personal data, as defined in the Infotv and Regulation 2016/679 of the European Parliament and of the Council (from now on, GDPR), is processed.

The definitions in this Policy are identical to the interpretative explanations set out in Section 3 of the Infotv.

The Company shall process personal data only for specific purposes, for the exercise of rights and the performance of obligations, to the minimum extent and for the minimum period necessary to achieve the purposes. At all stages of processing, the purpose is fulfilled – and if the purpose of the processing ceases to exist or the processing otherwise becomes unlawful, the data will be deleted.

The Company will only process personal data with the data subject’s prior consent or based on a law or statutory authorisation.

The Company shall, in any case, inform the data subject of the purpose of the processing and the legal basis for the processing before including the data.

Employees who process personal data at the Company or any organisation that processes it shall keep the personal data they receive as a trade secret. Persons who process personal data and have access to them are required to sign a confidentiality declaration.

If a data subject becomes aware that personal data processed by the Company is inaccurate, incomplete or untimely, he or she must correct it or have it corrected by the Company.

The Company will only transfer data to a data processor on the basis of a contract of engagement with the data processor.

The Company’s respective Chief Executive Officer shall determine the organisation of data protection, the tasks and responsibilities for data protection and related activities, and shall designate the person responsible for supervising data processing.

In the course of their work, the employees of the Company shall ensure that personal data cannot be accessed by unauthorised persons and that personal data are stored and stored in such a way that they cannot be accessed, accessed, altered or destroyed by unauthorised persons.

The Company’s data protection system is supervised by an internal data protection officer.

3. Rights of data subjects

The data subject may request information on the processing of his/her personal data and may request the rectification or, except for processing required by law, the erasure of such data.

The Company shall respond to the request or objection received in writing and in an intelligible form within 15 days of receipt at the latest, or 5 days if the right to object is exercised.

The information shall include the information specified in Article 15 (1) of the Information Act, unless the information of the data subject may be refused by law.

As a rule, the information shall be provided free of charge, and the Company shall only charge a fee in the cases specified in Article 15(5) of the Information Act.

The Company shall refuse a request only for the reasons specified in Article 9(1) or Article 19 of the Information Act and only with justification, with the information specified in Article 16(2) of the Information Act, in writing.

The head of the department processing the data shall correct the data that is not correct, provided that the necessary data and the supporting documents are available, and shall take measures to delete the processed personal data if the reasons specified in Article 17(2) of the Infotv. apply.

For the duration of the examination of the objection of the data subject to the processing of his/her personal data – but for a maximum of 5 days – the head of the Company shall suspend the processing, examine the validity of the objection and take a decision, of which the applicant shall be informed in accordance with Article 21(2) of the Data Protection Act.

If the objection is justified, the Company shall proceed as provided for in Article 21(3) of the Infotv.

The Company shall also compensate for any damage caused to others by the unlawful processing of the data concerned or by the breach of data security requirements, as well as for any damages in the event of a personal injury caused by the Company or its data processor. The controller shall be exempted from liability for the damage caused and from the obligation to pay the damage fee if it proves that the damage or the infringement of the data subject’s personality rights was caused by an unforeseeable cause outside the scope of the processing. Likewise, it shall not compensate the damage if it was caused by the intentional or grossly negligent conduct of the injured party.

The data subject may lodge a complaint with the NAIH regarding the Company’s data processing:

Name: National Authority for Data Protection and Freedom of Information

Registered office.


4. Questions not covered by this information notice

The rules of the GDPR Convention and the Company’s Data Protection and Data Security Policy shall apply in matters not specified in this Prospectus.