Select Page



When you use the services of you will also pass on your own data, some of which will be automatically (IP address, browser type) and the rest with your consent (form filling) recorded. Your personal information is handled legally and fairly by the owner of the website, following the legal regulations in force and following the written and non- written rules of international privacy standards. protect user data for all applications, procedures, and data transfer and storage methods. Everyone on this basis will have access to and use of their personal information.

Personal data is any information on which the user is directly or indirectly identifiable, in particular the name, address, identification, and email address.

No third party will be provided with any information – without the user’s consent – from which the user’s identity can be credibly restored. We retain user data in every case and do everything from organizational and technical aspects to data security. There is no danger to our users’ personal data when viewing pages.


At your request, your service provider will provide you with information about yourself and your service provider or your service provider (or the data processor entrusted by the service provider). Thus, on the source, the purpose, the legal basis, the duration of the data processing, the name, address and data management of the data processor, the circumstances of the data incident, its effects and the measures taken to remedy it, and, in the case of transmission of the personal data of the data subject, the legal basis and the addressee of the data transfer. The service is provided by the service provider within 14 (fourteen) days of receipt of your request. You can request information in the following ways:

In the form of an electronic letter to the entrepreneur’s e-mailing address: Email:


If you or your service provider finds that your personal information is inaccurate, defective or otherwise inappropriate, either on your own request or by the provider’s own action, the service provider specifies incomplete / incorrect data.


You can at any time request the final and unreachable deletion of your personal information when your contractor handles your data on your behalf. In the event of data processing for the contractor or your legitimate interest, as well as compulsory statutory storage and custody obligations, the service provider can not delete your data. The service provider deletes the personal data at the same time as the data management is terminated. Also, the service provider deletes the data if it proves that the handling of the data is unlawful for a reason or even if it is finally ordered by an authority or a court.


You may at any time request that the processing of data for you or the data provided to you by your service provider be restricted. The service provider does not cancel the data if it wishes to cancel the data, but locks the data if the data deletion would violate your legitimate interest. Locked data is only handled by the service provider as long as the target is blocked, and the locked data will be deleted as well.


You have the right at any time to withdraw your consent to manage your personal information. To cancel your consent, follow these steps:

E-mail form entrepreneur’s email address:


You may file your complaint regarding data processing to the National Data Protection and Information

National Privacy and Freedom Authority


Complaint online:

Complaint letter by letter: 1125 Budapest, Erzsébet fasor 22 / c


You are entitled to apply for a court of law in connection with the processing of data. You may file your application to the court of your place of residence with the court of your choice at your own discretion. Your application will be judged by the court in extraordinary proceedings.


Your personal information will be provided by the person who fills the Order Form or the Contact Form. If the Order has not been received from you, the service provider will discard the data sheet unlawfully submitted to the service provider, together with its full data content, upon its notice, or if you indicate this.


The provider seeks to ensure the security of the data with all the technical means that he or she is expected to do, thereby making every effort to be made, including strict access to the data.



Pursuant to the 2016/679 GDPR Decree and the Act CXII of 2011 on Information Freedom of Information and Freedom of Information, (1), before the processing of personal data, the person concerned should be informed of the following:

– the name and contact details of the business and, where applicable, of the Data Protection


– denotes the purpose of collecting the data; the categories of data; the legal basis for data processing;

– where data are transmitted to an external data processor, this is the fact, the name and

location of the data processor; the categories of data transmitted, the duration of data handling and the consequences of non-transmission,

– we need to provide information on whether we are transmitting data outside the EU and the existence of the decision-making based on automated data management, its logic and its implications.

– we need to inform the person concerned that you may receive the data collected upon request, as this has the right of access and we must be informed about his data protection rights;

– separately from the right to lodge a complaint with the Data Protection Authority; that you have the right to revoke your consent at any time,

– we will finally be informed of the consequences of refusing consent.

The information must be made in writing, but may be given orally if the person concerned properly certifies his or her identity. The information must be free of charge. In the case of data received from the 3rd person or public source, we must inform the data subjects about our data management within one month after the data is received in accordance with the above list.

There is no need to use this information if your posting proves impossible or requires disproportionate effort or if data processing is required by law. For data from 3rd person used in the address list, the first letter may be written in writing.

  1. 2. BASIC DATA

Marton Evelin EV (hereinafter referred to as “Service Provider, Data Controller”) submits the following information.

This Privacy Policy describes the data management of the following websites:


Records: the sum of data processed in one register.

Data Processing: Perform technical tasks related to data management operations, regardless of the method and device used to perform operations, and the location of the application, provided that the technical task is performed on the data. In the interpretation of this Code, data processing is in particular any technical data management operation that does not require a substantive decision, which is performed by the data processor on the basis of the data controller’s mandate.

“Data processor” means a natural or legal person or an organization without legal personality, or who, by virtue of a contract concluded with the data controller, including the conclusion of a contract under the provisions of the law, processes the data.

Data Controller: For the personal data handled for a particular department, the manager managing the organizational unit responsible for managing all personal data handled by the organizational unit in accordance with these rules.

Media: Physical appearance of the data, storage location, including documents.

Data Requester: a natural or legal person or an organization without legal personality who either submits an application to the data controller regarding the handling, correction, deletion or blocking of his / her personal data.

Data management: regardless of the method used, any operation or aggregation of operations, such as collecting, capturing, capturing, organizing, storing, transmitting, publishing, aligning or linking, blocking, modifying, using, querying, deleting, and destroying all the operations. This includes preventing further use of data, capturing photographs, sound or images, and recording physical features (such as finger or palm, footprint, DNA pattern, iris) for identifying the person. In the interpretation of this Policy, data management is especially a decision to make decisions on certain data management operations, issuing instructions.

Data Administrator: a natural or legal person or an organization without legal personality that, either independently or together with the purpose of managing the data, takes decisions and executes decisions on data handling (including the equipment used) or performs with the data processor entrusted by it .

Personal Data: Data Affected by an Investigator. in particular the name, identifying sign and name of one or more physical, physiological, mental, economic, cultural or social identities of the person concerned, as well as the deduction from the data to the person concerned.

Data incident: a security breach resulting in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to the personal data transmitted, stored or otherwise treated or unauthorized access to the data.


Legitimate data management requires that the processing of personal data should have a legal basis governed by GDPR.


Contribution is a clear revelation of the will of the person concerned based on voluntary, concrete and appropriate information. Volunteering is conceptually a real choice for the person concerned. Thus, the refusal to grant a contribution involves the exclusion of a service and therefore has a negative consequence. Contribution-based data management can not be interpreted in a situation where there is power imbalance between the two parties.

Specified consent is required in special cases involving significant data protection risks for the subject. According to the accountability principle, the data controller is subject to a verification obligation, so

the Data Controller must prove that he or she has consented to the processing of the personal data of

the person concerned.

The consent can be withdrawn at any time and the person concerned must be informed before giving his / her consent.

The Data Manager. In the case of data management based on consent, only personal data is processed if the contribution is voluntary, based on information and serves a specific purpose, all the reasons for data management are clearly defined, explicit and positive.

Prior to the consent, the persons concerned will receive and sign a written notice explaining the possibility of withdrawal of the consent in all cases, clear and simple language, visible, revocable and revoked. Information is always provided in a concise, comprehensible and easily accessible form, in plain language and in a clear language for everyone.

The prospectus must include the following points:

  • contact details of data controller and data protection officer;
  • indicate for what purpose, collect data;
  • indicate the categories of data;
  • indicate the legal basis for data handling;
  • if other data controllers can receive the data, this should also be communicated;
  • transfer data outside the EU;
  • information is provided to the person concerned about receiving the collected data as he has access;
  • be informed about their data protection rights;
  • be informed that you have the right to lodge a complaint with the Data Protection Authority;
  • be informed that you have the right to revoke your consent at any time;
  • be informed about the existence of decision-making based on automated data management, its logic and its consequences;
  • finally, inform the consequences of refusing consent. The information must be free of charge.


An adequate basis for data management is when it is required in the context of a contract or a contractual intention. It must be interpreted strictly, ie it is no longer a proper legal basis for data handling in the case of data handling prior to the conclusion of the contract, which leads to the conclusion of the contract.


The legal basis for data handling may be the fulfillment of an obligation under EU or national law. The obligation should be based on binding legislation, in which case the purpose of data management should also be defined in EU or national legislation.


A vital interest as a data base can be applied if data management is necessary for the protection of the vital interest of the concerned or another natural person. A vital interest as a legal basis can be applied only in the event of a serious emergency.


Data handling in the public interest can be used as a legal basis if data management is necessary for the performance of a task in the public interest or in the exercise of a public authority delegated to the data controller.

This includes when the Data Controller is requesting a data service to perform a public task and the provision of personal data is not provided by the authority and is not based on the law.


In the case of a legitimate interest, the handling of personal data is necessary to enforce the legitimate interests of the data controller or a third party, unless the interests or fundamental rights and freedoms of the data subject that require the protection of personal data prevail over this interest.

To determine whether the data subject’s legitimate interest prevails over the interests of the data subject, or his fundamental rights or freedoms, the so-called interest weighing test must be carried out. Written documentation of the Interest Weighing Test in order to understand why the Personal Data Management planned by the Data Controller is needed, how the data controller will perform it, and how to safeguard the interests of those involved in the process.


  1. 1. Determine the purpose of data management, what data categories, how long does it take to handle a legitimate interes
  2. 2. Defining the legitimate interest of the data controller as far as possib
  3. 3. Is it necessary to manage your personal data to achieve this goal? Are there alternative solutions that can be used to achieve the intended purpose without the handling of personal data or with less personal data?
  4. 4. Determine what the interests of the data person concerned may be in relation to the particular data handling that could be brought against data management?
  5. 5. Determine why the legitimate interests of the data controller are proportionate to the rights of the data contro

The data management principles are respected and enforced by the Data Manager at every moment of its data management.

Personal data can be handled if the party concerned agrees to it by a local government or by law or, in the circle specified therein, under the authority of the law.

Personal data can only be handled for a specific purpose, in order to exercise the right and to fulfill obligations. At all stages of the data handling, it must meet this goal.

Only personal data that is essential for achieving the purpose of the data management can only be used to reach the goal and only to the extent and for the time necessary to attain it.

Personal data can be transmitted and different data management can be linked when the party concerned has consented to it or by law and if the terms of the data are met for each personal data.

Personal data may be transmitted from the country to a data controller or data processor in a third country irrespective of the medium or mode of data provided that the party concerned expressly consented to it or permitted by law and that personal data in the third country are handled or processed appropriate level of protection.

In the case of mandatory data handling, the purpose and conditions of the data management, the scope and knowledge of the data to be handled, the length of the data management and the data controller are defined by the law on data management or the municipal decree.

A law may order the disclosure of personal data in the public interest, with the explicit indication of the scope of the data. In all other cases, disclosure is required by the consent of the person concerned

and, in the case of special data, in writing. In doubt, it is to be presumed that the person concerned did not give his consent.

The consent of the person concerned shall be deemed to be given in respect of the information which he has communicated or made available for disclosure in the public interest concerned.

It must be presumed that the consent of the person concerned to the treatment of his or her data needs to be taken into account in the proceedings initiated by the person concerned, and the concerned person must be referred to that fact.

You may also grant your consent to a contract with the Data Handler in writing to complete the contract. In this case, the contract must contain all information that the data subject needs to know for the purposes of personal data management, in particular the definition of the data to be processed, the duration of the data handling, the purpose of use, the transmission of data and the use of data processing. The contract must, in an unambiguous manner, contain the signature of the signatory to manage its data as specified in the contract.

The right to privacy and the privacy of the person concerned, unless otherwise provided by the law, can not be infringed by other interests related to the processing of data, including the publicity of public interest data.



Informing the data subjects is an obligation of the data controller to serve the principle of transparency. The data subjects should be informed of the contact details of the data controller, the relevant circumstances of the data handling, the rights of the data subject and the possibilities of enforcement.

Information should also be provided to the data subject if the personal data was not collected from them. The deadline for providing information in the two cases varies as follows:

  • when personal data are collected from the data subject when collecting data,
  • If personal data comes from other sources, information should be provided to the data subjects within 1 month of the acquisition (if the data are used for contact purposes when first contact is made).

The information is warranted for the exercise of the rights concerned and therefore the party concerned

  • understandable and transparent
  • In principle, in writing (electronic way is also included) at the request of the person concerned orally
  • be informed free of charge.


The right of access serves the purpose of the principle of transparency. At the request of the person concerned, he must be returned to prove that his personal data are being processed and, if so, he must have access to the personal data he or she handles and have access to the following information:

  • the purpose of data management,
  • categories of treated personal data,
  • recipients,
  • the planned storage time,
  • the rights of the person concerned,
  • the right to lodge a complaint (right of appeal)
  • Automated decision-making, including profiling.


This right enforces compliance with the principle of accuracy. If you are the Data Manager. is not accurate, the person concerned may request correction or supplementation of the incorrect person’s identity.


The Data Manager. he / she is obliged to delete the personal data relating to him when he / she so requests

  • Data is no longer needed for the purpose from which it was collected or otherwise treated,
  • the party concerned withdraws his consent and there is no other legal basis for data handling,
  • the data subject is objecting to data handling based on the legitimate interest or the performance of a public task, for reasons related to his / her own, including profiling and no legitimate reason for data handling or for objecting to marketing activity,
  • personal data has been unlawfully handled,
  • personal data should be deleted for compliance with the legal obligation imposed on the controller under applicable Union or national law.

The Data Handler is not required to delete the data at the request of the person concerned if any of the exceptions listed below apply. Personal data concerning the data subject can not be deleted when data processing is required

  • to exercise the right to freedom of expression and information,
  • to fulfill the obligation under EU or national law applicable to the data controller, or to carry out a task carried out in the exercise of public interest or exercise of public authority,
  • public interest in the area of public health,
  • For public interest archiving purposes, for scientific and historical research purposes or for statistical purposes, if the right to cancel would likely make it impossible or seriously compromise this data management,
  • advocating, enforcing or protecting legal claims.


When data is limited, the Data Manager can only store personal information, but can not otherwise handle them. Exceptions to data handling or disclosure, validation or protection of data or the protection of the rights of a natural or legal person with the consent of the person concerned or data management in the Union or in the public interest of a Member State.

In the following cases you may be required to restrict the personal data of the affected person:

  • If the person concerned disputes the accuracy of the personal data, the restriction applies to the period of time that the data controller verifies the accuracy of the personal data,
  • Data handling is illegal, but the data subject is opposed to the deletion of the data and

instead asks for their use to be restricted,

  • the data controller no longer needs personal data for data processing, but the data subject requires them to submit, enforce or protect legal claims,
  • the person concerned protests against data handling based on the performance of a

legitimate interest or a public task, including profiling, for reasons related to his / her own situation, the restriction applies to the period until it is established that the data controller’s legitimate reasons prevail over the legitimate cause of the data subject.


The right of data storage is the new law introduced by GDPR, which provides the free flow of data within the European Union. The person concerned may exercise his or her right if

  • Data management is based on a contribution or performance of a contract and
  • is automated.

Data storage is not a general right, only the person concerned can live in the above case. If the person concerned has the right to do so, he is entitled to

  • you will receive personal information about it in a machine readable format, or
  • may request that the data controller directly conveys personal data relating to the subject to another data controller.


The data subject may exercise this right if the processing of data is based on a legitimate interest or public interest data management and for any reason related to the situation of the individual concerned. The consequence of this is in principle that the data controller can not handle personal data further.

  • Exception if the data controller proves that
  • data processing is justified by legitimate reasons of enforceability which have priority over the interests, rights and freedoms of the data subject, or
  • relate to the submission, validation or protection of legal claims,

the Data Handler is entitled to further manage the personal data in these cases.

The right to protest is developed specifically for direct marketing. In this case, if the person concerned objects to the handling of the data, including profiling, the data controller can no longer handle personal data (for this purpose).


The person concerned has the right to lodge a complaint (right of complaint) or a judicial remedy to the supervisory authority.

The Supervisory Authority in Hungary is the National Authority for Data Protection and Information (NAIH) (Address: 1125 Budapest, Erzsébet Szilágyi fasor 22 / c., Tel. +36 (1) 391-1400, website: to whom the affected person has the right to file a complaint if he considers that the handling of his personal data is in breach of GDPR.

The affected party may, before the court of the supervisory authority’s domicile, have the right of appeal against the decision of the supervisory authority to both the affected and the data controller / data processor and challenge the decision.

The person concerned is entitled to apply directly to the court if he / she considers that his / her personal data and the improper handling of the Regulation have violated his / her rights under the Order. Info TV. the competent court shall be the court of the place of residence or of the place of residence of the person concerned.


In any event, the Data Controller is responsible for the processing of personal data in all cases based

on legitimate or voluntary contributions. In some cases, data management and lack of consent are based on other legal grounds.

The Data Operator also uses data processors’ contributions and services.

7.1. Registration

Handling of customer data

The purpose of the data management is to present the databases of the business operator’s business

The legal basis for data handling is required for performance of the contract

Name of legal basis for data processing: GDPR Article 6 (1) (b) Stakeholders: Registered Customers

Data concerning the data subjects: – password, name, e-mail address, address, telephone number, website address, e-mail address of the accommodation, date of registration, IP address of registration.

Source of data: directly from the person concerned

Duration of data handling: 8 years from the date of termination of the contract according to the accounting rules

Technical nature of data processing: in electronic form

Data processing

Name of the processor:

Address of the data processor: Bulmann House, Regent Center, Gosforth, Its data management related activities are: hosting

Actual data management, location of data processing:

Your service provider may treat the personal information that is technically necessary to provide the service in order to provide the service. If the other conditions are identical, the service provider must choose and always operate the tools used to provide the information society service in such a way that personal data is processed only if it is strictly necessary for the provision of the service and for the fulfillment of other purposes set out in this Act required, but in this case also to the extent and time required.



The purpose of the data management is to book business of the service provider

The legal basis for data handling is the fulfillment of a legal obligation Name of Legal Basis for Data Processing: GDPR Article 6 (1) (c) Stakeholders: Beneficiaries

Data relating to the persons concerned: – name

– address, home

– the amount of service charge

– service location,

– tax number

Source of data: directly from the person concerned

Duration of data handling: 8 years from the date of termination of the contract according to the accounting rules

Technical nature of data processing: in electronic form

Data processing

Name of the data processor: Bosán Kft

Address of the data processor: 1146 Budapest, Hungária kft. 162-168. Its data management activities are: bookkeeping, tax consulting

Actual data management, location of data processing: 1146 Budapest, Hungária kft. 162-168.

  1. 9. SERVICE

When visiting the Data Handler website, the web server logs the user’s activity automatically.

The purpose of data management: During a visit to the site, the service provider records the visitor data for checking the functionality of the services, for personalized service and for preventing abuses.

The legal basis for data handling. Article 6 (1) (f) of the GDPR, since the Data Handler and the Hosting Provider have a legitimate interest in the safe operation of their website and Eker. TV. Section 13 / A (3).

Type of personal data you are handling: ID number, date, time, address of the page you are visiting. Duration of data processing: 15 days.

The Data Handler does not associate the data generated during the analysis of log files with other information and does not attempt to identify the user.

The addresses of the pages visited, as well as the date and time data, are not suitable for identifying the person concerned.

The portal html code contains hyperlinks from an external server independent of the Data Manager and links to an external server. The external service provider is connected directly to the user’s computer. The providers of the links are able to collect direct links to their server, collect user data (eg IP address, browser, operating system data, mouse pointer movement, visited page title, and time of visit).

The IP address is a series of numbers that can be clearly identified by the computers and mobile devices of users on the Internet. IP addresses can also geographically locate a visitor using that computer. The title of the page you are visiting, as well as the date and time data are not suitable for the identification of the individual, but are linked to other data to help you draw conclusions about the user.


Cookie Definition: A small text file containing data that is stored on a user’s machine while visiting a site. The goal is for websites to remember how the user has dealt with during the site time. So you can store the data that the user clicked on, links to pages or pages, entered his username, or read some pages on the site months or even years ago.

Cookies categories:

  • Essential Cookies are essential to allow users to browse the Web site and use its features.

Without this, provision of a web site service, registration and login is not possible. These cookies do not collect information about users for marketing purposes.

  • Performance cookies collect information about the way Web sites are used, and periodic visits and error messages are reported to the Provider. They do not collect data that can identify people, all information is anonymized.
  • Functional cookies allow personalized settings for serving users, language settings, text size.

The Service Provider does not use functional cookies for marketing or other advertising purposes.

  • targeted cookies, connecting to the social networking sites of the Service Provider: page Facebook Pixel helps users connect to Facebook. This cookie may be used by your social network to deliver targeted ads to the user.

Users should be allowed to use cookies or not. If the user does not accept cookies, certain features will not be available to him. For more information about deleting cookies, please see the links below:

  • Internet Explorer: cookies#ie=ie-11
  • Firefox: computer
  • Chrome:

Cookie Name Cookie Type Category Usage Description

  • _ga Permanent cookie Medium 2 years Analysis Google analysis: These cookies are used to collect information about how visitors use our site. This information is compiled and used to help you develop your website. Cookies collect the information anonymously, including the number of visitors to the site, how visitors came from the page, and which pages they visited.
  • _gid Constant cookies Medium 24 hours Analysis As above
  • gac Standing cookie Medium 90 days Analysis As above
  • GIG_HASgMID Permanent cookie Medium 15 years Analysis As above


  • employee_login_last_email When signing up, keep the email address until you close the browser.
  • Ealrm, ealem, ealpw Permanent access. It lasts 180 days.
  • how_from Access and redirect. It lasts 10 minutes.
  • predictionio User ID for cookie personalized ads recommendation. Shelf life is 3 months.
  • Currency Stores the buyer currency. It lasts 30 days.
  • Google Adwords cookie When someone visits the site, the visitor’s cookie ID is added to the remarketing list.
  • Google cookies, such as NID and SID cookies, are used to customize Google ads in Google products such as Google Search.
  • The AdWords Conversion Tracking feature uses cookies. To track sales and other conversions from your ad, you put cookies on the user’s computer whenever a user clicks on an ad.
  • Some common ways of using cookies: Selecting ads based on what’s relevant for a particular user, improving campaign performance reports, and avoiding the ads that are already being viewed by the user.
  • Google Analytics cookie: Google Analytics is a Google Analytics tool that helps website and app owners to get a better picture of their visitors’ activities.
  • The service may use cookies to collect information and report on the statistics about the use

of the site without individually identifying visitors to Google.

  • The main cookie used by Google Analytics is the “ ga” cookie. In addition to reporting from site usage statistics, Google Analytics can also be used to display more relevant ads in Google products (such as Google Search) and across the web, along with some of the advertising cookies described above.
  • RTB custom retargeting cookies: Previous visitors or users may be browsing on other sites on

the Google Display Network and searching for terms or products related to their products or services

  • Session Cookies: These cookies store the visitor’s location, browser language, currency of payment, the closure of the browser, or a maximum of 2 hours.
  • Referrer cookies: Specifies how the visitor came from the external page. They last until the

browser closes.

  • Cart cookie: It stores the items placed in the basket. It lasts 365 days.
  • Backend ID cookie: The backend server ID for the page. It lasts until the browser closes.
  • Facebook pixel (Facebook cookie) A Facebook pixel is a code that allows you to report on conversions on your website, and you can build target audiences and the site owner will get detailed analysis data about the use of the visitors website. With the Facebook remarketing pixel tracking code, visitors to the site can display personalized bids and ads on Facebook.
  • The Facebook remarketing list is not suitable for person identification. For more information about Facebook Pixel / Facebook, please visit:

A precondition for the compliance of the web shops with GDPR is to prepare the Data Handling

Information for users. The following information must be provided in the Data Handling Notice:

  • the contact details of our service provider and, if applicable, the data protection officer;
  • we have to say for what purpose we collect the data;
  • identify the categories of data;
  • we must identify the legal basis for data handling;
  • if other data controllers can receive the data, we must also communicate this;
  • whether the data is transmitted outside the EU;
  • the data subject may receive the data collected because he has access to it;
  • we must be informed about their data protection rights;
  • we must inform you that you have the right to lodge a complaint with the Data Protection


  • we must tell him that he has the right to withdraw his consent at any time;
  • if it were to be informed about the existence of the decision-making based on automated data management, its logic and its consequences;
  • we will finally be informed about the consequences of refusing consent.

The Privacy Statement must be made available on the website of the service provider / webshop on any surface where personal data is required.

The Privacy Statement must be automatically attached to the email of users


In the case of the Data Management website, profiling is a marketing tool that allows you to create automated decisions, intelligent, personalized offers and discounts based on customer behavior.

According to the rules of the GDPR, the Service Provider’s web pages should allow the visitor to refuse to use profiling. With this, the customer limits the use of his personal data only to the execution of the order. 10. Decision based on automated data management

The aim of GDPR is to ensure the widest possible protection of the personal data of the data subjects. With the rapid development of technology, data controllers are increasingly using software or algorithms to manage personal information so that they can, for example, gain economic benefits, improve user experience or speed up decision making. However, the use of these technologies is risky for personal data, so GDPR pays particular attention to this area.


On the basis of the GDPR, the person concerned has the right to request that a decision based solely on automated data management does not include it if the concerned party has legal effect (affects its legal or contractual rights) or affects it (it does not affect his rights but his living conditions influence).

In three cases, however, such decision-making is permissible:

1) if it is necessary to conclude or complete a contract, for example

  • results in more consistent and impartial decision-making
  • customers reduce the risk of failure to pay a payment deadline
  • shorter decision-making time, efficiency gains

  1. 1. Union or Hungarian law allo
  2. 2. In case of express consent of the concerned party.

If the exception under 1) -2 applies, the data controller must provide adequate guarantees:

  • specific information about the subject (data management, logic used in decision making, etc.)
  • that the person concerned may apply for human intervention,
  • an opportunity for the person concerned to express his views or explain the decision made on the basis of such evaluation,
  • Opportunity to challenge the decision.


Automated management of personal data (at least in part), in which personal characteristics of the subject are evaluated. This includes, in particular, analyzing or forecasting personal characteristics of the economic situation, workplace performance, personal preferences, health status or reliability of the person concerned.

The Data Manager. does not use a decision based on automated data management when processing its data, profiling is only used for its own business purpose after the acceptance of marketing cookies in the specific consent of the user.

If the customer does not allow the use of marketing cookies when the cookies are accepted, the use of their personal data will only be restricted to the execution of the order.


The Data Manager submits newsletters (also referred to as VIP members) to newsletters of websites operated by it, usually monthly, but at least once a day delivering online newsletters and electronic messages containing novelties, news and offers. To subscribe to the newsletter, the name and e-mail address are mandatory, which is indispensable for delivering the messages.

The data will be processed until the deletion of the data is requested by the data subject. The possibility of unsubscribing is provided in every newsletter by a direct link. The user is responsible for the authenticity of the personal data provided.


According to the GDPR Decree and Act CXII of 2011 on Information Freedom of Information and Freedom of Information, In accordance with Article 20 (1) of the Act on the Rights of the Child, it is necessary to define the following in relation to the processing of social networking sites:

– the fact of data collection,

– the circle of stakeholders,

– the purpose of data collection,

– the duration of the data handling,

– the person who is able to know the data,

– Describe the rights of data subjects involved in data management. Data collection fact, managed data range:

Facebook / Google + / Twitter / Pinterest / Youtube / Instagram and so on. registered on social network pages or the user’s profile profile.

Stakeholders: All those who are registered on Facebook / Google + / Twitter / Pinterest / Youtube / Instagram and so on. social networking sites, and “copied” the web site.

The aim of the data collection is to share, or “file”, the popularity of certain content elements, products, actions of the web site or the website itself on social networking sites.

Information about the source of data, how to handle it, how it is handed over and how to transfer it, and to find out about the legal basis of the data on the given social networking site. Data management takes place on social networking sites, so the duration of the data handling, the ways of deleting and modifying the data are governed by the rules of the relevant community site

The legal basis for data handling is the volunteer’s consent to managing your personal information on social networking sites.


The data controller plans and executes the data management operations to ensure that the privacy of the individuals concerned is protected.

The data controller ensures the security of the data (password, antivirus protection), takes technical and organizational measures and establishes the procedural rules necessary to enforce the GDPR Regulation, Info TV, and data and privacy protection rules.

– Data are protected by appropriate measures by the data controller in particular

– unauthorized access,

– the change,

– the transmission,

– disclosure,

– deletion or destruction,

– Accidental Injury and Injury,

– against becoming unavailable due to a change in the technique used.

The data controller shall ensure by means of an appropriate technical solution that the data stored in the records can not be directly linked and assigned to the data subject.

To prevent unauthorized access to personal data, to alter the data and to prevent unauthorized disclosure or use of the data, the data controller shall ensure:

– the development and operation of the appropriate IT and technical environment,

– the controlled selection, supervision and supervision of the staff involved in the provision of services,

– detailed operating, risk management and service procedures. Based on the above, the provider ensures that the data he manages

– be made available to the holder,

– authenticity and authentication are assured,

– its inaccuracy can be justified.

The IT system of the data handler and its hosting provider protects inter alia:

– computer fraud,

– espionage,

– computer viruses,

– spam,

– the hacks

– and other attacks.

  1. 17. REMEDY

You may object to your personal data being handled if

  • the handling or transmission of personal data is only necessary to comply with the legal obligation of the Service Provider or to enforce the legitimate interests of the Provider, Data Provider or third party, unless data management is prescribed by law;
  • the use or transmission of personal data is done for direct business acquisition, polling or

scientific research;

  • in other cases specified by law.

The Service Provider shall examine the protest within the shortest possible time but not later than 15 days from the submission of the request, and shall make a decision on its validity and shall inform the applicant in writing. If the Service Provider determines the validity of the protest of the concerned party, data handling, including further data collection and data transfer, will terminate and lock the data, and inform the protest and the measures taken on the basis of those who have previously transferred the personal data affected by the protest, and who are obliged to take action to enforce the right to protest.

If the User Service provider disagrees with the decision of the User, he or she may appeal to the court within 30 days from the date of its communication. The court proceeds out of order.

You can lodge a complaint against a possible infringement of the data controller with the National Data

Protection and Information Authority: National Privacy and Freedom Authority

1125 Budapest, Szilágyi Erzsébet fasor 22 / C.

Postal address: 1530 Budapest, Mailbox: 5. Phone: + 36-1-391-1400

Fax: + 36-1-391-1410



The data controller must demonstrate that data management is in compliance with the law. The data collector has to prove the legality of the transfer of data.

Judgment of the case falls within the jurisdiction of the court The lawsuit can be initiated before the court of residence or residence of the person concerned, according to the choice of the person concerned.

The lawsuit may also be party to lawsuits. The Authority may intervene for the sake of the merits of the matter concerned

If the court upholds the request, the data controller is required to provide information, correction, blocking, deleting, decoding the automated data processing, taking into account the right of protest of the data subject, and the data requested by the data sender.

If the court rejects the request of the data sender, the data controller shall cancel the personal data of the data subject within 3 days of the delivery of the judgment. The data controller is also required to delete the data even if the data sender does not appear before the court within the specified deadline.

The court may order the disclosure of its judgment by publishing the identity of the data controller if it is required by data protection interests and by a larger number of protected rights of the data subject.


If the data controller violates the personality right of the data subject by unlawful handling of the data concerned or breaches of the requirements of data security, the data subject may be subject to a charge for damages.

The controller is liable for the damage caused by the data processor to the data subject and the data controller is obliged to pay to the data subject the personal injury violation caused by the data processor. The Data Controller is exempt from liability for damages and damages if it proves that the damage or damage to the personality of the person concerned is caused by an unavoidable cause outside the scope of the data processing.

No compensation is required and no damages can be claimed in so far as the damage caused by the injured party or the infringement of the right to privacy was caused by the deliberate or gross negligent conduct of the person concerned.


GDPR as a general obligation states that both the data controller and the data processor are obliged to keep records of their data management activities.

The Data Manager. the most important information on data management, such as the purpose of the data management, the scope of the data processed, whether the data is being transmitted, etc.

The keeping of records is of the utmost importance in order to comply with the principle of accountability.

The provider maintains a data protection record.


1. Applicability

This General Standard Terms and Conditions determine the contract made between the guests or group leader using the services of Epic Nights Budapest.

2. Passports, identification, and Visas

It is the responsibility of the Client to be in possession of a valid passport, or legal identification showing age and a visa permit for the duration of any event organized by Epic Nights Budapest.

3. Guests Contract and booking with Epic Nights Budapest

To finalize a booking requires a confirmed itinerary and payment via e-mail.The booking can be made up to 12 hours before the beginning of the event. If the booking is made in less than 12 hours before the requested starting time of the event, and Epic Nights Budapest does not have the capacity to organize it, Epic Nights Budapest is not obliged to organize the event.
The confirmed event bookings will receive a confirmation e-mail and a bracelet.
Epic Nights Budapest reserves the right to decline any booking at their discretion.

4. Fees and terms of payment

In each event, only the matters in the confirmation e-mail are included in the price. Anything outside of that is on the guests, groups costs, such as transportation costs, food, PayPal fees, Banking fees, and taxes.

For all groups, a certain amount of deposit has to be paid via bank transfer or PayPal. The amount of the deposit payment is different to each group, that is settled in the confirmation e-mail as well.

The deposit or amount paid is non-refundable and must be paid no more than 48 hours before the tour. The remaining payment should be made on the day of the actual event, on an agreed meeting point and time set by the customer and Epic Nights Budapest.

The prices do not include VAT.

5. Changes and Cancellation by You

Any changes to the original booking must be confirmed by email by the person submitting the booking. Every effort will be made to shape the events according to the customer’s request but the availability cannot be guaranteed.

The client can cancel the event when they wish, but in some cases, a certain amount of earnest payment have to be made. Cancellation is accepted with no extra charges within 72 hours before the date of the event. In the case of Private Boat Party, Beerbike or any event that uses partner company’s assets, a 30 % payment is required for the guests in case of last minute cancellation.

Deposits paid are not refundable.

The cancellation has to be made in written form by e-mail to

6. Changes or Cancellation Epic Proposal:

In case of special, unexpected matters and for reasons beyond our control Epic Proposal keeps the right to change the date or time of the tour or cancel the tour completely.

Any events booking can be made with minimum 5 participants, or if there are fewer participants, the participants will have to pay the minimum group price.

Additionally, Epic Nights Budapest keeps the right to ban participants from the tour, according to their misbehavior or/ and harm others, items and furniture or/and public objects. Epic Proposal does not allow any illegal product using during the tour. The guest who will leave this matter out of consideration will be banned from the event organized by Epic Proposal.

The guests accept, that any harm caused in any furniture, boat, bar, or in west case another person is their full responsibility and they take full changes and repair fees.

7. Hungarian Laws and Behavior

All guests in events organized and run by Epic Proposal are expected to act and obey Hungarian law.Any failure to do so will relieve Epic Proposal of all obligations that they may otherwise have under these booking conditions. Any damage or loss caused by the guest is the responsibility of their own selves.

Full payment for any such damage or loss must be paid at the time directly to the owner or manager of the venue or any other supplier. If the client fails to do so, they will be responsible for meeting any claims (including legal costs) subsequently made against Epic Proposal as a result of their actions.

8. Illness or Disability

Anyone suffering from illness or disability or undergoing treatment for any physical or medical condition must need to let Epic Proposal event organizers know. This way we can measure and see if the participation in the event is safe for the guest.

9. Responsibilities of Epic Proposal

The tours operated or supplied by Epic Proposal have been created to provide participants with an exposure to the true nature of the environment visited and therefore involve an element of potential risk and exposure to potential hazards. All bookings are accepted on the understanding that such risk and hazards are appreciated by the guest and that they undertake all tours at their own volition.

General Data Protection