Voxinfo Ltd.

Data protection policy

Introduction

The Voxinfo Ltd. (H-1037 Budapest, Királylaki road 132.) Tax number: 12180439-2-41, Company registration number: 01-09-562739 (hereinafter: Provider, data manager) is binding on itself present policy:

According to EUROPEAN PARLIAMENT AND OF THE COUNCIL 2016/679 Act on the right of protection of natural persons to personal data managing and freedom of free flow of such data (27 April 2016) and on repealing of 95/46/EK Statute (general statute of data protecting) we provide information in the follows.

Present data protection policy rules data managing of the following pages and services: VoxPay mobil application, www.voxpay.hu , ww.autopalyamatrica.hu ,

VoxPay Services: VoxPay mobil application, www.voxpay.hu Website and www.autopalyamatrica.hu Website together.

 

Present Privacy Policy whenever can be modified by VoxPay unilaterally. Present Privacy Policy will be published on website www.voxpay.hu and will be available in VoxPay Application too, and on the Website www.autopalyamatrica.hu. Amendments of present policy comes into force by publication on Websites above mentioned.

 

Data manager and contact information

 

Name: Voxinfo Ltd.

Headquarters: H-1037 Budapest, Királylaki road 132

Establishment: H-1034 Budapest, Bécsi road 269

E-mail: info@voxinfo.hu

Phone number: +36-1-225-7603

Definitions

1. ‘personal data’: means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

2. ‘processing’: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

3. ‘controller’: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

4. ‘processor’: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

5. ‘recipient’: means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

6. ‘consent’: of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

7. ‘personal data breach’ : means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

Principles relating to processing of personal data

Personal data shall be:

a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);

b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89 (1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);

c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);

d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);

e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);

f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’).

The data controller declares that his / her data management is carried out in accordance with the principles of this section.

Data handling

 

Registration - voxpay services

1. The fact of data collection, the scope of the data being processed and the purposes of data management:

Personal data - provided data subject	The purpose of data management
E-mail address *	Contact, send system messages, log in to the user account
Contact number	Identification, contact
License plate number	Perform the service
Password *	It is for secure access to the user account.
Billing name and address	It is for the issuance of a regular invoice, entering into a contract, subject definition and modification of the contract, monitoring of compliance, the billing of the charges arising therefrom and the enforcement of claims related thereto.
Date of registration *	Implementation of a technical operation.
IP address on the day of registration *	Implementation of a technical operation.

The details marked with * are mandatory for registration

It is not necessary for the e-mail address to include personal data.

2. The circle of data subjects: all data subjects of VoxPay’s services

3. Duration of data handling, deadline for data deletion: Remained until the data request of data subject for cancellation. By deleting the account, personal data will be deleted immediately. The data controller shall inform the data subject electronically of the deletion of any personal data provided by the data subject by virtue of Article 19 of the GDPR. If the request of data subject for cancellation also covers the e-mail address it has provided, the data controller will also delete the email address after the information has been provided.

4. The persons of possible data controllers who are entitled to get to know the data, recipients of personal data: Personal data may be handled by authorized personnel of the data controller in accordance with this policy.

5. Description of the rights of data subjects involved in data management:

· The data subject may apply to the data controller for access, correction, deletion or limitation of the personal data concerning him/her, and

· the data subject has the right to data storage and to withdraw the consent at any time.

6. The data subject may initiate procedures concerned with accessing, deleting, modifying or limiting his/her personal data, and the portability of the data in the following ways:

- By post addressed to H-1034 Budapest, Bécsi road 269

- Via e-mail to address at ugyfelszolgalat@voxpay.hu

 

7. Legal basis for data handling: consent of data subject, Article 6 (1) b)

8. We inform you, that

· Before entering into a contract data handling is necessary to take action on your request.

· you are requiredto provide personal information so that we can register.

· the lack of data delivery means consequencesthat the user account can not be created.

 

VoxPay Service management related data management

1. The fact of data collection, the scope of the data being processed and the purposes of data management:

Personal data - provided data subject	The purpose of data management
Password *	It is for secure access to the user account.
Family- and first name	It is necessary for you to contact, to purchase and to issue a regular invoice.
License plate number *	Perform the service
E-mail address *	Keep in touch and send confirmations
Phone number	Perform the service. Keep in touch with you, negotiate billing or shipping issues more effectively.
Billing name and address	It is for the issuance of a regular invoice, entering into a contract, subject definition and modification of the contract, monitoring of compliance, the billing of the charges arising therefrom and the enforcement of claims related thereto.
Date of purchase / registration *	Implementation of a technical operation.
IP address on the day of purchase / registration	Implementation of a technical operation.

The details marked with * are mandatory for registration, VoxPay Service is not available without these data

Parking Services:

Personal data - provided data subject	The purpose of data management
License plate number *	Perform the service
Parking place *	Perform the service
Details of the purchased parking ticket (zone code, validity period) *		Perform the service

The details marked with * are mandatory for registration, VoxPay Service is not available without these data

Purchase of highway sticker:

Personal data - provided data subject	The purpose of data management
License plate number *	Perform the service
Vehicle type *	Perform the service
Data on purchased highway sticker (type, validity time) *	Perform the service

The details marked with * are mandatory for registration, VoxPay Service is not available without these data

Neither the username nor the e-mail address is required to contain personal data.

2. The circle of data subjects: All users of VoxPay’s services.

3. Duration of data handling, deadline for data deletion: If one of the conditions set out in Article 17 (1) of the GDPR exists, it shall remain until the relevant application for revocation. The data controller shall inform the data subject electronically of the deletion of any personal data provided by the data subject by virtue of Article 19 of the GDPR. If the request of data subject for cancellation also covers the e-mail address it has provided, the data controller will also delete the email address after the information has been provided. Except in the case of accounting documents, pursuant to Article (2) Section 169 of Act C of 2000 on Accounting, this information must be kept for 8 years. The contract data of the data subject can be canceled after the limitation period of civil law expires.

4.  

Account documents confirming bookkeeping accounts directly or indirectly (including general ledger accounts, analytical and itemised accounts too) must be kept in readable form for at least 8 years, in a retrievable way by reference to the book entry notes.

5. The persons of data controllers who are entitled to get to know the data, recipients of personal data: Personal data can be handled by the sales and marketing staff of the controller, while respecting these principles.

6. Description of the rights of data subjects involved in data management:

· The data subject may apply to the data controller for access, correction, deletion or limitation of the personal data concerning him/her, and

· the data subject has the right to data storage and to withdraw the consent at any time.

7. The data subject may initiate procedures concerned with accessing, deleting, modifying or limiting his/her personal data, and the portability of the data in the following ways:

- By post addressed to H-1034 Budapest, Bécsi road 269

- Via e-mail to at ugyfelszolgalat@voxpay.hu address,

8. The purpose of data management:

8.1. Point b and c of section 1 of Article 6 of the GDPR,

8.2. Subsection (3) of section 13/A of Act CVIII. of 2001 on the Electronic Commerce Services and Information Society Services Issues:

The service provider may handle the personal data necessary and technically indispensable for the provision of the service. If the other conditions are identical, the service provider must choose and always operate the tools used during providing information society service in such a way that personal data is processed only if it is strictly necessary for the provision of the service and for the fulfillment of other purposes set out in this Act required, but in this case also to the extent and time required.

 

8.3. In case of issuing an invoice complying with accounting law Article 6 (1) (c).

8.4. In the event of claims arising out of a contract, the provisions of Act V of 2013 on the Civil Code, 6:21. 5 years.

6:22. § [Limitation]

(1) Unless otherwise provided in this Act, claims shall lapse within five years.

(2) The limitation period begins when the claim becomes due.

(3) The agreement to change the limitation period must be written.

(4) The non-limiting agreement is null and void.

 

Contact

1. The fact of data collection, the scope of the data being processed and the purposes of data management:

Personal data	The purpose of data management
Name *	Identification
E-mail address *	Keep in touch and send answer messages
License plate number *	Perform the service
Phone number *	Contact
Message content *	Needed to respond
Date of contact	Implementation of a technical operation.
IP address on the date of contact	Implementation of a technical operation.

The details marked with * are mandatory.

It is not necessary for the e-mail address to include personal data.

2. The circle of data subjects: All parties sending a message through the contact form.

3. Duration of data handling, deadline for data deletion: If one of the conditions set out in Article 17 (1) of the GDPR exists, it shall remain until the relevant application for revocation.

4. The persons of data controllers who are entitled to get to know the data, recipients of personal data: Personal data may be handled by authorized personnel of the data controller.

5. Description of the rights of data subjects involved in data management:

· The data subject may apply to the data controller for access, correction, deletion or limitation of the personal data concerning him/her, and

· the data subject has the right to data storage and to withdraw the consent at any time.

6. The data subject may initiate procedures concerned with accessing, deleting, modifying or limiting his/her personal data, and the portability of the data in the following ways:

 

- By post addressed to H-1034 Budapest, Bécsi road 269

- Via e-mail to ugyfelszolgalat@voxpay.hu address

7. Legal basis for data handling: consent of data subject, point b) c) of subsection 1 of article 6 If you contact us, you agree that we will treat your personal information (name, phone number, e-mail address) we have received during registration procedure in accordance with this policy.

8. We inform you, that

· this data management is based on your consent and is based on legal obligation (cooperation) or in the case of a contractual relationship.

· you are required to provide personal information so that you can contact us.

· the lack of data delivery means consequences that you can not contact us.

Customer relationship

1. The fact of data collection, the scope of the data being processed and the purposes of data management:

Personal data	The purpose of data management
Name, e-mail address, phone number, license plate number.	Contacts, identification, performance of contracts, business purpose.

2. The circle of data subjects: All data subjects contacted with the data controller, by telephone / e-mail / personally speaking, or all parties involved in a contractual relationship.

3. Duration of data handling, deadline for data deletion: Data management lasts until the legal relationship between the data controller and the data subject expires or, in the case of a contractual relationship, expires on the limitation period of civil law.

4. The persons of data controllers who are entitled to get to know the data, recipients of personal data: Personal data can be handled by the sales and marketing staff of the controller, while respecting these principles.

 

5. Description of the rights of data subjects involved in data management:

· The data subject may apply to the data controller for access, correction, deletion or limitation of the personal data concerning him/her, and

· the data subject has the right to data storage and to withdraw the consent at any time.

6. The data subject may initiate procedures concerned with accessing, deleting, modifying or limiting his/her personal data, and the portability of the data in the following ways:

- By post addressed to H-1034 Budapest, Bécsi road 269

- Via e-mail to ugyfelszolgalat@voxpay.hu

7. Legal basis for data handling:

7.1. Point b and c of section 1 of Article 6 of the GDPR,

7.2. In the event of claims arising out of a contract, the provisions of Act V of 2013 on the Civil Code, 6:21. 5 years.

6:22. § [Limitation]

(1) Unless otherwise provided in this Act, claims shall lapse within five years.

(2) The limitation period begins when the claim becomes due.

(3) The agreement to change the limitation period must be written.

(4) The non-limiting agreement is null and void.

8. We inform you, that

· data processing is required to complete the contract and to submit a bid.

· you are required to provide personal information so that we could complete your order / other request.

· the lack of data delivery means consequences that we can not process your order/request.

system message via e-mail or push message

The VoxPay Service sends its system users system messages from time to time. A system message is any message that related to the functionality of the VoxPay Service, any service failure, maintenance, VoxPay Service features, changes to existing and new features, new functions, VoxPay Service's available services and the means of use, General Terms and Conditions, Privacy Policy , or modification of them, the User's rights and obligations of VoxPay Services, and services, including acknowledgment messages, certificates, notifications, confirmations, electronic receipts, and invoices sent from each of the services used.

To send the System Message, the VoxPay Service performs the following data management:

Personal data - provided data subject	The purpose of data management
e-mail address *	Perform the service
in case of push message VoxPay account *	Perform the service

The details marked with * are mandatory, without these data a system message sending is not possible.

Legal basis for data handling: Article 6 (1) b) of GDPR

Send Invitation

The fact of data collection, the scope of the data being processed and the purposes of data management:

Personal data	The purpose of data management
e-mail address	Send Invitation

You can send offering, promoting, trying out a trial message (hereinafter referred to as: Invitation) to the e-mail addresses of third parties not registered in the VoxPay Service (hereinafter referred to as " Addressee) in order to incentive of using in whole or in part available services provided by VoxPay too.

In case of send such an Invitation, you provide the Recipient's e-mail address on the VoxPay Service interface.

By Sending an Invitation you agree that only the Name and E-mail address of the Recipient may be entered in the Invitation Sender, and you can only send an Invitation to a person, from whom you have previously requested permission to use his/her name and e-mail address for such Invitation Sent. We are not responsible for not receiving the consent of the Recipient to the sending of the Invitation and we will not be liable either if the Recipient's name or email address was given incorrectly. By sending the Invitation, you authorize us to send the Invitation to the named Recipient on behalf your and as sender VoxPay Service will be marked for technical reasons, but the sent Invitation is a message sent by you and not a message sent by us, and the content contained in the Invitation is not considered an offer, advertising or other direct marketing communication.

The personal information provided you are name and email address of your recipient will be handled only for sending an Invitation to him/her.

 

Used processors

Hosting service provider

1. Activity performed by a data processor: Hosting service providing

2. Name and contact information of the data processor:

Name: 23VNet Ltd.

Address: H-1094 Budapest, Liliom u. 24-26.

Contact: 06 1 450 1222

3. The fact of data collection, the scope of the data being processed: All personal data - provided data subject.

4. The circle of data subjects: All users using this site.

5. The purpose of data management: Make the website available and operate it properly.

6. Duration of data processing, deadline for data deletion: Until the termination of the agreement between the data controller and the hosting service provider, or the cancellation request of the data subject to the hosting service provider.

7. Legal basis for processing: point f of subsection 1, of article 6 on GDPR, and subsection 3 of section 13/A of Act CVIII. of 2001 on the Electronic Commerce Services and Information Society Services Issues.

8. Rights of data subject:

a. To inquire about the circumstances of data management,

b. You are entitled to receive feedback from the data controller about whether your personal data is being processed or access to all information about data management.

c. You are entitled to receive personal information about you in a machine-readable, widely used, machine-readable format.

d. You are entitled to request from data controller to correct your inaccurate personal data without undue delay.

e. You are entitled to object to the handling of your personal information.

Website operation

1. Activity performed by a data processor: Website operation (control, technical update, security system development, other developments, repair tasks)

2. Name and contact information of the data processor:

Name: DOCCA OutSource IT Ltd.

Address: Budapest Apor Vilmos square 25-26.

E-mail: contact@docca-europe.com

Phone: +3614887490

3. The fact of data collection, the scope of the data being processed: All personal data - provided data subject.

4. The circle of data subjects: All data subjects involved in the services of the website or registered / ordered on the website.

5. The purpose of data management: Operation of the website (development, verification, error-correcting)

6. Duration of data processing, deadline for data deletion: Until the expiration of the agreement between the Service Provider and the Website Operator, or the data subject's request to the Site Operator for cancellation.

7. Legal basis for processing: point f of subsection 1 of article 6 of the GDPR, and subsection (3) of section 13/A of Act CVIII. of 2001 on the Electronic Commerce Services and Information Society Services Issues.

8. Rights of data subject:

a. To inquire about the circumstances of data management,

b. You are entitled to receive feedback from the data controller about whether your personal data is being processed or access to all information about data management.

c. You are entitled to receive personal information about you in a machine-readable, widely used, machine-readable format.

d. You are entitled to request from data controller to correct your inaccurate personal data without undue delay.

e. You are entitled to object to the handling of your personal information.

 

Accounting tasks, billing

1. Activity performed by a data processor: Accounting tasks, billing

2. Name and contact information of the data processor:

Name:

Entrepreneurial number:

Address:

Tax number:

E-mail address:

3. The fact of data collection, the scope of the data being processed: Name, billing name, billing address.

4. The circle of data subjects: All parties who place an order on the website.

5. The purpose of data management: Issuing an Electronic Account / Accounting Tasks

6. Duration of data processing, deadline for data deletion: Must be kept for 8 years pursuant to Article (2) Section 169 of Act C of 2000 on Accounting.

7. Legal basis for processing: point c of subsection 1 of article 6 of the GDPR, and subsection (3) of section 13/A of Act CVIII. of 2001 on the Electronic Commerce Services and Information Society Services Issues.

8. Rights of data subject:

a. To inquire about the circumstances of data management,

b. You are entitled to receive feedback from the data controller about whether your personal data is being processed or access to all information about data management.

c. You are entitled to receive personal information about you in a machine-readable, widely used, machine-readable format.

d. You are entitled to request from data controller to correct your inaccurate personal data without undue delay.

Addressees with which personal data are communicated (Cases of data transmission):

Your personal data will be forwarded to the following recipients, in addition to the above data processors, based on the contract concluded with them:

Addressee of data transmission	Transmitted data
National Mobile Payment Private Limited Company (H-1027 Budapest, Kapás utca 6-12. Company registration number: 01 10 047569; tax number: 24151667-2-4)	In case of purchase of parking tickets and motorway e-stickers, the following data are transmitted: vehicle registration number, country mark, parking place, vehicle type, data sticker purchased (type, validity period)
KBOSS.hu Ltd., (1031 Budapest, Záhony utca 7/C.. Company registration number: 01-09-303201; tax number: 13421739-2-41)	Name, billing details, e-mail address
OTP PLC. (H-1051 BUDAPEST, NÁDOR UTCA 16.; Company registration number: 01-10-041585; TAX NUMBER: 10537914-4-44	In case of misuse of credit card payment card fraud or fraud, the following will be forwarded: Name, billing information, e-mail address, IP address,

 

Manage cookies

1. Webstore cookies are the so-called "password-protected session cookies", "cookies for shopping carts," "security cookies," "Needed cookies," "Functional cookies," and "web site statistics management responsible cookies "for which not need to ask prior consent from the data subjects.

2. The fact of data collection, the scope of the data being processed: Unique identification number, dates and times

3. The circle of data subjects: All data subject visited this site.

4. The purpose of data management: Identify users, keep track of "shopping cart", and track visitors.

5. Duration of data processing, deadline for data deletion:

6. The persons of possible data controllers who are entitled to get to know the data: By using cookies, data controller does not handle your personal data.

7. Description of the rights of data subjects involved in data management: Data subjects can delete cookies in the Tools / Preferences menu of your browsers, usually under the Privacy menu item.

8. Legal basis for data handling: No consent is required from data subject if the sole purpose of the use of cookies is the communication service provided through the electronic communications network or it is expressly requested by the provider of information society services.

Using of Google Adwords Conversion Tracking

1. The online ad program "Google AdWords" is used by the data handler and uses Google's conversion tracking feature within its framework. Google conversion tracking is an analytical service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; „Google“).

2. When a user reaches a web site through a Google ad, a conversion tracking cookie will be placed on the user’s computer. These cookies have limited validity and do not contain any personal information, so the User can not be identified by them.

3. When the User browses on certain pages of the website and the cookie has not expired, Google and the data administrator can see that the User clicked on the ad.

4. Each Google AdWords customer receives a different cookie so they can not be tracked through the websites of AdWords clients.

5. The information – obtained through conversion tracking cookies – is intended to make conversion statistics for customers that chose AdWords conversion tracking. By this manner customers will be informed about the number of users who have been clicked on their ad and passed forth to their conversion-tagged page. However, they do not have access to information that could identify any user.

6. If you do not want to participate in conversion tracking, you can reject this by blocking the ability to install cookies in your browser. Thereafter you will not be included in conversion tracking statistics.

7. For more information and Google Privacy Statement, please visit: www.google.de/policies/privacy/

Using of Google Analytics

1. This site uses Google Analytics, which is a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies" which are text files saved to your computer thus helping to analyze usage of the site visited by the user.

2. Information generated by cookies associated with a web site used by the User is usually received and stored on a US server of Google. By activating IP anonymization on a web site, Google has previously abbreviated the IP address of the User within the Member States of the European Union or in other States party to the Agreement on the European Economic Area.

3. Transmitting and shrinking of the entire IP address to Google's US server happens only in exceptional cases. On behalf of the operator of this site, Google uses this information to evaluate how the Website is used by the User, as well as to make report addressed to Website Operator about the activities of the Website and to complete additional services related to the Website and the usage of Internet.

4. In the framework of Google Analytics the Google will not associate IP address that is transmitted by the user's browser with other Google data. The storage of cookies can be prevented by setting the Browser's settings correctly, but please note that in this case, you may not be able to completely use all the functions provided the site. You can also prevent Google from collecting and processing cookie information (including your IP address) related to the User's website usage by downloading and installing the browser plug-in available on the link below. https://tools.google.com/dlpage/gaoptout?hl=hu

Facebook pixel

1. The Facebook pixel is a code with which report will be made on conversions of the website, and target audiences can be build and the site owner will get detailed analysis data about the usage of the visited website. With the Facebook remarketing pixel tracking code personalized bids and ads can be displayed to the Facebook site of the visitors. The Facebook remarketing list is not suitable for person identification. For more information on Facebook Pixel / Facebook, see: https://www.facebook.com/business/help/651294705016616

Newsletter, DM activity

1. Name, address of data processor

NeoSoft Informatikal Provider Ltd.

Headquarters: H-8000 Székesfehérvár, Távírda utca 2/A

Web: https://www.neosoft.hu/

Customer service: +36 22 503 603

2. In accordance section 6 of XLVIII Act of 2008 on the basic conditions and some limitations of economic advertising activity User may previously and expressly consent to the Service Provider's search for promotional offers and other items at the time of registration or at ordering.

3. In addition, the Customer regarding present policy may consent to the handling of personal data needed for the transmission of promotional offers of Provider.

4. The Service Provider will not send unsolicited advertising messages and, without limitation or justification, you can unsubscribe free of charge for sending bids. In this case, the Service Provider removes all personal data – required to send the advertisement messages to the User – from the Registry and will not send other promotional offers to the User. The User can unsubscribe from ads by clicking the link in the message.

5. The fact of data collection, the scope of the data being processed and the purposes of data management:

Personal data	The purpose of data management
Name, e-mail address.	Identification, enabling the subscription to the newsletter.
The day of subscription	Implementation of a technical operation.
IP address on the day of subscription	Implementation of a technical operation.

6. The circle of data subjects: All data subjects who signed up for this newsletter.

7. The purpose of data management: sending e-mail (s) containing advertisements to the data subject, providing information about current information, products, promotions, new features, etc.

8. Duration of data processing, deadline for data deletion: until the consent statement is withdrawn, that is until the date of the unsubscription.

9. The persons of data controllers who are entitled to get to know the data, recipients of personal data: Personal data can be handled by the sales and marketing staff of the controller, while respecting these principles.

 

10. Description of the rights of data subjects involved in data management:

· The data subject may apply to the data controller for access, correction, deletion or limitation of the personal data concerning him/her, and

· entitled to object to the handling of his/her personal data.

· the data subject has the right to data storage and to withdraw the consent at any time.

11.The data subject may initiate procedures concerned with accessing, deleting, modifying or limiting his/her personal data, and the portability of the data in the following ways:

- By post addressed to H-1034 Budapest, Bécsi road 269

- Via e-mail to ugyfelszolgalat@voxpay.hu

12. Data subject can unsubscribe from the newsletter at any time free of charge.

13. Legal basis for data handling: consent of data subject, point a) f) of subsection 1 of article 6 and subsection 5 of section 6 of XLVIII Act of 2008 on the basic conditions and limitations of economic advertising activity.

 

The advertiser, the advertisement provider or the publisher of the advertisement, – in the circle specified in the consent, – keeps a record of the personal data of the persons made contributing declaration to them. The data set out in this record – concerning the recipient of the advertisement – can be handled only in accordance with the consent statement and can be handed until its revocation, and can only be transferred to a third party with the prior consent of the data subject.

14.We inform you, that

· data management is based on your consent and the legitimate interest of the service provider.

· you are requiredto provide personal information if you want to receive a newsletter from us.

· the lack of data delivery means consequences that we can not send newsletters to you.

 

Complaint handling

1. The fact of data collection, the scope of the data being processed and the purposes of data management:

Personal data	The purpose of data management
Family- and first name	Identification, contact.
E-mail address	Identification, contact.
Phone number	Identification, contact.
License plate number	Identification
Billing name and address	Identification, handling quality objections, issues and problems that arise with the products ordered.

2. The circle of data subjects: All data subjects who buy form the website, lodge in an objection related to quality issues, or complain about the website.

3. Duration of data handling, deadline for data deletion: In accordance subsection 7 of section 17/A of CLV Act of 1997 on the consumer protection copies of minutes, transcripts and replies to the objection must be kept for 5 years.

 

4. The persons of data controllers who are entitled to get to know the data, recipients of personal data: Personal data can be handled by the sales and marketing staff of the controller, while respecting these principles.

 

5. Description of the rights of data subjects involved in data management:

· The data subject may apply to the data controller for access, correction, deletion or limitation of the personal data concerning him/her, and

· the data subject has the right to data storage and to withdraw the consent at any time.

6. The data subject may initiate procedures concerned with accessing, deleting, modifying or limiting his/her personal data, and the portability of the data in the following ways:

- By post addressed to H-1034 Budapest, Bécsi road 269

- Via e-mail to ugyfelszolgalat@voxpay.hu address,

7. Legal basis for data handling: consent of data subject, point c) of subsection 1 of article 6 and subsection 7 of section 17/A of CLV Act of 1997 on the consumer protection.

8. We inform you, that

· Providing of personal data based on legal obligation.

· processing of personal data is precondition of the enter into contract.

· you are requiredto provide personal data so that we can your complaint handle.

· the lack of data delivery means consequences that we can not handle your complaint received us.

 

Community sites

1. The fact of data collection, the scope of the data being managed: The name and the public profile picture of registered member of social network pages as Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc.

2. The circle of data subjects: All data subjects who registered member of social network pages as Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc. and “liked” the website.

3. The purpose of data collection: Sharing or “likeing" on social networking sites, web site content, products, promotions, or the website itself.

4. Duration of data handling, deadline for data deletion, description of the person of possible data controller who is eligible to access the data and the rights of the data subject related to data management: Information about the source, handling and the method and the legal base of transmitting of the data can be found on the given social networking site. Data management takes place on social networking sites, so the duration and methods of the data handling, the ways of deleting and modifying the data are governed by the rules of the community site.

5. Legal basis for data handling: voluntary consent of the data subject for handling his/her personal data on the community websites.

 

Customer relations and other data management

1. If a question arises when using our data managing services, or data subject has problem, he / she may contact the data manager using the methods provided on the website (phone, email, social networking sites, etc.).

2. Data Manager delete emails received, messages and data provided on phone, Facebook, etc. included the name, e-mail address or other voluntarily provided personal data of the interested party, not later than 2 years from the date of disclosure.

3. Information about data management not listed in this policy is provided when data is included.

4. The Service Provider is obliged to provide information, communicate, transfer or provide documentation on the basis of an exceptional authority request or the authorization of the law in case of request of other bodies.

5. In these cases, the Service Provider shall transmit personal data to the request party – if it indicated the exact purpose and scope of the data – only to the extent that is indispensable to achieve the purpose of the request party.

Rights of data subjects:

 

1. Right of access by the data subject

You have the right to receive feedback from the data controller about whether your personal data is being processed or access to all information about data management, you have the right to have access to personal data and the information listed in the Regulation.

2. Right to rectification

You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, You have the right to have incomplete personal data completed – including by means of providing a supplementary statement.

3. Right to erasure

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay under certain conditions.

4. Right to be forgotten

When the controller has made the personal data public and is obliged to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

5. Right to restriction of processing

You have the right to obtain from the controller restriction of processing where one of the following applies:

· The accuracy of the personal data is contested by You, for a period enabling the controller to verify the accuracy of the personal data;

· The processing is unlawful and You oppose the erasure of the personal data and request the restriction of their use instead;

· The controller no longer needs the personal data for the purposes of the processing, but they are required by You for the establishment, exercise or defence of legal claims;

· You objected to processing; in this case, the restriction applies to the period in which it is established that the legitimate reasons for the data controller have priority over your legitimate reasons.

6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, including profiling based on those provisions.

8. Protest in case of direct business acquisition

If your personal data is handled for direct business, you have the right to protest at any time against the processing of any personal data relating to you, including profiling, if it is related to direct business acquisition. If you object to personal data being handled for direct business purposes, your personal data can no longer be handled for that purpose.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Previous paragraph shall not apply if the decision:

· is necessary for entering into, or performance of a contract between You and a data controller;

· is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard Your rights and freedoms and legitimate interests; or

· is based on your explicit consent.

Deadline for action

 

The data controller informs you of any measures taken in response to these requests without undue delay but in any way within 1 month of receiving the request.

If necessary, it may be extended by2 months. The controller will inform you about the extension of the deadline by indicating the cause of the delay within 1 month of receipt of the request.

If the data controller fails to take action upon your request, he or she will notify you without delay but no later than one month after the receipt of the request about the reasons of non-action and that You may file a complaint to a supervisory authority and You have the right to a judicial remedy.

Security of data handling

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

a) the pseudonymization and encryption of personal data;

b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;

d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

Communication of a personal data breach to the data subject

 

When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.

The communication to the data subject shall describe in clear and plain language the nature of the personal data breach and communicate the name and contact details of the data protection officer or other contact point; describe the likely consequences of the personal data breach; describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

The communication to the data subject shall not be required if any of the following conditions are met:

· the controller has implemented appropriate technical and organisational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal dataunintelligible to any person who is not authorised to access it, such as encryption;

· the controller has taken subsequent measures which ensure that the high risk to the rights and freedoms of data subjectsis no longer likely to materialise;

· The communication would involvedisproportionate effort. In such a case, there shall instead be a public communication or similar measure whereby the data subjects are informed in an equally effective manner.

If the controller has not already communicated the personal data breach to the data subject, the supervisory authority, having considered the likelihood of the personal data breach resulting in a high risk, may require to communicate the personal data breach to the data subject.

Report a data protectional incident to the authority

The data protection incident shall be reported to the supervisory authority under Article 55 without undue delay and, if possible, no later than 72 hours after the data protection incident becomes known, unless the data protection incident is unlikely to pose a risk to the rights of natural persons and freedom. If the notification is not filed within 72 hours, the reasons for proving the delay must also be enclosed.

Notification of a personal data breach to the supervisory authority

 

You can lodge a complaint against a possible infringement of the data controller to the Hungarian National Authority for Data Protection and Freedom of Information:

Hungarian National Authority for Data Protection and Freedom of Information

1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Postal address: H-1530 Budapest Post Office Box: 5

Phone: +36 -1-391-1400

Fax: +36-1-391-1410

E-mail: ugyfelszolgalat@naih.hu

Closing Remarks

 

During the preparation of present policy we have been following the laws hereinafter:

- EUROPEAN PARLIAMENT AND OF THE COUNCIL 2016/679 Act on the right of protection of natural persons to personal data managing and freedom of free flow of such data (27 April 2016) and on repealing of 95/46/EK Statute (general statute of data protecting)

- CXII Act of 2011 on the information self-determination and freedom of information (hereinafter: Infotv.)

- CVIII Act of 2001 on the Electronic Commerce Services and Information Society Services Issues (particularly section 13/A)

- XLVII Act of 2008 on the prohibition of unfair commercial practices against consumers;

- XLVIII Act of 2008 on the basic conditions and limitations of economic advertising activity (particularly section 6)

- XC Act of 2005 on the freedom of electronic information

- C Act of 2003 on the electronic communications (particularly section 155)

- 16/2011 an opinion on the EASA / IAB Recommendation on Best Practice in Behavioral Online Advertising

- Recommendation of Hungarian National Authority for Data Protection and Freedom of Information on the data protection requirements for previous information

- EUROPEAN PARLIAMENT AND OF THE COUNCIL (EU) 2016/679 Act on the right of protection of natural persons to personal data managing and freedom of free flow of such data (27 April 2016) and on repealing of 95/46/EK Statute

23 May 2018

Voxinfo Ltd.