Privacy Agreement

Debrecen

PRIVACY POLICY

1. Introduction

Welcome to VisitMe.hu 

SPO MARKETING KFT (“us”, “we”, or “our”) operates www.visitme.hu (hereinafter referred to as “Service”).

Our Privacy Policy governs your visit to www.visitme.hu, and explains how we collect, safeguard and disclose information that results from your use of our Service.

We use your data to provide and improve Service. By using Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.

Our Terms and Conditions (“Terms”) govern all use of our Service and together with the Privacy Policy constitutes your agreement with us (“agreement”).


2. Definitions

SERVICE means the VisitMe.hu website operated by SPO marketing kft. 

PERSONAL DATA means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).

USAGE DATA is data collected automatically either generated by the use of Service or from Service infrastructure itself (for example, the duration of a page visit).

COOKIES are small files stored on your device (computer or mobile device).

DATA CONTROLLER means a natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your data.

DATA PROCESSORS (OR SERVICE PROVIDERS) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.

DATA SUBJECT is any living individual who is the subject of Personal Data.

THE USER is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data.


3. Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Service to you.


4. Types of Data Collected

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:

0.1. Email address

0.2. First name and last name

0.3. Phone number

0.4. Address, State, Province, ZIP/Postal code, City

0.5. Cookies and Usage Data

We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link.

Usage Data

We may also collect information that your browser sends whenever you visit our Service or when you access Service by or through a mobile device (“Usage Data”).

This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When you access Service with a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.


Location Data

We may use and store information about your location if you give us permission to do so (“Location Data”). We use this data to provide features of our Service, to improve and customize our Service.

You can enable or disable location services when you use our Service at any time by way of your device settings.


Location Data - VisitMe app

To participate as a APP VisitMe driver, you must permit the APP VisitMe driver Services to access location services through the permission system used by your mobile operating system (“Platform”) or browser. We may collect the precise location of your device when the APP app is running in the foreground or background of your device. We may also derive your approximate location from your IP address. We use your location information to verify that you are present in your preferred region or city when you begin or engage in a delivery through the VisitMe (a “Delivery”), connect you with delivery opportunities in your zone, and track the progress and completion of your Deliveries. You can enable the location tracking feature through the settings on your device or Platform or when prompted by the VisitMe driver  mobile app. If you choose to disable the location feature through the settings on your device or Platform, SPO MARKETING KFT will not receive precise location information from your device, which will prevent you from being able to Trip and receiving delivery opportunities in your area.


Tracking Cookies Data

We use cookies and similar tracking technologies to track the activity on our Service and we hold certain information.

Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags and scripts to collect and track information and to improve and analyze our Service.


You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.


Examples of Cookies we use:

4.1. Session Cookies: We use Session Cookies to operate our Service.

4.2. Preference Cookies: We use Preference Cookies to remember your preferences and various settings.

4.3. Security Cookies: We use Security Cookies for security purposes.

4.4. Advertising Cookies: Advertising Cookies are used to serve you with advertisements that may be relevant to you and your interests.


Other Data

While using our Service, we may also collect the following information: sex, age, date of birth, place of birth, passport details, citizenship, registration at place of residence and actual address, telephone number (work, mobile), details of documents on education, qualification, professional training, employment agreements, non-disclosure agreements, information on bonuses and compensation, information on marital status, family members, social security (or other taxpayer identification) number, office location and other data.


5. Use of Data

SPO MARKETING KFT uses the collected data for various purposes:

0.1. to provide and maintain our Service;

0.2. to notify you about changes to our Service;

0.3. to allow you to participate in interactive features of our Service when you choose to do so;

0.4. to provide customer support;

0.5. to gather analysis or valuable information so that we can improve our Service;

0.6. to monitor the usage of our Service;

0.7. to detect, prevent and address technical issues;

0.8. to fulfill any other purpose for which you provide it;

0.9. to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;

0.10. to provide you with notices about your account and/or subscription, including expiration and renewal notices, email-instructions, etc.;

0.11. to provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information;

0.12. in any other way we may describe when you provide the information;

0.13. for any other purpose with your consent.


6. Retention of Data

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.


7. Transfer of Data

Your information, including Personal Data, may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

If you are located outside United States, Puerto Rico and choose to provide information to us, please note that we transfer the data, including Personal Data, to United States, Puerto Rico and process it there.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

COMPANY NAME will take all the steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organisation or a country unless there are adequate controls in place including the security of your data and other personal information.


8. Disclosure of Data

We may disclose personal information that we collect, or you provide:

0.1. Disclosure for Law Enforcement.

Under certain circumstances, we may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities.

0.2. Business Transaction.

If we or our subsidiaries are involved in a merger, acquisition or asset sale, your Personal Data may be transferred.

0.3. Other cases. We may disclose your information also:

0.3.1. to our subsidiaries and affiliates;

0.3.2. to contractors, service providers, and other third parties we use to support our business;

0.3.3. to fulfill the purpose for which you provide it;

0.3.4. for the purpose of including your company’s logo on our website;

0.3.5. for any other purpose disclosed by us when you provide the information;

0.3.6. with your consent in any other cases;

0.3.7. if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the Company, our customers, or others.


9. Security of Data

The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.


10. Service Providers

We may employ third-party companies and individuals to facilitate our Service (“Service Providers”), provide Service on our behalf, perform Service-related services or assist us in analyzing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.


11. Analytics

We may use third-party Service Providers to monitor and analyze the use of our Service.


12. CI/CD tools

We may use third-party Service Providers to automate the development process of our Service.


13. Advertising

We may use third-party Service Providers to show advertisements to you to help support and maintain our Service.


14. Behavioral Remarketing

We may use remarketing services to advertise on third party websites to you after you visited our Service. We and our third-party vendors use cookies to inform, optimise and serve ads based on your past visits to our Service.


15. Payments

We may provide paid products and/or services within Service. In that case, we use third-party services for payment processing (e.g. payment processors).

We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.


16. Links to Other Sites

Our Service may contain links to other sites that are not operated by us. If you click a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

For example, the outlined Privacy Policy has been created using PolicyMaker.io, a free web application for generating high-quality legal documents. PolicyMaker's online privacy policy generator is an easy-to-use free tool for creating an excellent privacy policy template for a website, blog, online store or app.


17. Children's Privacy

Our Services are not intended for use by children under the age of 18 (“Child” or “Children”).

We do not knowingly collect personally identifiable information from Children under 18. If you become aware that a Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verification of parental consent, we take steps to remove that information from our servers.


18. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update “effective date” at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.


19. Contact Us

If you have any questions about this Privacy Policy, please contact us by email: [email protected]

Visitme.hu. collects certain information through its website and mobile site, located at http://Visitme.hu/, and its network.Your privacy is important to Visitme.hu and this Privacy Policy lays out Visitme.hu's policies and procedures surrounding the collection and handling of such information. This Privacy Policy applies only to the Sites. It does not apply to any restaurant sites, other third party services linked to Visitme.hu Sites or offline activities related to Visitme.hu services.

A. Information Visitme.hu Collects Visitme.hu may collect the following information from users of our Sites: first name, last name, street address, city, area, cross streets, phone number, e-mail address, Sites-specific display name, GPS location (mobile site) and credit card information (collectively, "Personally Identifiable Information" or "PII"). Visitme.hu is not intended for use by children under the age of 13 and Visitme.hu does not knowingly collect PII from children under the age of 13.

In addition, Visitme.hu may collect information regarding Visitme.hu account holders' past Visitme.hu orders, favorite restaurants, customer service inquiries, service/restaurant reviews and certain social networking preferences (e.g. pages you "Like" or "Recommend").

Visitme.hu also uses web analytics software to track and analyze traffic on the Sites in connection with Visitme.hu's advertising and promotion of Visitme.hu services. Visitme.hu may publish these statistics or share them with third parties without including PII.

B. Visitme.hu's Use Of Collected Information Visitme.hu uses PII to create users' Visitme.hu accounts, to communicate with users about Visitme.hu services, to offer users additional services, promotions and special offers and to charge for purchases made through Visitme.hu. Users may opt to allow Visitme.hu to store certain PII used to create users' Visitme.hu accounts, including, but not limited to, credit card information. Visitme.hu uses stored PII to customize future order processing for you. You may request that Visitme.hu cease storing certain PII at any time, but you might not be able to take advantage of certain customized features. Users may affirmatively opt-out of receiving promotional communications from Visitme.hu by visiting http://Visitme.hu/ and providing visitme.hu with their e-mail address via the opt-out link. visitme.hu may also use PII to enforce Visitme.hu terms of use and service.

visitme.hu uses cookies to remember users on the Sites and to enhance users' experience on the Sites. For example, when users with visitme.hu accounts return to the Sites, cookies identify those users and allow the Sites to provide certain user-specific information such as visitme.hu account information, past orders, favorite restaurants and user restaurant reviews.

visitme.hu does not sell the information it collects to third parties. visitme.hu shares collected PII to third-party vendors and service providers with whom visitme.hu works to provide application programming interfaces ("APIs") and other functions for the Sites in connection with the delivery of visitme.hu services. In addition, visitme.hu shares users' visitme.hu order content, special order instructions, first and last name, street address and telephone number with restaurants where users' orders are placed to the extent necessary to process those orders. visitme.hu may also disclose PII to third parties such as attorneys, collection agencies, tribunals or law enforcement authorities pursuant to valid requests in connection with alleged violations of visitme.hu terms of use and service or other alleged contract violations, infringement or similar harm to persons or property.

User generated content posted through the Sites such as service/restaurant reviews and certain social networking preferences (e.g. pages you "Like" or "Recommend") may be viewed by the general public. Accordingly, Visitme.hu cannot ensure the privacy of any PII included in such user generated content.

C. Visitme.hu's Protection of PII Visitme.hu uses reasonable security measures equal to or exceeding industry standard to protect PII from unauthorized access, destruction, use, modification and disclosure. Unfortunately, even with these measures, Visitme.hu cannot guarantee the security of PII. By using the Sites, you acknowledge and agree that Visitme.hu makes no such guarantee, and that you use the Sites at your own risk.

D. Accessing and Correcting Your PII Registered Visitme.hu account holders can access and change their own PII using the "Edit" function on the Visitme.hu website. If you have questions regarding Visitme.hu's use or collection of your PII, please contact Visitme.hu's privacy officer at: [email protected]

E. Privacy Policy Amendments Visitme.hu may change this Privacy Policy at any time by posting a new version on this page or on a successor page. The new version will become effective on the posting date, which will be listed at the top of the page as the effective date.

Privacy Policy

Contents: 

In this Privacy Policy, you may find information regarding the processing of your personal data in the following chapters

I. General. Besides other general information, this chapter contains the data of the Controller and some processors.

II. Ways of processing. In this chapter you may find specific information (the purpose, grounds and period of processing, the scope of data subjects and the data processed) per each purpose of the processing: 

II/1. Registration, login

II/2. Newsletters

II/3. Orders

II/4. Invoices

II/5. Prize games

II/6. complaint-handling

II/7. Personal data of partners

II/8. Cookies

III. The rights of the users as data subjects. Here you may find a detailed description of your rights regarding the processing and the related procedure. 

IV. Remedies. In this chapter you may find the detailed description of the remedies you can have if our rights related to your personal data are violated. 


I. General

• In relation to this Privacy Policy, the User as specified in the General Terms, the person registering on the website, and the visitor of the website shall be considered data subjects. 

The Controller

Company name/ Name: S.P.O. Marketing Kereskedelmi és Szolgáltató Korlátolt Felelosségu Társaság

Székhely és levelezési cím: 4024 Debrecen, Piac utca 28. B. ép. 3. emelet 54.

Telefon: +36306803232

E-mail: [email protected]

Adószám: 23502431-2-09

Cégjegyzékszám: 01-09-294355 

‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;


• It is the Controller’s intention to ensure the protection of the personal data of the persons providing such on the Website at www.visitme.hu to the extent possible. This Privacy Policy shall be applicable in respect of the Website only and no other websites of any third parties, even if such are accessible from the Website.

• The Controller shall have the right to unilaterally modify this Privacy Policy anytime on which it shall inform the users by email. 

• The Controller provides its services protecting the personality rights of the visitors of the Website and its clients, in accordance with the law, especially: 

• REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR); 

• the Hungarian Civil Code; 

• Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: the Data Protection Act

• Please note that it is voluntary to provide personal data on the Website and upon the acceptance of this Privacy Policy, the data subject gives his or her consent to the control of the personal data.  The processing of the personal data of a child shall be lawful on the grounds of the consent of the data subject where the child is at least 16 years old. Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child. 


• The Controller may forward personal data to pursue its activities, to the extent required thereto, to data processors as recipients. ‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;


6.1. The accountant of the Controller is considered a data processor: 

Company name/ Name: BONUK Kft.

Registered and postal address: 1015 Budapest, Donáti utca 38. A. lház. fszt.

E-mail: [email protected]

Activities:    accountancy, in case no data is provided, the Controller cannot fulfill its activities.    

Forwarded personal data: personal data required for invoices, name and address.

6.2.  The personal data processed by us are stored at our storage provider as a data processor: 

Microsoft Azure; https://azure.microsoft.com; +36(1)4372736; [email protected] 

Activities: web storage, in case no data is provided, the Controller cannot fulfill its activities.

Forwarded data: data collected upon registration.


Marketing data (name and email address) are also stored at the storage provider below:

Name: RACKFOREST Kft.

Registered seat: 1132 Budapest, Victor Hugo u. 18-22.

E-mail address: [email protected]

Phone: +36 70 362 4785


6.3. We use a service provider for the payment systems

Name: Barion Payment Zrt.

Data:     www.barion.hu 

Activities: payment services, in case no data is provided, the Controller cannot fulfill its activities.

Forwarded data: data requested and provided upon payment. 

Cookie Policy: https://www.barion.com/en/legal/barion-cookienotice-20180525-en.pdf 

Privacy Policy: https://www.barion.com/hu/jogi-hatter/barion_adatkezelesitajekoztato_20180525.pdf

• Upon placing an order, the personal data will be forwarded to the restaurant concerned. 



II. Ways of processing:

II/1. Registration, login: 

• For using the services on the Website and entering into an agreement, a registration and login is necessary. Without a registration, no contract is made between the Parties and the Controller cannot provide its services. The data provided upon registration shall be processed by the Controller fit to the purpose, as and to the extent required to provide the services and keep contact with the clients as provided for by law. The data subject may add new data with changing his or her profile and upon placing the order the data subject may use a new delivery address. With your account you can record your former orders and the state of V coins. In case of registration or logging in with Facebook or Google+, the personal data will be forwarded to us by and collected from them. 

• The ground for processing is  the voluntary consent of the data subject in accordance with point (a) of subparagraph 1 of Article 6 of the GDPR. By providing their personal data, the with accepting the users give their consent to the use of their personal data by the Controller for providing its services. The Controller will only use the personal data only for the purpose known by the data subject at the provision, and shall not forward them or grant access to them to any third parties without any authorization and keep them separately and encrypted. The employees or subcontractors of the Controller shall have access to the personal data. 

• The purpose of processing is to ensure that the Controller fulfill the orders of the customers as data subjects. 

• If the user buys a coupon in the coupon shop, his or her name will be forwarded to the printing location of the user’s choice to identify the user as the person entitled to claim the coupon.

• Personal data processed: 

• name (surname and first name),

• email address,

• home address, billing address (postcode, municipality, street, house No.), delivery address,

• phone number, 

• username,

• password

• Facebook or Google+ profile picture.

Period of processing: until the data subject requests its profile to be deleted, in respect of invoice data for the duration required by law (8 years).


II/2. Newsletters:

11. The User may subscribe to the newsletter upon registration and without a registration with its expressed, voluntary and active declaration. 

12.  The purpose of processing is informing the data subjects on the services, products, news and events of the Controller and any changes thereto. 

13.  The ground for processing is the voluntary consent  of the data subject in accordance with point (a) of subparagraph 1 of Article 6 of the GDPR. 

Processed personal data:

• name (surname and first name)

• email address

• Period of processing: lasts until the data subject requests to unsubscribe from the newsletters.

II/3. Orders 

15. Upon the placement of the order, for fulfilling it, the Controller processes personal data. 

16. The purpose of processing is the provision of the services. 

17. The ground for processing is the performance of the contract. [point (b) of subparagraph 1 of Article 6 of the GDPR].

• Period of processing: the civil law expiry period of 5 years.

• Processed personal data: home address, phone number, e-mail address, the number and date of placing the order.

• The personal data in the order will be forwarded to the respective restaurant. In case no data is provided, the Controller cannot provide the service of home delivery. 

II/4. Invoices 

20. The Controller stores, i.e. processes the personal data on the invoices. 

21.  The purpose of processing is issuing invoices, compliance with the laws for accounting. 

22. The ground for processing is  compliance with a legal obligation, in accordance with paragraph (1) of Article 159 of Act CXXVII of 2007, and paragraph (2) of Article 169 of Act C of 2000 [point (c) of subparagraph 1 of Article 6 of the GDPR].

23. Processed personal data: name, address, e-mail address, phone number.

• The data subjects are the natural persons on the invoices. 

• Period of processing: 8 years.

• The data in the invoices will be forwarded to the company providing the invoice software to the Controller as processor (www.szamlazz.hu KBOSS.hu Kft.; tax No: 13421739-2-41; registration No: 01-09-303201; [email protected]; +3630 35 44 789). 

II/5. Prize games

• The Controller processes the personal data of the participants as data subjects to organize the prize game. 

• The purpose of processing is the organization of the prize game. 

• The ground for processing is the voluntary consent of the data subject [point (a) of subparagraph 1 of Article 6 of the GDPR].

• Processed personal data: name, address, e-mail address, phone number.

• Period of processing: until the closure of the prize game, in respect of the winners for 8 years. 


II/6. Complaint-handling

• The processing shall be made for the purpose of complaint-handling, the Contractor is obligated to keep the complaint. 

• The data subject is the person making a complaint.

• The ground for processing is compliance with a legal obligation, in accordance with paragraph (7) of Article 17/A of Act CLV of 1997, and paragraph (2) of Article 169 of Act C of 2000 [point (c) of subparagraph 1 of Article 6 of the GDPR].

• Processed personal data: name, address, e-mail address, phone number.

• Period of processing: 5 years, as provided for by law. 

II/7. Personal data of partners

• In respect of the Controller’s contractual partners (especially restaurants) which are not its clients, the Controller processed the personal data of natural person partners and the natural person contact persons of the partners not being natural persons (names, home addresses, email addresses, phone numbers of partners and names, phone numbers, email addresses, titles, position the contact persons). 

• The ground for processing is the performance of the contract [point (b) of subparagraph 1 of Article 6 of the GDPR] in case of natural person partners. In respect of natural person contact persons of the partners not being natural persons, the ground for processing is the legitimate interests of the Controller and the partner that their agreement be fulfilled [point (f) of subparagraph 1 of Article 6 of the GDPR].

• Period of processing: the civil law expiry period of 5 year.

II/8. Cookies

• In order to monitor the Website, the Controller uses an analytical tool (cookie) which prepares a data string and tracks how the visitors use the internet pages. When a page is viewed, the system generates a cookie in order to record the information related to the visit (pages visited, time spent on the Controller’s pages, browsing data, exits, etc) and installs it on the computer of the visitor but these data cannot be linked to the visitor's person. This tool is instrumental in improving the ergonomic design of the website, creating and improving a user-friendly website, enhancing the online experience for visitors and preventing data loss. Cookies recognize the computer of the visitor and manage its IP address. Most internet browsers accept cookies, but visitors have the option of deleting or automatically rejecting or allowing them. The visitor has the option to decline the installation of cookies. Since all browsers are different, visitors can set their cookie preferences individually with the help of the browser toolbar. Users might not be able to use certain features on the Website if they decide not to accept cookies. Using cookies, the websites seen by the visitor and the internet use customs of the visitor may be monitored. Only upon revisiting the Website and exclusively the respective service provider can link such data to the person of the visitor. The duration of the storing of such data depends on the type of the cookies. Session cookies erase the data upon closing the Website, Flash-cookies, however may store the data up to one year of inactivity.

• The ground for processing is the voluntary consent  of the data subject (the visitor) in accordance with point (a) of subparagraph 1 of Article 6 of the GDPR.

• Processed data: browser history, identification No, date, time of visit.

• The purpose of processing: improvement of the user experience, storing of the data of the respective session, prevention of data loss, identification and tracking of the data subjects, web analytics .

• In the Menu of most of the browsers, there is a “Help” function providing information for the data subject, in his or her browser 

• where to disable cookies,

• how to accept new cookies,

• how to instruct the browser to set new cookies or 

• turn off other cookies.

• Outer servers help the impartial measuring and auditing of the visitor and other web analytics data (Google Analytics and Facebook). The service providers can provide detailed information for the data subject. 


Further information on the cookies used by Google may be found via this link:  http://www.google.com/policies/technologies/ads/. 

Google’ privacy policy can be found on this link:  http://www.google.com/intl/hu/policies/privacy/ 

Description of the Analytics cookies:

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage#analyticsjs 


Information regarding the analytics cookies of Facebook: 

https://www.facebook.com/policies/cookies/ 

https://developers.facebook.com/docs/mediaguide/pixel-and-analytics/ 


• The Controller uses the following cookies with the expiration of 1 year: 

• Name : „s” 

stores the work session of the visitor; functional; obligatory; 

• Name : „address”

In some cities an address needs to be provided to set the terms of food delivery. It is obligatory where it is used. This also helps to narrow the restaurant search results. This data is only stored in the moment of placing the order.   

• Name : „p”

A cookie used for some of the promotion and pop-up (city choosing) windows. It is obligatory, for ignoring it results that the website cannot be used.  


III. The rights of the users as data subjects

• The data subject may exercise his or her following rights via the contacts of the Controller listed above: 

• right to request information on the processing of the personal data and the right of access; 

• right to rectification, 

• right to request erasure except the cases of obligatory processing, 

• right to withdraw the cosent, 

• right to data portability, 

• Right to objection; 

• right to object against automated individual decision-making.

III/1. Right for information and access:

• The Controller shall take appropriate measures to provide any information referred to in Articles 13 and 14 relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language. 

• Information may be requested in writing through the contact data of the Controller specified above. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.

• The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; the envisaged period for which the personal data will be stored; the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; the right to lodge a complaint with a supervisory authority; the existence of automated decision-making, including profiling and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer. 

• The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.

• The Controller shall be obliged to respond to requests from the data subject at the latest within one month.


III/2. Right to rectification:

• The data subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data and the completion of incomplete personal data concerning him or her. 


III/3. Right to erasure (‘right to be forgotten’):

• The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: 

- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

- the data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing;

- the data subject objects to the processing and there are no overriding legitimate grounds for the processing,;

- the personal data have been unlawfully processed; 

- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject; 

- the personal data have been collected in relation to the offer of information society services.


• Erasure may not be requested to the extent that processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for reasons of public interest in the area of public health; for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; or for the establishment, exercise or defence of legal claims.

III/4. Right to restriction of processing:

• The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;

- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

- the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.


• Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State. 

• A data subject who has obtained restriction of processing shall be informed by the controller before the restriction of processing is lifted. 

III/5. Right to data portability:

• The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. 

III/6. Right to object:

• The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions. The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. 

• Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes. 

III/7. Right to object against automated individual decision-making:

• The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. This right may not be exercised if the processing  is necessary for entering into, or performance of, a contract between the data subject and a data controller; is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or is based on the data subject's explicit consent.




III/8. Right of withdrawal:

• The data subject shall have the right to withdraw his or her consent anytime. The withdraw of the consent shall not affect affecting the lawfulness of processing based on consent before its withdrawal.

III/9. Rules on the procedure of the enforcement of rights:

• Deadline: The Controller shall provide information on actions taken on a request under Chapter III hereof to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The Controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject. 

• If the controller does not take action on the request of the data subject, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

• Information shall be provided free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or refuse to act on the request. 

• The Controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. 


IV. Remedies

• Any person shall have the right to notify the Hungarian National Authority for Data Protection and Freedom of Information (in Hungarian: Nemzeti Adatvédelmi és Információszabadság Hatóság; http://www.naih.hu/; registered seat: 1125 Budapest Szilágyi Erzsébet fasor 22/c, post address: 1530 Budapest, Pf.: 5., telephone: +36 (1) 391-1400) and request an investigation alleging an infringement relating to his or her personal data or concerning the exercise of the rights of access to public information or information of public interest, or if there is imminent danger of such infringement. The Authority shall carry out the investigation free of charge; the costs thereof shall be advanced and borne by the Authority.

• In the event of any infringement of his rights, the data subject may turn to court action against the controller. The court shall hear such cases in priority proceedings. The action shall be heard by the competent tribunal. If so requested by the data subject, the action may be brought before the tribunal in whose jurisdiction the data subject’s home address or temporary residence is located. Data controllers shall be liable for any damage caused to a data subject as a result of unlawful processing or by any breach of data security requirements. The data controller shall also be liable for any damage caused by data processors acting on its behalf. The data controller may be exempted from liability if it proves that the damage was caused by reasons beyond his control. No compensation shall be paid where the damage was caused by intentional or serious negligent conduct on the part of the aggrieved party. Should the data controller infringe the personality rights of the data subject with the illegal control of the data subject’s data or with the breach of data security requirements, the data subject may claim restitution from the data controller.

Budapest

Visitme.hu. collects certain information through its website and mobile site, located at http://Visitme.hu/, and its network.Your privacy is important to Visitme.hu and this Privacy Policy lays out Visitme.hu's policies and procedures surrounding the collection and handling of such information. This Privacy Policy applies only to the Sites. It does not apply to any restaurant sites, other third party services linked to Visitme.hu Sites or offline activities related to Visitme.hu services.

A. Information Visitme.hu Collects Visitme.hu may collect the following information from users of our Sites: first name, last name, street address, city, area, cross streets, phone number, e-mail address, Sites-specific display name, GPS location (mobile site) and credit card information (collectively, "Personally Identifiable Information" or "PII"). Visitme.hu is not intended for use by children under the age of 13 and Visitme.hu does not knowingly collect PII from children under the age of 13.

In addition, Visitme.hu may collect information regarding Visitme.hu account holders' past Visitme.hu orders, favorite restaurants, customer service inquiries, service/restaurant reviews and certain social networking preferences (e.g. pages you "Like" or "Recommend").

Visitme.hu also uses web analytics software to track and analyze traffic on the Sites in connection with Visitme.hu's advertising and promotion of Visitme.hu services. Visitme.hu may publish these statistics or share them with third parties without including PII.

B. Visitme.hu's Use Of Collected Information Visitme.hu uses PII to create users' Visitme.hu accounts, to communicate with users about Visitme.hu services, to offer users additional services, promotions and special offers and to charge for purchases made through Visitme.hu. Users may opt to allow Visitme.hu to store certain PII used to create users' Visitme.hu accounts, including, but not limited to, credit card information. Visitme.hu uses stored PII to customize future order processing for you. You may request that Visitme.hu cease storing certain PII at any time, but you might not be able to take advantage of certain customized features. Users may affirmatively opt-out of receiving promotional communications from Visitme.hu by visiting http://Visitme.hu/ and providing visitme.hu with their e-mail address via the opt-out link. visitme.hu may also use PII to enforce Visitme.hu terms of use and service.

visitme.hu uses cookies to remember users on the Sites and to enhance users' experience on the Sites. For example, when users with visitme.hu accounts return to the Sites, cookies identify those users and allow the Sites to provide certain user-specific information such as visitme.hu account information, past orders, favorite restaurants and user restaurant reviews.

visitme.hu does not sell the information it collects to third parties. visitme.hu shares collected PII to third-party vendors and service providers with whom visitme.hu works to provide application programming interfaces ("APIs") and other functions for the Sites in connection with the delivery of visitme.hu services. In addition, visitme.hu shares users' visitme.hu order content, special order instructions, first and last name, street address and telephone number with restaurants where users' orders are placed to the extent necessary to process those orders. visitme.hu may also disclose PII to third parties such as attorneys, collection agencies, tribunals or law enforcement authorities pursuant to valid requests in connection with alleged violations of visitme.hu terms of use and service or other alleged contract violations, infringement or similar harm to persons or property.

User generated content posted through the Sites such as service/restaurant reviews and certain social networking preferences (e.g. pages you "Like" or "Recommend") may be viewed by the general public. Accordingly, Visitme.hu cannot ensure the privacy of any PII included in such user generated content.

C. Visitme.hu's Protection of PII Visitme.hu uses reasonable security measures equal to or exceeding industry standard to protect PII from unauthorized access, destruction, use, modification and disclosure. Unfortunately, even with these measures, Visitme.hu cannot guarantee the security of PII. By using the Sites, you acknowledge and agree that Visitme.hu makes no such guarantee, and that you use the Sites at your own risk.

D. Accessing and Correcting Your PII Registered Visitme.hu account holders can access and change their own PII using the "Edit" function on the Visitme.hu website. If you have questions regarding Visitme.hu's use or collection of your PII, please contact Visitme.hu's privacy officer at: [email protected]

E. Privacy Policy Amendments Visitme.hu may change this Privacy Policy at any time by posting a new version on this page or on a successor page. The new version will become effective on the posting date, which will be listed at the top of the page as the effective date.

Privacy Policy

Contents: 

In this Privacy Policy, you may find information regarding the processing of your personal data in the following chapters

I. General. Besides other general information, this chapter contains the data of the Controller and some processors.

II. Ways of processing. In this chapter you may find specific information (the purpose, grounds and period of processing, the scope of data subjects and the data processed) per each purpose of the processing: 

II/1. Registration, login

II/2. Newsletters

II/3. Orders

II/4. Invoices

II/5. Prize games

II/6. complaint-handling

II/7. Personal data of partners

II/8. Cookies

III. The rights of the users as data subjects. Here you may find a detailed description of your rights regarding the processing and the related procedure. 

IV. Remedies. In this chapter you may find the detailed description of the remedies you can have if our rights related to your personal data are violated. 


I. General

    • In relation to this Privacy Policy, the User as specified in the General Terms, the person registering on the website, and the visitor of the website shall be considered data subjects. 

The Controller

Company name/ Name: VMBP Marketing Korlátolt Felelosségu Társaság

Registered and postal address: 1074 Budapest, Vörösmarty utca 16-18. A. ép. 2. em. 1/B.

Phone: +36303322255

E-mail: [email protected]

Tax No: 25081732-2-42

Registration No: 01-09-198647
‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;


    • It is the Controller’s intention to ensure the protection of the personal data of the persons providing such on the Website at www.visitme.hu to the extent possible. This Privacy Policy shall be applicable in respect of the Website only and no other websites of any third parties, even if such are accessible from the Website.
    • The Controller shall have the right to unilaterally modify this Privacy Policy anytime on which it shall inform the users by email. 
    • The Controller provides its services protecting the personality rights of the visitors of the Website and its clients, in accordance with the law, especially: 
    • REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR); 
    • the Hungarian Civil Code; 
    • Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: the Data Protection Act
  • Please note that it is voluntary to provide personal data on the Website and upon the acceptance of this Privacy Policy, the data subject gives his or her consent to the control of the personal data.  The processing of the personal data of a child shall be lawful on the grounds of the consent of the data subject where the child is at least 16 years old. Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child. 

  • The Controller may forward personal data to pursue its activities, to the extent required thereto, to data processors as recipients. ‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

6.1. The accountant of the Controller is considered a data processor: 

Company name/ Name: BONUK Kft.

Registered and postal address: 1015 Budapest, Donáti utca 38. A. lház. fszt.

E-mail: [email protected]

Activities:    accountancy, in case no data is provided, the Controller cannot fulfill its activities.    

Forwarded personal data: personal data required for invoices, name and address.

6.2.  The personal data processed by us are stored at our storage provider as a data processor: 

Microsoft Azure; https://azure.microsoft.com; +36(1)4372736; [email protected] 

Activities: web storage, in case no data is provided, the Controller cannot fulfill its activities.

Forwarded data: data collected upon registration.


Marketing data (name and email address) are also stored at the storage provider below:

Name: RACKFOREST Kft.

Registered seat: 1132 Budapest, Victor Hugo u. 18-22.

E-mail address: [email protected]

Phone: +36 70 362 4785


6.3. We use a service provider for the payment systems

Name: Barion Payment Zrt.

Data:     www.barion.hu 

Activities: payment services, in case no data is provided, the Controller cannot fulfill its activities.

Forwarded data: data requested and provided upon payment. 

Cookie Policy: https://www.barion.com/en/legal/barion-cookienotice-20180525-en.pdf 

Privacy Policy: https://www.barion.com/hu/jogi-hatter/barion_adatkezelesitajekoztato_20180525.pdf

  • Upon placing an order, the personal data will be forwarded to the restaurant concerned. 


II. Ways of processing:



II/1. Registration, login: 

  • For using the services on the Website and entering into an agreement, a registration and login is necessary. Without a registration, no contract is made between the Parties and the Controller cannot provide its services. The data provided upon registration shall be processed by the Controller fit to the purpose, as and to the extent required to provide the services and keep contact with the clients as provided for by law. The data subject may add new data with changing his or her profile and upon placing the order the data subject may use a new delivery address. With your account you can record your former orders and the state of V coins. In case of registration or logging in with Facebook or Google+, the personal data will be forwarded to us by and collected from them. 
  • The ground for processing is  the voluntary consent of the data subject in accordance with point (a) of subparagraph 1 of Article 6 of the GDPR. By providing their personal data, the with accepting the users give their consent to the use of their personal data by the Controller for providing its services. The Controller will only use the personal data only for the purpose known by the data subject at the provision, and shall not forward them or grant access to them to any third parties without any authorization and keep them separately and encrypted. The employees or subcontractors of the Controller shall have access to the personal data. 
  • The purpose of processing is to ensure that the Controller fulfill the orders of the customers as data subjects. 
  • If the user buys a coupon in the coupon shop, his or her name will be forwarded to the printing location of the user’s choice to identify the user as the person entitled to claim the coupon.
  • Personal data processed: 
  • name (surname and first name),
  • email address,
  • home address, billing address (postcode, municipality, street, house No.), delivery address,
  • phone number, 
  • username,
  • password
  • Facebook or Google+ profile picture.

Period of processing: until the data subject requests its profile to be deleted, in respect of invoice data for the duration required by law (8 years).


II/2. Newsletters:

11. The User may subscribe to the newsletter upon registration and without a registration with its expressed, voluntary and active declaration. 

12.  The purpose of processing is informing the data subjects on the services, products, news and events of the Controller and any changes thereto. 

13.  The ground for processing is the voluntary consent  of the data subject in accordance with point (a) of subparagraph 1 of Article 6 of the GDPR. 

Processed personal data:

  • name (surname and first name)
  • email address
  • Period of processing: lasts until the data subject requests to unsubscribe from the newsletters.

II/3. Orders 

15. Upon the placement of the order, for fulfilling it, the Controller processes personal data. 

16. The purpose of processing is the provision of the services. 

17. The ground for processing is the performance of the contract. [point (b) of subparagraph 1 of Article 6 of the GDPR].

  • Period of processing: the civil law expiry period of 5 years.
  • Processed personal data: home address, phone number, e-mail address, the number and date of placing the order.
  • The personal data in the order will be forwarded to the respective restaurant. In case no data is provided, the Controller cannot provide the service of home delivery. 

II/4. Invoices 

20. The Controller stores, i.e. processes the personal data on the invoices. 

21.  The purpose of processing is issuing invoices, compliance with the laws for accounting. 

22. The ground for processing is  compliance with a legal obligation, in accordance with paragraph (1) of Article 159 of Act CXXVII of 2007, and paragraph (2) of Article 169 of Act C of 2000 [point (c) of subparagraph 1 of Article 6 of the GDPR].

23. Processed personal data: name, address, e-mail address, phone number.

  • The data subjects are the natural persons on the invoices. 
  • Period of processing: 8 years.
  • The data in the invoices will be forwarded to the company providing the invoice software to the Controller as processor (www.szamlazz.hu KBOSS.hu Kft.; tax No: 13421739-2-41; registration No: 01-09-303201; [email protected]; +3630 35 44 789). 

II/5. Prize games

  • The Controller processes the personal data of the participants as data subjects to organize the prize game. 
  • The purpose of processing is the organization of the prize game. 
  • The ground for processing is the voluntary consent of the data subject [point (a) of subparagraph 1 of Article 6 of the GDPR].
  • Processed personal data: name, address, e-mail address, phone number.
  • Period of processing: until the closure of the prize game, in respect of the winners for 8 years. 

II/6. Complaint-handling

  • The processing shall be made for the purpose of complaint-handling, the Contractor is obligated to keep the complaint. 
  • The data subject is the person making a complaint.
  • The ground for processing is compliance with a legal obligation, in accordance with paragraph (7) of Article 17/A of Act CLV of 1997, and paragraph (2) of Article 169 of Act C of 2000 [point (c) of subparagraph 1 of Article 6 of the GDPR].
  • Processed personal data: name, address, e-mail address, phone number.
  • Period of processing: 5 years, as provided for by law. 

II/7. Personal data of partners

  • In respect of the Controller’s contractual partners (especially restaurants) which are not its clients, the Controller processed the personal data of natural person partners and the natural person contact persons of the partners not being natural persons (names, home addresses, email addresses, phone numbers of partners and names, phone numbers, email addresses, titles, position the contact persons). 
  • The ground for processing is the performance of the contract [point (b) of subparagraph 1 of Article 6 of the GDPR] in case of natural person partners. In respect of natural person contact persons of the partners not being natural persons, the ground for processing is the legitimate interests of the Controller and the partner that their agreement be fulfilled [point (f) of subparagraph 1 of Article 6 of the GDPR].
  • Period of processing: the civil law expiry period of 5 year.

II/8. Cookies

  • In order to monitor the Website, the Controller uses an analytical tool (cookie) which prepares a data string and tracks how the visitors use the internet pages. When a page is viewed, the system generates a cookie in order to record the information related to the visit (pages visited, time spent on the Controller’s pages, browsing data, exits, etc) and installs it on the computer of the visitor but these data cannot be linked to the visitor's person. This tool is instrumental in improving the ergonomic design of the website, creating and improving a user-friendly website, enhancing the online experience for visitors and preventing data loss. Cookies recognize the computer of the visitor and manage its IP address. Most internet browsers accept cookies, but visitors have the option of deleting or automatically rejecting or allowing them. The visitor has the option to decline the installation of cookies. Since all browsers are different, visitors can set their cookie preferences individually with the help of the browser toolbar. Users might not be able to use certain features on the Website if they decide not to accept cookies. Using cookies, the websites seen by the visitor and the internet use customs of the visitor may be monitored. Only upon revisiting the Website and exclusively the respective service provider can link such data to the person of the visitor. The duration of the storing of such data depends on the type of the cookies. Session cookies erase the data upon closing the Website, Flash-cookies, however may store the data up to one year of inactivity.
  • The ground for processing is the voluntary consent  of the data subject (the visitor) in accordance with point (a) of subparagraph 1 of Article 6 of the GDPR.
  • Processed data: browser history, identification No, date, time of visit.
  • The purpose of processing: improvement of the user experience, storing of the data of the respective session, prevention of data loss, identification and tracking of the data subjects, web analytics .
  • In the Menu of most of the browsers, there is a “Help” function providing information for the data subject, in his or her browser 
    • where to disable cookies,
    • how to accept new cookies,
    • how to instruct the browser to set new cookies or 
    • turn off other cookies.
  • Outer servers help the impartial measuring and auditing of the visitor and other web analytics data (Google Analytics and Facebook). The service providers can provide detailed information for the data subject. 

Further information on the cookies used by Google may be found via this link:  http://www.google.com/policies/technologies/ads/. 

Google’ privacy policy can be found on this link:  http://www.google.com/intl/hu/policies/privacy/ 

Description of the Analytics cookies:

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage#analyticsjs 


Information regarding the analytics cookies of Facebook: 

https://www.facebook.com/policies/cookies/ 

https://developers.facebook.com/docs/mediaguide/pixel-and-analytics/ 


  • The Controller uses the following cookies with the expiration of 1 year: 

• Name : „s” 

stores the work session of the visitor; functional; obligatory; 

• Name : „address”

In some cities an address needs to be provided to set the terms of food delivery. It is obligatory where it is used. This also helps to narrow the restaurant search results. This data is only stored in the moment of placing the order.   

• Name : „p”

A cookie used for some of the promotion and pop-up (city choosing) windows. It is obligatory, for ignoring it results that the website cannot be used.  


III. The rights of the users as data subjects

  • The data subject may exercise his or her following rights via the contacts of the Controller listed above: 
    • right to request information on the processing of the personal data and the right of access; 
    • right to rectification, 
    • right to request erasure except the cases of obligatory processing, 
    • right to withdraw the cosent, 
    • right to data portability, 
    • Right to objection; 
    • right to object against automated individual decision-making.

III/1. Right for information and access:

  • The Controller shall take appropriate measures to provide any information referred to in Articles 13 and 14 relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language. 
  • Information may be requested in writing through the contact data of the Controller specified above. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.
  • The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; the envisaged period for which the personal data will be stored; the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; the right to lodge a complaint with a supervisory authority; the existence of automated decision-making, including profiling and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer. 
  • The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
  • The Controller shall be obliged to respond to requests from the data subject at the latest within one month.

III/2. Right to rectification:

  • The data subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data and the completion of incomplete personal data concerning him or her. 

III/3. Right to erasure (‘right to be forgotten’):

  • The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: 

- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

- the data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing;

- the data subject objects to the processing and there are no overriding legitimate grounds for the processing,;

- the personal data have been unlawfully processed; 

- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject; 

- the personal data have been collected in relation to the offer of information society services.


  • Erasure may not be requested to the extent that processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for reasons of public interest in the area of public health; for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; or for the establishment, exercise or defence of legal claims.

III/4. Right to restriction of processing:

  • The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;

- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

- the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.


  • Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State. 
  • A data subject who has obtained restriction of processing shall be informed by the controller before the restriction of processing is lifted. 

III/5. Right to data portability:

  • The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. 

III/6. Right to object:

  • The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions. The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. 
  • Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes. 

III/7. Right to object against automated individual decision-making:

  • The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. This right may not be exercised if the processing  is necessary for entering into, or performance of, a contract between the data subject and a data controller; is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or is based on the data subject's explicit consent.



III/8. Right of withdrawal:

  • The data subject shall have the right to withdraw his or her consent anytime. The withdraw of the consent shall not affect affecting the lawfulness of processing based on consent before its withdrawal.

III/9. Rules on the procedure of the enforcement of rights:

  • Deadline: The Controller shall provide information on actions taken on a request under Chapter III hereof to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The Controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject. 
  • If the controller does not take action on the request of the data subject, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
  • Information shall be provided free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or refuse to act on the request. 
  • The Controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. 

IV. Remedies

  • Any person shall have the right to notify the Hungarian National Authority for Data Protection and Freedom of Information (in Hungarian: Nemzeti Adatvédelmi és Információszabadság Hatóság; http://www.naih.hu/; registered seat: 1125 Budapest Szilágyi Erzsébet fasor 22/c, post address: 1530 Budapest, Pf.: 5., telephone: +36 (1) 391-1400) and request an investigation alleging an infringement relating to his or her personal data or concerning the exercise of the rights of access to public information or information of public interest, or if there is imminent danger of such infringement. The Authority shall carry out the investigation free of charge; the costs thereof shall be advanced and borne by the Authority.
  • In the event of any infringement of his rights, the data subject may turn to court action against the controller. The court shall hear such cases in priority proceedings. The action shall be heard by the competent tribunal. If so requested by the data subject, the action may be brought before the tribunal in whose jurisdiction the data subject’s home address or temporary residence is located. Data controllers shall be liable for any damage caused to a data subject as a result of unlawful processing or by any breach of data security requirements. The data controller shall also be liable for any damage caused by data processors acting on its behalf. The data controller may be exempted from liability if it proves that the damage was caused by reasons beyond his control. No compensation shall be paid where the damage was caused by intentional or serious negligent conduct on the part of the aggrieved party. Should the data controller infringe the personality rights of the data subject with the illegal control of the data subject’s data or with the breach of data security requirements, the data subject may claim restitution from the data controller.
Szeged

Visitme.hu. collects certain information through its website and mobile site, located at http://Visitme.hu/, and its network.Your privacy is important to Visitme.hu and this Privacy Policy lays out Visitme.hu's policies and procedures surrounding the collection and handling of such information. This Privacy Policy applies only to the Sites. It does not apply to any restaurant sites, other third party services linked to Visitme.hu Sites or offline activities related to Visitme.hu services.

A. Information Visitme.hu Collects Visitme.hu may collect the following information from users of our Sites: first name, last name, street address, city, area, cross streets, phone number, e-mail address, Sites-specific display name, GPS location (mobile site) and credit card information (collectively, "Personally Identifiable Information" or "PII"). Visitme.hu is not intended for use by children under the age of 13 and Visitme.hu does not knowingly collect PII from children under the age of 13.

In addition, Visitme.hu may collect information regarding Visitme.hu account holders' past Visitme.hu orders, favorite restaurants, customer service inquiries, service/restaurant reviews and certain social networking preferences (e.g. pages you "Like" or "Recommend").

Visitme.hu also uses web analytics software to track and analyze traffic on the Sites in connection with Visitme.hu's advertising and promotion of Visitme.hu services. Visitme.hu may publish these statistics or share them with third parties without including PII.

B. Visitme.hu's Use Of Collected Information Visitme.hu uses PII to create users' Visitme.hu accounts, to communicate with users about Visitme.hu services, to offer users additional services, promotions and special offers and to charge for purchases made through Visitme.hu. Users may opt to allow Visitme.hu to store certain PII used to create users' Visitme.hu accounts, including, but not limited to, credit card information. Visitme.hu uses stored PII to customize future order processing for you. You may request that Visitme.hu cease storing certain PII at any time, but you might not be able to take advantage of certain customized features. Users may affirmatively opt-out of receiving promotional communications from Visitme.hu by visiting http://Visitme.hu/ and providing visitme.hu with their e-mail address via the opt-out link. visitme.hu may also use PII to enforce Visitme.hu terms of use and service.

visitme.hu uses cookies to remember users on the Sites and to enhance users' experience on the Sites. For example, when users with visitme.hu accounts return to the Sites, cookies identify those users and allow the Sites to provide certain user-specific information such as visitme.hu account information, past orders, favorite restaurants and user restaurant reviews.

visitme.hu does not sell the information it collects to third parties. visitme.hu shares collected PII to third-party vendors and service providers with whom visitme.hu works to provide application programming interfaces ("APIs") and other functions for the Sites in connection with the delivery of visitme.hu services. In addition, visitme.hu shares users' visitme.hu order content, special order instructions, first and last name, street address and telephone number with restaurants where users' orders are placed to the extent necessary to process those orders. visitme.hu may also disclose PII to third parties such as attorneys, collection agencies, tribunals or law enforcement authorities pursuant to valid requests in connection with alleged violations of visitme.hu terms of use and service or other alleged contract violations, infringement or similar harm to persons or property.

User generated content posted through the Sites such as service/restaurant reviews and certain social networking preferences (e.g. pages you "Like" or "Recommend") may be viewed by the general public. Accordingly, Visitme.hu cannot ensure the privacy of any PII included in such user generated content.

C. Visitme.hu's Protection of PII Visitme.hu uses reasonable security measures equal to or exceeding industry standard to protect PII from  unauthorized access, destruction, use, modification and disclosure. Unfortunately, even with these measures, Visitme.hu cannot guarantee the security of PII. By using the Sites, you acknowledge and agree that Visitme.hu makes no such guarantee, and that you use the Sites at your own risk.

D. Accessing and Correcting Your PII Registered Visitme.hu account holders can access and change their own PII using the "Edit" function on the Visitme.hu website. If you have questions regarding Visitme.hu's use or collection of your PII, please contact Visitme.hu's privacy officer at: [email protected]

E. Privacy Policy Amendments Visitme.hu may change this Privacy Policy at any time by posting a new version on this page or on a successor page. The new version will become effective on the posting date, which will be listed at the top of the page as the effective date.

Privacy Policy

Contents: 

In this Privacy Policy, you may find information regarding the processing of your personal data in the following chapters

I. General. Besides other general information, this chapter contains the data of the Controller and some processors.

II. Ways of processing. In this chapter you may find specific information (the purpose, grounds and period of processing, the scope of data subjects and the data processed) per each purpose of the processing: 

II/1. Registration, login

II/2. Newsletters

II/3. Orders

II/4. Invoices

II/5. Prize games

II/6. complaint-handling

II/7. Personal data of partners

II/8. Cookies

III. The rights of the users as data subjects. Here you may find a detailed description of your rights regarding the processing and the related procedure. 

IV. Remedies. In this chapter you may find the detailed description of the remedies you can have if our rights related to your personal data are violated. 


I. General

• In relation to this Privacy Policy, the User as specified in the General Terms, the person registering on the website, and the visitor of the website shall be considered data subjects. 

The Controller

Company name/ Name: VSZ Marketing Korlátolt Felelosségu Társaság

Registered and postal address: 1064 Budapest, Podmaniczky utca 57. 2. em. 14.

Phone: +36704587941 

E-mail: [email protected]

Tax No: 26133148-1-42

Registration No: 01-09-303661 

‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;


• It is the Controller’s intention to ensure the protection of the personal data of the persons providing such on the Website at www.visitme.hu to the extent possible. This Privacy Policy shall be applicable in respect of the Website only and no other websites of any third parties, even if such are accessible from the Website.

• The Controller shall have the right to unilaterally modify this Privacy Policy anytime on which it shall inform the users by email. 

• The Controller provides its services protecting the personality rights of the visitors of the Website and its clients, in accordance with the law, especially: 

• REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR); 

• the Hungarian Civil Code; 

• Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: the Data Protection Act

• Please note that it is voluntary to provide personal data on the Website and upon the acceptance of this Privacy Policy, the data subject gives his or her consent to the control of the personal data.  The processing of the personal data of a child shall be lawful on the grounds of the consent of the data subject where the child is at least 16 years old. Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child. 


• The Controller may forward personal data to pursue its activities, to the extent required thereto, to data processors as recipients. ‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;


6.1. The accountant of the Controller is considered a data processor: 

Name: Molnár Orsolya E.V.

Phone: +36704298462

Activities:    accountancy, in case no data is provided, the Controller cannot fulfill its activities.    

Forwarded personal data: personal data required for invoices, name and address.

6.2.  The personal data processed by us are stored at our storage provider as a data processor: 

Microsoft Azure; https://azure.microsoft.com; +36(1)4372736; [email protected] 

Activities: web storage, in case no data is provided, the Controller cannot fulfill its activities.

Forwarded data: data collected upon registration.


Marketing data (name and email address) are also stored at the storage provider below:

Name: RACKFOREST Kft.

Registered seat: 1132 Budapest, Victor Hugo u. 18-22.

E-mail address: [email protected]

Phone: +36 70 362 4785


6.3. We use a service provider for the payment systems

Name: Barion Payment Zrt.

Data:     www.barion.hu 

Activities: payment services, in case no data is provided, the Controller cannot fulfill its activities.

Forwarded data: data requested and provided upon payment. 

Cookie Policy: https://www.barion.com/en/legal/barion-cookienotice-20180525-en.pdf 

Privacy Policy: https://www.barion.com/hu/jogi-hatter/barion_adatkezelesitajekoztato_20180525.pdf

• Upon placing an order, the personal data will be forwarded to the restaurant concerned. 



II. Ways of processing:

II/1. Registration, login: 

• For using the services on the Website and entering into an agreement, a registration and login is necessary. Without a registration, no contract is made between the Parties and the Controller cannot provide its services. The data provided upon registration shall be processed by the Controller fit to the purpose, as and to the extent required to provide the services and keep contact with the clients as provided for by law. The data subject may add new data with changing his or her profile and upon placing the order the data subject may use a new delivery address. With your account you can record your former orders and the state of V coins. In case of registration or logging in with Facebook or Google+, the personal data will be forwarded to us by and collected from them. 

• The ground for processing is  the voluntary consent of the data subject in accordance with point (a) of subparagraph 1 of Article 6 of the GDPR. By providing their personal data, the with accepting the users give their consent to the use of their personal data by the Controller for providing its services. The Controller will only use the personal data only for the purpose known by the data subject at the provision, and shall not forward them or grant access to them to any third parties without any authorization and keep them separately and encrypted. The employees or subcontractors of the Controller shall have access to the personal data. 

• The purpose of processing is to ensure that the Controller fulfill the orders of the customers as data subjects. 

• If the user buys a coupon in the coupon shop, his or her name will be forwarded to the printing location of the user’s choice to identify the user as the person entitled to claim the coupon.

• Personal data processed: 

• name (surname and first name),

• email address,

• home address, billing address (postcode, municipality, street, house No.), delivery address,

• phone number, 

• username,

• password

• Facebook or Google+ profile picture.

Period of processing: until the data subject requests its profile to be deleted, in respect of invoice data for the duration required by law (8 years).


II/2. Newsletters:

11. The User may subscribe to the newsletter upon registration and without a registration with its expressed, voluntary and active declaration. 

12.  The purpose of processing is informing the data subjects on the services, products, news and events of the Controller and any changes thereto. 

13.  The ground for processing is the voluntary consent  of the data subject in accordance with point (a) of subparagraph 1 of Article 6 of the GDPR. 

Processed personal data:

• name (surname and first name)

• email address

• Period of processing: lasts until the data subject requests to unsubscribe from the newsletters.

II/3. Orders 

15. Upon the placement of the order, for fulfilling it, the Controller processes personal data. 

16. The purpose of processing is the provision of the services. 

17. The ground for processing is the performance of the contract. [point (b) of subparagraph 1 of Article 6 of the GDPR].

• Period of processing: the civil law expiry period of 5 years.

• Processed personal data: home address, phone number, e-mail address, the number and date of placing the order.

• The personal data in the order will be forwarded to the respective restaurant. In case no data is provided, the Controller cannot provide the service of home delivery. 

II/4. Invoices 

20. The Controller stores, i.e. processes the personal data on the invoices. 

21.  The purpose of processing is issuing invoices, compliance with the laws for accounting. 

22. The ground for processing is  compliance with a legal obligation, in accordance with paragraph (1) of Article 159 of Act CXXVII of 2007, and paragraph (2) of Article 169 of Act C of 2000 [point (c) of subparagraph 1 of Article 6 of the GDPR].

23. Processed personal data: name, address, e-mail address, phone number.

• The data subjects are the natural persons on the invoices. 

• Period of processing: 8 years.

• The data in the invoices will be forwarded to the company providing the invoice software to the Controller as processor (www.szamlazz.hu KBOSS.hu Kft.; tax No: 13421739-2-41; registration No: 01-09-303201; [email protected]; +3630 35 44 789). 

II/5. Prize games

• The Controller processes the personal data of the participants as data subjects to organize the prize game. 

• The purpose of processing is the organization of the prize game. 

• The ground for processing is the voluntary consent of the data subject [point (a) of subparagraph 1 of Article 6 of the GDPR].

• Processed personal data: name, address, e-mail address, phone number.

• Period of processing: until the closure of the prize game, in respect of the winners for 8 years. 


II/6. Complaint-handling

• The processing shall be made for the purpose of complaint-handling, the Contractor is obligated to keep the complaint. 

• The data subject is the person making a complaint.

• The ground for processing is compliance with a legal obligation, in accordance with paragraph (7) of Article 17/A of Act CLV of 1997, and paragraph (2) of Article 169 of Act C of 2000 [point (c) of subparagraph 1 of Article 6 of the GDPR].

• Processed personal data: name, address, e-mail address, phone number.

• Period of processing: 5 years, as provided for by law. 

II/7. Personal data of partners

• In respect of the Controller’s contractual partners (especially restaurants) which are not its clients, the Controller processed the personal data of natural person partners and the natural person contact persons of the partners not being natural persons (names, home addresses, email addresses, phone numbers of partners and names, phone numbers, email addresses, titles, position the contact persons). 

• The ground for processing is the performance of the contract [point (b) of subparagraph 1 of Article 6 of the GDPR] in case of natural person partners. In respect of natural person contact persons of the partners not being natural persons, the ground for processing is the legitimate interests of the Controller and the partner that their agreement be fulfilled [point (f) of subparagraph 1 of Article 6 of the GDPR].

• Period of processing: the civil law expiry period of 5 year.

II/8. Cookies

• In order to monitor the Website, the Controller uses an analytical tool (cookie) which prepares a data string and tracks how the visitors use the internet pages. When a page is viewed, the system generates a cookie in order to record the information related to the visit (pages visited, time spent on the Controller’s pages, browsing data, exits, etc) and installs it on the computer of the visitor but these data cannot be linked to the visitor's person. This tool is instrumental in improving the ergonomic design of the website, creating and improving a user-friendly website, enhancing the online experience for visitors and preventing data loss. Cookies recognize the computer of the visitor and manage its IP address. Most internet browsers accept cookies, but visitors have the option of deleting or automatically rejecting or allowing them. The visitor has the option to decline the installation of cookies. Since all browsers are different, visitors can set their cookie preferences individually with the help of the browser toolbar. Users might not be able to use certain features on the Website if they decide not to accept cookies. Using cookies, the websites seen by the visitor and the internet use customs of the visitor may be monitored. Only upon revisiting the Website and exclusively the respective service provider can link such data to the person of the visitor. The duration of the storing of such data depends on the type of the cookies. Session cookies erase the data upon closing the Website, Flash-cookies, however may store the data up to one year of inactivity.

• The ground for processing is the voluntary consent  of the data subject (the visitor) in accordance with point (a) of subparagraph 1 of Article 6 of the GDPR.

• Processed data: browser history, identification No, date, time of visit.

• The purpose of processing: improvement of the user experience, storing of the data of the respective session, prevention of data loss, identification and tracking of the data subjects, web analytics .

• In the Menu of most of the browsers, there is a “Help” function providing information for the data subject, in his or her browser 

• where to disable cookies,

• how to accept new cookies,

• how to instruct the browser to set new cookies or 

• turn off other cookies.

• Outer servers help the impartial measuring and auditing of the visitor and other web analytics data (Google Analytics and Facebook). The service providers can provide detailed information for the data subject. 


Further information on the cookies used by Google may be found via this link:  http://www.google.com/policies/technologies/ads/. 

Google’ privacy policy can be found on this link:  http://www.google.com/intl/hu/policies/privacy/ 

Description of the Analytics cookies:

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage#analyticsjs 


Information regarding the analytics cookies of Facebook: 

https://www.facebook.com/policies/cookies/ 

https://developers.facebook.com/docs/mediaguide/pixel-and-analytics/ 


• The Controller uses the following cookies with the expiration of 1 year: 

• Name : „s” 

stores the work session of the visitor; functional; obligatory; 

• Name : „address”

In some cities an address needs to be provided to set the terms of food delivery. It is obligatory where it is used. This also helps to narrow the restaurant search results. This data is only stored in the moment of placing the order.   

• Name : „p”

A cookie used for some of the promotion and pop-up (city choosing) windows. It is obligatory, for ignoring it results that the website cannot be used.  


III. The rights of the users as data subjects

• The data subject may exercise his or her following rights via the contacts of the Controller listed above: 

• right to request information on the processing of the personal data and the right of access; 

• right to rectification, 

• right to request erasure except the cases of obligatory processing, 

• right to withdraw the cosent, 

• right to data portability, 

• Right to objection; 

• right to object against automated individual decision-making.

III/1. Right for information and access:

• The Controller shall take appropriate measures to provide any information referred to in Articles 13 and 14 relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language. 

• Information may be requested in writing through the contact data of the Controller specified above. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.

• The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; the envisaged period for which the personal data will be stored; the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; the right to lodge a complaint with a supervisory authority; the existence of automated decision-making, including profiling and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer. 

• The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.

• The Controller shall be obliged to respond to requests from the data subject at the latest within one month.


III/2. Right to rectification:

• The data subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data and the completion of incomplete personal data concerning him or her. 


III/3. Right to erasure (‘right to be forgotten’):

• The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: 

- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

- the data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing;

- the data subject objects to the processing and there are no overriding legitimate grounds for the processing,;

- the personal data have been unlawfully processed; 

- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject; 

- the personal data have been collected in relation to the offer of information society services.


• Erasure may not be requested to the extent that processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for reasons of public interest in the area of public health; for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; or for the establishment, exercise or defence of legal claims.

III/4. Right to restriction of processing:

• The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;

- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

- the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.


• Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State. 

• A data subject who has obtained restriction of processing shall be informed by the controller before the restriction of processing is lifted. 

III/5. Right to data portability:

• The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. 

III/6. Right to object:

• The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions. The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. 

• Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes. 

III/7. Right to object against automated individual decision-making:

• The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. This right may not be exercised if the processing  is necessary for entering into, or performance of, a contract between the data subject and a data controller; is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or is based on the data subject's explicit consent.




III/8. Right of withdrawal:

• The data subject shall have the right to withdraw his or her consent anytime. The withdraw of the consent shall not affect affecting the lawfulness of processing based on consent before its withdrawal.

III/9. Rules on the procedure of the enforcement of rights:

• Deadline: The Controller shall provide information on actions taken on a request under Chapter III hereof to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The Controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject. 

• If the controller does not take action on the request of the data subject, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

• Information shall be provided free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or refuse to act on the request. 

• The Controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. 


IV. Remedies

• Any person shall have the right to notify the Hungarian National Authority for Data Protection and Freedom of Information (in Hungarian: Nemzeti Adatvédelmi és Információszabadság Hatóság; http://www.naih.hu/; registered seat: 1125 Budapest Szilágyi Erzsébet fasor 22/c, post address: 1530 Budapest, Pf.: 5., telephone: +36 (1) 391-1400) and request an investigation alleging an infringement relating to his or her personal data or concerning the exercise of the rights of access to public information or information of public interest, or if there is imminent danger of such infringement. The Authority shall carry out the investigation free of charge; the costs thereof shall be advanced and borne by the Authority.

• In the event of any infringement of his rights, the data subject may turn to court action against the controller. The court shall hear such cases in priority proceedings. The action shall be heard by the competent tribunal. If so requested by the data subject, the action may be brought before the tribunal in whose jurisdiction the data subject’s home address or temporary residence is located. Data controllers shall be liable for any damage caused to a data subject as a result of unlawful processing or by any breach of data security requirements. The data controller shall also be liable for any damage caused by data processors acting on its behalf. The data controller may be exempted from liability if it proves that the damage was caused by reasons beyond his control. No compensation shall be paid where the damage was caused by intentional or serious negligent conduct on the part of the aggrieved party. Should the data controller infringe the personality rights of the data subject with the illegal control of the data subject’s data or with the breach of data security requirements, the data subject may claim restitution from the data controller.


Pécs

Visitme.hu. collects certain information through its website and mobile site, located at http://Visitme.hu/, and its network.Your privacy is important to Visitme.hu and this Privacy Policy lays out Visitme.hu's policies and procedures surrounding the collection and handling of such information. This Privacy Policy applies only to the Sites. It does not apply to any restaurant sites, other third party services linked to Visitme.hu Sites or offline activities related to Visitme.hu services.

A. Information Visitme.hu Collects Visitme.hu may collect the following information from users of our Sites: first name, last name, street address, city, area, cross streets, phone number, e-mail address, Sites-specific display name, GPS location (mobile site) and credit card information (collectively, "Personally Identifiable Information" or "PII"). Visitme.hu is not intended for use by children under the age of 13 and Visitme.hu does not knowingly collect PII from children under the age of 13.

In addition, Visitme.hu may collect information regarding Visitme.hu account holders' past Visitme.hu orders, favorite restaurants, customer service inquiries, service/restaurant reviews and certain social networking preferences (e.g. pages you "Like" or "Recommend").

Visitme.hu also uses web analytics software to track and analyze traffic on the Sites in connection with Visitme.hu's advertising and promotion of Visitme.hu services. Visitme.hu may publish these statistics or share them with third parties without including PII.

B. Visitme.hu's Use Of Collected Information Visitme.hu uses PII to create users' Visitme.hu accounts, to communicate with users about Visitme.hu services, to offer users additional services, promotions and special offers and to charge for purchases made through Visitme.hu. Users may opt to allow Visitme.hu to store certain PII used to create users' Visitme.hu accounts, including, but not limited to, credit card information. Visitme.hu uses stored PII to customize future order processing for you. You may request that Visitme.hu cease storing certain PII at any time, but you might not be able to take advantage of certain customized features. Users may affirmatively opt-out of receiving promotional communications from Visitme.hu by visiting http://Visitme.hu/ and providing visitme.hu with their e-mail address via the opt-out link. visitme.hu may also use PII to enforce Visitme.hu terms of use and service.

visitme.hu uses cookies to remember users on the Sites and to enhance users' experience on the Sites. For example, when users with visitme.hu accounts return to the Sites, cookies identify those users and allow the Sites to provide certain user-specific information such as visitme.hu account information, past orders, favorite restaurants and user restaurant reviews.

visitme.hu does not sell the information it collects to third parties. visitme.hu shares collected PII to third-party vendors and service providers with whom visitme.hu works to provide application programming interfaces ("APIs") and other functions for the Sites in connection with the delivery of visitme.hu services. In addition, visitme.hu shares users' visitme.hu order content, special order instructions, first and last name, street address and telephone number with restaurants where users' orders are placed to the extent necessary to process those orders. visitme.hu may also disclose PII to third parties such as attorneys, collection agencies, tribunals or law enforcement authorities pursuant to valid requests in connection with alleged violations of visitme.hu terms of use and service or other alleged contract violations, infringement or similar harm to persons or property.

User generated content posted through the Sites such as service/restaurant reviews and certain social networking preferences (e.g. pages you "Like" or "Recommend") may be viewed by the general public. Accordingly, Visitme.hu cannot ensure the privacy of any PII included in such user generated content.

C. Visitme.hu's Protection of PII Visitme.hu uses reasonable security measures equal to or exceeding industry standard to protect PII from unauthorized access, destruction, use, modification and disclosure. Unfortunately, even with these measures, Visitme.hu cannot guarantee the security of PII. By using the Sites, you acknowledge and agree that Visitme.hu makes no such guarantee, and that you use the Sites at your own risk.

D. Accessing and Correcting Your PII Registered Visitme.hu account holders can access and change their own PII using the "Edit" function on the Visitme.hu website. If you have questions regarding Visitme.hu's use or collection of your PII, please contact Visitme.hu's privacy officer at: [email protected]

E. Privacy Policy Amendments Visitme.hu may change this Privacy Policy at any time by posting a new version on this page or on a successor page. The new version will become effective on the posting date, which will be listed at the top of the page as the effective date.

Privacy Policy

Contents: 

In this Privacy Policy, you may find information regarding the processing of your personal data in the following chapters

I. General. Besides other general information, this chapter contains the data of the Controller and some processors.

II. Ways of processing. In this chapter you may find specific information (the purpose, grounds and period of processing, the scope of data subjects and the data processed) per each purpose of the processing: 

II/1. Registration, login

II/2. Newsletters

II/3. Orders

II/4. Invoices

II/5. Prize games

II/6. complaint-handling

II/7. Personal data of partners

II/8. Cookies

III. The rights of the users as data subjects. Here you may find a detailed description of your rights regarding the processing and the related procedure. 

IV. Remedies. In this chapter you may find the detailed description of the remedies you can have if our rights related to your personal data are violated. 


I. General

• In relation to this Privacy Policy, the User as specified in the General Terms, the person registering on the website, and the visitor of the website shall be considered data subjects. 

The Controller

Company name/ Name: S.P.O. Marketing Kereskedelmi és Szolgáltató Korlátolt Felelosségu Társaság

Registered and postal address: 1064 Budapest, Podmaniczky utca 57. 2. em. 14.

Phone: +36303322255

E-mail: [email protected]

Tax No: 23502431-2-42

Registration No: 01-09-294355 

‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;


• It is the Controller’s intention to ensure the protection of the personal data of the persons providing such on the Website at www.visitme.hu to the extent possible. This Privacy Policy shall be applicable in respect of the Website only and no other websites of any third parties, even if such are accessible from the Website.

• The Controller shall have the right to unilaterally modify this Privacy Policy anytime on which it shall inform the users by email. 

• The Controller provides its services protecting the personality rights of the visitors of the Website and its clients, in accordance with the law, especially: 

• REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR); 

• the Hungarian Civil Code; 

• Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: the Data Protection Act

• Please note that it is voluntary to provide personal data on the Website and upon the acceptance of this Privacy Policy, the data subject gives his or her consent to the control of the personal data.  The processing of the personal data of a child shall be lawful on the grounds of the consent of the data subject where the child is at least 16 years old. Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child. 


• The Controller may forward personal data to pursue its activities, to the extent required thereto, to data processors as recipients. ‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;


6.1. The accountant of the Controller is considered a data processor: 

Company name/ Name: BONUK Kft.

Registered and postal address: 1015 Budapest, Donáti utca 38. A. lház. fszt.

E-mail: [email protected]

Activities:    accountancy, in case no data is provided, the Controller cannot fulfill its activities.    

Forwarded personal data: personal data required for invoices, name and address.

6.2.  The personal data processed by us are stored at our storage provider as a data processor: 

Microsoft Azure; https://azure.microsoft.com; +36(1)4372736; [email protected] 

Activities: web storage, in case no data is provided, the Controller cannot fulfill its activities.

Forwarded data: data collected upon registration.


Marketing data (name and email address) are also stored at the storage provider below:

Name: RACKFOREST Kft.

Registered seat: 1132 Budapest, Victor Hugo u. 18-22.

E-mail address: [email protected]

Phone: +36 70 362 4785


6.3. We use a service provider for the payment systems

Name: Barion Payment Zrt.

Data:     www.barion.hu 

Activities: payment services, in case no data is provided, the Controller cannot fulfill its activities.

Forwarded data: data requested and provided upon payment. 

Cookie Policy: https://www.barion.com/en/legal/barion-cookienotice-20180525-en.pdf 

Privacy Policy: https://www.barion.com/hu/jogi-hatter/barion_adatkezelesitajekoztato_20180525.pdf

• Upon placing an order, the personal data will be forwarded to the restaurant concerned. 



II. Ways of processing:

II/1. Registration, login: 

• For using the services on the Website and entering into an agreement, a registration and login is necessary. Without a registration, no contract is made between the Parties and the Controller cannot provide its services. The data provided upon registration shall be processed by the Controller fit to the purpose, as and to the extent required to provide the services and keep contact with the clients as provided for by law. The data subject may add new data with changing his or her profile and upon placing the order the data subject may use a new delivery address. With your account you can record your former orders and the state of V coins. In case of registration or logging in with Facebook or Google+, the personal data will be forwarded to us by and collected from them. 

• The ground for processing is  the voluntary consent of the data subject in accordance with point (a) of subparagraph 1 of Article 6 of the GDPR. By providing their personal data, the with accepting the users give their consent to the use of their personal data by the Controller for providing its services. The Controller will only use the personal data only for the purpose known by the data subject at the provision, and shall not forward them or grant access to them to any third parties without any authorization and keep them separately and encrypted. The employees or subcontractors of the Controller shall have access to the personal data. 

• The purpose of processing is to ensure that the Controller fulfill the orders of the customers as data subjects. 

• If the user buys a coupon in the coupon shop, his or her name will be forwarded to the printing location of the user’s choice to identify the user as the person entitled to claim the coupon.

• Personal data processed: 

• name (surname and first name),

• email address,

• home address, billing address (postcode, municipality, street, house No.), delivery address,

• phone number, 

• username,

• password

• Facebook or Google+ profile picture.

Period of processing: until the data subject requests its profile to be deleted, in respect of invoice data for the duration required by law (8 years).


II/2. Newsletters:

11. The User may subscribe to the newsletter upon registration and without a registration with its expressed, voluntary and active declaration. 

12.  The purpose of processing is informing the data subjects on the services, products, news and events of the Controller and any changes thereto. 

13.  The ground for processing is the voluntary consent  of the data subject in accordance with point (a) of subparagraph 1 of Article 6 of the GDPR. 

Processed personal data:

• name (surname and first name)

• email address

• Period of processing: lasts until the data subject requests to unsubscribe from the newsletters.

II/3. Orders 

15. Upon the placement of the order, for fulfilling it, the Controller processes personal data. 

16. The purpose of processing is the provision of the services. 

17. The ground for processing is the performance of the contract. [point (b) of subparagraph 1 of Article 6 of the GDPR].

• Period of processing: the civil law expiry period of 5 years.

• Processed personal data: home address, phone number, e-mail address, the number and date of placing the order.

• The personal data in the order will be forwarded to the respective restaurant. In case no data is provided, the Controller cannot provide the service of home delivery. 

II/4. Invoices 

20. The Controller stores, i.e. processes the personal data on the invoices. 

21.  The purpose of processing is issuing invoices, compliance with the laws for accounting. 

22. The ground for processing is  compliance with a legal obligation, in accordance with paragraph (1) of Article 159 of Act CXXVII of 2007, and paragraph (2) of Article 169 of Act C of 2000 [point (c) of subparagraph 1 of Article 6 of the GDPR].

23. Processed personal data: name, address, e-mail address, phone number.

• The data subjects are the natural persons on the invoices. 

• Period of processing: 8 years.

• The data in the invoices will be forwarded to the company providing the invoice software to the Controller as processor (www.szamlazz.hu KBOSS.hu Kft.; tax No: 13421739-2-41; registration No: 01-09-303201; [email protected]; +3630 35 44 789). 

II/5. Prize games

• The Controller processes the personal data of the participants as data subjects to organize the prize game. 

• The purpose of processing is the organization of the prize game. 

• The ground for processing is the voluntary consent of the data subject [point (a) of subparagraph 1 of Article 6 of the GDPR].

• Processed personal data: name, address, e-mail address, phone number.

• Period of processing: until the closure of the prize game, in respect of the winners for 8 years. 


II/6. Complaint-handling

• The processing shall be made for the purpose of complaint-handling, the Contractor is obligated to keep the complaint. 

• The data subject is the person making a complaint.

• The ground for processing is compliance with a legal obligation, in accordance with paragraph (7) of Article 17/A of Act CLV of 1997, and paragraph (2) of Article 169 of Act C of 2000 [point (c) of subparagraph 1 of Article 6 of the GDPR].

• Processed personal data: name, address, e-mail address, phone number.

• Period of processing: 5 years, as provided for by law. 

II/7. Personal data of partners

• In respect of the Controller’s contractual partners (especially restaurants) which are not its clients, the Controller processed the personal data of natural person partners and the natural person contact persons of the partners not being natural persons (names, home addresses, email addresses, phone numbers of partners and names, phone numbers, email addresses, titles, position the contact persons). 

• The ground for processing is the performance of the contract [point (b) of subparagraph 1 of Article 6 of the GDPR] in case of natural person partners. In respect of natural person contact persons of the partners not being natural persons, the ground for processing is the legitimate interests of the Controller and the partner that their agreement be fulfilled [point (f) of subparagraph 1 of Article 6 of the GDPR].

• Period of processing: the civil law expiry period of 5 year.

II/8. Cookies

• In order to monitor the Website, the Controller uses an analytical tool (cookie) which prepares a data string and tracks how the visitors use the internet pages. When a page is viewed, the system generates a cookie in order to record the information related to the visit (pages visited, time spent on the Controller’s pages, browsing data, exits, etc) and installs it on the computer of the visitor but these data cannot be linked to the visitor's person. This tool is instrumental in improving the ergonomic design of the website, creating and improving a user-friendly website, enhancing the online experience for visitors and preventing data loss. Cookies recognize the computer of the visitor and manage its IP address. Most internet browsers accept cookies, but visitors have the option of deleting or automatically rejecting or allowing them. The visitor has the option to decline the installation of cookies. Since all browsers are different, visitors can set their cookie preferences individually with the help of the browser toolbar. Users might not be able to use certain features on the Website if they decide not to accept cookies. Using cookies, the websites seen by the visitor and the internet use customs of the visitor may be monitored. Only upon revisiting the Website and exclusively the respective service provider can link such data to the person of the visitor. The duration of the storing of such data depends on the type of the cookies. Session cookies erase the data upon closing the Website, Flash-cookies, however may store the data up to one year of inactivity.

• The ground for processing is the voluntary consent  of the data subject (the visitor) in accordance with point (a) of subparagraph 1 of Article 6 of the GDPR.

• Processed data: browser history, identification No, date, time of visit.

• The purpose of processing: improvement of the user experience, storing of the data of the respective session, prevention of data loss, identification and tracking of the data subjects, web analytics .

• In the Menu of most of the browsers, there is a “Help” function providing information for the data subject, in his or her browser 

• where to disable cookies,

• how to accept new cookies,

• how to instruct the browser to set new cookies or 

• turn off other cookies.

• Outer servers help the impartial measuring and auditing of the visitor and other web analytics data (Google Analytics and Facebook). The service providers can provide detailed information for the data subject. 


Further information on the cookies used by Google may be found via this link:  http://www.google.com/policies/technologies/ads/. 

Google’ privacy policy can be found on this link:  http://www.google.com/intl/hu/policies/privacy/ 

Description of the Analytics cookies:

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage#analyticsjs 


Information regarding the analytics cookies of Facebook: 

https://www.facebook.com/policies/cookies/ 

https://developers.facebook.com/docs/mediaguide/pixel-and-analytics/ 


• The Controller uses the following cookies with the expiration of 1 year: 

• Name : „s” 

stores the work session of the visitor; functional; obligatory; 

• Name : „address”

In some cities an address needs to be provided to set the terms of food delivery. It is obligatory where it is used. This also helps to narrow the restaurant search results. This data is only stored in the moment of placing the order.   

• Name : „p”

A cookie used for some of the promotion and pop-up (city choosing) windows. It is obligatory, for ignoring it results that the website cannot be used.  


III. The rights of the users as data subjects

• The data subject may exercise his or her following rights via the contacts of the Controller listed above: 

• right to request information on the processing of the personal data and the right of access; 

• right to rectification, 

• right to request erasure except the cases of obligatory processing, 

• right to withdraw the cosent, 

• right to data portability, 

• Right to objection; 

• right to object against automated individual decision-making.

III/1. Right for information and access:

• The Controller shall take appropriate measures to provide any information referred to in Articles 13 and 14 relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language. 

• Information may be requested in writing through the contact data of the Controller specified above. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.

• The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; the envisaged period for which the personal data will be stored; the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; the right to lodge a complaint with a supervisory authority; the existence of automated decision-making, including profiling and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer. 

• The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.

• The Controller shall be obliged to respond to requests from the data subject at the latest within one month.


III/2. Right to rectification:

• The data subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data and the completion of incomplete personal data concerning him or her. 


III/3. Right to erasure (‘right to be forgotten’):

• The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: 

- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

- the data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing;

- the data subject objects to the processing and there are no overriding legitimate grounds for the processing,;

- the personal data have been unlawfully processed; 

- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject; 

- the personal data have been collected in relation to the offer of information society services.


• Erasure may not be requested to the extent that processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for reasons of public interest in the area of public health; for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; or for the establishment, exercise or defence of legal claims.

III/4. Right to restriction of processing:

• The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;

- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

- the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.


• Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State. 

• A data subject who has obtained restriction of processing shall be informed by the controller before the restriction of processing is lifted. 

III/5. Right to data portability:

• The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. 

III/6. Right to object:

• The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions. The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. 

• Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes. 

III/7. Right to object against automated individual decision-making:

• The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. This right may not be exercised if the processing  is necessary for entering into, or performance of, a contract between the data subject and a data controller; is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or is based on the data subject's explicit consent.




III/8. Right of withdrawal:

• The data subject shall have the right to withdraw his or her consent anytime. The withdraw of the consent shall not affect affecting the lawfulness of processing based on consent before its withdrawal.

III/9. Rules on the procedure of the enforcement of rights:

• Deadline: The Controller shall provide information on actions taken on a request under Chapter III hereof to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The Controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject. 

• If the controller does not take action on the request of the data subject, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

• Information shall be provided free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or refuse to act on the request. 

• The Controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. 


IV. Remedies

• Any person shall have the right to notify the Hungarian National Authority for Data Protection and Freedom of Information (in Hungarian: Nemzeti Adatvédelmi és Információszabadság Hatóság; http://www.naih.hu/; registered seat: 1125 Budapest Szilágyi Erzsébet fasor 22/c, post address: 1530 Budapest, Pf.: 5., telephone: +36 (1) 391-1400) and request an investigation alleging an infringement relating to his or her personal data or concerning the exercise of the rights of access to public information or information of public interest, or if there is imminent danger of such infringement. The Authority shall carry out the investigation free of charge; the costs thereof shall be advanced and borne by the Authority.

• In the event of any infringement of his rights, the data subject may turn to court action against the controller. The court shall hear such cases in priority proceedings. The action shall be heard by the competent tribunal. If so requested by the data subject, the action may be brought before the tribunal in whose jurisdiction the data subject’s home address or temporary residence is located. Data controllers shall be liable for any damage caused to a data subject as a result of unlawful processing or by any breach of data security requirements. The data controller shall also be liable for any damage caused by data processors acting on its behalf. The data controller may be exempted from liability if it proves that the damage was caused by reasons beyond his control. No compensation shall be paid where the damage was caused by intentional or serious negligent conduct on the part of the aggrieved party. Should the data controller infringe the personality rights of the data subject with the illegal control of the data subject’s data or with the breach of data security requirements, the data subject may claim restitution from the data controller.