Privacy notice
Temple Regalia Kft. (address: 6000 Kecskemét, Máriahegy tanya 1/c.. tax number: 27334421-2-03), as a data controller (
Company, Service Provider or
Data Controller), in the course of its operation, processes the data of persons (Customers; data subjects) who otherwise use the services provided by it, in accordance with the provisions of this information.
The Company intends to fully comply with the legal requirements for the processing of personal data, in particular with the provisions of Act CXII of 2011 on the Right to
Informational Self-Determination and Freedom of Information (
the “Information Act”) and Regulation (EU) 2016/679 of the European Parliament and of the Council (the “
Regulation” or “
GDPR“), and therefore, through this notice, the Company intends to ensure the enforcement of the right to transparent information as provided for in Article 12 of the GDPR.
This Privacy Notice has been prepared on the basis of the Regulation and in compliance with the
Infotv.
Name and contact details of the data controller, service provider:
| Company name: |
Temple Regalia Ltd. |
| Seat: |
6000 Kecskemét, Máriahegy tanya 1/c. |
| Tax number: |
27334421-2-03 |
| Website name, address: |
www. templeregalia.com |
| Mailing address: |
6000 Kecskemét, Máriahegy tanya 1/c. |
| E-mail: |
admin@templeregalia.com |
| Telephone: |
EN +36 70 381 0155 UK +44 740 881 2002 |
- Interpretative provisions:
GDPR (see above);
data processing: any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
data processor: a service provider used by our Company, which is a natural or legal person, public authority, agency or any other body that processes personal data on behalf of the controller;
Personal data: any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
controller: the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the controller’s designation may also be determined by Union or Member State law;
processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
transfer: making data available to a third party as defined in this notice
data subject’s consent: a voluntary, specific, informed and unambiguous indication of the data subject’s wishes by which he or she signifies his or her agreement to the processing of personal data concerning him or her by means of a statement or an unambiguous act of affirmation;
data subject: the customer, the natural person for whom personal data is processed;
data breach: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
recipient: the natural or legal person, public authority, agency or any other body, whether or not a third party, to whom or with whom the personal data are disclosed. Public authorities which may have access to personal data in the context of an individual investigation in accordance with Union or Member State law are not recipients; the processing of those data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;
third party: a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data.
erasure: making data unrecognisable in such a way that it is no longer possible to recover it;
data retention: the marking of data with an identification mark for the purpose of further processing, either permanently or for a limited period of time.
data marking: the marking of data with an identification mark to distinguish it.
data destruction: the complete physical destruction of the data medium containing the data.
II. General principles of data management
The Data Controller declares that it processes personal data in accordance with the provisions of the Data Processing Information Notice and complies with the provisions of the GDPR, the Infotv. and any other applicable legislation, in particular with regard to the content of this section:
The processing of personal data must be lawful, fair and transparent for the data subject.
Personal data may only be processed for specified, explicit, legitimate and a priori disclosed purposes.
The purposes for which personal data are processed must be adequate and relevant and the processing must be limited to what is necessary.
Personal data must be accurate and up to date. Inaccurate personal data must be deleted without delay.
Personal data must be stored in such a way that the identification of data subjects is limited to the shortest period of time necessary for the purposes for which the data are processed.
Further processing of personal data other than as provided for in this notice shall be considered lawful where the processing is necessary for compliance with a legal obligation, for reasons of public interest, for scientific research or statistical purposes or for the establishment and exercise of legal claims.
Personal data must be processed in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, by using appropriate technical or organisational measures.
The principles of data protection apply to all information relating to an identified or identifiable natural person.
III. Important information about data management
Personal data will be processed solely for the exercise of a right or the performance of an obligation under the GDPR and the GDPR, in compliance with the principle of purpose limitation, for a predetermined purpose, to the extent and for the duration necessary to achieve that purpose. At all stages of processing, the data must be adequate for the purpose for which it is processed – and if the purpose of processing is no longer fulfilled or the processing is otherwise unlawful, the data will be deleted by the Company.
Prior to the start of data processing, the Company will inform the data subject of the purpose of the processing, the legal basis for the processing, the scope of the data processed and other information on the processing by means of this information notice.
The purpose, legal basis, data subjects and the duration of each processing operation carried out by the Company are indicated separately in the activities. The rights of data subjects are set out below in point 11 of this Policy, as they are the same for all processing activities.
In the case of processing based on the consent of the data subject, the data subject may withdraw his or her consent at any time in writing, including by sending a letter to the contact e-mail address. In the event of withdrawal of consent to the processing of personal data, the data processed on the basis of consent will be deleted.
The Data Controller and its authorised processors and employees are entitled to access the data.
As a data subject, the customer of the service may request information about the processing of his/her personal data, may request from the Data Controller access to his/her personal data, rectification, erasure or restriction of processing in case of processing based on consent, and may object to the processing of such personal data, as well as the data subject’s right to data portability.
The data subject may withdraw his or her consent at any time, but this does not affect the lawfulness of the processing carried out on the basis of the consent prior to its withdrawal.
The data subject shall have the right, where processing is based on consent, to obtain from the controller, upon his or her request, the erasure without undue delay of inaccurate personal data relating to him or her and the controller shall be obliged to erase without undue delay personal data relating to him or her where the legal basis for the processing has ceased to exist.
The modification or deletion of personal data may be initiated in writing and may only be validly effected by a written statement on the merits of the processing. The written declaration may be made in the traditional way on paper or by e-mail to the address indicated in point 1 of this notice.
It is important to emphasize that the withdrawal of the right to data processing based on consent by the data subject does not terminate the data subject’s contract with the Company, so the fact of withdrawal does not affect the data subject’s payment obligation towards the Company. The fact of non-payment is in itself a ground for processing the data of the data subject, since it is in relation to his/her default of payment to the Company. The start of processing is conditional on the initiation of the order.
IV. Data controllers, data processors, the methods of data processing and the data processed by them
- Ordering and fulfilling services and personal contact
The customers concerned can order the Company’s services and products online. The legal relationship forthe provision of the service or sale of the product is established by placing an order in the Company’s webshop and accepting the General Terms and Conditions.
The Data Controller processes the following data of the data subjects for the purposes of providing the service and personal contact as follows:
| Target |
Exercise contractual rights and obligations, enforce the Company’s legitimate interests, prevent, investigate, detect and personally contact the Company in relation to the sale of services and products provided by the Company |
| Scope of data processed |
Name, address, e-mail address; telephone number |
| Legal basis |
Consent of the data subject and contractual obligations entered into with the data subject pursuant to Article 6(1)(a) and (b) GDPR |
| Who is affected |
Data subjects under contract |
| Data processing period |
5 years from the date of the order |
| Data Controller |
The Company |
| Data transmission |
For data processors under contract with the Company and for data controllers authorised by law to carry out independent processing |
| Persons entitled to access the data |
The Data Controller and its employees in an employment or agency relationship; the Data Processor and its employees; |
| How the data is stored |
Electronic |
| Profiling |
None |
| Automated decision-making |
None |
Any data and content provided by the data subject in connection with the provision of the service and the sale of the product shall be stored on the server used by the Company (Onehosting Inc. Address: 4600 E Washington St Ste 305, Phoenix, Arizona, 85034, United States, Tel: 001(661) 310-2107 E-mail: hello@onehosting.com).
2. Invoicing, accounting and financial compliance
The Data Controller has an invoicing obligation towards the Customer in connection with the services provided by it, on the basis of which the Data Controller is entitled to use the assistance of the following service providers, which are considered as data controllers in their own right.
Payment service providers:
| Company name: |
K&H Zrt. |
| Seat: |
1095 Budapest, Lechner Ödön fasor 9. |
| Telephone: |
+36 1 328 9000 |
| E-mail: |
bank@kh.hu |
The payment transactions made by the data subject are processed by the payment systems provided by the payment service providers referred to in this point for the payment accounts of the Company. The data may only be accessed by the employees of the Data Controller and, in accordance with their respective data management information, by the employees of the payment service providers, who are all responsible for the secure processing of the data.
| Target |
Ensuring the flow of funds processed by the Data Controller |
| Legal basis |
To comply with a legal obligation under Article 6(1)(c) of the GDPR |
| Who is affected |
Data subjects under contract |
| Scope of the data |
The name of the person concerned, his/her bank, account number and the amount of the payment |
| Data Controller |
The Company |
| Persons entitled to access the data |
The Company and its employees under an employment or agency relationship with the Company and the payment service provider and its employees |
| Time limits for data processing and erasure of data |
Until the end of the Company’s operations. The data will be deleted by the payment service provider after 10 years |
| How the data is stored |
Electronic |
| Profiling |
None |
| Automated decision-making |
None |
Electronic payment service:
In the case of purchases made through the webshop operated by the Company, the Customer pays the purchase price of the goods purchased and other costs (e.g. delivery) online using the following service providers.
| Company name: |
OTP Mobil Kft. – SimplePay |
| Seat: |
1143 Budapest, Hungária krt. 17-19. |
| Telephone: |
+36 1 5100 374 |
| The privacy notice: |
https://simplepay.hu/adatkezelesi-tajekoztatok/ |
| Company name: |
PayPal Europe |
| Seat: |
22-24 Bd Royal, 2449 Luxembourg |
| Telephone: |
+352 26 63 9100 |
| The privacy notice: |
https://www.paypal.com/webapps/mpp/ua/privacy-full |
| Company name: |
Stripe |
| Seat: |
354 Oyster Point Blvd, San Francisco, CA 94080, USA |
| Telephone: |
+1 650 427 9276 |
| The privacy notice: |
https://stripe.com/en-hu/privacy |
Payment transactions made by the data subject shall be processed by the payment systems operated by the service providers referred to in this point. The Company has no access to the bank card data used for payment transactions. Only the service providers referred to in this point have access to the credit card data and are responsible for the secure handling of the data in accordance with their own data management information.
| Target |
Processing of data relating to the use of the services provided by the Site by Users visiting the Site |
| Legal basis |
To comply with a legal obligation under Article 6(1)(c) of the GDPR |
| Who is affected |
Data subjects under contract |
| Scope of the data |
The processing concerns all the data indicated in this notice. |
| Data Controller |
The Company |
| Persons entitled to access the data |
The Company and its employees under an employment or agency relationship with the Company and the Processor and its employees |
| The privacy notice: |
https://mailchimp.com/gdpr/ |
| How the data is stored |
Electronic |
| Profiling |
None |
| Automated decision-making |
None |
Billing:
| Company name: |
KBOSS.hu Trading and Service Provider Limited Liability Company |
| Seat: |
1031 Budapest, Záhony u. 7. |
| Telephone: |
+36 30 354 4789 |
| E-mail: |
info@szamlazz.hu |
The person concerned can fulfil his/her payment obligation to the Company on the basis of the accounting document issued by the invoicing service provider. The data may only be accessed by the Data Controller’s staff or, in accordance with their own data management information, by the service provider’s staff, but each of them is responsible for the secure handling of the data.
| Target |
Accounting compliance and tax compliance |
| Legal basis |
To comply with a legal obligation under Article 6(1)(c) of the GDPR |
| Who is affected |
Data subjects under contract |
| Scope of the data |
Name and address of the person concerned and the amount they will pay |
| Data Controller |
The Company |
| Data transmission |
Invoice Accounting Office – Tiborné Farkas EV. |
| Persons entitled to access the data |
The Company and its employees working for or on behalf of the Company |
| Time limits for data processing and deletion of data |
The data will be deleted by the billing service provider after 8 years. |
| How the data is stored |
Electronic |
| Profiling |
None |
| Automated decision-making |
None |
Accounting:
| Company name: |
Invoice Accounting Office – Tiborné Farkas EV. |
| Seat: |
6000 Kecskemét, Szabadkai u. 9.. |
The Company can fulfil its obligation to file returns and pay tax in accordance with the accounting documents provided by the person concerned by submitting the returns prepared by the accounting service provider to the tax authority and fulfilling its tax payment obligations on the basis of the returns. Access to the data is limited to the employees of the Data Controller and, in accordance with their own data management information, to the employees of the service provider, but each of them is responsible for the secure handling of the data.
| Target |
Accounting compliance and tax compliance |
| Legal basis |
Compliance with a legal obligation |
| Who is affected |
Customers |
| Scope of the data |
Name, address, and the amount they are paying, their bank account number, and the bank account number of the account holder |
| Data Controller |
The Company |
| Data transmission |
Invoice Accounting Office – Tiborné Farkas EV |
| Persons entitled to access the data |
The Company and its employees working for or on behalf of the Company |
| Time limits for data processing and deletion of data |
Data deleted by the accounting service provider after 8 years |
| How the data is stored |
Electronic and paper-based |
| Profiling |
None |
| Automated decision-making |
None |
3. Domain and webshop operation
The Company sells its products and provides its services through online trading. It operates its website and webshop with the assistance of the following data processors.
IT processing:
| Company name: |
WordPress / Automattic Inc. |
| Seat: |
60 29th Street #343, San Francisco, CA 94110 |
| Telephone: |
(877) 273 3049 |
The provision of the website in the information technology sense to the User concerned, the processing operations consisting of the technical operations necessary for the operation of the website and the provision of the services provided through it.
| Target |
Processing of data relating to the use of the services provided by the Site by Users visiting the Site |
| Legal basis |
To comply with a legal obligation under Article 6(1)(c) of the GDPR |
| Who is affected |
Data subjects under contract |
| Scope of the data |
The processing concerns all the data indicated in this notice. |
| Data Controller |
The Company |
| Persons entitled to access the data |
The Company and its employees under an employment or agency relationship with the Company and the Processor and its employees |
| The privacy notice |
https://automattic.com/privacy/ |
| How the data is stored |
Electronic |
| Profiling |
None |
| Automated decision-making |
None |
Webshop operation:
| Company name: |
WooCommerce / Automattic Inc. |
| Seat: |
60 29th Street #343, San Francisco, CA 94110 |
| Telephone: |
(877) 273 3049 |
Ensuring the operation of the webshop in the information technology sense for the User concerned, data processing operations consisting of the technical operations necessary for the operation of the webshop and the provision of the services provided through it.
| Target |
Processing of data relating to the use of the services provided by the Site by Users visiting the Site |
| Legal basis |
To comply with a legal obligation under Article 6(1)(c) of the GDPR |
| Who is affected |
Data subjects under contract |
| Scope of the data |
The processing concerns all the data indicated in this notice. |
| Data Controller |
The Company |
| Persons entitled to access the data |
The Company and its employees under an employment or agency relationship with the Company and the Processor and its employees |
| The privacy notice |
https://automattic.com/privacy/ |
| How the data is stored |
Electronic |
| Profiling |
None |
| Automated decision-making |
None |
Online marketing and sending marketing emails:
| Company name: |
The Rocket Science Group LLC |
| Seat: |
Ponce City Market, 675 Ponce De Leon Ave NE E178, Atlanta, GA 30308, USA |
| Telephone: |
+44 800 315 5939 |
Sending online marking emails to the User concerned, with his/her consent, the data processing operations consisting of the necessary technical operations.
| Target |
Processing of data relating to the use of the services provided by the Site by Users visiting the Site |
| Legal basis |
To comply with a legal obligation under Article 6(1)(c) of the GDPR |
| Who is affected |
Data subjects under contract |
| Scope of the data |
The processing concerns all the data indicated in this notice. |
| Data Controller |
The Company |
| Persons entitled to access the data |
The Company and its employees under an employment or agency relationship with the Company and the Processor and its employees |
| The privacy notice |
https://mailchimp.com/gdpr/ |
| How the data is stored |
Electronic |
| Profiling |
None |
| Automated decision-making |
None |
4. Delivery of goods
The Data Controller delivers the products it sells to the Customer through the intermediary of companies providing delivery services. The Data Controller is entitled to use the services of the following service providers, which are considered as data controllers in their own right.
| Company name: |
Magyar Posta Zrt. |
| Seat: |
1138 Budapest, Dunavirág utca 2-6. |
| Telephone: |
+36 1 767 8282 |
| The privacy notice: |
https://www.posta.hu/adatkezelesi_tajekoztato |
| Company name: |
GLS General Logistics Systems Hungary Csomag-Logisztikai Kft. |
| Seat: |
2351 Alsónémedi, GLS Európa u. 2. |
| Telephone: |
+36 29 886 700 |
| The privacy notice: |
https://gls-group.com/HU/hu/adatkezelesi-tajekoztato |
| Company name: |
DHL Express Hungary Kft. |
| Seat: |
1185 Budapest, BUD International Airport Building 302 |
| Telephone: |
+36 29 556 000 |
| The privacy notice: |
https://www.dhl.com/hu-hu/home/elolab/adatvedelmi-nyilatkozat.html |
| Company name: |
FedEx Express Hungary Kft. |
| Seat: |
1185 Budapest, BUD International Airport, Logistics Centre II – Office Building 283. |
| Telephone: |
+36 29 551 900 |
| The privacy notice: |
https://www.fedex.com/hu-hu/privacy-policy.html |
The data provided to the Company will only be transferred to the carrier for the purpose of delivery (name, address, telephone number, email address), which the carrier – as data controller – is obliged to handle in accordance with its own data management information and is fully responsible for their secure handling.
| Target |
Ensuring the flow of funds processed by the Data Controller |
| Legal basis |
To comply with a legal obligation under Article 6(1)(c) of the GDPR |
| Who is affected |
Data subjects under contract |
| Scope of the data |
The name of the person concerned, his/her bank, account number and the amount of the payment |
| Data Controller |
The Company |
| Persons entitled to access the data |
The Company and its employees under an employment or agency relationship with the Company and the payment service provider and its employees |
| Time limits for data processing and deletion of data |
Until the end of the Company’s operations. The data will be deleted by the payment service provider after 10 years |
| How the data is stored |
Electronic |
| Profiling |
None |
| Automated decision-making |
None |
5. Community sites
Social networking sites are media tools where information is disseminated through social network users. Social media use the Internet and online publishing to transform users from content ingestors to content editors.
Social media is the interface of web applications that hosts user-generated content, such as Meta, Google+, Twitter, Pinterest, Instagram, etc.
Social media can take the form of public speeches, presentations, demonstrations, product or service launches.
The scope of personal data published on social media is as follows:
- forums,
- blog posts,
- image, video and audio material,
- message boards,
- e-mail messages,
- the user’s public profile picture.
| Target |
Promoting the Company and the website it operates |
| Legal basis |
Voluntary consent of the customer concerned |
| Who is affected |
Relevant customers following the Community site separately |
| Data processing period |
According to the rules available on the relevant Community site |
| Information on cancellation |
The Company shall, to the extent possible, remove the data in question following a request for erasure or withdrawal of consent. |
| Data Controller |
The Company |
| Persons entitled to access the data |
According to the rules available on the relevant Community site |
| How the data is stored |
Electronic |
| Profiling |
None |
| Automated decision-making |
None |
When a user uploads or submits personal data, he or she grants the operator of the social networking site worldwide a valid licence to store and use such content.
6. Cookies (cookies)
The cookies are placed on the user’s computer by the above websites visited and contain information such as the site settings or login status.
Cookies are therefore small files created by the websites you visit. They improve the user experience by saving browsing data. Cookies help the website to remember your website settings and offer you locally relevant content.
A small file (cookie) is sent by the provider’s website to the website visitors’ computer in order to establish the fact and time of the visit. The provider informs the website visitor of this.
| Target |
Extra services, identification, visitor tracking |
| Legal basis |
The data subject’s consent is not required where the sole purpose of the use of cookies is the transmission of communications over an electronic communications network or where the use of cookies is strictly necessary for the provision of an information society service explicitly requested by the subscriber or user. |
| Who is affected |
Visitors to the websites |
| Data Controller |
None |
| Persons entitled to access the data |
By using cookies, the data controller does not process personal data |
| How the data is stored |
Electronic |
| Data transmission |
None |
| Profiling |
None |
| Automated decision-making |
None |
Data subjects have the possibility to delete cookies in the Tools/Preferences menu of their browsers, usually under the Privacy settings.
Most browsers allow you to set which cookies should be saved and allow (certain) cookies to be deleted again. If the saving of cookies is restricted on certain websites, or third-party cookies are not allowed, this may in certain circumstances lead to our website no longer being fully usable. The links below provide information on how to customise your cookie settings:
7. Using Google Analytics
The Company’s online sales website uses Google Analytics, which uses internal cookies to compile a report for its customers on the habits of website users.
On behalf of the website operator, Google will use this information to evaluate how users use the website. As an additional service, the website operator will compile reports on website activity for the website operator so that it can provide additional services.
Data is stored by Google’s servers in encrypted format to make it more difficult and to prevent misuse.
You can disable Google Analytics by. Quote from the page:
Website users who do not want Google Analytics to generate JavaScript reports about their data can install the Google Analytics browser add-on to disable it. The extension will prevent Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sending information to Google Analytics. The browser extension can be used in most recent browsers. The Google Analytics browser add-on does not prevent data from being sent to the website itself and other web analytics services.
For details of Google’s privacy policy and information about how Google uses and protects your data, please see the links below.
8. Newsletter, DM activity
Pursuant to Article 6 of Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activities, the Customer may expressly consent in advance to being contacted by the Company with advertising offers and other mailings at the contact details provided at the time of registration, and may consent to the Company processing the personal data necessary for sending advertising offers, subject to the provisions of this information.
The Company will not send unsolicited advertising messages and the User may unsubscribe from receiving such offers free of charge, without any restriction and without giving any reason, in which case the Company will delete all personal data necessary for sending advertising messages from its records and will not contact you with further advertising offers. The Customer may unsubscribe from advertising by clicking on the link in the marketing message.
| Target |
Identification, sending electronic messages containing advertising (e-mail, SMS, push messages) to the data subject, information about current information, products, promotions, new features, etc. |
| Legal basis |
Consent of the data subject, Article 6(1)(a). Article 6(5) of Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions on Economic Advertising Activities |
| Who is affected |
All stakeholders who subscribe to the newsletter. |
| Data Controller |
The Rocket Science Group LLC (mailchimp) |
| Persons entitled to access the data |
The Company and its employees under an employment or agency relationship with it, and the data processor and its employees |
| How the data is stored |
Electronic |
| Profiling |
None |
| Automated decision-making |
None |
V. Rights in relation to data processing
- Right to request information (Article 15 GDPR)
Through the contact details provided, the data subject may request information from the Data Controller about the data processed by the data processor or a data processor appointed by the Data Controller, about the data subject’s data, the legal basis for the processing, the purpose of the processing, the source of the data, the duration of the processing, the name and address of the data processor and the data processor’s activities related to the processing, the circumstances of the data breach, the effects of the data breach and the measures taken to remedy the data breach, and, in the case of the transfer of the data subject’s personal data, the legal basis and the recipient of the data transfer. At the request of the data subject, the Controller shall send information to the e-mail address provided by the data subject without undue delay, but within 30 days at the latest.
The information is provided free of charge once a calendar year, and a fee may be charged for additional occasions when information is requested. However, the fee already paid shall be refunded if an unlawfulness is established with regard to the processing of the data or if the data need to be rectified for reasons attributable to the Data Controller.
- Right to rectification (Article 16 GDPR)
The data subject may request the Data Controller to modify any of his or her data through the contact details provided. The Data Controller shall take action on the data subject’s request without delay, but within 30 days at the latest, by sending information to the e-mail address provided by the data subject.
- Right to erasure (Article 17 GDPR)
The data subject may request the Company to delete his/her data through the contact details provided. The Company will do so immediately upon the data subject’s request, but within 30 days at the latest, and will send a notification to the e-mail address provided by the data subject.
Personal data may be deleted if.
a) the personal data are no longer necessary for the purposes for which they were processed;
(b) the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;
(c) the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
d) the personal data are unlawfully processed;
(e) the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
f) personal data are collected in connection with the provision of information society services to children under the age of 16;
4. Right to be forgotten (Article 17 GDPR)
Where the controller has disclosed the personal data and the personal data are no longer necessary for the purposes for which they were processed, the controller shall erase them and shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the controllers that have processed the data that the data subject has requested the deletion of the links to or copies of the personal data in question.
- Right to blocking (Article 18 GDPR)
The data subject may request the Company to block his or her data through the contact details provided. The blocking will last as long as the reason indicated by the data subject makes it necessary to store the data. At the request of the data subject, the Company will do so without delay, but within a maximum of 30 days, and will send information to the e-mail address provided by the data subject.
- Right to object (Article 21 GDPR)
The data subject may object to the processing of his or her personal data using the contact details provided. The objection will be examined by the Company within the shortest possible time from the date of the request, but no later than 15 days, and the Company will decide whether the objection is justified and inform the data subject of its decision by e-mail.
You can object to the processing of personal data if.
- the processing or transfer of personal data is necessary for the fulfilment of a legal obligation to which the Data Controller is subject or for the purposes of the legitimate interests pursued by the Data Controller, the data subject or a third party, unless the processing is mandatory;
- the personal data are used or disclosed for direct marketing, public opinion polling or scientific research purposes; and in other cases as provided by law.
If the data subject’s objection is found to be justified, the data processing shall be terminated, the data blocked and the objection and the action taken on the basis of the objection shall be notified to all those to whom the personal data concerned by the objection were previously disclosed and who are also obliged to take measures to enforce the right to object.
- Right to restriction of processing (Article 18 GDPR)
The data subject shall have the right to obtain, at his or her request, the restriction of processing by the Controller if one of the following conditions is met:
- the data subject contests the accuracy of the personal data, in which case the restriction applies for the period of time necessary to allow the controller to verify the accuracy of the personal data;
- the data processing is unlawful and the data subject opposes the erasure of the data and requests instead the restriction of their use;
- the controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims;
- the data subject has objected to the processing; in this case, the restriction applies for the period until it is established whether the legitimate grounds of the controller override those of the data subject.
VI. Enforcement of data processing, lodging a complaint
In the event of unlawful processing by the data subject, notify the Company so that the lawful situation can be rectified within a short period of time. The Company will make every effort to resolve the problem in the interest of the data subject.
If the data subject considers that the lawful situation cannot be restored, he or she should notify the authority using the following contact details:
Hungarian National Authority for Data Protection and Freedom of Information
1055 Budapest, Falk Miksa utca 9-11.
Postal address: 1363 Budapest, Pf. 9.
Phone: +36 -1-391-1400
Fax: +36-1-391-1410
E-mail:
ugyfelszolgalat@naih.hu
VII. Procedure in the event of a data breach
Where a personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall inform the data subject without undue delay.
The information provided to the data subject shall clearly and prominently describe the nature of the personal data breach and provide the name and contact details of the data protection officer or other contact person who can provide further information; describe the likely consequences of the personal data breach; describe the measures taken or envisaged by the controller to remedy the personal data breach, including, where appropriate, measures to mitigate any adverse consequences of the personal data breach.
VIII. Legislation on which the processing is based
- REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation) (GDPR) (27 April 2016);
- Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: Infotv.);
- Act CVIII of 2001 – on certain aspects of electronic commerce services and information society services (in particular § 13/A);
- Act XLVII of 2008 – on the prohibition of unfair commercial practices against consumers;
- Act XLVIII of 2008 – on the basic conditions and certain restrictions of economic advertising (in particular § 6);
- Act XC of 2005 on Freedom of Electronic Information;
- Act C of 2003 on Electronic Communications (specifically § 155);
- Opinion No 16/2011 on the EASA/IAB Recommendation on best practice in behavioural online advertising;
- Recommendation of the National Authority for Data Protection and Freedom of Information on the data protection requirements for prior information.
IX. Miscellaneous provisions
With regard to the data transferred within the scope of this Privacy Notice, the data processors, who are individually responsible for the personal data processing carried out by them on behalf of the Company, are.
The scope of this Privacy Notice applies to the processing of data by the Data Controller through the use of services provided through the website or by other means.
The Data Controller reserves the right to unilaterally amend this Privacy Notice at any time, with prior notice to the data subjects. The data subjects shall be informed by means of a notice on
www. templeregalia.hu at least eight calendar days prior to the modification.
This Privacy Notice is effective from 1 December 2022 until it is withdrawn.
