Last updatet: 2019. 09. 24.

Privacy Statement

Your privacy and the confidential handling of personal data are of utmost importance for Rozsdás Kft. By visiting the website of Rozsdás Kft., you (may) also disclose some of your personal data to us. 
Rozsdás Kft. hereby declares that any information obtained by your visit to its website is handled according to the laws and regulations in effect, especially Act LXIII of 1992 on Personal Data and Public Information. 
Rozsdás Kft. also declares that it will respect the privacy of all personal and confidential information of the visitors and registered users visiting its website. Your personal data will solely be used to the extent necessary for using the services provided by the website; only for the purposes of operating and developing of the services as well as for research and statistics made for our own use, in full compliance with the laws and regulations in effect. 
During your visit to our website, your data is handled by Rozsdás Kereskedelmi Kft. Visitor data and the website are operated, and handled, by a third-party organisation (data handler), which performs its operations in compliance with the laws and regulations in effect.
Our information management policy is in accordance with the effective regulations on privacy, especially the following:
•    Act LXIII of 1992 on the Protection of Personal Data and the Publicity of Information of Public Interest (Data Protection Act);
•    Act LXVI of 1992 on Keeping Records on the Personal Data and Address of Citizens;
•    146/1993. (X. 26.) Gov. Decree on the enforcement on the Act LXVI of 1992
•    Act XIX of 1998 on Criminal Proceedings;
•    Act CXIX of 1995 on the Use of Name and Address Information Serving the Purpose of Research and Direct Marketing;
•    Act CVIII of 2001 on certain issues of electronic commerce activities and information society services. 


Personal data: Any data relating to a specific (identified or identifiable) natural person (hereinafter referred to as ‘data subject’) as well as any conclusion with respect to the data subject which can be inferred from such data. In the course of data processing, such data shall be considered to remain personal as long as their relation to the data subject can be restored. An identifiable person is, in particular, one who can be identified, directly or indirectly, by reference to his/her name, identification code or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. ’Special data’ shall mean any personal data relating to a) racial, or national or ethnic minority origin, political opinion or party affiliation, religious or ideological belief, or membership in any interest group; b) state of health, pathological addictions, sexual life or criminal personal data.
Consent: Any freely given, specific and informed indication of the wish of the data subject by which he signifies his unmistakable agreement to the processing, either wholly or partially, of personal data relating to him/her.
Objection: The statement of the data subject by which he objects to the processing of his personal data and requests termination of the data processing and/or deletion of the processed data.
Opt-out list: A register of the names and addresses of data subjects who have not given permission to use their personal data for any of the research purposes or direct marketing defined by the Act, or has opted out their data from processing for such purposes.
Data controller: Any natural or legal person or any organisation without legal personality that determines the purpose of the processing of data, makes decisions on data processing (including those as to the means of the processing) and implements these decisions or has them implemented by the technical data processor he/she has commissioned.
Data processing: Any operation or set of operations which is performed upon data, irrespective of the applied procedure, such as collection, obtaining, recording, organisation, storage, alteration, use, transfer, making public, alignment or combination, blocking, deletion or destruction, as well as the barring of their further use. Photographing, sound or image recording, as well as the recording of physical characteristics suitable for personal identification (such as fingerprints, and palm prints, DNA samples and iris images) shall also be considered as data processing.
Data transfer: Making data accessible to a specific third party.
Making public: Making data accessible to any person.
Deletion of data: Making data unrecognisable in such a way that it cannot be restored.
Blocking of data: Making it impossible, for a definite period of time or finally, to transfer, access, make public, adapt, alter, destroy, delete, align or combine, or use the data.
Destruction of data: The complete physical destruction of data or the data carrier containing them.
Data processing: The performance of technical tasks related to data processing operations, regardless of the methods or means employed or of the place of application.
Data processor: Any natural or legal person or organisation without legal personality that carries out the technical processing of personal data, either on commission by the data controller or pursuant to a rule of law;
Third person: Any natural or legal person or organisation without legal personality, other than the data subject, the data controller or the technical data processor.
Third country: Any country that is not a member of the European Economic Area.
The purpose of this statement is to ensure that any individual’s fundamental rights, especially the right of privacy, are respected during the automated processing of his/her personal data (data protection) in every field of our services, for every individual, irrespective of his/her nationality, place of residence.
Personal data shall not be processed unless:
a) The data subject has given his consent, or
b) Ordered by an Act, or – based on the authorisation conferred by an Act, and within the range of data specified therein – ordered by a local government decree. On grounds of public interest, an Act may order the making public of an explicitly defined range of personal data. In all other cases, data may not be made public without the consent, in the case of special data without the written consent, of the data subject. In cases of doubt, it shall be presumed that the data subject has not given his consent. The data subject shall be presumed to have given his consent in the case of data communicated by him in the course of his public appearances or handed over by him for making them public.
Purpose-bound Nature of Data Processing: Personal data shall be processed only for a specified purpose, in order to exercise a right or perform an obligation. This purpose shall be complied with in all phases of the data processing. No personal data shall be processed unless indispensable and suitable for the achievement of the purpose of the data processing, and only to the extent and for the duration necessary to achieve that purpose.
Data transfer, linking of data processing activities: Data should only be transferred and the different data processing should only be linked if it is according to the consent of the data subject or if it is allowed by the law, and if the conditions of data processing are met for each personal data.
Data Security: The data controller and, within its scope of activities the technical data processor, shall ensure data security and shall take all technical and organisational measures and elaborate the rules of procedure necessary to enforce compliance with this Act and other rules pertaining to data protection and confidentiality. Data shall be protected in particular against unauthorised access, alteration, transfer, making public, deletion or destruction, as well as against accidental destruction or damage.
Data protection policies
By signing up on our website and by subscribing to our newsletter you accept your personal data to be used for the following purposes:
a.    Keeping contact with you,
b.    Keeping you informed on a regular basis through our newsletters,
c.    Direct business activities,
d.    Market research
Please inform us if you do not intend to give your consent to data processing for one or more of the above purposes.
Unless you express any objection, we consider that you have given your consent to processing your data in following way:
a.    Information sent by post or telephone, information from the data controller
b.    Handing your name and address information to a third party for direct business activities, market research, opinion polling activities, or scientific research
c.    Sending electronic advertisements and other information to your email address, mobile phone
d.    Your data are solely evaluated by computer data processing
Please note that the court, prosecutor and investigating authorities may address the data controller for information, data handover, data transfer or handing out documents.
Rozsdás Kft. as the data controller, will disclose to the authorities only as much information as necessary if the authorities specify the purpose and scope of data.
If, in spite of your objection, you experience any violation related to the handling of your personal data, the following remedies are available:
•    You may ask for information on the processing of your personal data, and you may request the rectification thereof.
Upon request, we provide information on your data processed by us and by our entitled data processor, for the purpose, entitlement, and time period of data processing, as well as the name and address (site) of the data processor, the activities related to data processing as well as the receivers of the data and their purpose.
We will give the information in writing and in an easy to understand way, within the shortest possible time, but not later than within 30 days of the lodging of the request. Your personal data shall be deleted if the processing thereof is unlawful, if you request their deletion, if the purpose of processing has ceased to exist, or the time limit for the storage of data, as specified in an Act, has expired, if the deletion has been ordered by the court or the Data Protection Commissioner. You and those to whom the data were previously transferred for processing shall be informed of any rectification or deletion. Such information may be dispensed with if, in view of the purpose of processing, no legitimate interests of the data subject are infringed thereby.
You may object to the processing of his data if
a) the processing (transfer) of personal data is necessary solely for enforcing a right or legitimate interest of the data controller or data recipient, except if the data processing has been ordered by an Act;
b) personal data are used or transferred for the purposes of direct marketing, public opinion polling or scientific research;
c) the exercise of the right to object is otherwise made possible by an Act.
As data controller, Rozsdás Kft. will investigate the objection, and at the same time suspend the data processing within the shortest time, but not later than 15 days of the lodging of the request, and inform the applicant in writing of the results thereof. Where the objection is justified, the data controller shall discontinue the processing of data, including further collection or transfer, and block all data, and he shall inform of the objection and the measures taken on the basis thereof all those to whom the personal data the objection aimed at were previously transferred, and who, on their part, shall take the necessary measures for the enforcement of the right to object.
If you do not agree with the decision, you may institute court proceedings within 30 days of being notified of the decision. Please note that we may not delete your data if the data processing has been ordered by an Act. The data, however, may not be transferred to the recipient, if the data controller agrees with the objection or if the court has found the objection justified. In case of infringement of rights, you may institute court proceedings against the data controller. The court shall hear the case out of turn.
Rozsdás Kft.