Terms and Conditions
Declaration of Data Protection and Management
Morane Gasztronómia Kft., the operator of the www.hauercukraszda.hu website, hereinafter: Website (seat: 1088 Budapest, Rákóczi út 49., company registration number: 01-09-329242, tax number: 26506771-2-42, hereinafter: Data manager), as Data manager disclosing this Declaration of Data protection and Data management Briefing (hereinafter: Declaration of Data protection) describes its principles regarding data management, which the Data manager acknowledges as binding to itself. The Data manager shall take all reasonable effort it may take for the security of personal data it manages.
Before using our Website please read this Declaration of Data protection.
The Data manager informs clearly and in detail all relevant facts about managing the data those involved.
Before starting the data management we inform You, that data management is based on the consent of the involved person at all times. With registration on the Website, and using the Website, dispatching your order, subscribing to our newsletter you as User explicitly give consent for the Data manager to manage your personal data in the frame of this Declaration of Data protection, in accordance with the current Hungarian legislation in force, and use them in a scope, manner and duration as recorded in this document.
Registration of Data management
The Data manager initiated to register the management of personal data at the Hungarian
National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság hereinafter NAIH or the Authority.
The Authority registered the data management on the following registration number:
Data management registration number: NAIH-129973/2017.
Current legislation on managing personal data of Users: Act CXII. of 2011 (on Informational Self-Determination and Freedom of Information hereinafter: “Privacy Act”)
The meaning of terms used in this Declaration of Data protection with regard to the “Interpretative provisions” in 3.§ of Act CXII of 2011 and in 2.§ of Act CVIII of 2001 are the following:
- personal data: shall mean data relating to the data subject, in particular by reference to the name and identification number of the data subject or one or more factors specific to his physical, physiological, mental, economic, cultural or social identity as well as conclusions drawn from the data in regard to the data subject
- data subject: shall mean, any natural person directly or indirectly identifiable by reference to specific personal data;
- data manager: shall mean natural or legal person, or organization without legal personality which alone or jointly with others determines the purposes and means of the processing of data; makes and executes decisions concerning data management (including the means used) or have it executed by a data processor
- data management: shall mean any operation or the totality of operations performed on the data, irrespective of the procedure applied; in particular, collecting, recording, registering, classifying, storing, modifying, using, querying, transferring, disclosing, synchronizing or connecting, blocking, deleting and destructing the data, as well as preventing their further use, taking photos, making audio or visual recordings, as well as registering physical characteristics suitable for personal identification (such as fingerprints or palm prints, DNA samples, iris scans)
- data deletion: shall mean making data unrecognizable in a way that it can never again be restored
- data processing: shall mean performing technical tasks in connection with data management operations, irrespective of the method and means used for executing the operations, as well as the place of execution, provided that the technical task is performed on the data;
- data set: shall mean all data managed in a single register
- third party: any natural or legal person, or organization without legal personality other than the data subject, the data manager or the data processor
- service in connection of information society: means distant services provided by electronic means, generally against payment, and accessed by the recipient of the service individually;
- Electronic commerce service: means services in connection of information society for the purpose of selling, purchasing or exchanging or use in any other manner possessable commercial movable property -including money and securities, as well as the natural resources that can be used in the way of things – , service, real estate, property rights (hereinafter together: goods) on a commercial basis
Scope of users
User is the registered as well as non registered natural person using the services of the Website who submits the order and who is identified or might be identified – directly or indirectly- by any specific personal data.
Scope of the managed personal data
The personal data handled by the Data Manager are the following:
- Name (Family name, First name, Name of company)
- Address (street, house number, floor, door, city, country, postal code)
- Phone number
- E- mail address
The Data manager does not take responsibility for the truthfulness of the personal data processed! For the personal data provided, the responsibility lies solely with the User.
We only send a newsletter to any natural person as addressee of our newsletter via electronic mail or via any equivalent custom communications tool, if the addressee of the newsletter gave its consent in advance clearly and explicitly, and subscribed to the newsletter.
Scope of managed data: The Data managed manages the following data of the User subscribed to the newsletter voluntarily, on the basis of his explicit consent: Name ((Family name, First name, Name of company) E-mail address, and phone number.
Purpose of the usage: Sending an e-mail (newsletter) with marketing content electronically to Users who have subscribed to the newsletter voluntarily, on the basis of explicit consent; Providing Users with information on the latest news, offers, promotions for marketing purposes.
Term of data management: The Data manager manages the above-mentioned personal information of the User who voluntarily subscribes to the newsletter until the user’s consent is withdrawn, in the absence of such for 10 years from the date of data collection
Withdrawal statement: We inform You that the contributing declaration can be revoked free of charge without limitation or justification. In this case, the name of the declarant and all other personal information will be deleted and no newsletter will be sent thereinafter.
In order to make a withdrawal statement, we provide possibility both via postal and electronic mail so that the person making the declaration can be clearly identified.
User can withdraw its consent at any time, free of charge, in writing in the following ways:
- E-mail: firstname.lastname@example.org
- By regular mail: 1088 Budapest, Rákóczi út 49.
The Data Manager keeps records of the personal data of users registered on a voluntary basis, expressly consented to the newsletter. The data set out in this record – concerning the recipient of the advertisement- can be managed only in accordance with the consent statement and can be managed over until its revocation, and can only be transferred to a third party with the prior consent of the person concerned.
The Data Manager manages the personal data it records only in accordance with the consent statement and may be transferred to third parties only with the prior consent of the person concerned.
The purpose and legal basis for the managing of personal data
Data management purposes:
The purpose of the data management is to allow the User’s access to the services provided by the Data manager and to allow those to be performed by the Data manager, to identify the User, and to allow the User to receive information about his order.
The use of Website services is subject to registration or entry of personal data. By using the service and registering on the Website, the User expressly agrees the Personal Data to be managed by the Data Manager. The user provides the personal information to the Data Manager voluntarily, in the knowledge of this Declaration of Data management.
Legal Basis and Method of Data Processing:
The management of personal data during the registration of the Website and during the use of the service is based on the User’s voluntary contribution.
This contribution will be provided by the User by submitting an order on the Website and by registering.
The User, when entering the personal data of a third natural person during the use of the service, guarantees that the user has legitimately obtained the consent of the person concerned for the management of the personal data made available.
The User acknowledges that the Data Manager may manage the recorded data in the absence of any different provision of the law for the fulfillment of a legal obligation on it or for the validation of the Data manager’s or a third party’s legitimate interest- if the enforcing of this interest is proportionate with the limiting the right to the protection of personal data- without any further consent, and after withdrawing the consent of the person concerned.
Person authorized for data management and data processing
The person authorized to manage and process personal data is Morane Conditorei Kft. (seat: 1088 Budapest, Rákóczi út 49., company registration number: 01 09 677024, tax number: 11308821-2-42, hereinafter: Data Manager) as Data Manager.
Personal data processed can be accessed by the Data Manager’s legal representative (s), its employees / agents / contributors. The data manager does not disclose personal data to third parties, unless the person concerned expressly agrees to it.
The duration of Data management
Personal Data provided by the User’s consent will be handled by the Data manager until the fulfilment of the purpose of data management or until the User’s consent is withdrawn. The Data manager manages the personal data provided during the registration of the User until the Website is terminated, especially until the registration is canceled.
The Data Manager shall manage the personal data collected in the absence of a different provisions of law, a) in order to fulfill its legal obligation, or b) to enforce the legitimate interests of the data controller or third party, if the enforcement of this interest is proportionate to the limitation of the right to the protection of personal data, as well as the withdrawal of the consent of the person concerned. /6.§ (5) of Act CXII. of 2011./
The Data manager shall manage the personal data provided by the User for the purposes of fulfilling the accounting obligations pursuant to 169.§ of Act C of 2000 for eight years, and within the limitation period specified by law in the Act XCII of 2003 on the Order of Taxation.
Data transfer, data linking
The Data Manager does not sell, rent or provide Personal Data or Information regarding the user to any other company or individual, in any form, except for the data required to perform the accounting obligation.
The Data Manager will ensure the proper security of the data as it is expected to do and will take the technical and organizational measures that guarantee the enforcement of data protection rules and principles and facilitate the security of personal data.
We inform the Users that the Data Manager transmits personal data to a third person or persons only with the consent of the person concerned.
By using the Services provided by the Website and by providing the personal information recorded above required for the use of these services, the User expressly consents to the transfer of his / her personal data to the delivery company delivering the goods.
The legal basis for the transfer of data: is based on the consent of the person concerned.
Scope of data managed: Name (Surname, First name, Company name), Address (Street, house number, floor, door, city, country, postal code), Phone number, E-mail address.
The purpose of the data transfer is to: Deliver the products ordered by the User, and enable the related administration and contact.
The duration of the data management: until the fulfilment of the purpose of the data management or until the withdrawal of the User’s consent, in the absence of such for 10 years from the date of data collection.
The Data Manager keeps a Transmission Register of the transmitted data, which includes all data transfers by the company.
For the purpose of controlling the legality of the transfer of data and to inform the person concerned, the Data Manager shall keep a record of the data transmission of the personal which contains the date of transfer of data it manages, the legal basis and the addressee of the data transfer, the determination of the scope of the personal data transferred and other data specified in the law providing for data processing.
Our website is tailor-made for the User and can use “cookies” for convenience features. If you use “Cookies”, the following data will be logged when visiting the Website: the date of the visit, user browser data, IP address, operating system and language settings. These data are not linked to other personal data by the Data manager, they are for statistical purposes only.
Users’ rights regarding management of personal data, exercise of rights and legal remedy options
The User has the right to request information from the Data Manager for handling his / her personal data, in addition, the User may request the rectification of his / her personal data as well as the cancellation or blocking of his / her personal data.
The User is entitled at any time to request written information on the contact details given in this Declaration of Data protection about the personal data relating to the data managed by the Data Manager and to request them to be modified at any time by the Data Manager. The Data Manager shall provide the requested information within 30 days of the submission of the application.
If the User requests it in writing, the Data manager shall provide information about the data managed by Data Manager or- if any- processed by the data processor entrusted by it, or entrusted by its provisions.
In addition, on the basis of such a request, the Data manager provides written information on the source of the personal data he manages, the purpose, legal basis, duration of the data processing, the name, address of the data processor, the circumstances, effects and measures taken to remedy the data incident, and- in the case of transmission of the personal data of the person concerned- the legal basis and the addressee of the transfer.
Please note that in the case of a postal request, the Data manager will be able to send a reply to the User by post, in writing, by mail, provided that the User indicates the postal address for answer of the User on the request.
The information provided in paragraph (4) is free of charge if the person requesting the information has not yet been filed a request with the data manager for the same data field in the current year. In other cases, reimbursement can be made. The amount of reimbursement may also be fixed by a contract between the parties. The reimbursement already paid should be refunded if the data was unlawfully handled or the request for information resulted in a correction.
The User is also entitled to request the deletion of his/her data, by the written request addressed to the Data Manager, the contact details given in the Data Manager below.
The user is entitled to request information, modification or deletion at the following contact addresses:
Mailing address: 1088 Budapest, Rákóczi út 49.
E-mail address: email@example.com.
The User is entitled at any time to request to have corrected or deleted its data which changed or was recorded incorrectly. The Data Manager shall within the reasonable time, but no later than 30 days after the receipt of the request, shall delete or modify the data indicated by the User.
We will inform you that the deletion does not apply to the data processing required under the law (eg accounting rules), which are kept by the Data Controller for the required period of time by law.
Instead of deleting, the data manager will block the personal data if the data subject so requests or if, on the basis of the information available to it, it is assumed that the deletion would harm the legitimate interests of the data subject. Personal data block such way can only be handled as long as there is a data management purpose that excludes the deletion of personal data.
If the User feels that his or her personal data processing rights may be violated, please notify us in writing of the contact details given above!
In the case of infringement of personal data managed, the User shall notify the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) based on Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (Address of the Authority: 1125 Budapest, Szilágyi Erzsébet fasor 22 / C, Postal Address: 1530 Budapest, P.O. Box 5) may ultimately exercise its rights in court. The tribunal court has jurisdiction over the lawsuit.
Compliance with the law
Regarding the preparation of this Declaration of Data protection and during managing the personal data of Users, the Data manager shall comply fully with all applicable Hungarian legislation and with due regard for the relevant EU standards.
The Data Controller keeps in mind the information provided in particular in the following laws:
- Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (Hereinafter „Privacy Act”)
- Act CVIII of 2001 on certain issues of electronic commerce activities and information society services (particularly 13/A §)
- Act XLVII of 2008 on the Prohibition of Unfair Commercial Practices against Consumers
- Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (particularly 6. §)
- Act C. of 2003 on electronic media (particularly 155. §)
- Opinion 16/2011 on the EASA/IAB Best Practice. Recommendation on Online Behavioural Advertising.