Polityka prywatności

Privacy notice

On the processing of personal data of Clients

Preamble

The Data Subject must be notified about the processing prior to the start of processing. If requested, the Privacy Notice must be made available to the Data Subject in electronic or paper form. As for the management of the contracting process, if, after contracting, the Data Subject objects to processing, this may result in the cancellation of the contract.

Processing the personal data of Clients

In compliance with the provisions of Act CXII of 2011 on Informational Self-Determination and Freedom of Information and Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as: General Data Protection Regulation or GDPR), ATTRACT Kft. as the Data Controller hereby notifies its Clients about the processing of their personal data.

The Controller

Company name of the Controller:                           ATTRACT Kft.

Address of the Controller:                                          H-7622 Pécs, Siklósi út 1/1.

Tax number of the Controller:                                   11777364-2-02

Company registration no. of the Controller:            02-09-066227

Telephone number of the Controller:                       +36 72 551 642

E-mail address of the Controller:                               customerservice@nosiboo.com

Name of the data protection officer (if any):            –

Contact details of the data protection officer:         –

Categories of data processed, the purpose and legal basis of processing

Description of personal data Purpose of processing Legal basis of processing
Surname and first name, telephone number Getting in touch, calling back and answering the caller’s questions Article 6, paragraph (1), item (a) of Regulation (EU) 2016/679 of the European Parliament and of the Council (after the Data Subject has given their voluntary, explicit and prior consent based on information provided thereto)
Surname and first name, telephone number Getting in touch, answering the e-mail of the sender Article 6, paragraph (1), item (a) of Regulation (EU) 2016/679 of the European Parliament and of the Council (after the Data Subject has given their voluntary, explicit and prior consent based on information provided thereto)
Surname and first name, billing and shipping address Conclusion of the sales contract, fulfilment of the order, invoicing and delivery (purchase without registration), and invoicing of the repair fees for non-warranty repairs Regulation (EU) 2016/679 of the European Parliament and of the Council (EU) Article 6, paragraph (1), item (b) to (c) (performance of contractual and legal obligations), Section 169, item (c) of Act CXXVII of 2007 on Value Added Tax and Section 167, paragraph (1), items (a) to (j), and Section 169, paragraph (1) of Act C of 2000 on Accounting
Profile picture, comments, likes Communication with visitors on the Data Controller’s own Facebook page Article 6, paragraph (1), item (a) of Regulation (EU) 2016/679 of the European Parliament and of the Council (after the Data Subject has given their voluntary, explicit and prior consent based on information provided thereto)
Surname and first name, e-mail address eDM registration by ticking the appropriate box Article 6, paragraph (1), item (a) of Regulation (EU) 2016/679 of the European Parliament and of the Council (after the Data Subject has given their voluntary, explicit and prior consent based on information provided thereto)
Surname and first name, e-mail address, shipping address, telephone number Customer service: all operations related to the order of the Data Subject (sales, marketing, technical coordination, logistics, accounting, etc.), return of the repaired equipment if necessary Customer service is a service provided by the Controller as part of the contract with the Data Subject, for the performance of which the Controller processes the personal data of the Data Subject for the performance of the contract pursuant to Article 6, paragraph (1), item (b) of Regulation (EU) 2016/679 of the European Parliament and of the Council.
Surname and first name, e-mail address Filling in a post-purchase marketing questionnaire for a discount coupon Article 6, paragraph (1), item (a) of Regulation (EU) 2016/679 of the European Parliament and of the Council (after the Data Subject has given their voluntary, explicit and prior consent based on information provided thereto)

In addition to the above, the personal data of the Data Subject may also be accessed by employees of the Controller to the extent and for the duration necessary for the performance of their duties at work.

Facebook page

The Data Controller operates a Facebook page in order for the Data Controller, as an entrepreneur, to inform its followers about its activities from time to time. The Facebook page also contains advertisements and prize draw invitations relating to the Controller as an undertaking and to the offers of the Controller’s partners.

The personal data generated on the Facebook page (first and last name, possibly profile picture, comments) – similar to contact by phone or e-mail – are processed by the Data Controller with consent in order to contact your followers, pursuant to Article 6, paragraph (1), item (a) of Regulation (EU) 2016/679 of the European Parliament and of the Council.

Using cookies on the website

Cookies are information packages consisting of letters and numbers, sent by websites to the browser of the user to

  • save certain settings,
  • make it easier to use the website, and
  • help the operator of the website – the Data Controller – to collect some important statistical information about visitors.

The cookies do not contain personal information and cannot be used to identify the user individually. Cookies often contain a unique identifier, a secret, randomly generated sequence of numbers, that is stored on the website visitor’s device. Some cookies are deleted after the website is closed and some are stored on the website visitor’s device for a longer period of time.

Users can forbid all cookie-related activities and delete data files placed during their previous visits. The user’s browser will provide instructions on how to do this.

When certain parts of the website are downloaded, the Data Controller automatically places small data files, sometimes containing personal data of the visitor, on the visitor’s computer via Google Analytics, a visitor analytics software operated by Google Ireland Ltd (“Google”). This is notified to the user when they first visit the site, and the Data Controller asks for their consent, in accordance with current legislation.

The data files are necessary for the operation of certain functions of the website, and the information is transferred to the operator. For more information on the exact names of these data files (_ga, _gat, _gid), see the table below. Google Analytics stores the IP number obtained through the browser anonymously and cannot link it to the user. The data is kept for 2 years, which period will start again if a new event occurs in relation to the user.

By clicking on the links below, the user can find out how to access the cookie management menu for the most commonly used browsers (Mozilla Firefox, Google Chrome, Internet Explorer):

Google Chrome

Firefox

Internet Explorer

Safari

Browser programs accept cookies by default, but you can also choose to reject cookies automatically, or to indicate when they are received.

Detailed information about the cookies used by the website is provided in the attached table.

Details of the cookies used on this website

CATEGORY: Cookies necessary for operation

Functional cookies allow the visitor to use the website as intended (for example: to navigate the site or to visit secure parts of the website). Without functional cookies being enabled, the website cannot function properly.

NAME SERVICE PROVIDER and TYPE FUNCTION DURATION
gdpr[necessary cookies] en.nosiboo.eu HTTP Checks whether the visitor has accepted the cookie consent box. 1 year
gdpr[necessary cookies] en.nosiboo.eu HTTP Checks whether the visitor has accepted the cookie consent box. 1 year
gdpr[consent] en.nosiboo.eu HTTP Checks whether the visitor has accepted the cookie consent box. 1 year
gdpr[consent] en.nosiboo.eu HTTP Checks whether the visitor has accepted the cookie consent box. 1 year
test_cookie doubleclick.net HTTP Checks whether the visitor has accepted the cookie consent box. 1 year

Details of the cookies used on this website

CATEGORY: Statistical cookies

Statistical cookies help the site operator to understand visitors’ interactions by collecting anonymised data.

NAME SERVICE PROVIDE and TYPE FUNCTION DURATION
_dc_gtm_UA-# en.nosiboo.eu HTTP Used by Google Tag Manager to control the loading of a Google Analytics script tag. 1 day
_ga en.nosiboo.eu HTTP Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 2 year
_ga nosiboo.eu HTTP Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 2 year
_ga_# nosiboo.eu HTTP Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 2 year
_gid en.nosiboo.eu HTTP Google Analytics uses it to slow down the speed of your query. 1 day
_hjAbsoluteSessionInProgress nosiboo.eu HTTP Used by HotJar to detect the work process of the user’s first view. It contains a true/false sign set by the cookie. 1 day
_hjFirstSeen nosiboo.eu HTTP Identifies the new user’s first work process on the website and indicates if the user is detected by HotJar for the first time at the website. 1 day
_hjid en.nosiboo.eu HTML Used by HotJar to generate a random user ID for the visitor. This ensures that the same user is assigned the same ID in case of subsequent visits to the same site. Persistent
_hjid nosiboo.eu HTTP Used by HotJar to generate a random user ID for the visitor. This ensures that the same user is assigned the same ID in case of subsequent visits to the same site. 1 year
_hjIncludeInPageviewSample en.nosiboo.eu HTTP A HotJar cookie connected to the web analytic features and services of HotJar. It uniquely identifies visitors in a single browsing work process and indicates how they appear in the audience sample. 1 day
_hjTLDTest nosiboo.eu HTTP HotJar is an analytics and feedback tool used to understand how our website is used and to improve usability. HotJar uses cookies to track visitors’ interactions on the website. Cookies do not contain any personal identification. Session

Details of the cookies used on this website

CATEGORY: Marketing cookies

Marketing cookies collect information about the content a visitor reads. The purpose of cookies in this category is to allow the website operator to display relevant content and advertisements to the visitor, thereby enhancing user experience on the website.

NAME SERVICE PROVIDER and TYPE FUNCTION DURATION
_fbp nosiboo.eu HTTP Facebook uses it to show ads that are relevant to the visitor. 3 months
_gcl_au nosiboo.eu HTTP Used by Google AdSense to measure the effectiveness of advertisements. 3 months
IDE doubleklick.net HTTP Used by Google DoubleClick to record how visitors respond to the ads shown to them. Its purpose is to measure the effectiveness of ads. 1 year

Details of the cookies used on this website

CATEGORY: Unclassified cookies

Unclassified cookies are data packages individually developed by the website operator.

NAME SERVICE PROVIDER and TYPE FUNCTION DURATION
display_nosiboo_sites nosiboo.eu HTTP Depending on the user’s location (country), the relevant subdomain is displayed to the user. 1 year

Withdrawal of consent

The Controller’s processing (as defined above) is based on consent for the following operations:

  • contact by telephone or e-mail;
  • subscribing to eDM (electronic direct marketing message);
  • producing visitor statistics;
  • managing comments and likes on the Facebook page.

The consent given by the Data Subject may be withdrawn at any time, as simply as the consent had been given. In the case of contacting, the Controller will ask the Data Subject to request the deletion of their data by sending a short message to customerservice@nosiboo.com. The processing prior to the withdrawal of consent is considered lawful.

The contractual and legal obligation

The Data Controller is legally obliged to issue an invoice for the service with specific data content, so the keeping of billing data and the issuing of the invoice is a legal obligation. If the Data Controller does not receive the legally required data from the Data Subject, it cannot provide the service contracted. The legal basis for the processing is the fulfilment of the legal obligation of the Controller pursuant to Article 6, paragraph (1), item (c) of Regulation (EU) 2016/679 of the European Parliament and of the Council, Section 169, item (c) of Act CXXVII of 2007 on Value Added Tax, and Section 167, paragraph (1), item (a) to (j), and Section 169, paragraph (1) of Act C of 2000 on Accounting.

The Data Controller draws the attention of the Data Subject to the fact that during the period of archiving the records and documents relating to the contract of sale, the Data Controller cannot ensure the Data Subject’s right to erasure.

Duration of data processing (storage)

  • Surname and first name, billing address: for companies, the current year + 8 years, which is fixed by law (Section 169, paragraph (1) of Act C of 2000 on Accounting).
  • In the case of cookies from the website, until the cookie expires or until the user deletes it from their browser (24 months for GA traffic statistics).
  • In the case of a Facebook page operated by the Controller, until the Data Subject’s consent is withdrawn (by clicking the “Like” button again).
  • Unsubscribing from eDM: by clicking on the “Unsubscribe” button in the eDM, as simply as subscribing had been made.

Profiling during data processing

No profiling is being performed during data processing.

Automated decision-making during data processing

No automated decision-making is being performed during data processing.

Source of the personal data processed

The personal data processed by the Controller come directly from the Data Subject.

Other data processing

The Data Controller shall provide information on the processing of data not listed in this notice at the time of recording the data. The Controller informs the Data Subject that the authorities and other bodies authorised by law may contact the Controller for the purpose of providing information, communicating or transmitting data or documents. However, in this case, the Controller shall disclose personal data only to the extent strictly necessary for the purpose of the request.

Data are transferred to:

Category Company name, registered seat, activity
Processors (entities performing the technical tasks related to processing operations) Erste Bank Hungary Nyrt. (seat: H-1138 Budapest, Népfürdő utca 24-26.) – Account management Pintér-Audit Könyvvizsgáló Kft. (seat: H-7634 Pécs, Kovács Béla utca 6.) – Accounting KBOSS.hu Kft. (seat: H-1031 Budapest, Záhony utca 7/C) – szamlazz.hu account K3NET Kft. (seat: H-7634 Pécs, Kétágú utca 7) – Webshop operation Réder & Réder Kft. (seat: H-7624 Pécs, Jurisics Miklós utca 5. 3. em. 8) – System administrator and hosting services DIGI Távközlési és Szolgáltató Kft. (seat: H-1134 Budapest Váci út 35.) – Fixed-line internet services MiniCRM Zrt. (seat: H-1075 Budapest, Madách Imre út 13-14.) – Customer relationship management software Microsoft Ireland Operations Ltd. (One Microsoft Place, South County Business Park Leopardstown Dublin 18, D18 P521 / Microsoft Corporation, 15010 NE 36th Street, Microsoft Campus Building 92, Redmond, WA 98052) – MS Office365 provider Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02X525, Ireland) – Running the Facebook page of the Data Controller, receiving Messenger messages, running targeted Facebook campaigns Google Ireland Limited (Legal Department Gordon House, Barrow Street, Dublin 4, Dublin, D04E5W5, Ireland) – Production of visitor statistics Hotjar Ltd (Dragonara Business Centre. 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141. Malta) – Production of visitor statistics The Rocket Science Group LLC (Atlanta, GA, 675 Ponce De Leon Ave NE #5000, United States of America – sending eDm Telenor Magyarország Zrt. (seat: H-2045 Törökbálint, Pannon út 1.) – Management of company fleet telephones
Processors (entities performing the technical tasks related to processing operations) Magyar Telekom Nyrt. (seat: H1097 Budapest, Könyves Kálmán krt. 36.) – Provision of fixed telephone services
Recipients (the natural or legal person, public authority, agency or any other body with whom or to which the personal data are disclosed) GLS General Logistics Systems Hungary Csomag-Logisztikai Kft. (seat: H-2351 Alsónémedi, Európa u. 2.) – Home delivery of parcels UPS Magyarország Szállítmányozó Kft. (seat: H-2220 Vecsés, Lőrincz út 154. Airport City Logistics Park, G. épület) – Home delivery of parcels B2C Europe (Netherlands) B.V. (seat: Zuiderzeelaan 80, Weesp 1382 JW, the Netherlands) – Postal parcel delivery for returned goods from EU Member States
Third (non-EU) countries Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02X525, Ireland) – Operating the Facebook page of the Data Controller, processing Messenger messages, implementing targeted Facebook campaigns Google Ireland Limited (Legal Department Gordon House, Barrow Street, Dublin 4, Dublin, D04E5W5, Ireland) – Preparing visitor statistics The Rocket Science Group LLC (Atlanta, GA, 675 Ponce De Leon Ave NE #5000, United States of America – sending eDm Microsoft Ireland Operations Ltd. (One Microsoft Place, South County Business Park Leopardstown Dublin 18, D18 P521 / Microsoft Corporation, 15010 NE 36th Street, Microsoft Campus Building 92, Redmond, WA 98052) – MS Office365 provider

Joint processing

Category Company name, registered seat, activity
Célzott marketingkampányok kivitelezése Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02X525, Ireland) – Operating the Facebook page of the Data Controller, implementing targeted Facebook campaigns

Access to data and data security measures

Restriction of access: Documentation containing personal data is handled with appropriate security measures in place, and the scope of persons authorized for access is restricted. In the context of company processes, documentation containing personal data is stored separately in a structured system. Hardcopy documentation is stored in a lockable office. The office is equipped with an alarm system for property protection and personal safety purposes.

Data security measures: A business e-mail system is used in the data processing process. Cloud-based storage is protected by access right management and password protection. Data are transferred to controllers via this platform. The network is protected by virus protection and firewalls. Security backups are made at regular intervals. Personal data are stored in a structured system, in the software used by the company. Central password and access right management is in place.

The Data Controller shall choose the IT tools it uses in such a way that the data processed are accessible to those authorised to access them, their authenticity is ensured, their integrity is verifiable, and they are protected against unauthorised access.

The Data Controller’s IT system and network are protected against computer fraud, espionage, sabotage, vandalism, fire and flood, computer viruses, computer intrusions and attacks that could lead to denial of service. The Data Controller ensures security through server-level and application-level protection procedures.

Electronic messages transmitted over the internet, regardless of the protocol (e-mail, web, ftp, etc.), are vulnerable to network threats that could lead to fraudulent activity or the disclosure or modification of information. The Controller shall take all reasonable precautions to protect against such threats. It monitors systems in order to record any security discrepancies and to provide evidence of any security incidents. However, it is well known – and therefore, known to those concerned – that the internet is not 100% secure. The Data Controller is not liable for any damage caused by an indefensible attack, despite the utmost care.

Rights of the Data Subject

Right to request and receive information – The Data Subject has the right to request and receive information on the method of personal data processing prior to the start of processing.

Right to rectification – The Data Subject has the right to request the rectification of personal data, if the personal data stored at the Controller are untrue or incorrect and they can prove this.

Right to access – The Data Subject has the right to request from the Controller the personal data stored concerning the Data Subject.

Right to data portability – The Data Subject has the right to request the personal data stored concerning them digitally, in a table form.

Right to review automated decision-making – The Data Subject has the right to request the manual review of all processes where the Controller has used automated decision-making with legal effect concerning the Data Subject.

Lodging complaints

The Data Subject has the right to lodge complaints with the data protection authority. The Data Subject may turn to the Hungarian National Authority for Data Protection and Freedom of Information as follows:

Name:                                    Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH) [HungarianNational Authority for Data Protection and Freedom of Information]

Seat:                                       H-1055 Budapest, Falk Miksa utca 9-11.

Postal address:                      H-1374 Budapest, Pf.: 603.

E-mail:                                    ugyfelszolgalat@naih.hu

Telephone number:              +36 (1) 391-1400

Fax number:                          +36 (1) 391-1410

Website:                                https://naih.hu

Legal remedy

The provisions on legal remedy are set out in Act CXII of 2011 on Informational Self-Determination and Freedom of Information.

If the Data Subject has objected to processing, the Controller investigates the objection within the shortest time possible from the submission of such request, but within 15 days at the latest, makes a decision on the substantiation of the request and informs the applicant of the decision in writing. If the Data Subject does not agree with the decision made by the Controller, or if the Controller fails to observe the above due date, the Data Subject has the right to turn to the court within 30 (thirty) days of the communication of the decision or from the deadline specified.

In the event of the violation of their rights or in the above cases, the Data Subject may file action with a court against the Controller. The court proceeds in the action as a matter of urgency. Alternatively, such proceedings may also be brought before the court competent according to the Data Subject’s residence or place of stay. Entities or persons that otherwise have no legal capacity may also be parties to the court action. The data protection authority may intervene in the proceedings in the interest of a ruling in the Data Subject’s favour.

The Controller shall compensate for any and all damage caused by the unlawful processing of the Data Subject’s data or a breach of the data security requirements. If the Controller violates the Data Subject’s privacy through the unlawful processing of the Data Subject’s data or a breach of the data security requirements, the Data Subject may claim compensation from the Controller. The Controller is also liable for damage caused to the Data Subject by the processor, and the Controller shall also pay the Data Subject compensation for any breach of the Data Subject’s personal rights by the processor.

The Controller is released from the liability for the damage caused and the obligation to pay compensation for personality rights breach if the Controller can prove that the damage was caused or the Data Subject’s personal rights were violated due to a cause beyond its reasonable control and the scope of processing. The damage shall not be paid and no compensation may be claimed if the damage was caused or the violation of rights caused by the violation of the personality rights arose from the wilful misconduct or gross negligence of the Data Subject.

Date and place of entry into force: Pécs, 09 November 2021

You seem to be browsing from outside the EU.
You might find the content on our International site more relevant.