Please find below the data protection and data management principles and practice of the todobudapest.com web shop.

Valid from July 25th, 2018

I. The todobudapest.com web shop hereby publishes its privacy and management principles and policies

- which he recognises with binding force on himself. In the elaboration of these rules, we have taken particular account of the provisions of Act LXIII of 1992. Act on the Protection of Personal Data and the Publicity of Public Data, Act on the Protection of Individuals in the Processing of Personal Data in the Strasbourg Convention of 28 January 1981, and the "ONLINE PRIVACY ALLIANCE" recommendations.

The purpose of this communication is to ensure that all rights and fundamental freedom, in particular your privacy, are respected in all aspects of our services, regardless of your nationality or place of residence, in the processing of your personal data (data protection).

II. Terms of reference in the application of this notice:

Personal data: the particular person (hereinafter referred to as 'concerned'), associated data, can be deducted from the data, conclusions concerning him. Personal data preserves this quality while processing it as long as its connection can be restored with the affected person;

Special Data:

(a) racial origin, national, national and ethnic origin, political opinion or party affiliation, religious or other beliefs,

(b) personal data relating to health status, abnormal passion, sexual life and criminal record;

(c) data management: collection, recording, storage, processing and use (including transfer and disclosure) and deletion of personal data regardless of the method used. Data management is also a matter of changing data and preventing further use;

(d) data processing: the data management operations, technical tasks, irrespective of the method and means, the place of application used to perform the operation;

(e) transfer of data: where the data is made available to a specific third party;

(f) Disclosure: where the data are made available to anyone;

(g) "data controller" means a natural or legal person or an organisation without legal personality that determines the purpose of the processing of personal data, makes and executes data management decisions, or entrusts execution with a data processor. In the case of mandatory data handling, the purpose and the conditions of data management and the data controller are defined by the law on data management or the municipal decree;

(h) data processing means any natural or legal person or organisation without legal personality who or which processes personal data on behalf of the data controller;

(i) data deletion: making data unrecognisable in such a way that their recovery is not possible;

(j) automated data file: a line of data to be processed automatically;

(k) machine processing: involves the following operations when implemented in whole or in part by automated means: storage of data, logical or arithmetic operations with data, modification, deletion, retrieval and dissemination of data.

III. Data quality, ie personal data requirements for machine processing:

(a) data must be obtained and processed only in a fair and legitimate manner;

(b) the data may only be stored for specific and legitimate purposes and may not be used otherwise;

(c) the data must be proportionate to the purpose for which they are stored and must comply with this objective and may not extend beyond that;

(d) the data must be accurate and, if necessary, timely;

(e) the method of storing the data shall be such as to permit the identification of the data subject for the time necessary for the purpose of storage,

(f) personal data relating to racial origin, political opinion, religious or other beliefs or health and sexual life can not be processed automatically unless the domestic law provides adequate safeguards. This also applies to personal data relating to criminal convictions,

(g) appropriate security measures shall be taken to prevent the accidental or unlawful destruction or accidental loss of unauthorised access, alteration or dissemination in order to protect the personal data stored in automated files.

IV. Additional Warranties for Data Protection:

Everyone has the right to

(a) to become aware of the automated personal data file, its main purposes and the person and habitual residence or seat of the data controller;

(b) be informed at reasonable intervals and without excessive delay or expense of keeping personal data in an automated file and informing them in a comprehensible manner;

(c) where appropriate, rectify or delete such data in the simplest and most expedient manner possible;

(d) be entitled to seek remedies if they fail to comply with the requirement of disclosure, correction or cancellation in the information provided for by law or, where appropriate, At the request of the data subject concerned, the data controller shall provide information on the data processed by the processor or the processor he entrusts with him, the purpose, legal basis, duration of the data processing, the data processor's name, address (domicile) and data management related activities and who and for what purpose received or received the data. The data controller shall provide the information in writing and in a shorter form within a maximum of 30 days from the submission of the request. In the event of violation of the rights of the data subject concerned, the controller may turn to the court. The data controller is obliged to compensate for any damage caused to others by unlawful handling of the data concerned or breach of the technical data protection requirements. The data controller is also responsible for the damage caused by the data processor to the data subject. The data controller is exempt from liability if he or she proves that the damage was caused by an unavoidable cause outside the scope of data management. There is no need to reimburse the damage in so far as it is due to the intentional or gross negligence of the injured party.

Personal data can be handled if

(a) the person concerned agrees or

(b) it is ordered by law or by a decree of the local government based on the authorization of the law, within the scope specified therein. A law may order the disclosure of personal data in the public interest, with the explicit indication of the scope of the data. In all other cases, disclosure is required by the consent of the person concerned, and in case of special data, written consent. In case of doubt, it must be presumed that the party concerned has not given his consent. The consent of the person concerned shall be deemed to be given in respect of the data which he has communicated or made available for disclosure during the public service of the person concerned.

Objectivity of data management:

Personal data can only be handled for a specific purpose, in order to exercise the right and to fulfill obligations. At all stages of the data handling, it must meet this goal. Only personal data that is essential for achieving the purpose of data management can only be used to reach the goal only to the extent and time necessary to attain it.

Data transfer, linking data management:

The data can be transmitted and the different data management can be linked when the party concerned has consented to it or if the law allows it and if the terms of the data are met for each personal data.

Data security:

In the data controller or its activities, the data processor must ensure the security of the data, and must also undertake the technical and organisational measures and develop the procedural rules necessary to enforce this law and other data and confidentiality rules. Data, in particular personal secrets classified as state secret and service secret, must be protected against unauthorised access, alteration, disclosure, deletion, or damage or destruction.

V. Privacy Policy:

Todobudapest.com undertakes to publish a clear, alert and unambiguous communication prior to the inclusion, recording and handling of any data of its users, informing it of the method, purpose and principles of data collection. In addition, whenever data collection, treatment or recording is not made mandatory by law, atodobudapest.com draws the user's attention to the volunteering of the data supply. In the case of mandatory data provision, you must also indicate the law on data management. The data subject shall be informed of the purpose of the data management and of the data to be processed and processed. Information on data management is also provided by the fact that legislation provides for the retrieval of the data from the existing data management by transmission or interconnection.

In all cases where the data provided by todobudapest.com is intended for use other than the purpose of the original record, it informs the user and obtains his / her prior express consent or gives him the opportunity to prohibit the use.

During the recording, recording and handling of the data, the basic restrictions are always respected, and the activity of the data subject is communicated by electronic mail. Todobudapest.com commits itself to not impose any penalty on a user who refuses to provide non-mandatory information.

Todobudapest.com commits itself to ensuring the security of the data, also taking the technical and organisational measures and establishing the procedural rules that ensure that the data being recorded, stored or managed is protected or preventing their destruction or unauthorised use and unauthorised alteration. It also commits any third party to whom the data may be transmitted or handed over, also calling for its fulfilment of this obligation.