PRIVACY POLICY

You are reading the privacy statement (hereinafter referred to as “Prospectus”) of the http://www.econtest.hu website now (hereinafter referred to as "Homepage" or “Website”). This Prospectus should be applied to the personal data of the visitors of this Homepage, and to the personal data of the users of this Homepage (hereinafter referred to as "You and Your Data"), which are handled as follows by the EOX Kft. (hereinafter referred to as EOX).

Please read this statement carefully in order to understand how we manage your personal data and to will be informed about your data management related rights.

Data of the Data Controller:

Company name: EOX Kft.
Headquarter: no. 57/A/1., Francia út, Budapest 1146

Contacting:

E-mail: info@eox.hu
Data protection officer: the data controller is not obliged to appoint a Data Protection Officer under Article 37 of the Regulation
Privacy claims: If you have any questions or claims about the data management, you can submit your petition by post office or you can send it via e-mail to the e-mail address of the Data Controller. We are going to reply without delay, or maximum within 30 days, by sending our answer to the address you have requested.

The Prospectus contains the following information:

  1. How do we collect and store your personal data?
  2. Whom may we share your personal data with?
  3. How do we protect your personal data?
  4. Your rights
  5. Amendments
  6. Contact us!

1. How do we collect and store your personal data?

Personal data is the data that may be associated with the affected one, - including the name and email address of the person concerned -, as well as the conclusion that may be deduced from the data.

We manage your data for purposes listed in the Prospectus. For the collection of personal data using cookies, please refer to the additional information laid down in Part 1, point F. While we manage your data, we observe the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter the „Regulation”). While we manage your data, we observe as well the Act no. CXII of 2011 on the freedom of informational self-determination and freedom of information (hereinafter referred to as ”Infotv.”).

The expressions used in this Prospectus shall be interpreted in accordance with the terms defined in the interpretative provisions of the Regulation.

This Homepage stores information in several different systems on search results, on its visitors, on contact informations, and on customer informations in order to we could serve our potential present and future users in the best way. Some of the data are used for organizing contests (competentions), for raffles, for keeping in touch, while other data are used in market segmentation or in profiling, taking part in the above-mentioned merely by your registration or/and by participating in raffles (hereinafter participation for any purposes referred to as: Participation). Below, we provide information on the types of data we store and inform you of why we need them.

This Homepage must not be used by children under the age of 18 years.

For the authenticity and accuracy of the personal data, only that person who uses the Services of this Homepage is responsible. We do not take any responsibility for any deficiencies in the disclosure of information or any consequences resulting from incorrect data, we expressly excluded our responsibility in this regard.

We reserve the right to change or discontinue any content, title or availability of this Homepage at any time without prior notice. We reserve the right to change its appearance, content, syllabus, or operation at any time without prior notice. These changes do not affect the purpose of the data managing listed here and do not affect the data managing contribution.

Regarding all data management governed by the conditions set out in this Prospectus, we can declare that: the data that have been deleted by you or by your request are not going to be treated anymore and going to be removed from its database.

A. HOMEPAGE PROFILE ACCOUNTS AND RELATED CONTESTS (COMPETITIONS), RAFFLES

Certain features of the Homepage can be used only by registration, by which you create a personal profile and as a result: personal data is collected and managed.

In order to access your own profile account and to participate in contests (competitions), and in online raffles organized by EOX, we store your e-mail address and your name, as well as you are allowed to upload any images to the avatar shield, so that image is also stored.

In order to ease your registration, we provide you several different ways. We verify the authenticity of your e-mail address by the system messages sent with your consent and we verify it by external service providers, in the case of all e-mail address related, Facebook related and Google related registrations. Verifying the authenticity of the e-mail address does not result in data managing. When signing up via Facebook and Google Account, personal data – as personal data are defined in the privacy statement of Facebook Inc. and Google Inc. - will be transmitted to the Company with your voluntary consent in compliance with the privacy policy of the Facebook Inc. and Google Inc.

The online contests (competitions) and raffles are performed on this Homepage or on its sub-pages ordered by the third party (hereinafter referred to as the "Promoter"). We would like to inform you that - while competing (tenders) and raffling - the circumstances and conditions of data managing, the purpose of it, the duration of it, the legal basis of it, the possibility of correction, the group of those data managers who entitled to become aware of personal data, and the data processor are laid down in that participation and data management regulations what is applied in the concerned competition (tender) or raffling.

If you compete in contests (competitions), or in raffles executed by the EOX on behalf of the Promoter, you will be allowed to enter a competition (tender) or raffle only if you had accepted the Participation and Data Management Rules and by this acceptation you automatically give your contribution to the transfer of your data to the Promoter.

The legal basis of data managing is the Article 6 (1) (a) of the Regulation regarding to your consent.

Duration of data managing: If the e-mail address is not verified, we manage your data for 16 days; if the e-mail address is verified, we manage your data for 2 years after the last activity of your profile/account (for example the last time since you used the Homepage, the last time since you were reading or were clicking on the system notification message or since your last entry), or we manage your data until the termination of your registration, including that if you request its deletion.

B. DIRECT MARKETING, NEWSLETTERS

Direct marketing (direct marketing, hereinafter referred to as "e-DM") is the activity of all information giving activities conducted by the method of direct inquiry, what is aimed to transmitting business advertising that is directly related to sale of goods, to promotion of goods or services to consumers or commercial partners (such as for example, our own offers, inquiries and newsletters containing our services, or inquiries contained third-party offers, newsletters).

The legal basis for data managing is Article 6 (1) (a) of the Regulation regarding to your consent, but you are entitled at any time to decide to withdraw your consent.

The duration of the data managing: until the withdrawal of your consent, or 2 years after your last activity in your profile (for example the last time since you used the Homepage, the last time since you were reading or were clicking on the system notification message or since your last entry).

I would like to remind you that maximum 24 hours is needed after withdrawing your consent to be guaranteed not to receive more inquiries on which you have unsubscribed before.

The fact and the date of the unsubscription is recorded in such a way that the former personal data cannot be recovered, but when specific data are given, the unsubscription can be provided.

If you are not willing to get offers from us in the future, you can unsubscribe via e-mail to info@eox.hu e-mail address, or by post to no. 57/A/1., Francia út, Budapest 1146 postal address.

C. CONTACT FORMS AND COMPLAINT HANDLING

In order to respond to your questions and comments via contact form, the email address and name should be given.

In case of complaint handling the purpose of the data management is to handle hand-written or e-mail formatted complaints, documenting your name, the exact time of the complaint and the content of complaint, as well as documenting the information given by us about the complaint with the purpose of retrieval.

The legal basis of data managing is laid down in Article 6 (1) (f) of the Regulation concerning that in the case of the absence of such information, we cannot contact you and cannot answer your question. In the case of complaint handling the legal basis of data managing is laid down in Section 17/A. § of the Act, called Fgytv. (Fgytv. is the abbreviated name of an act).

The duration of data management is 2 years. According to the Section 17/A. § (7) of the Act, called Fgytv. (Fgytv. is the abbreviated name of an act), the complaint and the copy of the response which were given by us to the complaint will be kept for 5 years and will be presented to the controlling authorities upon their request.

D. SOCIAL MEDIA

Our Homepage also uses so-called “social media functions” that allow our visitors to view shared content in social media, share a website or bookmark a website. These contents or links point to those community media that are independent from us, and may collect data about your browsing activity on the Internet, including on this Homepage. In addition to this, we deliver our content to our target audience via social media. Our goal is to promote some of the contents, services, promotions of our Homepage, or sharing, promoting, liking the Homepage itself.

The legal basis for data managing is Article 6 (1) (a) of the Regulation regarding your consent to managing your personal data on social networking sites.

About the source of the data, about the method of transferring, and about the legal basis, you can be informed by the concerned social networking site.

Data management is realized on the social networking sites, so the duration of the data handling, its methods, and the possibilities of the data deletion and data modification are ruled by the regulation of the given community site.

E. OTHER REQUESTS BASED ON THE LEGITIMATE INTEREST OF THE COMPANY

We are sending inquiries in the form of system messages, that are sent to you in order to service your interest by giving you up-to-date information about the services provided by us, about the operation of the Homepage, about the online contests (competitions) and raffles, and in order to check the quality of the services for the reason of operation related customer satisfaction of this Homepage.

You cannot unsubscribe from the above-mentioned system messages.

Scope of managed data: name, e-mail address.

Legal basis of data processing: Article 6 (1) (f) of the Regulation, so the legitimate interest of the data controller.

Duration of data management: until achieving the goal.

F. COOKIES

We are operating this Homepage for the eContest service, where automatic data collection (cookies, Google Analytics, etc.) is implemented. You can view the detailed cookie policy by clicking here.

On the Homepage, data management is executed with the purpose of recording the visitor information during your visit in order to control the operation of the service and to prevent abuses.

Managed Data Range: Your IP address, the type of operating system and the browser you are using, the URL of the provided services related pages visited by you and the time of the visit.

Legal basis of data managing: the contribution of the concerned person based on the Article 6 (1) (a) of the Regulation and based on the Section 13/A. § (3) of the CVIII Act 2001 on certain issues of electronic commerce services and information society services.

Data management duration: 30 days after visiting the site.


2. Whom may we share your personal data with?

A. DATA PROCESSORS

In order to meet the above-mentioned goals, our employees will be entitled to access your personal information but they cannot transfer them to third parties. We are authorized to use data processor in order to perform the service. Data processing is done through an IT system.

The following data processors are used:

Data processor I.
Company name: Comp-Kontír Trade Bt.
Registered seat, location of data processing: no. 11, Hangulat utca, Mogyoród 2146
Description and Purpose of Activity: Accounting tasks, invoicing for entries in contests (competitions), if t an entry fee is applicable

Data processor II.
Company name: ProgArt Informatika Bt.
Registered seat, location of data processing: ground floor 2, no. 74, Hegyalja út, Budapest 1118
Description and Purpose of Activity: IT development

Data protection obligations for natural or legal persons or non-legal entities performing data processing from our mandate must be enforced in the contract concluded with the data processor. Data processors are contracted for the data processing contract required by Infotv and the GDPR.

The prior written consent of the data subject or his / her legal representative is not required for the transfer of data if the transfer of data is permitted by law. For public authorities, if the authority indicates the exact purpose and scope of the data, personal data will be issued only to the extent necessary to achieve the purpose of the request.

The prior written consent of the data subject or his / her legal representative is not required for the transfer of data where the legal basis of the transfer is in the protection of the legitimate interests of the data subject or third party and for us through data service processing or outsourcing to outsourced persons.

In addition, all personal data may be transmitted to third parties on the basis of a prior written consent of the person concerned or its legal representative.

We do not forward data to third countries.

B. WEB ANALITYCS AND ADVERTISEMENT-SERVING EXTERNAL COMPANIES

We use external webanalytics and ad serving companies to operate our web-based services. We hereby inform you that by using the Website you consent to the handling of your personal information for the following purposes and ways:

We use Google Analytics, Google AdSense and Google AdMob service of the Google Inc. Google Analytics uses cookie to analyze the usage of the Website. Google AdSense and AdMob place cookies and use web beacon in purpose of gathering information. Information stored by cookie (including your IP address) is stored by Google Inc. Google Inc. is authorized to submit the collected data to third party partners if the transfer of data is permitted by law or the processing is subject to an agreement between Google Inc and the third party. As part of Google Inc.’s remarketing, it will place such tracking cookies on your device that monitor visitors’ behavior and on which Google Inc. will make ads available on other web sites based on user behavior, interest-based advertising. The tracking cookie allows Google Inc. to identify the website visitor on other websites. Google Inc.'s "Privacy Policy" is available at http://www.google.hu/intl/hu/policies/privacy/. You can find more useful information about Google Inc.'s activity on Google Inc. and how to disable cookies and personalize your ads: http://www.google.com/intl/hu/policies/privacy/ads/.


3. How do we protect your personal data?

A. DATA SECURITY

We have introduced the appropriate technical and organizational measures to protect your personal data against either incidental or unlawful destruction, loss, modification, unauthorized disclosure or access to them, and any other illegal data handling. In addition, our data processors are also required to introduce the same technical and organizational measures.

Only person with relevant entitlement can access your personal information with the highest level of access controls.

We store the encrypted imprint of your password that is only valid for password verification, but the password itself cannot be restored.

Communication is performed through an encrypted channel between your browser and web servers.

B. TREATMENT OF DATA PROTECTION INCIDENTS

Privacy incident means any event that results in the unauthorized processing or processing of personal data, in particular unauthorized or accidental access, alteration, disclosure, deletion, loss or destruction, as well as accidental destruction and damage to personal data that we treat, transmit, store or process.

A person who perceives a privacy incident during his or her work shall immediately notify his / her superior and the person responsible for data protection. The person responsible for data protection shall immediately examine the detected or perceived data protection incident and, within 24 hours of receiving the data protection incident, shall propose the measures necessary to resolve the data incident and handle it for our decision-makers. The person responsible for the data protection incident and the outcome of the data incident in the data management or in the data protection incident shall inform the person responsible for data protection within 3 working days of the implementation of the measures.

The person responsible for data protection shall, without undue delay and, if possible, at the latest 72 hours after the data protection incident becomes aware, must notify the NAIH of the data protection incident unless it can be demonstrated that the privacy incident is unlikely to pose a risk to the natural rights and freedoms of persons. If the notification can not be performed within 72 hours, the reason of delay must be indicated and the required information may be communicated in installments, without further undue delay. The notification for NAIH is required to conatin the following:

  • the nature of the privacy incident, the number and category of data subjects and personal data;
  • the name and contact details of the person responsible for data protection;
  • the potential consequences of a privacy incident;
  • Measures taken or planned to address, parry and remedy a privacy incident.

If the person responsible for data protection determines that the data protection incident is likely to pose a high risk to the rights and freedoms of natural persons, it shall immediately inform the decision-maker. Within 72 hours of detection of a privacy incident, we inform the affected partners about the privacy incident via Our Website. Disclosure of information is the obligation of the person responsible for data protection.

We keep record of data protection incidents in order to monitor the data protection incident and to inform the data subjects. Keeping the records is the responsibility of the Data Protection Officer. The register shall contain the following information:

  • The scope of the personal data concerned;
  • The number of stakeholders;
  • The date of the data protection incident;
  • The circumstances and effects of the privacy incident;
  • Measures taken to address the privacy incident.

The data contained in the register will be kept for 5 years from the detection of the data protection incident.


4. Your rights

Natural persons concerned may submit their objections to the handling of their personal data in writing to our company in writing sent to the contacts specified at the beginning of this Policy.

Please note that we may ask you for additional personal information to confirm your identity.

A. RIGHT TO ACCESS

You are entitled to receive feedback on whether your personal information is being processed and, if such processing is in progress, you have the right to have access to your personal information and the following information:

  1. purpose of the data management;
  2. the categories of personal data concerned;
  3. the categories of recipients with whom personal data will be communicated or disclosed, including, in particular, third country recipients or international organizations;
  4. in that particular case, the intended duration of the storage of personal data or, if this is not possible, the criteria for determining that period;
  5. you may request correction, deletion, or limitation of your personal information relating to you and may object to the handling of such personal data;
  6. the right to lodge a complaint addressed to the supervisory authority;
  7. all available information about their source.

B. RIGHT TO REMOVE

You are entitled to cancel your personal information on your request without undue delay and we are obligated to remove your personal information without undue delay if one of the following reasons exists:

  1. personal data is no longer needed for the purpose from which they were collected or otherwise handled;
  2. You withdraw the consent of the data controlling and there is no other legal basis for data handling;
  3. You object to data manipulation and have no prior legitimate reason for data handling;
  4. we have handled the personal data unlawfully;
  5. the personal data should be deleted to comply with the legal obligation provided by the Community Law or the law of the Member State;
  6. collecting personal data concerning the offering of information society services directly to children.

The above provisions do not apply where data management is required:

  1. for the purpose of right to free speech and to information;
  2. the fulfillment of the applicable law of the Union or of the Member States for the processing of personal data, or for the purpose of carrying out a task carried out in the exercise of public authority exercised in the public interest or on the data controller;
  3. for purposes of public interest archiving, for scientific and historical research purposes or for statistical purposes, provided that the right to cancel would likely make it impossible or seriously compromise this data management; or
  4. to present, enforce or protect legal claims.

C. RIGHT TO RESTRICT DATA MANAGEMENT

You are entitled to restrict your data request upon request if one of the following is concerned:

  1. you dispute the accuracy of your personal data; in this case, the restriction applies to the duration that allows us to check the accuracy of your personal data;
  2. the data handling is illegal and you are opposed to the deletion of the data and, instead, requests that they be restricted;
  3. we no longer need personal data for data processing but you require them to submit, enforce, or protect legal claims; or
  4. You have objected to data handling; in this case, the restriction applies to the period of time that it is established that our legitimate reasons prevail over your legitimate grounds.

If your data is restricted, such personal information may only be handled with the sole purpose of your consent or submission, enforcement or protection of legal claims or other rights of a natural or legal person, or in the public interest of the Union or of a Member State, except for storage.

If we restrict your data handling to your request, we will inform you in advance of any restrictions on data handling.

D. RIGHT TO RECTIFICATION

You are entitled to request the correction your inaccurate personal information without undue delay. Considering the purpose of data management, you have the right to request the supplementation of incomplete personal data, including by means of a supplementary statement.

E. RIGHT TO OBJECTION

You are entitled to protest at any time for reasons of your own status against our legitimate interests. In this case, we will not be entitled to process your personal data unless we prove that data management is justified by legitimate compelling reasons that prevail over your interests, rights, and freedoms or which relate to the submission, validation, or defense of legal claims.

F. WITHDRAWAL OF APPROVAL

You are entitled to withdraw your approval to the given data management at any time during the processing of the data, but the revocation does not affect the lawfulness of the data processing that has been made based on the consent prior withdrawal.

G. DATA MOBILITY

You are entitled to receive personal information about you provided in an articulated, widely-used machine-readable format and to transfer this data to another data controller without being obstructed by the data controller to whom personal data is provided that:

  1. the processing of data is based either on a contribution or a contract; and
  2. Data management is carried out in an automated manner.

In exercising your right of portability, you are entitled to request direct transfer of personal data between data controllers, if technically feasible.

Please note that if the reception of the data is technically unavailable to the target person, the right of data storage cannot be exercised either.

H. COMPLEMENTARY OPPORTUNITY

You are at the National Privacy and Information Authority (registered seat: no 22/C, Szilágyi Erzsébet fasor, Budapest 1125. Phone: (1) 391 1400; e-mail: ugyfelszolgalat@naih.hu, website: http://www.naih.hu) at any time by complaint occur.

In addition, you may initiate judicial remedies against us or the processors you use, at your choice, before the court of your temporary or permanent place of residence.


5. Amendments

Our privacy and cookie policy is reviewed annually. The current version will be published on Our Website.


6. Contact us!

If you have any questions or complaints, please do not hesitate to contact us at the above contact information.


Release date: 01. 10. 2019


Download