Privacy Policy

Introduction

Logidok Hungary Kft. (office: 2837 Vértesszőlős, Határ út 014/38. hrsz. company registry number: 11-09-022221, tax-payer reference number: 24757249-2-11, phone: +36703275685 e-mail: info@logidok.com ) (as „SERVICE PROVIDER” from now on) has the obligation to publish the following information:

Section 20 (1) of the Act CXII of 2011 says that prior to data processing being initiated, the data subject, (in this case the user of the webpage, from now on: “User”) shall be clearly and elaborately informed whether the processing of his personal data is voluntary or obligatory.

Before processing operations are carried out the data subject shall be clearly and elaborately informed of all aspects concerning the processing of his personal data, especially of the purpose for which his data is required and the legal basis, the person entitled to carry out the processing, the duration of the proposed processing operation.

According to Section 6 (1), the data subject shall as well be informed that Personal data may be processed also if obtaining the data subject’s consent is impossible or it would give rise to disproportionate costs, and the processing of personal data is necessary for compliance with a legal obligation, or for the purposes of legitimate interests pursued by the controller or by a third party, and enforcing these interests is considered proportionate to the limitation of the right for the protection of personal data.

The information has to include the rights of the data subject regarding the data processing and the possible legal remedies.

If providing data subjects with information in person is impossible or would give rise to disproportionate costs (as it would for example in case of a web shop), the obligation of providing information may be fulfilled by making the below details available to the public:
a) The fact of data acquisition,
b) The people affected,
c) The aim of the data acquisition,
d) The duration of the data acquisition,
e) The possible controllers entitled to meet the data
f) The information including the rights of the data subject involved in data processing and the possible legal remedies, and
g) If the data processing should be put on the data protection files, the number of such data processing.

This Policy is based on the above-mentioned regulations. This announcement can be downloaded from: http://logidok.com/privacy_policy

Modifications to this announcement shall come into force by publishing them on the above mentioned webpage. The lawful reference shall be available to each headlines.

Definitions (3.§)
1. ‘data subject’ shall mean any natural person directly or indirectly identifiable by reference to specific personal data;
2. personal data’ shall mean data relating to the data subject, in particular by reference to the name and identification number of the data subject or one or more factors specific to his physical, physiological, mental, economic, cultural or social identity as well as conclusions drawn from the data in regard to the data subject;
3. ‘special data’ shall mean:
a) personal data revealing racial origin or nationality, political opinions and any affiliation with political parties, religious or philosophical beliefs or trade union membership, and personal data concerning sex life,
b) personal data concerning health, pathological addictions, or criminal record;.

4. ‘the consent’ shall mean any freely and expressly given specific and informed indication of the will of the data subject by which he signifies his agreement to personal data relating to him being processed fully or to the extent of specific operations;.

5. ‘the objection’ shall mean a declaration made by the data subject objecting to the processing of their personal data and requesting the termination of data processing, as well as the deletion of the data processed;.

6. ‘controller’ shall mean natural or legal person, or organisation without legal personality which alone or jointly with others determines the purposes and means of the processing of data; makes and executes decisions concerning data processing (including the means used) or have it executed by a data processor.

7. ‘data’ processing’ shall mean any operation or the totality of operations performed on the data, in particular, collecting, recording, registering, classifying, storing, modifying, using, querying, transferring, disclosing, synchronising or connecting, blocking, deleting and destructing the data, as well as preventing their further use, taking photos, making audio or visual recordings, as well as registering physical characteristics suitable for personal identification (such as fingerprints or palm prints, DNA samples, iris scans);.

8. ‘data transfer’ shall mean ensuring access to the data for a third party;.

9. ‘disclosure’ shall mean ensuring open access to the data to anyone;

10. ‘data deletion’ shall mean making data unrecognisable in a way that it can never again be restored;

11. ‘tagging data’ shall mean marking data with a special ID tag to differentiate it;

12. ‘blocking of data’ shall mean marking data with a special ID tag to indefinitely or definitely restrict its further processing

13. ‘data destruction’ shall mean complete physical destruction of the data carrier recording the data;

14. ‘data process’ shall mean performing technical tasks in connection with data processing operations, irrespective of the method and means used for executing the operations, as well as the place of execution, provided that the technical task is performed on the data;

15. ‘data processor’ shall mean any natural or legal person or organisation without legal personality processing the data on the grounds of a contract, including contracts concluded pursuant to legislative provisions;

16. ‘data source’ shall mean the body responsible for undertaking the public responsibility which generated the data of public interest that must be disclosed through electronic means, or during the course of operation in which this data was generated;

17. ‘data disseminator shall mean the body responsible for undertaking the public responsibility which uploads the data sent by the data source it has not published the data;

18. ‘data set’ shall mean all data processed in a single file;

19. ‘third party’ any natural or legal person, or organisation without legal personality other than the data subject, the data controller or the data processor;

Legal basis of data processing (5.-6. §)

1. Personal data may be processed if • when the data subject has given his consent, or • when processing is necessary as decreed by law or by a local authority based on authorization conferred by law concerning specific data defined therein for the performance of a task carried out in the public interest.

2. Personal data may be processed also if obtaining the data subject’s consent is impossible or it would give rise to disproportionate costs, and the processing of personal data is necessary:
a) for compliance with a legal obligation pertaining to the data controller, or
b) for the purposes of the legitimate interests pursued by the controller or by a third party, and enforcing these interests is considered proportionate to the limitation of the right for the protection of personal data.

3. If the data subject is unable to give his consent on account of lacking legal capacity or for any other reason beyond his control, the processing of his personal data is allowed to the extent necessary and for the length of time such reasons persist, to protect the vital interests of the data subject or of another person, or in order to prevent or avert an imminent danger posing a threat to the lives, physical integrity or property of persons.

4. The statement of consent of minors over the age of sixteen shall be considered valid without the permission or subsequent approval of their legal representative.

5. Where processing under consent is necessary for the performance of a contract with the controller in writing, the contract shall contain all information that is to be made available to the data subject in connection with the processing of personal data, such as the description of the data involved, the duration of the proposed processing operation, the purpose of processing, the transmission of data, the recipients and the use of a data processor. The contract must clearly indicate the data subject’s signature and explicit consent for having his data processed as stipulated in the contract.

6. Where personal data is recorded under the data subject’s consent, the controller shall - unless otherwise provided for by law - be able to process the data recorded where this is necessary: • for compliance with a legal obligation pertaining to the controller, or • for the purposes of legitimate interests pursued by the controller or by a third party, if enforcing these interests is considered proportionate to the limitation of the right for the protection of personal data.
Data must only be processed for specified and explicit purposes (4. § [1]-[2])

1. Personal data may be processed only for specified and explicit purposes, where it is necessary for the exercising of certain rights and fulfilment of obligations. The purpose of processing must be satisfied in all stages of data processing operations; recording of personal data shall be done under the principle of lawfulness and fairness.

2. The personal data processed must be essential for the purpose for which it was recorded, and it must be suitable to achieve that purpose. Personal data may be processed to the extent and for the duration necessary to achieve its purpose.

Other principles of data processing (4. § [3]-[4])

In the course of data processing, the data in question shall be treated as personal as long as the data subject remains identifiable through it. The data subject shall be considered identifiable if the data controller is in possession of the technical requirements which are necessary for identification.

The accuracy and completeness, and - if deemed necessary in the light of the aim of processing - the up-to-datedness of the data must be provided for throughout the processing operation, and shall be kept in a way to permit identification of the data subject for no longer than is necessary for the purposes for which the data were recorded.

Other information regarding data processing

Controller shall not use any given personal data for other purposes different from the purposes included in this announcement. To provide a third person or any authorities with such personal data – unless made compulsory by law – can only happen with the previous, explicit consent of the User.

The Controller shall not verify any data given. The validity of such data is the sole responsibility of the data subject. When giving the e-mail address, the user will take the responsibility of being the sole user of that e-mail address. All responsibility regarding the log-ins from a certain e-mail address is the sole responsibility of the User that has registered it.

Functional data processing

1. Based on Section 20 (1) of the Act of CXII of 2011 upon the Right of Informational Self-Determination and on Freedom of Information, the following should be determined under the webpage function of the web shop:

a) The fact of data acquisition,
b) The data subjects concerned,
c) The purpose of the data acquisition,
d) The duration of the data processing,
e) The possible controllers entitled to meet the data,
f) The information including the rights of the data subject involved in data processing.

2. The fact of data acquisition, the processed data: Own e-mail address, password, phone number, type of company, address and name (billing name, post code, city, street name, house number), date of registry, IP address used at the registration/usage.

3. The data subjects concerned: All people that have registered on the website http://logidok.com (from now on: website) and all the people that have registered on the mobile application.

4. The purpose of the data acquisition: The full usage of the service provided by the Service Provider via the website and the mobile app. (For example: to make a contract to provide the service, define the service, watch the fulfilment of the service, billing, modification, enforcement of demands, process data in order to send newsletters.)

5. The duration of data processing, the deadline to delete data: It starts with the registration and lasts until its termination. However, it is different for the proofs of accountancy, because according to the Section 169 of the Act of C of 2000 on Accounting, the data must be retained for 8 years.

6. The possible controllers entitled to meet the data: Personal data can be processed by the staff of the data processor, with due consideration and respect to the above-listed principles.

7. The information including the rights of the data subject involved in data processing: The following data modification can be done on the websites and the mobile apps:

On the website: User name, password, surname, first name, e-mail address, phone number, type of company, address (billing address). The cancellation or modification of your personal data can be initiated in the following ways: • By post to Logidok Hungary Kft. 2837 Vértesszőlős, Határ út 014/38. hrsz. • By e-mail to info@logidok.hu. • By setting the user’s account menu. On the Mobile App: User name, password, surname, first name, e-mail address, phone number, name and type of company. The cancellation or modification of your personal data can be initiated in the following ways: • By post to Logidok Hungary Kft. 2837 Vértesszőlős, Határ út 014/38. hrsz. • By e-mail to info@logidok.hu.

8. The legal ground of data procession: the consent of the User, based on Section 5 (1) of the Info Act, and Article 13/A (3) of Act CVIII. of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services.

Our principles relevant to functional data processing (Act on Electronic Commerce Services Article 13/A.)

1. The service provider may process personal data to provide service in connection with the information society, as for billing and processing data of natural identification, address and data of determining the date, duration and location of the service used.

2. The Service Provider may – for the purpose of providing the service – process personal data indispensable for providing the service for technical reasons. Should other conditions be identical, the Service Provider shall select and operate the means applied in the course of providing information society service at all times, so that personal data be processed only if it is absolutely indispensable for providing the service or achieving other objectives stipulated, and only to the required extent and duration.

3. The Service Provider may process data related to the use of the service for any other purposes thus, in particular, to enhance the efficiency of the service, forwarding of electronic advertisements or other direct communications, or market surveys – only with the prior specification of the objective thereof and subject to the consent of the recipient of the service.

4. Recipient of the services shall be allowed, at all times, prior to and during the course of using the information society service to prohibit the data processing.

5. Data processed shall be deleted if the contract is not concluded, is terminated and after the billing. Data processed shall be deleted if the objective of data processing has ceased or upon the instruction of the recipient of the service to this effect. Such deletion shall take place without delay unless provided otherwise by law.

6. The Service Provider shall ensure that the recipient of the service of the information society service may, at any time prior to and in the course of using the service, get acquainted with the types of data processed by the service provider and the objective of processing such data, including the processing of data directly not associated with the recipient of the service.

Processing Cookies

1. Based on Section 20 (1) of the Act of CXII of 2011 upon the Right of Informational Self-Determination and on Freedom of Information, the following should be determined under the cookie data procession of the web shop website:

a) The fact of data acquisition,
b) The data subjects concerned,
c) The purpose of the data acquisition,
d) The duration of the data processing,
e) The possible controllers entitled to meet the data,
f) The information including the rights of the data subject involved in data processing.

2. The cookies typical of the website are the so called “cookies used for the password protected working process” and the “safety cookies”. No previous permission of the data subjects is required for their use.

3. The fact of data acquisition, the range of data processed: unique identification number, dates, and times.

4. The data subjects concerned: All visitors to the website.

5. The purpose of the data acquisition: the identification and following of the users.

6. The duration of the data processing, the deadline of cancelling data: In case of session cookies, the duration of data processing lasts 30 days after the visit to the website.

7. The possible controllers entitled to meet the data: Personal data can be processed by the staff of the data processor, with due consideration and respect to the above-listed principles.

8. The information including the rights of the data subject involved in data processing: The data subject can delete the cookies in the Tools/Settings Menu of the browser, usually under the settings of the Data Protection Menu

9. The legal ground of data procession: No consent of the data subject is necessary if the only purpose of using cookies is to transmit data via the electronic media network or it is essential for the fulfilment of the service in connection with the information society required by the user

10. The Service Provider measures the data of visits by using Google Analytics and Mixpanel. During the usage of the service, data is transmitted. The transmitted data is unfit for identifying the data subject. You can read more on the Privecy Policy of Google here:: http://www.google.hu/policies/privacy/ads/ The Privacy Policy of Mixpanel can be found here: https://mixpanel.com/privacy/

11. The web shop uses the remarketing following codes of Google Adwords. The remarketing is a function by which the website is displaying relevant advertisements to the users that have earlier been to the web page while they are browsing other websites of the Google Display Network.
The users entering the web shop can ban these cookies and can find further information on the Google data processing at the following addresses: http://www.google.hu/policies/technologies/ads/ and https://support.google.com/analytics/answer/2700409. If user bans remarketing cookies, he will see no personalized offers from the web shop.

Newsletter, DM activity

1. In Section 6 of the Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities, User can formerly and explicitly give his consent to receive commercial offers or others from Service Provider, at his addresses given when registering (eg. electronic address, phone number).

2. Furthermore, the Client can give his consent – by taking the regulations of this announcement into consideration – to Service Provider on his personal data to be processed.

3. Service Provider shall not send unwanted commercial messages, and User is entitled to unsubscribe from the receipt of such messages without limitation, giving reasons and for free. In such case, all of his personal data that were needed to send him messages shall be deleted by Service Provider from their database and user will not be sent such commercial offers any more. User can unsubscribe by clicking on the relevant link, which can be found at the bottom of the messages.

4. Based on Section 20 (1) of the Act of CXII of 2011 upon the Right of Informational Self-Determination and on Freedom of Information, the following should be determined under the cookie data processing of the web shop website:
a) The fact of data acquisition,
b) The data subjects concerned,
c) The purpose of the data acquisition,
d) The duration of the data processing,
e) The possible controllers entitled to meet the data,
f) The information including the rights of the data subject involved in data processing.

5. The fact of data acquisition, the range of data processed: name, e-mail address, (phone number), date, time.

6. The data subjects concerned: Everybody subscribing to the newsletter.

7. The purpose of data acquisition: sending electronic messages containing data (e-mail, SMS, and push message) to the data subject, providing latest information on up-to-date news, products, offers, new functions, etc.

8. The duration of data processing, the deadline for the deletion of data: until the withdrawal of consent/subscription.

9. The possible controllers entitled to meet the data: Personal data can be processed by the staff of the data processor, with due consideration and respect to the above-listed principles.

10. The information including the rights of the data subject involved in data processing: The data subject can any time unsubscribe from the newsletters for free.

11. The legal grounds of data processing: data subject’s voluntary consent, Section 6 (Article 5) of the Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities.

Data transmission

1. Based on Section 20 (1) of the Act of CXII of 2011 upon the Right of Informational Self-Determination and on Freedom of Information, the following should be determined under the data transmission of the web shop website:
a) The fact of data acquisition,
b) The data subjects concerned,
c) The purpose of the data acquisition,
d) The duration of the data processing,
e) The possible controllers entitled to meet the data,
f) The information including the rights of the data subject involved in data processing.

2. The fact of data acquisition, the data to be processed. The data transmitted in order to provide the service: Name, address, name of product, sum to be paid. The data transmitted in order to provide online payment facilities: Name, address, the sum of the transaction, the legal grounds of the transaction, and data of the bank card.

3. Data subjects affected: Clients with a subscription to the web application of Logidok.

4. The purpose of data procession: Online payment

5. The duration of data procession, the deadline for deleting the data: By the termination of the service, the data get deleted.

6. The provisional Controllers entitled to meet the data: Personal data can be processed by PAYMILL GmbH (St.-Cajetan-Straße 43 81669 Munich, Germany) by due consideration and respect to the principles listed earlier.

7. The information including the rights of the data subject involved in data processing: Data subject may ask the controller to delete his personal data without delay.

8. The legal ground of data procession: the consent of the User, based on Section 5 (1) of the Info Act, and Article 13/A (3) of Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services.

Data safety (7. §)

1. Controllers shall make arrangements for and carry out data processing operations in a way so as to ensure full respect for the right to privacy of data subjects.

2. Controllers, and within their sphere of competence, data processors must implement adequate safeguards and appropriate technical and organizational measures to protect personal data, as well as adequate procedural rules to enforce the provisions of this Act and other regulations concerning confidentiality and security of data processing.

3. Data must be protected by means of suitable measures, especially against unauthorized access, alteration, transmission, public disclosure, deletion or destruction, as well as damage and accidental loss, and to ensure that stored data cannot be corrupted and rendered inaccessible due to any changes in or modification of the applied techniques.

4. For the protection of data sets stored in different electronic filing systems, suitable technical solutions shall be introduced to prevent - unless this is permitted by law - the interconnection of data stored in these filing systems and the identification of the data subjects.

5. In respect of automated personal data processing, data controllers and processors shall implement additional measures designed to:
a) Prevent the unauthorized entry of data;
b) Prevent the use of automated data - processing systems by unauthorized persons using data transfer devices;
c) Ensure that it is possible to verify and establish to which bodies’ personal data have been or may be transmitted;
d) Ensure that it is possible to verify and establish which personal data have been entered into automated data-processing systems and when and by whom the data were input;
e) Ensure that installed systems may, in case of malfunctions, be restored; and
f) Ensure that faults emerging in automated data - processing systems is reported.

6. In determining the measures to ensure security of processing, data controllers and processors shall proceed taking into account the latest technical development and the state of the art of their implementation. Where alternate data processing solutions are available, the one selected shall ensure the highest level of protection of personal data, except if this would entail unreasonable hardship for the data controller

The rights of data subjects (14.-19. §)

1. The data subject may request from the data controller to get information on his personal data being processed, the rectification of his personal data, and the erasure or blocking of his personal data, save where processing is rendered mandatory.

2. Upon the data subject’s request the data controller shall provide information concerning the data relating to him, including those processed by a data processor, the sources from where they were obtained, the purpose, grounds and duration of processing, the name and address of the data processor and on its activities relating to data processing, and - if the personal data of the data subject is made available to others - the legal basis and the recipients.

3. With a view to verifying legitimacy of data transfer and for the information of the data subject, the data controller shall maintain a transmission log, showing the date of time of transmission, the legal basis of transmission and the recipient, description of the personal data transmitted, and other information prescribed by the relevant legislation on data processing.

4. Data controllers must comply with requests for information without any delay, and provide the information requested in an intelligible form, in writing at the data subject’s request, within not more than thirty days. The information shall be free of charge.

5. To User’s request, Service Provider shall provide information on the data processed, their sources, the purpose, legal grounds, duration, the name of controllers (if any), their address and the activity in connection to data processing. As well as about the legal ground and recipient of the data transmission – in case of transmitting the personal data of the data subject. Service Provider shall provide clear, written information within 30 days, which information shall be free of charge.

6. Service Provider, if the personal data does not reflect the reality and the real personal data is available, shall correct such personal data.

7. Instead of deleting the personal data, Service Provider shall block them, if so required by User or if according to available information, one can suppose that such deletion would interfere with User’s interests. Such blocked data can be processed until the existence of the purpose for the data processing that has precluded the deletion of personal data.

8. Service Provider shall delete personal data if its processing is unlawful, so required by User, the handled data is incomplete or incorrect, the purpose of data processing has ceased, or the deadline as defined by law for storing the data has expired, or it has been ordered by a court or the National Authority of Data Protection and Freedom of Information (NAIH).

9. The data controller shall mark the personal data handled by him, if the data subject argues against its correctness or preciseness, however, such correctness or impreciseness cannot be pointed out clearly.

10. Data subject and everybody else to whom data have been sent to must be informed about such correction, blocking, marking and deleting. It is not necessary to inform them if it is not harmful to the rights of data subject regarding the purpose of data processing.

11. If data controller fails to do the correction, blocking or deletion requested by data subject, he shall inform data subject about the factual and legal purposes for the refusal of the request in 30 days in a written form. Furthermore, controller shall inform data subject about the ways of getting legal remedy from a court and the possibility of turning to the Authority.

Legal remedy

1 User may object against the processing of his personal data, if
a) personal data processing or transmission is only necessary for the Service Provider to fulfil legal duties or to represent the interests of Service Provider, data user or a third party, except for cases when the data processing is ordered by law;
b) the purpose of the usage or transmission of personal data is direct business growth, market research, Gallup-poll or scientific research;
c) in any other cases defined by law.

2. Service Provider shall investigate the objection as quickly as possible but in maximum 15 days after its transmission: shall decide upon its establishment and inform the petitioner in writing about the decision made. If Service Provider considers the objection to be well-founded, both the data processing and transmission shall be stopped, the data shall be blocked. Moreover, everybody – to whom such data was transmitted to and who are obliged to implement measures to enforce the right to object - shall be informed about the fact of the objection and all measures taken based on it.

3. If User does not agree with the decision made by Service Provider, he can turn to the court within 30 days from its publication. The court shall hear such cases in priority proceedings.

4. In case one wants to complain about an unlawful deed of a data controller, he can turn to the National Authority of Data Protection and Freedom of Information. (NAIH)

The National Authority of Data Protection and Freedom of Information 1125 Budapest, Szilágyi Erzsébet fasor 22/C. Postal address: 1530 Budapest, Postafiók: 5. Telephone: +36 -1-391-1400 Fax: +36-1-391-1410 E-mail: ugyfelszolgalat@naih.hu

Judicial remedy (22. §)

1. The burden of proof to show compliance with the law lies with the data controller. The burden of proof concerning the lawfulness of transfer of data lies with the data recipient.

2. The action shall be heard by the competent tribunal. If so requested by the data subject, the action may be brought before the tribunal in whose jurisdiction the data subject’s home address or temporary residence is located.

3. Any person otherwise lacking legal capacity to be a party to legal proceedings may also be involved in such actions. The Authority may intervene in the action on the data subject’s behalf.

4. When the court’s decision is in favour of the plaintiff, the court shall order the controller to provide the information, to rectify, block or erase the data in question, to annul the decision adopted by means of automated data-processing systems, to respect the data subject’s objection, or to disclose the data requested by the data recipient.

5. If the court rejects the petition filed by the data recipient, the controller shall be required to erase the data subject’s personal data within three days of delivery of the court ruling. The controller shall erase the data even if the data recipient does not file for court action within the time limit.

6. The court may order publication of its decision, indicating the identification data of the controller as well, where this is deemed necessary for reasons of data protection or in connection with the rights of large numbers of data subjects.

Compensation (23. §)

If data controller causes damage to another person as a result of unlawful processing or by any breach of data security requirements, he must pay compensation. If data controller infringes data subject’s rights of privacy, data subject is entitled to demand compensation. Data controllers shall be liable for any damage caused to a data subject and are obliged to pay compensation in case of infringement of privacy rights. The data controller shall be exempted from liability if he proves that the damage or the infringement of privacy rights was caused by reasons beyond his control. No compensation shall be paid where the damage was caused by intentional or serious negligent conduct on the part of the aggrieved party.

Other provisions

The system of Service Provider may collect data of Users’ activity that cannot be connected neither to other data given by User when registering, nor to other data originating from using other web pages or services.

In any cases when Service Provider wants to use data for a purpose, different to its original purpose, Service Provider must inform User (affected party) of this and get his former, explicit consent; at the same time providing User with the option to forbid the processing.

Service Provider shall take care of data security, and implement all technical measures that ensure protection for the recorded, stored and processed data; also shall do everything in order to prevent their destruction, illegal use and unlawful modification. Service Provider shall instruct any third party to whom data is transmitted or given to act in the same way.

Service Provider maintains the right to one-sidedly modify this announcement by having Users informed previously. After the modification has taken effect, User is considered to have modified content accepted by his/her implied conduct.

Closing remarks

When preparing the announcement, we were aware of the below-listed acts:
- The Act CXII. of 2011 - on the Right of Informational Self-Determination and on Freedom of Information; - The Act CVIII. of 2001 (especially Section 13/A) – on Certain Issues of Electronic Commerce Services and Information Society Services; - The Act XLVII. of 2008 - on the Prohibition of Unfair Commercial Practices against Consumers; - the Act XLVIII of 2008 (especially Section 6) – on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities; - The Act XC. of 2005 – on the Freedom of Information by Electronic Means; - the Act C. of 2003 (especially Section 155) – on Electronic Communications; - Opinion 16/2011 on EASA/IAB Best Practice Recommendation on Online Behavioural Advertising

Budapest, 11 July, 2014