Data Protection Notice
The operator of the website https://www.fanan.hu/ is Bezula Kft (hereinafter referred to as the “Data Controller”). When viewing the website and using its services, the visitor (hereinafter referred to as the “Data Subject”) may provide personal data. The purpose of this notice is to inform the users of the website about the Data Controller’s practices regarding the processing of personal data, the organisational and technical measures taken to protect their data, and to inform the Data Subject about the legal remedies available to them.
In operating the https://www.fanan.hu/ (hereinafter referred to as the “website” or “website”), the Data Controller processes the personal data of the Data Subject in accordance with the following legislation:
– Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information,
– Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR),
– Act XCVI of 1993 on Voluntary Mutual Insurance Funds,
– Act CVIII of 2001 on certain aspects of electronic commerce services and information society services,
– Act XLVII of 2008 on the Prohibition of Unfair Commercial Practices against Consumers,
– Act CXXXIII of 2005 on the rules of personal and property protection and private investigation,
– the provisions of Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions on Commercial Advertising Activities.
– The Data Controller reserves the right to change this information, the current information shall enter into force upon publication on the website.
I. Data Controller’s data
1) Name and contact details of the Data Controller and its representative:
Registered office. A 103.
Tax number: 14832211-2-43
Phone: +36 20 222 7701
II) Purpose, legal basis and duration of the processing of personal data
1.) Data on visitors to the website
1.1 Cookies for basic functionality
These cookies ensure the proper functioning of the website, facilitate its use and collect information about its use without identifying visitors. This includes, for example, the status of acceptance of cookie handling, remembering login methods and details, the status of website notification messages, and the Google Analytics code.
Legal basis for data processing.
Purpose of data processing: to ensure the proper functioning of the website.
Processing duration: session cookies – until the end of the visitor session
User-assistance cookies: 6 months
Data processed: Google Analytics
1.2 Cookies for statistical purposes
Legal basis for processing.
Purpose of processing: to collect information about how our visitors use the website.
Duration of processing: until the end of the session/2 years/90 days/24 hours/1 minute, depending on the cookie.
Data processed: Google Analytics code
1.3 Targeting and advertising cookies
Targeting and advertising cookies are used to display ads on the website that are of interest or relevant to the visitor. These cookies do not identify the Data Subject personally, they collect information such as: which page was visited, which part of the website was clicked on, how many pages were visited, how long the session was, what error messages were displayed.
If the visitor has given his or her prior consent, the information collected in the course of tracking the use of the website may be used by the Data Controller together with the Data Subject’s personal data in order to enable the Data Controller to tailor its marketing communications to the Data Subject’s needs and to offer more personalised offers.
The website uses advertising cookies from the following service providers:
Google Ads (detailed information about this service is available at the following link: https://www.google.com/intl/hu/policies/privacy)
Facebook (detailed information about this service is available at the following link: https://www.facebook.com/help/cookies)
Instagram.com (detailed information about the service is available at the following link:
Legal basis for processing: your consent
Purpose of processing: to display relevant ads, create and store an identifier
Duration of processing: 90 days/18 months/2 years depending on the cookie
Google Ads – conversion code, remarketing function; Facebook – conversion code, remarketing function
How can you control and disable cookies?
All modern browsers allow you to change the cookie setting. Most browsers automatically accept cookies by default, but these settings can usually be changed so that the browser can prevent automatic acceptance and offer the choice of whether or not to allow cookies each time.
You can find out about the cookie settings for the most popular browsers by following the links below:
– Google Chrome: https://support.google.com/chrome/answer/95647?hl=hu&co=GENIEPlatform%3DDesktop
– Firefox: https://support.mozzila.org/en-US/kb/enable-and-disable-cookies-website-preferences
– Microsoft Internet Explorer: https://support.microsoft.com/hu-hu/help/17442/windows-internet-explorer-delete-manage-cookies
– Microsoft Edge: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
– Safari: https://support.apple.com/kb/ph21411?locate=hu_HU
2) Contacting us on the website
On its website, the Data Controller offers you the possibility to contact it and request information and offers. The Data Controller will use the data provided on the forms and online interfaces only to contact the Data Subject and, in case of a request for a quotation, to arrange an on-site survey and send a quotation.
Purpose of the processing: to contact the Data Controller’s professionals on site and to send offers.
Legal basis for processing: voluntary consent of the Data Subject pursuant to Article 6(1)(a) of the GDPR.
Data processed: company name, name, address, telephone number, e-mail address, subject of the contact and the message shared by the Data Subject.
Duration of data processing: until the Data Subject’s consent is withdrawn or until the Data Subject requests erasure, but no later than 1 year. In the case of a contract, for the period specified by law.
Consequences of not providing data: the Data Subject does not receive a quotation or professional information.
Data processor(s): the Data Controller uses server providers as data processors: the data necessary for the provision of the Data Controller’s website are hosted on servers of specified companies, backed up to ensure the security of the data.
Name: DotRoll Kft.
1148, Budapest, Fogarasi út 3-5.
3.) Guarantees for the protection of personal data
The employer has implemented and continues to implement appropriate technical and organisational measures to ensure an adequate level of data security, taking into account the technical conditions and the nature, scope, context and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of employees. Accordingly, the employer shall implement the following technical and organisational measures:
(a) access to personal data stored electronically is restricted to the employer;
(b) the use of external and internal firewalls and anti-virus software;
(c) ensuring the continued confidentiality, integrity, availability and resilience of the systems and services used to process personal data;
(d) the storage of paper documents containing personal data relating to the employment relationship and work in a locked cabinet.
4) Rights of data subjects
The Data Subject shall have the right to obtain from the Data Controller the following rights in relation to the processing of his/her personal data
– to be informed of the circumstances surrounding the processing;
– to request the rectification or, in the cases specified under the GDPR, the erasure of personal data;
– to request the restriction of processing;
– to be informed of the recipients to whom the Data Subject’s personal data have been disclosed by rectification, erasure or restriction of processing;
– to have access to his or her personal data;
– exercise his or her rights to data portability (in the cases specified under the GDPR);
– object to processing based on legitimate interest.
– The employee may make a request concerning the above rights in writing or electronically addressed to the employer using any of the contact details in point I of this notice.
The Data Controller shall decide on the request without undue delay, at the latest within one month of receipt, and shall inform the employee of the action taken on the request or, if no action is taken, of the reasons for the lack of action. In addition, the possibility of lodging a complaint with the supervisory authority or an appeal with the courts.
The time limit for action may be extended by a further two months if necessary, taking into account the complexity of the request and the number of requests. The Controller shall inform the applicant of the extension of the time limit within one month of receipt, stating the reasons.
1.) The Data Subject’s right to information
By publishing the information, the Data Controller shall take measures to ensure that the Data Subject has access to all the information on the processing of personal data as provided for in Article 13 of the GDPR.
In the event that the data provided have not been obtained by the Controller from the Data Subject, the obtaining of the data shall in any case be subject to the Union or Member State law applicable to the Controller.
2) The Data Subject’s right of access
The Data Subject shall have the right to receive feedback from the Controller on the processing of his/her personal data after proof of his/her identity. The Controller shall provide the information related to the exercise of the right of access in writing, by post or by electronic means.
3) Right to rectification and erasure
The Data Subject may request the Controller to correct inaccurate data relating to him/her.
The Data Subject shall have the right to obtain, upon reasoned request, the erasure of personal data relating to him or her by the Controller without delay. The Data Controller shall delete it if:
– the personal data are no longer necessary for the purposes for which they were processed;
– the Data Subject withdraws his or her consent and there is no other legal basis for the processing;
– the Data Subject objects to the processing and there are no overriding legitimate grounds for the processing;
– the personal data must be erased in order to comply with a legal obligation under applicable Union or Member State law.
The Data Subject may not exercise his or her right to erasure inter alia where the processing:
– For the purposes of complying with an obligation to process personal data under applicable Union or Member State law to which the Controller is subject,
– The data subject is not subject to the processing of personal data for the purposes of the Union or Union law.
4) Right to restriction of processing
The Data Subject shall have the right to obtain, upon a reasoned request, the restriction of processing by the Controller where:
– the Data Subject disputes the accuracy of the personal data (as long as the Controller verifies the accuracy of the personal data);
– the processing is unlawful and the Data Subject objects to the erasure of the data;
– the Data Controller no longer needs the personal data for the purposes of processing, but the Data Subject requires them for the establishment, exercise or defence of legal claims;
– the Data Subject has objected to the processing (until the Data Controller overcomes the objection).
During the period of restriction, personal data may continue to be processed, except for storage, inter alia, only with the consent of the Data Subject or for processing relating to the exercise of legal claims.
5) Right to object
The Data Subject may object to the processing of his/her personal data if the legal basis for the objection is the legitimate interests of the Controller. In such a case, the Controller may only further process the data if it can demonstrate that the processing is justified by overriding legitimate grounds or is related to the establishment, exercise or defence of legal claims.
6) Right to data portability
The Data Subject has the right to receive the personal data relating to him/her which he/she has provided to the Controller in a structured, commonly used, machine-readable format. Furthermore, he or she has the right to transmit these data to another Controller without hindrance from the Controller to whom he or she has provided the personal data, if:
– the processing is based on consent or on a contract; and
– the processing is carried out by automated means.
5) Remedies procedure
1) Submitting a complaint to the DPO
If you have a complaint regarding the processing of your personal data, you should contact the Data Controller using one of the contact details below:
Phone: +36 20 222 7701
2.) Initiation of legal proceedings
If you suffer a breach in the exercise of your rights as a data subject or in the processing of your personal data, you may bring a civil action against the Controller. The court has jurisdiction to hear the case. Proceedings may be brought before the courts for the place of residence or domicile of the Data Subject. The court shall rule on the case out of turn. In the event of a finding of infringement, you may claim damages and compensation and the court may order the Data Controller to exercise the rights concerned.
Further information and contact details of the courts can be found at the following link:
3) Submitting a complaint to the supervisory authority
If you are aggrieved by the processing of your personal data, you may lodge a complaint with the National Authority for Data Protection and Freedom of Information.
The contact details of the Authority are:
Postal address: 1530 Budapest, PO Box 5
Phone: +36 1 391 1400
Date: Budapest, 01.02.2021.02.2021