+36 30 908 1597 | +36 30 799 2455

Privacy Policy

DEFINITIONS:

 

  1. “personal data” means any information relating to an identified or identifiable natural person (“data subject”); identifies a natural person who, directly or indirectly, in particular by reference to an identifier, such as name, number, positioning data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person identified;
  2. “data processing” means any set of operations or operations, whether automated or non-automated, carried out on personal data or files, such as collection, recording, systematization, segregation, storage, transformation or alteration, querying, access, use, communication, dissemination or dissemination; by other means of making available, coordination or interconnection, restriction, deletion or destruction;
  3. controller” means any natural or legal person, public authority, agency or any other body which determines the purposes and means of the processing of personal data, either alone or in association with others; if the purposes and means of data processing are defined by EU or Member State law, the specific aspects of the appointment of the controller or the controller may be determined by Union or Member State law;
  4. “data processor” means any natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
  5. “recipient” means any natural or legal person, public authority, agency or any other body with which personal data are communicated, whether or not a third party is involved. Public authorities which have access to personal data in accordance with Union or Member State law in the context of a specific investigation shall not be considered as a recipient; the management of such data by these public authorities must be in accordance with the applicable data protection rules in accordance with the purposes of the data processing;
  6. “consent of the data subject” means a declaration of the will of the data subject on a voluntary, concrete and adequate basis, by which he or she expresses his / her consent to the processing of personal data concerning him or her by means of an act expressing unequivocal confirmation;
  7. “personal data breach” means a security breach that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access to personal data transmitted, stored or otherwise processed.

PRINCIPLES FOR THE MANAGEMENT OF PERSONAL DATA

 

Personal data shall be:

  1. processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
  2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);
  3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
  4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
  5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’ );
  6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).

The controller shall be responsible for, and be able to demonstrate (‘accountability’).

Controller declares that data management is carried out in accordance with the principles set out in this section.

 

DATA TREATMENTS

TO MAKE AN OFFER

1.    The fact of data collection, the range of data processed and the purposes of data processing:

 

Personal Data Purpose of data processing
Name Identification
Phone number Contact, coordination
E-mail Contact, needs for sending the offer (answer)
Message It is necessary for the customization of the offer
Date of request Performing a technical operation
IP address of request Performing a technical operation

 

The email address does not need to contain personal information.

 

2. Affected: every person who requested an offer

3. Duration of data processing, deadline for deletion of data: If any of the conditions of Article 17 (1) of the GDPR exists, the data subject shall be deemed to have been canceled. The controller shall inform the data subject electronically of the deletion of any personal data provided by the data subject pursuant to Article 19 of the GDPR. If the data subject’s cancellation request also covers the e-mail address given by him / her, the data manager will also delete the e-mail address after the notification.

4. Identity of potential data controllers authorized to access the data, recipients of personal data: Personal data may be handled by authorized personnel of the Controller in accordance with this Policy.

5. Description of the data subjects’ rights to data processing: • The data subject may request from the controller access, rectification, erasure or restriction of personal data relating to him or her, and • the data subject has the right to data storage and the withdrawal of consent at any time. 6.    Data subjects may initiate access, deletion, modification, or limitation of the handling of personal data, and the portability of data in the following:

  • via mail to the Hungary, 1013 Budapest, Szarvas tér 1. address
  • via e-mail to budapest@underguide.com address,
  • via phone to +36/30/977-1980 number.

7. Legal basis for data processing: Article 6 (1) (b) of the GDPR.

8. Please note that:

  • data processing is required to make an offer.
  • is obliged to provide personal information to send an offer.
  • failure to provide data has the consequence that we cannot give you a customized offer.

 

CONTACT

1.    The fact of data collection, the range of data processed and the purposes of data processing:

 

Personal Data Purpose of data processing
Name Identification
E-mail address Contact, sending answer messages
Phone number Contact
Content of the message It is necessary for answering
Date of contact Performing a technical operation
IP address at contact date Performing a technical operation

 

The email address does not need to contain personal information.

 

2.    Affected: All concerned who are sending a message to the email address specified on the website.

3.    Duration of data processing, deadline for deletion of data: If any of the conditions of Article 17 (1) of the GDPR exists, until the request for cancellation of the data subject.

4.    Identity of potential data controllers authorized to access the data, recipients of personal data: Personal data may be handled by authorized personnel of the Controller in accordance with this Policy.

5.    Description of the data subjects’ rights to data processing: • The data subject may request from the controller access, rectification, erasure or restriction of personal data relating to him or her, and • the data subject has the right to data storage and the withdrawal of consent at any time.

6.    Data subjects may initiate access, deletion, modification, or limitation of the handling of personal data, and the portability of data in the following:

  • via mail to the Hungary, 1013 Budapest, Szarvas tér 1. address
  • via e-mail to budapest@underguide.com address,
  • via phone to +36/30/977-1980 number.

7.    Legal basis for data processing: consent of the data subject, Article 6 (1) (a) (b) and (c). If you contact us, you agree that we will treat your personal data (name, phone number, email address) as provided in this Policy.

8.    Please note that

  • This data management is based on your consent or is based on a legal obligation (co-operation) required for the submission of a contract or a contractual relationship.
  • is obliged to provide personal information to contact us.
  • Failure to provide data has the effect of not being able to contact the Service Provider.

 

CUSTOMER RELATIONS

 

1.    The fact of data collection, the range of data processed and the purposes of data management:

 

Personal data Purpose of data processing
Name, e-mail, phone number Contact, identification, fulfillment of contracts, business purpose.

 

2.    Affected: All those involved in contact with the data controller by phone / e-mail / personally or in contractual relationship.

3.    Duration of data processing, deadline for deletion of data: Data processing lasts until the legal relationship between the data controller and the data subject is terminated, or in the case of a contractual relationship, until the expiry of the civil law limitation period. 4.    Identity of potential data controllers authorized to access the data, recipients of personal data: Personal data may be handled by authorized personnel of the Controller in accordance with this Policy. 5.    Description of the data subjects’ rights to data processing: • The data subject may request from the controller access, rectification, erasure or restriction of personal data relating to him or her, and • the data subject has the right to data storage and the withdrawal of consent at any time.

6.    Data subjects may initiate access, deletion, modification, or limitation of the handling of personal data, and the portability of data in the following:

  • via mail to the Hungary, 1013 Budapest, Szarvas tér 1. address
  • via e-mail to budapest@underguide.com address,
  • via phone to +36/30/977-1980 number.

7.    Legal basis for data processing: 7.1.             GDPR Article 6 (1) (b) and (c). 7.2.             In the event of the claim arising from the contract, Act V of 2013 on the Civil Code 6:21. § 5 years.                          6:22. § [Limitation]                         (1) Except as otherwise provided in this Act, claims shall expire in five years.                         (2) The limitation period begins when the claim becomes due.                         (3) An agreement to change the limitation period shall be in writing.                         (4) The limitation period is null and void.

  1. Please note that

 

·         Data management is necessary for the performance of the contract and the offer.·         is obliged to provide personal information so that we can fulfill your order / other request.·         Failure to provide data has the consequence that we are unable to process your order / request.

 

DATA PROCESSORS Hosting provider 1.       Activity performed by data processor: Hosting service 2.       Name and contact details of the data processor:             Name: DotRoll Kft.            Address: 1148 Budapest, Fogarasi út 3-5.            Availability: support@dotroll.com, + 36-1-432-3232 3.       The fact of data management, the range of data processed: All personal data provided by the data subject.

 

  1. Affected: All website users.
  2. Purpose of data management: Making the website accessible and functioning properly.
  3. Duration of data management, the deadline for data deletion: Until the agreement between the data controller and the hosting provider is terminated or the data subject’s request for cancellation to the hosting provider is terminated.
  4.   Legal basis for data processing: Article 6 (1) (f) of the GDPR, and CVIII of 2001 on certain aspects of electronic commerce and information society services Act 13 / A. (3).
  5. Rights of the concerned:

 

  1. You can learn about the circumstances of data management,
  2. You are entitled to receive feedback from the data controller that your personal data is being processed and to have access to all information relating to data management.
  3. You are entitled to receive your personal data in a structured, widely used, machine-readable format.
  4. You are entitled to rectify your inaccurate personal data without undue delay upon request.
  5. You may object to the processing of your personal data.

 

Bookkeeping tasks

 

1.       Activity performed by data processor: Bookkeeping services 2.       Name and contact details of the data processor:

Name: Arany Marna Könyvelde Kft.

Address: 1118 Budapest, Radóc u. 15.

VAT number: 12902686-2-43

E-mail: konyvelde@aranymarna.hu

3.       The fact of data management, the range of data processed: name, billing name, billing address

 

  1. Affected: All parties involved in ordering and contracting

 

  1. Purpose of data management: Bookkeeping tasks

 

  1. Duration of data management, deadline for data deletion: 8 years under Section 169 (2) of Act C of 2000 on Accounting.

 

7.       Legal basis for data processing: Article 6 (1) (f) of the GDPR, and CVIII of 2001 on certain aspects of electronic commerce and information society services Act 13 / A. (3).

 

  1. Rights of the concerned:

 

  1. You can learn about the circumstances of data management,
  2. You are entitled to receive feedback from the data controller that your personal data is being processed and to have access to all information relating to data management.
  3. You are entitled to receive your personal data in a structured, widely used, machine-readable format.
  4. You are entitled to rectify your inaccurate personal data without undue delay upon request.

 

 

DATA TRANSMISSION:

Online payment

 

  1. Activity pursued by the recipient: Online payment

 

  1. Name and contact details of the recipient:

 

Name: PayPal

Address: 2211 North First Street, San Jose, California, USA

Web: www.paypal.com

Privacy Policy: https://www.paypal.com/hu/webapps/mpp/ua/privacy-full

 

  1. The fact of data management, the range of data processed: billing information, name, email address

 

  1. Affected: Customers who chose paypal.

 

  1. Purpose of data management: Fulfillment of online payment transactions, confirmation of transactions and fraud monitoring for users (abuse control)

 

  1. Duration of data processing, deadline for deletion of data: It lasts until the online payment.

 

7.    Legal basis for data processing: Article 6 (1) (b) of the GDPR. The legal basis is required for online payment at the request of the data subject. 8.    Rights of the concerned:

 

  1. You can learn about the circumstances of data management,
  2. You are entitled to receive feedback from the data controller that your personal data is being processed and to have access to all information relating to data management.
  3. You are entitled to receive your personal data in a structured, widely used, machine-readable format.
  4. You are entitled to rectify your inaccurate personal data without undue delay upon request.

 

  1. Other information: PayPal is used to make online purchases. The personal data and bank card details given at the time of ordering will be forwarded to US paypal servers. The personal data thus transmitted will be handled in accordance with the Paypal.com Privacy and Data Management Policy.

 

NEWSLETTER, DM ACTIVITY

 

  1. Sub-section 6 of Act XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activity, the User may consent in advance and expressly to the provision by the Service Provider of his/her advertisements and other mailings at the contact details given at the time of registration.

 

  1. Furthermore, the Customer may consent to the management of the personal data of the Service Provider in order to send the advertisements, bearing in mind the provisions of this Policy.

 

  1. The Service Provider shall not send unsolicited advertising messages and the User may unsubscribe from sending the offers free of charge without limitation or justification. In this case, the Service Provider deletes all of its personal data, which is necessary for sending the advertisement messages, from its register and does not contact the User with further advertising offers. Users can opt out of advertising by clicking the link in the message.

 

4.    The fact of data collection, the range of data processed and the purposes of data management:

 

Personal data Purpose of data management
Name, e-mail address Identification, enabling subscription to newsletter.
Time of subscription Performing a technical operation
IP address of the subscription Performing a technical operation

 

  1. Affected: All concerned by the newsletter

 

  1. Purpose of data management: sending electronic messages (e-mails) containing the advertisement to the data subject, providing information on actualities, products, actions, new features, etc.

 

  1. Duration of data processing, deadline for deletion of data: data processing lasts until withdrawal of the consent statement, ie until the unsubscribe.

 

  1. Identity of potential data controllers authorized to access the data, recipients of personal data: Personal data may be managed by a data management marketing staff, while respecting the above principles.

 

  1. Description of the data subjects’ rights to data processing:

·         The data subject may request from the controller access, rectification, erasure or restriction of personal data relating to him or her, and ·         protest against the processing of personal data and·         the data subject has the right to data storage and the withdrawal of consent at any time.

 

10. Data subjects may initiate access, deletion, modification, or limitation of the handling of personal data, and the portability of data in the following:

 

  • via mail to the Hungary, 1013 Budapest, Szarvas tér 1. address
  • via e-mail to budapest@underguide.com address,
  • via phone to +36/30/977-1980 number.

 

 

  1. You may opt out of the newsletter at any time, free of charge.
  2. Legal basis for data processing: the consent of the data subject, Article 6 (1) (a) and (f) and the basic conditions and limitations of certain commercial advertising activities in 2008 XLVIII. Section 6 (5) of the Act:

The advertiser, the advertising service provider, or the publisher of the advertisement, keeps a record of the personal data of the persons making the declaration that contributes to them, as defined in the consent. The data contained in this register, relating to the recipient of the advertisement, may only be handled in accordance with the consent statement until it is revoked and transferred to third parties only with the prior consent of the person concerned.

  1. Please note that
  • Data management is based on your consent and the legitimate interest of the service provider.
  • must provide personal information if you wish to receive a newsletter from us.
  • Failure to provide data has the consequence that we cannot send you a newsletter.

 

 

HANDLING OF COMPLAINTS

 

1.    The fact of data collection, the range of data processed and the purposes of data management:

 

Personal Data Purpose of data management
Surname and last name Identification, contact
E-mail address Contact
Phone number Contact
Billing name and address Identification, handling of complaints, issues and questions about the ordered products.

 

  1. Affected: All complainants with a quality objection about the received service.

 

  1. Duration of data processing, deadline for data deletion: Copies of the report of the objection and of the response, as set out in CLV 1997 on Consumer Protection. Act 17 / A. Section 7 (7) of this Act shall be retained for 5 years.

 

 

  1. Identity of potential data controllers authorized to access the data, recipients of personal data: Personal data may be managed by authorized personnel of the Controller in accordance with this Policy.

 

  1. Description of the data subjects’ rights to data processing:

·         The data subject may request from the controller access, rectification, erasure or restriction of personal data relating to him or her, and·         the data subject has the right to data storage and the withdrawal of consent at any time. 6.    Data subjects may initiate access, deletion, modification, or limitation of the handling of personal data, and the portability of data in the following:

 

  • via mail to the Hungary, 1013 Budapest, Szarvas tér 1. address
  • via e-mail to budapest@underguide.com address,
  • via phone to +36/30/977-1980 number.

 

  1. Legal basis for data processing: consent of the data subject, Article 6 (1) (c) and CLV 1997 on consumer protection. Act 17 / A. (7).

 

  1. Please note that

 

  • the provision of personal data is based on a legal obligation.
  • The processing of personal data is a prerequisite for concluding a contract.
  • is obliged to provide personal information to handle your complaint.
  • Failure to provide data has the consequence that we will not be able to handle your complaint.

 

SOCIAL MEDIA

  1. The fact of data collection, the range of data processed: Facebook / Google + / Twitter / Pinterest / Youtube / Instagram etc. name registered on social networking sites or public profile image of the user.

 

  1. Affected: Everyone involved in Facebook / Google + / Twitter / Pinterest / Youtube / Instagram etc. on social networking sites and “crawled” the website.

 

  1. Purpose of data collection: Sharing or promoting the content, products, actions or the website itself on the social networking sites.

 

  1. Duration of data management, deadline for deletion of data, identity of potential data controllers and data subjects’ rights to data management: The source of the data, its management and the method and legal basis for the transfer can be consulted on the relevant social media site. Data management is carried out on social networking sites, so the duration, mode and possibilities of deleting and modifying the data are governed by the regulation of the social media site.

 

  1. Legal basis for data management: voluntary consent of the data subject to the processing of personal data on social networking sites.

 

CUSTOMER RELATIONS AND OTHER TREATMENTS

 

  1. If a question arises during the use of our data management services, you may have problems with the data subject, you may contact the data controller in the ways specified on the website (telephone, e-mail, social network, etc.).
  2. Your data provided for incoming email, messages, phone, Facebook, etc. with the name and e-mail address of the inquirer and any other personal data provided voluntarily will be deleted by Data Controller after a maximum of 2 years from the date of the disclosure.
  3. Information about the data processing not listed in this Policy is provided when gathering the data.
  4. Upon request of an exceptional authority, or on the basis of authorization by law, the Service Provider shall be obliged to provide information, to communicate, to transmit or to make available documents.
  5. In such cases, the Service Provider issues personal data to the requesting party, if it specifies the exact purpose and scope of the data, only to the extent strictly necessary for the purpose of the request.

 

RIGHTS OF INTERESTED PARTIES

 

  1. Right of Access

 

You are entitled to receive feedback from the Data Controller about whether your personal data is being processed and, if such data is being processed, to have access to the personal data and information listed in the Regulation.

 

  1. Right to rectification

 

You have the right to rectify the inaccurate personal data relating to it without undue delay upon request. Taking into account the purpose of data management, you are entitled to request the supplementation of incomplete personal data, including by means of a supplementary declaration.

 

  1. Right to delete

 

You are entitled to delete the personal data relating to it from your controller at your request without undue delay, and the Data Controller is obliged to delete your personal data without undue delay under certain conditions.

 

  1. Right to be forgotten

 

If the controller has disclosed personal data and is obliged to delete it, it will take reasonable steps, including technical measures, to take into account the technology and implementation costs available to inform data controllers that you have requested the delete of links contained personal data or duplums of these personal data.

 

  1. Right to restrict data management

 

You are entitled to limit, upon request, the processing of data by the controller if any of the following conditions is met:

  • You dispute the accuracy of personal data, in which case the limitation applies to the time period that allows the controller to verify the accuracy of the personal data;
  • Data processing is against the law and you oppose the deletion of the data and instead ask for a restriction on its use;
  • the data controller no longer needs personal data for data management, but you require them to submit, validate or defend legal claims;
  • You protested against data management; in this case, the limitation applies to the period until it is established whether the legitimate reasons of the controller prevail over your legitimate reasons.

 

  1. The right to data storage

 

You are entitled to receive the personal data relating to it from a data controller, in a distributed, widely used, machine-readable format, and is entitled to forward this data to another data controller without being hampered by the controller whose provided personal information to you (…)

 

  1. Right to protest

 

In the case of data processing based on legitimate interest or on grounds of public authority, you have the right to object (at any time) to the processing of your personal data, including profiling based on those provisions, for reasons related to your own situation.

 

  1. Protest against Direct Marketing

 

If personal data is processed for the purpose of direct marketing, you are entitled to protest at any time against the processing of personal data relating to it, including profiling, if it is related to direct marketing. If you object to the processing of personal data for the purpose of direct marketing, then personal data may no longer be processed for this purpose.

 

  1. Automated decision making in individual cases, including profiling

 

You are entitled to exclude from the scope of a decision based solely on automated data management, including profiling, that would have legal effect on it or would be substantially affected by it.

The previous paragraph does not apply if the decision:

  • necessary for the conclusion or performance of a contract between you and the controller;
  • It is made possible by EU or Member State law applicable to the controller, which also lays down appropriate measures to protect your rights and freedoms and legitimate interests. or
  • based on your explicit consent.

 

DURATION OF MEASURE

 

The controller shall inform you without undue delay, but in any case within 1 month of receipt of the request, of the action taken on those requests.

 

If necessary, it can be extended by 2 months. The controller shall inform you of the extension of the deadline by indicating the reasons for the delay within 1 month of receipt of the request.

 

If the data controller fails to take action following your request, he or she will inform you without delay, but at the latest within one month of receipt of the request, of the reasons for not taking the action, and whether you may lodge a complaint with a supervisory authority and have the right of appeal.

 

SECURITY OF DATA MANAGEMENT

 

The controller and data processor shall implement appropriate technical and organizational measures to take account of the state of science and technology and the costs of implementation, taking into account the nature, scope, circumstances and objectives of data management and the risk to the rights and freedoms of natural persons. to guarantee a level of data security appropriate to the level of risk, including, inter alia, where applicable:

 

(a) the personalization and encryption of personal data;

 

(b) ensuring the continuing confidentiality, integrity, availability and resilience of the systems and services used to process personal data;

 

(c) in the event of a physical or technical incident, the ability to recover access to and availability of personal data in a timely manner;

 

(d) a procedure for the regular testing, assessment and evaluation of the effectiveness of technical and organizational measures taken to ensure the security of data management.

 

 

INFORMATION ABOUT THE PERSONAL DATA BREACH

 

If the personal data breach is likely to pose a high risk to the rights and freedoms of natural persons, the data controller shall inform the data subject of the personal data breach without undue delay.

 

The information provided to the data subject shall clearly describe the nature of the personal data breach and the name and contact details of the data protection officer or other contact person providing further information; the likely consequences of a personal data breach must be explained; the measures taken or planned by the controller to remedy the personal data breach, including, where appropriate, measures to mitigate any adverse consequences arising from the personal data breach.

 

The data subject need not be informed if any of the following conditions are met:

  • the data controller has implemented appropriate technical and organizational protection measures, and these measures have been applied to the data affected by the personal data breach, in particular measures such as the use of encryption that make the access of persons not authorized to access personal data impossible.
  • the data controller has taken additional measures after the data protection incident to ensure that the high risk reported to the data subject’s rights and freedoms is no longer likely to materialize.
  • information would require disproportionate effort. In such cases, the persons concerned shall be informed by means of publicly available information or a similar measure shall be taken to ensure that the persons concerned are equally informed.

 

If the data controller has not yet notified the data subject of the personal data breach, the supervisory authority, after considering whether the personal data breach is likely to pose a high risk, may order the data subject to be informed.

 

NOTIFICATION OF A PERSONAL DATA BREACH TO THE AUTHORITY

 

The personal data breach shall be notified by the controller without undue delay and, if possible, not later than 72 hours after the personal data breach has come to the attention of the supervisory authority pursuant to Article 55, unless the personal data breach is unlikely to pose a risk to the rights of natural persons. and freedoms. If the notification is not made within 72 hours, it shall be accompanied by the reasons justifying the delay.

 

COMPLAINT OPPORTUNITY

 

Complaint against a possible violation of data controller by the National Authority for Data Protection and Freedom of Information:

National Authority for Data Protection and Freedom of Information

1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Mail address: 1530 Budapest, Postafiók: 5.

Phone: +36-1-391-1400

Fax: +36-1-391-1410

E-mail: ugyfelszolgalat@naih.hu

 

 

This policy based on the following :

 

– Protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 (General Data Protection Regulation) REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (2016) April 27)

– CXII of 2011 Act on Information Self-Determination and Freedom of Information (hereafter: Infotv.)

– CVIII of 2001 Act on certain aspects of electronic commerce services and information society services (in particular Section 13 / A)

– 2008 XLVII. Act on the Prohibition of Unfair Commercial Practices against Consumers;

– 2008 XLVIII. Act – on the basic conditions and certain limitations of economic advertising (in particular Section 6)

– 2005 XC. Act on Electronic Information Freedom

– Act C of 2003 on Electronic Communications (specifically §155)

– 16/2011. s. Opinion on the EASA / IAB Recommendation on Best Practice for Behavioral Online Advertising

– Recommendation of the National Authority for Data Protection and Freedom of Information on Preliminary Information Privacy Requirements

– Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46