Data management conference

1. Introduction

1.1. The data management prospectus objective

This Data privacy (hereinafter referred to as ‘Information’) is designed to transparently and in detail show how we deal with your personal data in a sweet change Ltd. (hereinafter referred to as the ‘Data controller’) activities, as well as to provide information to stakeholder rights and those to be exercised.

1.2. Regulatory compliance (GDP-r, 2011. évi CXII. law)

  • The European Parliament and of the Council (EU) 2016/679 regulation of gdp (on): specifies the protection of personal data for a single eu rules.
  • 2011. évi CXII. law (Infotv.): the Hungarian data protection regulations are the basis of law that the information self-determination and freedom of information is about.

This is the Information for the above legislation requirements strive to meet.

2. Data controller data

2.1. The controller designation and contact details

  • Name: Sweet Switch Ltd.
  • Registered office: 7400 Kaposvár, Széchenyi tér 5. fsz. 1.
  • Company registration number: 1409320098
  • Vat number: 32267334-2-14
  • Representative: Dr. Göncz Nora Esther
  • E-mail: info@jogosdesszert.hu
  • Phone number: +36 30 530 78 75

2.2. The data management information availability

The present Prospectus in electronic form is available on the fair dessert.en page or in printed form upon request of the customer reception office can also be viewed.

3. Definitions

3.1. Gdp of basic concepts

  • Personal data: to an identified or identifiable natural person (‘concerned’) regarding any information.
  • Data controller: the natural or legal person, which is the processing of personal data, the purposes and tools sets.
  • Data processor: the natural or legal person, which on behalf of the controller personal data.
  • Contributionconcerned the will of the voluntary and explicit expression, with which it agrees that the personal data relating to them to manage.
  • Affected: any identified or identifiable natural person to whom the personal data refers.

3.2. Data protection incident definition

Data protection incident is any incident which is transmitted, stored or otherwise treat personal data is accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to results.

4. Data management policy

  • Legality, due process and transparency: Only for specified and lawful purposes, to treat the data.
  • Purpose limitation: Only pre-defined purpose, the goal to achieve, to the extent necessary.
  • Data saving: Only the goal, it is indispensable to personal data collected and treated.
  • Accuracy: Ensure that the personal data are accurate and, if necessary, up-to-date.
  • Limited storage life: Your personal data only to the objective for the time needed to be stored.
  • Integrity and confidentiality: appropriate technical and organisational measures we apply to the protection of personal data.

4.2. Data accuracy and security

  • The data regularly to update both the Data controller and the relevant responsible; the latter shall indicate if changes to the personal data.
  • The data manager will do all the data recorded is accurate, and appropriate security measures to protect them from unauthorized access.

5. Data processing purposes and legal bases

5.1. Registration on the website

  • Goal: create a user account and related services.
  • Legal basis:
    • Contribution (gdp is 6. (1) a)) in the case if the registration is voluntary, and the relevant request.
    • The performance of the contract (gdp is 6. (1) b)) if the registration of the service is a prerequisite.
  • Scope of managed data: Name, e-mail address, password (encrypted), registration date, IP address.

5.2. Order management

  • Purpose: processing The orders, execution of the contract, billing and delivery.
  • Legal basis: Contract (gdp is 6. (1) b)).
  • Scope of managed data: Name, shipping and billing address, contact details (phone number, e-mail), order data.

5.3. Invoice

  • Objective: The current accounting legislation (e.g., 2000. act C of) compliance.
  • Legal basis: legal obligation (gdp is 6. (1) c)).
  • Scope of managed data: name/company Name, address, tax (legal persons), other billing information required.

5.4. Newsletter sending

  • Purpose: marketing, communication, information about new products, special sales.
  • Legal basis: consent (gdp is 6. (1) a)).
  • Scope of managed data: Name, e-mail address.
  • Note: from The newsletter at any time, you can subscribe to the newsletter at the bottom of link or directly to the data controller at signaling.

5.5. Cookies (cookies) to use

  • Objective: The website function properly, to improve the user experience perfect attendance data analysis, for marketing purposes.
  • Legal basis:
    • Contribution (gdp is 6. (1) a)) – all cake, which is not of the website’s operation is essential.
    • Legitimate interests or the performance of the contract (gdp is 6. (1) f) or b)) – the operation is essential for technical cookies, in the case of.
  • Read more description: See this Information ‘Cookies (cookies) to use’ chapter (11. point).

5.6. Community pages are a data controller of

  • Purpose: Contact, information sharing (Facebook, Instagram, etc.).
  • Legal basis: Voluntary decision, contribution (gdp is 6. (1) a)).
  • Note: The social platform’s own data management practices of a particular platform data management prospectus should be viewed.

6. Scope of managed data

6.1. Personal data types

  • Identification data: name, user name, password (encrypted).
  • Contact information: e-mail address, phone number, address.
  • Technical data: IP address, browser type, cookies, login date.
  • Billing information: billing name, address, vat number (company only).

6.2. Data storage method and duration of

  • In electronic form are protected servers, password and other security solutions are also provided.
  • Paper basis (if any) at the headquarters or on-site, remote place.
  • Storage time: the legal obligations and the data management goals in place, or consent withdrawal. After that, the data will be deleted or anonymized them.

7. The rights of data subjects

7.1. Right to information

Concerned is entitled to obtain information about the applicable personal data, for what purpose, on what legal basis, from what source, how long to treat, and who have access to it.

7.2. Rectification right

If you are concerned considers that the processing of personal data is inaccurate or incomplete, to request the correction or completion.

7.3. Delete rights (‘forgotten to fight for rights’)

The data subject may request personal data to be deleted when no longer need the data for the original purpose or if you are concerned you withdraw your consent, and there is no other legal basis for the processing of data.

7.4. Data portability right to

The affected is entitled to the available data widely used, machine-readable format you will receive, and you can ask these other controller transmission.

7.5. Protest rights

  • Concerned at any time object to personal data processing, if the data management is the legal basis for the Data controller’s legitimate interests.
  • The concerned special entitled to object to your personal data for direct marketing (direct marketing) for the purposes of the processing.

8. Data security

8.1. Electronic data protection

  • Multi-level eligibility system.
  • Regular backups.
  • Antivirus and firewall use.

8.2. Technical and organisational measures

  • Closed office network and secure Wi-Fi you are using.
  • Paper-based documents in a locked cupboard storage.
  • Employees and data processors for regular data protection training.

9. Data protection incident management

9.1. Incident reporting to the authorities (72-hour rule)

Data protection incident in case of the Data controller, without undue delay, and if possible, not later than within 72 hours to announce that the National data protection and freedom of Information Authority (NAIH), unless there is likely no risk to the affected rights and freedom for.

9.2. Stakeholders to inform high risk in the case of

If the incident is likely to be high-risk to the affected rights and freedom given, the controller shall without delay inform the persons concerned is also a description of the incident point and the measures taken.

10. Data processors and third parties

10.1. Hosting provider

  • Name: Vitarex Studio Ltd.
  • Headquarters: Budapest, Aladar u. 17 Fsz. 1, 1016
  • Availability: vitarex@vitarex.hu; +36 1 385 1949
  • Data processing activities: the web server operation, technical maintenance. Only the Data controller under the instructions of the handling of personal data.

10.2. Accountant and other partners

The Data controller may use an accountant, courier, service, marketing agencies and other partners, with the personal data handling.

  • Accountant: Némethné Kiss Eszter/E-CONTROL-TAX, Bt., activity: accounting, payroll, taxation-related tasks.
  • Delivery Service: Express One Hungary Kft., activity: the ordered products are delivered.

With these partners (data processing with) the Data controller is always written contract with the gdp of your requirements. The contracts specify that the partners exclusively for the controller’s instructions, the stated purpose, and the time necessary to manage the data.

11. Cookies (cookies) to use

11.1. The cookies purposes and types of

  • Session cookies: the website for the functioning of essential, when you close the browser are deleted.
  • Functional cookies: to help the user a convenient, for example, note the log-in information or selected a language.
  • Analytical cookies (e.g. Google Analytics): statistical purposes, help to learn the user behavior and improve the operation of the site.
  • Marketing cookies: relevant ads and measure the effectiveness of ads to support it.

11.2. User settings management

  • The users in the browser settings can control how cookies are handled, so disable or delete them.
  • The cookie settings change may be that the website functions will not work correctly.
  • The website when you first visit a possibility of the non-fundamental (e.g., marketing) cookies to authorise or reject a pop-up window.

12. The concerned enforcement options

12.1. Submitting a complaint to the National data protection and freedom of Information Authority (NAIH)

If you are concerned considers that personal data treatment violates applicable laws, you can lodge a complaint to the National data protection and freedom of Information Authority:

  • Address: 1055 Budapest, Falk Miksa utca 9-11.
  • Phone: +36 (1) 391-1400
  • E-mail: ugyfelszolgalat@naih.hu

12.2. Judicial remedies

The affected rights in case of violation of court. The lawsuit – the choice – the residence court may initiate.

13. Data management as a basis for legislation

13.1. Gdp is (2016/679 EU regulation)

The European Parliament and of the Council (EU) 2016/679 regulation, which is designed for the protection of individuals with regard to the personal data treatment, and data to ensure free circulation of the EU.

13.2. 2011. évi CXII. law of informational self-determination rights

The Hungarian data protection law, which is the processing of personal data for domestic principles and limitations of controls.

13.3. Other relevant Hungarian legislation

  • 2000. act C of the accounting.
  • 2013. act V of the Civil code (civil Code).
  • 2008. évi XLVIII. law of the economic advertising activity basic conditions.

14. Final provisions

14.1. The data management conference scope and modification options

  • Present Indicative 2025. 1 december,. the date in force.
  • The Data controller is entitled to the Information unilateral right to amend, especially of the changes in legislation, new data management activities to introduce or to the supervisory authority recommendations to take into account.
  • The amendments on the website will be published and enter into force after the parties concerned accept the new rules for the services further using.

To: Kaposvár, 2025. december 1.Sweet Switch Ltd.
Dr. Göncz Nora Esther