The operator of the website www.faferi.hu is “FA-FERI” Kft. (hereinafter referred to as: Data Controller). During the visit and use of the services of the website, the visitor (hereinafter referred to as: Data Subject) may provide personal data. The purpose of this information is for the Data Controller to present to the users of the website the data management practices regarding personal data, the organizational and technical measures taken to protect their data, and to inform the Data Subject about their rights regarding legal remedies.

The Data Controller manages the personal data of the Data Subject during the operation of the website or web page www.faferi.hu in accordance with the following legal regulations:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR)
• Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter: Infotv.)
• Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (hereinafter: Ektv.)
• Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (hereinafter: Ektv.)
• Act C of 2003 on Electronic Communications (hereinafter: Ehtv.)
• Act CXIX of 1995 on the Management of Name and Address Data for the Purpose of Research and Direct Business Acquisition

The Data Controller reserves the right to change this information notice, with the current notice becoming effective upon publication on the website.

I. Data Controller’s Information

I.1. Name and contact details of the Data Controller and its representative:

Name and contact details of the Data Controller and its representative:

“FA-FERI” Kft.

Registered office: 8800 Nagykanizsa, Magyar út 168.
Tax number: 11356020-2-20
Email: info@faferi.hu
Phone: +36 93 536 276
Representative: Zoltán Varga CEO, email: varga.zoltan@faferi.hu phone: +36209751579

Contact details of data processors:
Company name: Loréna Kft.,
Registered office: 9700 Szombathely, Vízöntő u. 7.
Tax number: 23192238-2-18
Email: info@lorenakft.hu, phone: +36 30 4669796
Representative: Bálint Varga

II. A Purpose, legal basis, and duration of personal data processing

II. Data of website visitors

The Data Controller’s website uses cookies to operate the website, facilitate its use, track activities on the website, and display relevant offers. Cookies are small data packages stored in the browser by internet services. It is an essential technology for providing efficient and modern user experience in online services, supported by all modern browsers.

II.1 Cookies providing basic functionality

These cookies ensure the proper functioning of the website, facilitate its use, and collect information about its usage without identifying visitors.

This includes, for example, the status of cookie acceptance, remembering login methods and data, status of website notification messages, and the reduced functionality Google Analytics code.

Legal basis for data processing	Purpose of data processing	Duration of data processing	Types of data processed
Ektv. 13/A (3)	Ensuring proper functioning of the website	Session cookies: until the end of visitor session. Usage-enhancing cookies: 6 months	– Reduced functionality Google Analytics- etc.

II.2 Statistical Cookies

For the purpose of website development and improving user experiences, the Data Controller also utilizes cookies that allow gathering information on how visitors use the website. These cookies cannot personally identify the data subject; they collect information such as which pages the visitor viewed, which parts of the website the user clicked on, how many pages were visited, the duration of each session, and any error messages encountered.

Performance-enhancing cookies include Google Analytics cookies. For further information regarding Google Analytics cookies, please refer to: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage.

Basis of Data Processing	Purpose of Data Processing	Duration of Data Processing	Types of Data Processed
Your consent	Gathering information on how our visitors use our website	Depending on the cookie: Until the end of the session, up to 2 years – 24 hours – 1minute – 90 days	Google Analytics code  _ga _gid _gat _gac_<property-id>

II.3 Targeting and advertising cookies

The purpose of these cookies is to display advertisements on the website that are even more interesting or relevant to the visitor. These cookies cannot personally identify the Data Subject; they collect information such as which pages the visitor viewed, which parts of the website the user clicked on, how many pages were visited, all to understand the visitor’s interests.

If the visitor has previously consented to this, the information collected during website usage tracking may be used collectively by the Data Controller with the Data Subject’s personal data in order for the Data Controller to better tailor its marketing communications to the Data Subject’s needs and draw their attention to more personalized offers.

The Data Controller uses the following providers’ advertising cookies on the website:

Google Adwords
For detailed information about the service, please visit the following link: https://www.google.com/intl/hu/policies/privacy

Facebook
For detailed information about the service, please visit the following link:

https://www.facebook.com/help/cookies/

Legal Basis	Purpose of Data Processing	Duration of Data Processing	Types of Data Processed
Your Consent	Displaying relevant ads, creating and storing identifiers	Depending on the cookie: – Up to 90 days – Up to 18 months – or up to 2 years	– Google Adwords conversion code – Google Adwords remarketing code – Google Analytics remarketing function – Facebook conversion code – Facebook remarketing code – DoubleClick Floodlight code – portalId

How to Check and Disable Cookies?

Every modern browser allows you to change cookie settings. Most browsers automatically accept cookies by default, but these settings can usually be changed to prevent automatic acceptance. You can set your browser to prompt you each time cookies are offered, allowing you to decide whether to accept them.

Please note that since cookies are intended to facilitate or enable the usability and processes of our website, preventing or deleting cookies may affect your ability to fully utilize the features of our website, or cause the website to function differently than intended in your browser.

You can find information about cookie settings in the most popular browsers at the following links:

• Google Chrome: https://support.google.com/chrome/answer/95647?hl=hu&co=GENIE.Platform%3DDesktop
• Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
• Microsoft Internet Explorer: https://support.microsoft.com/hu-hu/help/17442/windows-internet-explorer-delete-manage-cookies
• Microsoft Edge: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
• Safari: https://support.apple.com/kb/ph21411?locale=hu_HU

 

II.2. Contacting via Website and Facebook Page

The Data Controller does not provide the option of sending messages through the website, only its own email and phone contact details. Visitors to the website can contact the Data Controller through the contact details provided by the Data Controller in order to request an offer or information. The Data Controller provides an opportunity for anyone to contact them and request information or an offer on their Facebook page. The data provided through online platforms is only used by the Data Controller to contact the Data Subject regarding their inquiry, and in case of a request for an offer, to arrange on-site technical surveys and prepare price quotes.

Purpose of Data Processing: The Data Controller contacts the Data Subject for the purpose of placing an order and providing an offer to the Data Subject.

Legal Basis for Data Processing: The voluntary consent of the Data Subject based on Article 6(1)(a) of the GDPR.

Types of Data Processed: Message and provided data by the Data Subject (name, phone number, email address, subject of contact)

Duration of Data Processing:Until the withdrawal of the Data Subject’s consent, until the request for deletion, but for no longer than 1 year, or for the duration specified by law in case of contract conclusion

Consequences of Failure to Provide Data: The Data Subject will not receive a price quote or professional information

Data Processors: The Data Controller uses server providers as data processors: The necessary data for the operation of the Data Controller’s website operates and is stored on the servers of the company specified in the table, from which security backups are made to ensure data security.

Company Name	Headquarters	Tasks of Data Processor, Reason for Utilization
Cre-Art Stúdió Bt	HU 8800 Nagykanizsa, Zrínyi Miklós utca 20/B	Server hosting, data storage
DotRoll Kft.	HU 1148 Budapest, Fogarasi út 3-5.	Server hosting, data storage

IV. Guarantees Ensuring the Protection of Personal Data

The Data Controller is obligated to take the necessary technical and organizational measures and establish procedural rules to ensure the security of personal data in all purposes and legal basis for data processing in accordance with the Regulation and the Infotv.

The Data Controller protects the data with appropriate measures against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

Personal data is considered and treated as confidential by the Data Controller. Employees are obliged to maintain confidentiality regarding the processing of personal data, and they are required to make a declaration of confidentiality. Access to personal data is restricted by granting authorization levels.

The Data Controller protects information systems with a firewall and provides virus protection.

Electronic data processing and record-keeping are carried out through computer programs that meet the requirements of data security. The program ensures that access to data is restricted to authorized individuals under controlled conditions and only for the purposes to which they are entitled.

V. Rights of Data Subjects

The data subject is entitled to receive information from the Data Controller about the circumstances of data processing;

to request correction or deletion of personal data, or in cases specified by the GDPR, to request restrictions on processing;

to be informed about the recipients to whom the data subject’s personal data have been corrected, deleted, or processing restricted;

to access personal data;

to exercise the right to data portability (in cases specified by the GDPR);

to object to processing based on legitimate interests.

The data subject may submit requests regarding the above rights in writing or electronically to the Data Controller at any of the contact details provided in section I of this notice.

The Data Controller shall decide on the request without undue delay, within one month of receipt, and shall inform the data subject of the measures taken as a result of the request, or if no action is taken, the reasons for this, as well as the possibility of lodging a complaint with a supervisory authority or seeking judicial remedy.

If necessary, the deadline may be extended by a further two months, taking into account the complexity of the request and the number of requests. The data subject shall be informed of any such extension within one month of receipt of the request, along with the reasons for the delay.

If the data subject’s request is manifestly unfounded or excessive, the Data Controller may charge a fee or refuse to act on the request.

V.1. Right to Information for the Data Subject

By publishing this information, the Data Controller takes measures to ensure that the data subject has access to all the information specified in Article 13 of the GDPR regarding the processing of personal data.

In cases where the provided information was not obtained from the data subject, the acquisition of data must comply with applicable EU or member state law.

V.2. Right of Access

Upon verification of the individual’s identity, they are entitled to receive feedback from the Data Controller regarding the processing of their personal data. Information related to the exercise of the right of access is provided by the Data Controller in writing, by post, or electronically.

V.3. Right to Rectification and Erasure

The individual may request the Data Controller to rectify any inaccurate data concerning them. They have the right to request the prompt erasure of personal data under certain circumstances. The Data Controller is obliged to delete personal data if:

• the data is no longer necessary for the purposes for which it was collected;
• the individual withdraws their consent, and there is no other legal basis for processing the data;
• the individual objects to the processing, and there are no overriding legitimate grounds for the processing;
• the personal data has been unlawfully processed.

The individual cannot exercise the right to erasure, among other cases, if the processing is necessary

• for compliance with a legal obligation to which the Data Controller is subject;
• for the establishment, exercise, or defense of legal claims.

V.4. Right to Restriction of Processing

The individual has the right to request the Data Controller to restrict the processing of personal data under certain circumstances, including:

• the accuracy of the personal data is contested by the individual (while the accuracy of the data is being verified by the Data Controller);
• the processing is unlawful, and the individual opposes the erasure of the data;
• the Data Controller no longer needs the personal data for processing purposes, but the individual requires them for the establishment, exercise, or defense of legal claims;
• the individual has objected to processing pending the verification of whether the legitimate grounds of the Data Controller override those of the individual.

During the restriction period, personal data may only be processed, among other cases, with the individual’s consent or for the establishment, exercise, or defense of legal claims.

V.5. Right to Object

The individual has the right to object to processing based on the legitimate interests pursued by the Data Controller. In this case, the Data Controller may only continue processing the data if it can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the individual or for the establishment, exercise, or defense of legal claims.

V.6. Right to Data Portability

The individual has the right to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used, and machine-readable format. They also have the right to transmit those data to another Data Controller without hindrance from the Data Controller to whom the personal data has been provided, where

• the processing is based on consent or a contract; and
• the processing is carried out by automated means.

VI. Remedies

VI. 1. Lodging a Complaint with the Data Protection Officer

If you wish to file a complaint regarding the processing of your personal data, please contact the Data Controller using the following contact information:

“FA-FERI” Kft.

Registered Office: 8800 Nagykanizsa, Magyar út 168.
Tax Number: 11356020-2-20
Email: info@faferi.hu
Phone: +36 93 536 276
Representative: Zoltán Varga Varga , email: varga.zoltan@faferi.hu, phone: +36209751579

Data Protection Officer: Bálint Varga, adatvedelem@faferi.hu, +36304669796

VI. 2. Initiating Legal Proceedings

If you believe that your rights have been violated in connection with the exercise of your rights or the processing of your personal data, you may initiate civil proceedings against the Data Controller. The jurisdiction for the proceedings lies with the court. The proceedings may be initiated before the court having jurisdiction over your place of residence or habitual residence. The court shall expedite the case. In the event of a finding of infringement, you may claim damages and compensation, and the court may order the Data Controller to fulfill your rights.

Further information and contact details of the courts can be found at the following link: http://birosag.hu/torvenyszekek: http://birosag.hu/torvenyszekek

VI. 3. Filing a Complaint with the Supervisory Authority

If you have suffered harm in connection with the processing of personal data, you may lodge a complaint with the National Authority for Data Protection and Freedom of Information.

Contact information for the authority:
E-mail: ugyfelszolgalat@naih.hu
Phone: +3613911400
Mailing address: 1530 Budapest, Pf.: 5.
Website: www.naih.hu

Nagykanizsa, April 28, 2022.