Company name: ThanX Digital Solutions Ltd.
Headquarter and mailing address: 8. Paál László Street, Gárdony, 2483, Hungary
Company registration number: 07-09-033139
Tax ID number: 27732836-2-07
EU VAT number: HU27732836
Phone: +36 70 6199721
Data Protection Officer: the GDPR Regulation does not oblige the Operator to appoint a Data Protection Officer
Effective from 10th May 2022.
The Data Controller reserves the right to change and amend the Data Management Information by unilateral decision.
The scope of the Data Management Information covers data management arising from the commercial activities of the Operator. By accessing the site, registering and making a purchase, the user of www.fortunx.com accepts the provisions of the Data Management Information in force at any time and expresses his / her consent thereto.
The legal basis for data processing is the voluntary consent of the data subject concerned, based on the prior information of the Data Controller. The Data Controller does not check the personal data provided to it, and excludes its responsibility for their accuracy and the legality of the partners’ data processing. The data subject has the right to withdraw his or her consent at any time. Withdrawal of consent shall not affect the lawfulness of the data processing prior to withdrawal.
The Data Controller will only collect and process your data if you have given your consent. We can assure you that we will make every effort to comply with the strict requirements of data management and confidentiality, and in all cases we will endeavor to comply with all legal provisions relating to data protection. We use all the personal information we collect solely to provide the highest possible level of service to our customers and to optimize our services to meet their needs and expectations. The Data Controller is committed to respecting the right to information self-determination. We treat your personal information confidentially and do not pass it on to third parties, unless it is necessary for the performance of the contract for certain partners and subcontractors of the company. Only data that they specifically need to carry out their tasks will be transmitted to them. You are not authorized to use, store or transmit the data received from us in any form.
- Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter: GDPR)
- Act on the Right to Self-Determination of Information and Freedom of Information (hereinafter: the Information Act)
Data controller: a natural or legal person, public authority, agency or any other body that determines the purposes and means of the processing of personal data independently or together with others.
Data management: any set of operations or operations on personal data or files, whether automated or non-automated, such as collecting, recording, organizing, segmenting, storing, transforming or altering, retrieving, viewing, using, transmitting, distributing or otherwise making available harmonization or interconnection, restriction, deletion or destruction.
Data processor: a natural or legal person, public authority, agency or service provider who processes personal data on behalf of the Data Controller.
Personal data: any information relating to an identified or identifiable natural person (“data subject”); identify a natural person who, directly or indirectly, in particular by reference to one or more factors such as name, number, location, online identifier or physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable.
Data subject: Any natural person identified or identifiable directly or indirectly on the basis of personal data.
Data subject’s consent: a voluntary, specific and well-informed and unambiguous statement of the data subject’s consent to the processing of personal data concerning him or her, by means of a statement or an act which unequivocally confirms the confirmation.
Recipient: any natural or legal person, public authority, agency or any other body to whom personal data are disclosed, whether a third party or not.
Third party: any natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or persons who have been authorized to process personal data under the direct control of the controller or processor.
Principles of data processing
Personal data must be:
- processed lawfully and fairly and in a way that is transparent to the data subject (“lawfulness, fairness and transparency”)
- processed only for a specified purpose, in order to exercise a right and fulfill an obligation (“purpose limitation”)
- appropriate, relevant and limited to what is necessary for the purposes of the processing (“data saving”);
- accurate and, where necessary, kept up to date (“accuracy”)
- in a form which permits identification of data subjects for no longer than is necessary for the purposes of the processing of personal data. (“limited storage”)
- handled in such a way as to ensure adequate security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage to the data (“integrity and confidentiality”)
The provision of data on the website is voluntary and the Data Controller handles personal data with the consent of the data subject. In any case, the Data Controller will not collect the personal data of the data subject in the case of a person under the age of 16. We do not transfer personal data to a controller or processor in a third country and do not unduly transfer them to third parties.
Lawfulness of data processing
The processing of personal data shall be lawful only if and to the extent that at least one of the following is fulfilled:
- (a) the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes;
- (b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to concluding the contract;
- (c) processing is necessary for compliance with a legal obligation to which the controller is subject;
- (d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;
- (e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- (f) processing is necessary for the protection of the legitimate interests of the controller or of a third party, unless those interests take precedence over the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the child concerned.
Data security measures
The Data Controller shall store the personal data provided by the data subject at its registered office and shall take appropriate measures to ensure the security of the data and to protect the personal data of the data subjects against unauthorized access. The Data Controller ensures that the principles of data management are respected and that personal data cannot be made available to an indefinite number of persons.
Purpose of data management
The purpose of data management is only the subsequent proof of the services and contractual relations of the Website. In the course of data management, we strive to process only the personal data necessary for the fulfillment of the purpose.
Therefore, the data management is based on the above:
- contacting, keeping in touch, and identifying the users,
- handling complaints and administration.
Scope and duration of the data processed
During the data processing, the Data Controller manages your name, address, telephone number, e-mail address, the IP address of the data subject and, in the event of a complaint, its contents. In all cases, only the data strictly necessary for the performance will be processed for the period required by law or specified by law.
- During the contact: data provided by you, such as e-mail, name, telephone number (until the contact is completed).
- Complaint handling: name, address, telephone number, e-mail address, content of the complaint and the recorded report (according to Section 17 / A (7) of the Consumer Protection Act 1997, we are obliged to keep the complaint for 5 years).
- When subscribing to the newsletter, we store the IT data related to the consent – the date of the consent and the IP address of the data subject – for later verification, in accordance with legal requirements (until the consent to the data processing is revoked).
The Data Controller uses so-called cookies on the website in order to save certain settings and facilitate the use and optimization of our Webshop. We also collect statistical information about our visitors using Google Analytics. The data recorded in this way (e.g. IP address, date of visit, in some cases the type of browser) is not suitable for identifying the user and cannot be linked to other personal data. Google will only pass on this information to third parties where required to do so by law, or where such information is processed by third parties on Google’s behalf.
Google General Cookie Information: https://www.google.com/policies/technologies/types
Google Analitycs Information: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=en
Facebook information: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
Further data management
If the Data Controller wishes to carry out further data processing, he / she will provide prior information on the relevant information. We will only transfer personal data to a third party if the data subject has explicitly consented to it or is authorized by law to transfer the data.
We would like to inform you that written requests for data from the competent authorities based on legal authorization must be complied with by the Data Controller. The Data Controller cannot be held responsible for the data transfer and possible consequences arising from this.
The Data Controller informs about the data transfers in the Infotv. In accordance with Section 15 (2) – (3), it shall keep records for the purpose of verifying the lawfulness of the data transmission.
Data processing activities
Data processors and external service providers participate in the performance of the activities of the Website, such as marketing activities, with the Data Controller. We will use our best endeavors to ensure that the personal data transmitted is handled in accordance with the law and is used exclusively for the performance of their duties.
Data Processors Used by the Operator, External Service Providers:
- Facebook (Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland)
- Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, United States of America)
In the course of data processing, you have the following rights under the GDPR:
- access to personal data the
- delete (“forget”) the right to
- restrict data processing the right to
- data portability the right to
The data subject’s right of access
The subject has the right to receive feedback from the controller as to whether the processing of your personal data is in progress and, if such processing is in progress, you have the right to access the personal data processed and the following information:
- (a) for the purposes of the processing;
- (b) the categories of personal data concerned;
- (c) the recipients or categories of recipients to whom the personal data have been or will be communicated, including in particular third country recipients or international organizations;
- (d) where applicable, the intended period for which the personal data will be stored or, if that is not possible, the criteria for determining that period;
- (e) the right of the data subject to request the controller to rectify, erase or restrict the processing of personal data concerning him or her and to object to the processing of such personal data;
- (f) the right to lodge a complaint with a supervisory authority;
- (g) if the data were not collected from the data subject, all available information on their source;
- (h) the fact of automated decision-making, including profiling, and at least in such cases, comprehensible information on the logic used and the significance of such data processing for the data subject.
The Data Controller shall make a copy of the personal data subject to data processing available to the data subject. The Data Controller may charge a reasonable fee based on administrative costs for additional copies requested by the data subject. Where the data subject has submitted the request by electronic means, the information shall be provided in a widely used electronic format, unless otherwise requested by the data subject. The right to request a copy shall not adversely affect the rights and freedoms of others.
Right of rectification
The data subject has the right to have inaccurate personal data concerning him or her rectified at his or her request without undue delay. Taking into account the purpose of the data processing, the data subject has the right to request that the incomplete personal data be supplemented, inter alia, by means of a supplementary statement.
Right of cancellation (“forgetting”)
(1) The data subject shall have the right to have his or her personal data deleted without undue delay at his or her request, and the controller shall be obliged to delete the personal data concerning him or her without undue delay if the data subject so requests. one of the following reasons exists:
- (a) personal data are no longer required for the purpose for which they were collected or otherwise processed;
- (b) the data subject withdraws his or her consent on which the processing is based and there is no other legal basis for the processing;
- (c) the data subject objects to the processing of the data and there is no overriding legitimate reason for the processing
- ; (d) the personal data have been processed unlawfully;
- (e) personal data must be deleted in order to fulfill a legal obligation to which the controller is subject under applicable Union or Member State law;
- (f) personal data have been collected in connection with the provision of information society services.
- Where the controller has disclosed personal data and is required to delete it pursuant to paragraph 1, it shall take reasonable steps, including technical measures, to inform the controllers, taking into account the technology available and the cost of implementation. that the data subject has requested the deletion of links to the personal data in question or of a copy or duplicate of such personal data.
- Paragraphs 1 and 2 shall not apply where the processing is necessary:
- (a) for the purpose of exercising the right to freedom of expression and information;
- (b) to fulfill an obligation under Union or Member State law applicable to the controller to process personal data or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;
- (c) on grounds of public interest in the field of public health;
- (d) for archiving purposes in the public interest, for scientific and historical research purposes or for statistical purposes, where the right referred to in paragraph 1 would be likely to make such processing impossible or seriously jeopardize; or
- (e) to bring, assert or defend legal claims.
Right to restrict the processing
(1) The data subject shall have the right, at the request of the controller, to restrict the processing if one of the following conditions is met:
- (a) the data subject disputes the accuracy of the personal data, in which case the that the controller checks the accuracy of the personal data;
- (b) the processing is unlawful and the data subject opposes the erasure of the data and instead requests that their use be restricted;
- c) the Data Controller no longer needs the personal data for the purpose of data processing, but the data subject requests them in order to submit, enforce or protect legal claims; or
- (d) the data subject has objected to the processing; in that case, the restriction shall apply for as long as it is established whether the legitimate reasons of the controller take precedence over the legitimate reasons of the data subject.
(2) Where the processing is subject to a restriction, such personal data, with the exception of storage, shall be subject to the consent of the data subject or to the submission, enforcement or protection of legal claims or the protection of the rights of another natural or legal person can be treated.
(3) The Data Controller shall, at the request of the data subject at whose request the data processing has been restricted pursuant to subsection (1), inform him or her in advance of the lifting of the data processing restriction.
The right to data portability
The data subject shall have the right to receive personal data concerning him or her made available to a data controller in a structured, widely used machine-readable format and to transfer such data to another data controller without being prevented from doing so. the controller to whom the personal data have been made available if:
- (a) the legal basis for the processing is based on consent or a contract; and
- (b) the data processing is automated.
When exercising the right to data portability, the data subject shall have the right, if technically feasible, to request the direct transfer of personal data between data controllers.
The exercise of the right to data portability shall not infringe the right of erasure. The right to portability of data shall not apply where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
The right to data portability must not adversely affect the rights and freedoms of others.
Right to protest
The data subject has the right to object at any time to the processing of his or her personal data, including profiling, for reasons related to his or her own situation. In that case, the controller may not further process the personal data unless the controller demonstrates that the processing is justified by compelling legitimate reasons which take precedence over the interests, rights and freedoms of the data subject or which are necessary to bring, assert or defend legal claims. are related.
Where personal data are processed for the purpose of direct business acquisition, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for that purpose, including profiling, in so far as it relates to direct business acquisition.
If the data subject objects to the processing of personal data for the purpose of direct business acquisition, the personal data may no longer be processed for this purpose.
Where personal data are processed for scientific and historical research or statistical purposes, the data subject shall have the right to object to the processing of personal data concerning him or her on grounds relating to his or her situation, unless the processing is necessary for the performance of a task carried out in the public interest.
The data subject has the right not to be covered by a decision based solely on automated data processing, including profiling, which would have a legal effect on him or her or would be significantly affected.
The preceding paragraph shall not apply where the decision is:
- (a) necessary for the conclusion or performance of the contract between the data subject and the controller;
- (b) is governed by Union or Member State law applicable to the controller, which also lays down appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; or
- (c) is based on the express consent of the data subject.
If you believe that the Data Controller has violated any legal provision on data processing or has not complied with any of your requests, you may file a complaint directly with the National Data Protection and Freedom of Information Authority or initiate an investigation procedure (address: 1125 Budapest, Szilágyi Erzsébet fasor 22 / c, phone: +36 1 391 1400, e-mail: firstname.lastname@example.org, website: www.naih.hu).
We would like to inform you that in case of illegal data processing, you have the right to go to court and initiate civil proceedings against the Data Controller. The person concerned may also bring an action before the court having jurisdiction over his or her place of residence or stay.
If at any time you decide to cancel the newsletters you receive from us or to delete your personal information, please notify us at email@example.com.
In addition, if you have any questions or concerns regarding compliance with these policies, or if you would like to make any comments to improve the quality of our prospectus, please contact us at the following e-mail address: firstname.lastname@example.org
All inquiries are welcome and to the best of our ability we meet the expectations of our visitors.
*This document is just a translation and the original language of the document is Hungarian. ThanX Digital Solutions Ltd. operates in Hungary, so in case of any inconsistency between the documents, the Hungarian one should prevail. The hungarian version can be downloaded by clicking the button below.