The operator of the website www.mabe-hungary.com is “MABE HUNGARY KFT.” (hereinafter referred to as the Data Controller). When browsing the website and using its services, the visitor (hereinafter referred to as the Data Subject) may provide personal data. The purpose of this Privacy Policy is to inform users of the website about the data processing practices adopted by the Data Controller, the organizational and technical measures implemented for data protection, and to inform the Data Subject about their rights and legal remedies.

The Data Controller processes the personal data of the Data Subject while managing the website www.mabe-hungary.com (hereinafter referred to as the website or portal) in accordance with the following regulations:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation, GDPR).
• Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter referred to as Infotv.).

The Data Controller reserves the right to modify this Privacy Policy. The modifications will take effect upon publication on the website.

1. IDENTIFICATION OF THE DATA CONTROLLER

Name of the Data Controller: MABE HUNGARY Kft.

Company registration number: 20-09-073609

Tax number: HU24367178

Registered office: 8800 Nagykanizsa, Csengery u.121., Hungary

Email address: info@mabe-hungary.com

2. DATA PROTECTION OFFICER

The Data Controller is not required to appoint a Data Protection Officer pursuant to Article 37 of the GDPR.

3. DEFINITIONS

• Data Subject: Any natural person who is identified or can be identified, directly or indirectly, based on personal data.
• Personal Data: Any information related to the Data Subject – in particular, their name, identification number, and one or more elements characteristic of their physical, physiological, genetic, mental, economic, cultural, or social identity – as well as any conclusion drawn from such data concerning the Data Subject.
• Consent: A free and unambiguous expression of the Data Subject’s will, based on adequate information, through which they clearly give their consent to the processing of their personal data, either in full or for specific operations.
• Objection: A declaration by the Data Subject contesting the processing of their personal data and requesting the cessation of processing or deletion of the processed data.
• Data Controller: A natural or legal person, public authority, agency, or other entity that, alone or jointly with others, determines the purposes and means of processing personal data, makes decisions regarding processing, and implements them either directly or through a designated data processor.
• Data Processing: Any operation or set of operations performed on personal data, regardless of the method used, including collection, recording, organization, storage, modification, use, retrieval, transfer, disclosure, combination, restriction, deletion, and destruction, as well as any other operations related to data processing, such as taking photographs, making audio or video recordings, or recording identifiable physical characteristics (e.g., fingerprints, palm prints, DNA samples, iris images).
• Data Processing Activities: The execution of technical tasks related to data processing operations, regardless of the methods and tools used or the place of application, provided that the technical task is performed on the data.
• Data Processor: A natural or legal person, public authority, agency, or other entity that processes personal data on behalf of the Data Controller based on a contract – including a contract concluded under a legal provision.
• Data Transfer: The disclosure of personal data to a specified third party.
• Data Erasure: The transformation of data into an unidentifiable form so that it can no longer be restored.
• Data Blocking: The labeling of personal data with an identifier to restrict its processing either permanently or for a specific period.
• Third Party: Any natural or legal person, public authority, agency, or other entity that is not the Data Subject, Data Controller, or Data Processor.

4. PROCESSED DATA, PURPOSE, AND DURATION OF PROCESSING

• Cookies: Our website uses cookies to facilitate and simplify navigation and content viewing. More information: Cookie Policy
• Newsletter Subscription

1. Collected Data: Name, email address.
2. Purpose: Sending commercial communications, offers, and updates.
3. Legal Basis: Consent of the Data Subject (Article 6(1)(a) GDPR).
4. Duration: Until consent is withdrawn via unsubscription.

• Contact Form:

1. Collected Data: Name, email address, subject, message.
2. Purpose: Responding to user inquiries.
3. Legal Basis: Consent of the Data Subject (Article 6(1)(a) GDPR).
4. Duration: Data is stored for a maximum of 12 months from the receipt of the message unless legal obligations require otherwise.

5. DATA PROCESSORS USED BY THE CONTROLLER

The Data Controller is authorized to transmit collected, recorded, and organized personal data to third parties. Such data transfer is always carried out in compliance with fundamental data processing principles (e.g., the principle of data minimization and purpose limitation). The Data Controller also ensures that recipients guarantee an adequate level of protection for the personal data of Data Subjects. The Data Controller only engages data processors that provide sufficient guarantees in accordance with the requirements set out in the General Data Protection Regulation (GDPR) and implement appropriate technical and organizational measures to protect the personal data of Data Subjects. The data processor may only transmit personal data based on the specific instructions of the Data Controller. If the obligation to transfer data is imposed by the national legislation of the Member State where the data processor operates or by applicable Union law, the transfer may take place without the Data Controller’s instructions, but prior notification must be given.

Data Processors Used by the Controller

• Website Development and Maintenance:
  Cre-Art Stúdió Bt HU 8800 Nagykanizsa, Zrínyi Miklós utca 20/B, Ungheria
• Hosting and Data Storage Services:
  NRCOM Global ZRT. HU 8800 Nagykanizsa, Jakabkúti u. 12. Ungheria
• Newsletter Service and Data Storage:
  MailerLite LTD 88 Harcourt Street, Dublin 2, D02 DK18, Ireland

Data Transfer Outside the European Economic (EEA)

Some data processors may process data outside the EEA. In such cases, the Controller ensures that the data transfer is carried out in accordance with Articles 44 and following of the GDPR, using standard contractual clauses approved by the European Commission or other appropriate safeguards.

6. YOUR RIGHTS

You have the right to access your personal data at any time, request its correction, deletion, or restriction of processing, as well as object to its processing.

7. RIGHTS OF DATA SUBJECTS

• Right to Information for the Data Subject

By publishing this information, the Data Controller takes measures to ensure that the data subject has access to all the information specified in Article 13 of the GDPR regarding the processing of personal data. In cases where the provided information was not obtained from the data subject, the acquisition of data must comply with applicable EU or member state law.

• Right of Access

Upon verification of the individual’s identity, they are entitled to receive feedback from the Data Controller regarding the processing of their personal data. Information related to the exercise of the right of access is provided by the Data Controller in writing, by post, or electronically.

• Right to Rectification and Erasure

The individual may request the Data Controller to rectify any inaccurate data concerning them. They have the right to request the prompt erasure of personal data under certain circumstances. The Data Controller is obliged to delete personal data if:

1. the data is no longer necessary for the purposes for which it was collected;
2. the individual withdraws their consent, and there is no other legal basis for processing the data;
3. the individual objects to the processing, and there are no overriding legitimate grounds for the processing;
4. the personal data has been unlawfully processed;

The individual cannot exercise the right to erasure, among other cases, if the processing is necessary:

1. for compliance with a legal obligation to which the Data Controller is subject;
2. for the establishment, exercise, or defense of legal claims.

• Right to Restriction of Processing

The individual has the right to request the Data Controller to restrict the processing of personal data under certain circumstances, including:

1. the accuracy of the personal data is contested by the individual (while the accuracy of the data is being verified by the Data Controller);
2. the processing is unlawful, and the individual opposes the erasure of the data;
3. the Data Controller no longer needs the personal data for processing purposes, but the individual requires them for the establishment, exercise, or defense of legal claims;
4. the individual has objected to processing pending the verification of whether the legitimate grounds of the Data Controller override those of the individual.

During the restriction period, personal data may only be processed, among other cases, with the individual’s consent or for the establishment, exercise, or defense of legal claims.

• Right to Object

The individual has the right to object to processing based on the legitimate interests pursued by the Data Controller. In this case, the Data Controller may only continue processing the data if it can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the individual or for the establishment, exercise, or defense of legal claims.

• Right to Data Portability

The individual has the right to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used, and machine-readable format. They also have the right to transmit those data to another Data Controller without hindrance from the Data Controller to whom the personal data has been provided, where

1. the processing is based on consent or a contract; and
2. the processing is carried out by automated means.

• Remedies

1. Contacting the Data Controller: In case of complaints regarding data processing, or if you have any requests or questions on the matter, you can send your request by mail to the Data Controller’s registered address or electronically to the email address provided in the Data Controller’s contact details (info@mabe-hungary.com). We will respond without delay, but no later than 30 (thirty) days, to the address you have indicated.
2. Initiating Legal Proceedings: If you believe that your rights have been violated in connection with the exercise of your rights or the processing of your personal data, you may initiate civil proceedings against the Data Controller. The jurisdiction for the proceedings lies with the court. The proceedings may be initiated before the court having jurisdiction over your place of residence or habitual residence. The court shall expedite the case. In the event of a finding of infringement, you may claim damages and compensation, and the court may order the Data Controller to fulfill your rights.
   Further information and contact details of the courts can be found at the following link:http://birosag.hu/torvenyszekek
3. Filing a Complaint with the Supervisory Authority: If you have suffered harm in connection with the processing of personal data, you may lodge a complaint with the National Authority for Data Protection and Freedom of Information:

Email: ugyfelszolgalat@naih.hu
Phone: +3613911400
Mailing Adress: 1530 Budapest, Pf.: 5.
Website: www.naih.hu

8. MINORS

The website and the services offered are not intended for users under the age of 16. The Data Controller does not intentionally collect personal data from minors.

9. MODIFICATIONS OF THE PRIVACY NOTICE

The Company reserves the right to modify this Privacy Notice at any time. If the Data Subject does not accept the changes, they may request the deletion of their personal data by contacting the Data Controller through the contact details provided in section 7.

10. ACKNOWLEDGEMENT

By browsing this site and using the services offered, the Data Subject declares that they have read this privacy notice.

11. UPDATES

Date of update of the notice: March 20, 2025