PRIVACY POLICY

Section I.

GENERAL PROVISIONS

1. Introductory Provisions

1.§ (1) This Privacy Policy of HBMP Sports Service Provider and Trade Limited Liability Company (registered office: 1087 Budapest, Könyves Kálmán körút 76.; company registration number: 01-09-992177; tax number: 24836333-2-43; statistical number: 24137081-9319-113-01), as service provider (hereinafter referred to as data manager or service provider) summarizes the personal information management and –in this context – protection rules of the registered users in the online web-shop system of http://www.kezilabdaszeretlek.hu website operated by the service provider.

(2) The service provider has announced the data management at the competent Hungarian National Authority for Data Protection and Freedom of Information (hereinafter referred to as Authority). The service provider, as registered data manager under 6353/2015 number at the Authority, acts in all of its data management according to the following privacy policy (hereinafter referred to as policy).

(3) The prevailing version of the privacy policy is available on http://www.kezilabdaszeretlek.hu website.

2.§ (1) The service provider finds highly important the protection of service users’ personal data as well as the respecting their right to information self-determination.

(2) The service provider handles the personal information confidentially, it takes all measures promoting IT and other secure data management related to storing and processing data, in order to preserve data.

(3) The service provider has established the content of these policy after processing the following legislation:

a) Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter referred to as Iötv.)

b) Act CVIII of 2001 on Electronic Commerce and on Information Society Services (hereinafter referred to as Elker. tv.)

c) Government Decree 45/2014 (26 February) on the detailed rules for contract between customers and businesses

(4) To the issues not or not fully regulated by this policy, provisions of Iötv., Elker. tv. and the General Terms and Conditions of the service provider shall prevail.

2. Explanatory Provisions

3.§ During the application of this policy

concerned: the user, that is any specific natural person identified or – directly or indirectly – identifiable based on personal data;

personal data: shall mean data relating to the data subject, in particular by reference to the name and identification number of the data subject or one or more factors specific to his physical, physiological, mental, economic, cultural or social identity as well as conclusions

drawn from the data in regard to the data subject consent: the expression of the voluntary and determined will of the concerned, which is based on appropriate information, and with which the concerned gives his/her unequivocal consent to the – full or extending to specific operations – handling of personal data concerning him/her;

protest: the statement of the concerned with which he/she complains about the handling of personal data, and requests the termination of data management, and the deletion of the managed data;

data cont: the service provider, that is the HBMP Ltd., which determines the purpose of data management individually or together with others, makes and implements the decisions on data management (including the used instruments), or makes the data processor to implement them;

data management: any operation or the totality of operations performed on the data, irrespective of the procedure applied; in particular, collecting, recording, registering, classifying, storing, modifying, using, querying, transferring, disclosing, synchronising or connecting, blocking, deleting and destructing the data, as well as preventing their further use, taking photos, making audio or visual recordings, as well as registering physical characteristics suitable for personal identification (such as fingerprints or palm prints, DNA samples, iris scans);

data forwarding: making the data available to specific third party;

disclosure: ensuring open access to the data;

data deletion: making data unrecognizable in such a way that the restoration is no longer possible;

data locking: supplying the data with identification mark in order to limit further management finally or to a specified time;

data destruction: the complete physical destruction of media containing data;

data process: performing of technical tasks related to data processing operations, regardless of the methods and means used to perform operations, and the place of application, provided that the technical task is performed on the data;

data processor: that natural or legal person, or entity without legal personality, who or which performs data processing based on the contract – including the contract concluded based on the provisions of the legislation;

data file: all of the data handled in a register;

third party: any natural or legal person, or organisation without legal personality other

than the data subject, the data controller or the data processor;

3. Purpose of the Policy

4.§ (1) The purpose of this policy is to determine the basic rules for the data management related to the online web-shop system available at kezilabdaszeretlek.hu (hereinafter referred to as website) operated by the service provider after the direct, voluntary user registration, associated with the web-shop service. By creating this policy the service provider also expresses its intention to ensure the security of the private sphere of the users using its services in the most complete way.

(2) This policy contains all the information based on which the obvious, clear and detailed informing of the user concerned – about all facts related to data management, in particular about the purpose and legal basis of data management, about the person entitled to data management and data processing, about the duration of data management, or about who can get to know the data – will be done.

3. Scope of the Policy

5.§ (1) The policy shall enter into force on 01 April 2016 and remains in force until the date of withdrawal.

(2) The service provider reserves its right to unilaterally modify and change the policy, with that it appropriately informs the concerned about the modification of the policy (e-mail newsletter, pop-up window at login).

(3) The service provider informs in a way that the user can recognise and get acquainted with the modified policy before its entry into force, thus the user can decide on the acceptance of modification, or the deletion of registration.

6.§ (1) The policy covers all data management associated with the online web-shop system at kezliabdaszeretlek.hu website maintained and operated by the service provider, incurred in connection with the making use of all services available there, and directly related to that (registration, placing order).

(2) The provisions of the policy shall be applied in relation to the management of personal information of such concerned, who or which give their personal data after registering at the service provider’s website.

(3) The provisions of the policy covers the protection of “personal” data of companies with or without legal personality using the services.

(4) The scope of the policy covers all users using the service, who, by registering on the website, accepts the provisions of privacy policy and the data protection provisions recorded in General Terms and Conditions.

(5) The scope of this policy – unless stipulated otherwise – does not cover

a) such data management, which are connected to the promotions, competitions, services and other campaigns of third party advertising with permit of the service provider on the website.

b) data managed by such alternative websites, which can be reached by the concerned user with the link at http://www.kezilabdaszeretlek.hu website.

c) natural persons’ data management serving exclusively their own personal purposes.

Section II.

PERSONAL DATA PROTECTION

5. Scope of Managed Data, Data Management Principles

7.§ (1) During registration, the user will be required to enter the following information: e-mail address, first and last name, shipping address, billing name, billing address, phone number, username, password.

(2) Data to be technically recorded by the service provider during the operation of the online web-shop: the data of the user’s logon computer, which during the use of the service and which the system of the data manager records automatically as a result of the technical processes (in particular: IP address, or in some cases the type of operating system and the browser). Only the data manager /and the data processor/ can access the data.

(3) The data manager service provider has the right to modify the content of the registration menu system of its website, thus to delete data field, or to create new ones. It shall inform the users about the changes prior to the using of the modifications with 15 days at the latest.

(4) The service provider data manager is not entitled to change the personal data given by the user.

8.§ (1) The service provider manages personal data only for the purpose specified in this policy, in order to exercise right and fulfilment of obligation. The data management is adequate to the regulations set out in the legislation and in this policy, if it complies with the purpose of data management, and the recording and management of data, at all stages. Data management must be fair and lawful in all cases.

(2) Only that personal data can be managed, which is, in respect of the services provided by the data manager service provider, essential for the realization of purposes set out in this policy, and suitable for achieving the goal. The personal data can be managed only to the extent and duration required for achieving the purpose based on those defined in Section 13§ (1) of the policy.

(3) During data management, the personal data retains its status as long as its connection with the concerned can be restored. The connection with the concerned can be restored if the data manager has those technical conditions, which are required for restoration.

(4) During data management, the accuracy, completeness and – if it is necessary having regard to the purpose of data management – actuality of the data must be ensured, and that the concerned can be only identified as long as it is necessary for the purpose of data management.

(5) The personal data management should be regarded as fair and lawful, if, in order to ensure the freedom of expression of the concerned, the person wishing to know the opinion of the concerned visits the concerned at his/her place of residence or place of stay, provided that the personal data of the concerned is handled in accordance with the provisions of this act and the personal visit is not intended for business purposes. Personal visit cannot be done on non-working day according to the Labour Code.

6. Purpose, Legal Basis and Conditions of Data Management

9.§. (1) The service provider is entitled and also obliged to data management following the user’s voluntary registration at www.kezilabdaszeretlek.hu website. In this respect the data management can be done after the declaration made during the user’s voluntary registration based on appropriate information, which declaration contains the user’s explicit consent to the use of the personal data provided during the use of the website and the web-shop.

(2) On the website operated by the service provider, all users shall fill in the data sheets and registration forms at his/her own risk, contributing to the provisions of this policy.

(3) The legal basis of data management is the concerned user’s voluntary contribution and consent to data management.

10.§ (1) The main purpose of data management is the full and complete fulfilment of product sales provided under the web-shop service at www.kezilabdaszeretlek.huwebsite of the service provider. In this context, the entering of user’s e-mail address and password ensures the constant communication between the service provider and the customer, and the identification of the user at login. Entering data at other possible orders intend to enforce the realization of fulfilment, delivery and invoicing of the order.

(2) Some data are recorded automatically, the purpose of which is the compilation of statistics conducted by the service provider, the constant development of the IT system and the enhanced protection of the users’ interests.

(3) At registration or during the use of the system, the user may give his/her consent to that the service provider sends service related promotional e-mail, newsletter or advertisement to the e-mail address given by the user when using the web-shop system.

(4) If the user gives his/her consent, the data manager may use the data given at registration to customize the advertising surfaces appearing on the downloaded pages, and to choose the page to load at logoff. These operations are made automatically, without human intervention, by a computer program.

(5) The data manager service provider may only use the personal data given by the user in respect of the purposes specified in this section, and may not use it for any other purposes.

11.§ (1) At registration, the user enters the personal data at his/her own risk, its accuracy is not checked by the data manager service provider. For the truthfulness of the given information only the person providing it shall stand.

(2) At registering, all users also take the responsibility to that only he/she uses the service with the provided e-mail address. In respect of this responsibility-taking, all responsibility, associated with the logins with the given e-mail address, is held by only that user, who registered the e-mail address when entering personal data.

12.§ (1) The service provider is entitled to transfer the user’s personal data to third parties with which it has contractual relationship (E.g. supplier, performance assistant), in order to fulfil the services of the web-shop system. The user expressly acknowledges and gives his/her consent to the service provider’s right for this with the registration and the use of service though ordering.

(2) The service provider may forward the user’s personal data to third party outside contractual relationship exceptionally and in that case, and may connect the data base managed by it with other data manager only in that case, if the user gives his/her explicit and separate consent to this, or the service provider is required to that by the legislation.

(3) The data manager service provider is entitled to use data processor in order to the performing of technical operations related to data management.

7. Duration of Data Management

13.§ The data manager service provider is obliged to manage the personal data from the time of the user’s registration until the deletion. The data manager may manage personal data given by the user until the user explicitly requests in writing the termination of management of the data (deletion request). The time of deletion is 3 days from the date of arriving of the user’s deletion request into the service provider’s system.

14.§ (1) If the service provider discovers the use of unlawful and misleading personal data, then it is entitled to terminate the user’s registration and delete the user’s data immediately due to the crime committed by the user, or in case of an attack against the system.

(2) The service provider is entitled to preserve data for the duration of the process conducted in connection with the suspicion of committing crime or in case of the occurrence of civil liability.

8. Data security requirements

15.§ (1) The data manager service provider plans and performs the data management operations of the user’s personal data in a way that it ensures the protection of the law by this policy and the private sphere of the concerned.

(2) The measures of the service provider taken in the context of data security particularly provide protection against unauthorized access, alteration, forwarding, disclosure, deletion or destruction, as well as accidental termination and damage, and becoming inaccessible resulting from the changes in the technique used.

16.§ (1) The data manager uses the personal data essential for the use of the service based on the consent of the concerned, and only bound to purpose.

(2) In those cases if the data manager intends to use the given data for a purpose other than the original purpose of data recording, it shall inform the user about this, requires the user’s prior and explicit consent, and provides an opportunity for the user to prohibit its use.

(3) The data manager agrees to manage the acquired data in accordance with the applicable legal requirements, and not to give them to third parties. An exception to this is the use of data in a statistically aggregated form, which cannot contain the concerned user’s name and other data suitable for identification in any form.

9. The User’s Rights and Their Enforcement

17.§ (1) At the request of the user, the data manager gives information about the data managed by it, the purpose, legal basis, duration of data management, the name, address and activities associated with data management of the possible data managers, and furthermore about that who and for what purpose receive or received the data. The user may send the request in writing, by post or electronically to the data manager to the service provider contacts defined in Section 12. 21§(1) of the policy. The data manager service provider is obliged to reply within 25 days from the arrival of the request at the latest. In case of e-mail the following working day to the sending should be considered as the date of receipt.

(2) The data manager may only deny the information if it is permitted by law. The data manager is obliged to inform the user about the legal reasons for information denial.

(3) The user may send his/her request for the correction of personal data due to its changing and for the deletion of personal data in writing, by post or electronically to one of the data manager service provider contacts defined in Section 12. 21§(1) of this policy.

(4) The modification of some personal data can be done by modifying at the page containing the personal profile.

(5) The deleted data after the deletion or modification of user’s personal data cannot be restored.

18.§ (1) The concerned and those, to whom the data was forwarded previously for data management, shall be notified about the correction, locking, marking and deletion. The notification can be omitted if it does not harm the legal interest of the concerned having regard to the purpose of data management.

(2) If the data manager does not fulfil the request of the concerned for correction, locking or deletion, it shall communicate in writing the factual and legal reasons for the denial of the request for correction, locking or deletion within 25 days from the receipt of the request. In case of the denial of the request for correction, deletion or locking the data manager informs the concerned about the possible turning to legal proceeding or to the Authority.

10. User’s Obligations

19.§ (1) During the use of the service provider’s website and its online web-shop system, the user is obliged to comply with the legal provision in force at all times, and to refrain from unlawful conduct infringing the legal interests of other users.

(2) During the use of the website – e.g. on forums –, the users can only disclose or make accessible for others the data of other persons, if the concerned person has given his/her consent to this.

Section III.

FINAL PROVISIONS

11. Judicial Enforcement

20.§ (1) The users may directly turn to the data manager with their complaints and objections related to the use of the website, who will do everything it can do in order to eliminate and remedy any possible infringements.

(2) Based on Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information, the user can enforce his/her rights related to data management before the court, and may turn to Hungarian National Authority for Data Protection and Freedom of Information with the complaint.

12. Date and Contact Details of the Data Manager

21.§ (1) The data manager: A HBMP Sports Service Provider and Trade Limited Liability Company (registered office: 1087 Budapest, Könyves Kálmán körút 76.; company registration number: 01-09-992177; registering court: Court of Registration of Metropolitan Court; tax number: 24137081-2-42.; e-mail:kezishop@hbmp.hu; phone:+36/1-435-4260, where the service provider is available on weekdays between 10AM and 6PM.)