Privacy Policy

Introduction

REGULATION (EU) No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (hereinafter “the Regulation”) requires that the controller takes appropriate measures to provide the data subject with all information relating to the processing of personal data in a concise, transparent, intelligible and easily accessible form, in a clear and plain language, and to facilitate the exercise of the data subject’s rights.

The obligation to inform the data subject in advance is also provided for in Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information.Comments

Name of the Data Controller

The publisher of this information and also the Data Controller (hereinafter referred to as “the AC”):

Name: Waxicon Kft.
Registered office: 4024 Debrecen, Szent Anna utca 56.
Tax number: 32752861-2-09
Name of the registering authority:
E-mail: info@waxicon.hu
Website: https://waxicon.hu

Data management

Data processing related to the provision of the service

Contact
Category of data subject: website visitor
Personal data processed: surname, first name, telephone number, email address, message
Legal basis for processing: voluntary consent of the data subject
Categories of recipients: AK
Place and method of storage: electronically
Deletion deadline: 2 years from the last contact
Data transmission: –

Required to operate AF
Hosting Provider
Name: CCHosting, Inc.
Location: United States Middletown, Delaware 19709 651 N. Broad Street, Suite 206
Phone: +(1) 3027667722
Email: help@chemicloud.com

Newsletter service
Name: MailerLite Limited
Address: 88 Harcourt Street, Dublin 2, D02 DK18, Ireland
web: https://www.mailerlite.com/

Website traffic analysis
Name: Google Ireland Limited
Registration number: 368047
Registered office: Gordon House, Barrow Street, Dublin 4, Ireland
https://www.google.com/analytics/terms/hu.html

Maintain and operate Facebook fan page
Name: Facebook Ireland Ltd.
Address: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland
https://www.facebook.com/privacy/explanation

Data processing related to its operation

Visitor data processing on the company’s website – cookie – see more below
Category of data subject: website visitor
Personal data processed: see more in the cookie table
Legal basis for processing: data subject’s explicit and voluntary consent
Categories of recipients: employees, agents, contractors
Place and method of storage: electronically
Deletion deadline: see more in the cookie table
Data transfer: –

Facebook official pagehttps://www.facebook.com/policy.php
Category of data subject: Facebook user
Personal data processed:
Legal basis for processing: voluntary explicit consent of the data subject by clicking on the “Like” button
Categories of recipients:
Place and method of storage: electronically
Deletion deadline:
Data transfer:

Visitor data management on the Organisation’s website: (Cookies)

Cookies are short data files placed on the user’s computer by the website visited. The purpose of the cookie is to make the given infocommunication or internet service easier and more convenient. There are several types, but they generally fall into two broad categories. One is a temporary cookie, which is placed on the user’s device by the website only during a particular session (e.g. during the security identification of an online banking transaction), and the other is a permanent cookie (e.g. a website’s language setting), which remains on the computer until the user deletes it. According to the European Commission’s guidelines, cookies [unless strictly necessary for the use of the service] can only be placed on the user’s device with the user’s permission.

In the case of cookies that do not require the user’s consent, information should be provided during the first visit to the website. It is not necessary for the full text of the cookie notice to appear on the website, but it is sufficient for website operators to briefly summarise the substance of the notice and provide a link to the full notice.

Purpose of data processing: during the visit of the website, the service provider records the visitor’s data in order to monitor the operation of the service, to provide personalized service and to prevent abuse.

Legal basis for processing: legitimate interest of the controller.

No codes of external service providers have been placed on the website. The Organisation does not link the data obtained from the analysis of log files to other information and does not seek to identify the user.

Information on the use of cookies

In accordance with common Internet practice, our Organization also uses cookies on its website. A cookie is a small file containing a series of characters that is placed on a visitor’s computer when they visit a website. When you visit that site again, the cookie enables the site to recognize the visitor’s browser. Cookies may also store user preferences (e.g. language chosen) and other information. Among other things, they may collect information about the visitor and his or her device, remember the visitor’s individual preferences, or be used, for example, when using online shopping carts. In general, cookies facilitate the use of the website, help the website to provide users with a real web experience and an effective source of information, and enable the website operator to monitor the functioning of the site, prevent abuse and ensure the smooth and adequate provision of services on the website.

Accepting or authorising the use of cookies is not mandatory. You can reset your browser settings to reject all cookies or to indicate when a cookie is being sent. While most browsers automatically accept cookies by default, these can usually be changed to prevent automatic acceptance and will offer you the choice each time.

You can find out about cookie settings for the most popular browsers by following the links below:

That said, please note that certain website features or services may not function properly without cookies.

Cookies used on the organisation’s website:

a.). Technically necessary session cookies

[cookie_audit category=””necessary”” style=””winter”” columns=””cookie,ID,duration,description””]

These cookies are necessary to allow visitors to browse the website, to use its functions smoothly and fully, to use the services available through the website, including, but not limited to, in particular, to note the actions taken by the visitor on the pages during a visit. The duration of the processing of these cookies is limited to the current visit of the visitor, and this type of cookie is automatically deleted from his/her computer at the end of the session or when the browser is closed.

The legal basis for this data processing is Article 13/A (3) of Act CVIII of 2001 on certain issues of electronic commerce services and information society services (Elkertv.).

The purpose of the processing: to ensure the proper functioning of the website.

b.). Cookies requiring consent (analytical):

[cookie_audit category=””analitikai”” style=””winter”” columns=””cookie,duration,description””]

They provide the possibility for the Organization to remember the user’s choices about the website. The visitor may opt-out of this processing at any time before and during the use of the service. These data cannot be linked to the user’s identification data and cannot be transferred to third parties without the user’s consent.

Google Analytics cookies – you can find out more here:
https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
To permanently disable Google Analytics cookies, please install a browser add-on, which you can download here:
https://tools.google.com/dlpage/gaoptout

Information about data processing not listed in this notice is provided at the time of collection.

We inform our customers that the court, the prosecutor’s office, the investigating authority, the administrative authority, the National Authority for Data Protection and Freedom of Information, the administrative authority, the investigating authority, the administrative authority, the National Authority for Data Protection and Freedom of Information, or other bodies authorised by law may contact the data controller to provide information, to disclose or transfer data, or to provide documents.

The Data Controller shall disclose to public authorities personal data only to the extent that and to the extent that such disclosure is strictly necessary for the purpose of the request, provided that the public authority has indicated the precise purpose and scope of the data.

Data storage, security of data processing

The Data Controller’s computer systems and other data storage locations are located at its headquarters in electronic form (NAS server).
The Data Controller selects and operates the IT tools used to process personal data in the course of providing the service in such a way that the data processed:

  • accessible to authorised persons (availability);
  • authenticity and verification (authenticity of processing);
  • can be verified to be unchanged (data integrity);
  • protected against unauthorised access (data confidentiality)


The Data Controller shall take appropriate measures to protect the data against, in particular, unauthorised access, alteration, disclosure, disclosure, deletion or destruction, accidental destruction, damage or loss, and inaccessibility resulting from changes in the technology used.

In order to protect the electronically processed data files, the Data Controller shall ensure by appropriate technical means that the stored data cannot be directly linked and attributed to the data subject, except where permitted by law.

The Data Controller shall ensure the security of data processing by means of technical, organisational and organisational measures that provide a level of protection appropriate to the risks associated with the processing, taking into account the state of the art.
The Data Controller shall, during the processing, keep the following

  • confidentiality: it protects information so that only those who are entitled to it have access to it;
  • integrity: it protects the accuracy and completeness of the information and the method of processing;
  • availability: ensuring that when the authorised user needs it, he or she can actually access the information and has the means to do so.

The IT systems and networks of the Data Controller and its partners are protected against computer fraud, espionage, sabotage, vandalism, fire and flood, computer viruses, computer intrusions and denial of service attacks. The operator ensures security through server-level and application-level protection procedures.

We inform users that electronic messages transmitted over the Internet, regardless of the protocol (e-mail, web, ftp, etc.), are vulnerable to network threats that could lead to fraudulent activity, contract disputes, or the disclosure or modification of information. The controller will take all reasonable precautions to protect against such threats. It monitors systems in order to record and provide evidence of any security incidents. System monitoring also allows the effectiveness of the precautions taken to be checked.

Information on the rights of the data subject

Right to prior information

The data subject has the right to be informed of the facts and information relating to the processing before the processing starts (Articles 13-14 of the Regulation).

Right of access of the data subject

The data subject has the right to obtain from the controller feedback as to whether or not his or her personal data are being processed and, if such processing is taking place, the right to access the personal data and related information as specified in the Regulation (Article 15 of the Regulation).

The right to rectification

The data subject shall have the right to obtain from the Data Controller, upon his or her request and without undue delay, the rectification of inaccurate personal data relating to him or her. Having regard to the purposes of the processing, the data subject shall have the right to obtain the rectification of incomplete personal data, including by means of a supplementary declaration (Article 16 of the Regulation).

Right to erasure (“right to be forgotten”)

The data subject shall have the right to obtain from the controller the erasure of personal data relating to him or her without undue delay upon his or her request and the controller shall be obliged to erase personal data relating to him or her without undue delay where one of the grounds specified in the Regulation applies (Article 17 of the Regulation).

Right to restriction of processing

The data subject shall have the right to obtain, at his or her request, restriction of processing by the controller if the conditions laid down in the Regulation are fulfilled (Article 18 of the Regulation).

Obligation to notify the rectification or erasure of personal data or restriction of processing

The Controller shall inform each recipient to whom or with which the personal data have been disclosed of any rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. The controller shall inform the data subject, at his or her request, of these recipients (Article 19 of the Regulation).

The right to data portability

Subject to the conditions set out in the Regulation, the data subject has the right to receive personal data relating to him or her which he or she has provided to a controller in a structured, commonly used, machine-readable format and the right to transmit those data to another controller without hindrance from the controller to which he or she has provided the personal data (Article 20 of the Regulation).

The right to protest

The data subject has the right to object at any time, on grounds relating to his or her particular situation, on the basis of Article 6(1)(e) (processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller) or (f) (processing necessary for the purposes of the legitimate interests pursued by the controller or by a third party) of the Regulation (Article 21 of the Regulation).

Automated decision-making on individual cases, including profiling

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her (Article 22 of the Regulation).

Restrictions

EU or Member State law applicable to the controller or processor may restrict by legislative measures in accordance with Articles 12 to 22 and Article 34 and the rights and obligations set out in Articles 12 to 22 (Article 23 of the Regulation).

Informing the data subject about the personal data breach

Where the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Controller shall inform the data subject of the personal data breach without undue delay (Article 34 of the Regulation).

The right to lodge a complaint with a supervisory authority (right to official redress)

The data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement, if the data subject considers that the processing of personal data relating to him or her infringes the Regulation (Article 77 of the Regulation).

Right to an effective judicial remedy against the supervisory authority

All natural and legal persons have the right to an effective judicial remedy against a legally binding decision of a supervisory authority which is addressed to them, or if the supervisory authority does not deal with the complaint or does not inform the person concerned of the procedural developments or the outcome of the complaint within three months (Article 78 of the Regulation).

The right to an effective judicial remedy against the controller or processor

Each data subject shall have an effective judicial remedy if he or she considers that his or her rights under this Regulation have been infringed as a result of the processing of his or her personal data not in accordance with this Regulation.

Submission of the data subject’s request, action by the controller (Article 79 of the Regulation)

The data subject may request information about the processing of his or her personal data and may request the rectification, erasure or blocking of his or her personal data, except for mandatory processing, at the controller’s headquarters or by email at info@waxicon.hu.

The Data Controller shall inform the data subject of the measures taken in response to his or her request to exercise his or her rights without undue delay and in any event within one month of receipt of the request.

If necessary, taking into account the complexity of the application and the number of requests, this deadline may be extended by a further two months. The Data Controller shall inform the data subject of the extension of the time limit within one month of receipt of the request, stating the reasons for the delay.

If the data subject has made the request by electronic means, the information shall be provided by electronic means where possible, unless the data subject requests otherwise.

If the controller does not take action on the data subject’s request, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for the failure to act and of the possibility for the data subject to lodge a complaint with a supervisory authority and to exercise his or her right of judicial remedy.

The Data Controller shall provide the information pursuant to Articles 13 and 14 of the Regulation and the information on the rights of the data subject (Articles 15 to 22 and 34 of the Regulation) and take action free of charge. Where the data subject’s request is manifestly unfounded or excessive, in particular because of its repetitive nature, the Controller may, taking into account the administrative costs of providing the information or information requested or of taking the action requested, refuse to act on the request, but the burden of proving that the request is manifestly unfounded or excessive shall lie with the Controller.

If the Data Controller has reasonable doubts about the identity of the natural person making the request, it may request additional information necessary to confirm the identity of the data subject.

In exercising the right to data portability, the data subject has the right to request, where technically feasible, the direct transfer of personal data between controllers.

The Controller, as the data controller, shall provide information on the data processed by it or by a processor it has appointed, their source, the purpose, legal basis and duration of the processing, the name and address of the processor and its activities related to the processing, and, in the case of data transfers, the legal basis and the recipient of the transfer. The controller shall provide the information in writing as soon as possible after the request is made. This information shall be provided free of charge if the person requesting the information has not already submitted a request for information to the controller in the current year for the same set of data. In other cases, the Controller shall charge a fee.

The Data Controller may not delete the data subject’s data if it is based on a contract, the performance of a legal obligation or the legitimate interest of the Data Controller.

In the case of data processing based on legitimate interests, the data subject has the right to object under Article 21 of the Regulation, i.e. he or she may object to the processing at any time. In such a case, the controller may no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

The Data Controller shall compensate the damage caused to others by unlawful processing of the data subject’s data or by breach of data security requirements. The controller shall be exempt from liability if the damage was caused by an unavoidable cause outside the scope of the processing. It shall not compensate the damage in so far as it was caused by the intentional or grossly negligent conduct of the person who suffered it.

Legal remedies and complaints can be lodged with the National Authority for Data Protection and Freedom of Information:
National Authority for Data Protection and Freedom of Information
Headquarters: 1055 Budapest, Falk Miksa utca 9-11.

Website: http://naih.hu
Telephone: 06-1-391-1400
Fax: 06-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
The data subject may also take the controller to court in the event of a breach of his or her rights. The court shall decide on the case out of turn.

Updating information, following legislative changes

This Notice is continuously reviewed and updated by the controller in accordance with changes in the legal environment and the requirements of the authorities. You can find the current Notice under the “Privacy Notice” section of the website.

Debrecen, 2026.03.01.