The aim of the present Privacy Policy is to inform the users and visitors (Data Subject) of allpacka.com (hereafter referred to as the Website) about the control of the personal data given when registering on the Website and/or subscribing for the mailing list of Allpacka.com. The Privacy Policy is based on Act CXII of 2011 on information self-determination and freedom of information. In cases not referred to in the present Privacy Policy, the obligations of the Act are to be regarded.

Visiting the Website is possible for anyone, without giving or registering personal data. Visiting the Website, subscribing for the Mailing List and registration are free of charge. If the Data Subject registers on the Website in order to use the extended functions of the Website or subscribes for the Mailing List, Fürgefutár.hu will apply the following data privacy obligations:

Based on Act CXII of 2011 on information self-determination and freedom of information:

“1. Data Subject: any natural person identified or directly or indirectly identifiable on the basis of personal data.

2. Personal data: data relating to the Data Subject, in particular the name and identification number of the Data Subject, as well as one or more factors specific to his physical, physiological, mental, economic, cultural or social identity as well as conclusions drawn from the data in regard to the Data Subject.

7. Consent: any freely given specific and informed indication of the will of the Data Subject, by which he signifies his agreement to personal data relating to them being controlled fully or to the extent of specific operations.

9. Controller: natural or legal person, or organisation without legal personality which alone or jointly with others determines the purposes and means of the control of the data; makes and executes decisions concerning data control (including the means used) or contracts a data processor to execute it.

10. Data control: any operation or the totality of operations performed on the data, regardless of the procedure applied; in particular, data collecting, recording, registering, classifying, storing, modifying, using, querying, transferring, disclosing, synchronising or connecting, blocking, deleting and destructing, as well as preventing the further use of the data, taking photos, making audio or visual recordings, as well as registering physical characteristics suitable for personal identification (such as, fingerprints or palm prints, DNA samples, iris scans).

17. Data processing: undertaking technical tasks in connection with data control operations, regardless of the method and means used for executing the operations, as well as the place of use, provided that the technical task is performed on the data.

18. Data processor: natural or legal person or organisation without legal personality processing the data on the grounds of a contract concluded with the controller, including contracts conducted upon legislative provisions.

22. Third party: any natural or legal person, or organisation without legal personality other than the Data Subject, the Data Controller or the data processor.”

Based on Section 20 of Act CXII of 2011 on information self-determination and freedom of information, prior to control being initiated the Data Subject must be explicitly informed in detail of every fact relating to the control of their data, and therefore in particular, of the objective of the control and its legal grounds, the individual authorised to control and process the data, the duration of the control process, should the controller be controlling the personal data of the Data Subject in accordance with Section 6 (5), as well as of who is authorised to acquire knowledge of this data. This information must equally detail the rights and legal redress opportunities the Data Subject has in connection with control.

Based on the obligations above, Fürgefutár.hu Logistics Service Limited Liability Company as Data Controller informs all its clients having registered on the Website or having subscribed for the Mailing List about the following:

Name and contact data of the Data Controller: Fürgefutár.hu Logisitcs Service Limited Liability Company (Wesselényi utca 28, H-1077 Budapest, Hungary, Court Registration Nr. 01-09-946845, e-mail: ugyfelszolgalat@furgefutar.hu) (hereafter: Data Controller)

Name and contact data of the Data Processor: Fürgefutár.hu Logistics Service Limited Liability Company (Wesselényi  utca 28, H-1077 Budapest, Hungary, Court Registration Nr. 01-09-946845, e-mail: ugyfelszolgalat@furgefutar.hu) (hereafter: Data Processor)

Aim of data control: to keep in connection with the Data Subjects placing orders via the Website, to provide access to the additional functions of the Website, to check access authority, to provide access to services, billing, identifying Data Subjects, provide services via the contracted partners of the Data Controller.

Legal basis of data control: Act CXII of 2011 on information self-determination and freedom of information and the freely given consents of the Data Subjects.

Scope of data controlled: name, telephone number, address, e-mail address, company data (company name, head office address, tax number etc.), delivery data (e. g. address data), data of goods delivered (contents, size, weight, value etc.)

Time period of data control: The Data Controller will control the data above until the Data Subject asks for the deletion of the data.

If personal data was recorded with the consent of the Data Subject, the controller may, should it not otherwise be regulated by law, also control the data recorded

  • to fulfil their relevant legal obligations, or
  • to enforce the rightful interest of the controller or third party should the enforcement of these interests be proportionate to restrictions pertaining to the protection of personal data

without having to secure any additional special consent, even after the Data Subject withdraws their consent.

The Data Controller will not use the personal data given by the Data Subjects for any aims other than the above, and will transfer them to third parties exclusively with the explicit consent of the Data Subject given in advance, or if it is provided for by law or – on the grounds of authorisation of law, within the scope defined in that law – by or pursuant to a local government decree for a purpose based on public interest.

Based on Act CXII of 2011 on information self-determination and freedom of information, the Data Controller pays special attention to follow the obligations on data protection, and has taken the necessary technical arrangements against unauthorised access, modification, transfer, disclosure, deletion or destruction as well as accidental destruction or damage. Related to this, the Data Controller declares that all its employees that have access to the personal data indicated above are obliged to keep data strictly confidential.

The Data Subject may request the following from the controller:

  • information on the control of personal data,
  • correction of personal data, and
  • deletion, blocking of personal data, with the exception of mandatory control.

Pursuant to the request of the Data Subject, the controller is entitled to provide information on the subject’s data they control, as well as the data processed by the data processor they contracted, their sources, the objective of the control, its legal grounds and duration, the name and address of the data processor and the activities they undertake in connection with control, in addition to the legal grounds and recipients should the personal data of the Data Subject be transferred.

The controller keeps a record of data transferred to verify the legitimacy of the data transferral and informs the Data Subject. The record details the date on which the personal data they controlled was sent, the legal grounds of this action and its recipients, the specific scope of the personal data sent, as well as other data specified in legislation prescribing control. The controller shall provide clear information in writing within the shortest possible space of time following the submission of the request; however, no later than within 30 days.

Personal data must be deleted should

  • its control be illegal;
  • it have been requested by the Data Subject;
  • it be incomplete or incorrect – and this cannot be legitimately changed – on condition that the law does not rule out deletion;
  • the objective of the control have ceased to exist or the period defined in the relevant legislation for storing the data have expired;
  • it have been ordered by the court or the Authority.

Data Subjects can require the deletion of their personal data in writing at the contacts of the Data Controller at any time.

According to the present Privacy Policy, the request for the deletion of personal data should be submitted in writing and should be delivered personally, sent as a recorded, registered delivery via postal mail or via fax or e-mail. It is regarded as properly sent if it is sent to the address of the Data Controller, ugyfelszolgalat@furgefutar.hu, unless the Data Controller have informed the Data Subjects on changes in its address, with the restriction that in the case of e-mails the information is regarded as properly sent only if there is no error message occurring within 48 hours after sending the e-mail.

Instead of deletion, the controller blocks the personal data should the Data Subject request this, or in the event that the basis of the information available, deletion would presumably violate the rightful interests of the Data Subject. Personal data blocked through such means may exclusively be controlled while the control objective remains valid which barred the deletion of the personal data.

The Data Controller is not liable for fulfilling the obligations prescribed by the Privacy Policy in cases when unpredictable conditions occur out of the interest of any of the parties (Acts of God), which hinders the Data Controller in fulfilling the regulations or prevents the Data Subject from using the service. These conditions specifically, but not exclusively include: war actions, rebellions, sabotage actions, terrorist actions, serious disorders in energy supplies, natural disasters, strikes, measures taken by the provision of authorities authorized by the Law on National Defence or the police, other measures of criminal law etc.

The Data Controller may unilaterally modify the present Privacy Policy at any time, in accordance with the obligations of law. Data Subjects declaredly accept the modifications by using the Website after the modifications have come into effect.

The Data Subject’s rights for legal redress are included in Act CXII of 2011 on information self-determination and freedom of information and in the Civil Code (Act IV of 1959). In accordance with these, Data Subjects can turn to court or to the Head of the National Authority for Data Protection and Freedom of Information should their rights provided by law be infringed.

Availabilities of authorities of legal redress:

Court of Budapest (Markó u. 27. Budapest 1055) or if preferred by the Data Subject, the County Court responsible at the residence/head office of the Data Subject. (Legal basis: Section 22 (1) of Act CXII of 2011 on information self-determination and freedom of information.)

Head of the Authority for Data Protection and Freedom of Information: Dr. Péterfalvi Attila (Szilágyi Erzsébet fasor 22/C, Budapest 1024) (Legal basis: Section 52 (1) of Act CXII of 2011 on information self-determination and freedom of information.)

The present Privacy Policy is an inseparable part of the registration. By reading and accepting it, the Data Subject explicitly gives their consent for the Data Controller to control the personal data indicated in the Privacy Policy and during registration. The Data Subject explicitly agrees that the Data Controller can transfer the personal data given during registration to other organizations (delivery service companies participating in the service). Data Subjects can require the modification or the deletion of their personal data from the Data Controller at any time. The Data Controller is not responsible for the genuineness of the personal data given by the Data Subject, the Data Subject is exclusively liable for that.

The Data Controller may transfer the personal data provided by the Data Subject to third parties – apart from cases included in the paragraphs above – exclusively with the explicit consent of the Data Subject, or if it is provided for by law or on the grounds of authorisation of law, by other legislation. If the personal data of the Data Subject is necessary to be transferred to third parties or to the authorities, the Data Controller immediately informs the Data Subject on this necessity via e-mail.

Should you have any questions regarding the control of personal data, please make enquiries at
ugyfelszolgalat@furgefutar.hu

Budapest, 27th July 2012