Privacy policy

CSŐ! Privacy Policy

1. Purpose of the Privacy Policy

The purpose of this document is for CSŐ! as data controller (hereinafter referred to as Controller) to describe the data protection rules, procedures, and protective measures applied and in operation within its organization with respect to personal data.

In this document, the Controller also informs its clients, partners, and any natural or legal persons who are in any legally interpretable relationship with the Controller and whose personal data are processed, about the rules for processing such personal data, the applied protective measures and procedures, and the method of processing.

The Controller considers the rules, provisions, and obligations set out in this Privacy Policy as legally binding for itself and applies them during its operations, and declares that the data protection rules and procedures described and applied herein comply with the applicable national and European Union data protection laws. Furthermore, the Controller declares that it considers the right to informational self-determination to be important, particularly with respect to personal data, and within its scope of authority, it takes all available organizational, operational, regulatory, and technological measures to respect and enforce these rights.

The currently effective version of the Privacy Policy is always available at www.budapestneon.hu. The Controller may amend the Privacy Policy at any time, subject to the obligation to publish such amendments and to inform the data subjects.

2. Controller’s Data

2.1 Controller’s company details

Name: CSŐ!, Patkós Luca EV
Registered office: 1026 Budapest, Házmán utca 15.
Tax number: 76498765-1-41
Registration number: 52669453
Central e-mail: cso@budapestneon.hu

2.2 Controller’s contact details

In data protection matters, the Controller can be contacted at:
e-mail: cso@budapestneon.hu

The Controller retains data protection inquiries (e-mails) received for the period defined in section 3.7, after which they are permanently deleted.

2.3 Controller’s Data Protection Officer

Name: Patkós Luca
E-mail: cso@budapestneon.hu

3. Data Processing and Processed Personal Data

3.1 Personal data required for registration

No registration takes place on our website.

3.2 Data related to contacting

In case of online inquiries (e.g., by e-mail), we request the following data:

  • name, contact telephone number, and e-mail address.

In case of telephone inquiries, we request the following data:

  • name, contact telephone number, and e-mail address.

The legal basis for processing is the data subject’s consent.
The purpose of the processing is to enable users of www.budapestneon.hu to make contact through the website, which is necessary to provide services and document the proper performance of such services.

Failure to provide such data makes maintaining contact impossible.

Personal data provided during registration and online inquiries will be processed until the administration is completed.

For non-mandatory data, processing lasts from the time of provision until the data is deleted.

The above provisions do not affect the statutory 8-year retention period for accounting data under Section 169(2) of Act C of 2000 on Accounting, nor additional processing carried out on the basis of further consents provided during registration or otherwise.

The Controller deletes personal data if:

  • its processing is unlawful,

  • the data subject requests it (except as provided above),

  • the purpose of processing has ceased,

  • the statutory retention period has expired, or

  • deletion is ordered by a court or data protection authority.

3.3 Browser Cookies

3.3.1 The role of cookies

HTTP cookies are small data packages created by the server of the visited website via the client’s browser on the first visit (if enabled in the browser). Cookies are stored on the user’s device in a location specific to the browser type. On subsequent visits, the browser sends the stored cookie back to the server along with information about the client.

Cookies allow the server to identify the user, collect information about them, and create analyses. Main functions:

  • collect information about visitors and their devices,

  • remember individual user settings (e.g., for online transactions),

  • make the use of the website simpler and smoother,

  • avoid re-entering already provided data,

  • generally improve user experience.

By using cookies, the Controller performs data processing for the purposes of:

  • user identification,

  • session identification,

  • identifying devices used for access,

  • storing certain provided data,

  • storing and transmitting tracking and location information,

  • storing and transmitting data for analytical measurements.

Legal basis: the data subject’s opt-in consent.

3.3.2 Session cookies

These cookies allow visitors to browse the Controller’s website seamlessly, use its functions, and access services. They are valid until the end of the browsing session and are automatically deleted when the browser is closed.

3.3.3 Third-party analytics cookies

The Controller also uses Google Analytics cookies. Google Analytics collects statistical information on how visitors use the website, which is used to develop the website and improve user experience. These cookies remain stored until expiration or until deleted by the user.

3.3.4 Cookie settings

Data subjects may configure rules for cookies (e.g., disable or block them) in their browser settings. More details can be found in the “Help” menu of the browser.

3.4 Use and Retention of Processed Data

Type of Processing Legal basis / Law Retention period
online administration data subject’s consent until completion of administration
invoicing data performance of contract statutory retention period
cookies data subject’s consent until the cookie’s storage expires

4. Purpose, Method, and Legal Basis of Processing

4.1 General principles

Personal data are processed only for the purposes listed in section 3 and on the specified legal basis, in accordance with the laws listed in section 4.2.

Processing is always based on the voluntary consent of the data subject, which can be withdrawn at any time.

In certain cases, the Controller may be legally obliged to process, transfer, or store personal data differently from what is described above. In such cases, the Controller informs the data subjects if permitted by law.

4.2 Legal framework

  • GDPR (Regulation (EU) 2016/679)

  • Act V of 2013 – Civil Code (Ptk.)

  • Other relevant laws applicable to the Controller’s activity

5. Data Storage and Security

  • Storage location: 1026 Budapest, Házmán utca 15.

  • Hosting provider: Magyar Hosting Kft.

6. Data Transfers, Processors, and Access

Data may primarily be accessed by the Controller and its internal staff, in line with authorization rules. Certain operations may be carried out by processors (e.g., delivery services) until the goods are delivered. Beyond these, the Controller does not disclose or transfer personal data to third parties.

7. Rights of the Data Subject

7.1 Right of access (GDPR Art. 15)

Data subjects have the right to obtain confirmation whether their personal data are being processed and access the data and related information.

7.2 Right to rectification (Art. 16)

The data subject may request correction or completion of inaccurate/incomplete personal data.

7.3 Right to erasure (Art. 17)

The data subject may request deletion of personal data under certain conditions (e.g., purpose no longer exists, consent withdrawn, data unlawfully processed). Exceptions apply (e.g., freedom of expression, legal obligations, public health, research, legal claims).

7.4 Right to restriction (Art. 18)

Processing may be restricted under certain conditions (e.g., accuracy contested, unlawful processing opposed, data needed for legal claims).

7.5 Right to data portability (Art. 20)

The data subject may request their personal data in a machine-readable format and transfer them to another controller.

7.6 Right to object (Art. 21)

The data subject may object at any time to processing, including profiling.

7.7 Right not to be subject to automated decision-making (Art. 22)

The data subject has the right not to be subject to decisions based solely on automated processing, including profiling.

7.8 Right to withdraw consent

Consent may be withdrawn at any time.

7.9 Remedies

The data subject may seek information, remedies, or file complaints through the Controller’s contacts (sections 2.2, 2.3). If unsuccessful, they may go to court or contact the National Authority for Data Protection and Freedom of Information (NAIH).

7.10 NAIH Contact Details

  • Name: National Authority for Data Protection and Freedom of Information (NAIH)

  • Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.

  • Mailing: 1530 Budapest, Pf. 5.

  • Tel: +36 (1) 391-1400

  • Fax: +36 (1) 391-1410

  • E-mail: ugyfelszolgalat@naih.hu

  • Website: http://www.naih.hu

8. Other Provisions

In the case of official requests or legal obligations, the Controller may be required to disclose data to certain authorities or organizations. In such cases, the Controller strives to disclose only the minimum data strictly necessary.