1. Purpose of the data processing information

1.1. Bodnár és Társa Bt. (hereinafter referred to as the Data Controller) pays special attention to the fact that during its data processing, it complies with the provisions of Act CXII of 2011 on the right to informational self-determination and freedom of information (hereinafter referred to as the Infotv.) and other applicable laws governing the protection of personal data, the National Authority for Data Protection and Freedom of Information (NAIH) and the data protection

1.2. The Data Controller:

• Acknowledges the content of this legal notice as binding
• Undertakes to ensure that all data processing related to its activities complies with the requirements set out in this policy and in the applicable national legislation and in the legal acts of the European Union
• Undertakes to treat the personal data provided to the Data Controller confidentially when consenting to data processing and to take all security, technical and organisational measures to guarantee the security of the data
• Reserves the right to change this information at any time

1.3. All personal data received by the Data Controller - as specified in this policy - via the forms on the website www.bodnarwinery.hu, by telephone or e-mail, may be used by the Data Controller for customer relations.

1.4. The Data Controller stores the personal data provided for a maximum of 1 year from the date of data disclosure, and then permanently deletes it after that.

1.5. If the client makes a new request to the Data Controller during the data management period, the data management period will take effect from that time onwards as described above.

2. Data Controller details

Company name: Bodnár és Társa Bt.
Company registered office: 3909 Mád, Kossuth út 72.
Tax number: 21250736-2-05
Central telephone numbers: +36 30 812 0800
Central e-mail address: bodnarpince@gmail.com

3. Scope of personal data processed

When contacting us and consenting to data processing, the following personal data must be provided (data marked with * are mandatory):

• Name
• E-mail address
• Phone number

4. Purpose, method and legal basis of data processing

4.1. The data processing activities of the Data Controller are based on voluntary consent or legal authorization. In the case of data processing based on voluntary consent, the data subjects may withdraw this consent at any stage of data processing. In certain cases, the management, storage and transmission of a range of data provided is mandatory by law, of which we separately notify our clients. We draw the attention of the data providers that if they do not provide their own personal data, the data provider is obliged to obtain the consent of the data subject.

4.2. The range of persons authorized to view the data:

• the Data Controller's CEO: László Bodnár
• and the Data Controller's competent employees

4.3. The personal data provided are stored and processed exclusively by the Data Controller, are inaccessible to third parties and will not be disclosed, unless justified by compelling legitimate grounds that override the interests, rights and freedoms of the data subject, or that are related to the submission, enforcement or defense of legal claims.

4.4. The basic principles of data processing are in accordance with the applicable data protection legislation, in particular the following:

• Act CXII of 2011 - on the right to informational self-determination and freedom of information (Infotv.)
• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation 95/46/EC (General Data Protection Regulation, GDPR)
• Act V of 2013 on the Civil Code (Civil Code)
• Act C of 2000 on accounting (Accounting Act)

5. Cookie managemen

5.1. In order to provide a personalized service, the system serving the website places a small data package, called a cookie, on the user’s computer and reads it back during a subsequent visit. If the browser sends back a previously saved cookie, the service provider managing the cookie has the opportunity to connect the user’s current visit with previous ones, but only with regard to its own content.

5.2. Cookies:

• store technical data about the website visitor and their devices
• remember the website visitor's personal settings
• make the website easier to use
• provide a quality user experience

5.3. The purpose of strictly necessary session cookies is to allow visitors to browse the website fully and, if possible, seamlessly and use all its functions. The cookie stored in the browser lives for a maximum of 2 hours with default settings, but depending on the active use of the website, the website server may renew the cookie's validity period.

5.4. The website also uses Google Analytics, a third-party cookie. Google Analytics - using its statistical service - collects information about how visitors use the website. It uses the data to develop the website and improve the user experience. These cookies also remain on the visitor's computer or other device used for browsing, in their browser, until they expire, or until the visitor deletes them.

6. Rights of the data subject and possibilities of enforcement

6.1. The data subject may request information about the processing of his or her personal data, as well as request the correction of his or her personal data, or – with the exception of mandatory data processing – its deletion, withdrawal, and exercise his or her right to data portability and objection in the manner indicated when the data was collected, or at the Data Controller’s contact details.

6.2. Right to information

Data processing may only take place if the data subject gives his or her voluntary, specific, informed and unambiguous consent to the processing of personal data concerning a natural person by a clear affirmative action, such as a written – including an electronic – or oral statement. Consent shall apply to all data processing activities carried out for the same purpose or purposes. If data processing serves more than one purpose at the same time, consent shall be given for all data processing purposes. For consent to be considered informed, the data subject must at least be aware of the identity of the Data Controller and the purpose of the processing of personal data.

The natural person must be informed of the risks, rules, guarantees and rights related to the processing of personal data, as well as how to exercise the rights granted to him in relation to the processing. The Data Controller may not retain personal data solely for the purpose of responding to possible requests.

6.3. Right to access, rectification, erasure

Natural persons must be transparent about how their personal data are collected, used, consulted or otherwise processed, and in the context of the extent to which the personal data are or will be processed. Every reasonable step must be taken to correct or erase inaccurate personal data. Personal data must be processed in a manner that ensures an appropriate level of security and confidentiality, including in order to prevent unauthorised access to and use of personal data and of the means used to process personal data.

The data subject shall have the right to access the data collected concerning him or her and to exercise this right in a simple and reasonable manner, in order to establish and verify the lawfulness of the processing. The In particular, the data subject has the right to have his/her personal data erased and no longer processed if the collection or other processing of the personal data is no longer necessary in relation to the original purposes of the data processing, or if the data subjects have withdrawn their consent to the processing of the data, or if the processing of their personal data is otherwise not in accordance with the law.

If the data subject submits a request for access or rectification to the Data Controller in writing – including electronically

–, the Data Controller must provide adequate and understandable information within one month of the submission of the request.

6.4. Right to data portability

The data subject has the right to receive the personal data concerning him/her, which he/she has provided to the Data Controller, in a structured, commonly used and machine-readable format and to transmit these data to another Data Controller.

6.5. Right to object, withdrawal

The data subject has the right to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him or her which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller, or which is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, including profiling based on the aforementioned provisions. The data subject has the right to withdraw his or her consent at any time. In the event of objection or withdrawal, the Data Controller may no longer process the personal data, unless there are compelling legitimate grounds for doing so which override the interests, rights and freedoms of the data subject or which are related to the establishment, exercise or defence of legal claims.

6.6. Legal remedies

The data subject’s legal remedies are provided for in Act CXII of 2011 on the right to informational self-determination and freedom of information. Act (Infotv.) and the provisions of Act V of 2013 on the Civil Code (Ptk.), you may exercise your right to may also request the assistance of the National Data Protection and Freedom of Information Authority in matters concerning the data subject.

In addition, in the event of a violation of the law, the data subject also has the right to judicial remedy. In order to enforce his right to judicial remedy, he may apply to court against the Data Controller in connection with data processing operations if, in his opinion, the Data Controller or the Data Controller acting on his behalf or on his instructions processes his personal data in violation of the provisions set out in law or in a binding legal act of the European Union regarding the processing of such data.

6.7. Data protection authority procedure

Name: National Data Protection and Freedom of Information Authority
Registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, Pf.: 5.
Telephone: +36 (1) 391 1400
Fax: +36 (1) 391 1410
Email: ugyfelszolgalat@naih.hu
Website: www.naih.hu

7. Other provisions

When collecting data, the Data Controller will inform the data subject about data processing not listed or detailed in this information. We inform our clients that the court, the prosecutor, the investigating authority, the misdemeanor authority, the administrative authority, the National Data Protection and Freedom of Information Authority, or other bodies authorized by law may contact the Data Controller to provide information, communicate, transfer data, or make documents available, and the Data Controller is obliged to cooperate in providing the data. The Data Controller shall only provide personal data to the authorities – if the authority has specified the precise purpose and scope of the data – to the extent and insofar as this is absolutely necessary to achieve the purpose of the request.

2022. 06. 01.