Privacy Policy
Updated: 16 October 2025
Introduction
Voxinfo Kft. (1037 Budapest, Bécsi út 269) Tax number: 12180439-2-41; Company registration number: 01-09-562739 (hereinafter referred to as the Service Provider or Data Controller) considers the following policy binding upon itself:
In accordance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR), we provide the following information.
This Privacy Policy governs the processing of personal data related to the following website and services: hungary-vignette.eu
Voxinfo Kft. reserves the right to amend this Privacy Policy unilaterally at any time. The current version of the Privacy Policy is published on the hungary-vignette.eu website. Any amendments to the policy shall become effective upon publication at the aforementioned address.
Data Controller and Contact Details:
Name: Voxinfo Kft.
Registered Office: 1037 Budapest, Bécsi út 269
Business Premises: 1037 Budapest, Bécsi út 269
Email: info@voxinfo.hu
Phone: +36-1-225-7603
Definitions
"Personal data": any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"Processing": any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Data controller": the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
"Data processor": a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
"Recipient": a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
"Consent of the data subject": any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
"Personal data breach": a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Principles relating to the processing of personal data
Personal data shall:
a) be processed lawfully, fairly, and in a transparent manner in relation to the data subject (“lawfulness, fairness and transparency”);
b) be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered incompatible with the original purposes (“purpose limitation”);
c) be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimisation”);
d) be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (“accuracy”);
e) be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1), subject to the implementation of appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (“storage limitation”);
f) be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (“integrity and confidentiality”).
The data controller shall be responsible for, and be able to demonstrate compliance with, the above principles (“accountability”).
The data controller declares that its data processing is carried out in accordance with the principles set out in this section.
Data Processing
Highway Vignette Purchase
The fact of data collection, the scope of the processed data, and the purposes of data processing:
Personal Data – Provided by the Data Subject | Purpose of Data Processing |
|---|---|
Email address* | Communication, sending system messages and emails. |
Vehicle license plate number | Fulfilment of the service |
Phone number | Fulfilment of the service. Communication, more efficient coordination of billing-related matters. If SMS sending is requested, SMS delivery of the confirmation of the highway vignette purchase. |
Billing name and address | Issuance of a valid invoice, as well as the establishment of the contract, definition of its content, modification, monitoring of its fulfilment, invoicing of the resulting charges, and enforcement of related claims. |
Date and time of purchase/registration* | Execution of technical operations. |
IP address at the time of registration* | Execution of technical operations. |
Details of the purchased e- vignette (type, validity period)* | Fulfilment of the service |
The provision of data marked with * is mandatory; without it, the Service cannot be used.
Duration of data processing, deadline for data deletion: If any of the conditions set out in Article 17(1) of the GDPR apply, processing continues until the data subject submits a deletion request. The controller will inform the data subject electronically of the deletion of any personal data provided by the data subject, in accordance with Article 19 of the GDPR. If the deletion request includes the email address provided by the data subject, the controller will delete the email address after providing the notification.
Exception: Accounting documents must be retained for 8 years pursuant to Section 169(2) of Act C of 2000 on Accounting. Contractual data of the data subject may be deleted after the expiry of the civil law limitation period.
Accounting documents that directly or indirectly support bookkeeping (including general ledger accounts, analytical and detailed records) must be retained in a readable format and in a retrievable manner, based on accounting entries, for at least 8 years.
Persons authorized to access the data, recipients of personal data: Personal data may be processed by employees of the data controller who are specifically authorized to do so, under the conditions set out in this privacy notice.
Description of the data subject’s rights regarding data processing:
The data subject may request from the controller access to their personal data, as well as the rectification, erasure, or restriction of the processing of such data, and the data subject has the right to data portability, as well as the right to withdraw consent at any time. Access to personal data, their erasure, modification, or restriction of processing, and data portability may be initiated by the data subject in the following ways:
- by postal mail at the address Voxinfo Kft., 1037 Budapest, Bécsi út 269.
- by email at support@hungary-vignette.eu
Legal basis for data processing:
- Article 6(1)(b) and (c) of the GDPR.
- Section 13/A(3) of Act CVIII of 2001 on certain issues of electronic commerce services and information society services (hereinafter: "Elker Act"):
The service provider may process personal data that is technically essential for the provision of the service. When selecting and operating the tools used for providing information society services, the service provider must ensure that processing of personal data occurs only if it is absolutely necessary for providing the service and for fulfilling other purposes defined by this Act — and even then, only to the extent and for the duration necessary. - If an invoice is issued in compliance with accounting regulations, the legal basis is Article 6(1)(c) of the GDPR.
- For the enforcement of claims arising from the contract, Section 6:21 of Act V of 2013 on the Civil Code provides a 5-year limitation period.
Section 6:22 [Limitation Period]
(1) Unless otherwise provided by this Act, claims shall lapse after five years.
(2) The limitation period begins when the claim becomes due.
(3) An agreement to modify the limitation period must be made in writing.
(4) An agreement excluding limitation is null and void.
Customer Relations
The fact of data collection, the scope of processed data, and the purpose of data processing:
Personal Data | Purpose of Data Processing |
|---|---|
Name, email address, phone number, license plate | Communication, identification, contract performance, business purpose |
Data subjects: All individuals who contact the data controller via phone/email/in person, or are in a contractual relationship with the controller.
Duration of data processing, deadline for data deletion: Data processing continues until the legal relationship between the data controller and the data subject is terminated, or in the case of a contractual relationship, until the expiry of the civil law limitation period.
Persons authorized to access the data, recipients of personal data: Personal data may be processed by employees of the data controller who are authorized to do so, in compliance with the principles outlined above.
Data subjects' rights regarding data processing: The data subject may request access to their personal data from the data controller, as well as the rectification, erasure, or restriction of processing. The data subject also has the right to data portability and to withdraw their consent at any time. Requests for access, deletion, modification, restriction of processing, or data portability can be initiated by the data subject via:
- by postal mail at the address Voxinfo Kft., 1037 Budapest, Bécsi út 269.
- by email at support@hungary-vignette.eu
Legal basis for data processing:
7.1. Article 6(1)(b) and (c) of the GDPR.
7.2. In the case of enforcing claims arising from a contract, Section 6:21 of Act V of 2013 on the Civil Code provides a limitation period of 5 years.
Section 6:22 [Limitation Period]
(1) Unless otherwise provided by this Act, claims shall lapse after five years.
(2) The limitation period begins when the claim becomes due.
(3) An agreement to modify the limitation period must be made in writing.
(4) Any agreement excluding the limitation period is null and void.
Please note that:
- Data processing is necessary for fulfilling the contract and providing quotations.
- You are required to provide your personal data so that we can process your order/request.
- Failure to provide the data will result in our inability to process your order/request.
Data Processors Used
Payment System – Barion Payment Zrt. – Bank Card Payment Provider
I acknowledge that the following personal data stored in the user database of www.hungary-vignette.eu by Voxinfo Kft. (1037 Budapest, Bécsi út 269) as the data controller will be transferred to Barion Payment Zrt. as data processor. The scope of data transferred by the data controller includes: name, email address, billing details. Barion Payment Zrt. provides the payment service as an independent data controller in accordance with its own privacy policy available at: https://www.barion.com/hu/adatvedelmi-tajekoztato
Hosting Provider
Activity carried out by the data processor: Hosting service
Name and contact details of the data processor:
Name: 23VNet Kft.
Address: 1094 Budapest, Liliom u. 24–26.
Phone: +36 1 450 1222
The fact of data processing, scope of processed data: All personal data provided by the data subject.
Data subjects: All users of the website.
Purpose of data processing: To make the website available and ensure its proper functioning.
Duration of data processing, deadline for data deletion: Until the agreement between the data controller and the hosting provider is terminated, or until the data subject requests deletion from the hosting provider.
Legal basis for data processing: Article 6(1)(f) of the GDPR, and Section 13/A(3) of Act CVIII of 2001 on certain aspects of electronic commerce services and services related to the information society.
Data subject’s rights:
You may request information about the circumstances of data processing.
You are entitled to receive confirmation from the data controller as to whether or not your personal data are being processed, and access all related information.
You have the right to receive your personal data in a structured, commonly used and machine-readable format.
You have the right to request that inaccurate personal data be corrected without undue delay.
You may object to the processing of your personal data.
Website Operation
Activity carried out by the data processor: Website operation (monitoring, technical updates, security development, other improvements, maintenance tasks)
Name and contact details of the data processor:
Name: DOCCA OutSource IT Kft.
Address: Budapest, Apor Vilmos tér 25–26.
Email: contact@docca-europe.com
Phone: +36 1 488 7490
The fact of data processing, scope of processed data: All personal data provided by the data subject.
Data subjects: All individuals using the website services, or registered/submitted an order on the website.
Purpose of data processing: Website operation (development, monitoring, bug fixing)
Duration of data processing, deadline for data deletion: Until the agreement between the Service Provider and the website operator is terminated, or until the data subject requests deletion from the website operator.
Legal basis for data processing: Article 6(1)(f) of the GDPR, and Section 13/A(3) of Act CVIII of 2001.
Activity carried out by the data processor: Accounting and invoicing
Name and contact details of the data processor:
Name: aPlus Consulting Kft.
Company registration number: 01 09 910002
Address: 1037 Budapest, Bécsi út 269.
Tax number: 14571961-2-41
Email: penzugy@aplus.hu
The fact of data processing, scope of processed data: Name, billing name, billing address.
Data subjects: All individuals who have placed an order on the website.
Purpose of data processing: Issuing electronic invoices / accounting tasks
Duration of data processing, deadline for data deletion: 8 years, in accordance with Section 169(2) of Act C of 2000 on Accounting.
Legal basis for data processing: Article 6(1)(c) of the GDPR, and Section 13/A(3) of Act CVIII of 2001 on certain aspects of electronic commerce services and services related to the information society.
Recipients to Whom Personal Data May Be Disclosed (Cases of Data Transfers):
Your personal data, in addition to the data processors listed above, may also be transferred to the following recipients based on contracts concluded with them. These data are used exclusively for processing purchases and verifying road usage entitlement, in accordance with data processing and data protection regulations.
| Recipient of the Data Transfer | Transferred Data |
|---|---|
Nationa Mobile Payment Plc. (1027 Budapest, Kapás utca 6–12. Company registration number: 01 10 047569 Tax number: 24151667-2-4) | In the case of highway e-vignette purchases in Hungary, the following data are transferred: vehicle license plate number, country code, vehicle type, details of the purchased vignette (type, validity period) |
| KBOSS.hu Kft. (1031 Budapest, Záhony utca 7/C Company registration number: 01-09-303201 Tax number: 13421739-2-41) | Name, billing information, email address |
| Magyar Telekom Nyrt. (1097 Budapest, Könyves Kálmán körút 36. Company registration number: 01-10-041928 Tax number: 107733812-4-4) | Phone number |
Cookie Management
Our website uses a Cookie Script in compliance with the GDPR and Google Consent Mode v2.
Typical cookies used in online stores include so-called “cookies for password-protected sessions,” “cookies necessary for the shopping cart,” “security cookies,” “necessary cookies,” “functional cookies,” and “cookies responsible for managing website statistics”. The use of these cookies does not require the prior consent of the data subject.
Fact of Data Processing and Scope of Data Processed: Unique identifier, dates, timestamps
Data Subjects: All individuals visiting the website.
Purpose of Data Processing: User identification, tracking the contents of the shopping cart, and monitoring website visits.
Cookie Type | Legal Basis for Processing | Duration of Processing | Processed Data |
|---|---|---|---|
Session cookies | Section 13/A (3) of Act CVIII of 2001 on electronic commerce services and information society services | Until the end of the visitor's session | connect.sid |
Persistent (saved) cookies | Section 13/A (3) of Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services | Until deleted by the data subject | |
Statistical cookies | Section 13/A (3) of Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Services Related to the Information Society | 1–2 months |
Persons authorized to access the data: The data controller does not process personal data through the use of cookies.
Description of data subjects’ rights regarding data processing: Data subjects have the option to delete cookies in their browser’s Tools/Settings menu, usually under the Privacy settings section.
Legal basis for data processing: Consent from the data subject is not required if the sole purpose of using cookies is the transmission of a communication over an electronic communications network or if it is strictly necessary for the service provider to provide an information society service explicitly requested by the subscriber or user.
Use of Google Ads Conversion Tracking
The data controller uses the online advertising program called “Google Ads” and, within its framework, also utilizes Google’s conversion tracking service. Google Conversion Tracking is an analytics service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). When a user accesses the website through a Google advertisement, a cookie required for conversion tracking is placed on their computer. These cookies have a limited validity period and do not contain any personal data, meaning the user cannot be identified through them. If the user browses certain pages of the website and the cookie has not yet expired, both Google and the data controller can see that the user clicked on the advertisement. Each Google Ads client receives a different cookie, so cookies cannot be tracked across the websites of different Ads clients. The information collected through conversion cookies is used to generate conversion statistics for clients who have opted for Google Ads conversion tracking. This allows clients to learn how many users clicked on their ad and were redirected to a page tagged for conversion tracking. However, they do not receive any information that would allow them to identify any individual user. If you do not wish to participate in conversion tracking, you can decline by disabling the option to install cookies in your browser. You will then not be included in conversion tracking statistics. For more information and Google’s privacy policy, please visit: https://policies.google.com/privacy
Use of Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies,” which are text files placed on your computer to help analyze how users use the site. The information generated by the cookie about the use of the website is generally transmitted to and stored on a Google server in the USA. With IP anonymization activated on this website, Google will truncate the user's IP address within the member states of the European Union or in other states that are party to the Agreement on the European Economic Area before transmission. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating the user's use of the website, compiling reports on website activity for the website operator, and providing other services related to website and internet usage. Within the framework of Google Analytics, the IP address transmitted by the user's browser will not be merged with other data held by Google. The user can prevent the storage of cookies by adjusting their browser settings accordingly; however, please note that in this case not all functions of this website may be fully available. Furthermore, the user can prevent the collection and processing of data generated by cookies related to their use of the website (including their IP address) by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=hu
Facebook Pixel
The Facebook Pixel is a code that enables the website to generate reports on conversions, create custom audiences, and provide the site owner with detailed analytics on how visitors use the website. By using the Facebook remarketing pixel tracking code, personalized offers and ads can be displayed to website visitors on the Facebook platform. The Facebook remarketing list cannot be used to identify individuals. More information about Facebook Pixel can be found here: https://www.facebook.com/business/help/651294705016616
Barion Pixel
Barion Pixel is a JavaScript-based tracking code placed on the Merchant’s Website, which monitors the activity of website visitors using cookies placed in their browsers. After the cookie is stored on the visitor's device, Barion Pixel collects data about the website visitors and their browsing behavior and transmits the data directly to the Service Provider's server. The Service Provider uses this data for fraud prevention purposes (for risk analysis and assessment, see Section 5.4 of the Barion Privacy Notice) and for marketing purposes (to examine behavioral patterns for the personalization of advertisements and recommendations, see Section 5.12 of the Barion Privacy Notice), in accordance with the Barion Privacy Notice as in effect at any given time. There are two versions of Barion Pixel: Barion Pixel Basic Version and Barion Pixel Full Version.
Barion Pixel Basic Version: The version of Barion Pixel that collects data exclusively for the purpose of fraud prevention, specifically for risk analysis and assessment.
Barion Pixel Full Version: The version of Barion Pixel that collects data both for fraud prevention through risk analysis and assessment, and for marketing purposes by analyzing behavioral patterns to personalize advertisements and recommendations.
Barion Cookie Notice
Cookie Name | Description and Purpose | Provider | Storage Duration on Your Device |
|---|---|---|---|
ba_vid | Its purpose is to detect credit card fraud during the use of the Barion Smart Gateway service, based on the digital fingerprint of your device and your browsing habits. The use of this cookie is essential for identifying fraudsters. It ensures that the data derived from your browsing behavior can be attributed to a single user. | Barion Payment Zrt. | 1.5 years from the last update |
ba_vid.xxx | Its purpose is to detect credit card fraud during the use of the Barion Smart Gateway service, based on the digital fingerprint of your device and your browsing habits. This cookie allows tracking your browsing behavior across sessions on the given website. It collects the following data: ba_vid, user-related ID generated from a hash of browser characteristics, timestamps of first, current, and last visit on the website, current session ID, and permission for third-party cookies. | Barion Payment Zrt. | 1.5 years from the last update |
ba_sid | Its purpose is to detect credit card fraud during the use of the Barion Smart Gateway service, based on the digital fingerprint of your device and your browsing habits. This cookie ensures session identification across different websites. | Barion Payment Zrt. | 30 minutes |
ba_sid.xxx | Its purpose is to detect credit card fraud during the use of the Barion Smart Gateway service, based on the digital fingerprint of your device and your browsing habits. This cookie ensures session identification within a single website. | Barion Payment Zrt. | 30 minutes |
If the cookie’s lifespan is defined from the time of the last update, it means that each visit extends the cookie’s expiration by 1.5 years from the most recent visit. Data collection resulting from this extension does not require consent. The legal basis for data processing is the legitimate interest of Barion Payment Zrt. in fraud prevention. More information is available here.
Other Technologies – Browser Fingerprinting: Its purpose is to detect fraudulent sessions based on visitor behavior and browser fingerprinting. It helps us identify browsers on individual devices. This technology is used both on the given website and on the websites of other merchants who use the Barion Smart Gateway. Further details can be found in Section 5.4 of the Privacy Policy.
Cookie Name | Description and Purpose | Provider | Storage Duration on Your Device |
|---|---|---|---|
BarionMarketingConsent.xxx | Its purpose is to store your declaration regarding whether you have consented to the collection of data from your browsing habits and the analysis of your purchasing behavior for the purpose of displaying personalized ads and offers. If you have given consent, then data collected by the fraud prevention cookies listed among the essential cookies — based on your browsing behavior — will also be used to analyze purchasing habits and display personalized advertisements and offers. | Barion Payment Zrt. | 1.5 years from the last update |
Media and advertiser partners' cookie | Its purpose is to synchronize and match different user identifiers used by the Barion system and the given partner's system. As part of their operation, these cookies notify the partner’s server to download its own user identifier cookie into the visitor's browser. This way, identifiers created simultaneously in both systems - in the same browser - are matched. | See privacy policy | Detailed information about these cookies can be found in the respective partner's cookie policy. The list of partners using such cookies, along with links to their cookie notices, can be found here. |
Data Processor Partners
As a user of Barion Marketing Cloud and Barion Pixel, the following partners act as data processors:
- DataMe Kft., 1118 Budapest, Ugron Gábor utca 35.
- Dentsu Hungary Kft., 1027 Budapest, Kacsa utca 15–23.
- GroupM, 1123 Budapest, Alkotás utca 53., MOM Park, B/1st floor
- Matterkind CEE, 1082 Budapest, Vajdahunyad utca 41.
- Vodafone Magyarország, 1096 Budapest, Lechner Ödön fasor 6.
Newsletter and Direct Marketing Activities
Data Processor: Founder Bits Inc. DBA BigMailer.io
80 Theodore Fremd Avenue, Rye,
New York 10580,
United States
Customer support: hey@bigmailer.io
According to Section 6 of Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities, the User may give prior and explicit consent for the Service Provider to contact them with advertising offers or other communications via the contact details provided during registration or when placing an order.
Furthermore, taking into account the provisions of this notice, the Customer may consent to the Service Provider processing their personal data necessary for sending advertising offers.
The Service Provider does not send unsolicited advertising messages, and the User may unsubscribe from receiving such offers at any time without restriction or justification, and free of charge. In this case, the Service Provider will delete all personal data necessary for sending advertising messages from its records and will no longer contact the User with advertising offers. The User can unsubscribe from advertisements by clicking the link provided in the message.
Fact of Data Collection, Scope of Data Processed, and Purpose of Processing:
Personal Data | Purpose of Processing |
|---|---|
Name, email address | Identification, enabling newsletter subscription |
Time of subscription | Execution of a technical operation |
IP address at time of subscription | Execution of a technical operation |
Scope of the data subjects: All individuals subscribed to the newsletter.
Purpose of data processing: Sending electronic messages (emails) containing advertisements to the data subject, providing information about current news, products, promotions, new features, etc.
Duration of data processing, deadline for data deletion: Data processing lasts until the withdrawal of the consent declaration, that is, until unsubscription.
Persons authorized to access the data, recipients of personal data: Personal data may be processed by the sales and marketing staff of the data controller, in compliance with the above principles.
Description of data subjects’ rights regarding data processing:
- The data subject may request from the data controller access to personal data concerning them, their rectification, erasure or restriction of processing, and
- may object to the processing of their personal data, and
- the data subject has the right to data portability and to withdraw their consent at any time.
Access to personal data, their deletion, modification, restriction of processing, portability, or objection may be initiated by the data subject in the following ways:
- by post to Voxinfo Kft., 1037 Budapest, Bécsi út 269.,
- by email to support@hungary-vignette.eu,
The data subject may unsubscribe from the newsletter at any time.
Legal basis for data processing: the data subject’s consent, Article 6(1) points a) and f) of the GDPR, and Section 6 (5) of Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities:
The advertiser, the advertising service provider, or the advertising publisher shall maintain a record of the personal data of those individuals who have given consent within the scope defined in the consent. The data recorded in this registry relating to the recipient of the advertisement may only be processed in accordance with the content of the consent until it is withdrawn, and may be transferred to a third party only with the prior consent of the data subject.
Please note that
- data processing is based on your consent and the legitimate interest of the service provider.
- you are required to provide personal data if you wish to receive our newsletter.
- failure to provide the data will result in our inability to send you newsletters.
Complaints Handling and Customer Service
To ensure full communication with customers, we provide the use of a Contact Center.
The "Service Provider" or "Operator" is Daktela s.r.o., with its official registered office at
Vinohradská 2828/151, Praha 3 – Žižkov, 130 00, ID No. 27232263, VAT No. CZ27232263, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert 106338, Phone: +420 226 211 245, Website: http://www.daktela.com, Email: daktela@daktela.com.
Fact of data collection, scope of processed data, and purpose of data processing:
Personal Data | Purpose of Processing |
|---|---|
Surname and first name | Identification, communication |
Email address | Identification, communication |
Phone number | Identification, communication |
License plate number | Identification |
Billing name and address | Identification; handling of quality complaints, questions, and issues related to ordered products |
Scope of the data subjects: All individuals who make purchases on the website and submit complaints or quality objections.
Duration of data processing, deadline for data deletion: The records of the complaints, transcripts, and copies of responses must be retained for 5 years in accordance with Section 17/A (7) of Act CLV of 1997 on Consumer Protection.
Persons authorized to access the data, recipients of personal data: Personal data may be processed by the sales and marketing staff of the data controller, in compliance with the above principles.
Description of data subjects’ rights regarding data processing:
- The data subject may request from the data controller access to their personal data, rectification, deletion, or restriction of processing, and
- the data subject has the right to data portability and to withdraw their consent at any time.
Access to personal data, their deletion, modification, restriction of processing, or portability may be initiated by the data subject in the following ways:
- by post to Voxinfo Kft., 1037 Budapest, Bécsi út 269.,
- by email to support@hungary-vignette.eu,
Legal basis for data processing: the data subject’s consent, Article 6(1)(c) of the GDPR, and Section 17/A (7) of Act CLV of 1997 on Consumer Protection.
Please note that
- providing personal data is based on a legal obligation,
- processing of personal data is a precondition for the conclusion of the contract,
- you are required to provide personal data in order for us to process your complaint,
- failure to provide the data means we will be unable to process your complaint.
Customer Relations and Other Data Processing
If a data subject has any questions or problems while using our services, they may contact the data controller using the contact details provided on the website (telephone, email, social media, etc.).
The data controller deletes the incoming emails, messages, and data provided via phone, Facebook, etc., including the inquirer's name and email address and any other voluntarily provided personal data, no later than 2 years from the time of data provision.
For data processing not listed in this privacy notice, we provide information at the time of data collection.
In case of exceptional official requests or inquiries from other authorities authorized by law, the Service Provider is obliged to provide information, disclose or transmit data, or make documents available.
In such cases, the Service Provider shall only disclose as much personal data to the requesting authority as is strictly necessary to achieve the purpose of the request, provided that the request specifies the exact purpose and the scope of the data required.
Rights of the Data Subjects
Right of access
You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the information listed in the regulation.
Right to rectification
You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay, and the controller shall have the obligation to erase personal data without undue delay under certain conditions.
Right to be forgotten
Where the controller has made the personal data public and is obliged to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
Right to restriction of processing
You have the right to obtain from the controller restriction of processing where one of the following applies:
- You contest the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims;
- you have objected to processing pending the verification whether the legitimate grounds of the controller override yours.
Right to data portability
You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (…).
Right to object
In the case of processing based on legitimate interest or the exercise of public authority, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, including profiling based on those provisions.
Objection in the case of direct marketing
Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Automated decision-making in individual cases, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
This shall not apply if the decision:
- is necessary for entering into, or performance of, a contract between you and a data controller;
- is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
- is based on your explicit consent.
Response deadline
The data controller shall provide information on action taken on your request without undue delay and in any event within one month of receipt of the request.
That period may be extended by two further months where necessary. The controller shall inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.
If the controller does not take action on your request, the controller shall inform you without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
Security of processing
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including, inter alia, as appropriate:
a) the pseudonymisation and encryption of personal data;
b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
Informing the Data Subject About a Personal Data Breach
If the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.
The communication to the data subject shall describe in clear and plain language the nature of the personal data breach and shall contain at least the following information: the name and contact details of the data protection officer or other contact point where more information can be obtained; the likely consequences of the personal data breach; the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
Communication to the data subject shall not be required if any of the following conditions are met:
- the controller has implemented appropriate technical and organisational protection measures, and those measures were applied to the personal data affected by the personal data breach – in particular, those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption;
- the controller has taken subsequent measures which ensure that the high risk to the rights and freedoms of data subjects is no longer likely to materialise;
- it would involve disproportionate effort. In such a case, data subjects shall be informed by means of publicly disclosed information or by similar measures that are equally effective in informing them.
Where the controller has not yet notified the data subject of the personal data breach, the supervisory authority, having considered the likelihood of the breach resulting in a high risk, may require the controller to do so.
Notification of a Personal Data Breach to the Authority
The controller shall notify the personal data breach to the competent supervisory authority pursuant to Article 55 without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification is not made within 72 hours, it shall be accompanied by reasons for the delay.
Right to Lodge a Complaint
In the event of a potential violation of data protection regulations by the controller, you may lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information:
Hungarian National Authority for Data Protection and Freedom of Information (NAIH)
1125 Budapest, Szilágyi Erzsébet fasor 22/C
Mailing address: 1530 Budapest, P.O. Box: 5
Phone: +36-1-391-1400
Fax: +36-1-391-1410
Email: ugyfelszolgalat@naih.hu
Closing Remarks
In the preparation of this privacy notice, we have taken into account the following legal regulations:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR)
- Act CXII of 2011 on the Right to Informational Self-Determination and on Freedom of Information (hereinafter: Infotv.)
- Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Services Related to the Information Society (in particular Section 13/A)
- Act XLVII of 2008 on the Prohibition of Unfair Commercial Practices Against Consumers
- Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (especially Section 6)
- Act XC of 2005 on the Freedom of Electronic Information
- Act C of 2003 on Electronic Communications (specifically Section 155)
- Opinion No. 16/2011 on the EASA/IAB Best Practice Recommendation on Online Behavioural Advertising
- Recommendation of the Hungarian National Authority for Data Protection and Freedom of Information on the Data Protection Requirements of Prior Information
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC
2025.10.16.
Voxinfo Kft.