Used Car Advisor

Privacy Policy

Adatkezelési tájékoztató magyar nyelven

Last updated:

1. PURPOSE OF THE DATA PROCESSING NOTICE

Sato Maasaki, sole proprietor (hereinafter referred to as the Service Provider, Data Controller), as a data controller, acknowledges the content of this legal notice as binding upon itself.

It undertakes to ensure that all data processing related to its activities complies with the requirements set forth in this policy, applicable national laws, and the legal acts of the European Union.

This data processing notice applies to the following domain and its subdomains:

usedcar.hu

The data protection guidelines related to the Data Controller’s data processing are continuously available at usedcar.hu/privacy-policy.

The Data Controller reserves the right to modify this notice at any time. Any changes will be communicated to the affected parties in a timely manner. If you have any questions related to this notice, please write to us, and we will respond to your inquiry.

The Data Controller is committed to protecting the personal data of its clients and partners and considers it of utmost importance to respect their right to informational self-determination. The Data Controller treats personal data confidentially and takes all security, technical, and organizational measures necessary to ensure data security.

The Data Controller outlines its data processing principles below and presents the expectations it has set for itself as a data controller. These principles comply with applicable data protection laws, particularly:

  • Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Infotv.);
  • Act V of 2013 on the Civil Code (Ptk.);
  • Act CLV of 1997 on Consumer Protection (Fgytv.);
  • Act XIX of 1998 on Criminal Procedure (Be.);
  • Act C of 2000 on Accounting (Számv. tv.);
  • Act CVIII of 2001 on Electronic Commerce Services and Certain Issues Related to the Information Society (Eker. tv.);
  • Act C of 2003 on Electronic Communications (Eht.);
  • Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (Grt.);
  • Act CLIX of 2012 on Postal Services (Postatv.).

1.1 Definitions:

1.1.1 Data Subject: 

Any identified or identifiable natural person based on specific personal data, directly or indirectly.

1.1.2 Personal Data: 

Any data relating to the Data Subject, particularly their name, identification number, or one or more physical, physiological, mental, economic, cultural, or social attributes, as well as any conclusions that can be drawn regarding the Data Subject.

1.1.3 Consent: 

A voluntary and explicit declaration of the Data Subject’s wishes, based on adequate information, whereby they give their unambiguous consent to the processing of their personal data, either in full or for specific operations.

1.1.4 Data Controller: 

A natural or legal person, or an entity without legal personality, that alone or jointly determines the purpose of data processing, makes and executes decisions related to data processing (including the tools used) or has these executed by a data processor.

1.1.5 Data Processing: 

Any operation or set of operations performed on data, regardless of the procedure used, including collection, recording, organization, storage, modification, use, retrieval, transmission, disclosure, coordination, or combination, blocking, deletion, and destruction, as well as preventing further use of the data, capturing images, sound, or video recordings, and recording physical characteristics suitable for identifying a person (e.g., fingerprint, palm print, DNA sample, iris image).

1.1.6 Data Transmission: 

Making data accessible to a specific third party.

1.1.7 Disclosure: 

Making data accessible to anyone.

1.1.8 Data Deletion: 

Rendering data unrecognizable in a way that makes it impossible to restore.

1.1.9 Data Processing Operations: 

The execution of technical tasks related to data processing operations, regardless of the method and tools used for execution, as well as the location of application, provided that the technical task is performed on the data.

1.1.10 Data Processor: 

A natural or legal person, or an entity without legal personality, that processes data based on a contract, including contracts mandated by legal provisions.

1.1.11 Data Protection Incident: 

The unlawful processing or handling of personal data, particularly unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as accidental destruction or damage.

2. DATA CONTROLLER INFORMATION

If you wish to contact the company, you can reach the Data Controller via email at contacts@usedcar.hu.hu or by phone at +36 30 255 9201.

  • Name: Sato Maasaki ev.
  • Registered Address: 1193 Budapest, Derkovits Gyula Street 53.
  • Tax Number: 58486043-1-43
  • EV Registration Number: 56983489
  • Phone Number: +36 30 255 9201
  • Emailcontact@usedcar.hu

2.1 DATA PROTECTION OFFICER

The Data Controller does not engage in any activities that would necessitate the appointment of a Data Pro tection Officer.

Data Controller
Name: Sato Masaaki
Address: 1193 Budapest, Derkovits Gyula utca 53.
Phone Number: +36 30 255 9201
Email: contacts@usesdcar.hu

3. SCOPE OF PROCESSED PERSONAL DATA

3.1. TECHNICAL DATA

The Data Controller selects and operates the IT tools used for processing personal data in a manner that ensures the data:

  • Is accessible to authorized persons (availability);
  • Its authenticity and verification are ensured (data processing authenticity);
  • Its integrity is maintained (data integrity);
  • Is protected against unauthorized access (data confidentiality).

The Data Controller protects the data with appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as accidental loss or damage.

The Data Controller ensures the security of data processing through technical, organizational, and administrative measures that provide an adequate level of protection against the risks associated with data processing.

The Data Controller maintains confidentiality during data processing by ensuring that information is accessible only to those authorized; integrity by protecting the accuracy and completeness of information and its processing methods; and availability by ensuring that authorized users can access the information when needed, along with the necessary tools.

We remind data providers that if they provide personal data not belonging to themselves, it is their responsibility to obtain the consent of the affected person.

3.2 COOKIES

3.2.1 PURPOSE OF COOKIES

Cookies collect information about visitors and their devices; they remember individual user settings, which may be utilized during online transactions to avoid re-entering data; they facilitate website usage; provide a high-quality user experience; and contribute to visitor statistical data collection.

For a personalized service, small data packages, known as cookies, are placed on the user’s computer and retrieved during later visits. If the browser returns a previously saved cookie, the cookie provider can link the user’s current visit with previous ones, but only concerning its own content.

Some cookies do not contain personally identifiable information, while others store a randomly generated secret numerical code, which enables user identification.

3.2.2 ESSENTIAL SESSION COOKIES

The website usedcar.hu does not use cookies for this purpose.

3.2.3 THIRD-PARTY COOKIES (ANALYTICS)

The website usedcar.hu utilizes Google Analytics, a third-party service. Google Analytics collects statistical data regarding how visitors use the website. This data is used to improve the website and enhance the user experience. These cookies remain on the visitor’s computer or browsing device until they expire or are manually deleted.

3.2.4 LEGAL BASIS FOR COOKIE PROCESSING

The legal basis for cookie processing is the user’s consent, in accordance with Article 6(1)(a) of the relevant regulation.

If cookies are not accepted, certain features of the websites listed in section 3.2.3 may not be available, or some functions may not operate correctly.

More information about deleting cookies in common browsers can be found at the following links:

  • Firefox: Deleting cookies from your computer
  • Chrome: Clear cache & cookies
  • Safari: Manage cookies and website data in Safari on Mac

3.2.5 LIST OF COOKIES USED ON THE DATA CONTROLLER’S WEBSITES

Cookie Policy

4 GENERAL DATA PROCESSING PRINCIPLES, DATA PROCESSING NAME, USAGE, LEGAL BASIS, AND RETENTION PERIOD

The data processing activities of the Data Controller are based on voluntary consent or legal authorization. In cases where data processing is based on voluntary consent, the data subjects may withdraw their consent at any stage of the data processing.

In certain cases, the processing, storage, and transmission of certain data are required by law, and we will inform our clients separately in such instances. We remind those providing data to the Data Controller that if they provide personal data of others instead of their own, it is their responsibility to obtain the data subject’s consent. The data processing principles of the Data Controller comply with the applicable data protection laws, particularly the following:

  • Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Infotv.).
  • Regulation (EU) 2016/679 of the European Parliament and the Council (April 27, 2016) on the protection of natural persons concerning the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation, GDPR).
  • Act V of 2013 on the Civil Code (Ptk.).
  • Act C of 2000 on Accounting (Számv. tv.).
  • Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing (Pmt.).
  • Act CCXXXVII of 2013 on Credit Institutions and Financial Enterprises (Hpt.).

The Data Controller has created data mapping, based on which the scope of processed data, its usage, legal basis, and retention period have been determined.

4.1 DATA RELATED TO ONLINE ORDERS

Currently, it is not possible to order services through the website, and no related data is stored.

4.2 DATA RELATED TO ONLINE ADMINISTRATION

Personal data collected during contact:

  • Name (mandatory field)
  • Email address (mandatory field)

Purpose and intended use of data processing:

The data is used for communication and fulfilling orders.

  • Legal basis for data processing: Voluntary consent.
  • Retention period: Duration of the business relationship or upon deletion request.

4.3 DATA RELATED TO TELEPHONE ADMINISTRATION

Currently, telephone contact is not available through the website; this function is planned for the future.

Personal data collected during contact:

  • Name (mandatory field)
  • Phone number (optional field, can be provided for callback requests).

Purpose and intended use of data processing:

The data is used for communication and fulfilling orders.

  • Legal basis for data processing: Voluntary consent.
  • Retention period: Duration of the business relationship or upon deletion request.

4.4 DATA RELATED TO NEWSLETTERS/EDM

Currently, the website does not include a newsletter or EDM service, and no related data is stored.

4.5 CUSTOMER CONTACT DATA

We store the following personal data and contact details of customers and their representatives:

  • Name
  • Email address
  • Phone number

Purpose and intended use of data processing:

The data is used for communication and maintaining contact.

  • Legal basis for data processing: Legitimate interest.
  • Retention period: Duration of the business relationship or upon deletion request.

4.6 PERSONAL DATA REQUIRED FOR REGISTRATION

The website does not require or allow registration, and no related data is stored.

4.7 PERSONAL DATA REQUIRED FOR PURCHASE

Currently, the website does not include an online store module, and no related data is stored.

4.8 DATA RELATED TO BILLING

Currently, the website does not include an online store module, and no related data is stored.

4.9 WARRANTY ADMINISTRATION

Currently, the website does not include an online store module, and no related data is stored.

4.10 HANDLING OF CONSUMER PROTECTION COMPLAINTS

Currently, the website does not include an online store module, and no related data is stored.

5. PHYSICAL STORAGE LOCATIONS OF DATA

Your personal data (i.e., data that can be linked to your person) may be processed in the following ways:

  • On the one hand, technical data related to your computer, browser, internet address, and the pages visited are automatically generated in our computer system in connection with maintaining an internet connection.
  • Currently, no other personal data is generated in our system.

6. DATA TRANSFER, DATA PROCESSING, AND ACCESS TO DATA

As part of its business activities, the Data Controller uses the following data processors:

Hosting Service Provider:

  • Company name: Sybell Informatika Kft.
  • Headquarters: 1158 Budapest, Késmárk u. 7/B 2. em. 206.
  • Tax number: 25859502-2-42
  • Company registration number: 01-09-293034
  • Email address:  hello@sybell.hu

Google Analytics:

  • Provider: Google Inc., Mountain View, California, USA
  • Data accessed: The anonymized, non-personally identifiable IP addresses of visitors to the usedcar.hu website.

6.1 TRANSFER TO THIRD COUNTRIES

Data transfer occurs in the United States of America, for which an adequacy decision was adopted on July 12, 2016
(https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en).

The adequacy decision is valid for Google as a data processor (https://policies.google.com/privacy/frameworks).

7 RIGHTS OF THE DATA SUBJECT AND MEANS OF LEGAL REMEDY

The data subject may request information about the processing of their personal data and may request the correction or—except in cases of mandatory data processing—deletion and withdrawal of their personal data. They may also exercise their right to data portability and objection in the manner indicated at the time of data collection or via the contact details of the data controller mentioned above.

7.1 RIGHT TO INFORMATION

The data controller takes appropriate measures to provide the data subjects with all information regarding the processing of personal data, as mentioned in Articles 13 and 14 of the GDPR, and all notifications required under Articles 15–22 and 34, in a concise, transparent, intelligible, and easily accessible form, clearly and in plain language.

At the request of the data subject, Sato Maasaki EV., as the Data Controller, provides information regarding the data processed by it or by a processor acting on its behalf, including their source, purpose, legal basis, duration, the name and address of the processor, and its activities related to data processing. Additionally, in case of a data breach, it provides information about the circumstances, effects, and remedial measures taken. If data has been transferred, the legal basis and recipient of the transfer are also provided. The Data Controller responds to the request as soon as possible, but no later than 30 days, in an easily understandable format and, upon the data subject’s request, in writing. This information is provided free of charge unless the requester has already submitted an identical request regarding the same data set within the current year. In other cases, the Data Controller may charge a fee.

7.2 RIGHT OF ACCESS

The data subject has the right to receive confirmation from the Data Controller as to whether their personal data is being processed. If such processing is taking place, they are entitled to access their personal data and the following information:

  • The purposes of the data processing;
  • The categories of personal data concerned;
  • The recipients or categories of recipients to whom the personal data has been or will be disclosed, including particularly third-country recipients or international organizations;
  • The expected duration of personal data storage;
  • The right to rectification, deletion, restriction of processing, and objection;
  • The right to file a complaint with a supervisory authority;
  • Information on data sources;
  • The fact of automated decision-making, including profiling, and meaningful information about the applied logic, as well as the significance and potential consequences of such processing for the data subject.

The Data Controller provides the requested information within a maximum of one month from the submission of the request.

7.3 RIGHT TO RECTIFICATION

The data subject has the right to request the correction of inaccurate personal data processed by the Data Controller and the completion of incomplete data. The Data Controller corrects the personal data if it does not reflect reality and if the accurate data is available.

7.4 DATA LOCKING AND MARKING

The Data Controller locks personal data if the data subject requests it or if, based on available information, it can be assumed that deletion would violate the data subject’s legitimate interests. The locked personal data may only be processed as long as the purpose of data processing that justified the restriction exists. The Data Controller marks personal data if its accuracy or correctness is disputed by the data subject, but the inaccuracy or incorrectness cannot be clearly established.

7.5 RIGHT TO ERASURE

The data subject has the right to request the deletion of their personal data without undue delay if one of the following reasons applies:

  • The personal data is no longer necessary for the purpose for which it was collected or otherwise processed;
  • The data subject withdraws their consent, which was the legal basis for the processing, and there is no other legal ground for the processing;
  • The data subject objects to the processing, and there is no overriding legitimate reason for the processing;
  • The personal data was processed unlawfully;
  • The personal data must be deleted to comply with a legal obligation under EU or Member State law applicable to the Data Controller;
  • The personal data was collected in connection with the offering of information society services.

However, the request for deletion cannot be fulfilled if the processing is necessary:

  • To exercise the right to freedom of expression and information;
  • To comply with a legal obligation requiring processing under EU or Member State law, or to perform a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
  • For reasons of public health, or for archiving, scientific, or historical research purposes or statistical purposes in the public interest;
  • For the establishment, exercise, or defense of legal claims.

The Data Controller has 30 days to delete, lock, or rectify personal data. If the Data Controller refuses to comply with the data subject’s request for rectification, locking, or deletion, it must provide written reasons within 30 days or, with the data subject’s consent, electronically. The Data Controller notifies the data subject and all parties to whom the data was previously disclosed of any rectification, locking, marking, or deletion unless this proves impossible or requires disproportionate effort.

7.6 RIGHT TO RESTRICTION OF PROCESSING

The Data Controller restricts data processing at the data subject’s request if one of the following conditions is met:

  • The data subject disputes the accuracy of the personal data, in which case the restriction applies for the period necessary to verify the accuracy of the data;
  • The processing is unlawful, and the data subject opposes the deletion of the data and requests the restriction of its use instead;
  • The Data Controller no longer needs the personal data for processing purposes, but the data subject requires them for the establishment, exercise, or defense of legal claims;
  • The data subject has objected to the processing, in which case the restriction applies until it is determined whether the Data Controller’s legitimate interests override those of the data subject.

7.7 RIGHT TO DATA PORTABILITY

The data subject has the right to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used, and machine-readable format and has the right to transmit those data to another data controller without hindrance from the Data Controller, where the processing is based on consent or a contract and is carried out by automated means.

7.8 RIGHT TO OBJECT

The data subject has the right to object at any time to the processing of their personal data where the processing is based on public interest or the legitimate interest of the Data Controller. In such a case, the Data Controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds that override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.

7.9 AUTOMATED DECISION-MAKING AND PROFILING

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, except where:

  • it is necessary for entering into, or performance of, a contract between the data subject and the Data Controller,
  • it is authorized by Union or Member State law,
  • the data subject has given explicit consent.

7.10 RIGHT TO REMEDY

If the data subject believes that the Data Controller has violated the data protection laws, they have the right to lodge a complaint with the supervisory authority and may seek legal remedy before the courts to enforce their rights.

7.11 COMPENSATION AND DAMAGES

The Data Controller shall compensate for any damage caused to others by the unlawful processing of the data subject’s data or by violating data security requirements. In the event of an infringement of the data subject’s personal rights, the data subject may claim damages for non-material harm (Civil Code, Section 2:52). The Data Controller is also liable for any damage caused by the data processor towards the data subject. The Data Controller shall be exempt from liability if the damage was caused by an unavoidable reason beyond the scope of data processing.

The Data Controller shall not compensate for damages, and damages for non-material harm cannot be claimed to the extent that the damage or the infringement of personal rights was caused by the data subject’s intentional or grossly negligent conduct.

7.12 RIGHT TO TURN TO THE COURT

If the data subject’s rights are violated, they may turn to the court against the Data Controller. The court shall proceed in the case with priority.

Data Protection Authority Procedure

A complaint may be lodged with the National Authority for Data Protection and Freedom of Information:

Name: National Authority for Data Protection and Freedom of Information
Registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, P.O. Box: 5.
Phone: +36 1 391 1400
Fax: +36 1 391 1410
E-mail: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu

8. OTHER PROVISIONS

For data processing activities not listed in this notice, information will be provided at the time of data collection. We inform our clients that the court, the prosecutor, the investigating authority, the misdemeanour authority, the administrative authority, the National Authority for Data Protection and Freedom of Information, the Hungarian National Bank, and other bodies authorized by law may contact the Data Controller for the purpose of providing information, disclosing, transferring data, or making documents available. The Data Controller shall only disclose personal data to authorities if the authority specifies the exact purpose and the scope of the requested data, and only to the extent that is strictly necessary for fulfilling the request.

(This privacy notice was prepared based on the recommendation of the Budapest Chamber of Commerce and Industry.)