(Download/print the document HERE)

Privacy Policy

1. Identification of controller
We inform you that the website http://nomadpicnic.hu/ is run by
NOMÁD PICNIC Bográcsgyártó Korlátolt Felelősségű Társaság
(NOMÁD PICNIC Bográcsgyártó Limited Liability Company)
Short name: NOMÁD PICNIC Kft.
Registration number: 03-09-133909
Tax number: 27996041-2-03
Headquarters: 50, Dózsa György Street, 6448 Csávoly, Hungary (Magyarország,
6448 Csávoly, Dózsa György út 50.)
Postal address: 50, Dózsa György Street, 6448 Csávoly, Hungary (Magyarország,
6448 Csávoly, Dózsa György út 50.)
Telephone: +36 30 831 9714
E-mail address: nomad@nomadpicnic.hu
Website: http://nomadpicnic.hu/
(Controller hereafter).

2. Legal requirements concerning processing, scope of present policy
2.1. Controller uses information about Users primarily based on these regulations:
– Regulation (EU) 2016/679 of the European Parliament and of the Council
of 27 April 2016 on the protection of natural persons with regard to the
processing of personal data and on the free movement of such data, and
repealing Directive 95/46/EC (General Data Protection Regulation),
(GDPR hereafter),
– Regulation CVIII of 2001 on Electronic commercial services and services
related to some aspects of information society (az elektronikus
kereskedelmi szolgáltatások, valamint az információs társadalommal
összefüggő szolgáltatások egyes kérdéseiről szóló 2001. évi CVIII.
törvény (Ekertv.)).

2

2.2. Present notice covers data management during using http://nomadpicnic.hu/
web page (web page hereafter).
2.3. In accordance with present notice User: natural persons browsing the website
who are involved in data management.

3. Processing related to information technology data collection
3.1. The Data Controller uses so-called cookies to collect technical data necessary
for the proper functioning of the website.
3.2. Controller represent a specific reference for visitors of the website: Information
about the use of cookies.

4. Processing related to receiving and answering messages
4.1. Concerned parties in processing: Users sending messages to the Data
Controller by e-mail using the e-mail address(es) indicated on the website.
4.2. Legal basis of data processing: User’s consent according to GDPR Article 6,
Paragraph (1), Point a). The User provides consent by sending the e-mail
message.
User is entitled to withdraw his/her consent at any time. The withdrawal of
consent shall not affect the lawfulness of processing before its withdrawal. If
the User withdraws their consent before replying to the message, the Controller
will not continue the exchange of messages and will not answer the previously
asked questions, as it must delete the data processed on the basis of the consent.
4.3. Determining the scope of data handled:
The following data of User who sent a message:
– name,
– e-mail address,
– subject of the message,
– content of the message.
4.4. Purpose of data management: to ensure exchange of messages between
Controller and User.

3

4.5. Duration of data management: until answering a request or accomplishing
User’s claim in case no contract follows the message exchange. Afterwards,
Controller deletes data that is handled for these purposes. If there are more
exchanges of messages, data are erased after the claim has been accomplished.
If a contract is concluded as a result of the exchange of messages, and the
content of the messages is relevant from the point of view of the contract, in
that case, the Data Controller will process the data based on its legitimate
economic interest until the expiration of the statute of limitations for claims
arising from the contractual relationship – which is, in general, 5 years from
when the claim became due. Any interruption of the statute of limitations
extends the duration of data management until the new date of the statute of
limitations.
4.6. Method of data storage: in a separate data file in the information technology
system of Controller.

5. Forwarding data
5.1. Controller does not forward data to third parties.
5.2. Controller forwards data solely in case of any legal obligations. In such cases
Controller forward data to authorities.

6. Using data processing
Controller draws on the following businesses to process data.
6.1. Storage space service provider
6.1.1. Data subjects involved in the processing: Users visiting website.
6.1.2. Controller uses
Rackhost Informatikai Zártkörűen Működő Részvénytársaság
(Rackhost Informatikai Private Limited Company)
Short name: Rackhost Zrt.
Registration number: 06-10-000489
Tax number: 25333572-2-06

4

Headquarters: 41, Tisza Lajos Boulevard, 6722 Szeged, Hungary
(Magyarország, 6722 Szeged, Tisza Lajos körút 41.)
Postal address: 41, Tisza Lajos Boulevard, 6722 Szeged, Hungary
(Magyarország, 6722 Szeged, Tisza Lajos körút 41.)
Telephone: +36 1 445 1200
E-mail address: info@rackhost.hu
Website: https://www.rackhost.hu/
as website storage place provider (Data Processor hereafter).
6.1.3. Defining the scope of data involved in data processing: this potentially relates
to all information mentioned in present policy.
6.1.4. Purpose of using data processor: To ensure functioning of website in an
information technological way by using electronical host that is necessary
for it.
6.1.5. Method of data processing: is done electronically, the processing of the data
only means providing the storage space necessary for the operation of the
website in the IT sense.

6.2. Website developer
6.2.1. Data subjects involved in the processing: Users visiting website
6.2.2. Controller uses
Bircsák Vivien e. v.
(Damina Anikó individual entrepreneur)
Registration number: 52554696
Tax number: 69000759-1-23
Headquarters: 79, Nagy Street, 6449 Mélykút, Hungary (Magyarország,
6449 Mélykút, Nagy utca 79.)
Postal address: 79, Nagy Street, 6449 Mélykút, Hungary (Magyarország,
6449 Mélykút, Nagy utca 79.)
individual entrepreneur – the developer of the website – as a data processor
(Controller hereafter)
6.2.3. Defining the scope of data involved in data processing: this potentially relates
to all information mentioned in present policy.

5

6.2.4. Purpose of using data processor: ensuring the operation of the website in the
information technology sense.
6.2.5. Method of data processing: is done electronically, the processing of the data
only means the technical operations necessary for the IT operation of the
website’s software.

6.3. Data procession in connection with the software and host of electronical mails.
6.3.1. Data subjects involved in the processing: those who are marked in present
notice, those with whom Data manager keeps contact via electrical mails.
6.3.2. Controller uses
Rackhost Informatikai Zártkörűen Működő Részvénytársaság
(Rackhost Informatikai Private Limited Company)
Short name: Rackhost Zrt.
Registration number: 06-10-000489
Tax number: 25333572-2-06
Headquarters: 41, Tisza Lajos Boulevard, 6722 Szeged, Hungary
(Magyarország, 6722 Szeged, Tisza Lajos körút 41.)
Postal address: 41, Tisza Lajos Boulevard, 6722 Szeged, Hungary
(Magyarország, 6722 Szeged, Tisza Lajos körút 41.)
Telephone: +36 1 445 1200
E-mail address: info@rackhost.hu
Website: https://www.rackhost.hu/
As Data Processor which is the developer and maintainer of the service
provider of host and developer of software used for electrical mails. (Data
Processor hereafter)
6.3.3. Defining the scope of data involved in data processing: first of all, the name
and e-mail address of those concerned, secondly further data of those
concerned that has been sent in electrical mails.
6.3.4. Purpose of using data processor: to ensure functioning electrical mails.
6.3.5. Method of data processing: is done electronically, the processing of the data
only means ensuring the functionality of the software or the storage space
necessary for the operation of electronic correspondence in the IT sense.

6

6.4. Controller makes use no other Data managers apart from those described
above or those mentioned in document of Information about using cookies.
6.5. Controller enters into data processing contracts with mandatory content with
data processors used by Controller in order to comply with relevant legislation
and to guarantee an adequate level of data security.

7. Data protection, data safety
7.1. Controller assures the safety of data and through technical and organizational
actions, as well as internal rules of procedure ensures that laws and other data
and secret protection rules are kept. Controller protects data especially against
illegal access, change, forwarding, making public, deletion or effacement of
data, moreover, it protects against accidental effacement and damage, as well
as inaccessibility of data as a result of change in applied technology.
7.2. Processing takes place to reach articulated and legal goals described in present
policy to a necessary and proportional degree, based on relevant laws and
recommendations, keeping appropriate safety measures.
7.3. The Data Controller stores the managed data in a data file recorded in the form
of protected data files, separated for each data management purpose, which
can be accessed by the Data Controller’s specific employees performing tasks
related to the activities specified in this information sheet, whose job
responsibility is to protect the data and handle it responsibly in accordance
with this information sheet and the relevant legislation.
7.4. The Controller concludes a data processing contract with the data processors
it uses with mandatory content to comply with the relevant legislation and to
guarantee an adequate level of data security.

8. User’s rights concerning data processing
8.1. Right to information
8.1.1. By reading this data processing information, the User can find out about data
management at any time. Verbal information can also be provided at the User’s
request, provided that the User’s identity has been verified in another way. The

7

User may request information during and after being involved in data
management. The information covers all essential details of data processing,
as well as the method of exercising the User’s rights. Upon the User’s request,
the Controller will also inform the User of the measures taken based on the
User’s requests – or of the reason for their failure, indicating the forums
available for presenting the complaint.
8.1.2. Providing information is free of charge. If User’s request is obviously
unfounded, or – especially for its repeated nature – exaggerated, Controller
a) might charge a reasonable price, or
b) might deny taking actions based on request,
considering data requested, or administrative costs of measures to be taken
to fulfil request.
8.1.3. As soon as possible from the submission of the request (without undue delay),
but within one month at the latest, the Controller shall provide the access
described above.

8.2. Right to access
8.2.1. The User has the right to access the data processed about him. In the event of
such a request, the Controller shall inform the User of whether data processing
is in progress with regard to the User’s personal data, as well as of all relevant
circumstances related to the specific data processing.
8.2.2. Pursuant to the right of access, the User may request a copy of his personal
data managed by Controller, which the Controller will provide free of charge
for the first time. For additional copies, Controller calculates a reasonable fee
based on administrative costs.
8.2.3. The copy is provided by Controller in a widely used electronic format, unless
the User requests otherwise.
8.2.4. As soon as possible from the submission of the request (without undue delay),
but within one month at the latest, the Controller shall provide the access in
accordance with the above.

8

8.3. Right to correction
8.3.1. The User has the right to request that the Controller correct inaccurate personal
data relating to him/her without undue delay.
8.3.2. Considering the goal of processing, User has the right to ask for completing
their missing personal data – for example through an additional declaration.
8.3.3. At the user’s request, Controller shall correct without undue delay or, in
justified cases, supplement inaccurate personal data relating to him/her.

8.4. Right to cancellation
8.4.1. The User has the right to request that Controller delete personal data
concerning him/her without undue delay, and the Controller is obliged to
delete personal data concerning the User without undue delay if one of the
following reasons exists:
a) personal data is no longer needed for reasons they were recorded, or were
handled differently;
b) User withdraws their consent to processing, and there are no other legal
bases for it (of the data processing that is the subject of this information,
it only exists in the case of data processing performed on the basis of
legitimate interest, presented in the following chapter:
4. Processing related to receiving and answering messages;
c) User objects to processing and there are no prior rightful reasons for
processing (of the data processing that is the subject of this information, it
only exists in the case of data processing performed on the basis of
legitimate interest, presented in the following chapter:
3. Technical data processing related to ensuring the operation of
information technology services based on legitimate interest);
d) personal data was processed illegally;
e) personal data must be deleted to fulfil legal obligations claimed by
European Union or member state laws.

8.4.2. The Controller is not obliged to delete the data necessary for the submission,
validation and protection of legal claims, even in the event of a request from
the User, nor those whose treatment is necessary to protect the vital interests
of the User or other natural person, or to fulfil an obligation under EU or

9

member state law applicable to the Controller. By default, however, after the
retention period has expired, the Controller deletes the data without a request.

8.5. Right to limitation of processing
8.5.1. At the User’s request, the Data Manager limits data processing if one of the
following is met:
a) User disputes accuracy of personal data, in this case limitation exceeds for
the period that enables Controller to check the accuracy of personal data;
b) processing is illegal, and User objects against deleting their data and asks
for limitation of use;
c) Controller does not need personal data for processing, however, concerned
party lays claim to them in order to propose, realize or protect legal
demands; or
d) User objected to data management; in this case, the restriction applies to
the period until it is determined whether the legitimate interests of the
Controller take precedence over the legitimate interests of the User (of the
data processing that is the subject of this information, it only exists in the
case of data processing performed on the basis of legitimate interest,
presented in the following chapter:
3. Technical data processing related to ensuring the operation of
information technology services based on legitimate interest).
8.5.2. If data management is subject to restrictions, such personal data, with the
exception of storage, will only be processed by the Controller with the consent
of the User, or to submit, enforce or defend legal claims, or to protect the rights
of other natural or legal persons, or in the important public interest of the
European Union or a member state.
8.5.3. The Controller informs the User, who contested the accuracy of the personal
data, and the data processing was restricted based on this, of the lifting of the
data processing restriction in advance.

8.6. Notification obligation related to the correction or deletion of personal data,
or the limitation of data processing
Controller informs the User and all those recipients that are provided with
information about the correction, limitation and deletion. Notification might

10

be neglected if it seems to be impossible, or requires unreasonable efforts.
Controller informs User on demand about these addressees.

8.7. Right to portability of data
8.7.1. User has the right to get personal data about themselves in an articulate, widely
used format, readable on devices, furthermore, has the right to forward these
pieces of information to another Controller without the obstruction of
Controller that has User’s data according to User’s consent, if:
a) processing is based on User’s consent or contract concluded with him/her;
and
b) processing is automatized.
8.7.2. Among the data processing that are the subject of this information, the data
processing presented in the following chapter meets the above conditions, so
the right to data portability can be exercised with regard to this:
a) completed on the basis of consent:
3. Technical data processing related to ensuring the operation of
information technology services based on consent.

8.7.3. Practising the right to portability of data, User has the right – if it is technically
practicable – to ask Controllers to forward information between each other
directly.

8.8. Right to objection
8.8.1. User may object to the processing of his/her personal data based on legitimate
interest at any time for reasons related to his/her own situation.
8.8.2. In such cases, Controller can handle personal information any longer only if
Controller proves that there are obligatory rightful reasons for processing,
having priority over User’s interests, rights and freedoms, or reasons that are
related to proposal, enforcement or defence of legal demands.
8.8.3. Among the data processing that are the subject of this information, the User
can exercise his right to protest with respect to the data processing presented
in the following chapter on data processing carried out with the legal basis of
legitimate interest:
3. Technical data processing related to ensuring the operation of
information technology services based on legitimate interest.

11
9. Fulfilling of User’s requests
9.1. Controller offers notification and taking actions for free, as described in Point
8. If User’s request is obviously unfounded, or – especially for its repeated
nature – exaggerated, Controller
a) might charge a reasonable price, or
b) might deny taking actions based on request,
considering data requested, or administrative costs of measures to be taken to
fulfil request.
9.2. Controller informs User without any unreasonable delay, but maximum one
month after receiving the request about actions that has been taken, including
issuing copies of data. If necessary, considering the complexity of request and
numbers of requests this deadline can be made longer with additional two
months. Controller informs User about elongation of deadline together with
indicating reasons of delay within one month after receiving the request. If
concerned User sends their request electronically, Controller provides
information electronically, except when concerned User asks for it in a
different way.
9.3. If Controller does not take any steps as reaction to User’s request, without
delay but within maximum of one month after receiving the request,
Controller informs User about reasons why there have been no actions taken,
and about the possibility of filing a complaint at Authority mentioned in Point
10 and can have the right to legal remedy described there as well.
9.4. User can hand in their request to Controller in any way that identifies them.
Identifying Users who hand in a request is necessary because Controller can
deal with only those requests that are entitled. If Controller has justified doubts
about the identity of natural person handing in a request it can ask for other
pieces of information to assure the identity of concerned User.
9.5. User can send their requests to Controller to the address 50, Dózsa György
Street, 6448 Csávoly, Hungary (Magyarország, 6448 Csávoly, Dózsa
György út 50.) or to the e-mail address nomad@nomadpicnic.hu Controller
considers requests sent in e-mail genuine only if it was sent from an e-mail
address registered at Controller’s database. However, using another e-mail

address does not mean in observance of such requests. Time of receiving e-
mails is the first day after the e-mail was sent.

12

10. Prosecution of rights
Concerned parties may practice their prosecution of rights in front of a jury and also
can turn to the National Authority for Data Protection and Freedom of Information:
Nemzeti Adatvédelmi és Információszabadság Hatóság
(National Authority for Data Protection and Freedom of Information)
Address: 9-11. Falk Miksa Street, Budapest 1055, Hungary (Magyarország, 1055
Budapest, Falk Miksa utca 9-11.)
Postal address: P.O. Box 9 Budapest 1363, Hungary (Magyarország, 1363
Budapest, pf. 9.)
Telephone: +36 1 391 1400
Fax: +36 1 391 1410
E-mail: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu/
In case choosing a process involving a courthouse, the lawsuit – based on concerned
User’s choice – can be initiated at the courthouse in concerned person’s residence or
place of stay, as courthouses are competent in confiscation of such a lawsuit.

24 September 2023

NOMÁD PICNIC Kft.