Privacy Notice
(gift voucher)

1. Controller’s name, registered seat and representative

Registered seat: 8394 Alsópáhok, Fő utca 120.
Official representative: Csaba Baldauf, Managing Director
Contact person for data protection issues: Judit Nyirő

2. Data Protection Officer:

Dr. Boldizsár Morvay –

3. The data processed:

  • buyer’s name, residential address, e-mail address, telephone number, postal and invoicing address, bank account details
  • gift recipient’s name,

4. Purpose of data processing:

  • provide gift voucher services, simplify the online gift voucher ordering process, making it more convenient

5. Legal basis for data processing:

  • regarding the data necessary for invoicing (name, residential address) – legislative requirements (Section 169 (1) of the Accounting Act) – Article 6 (1) (c) of the GDPR
  • buyer’s e-mail address, telephone number and the details of the gift recipient, data necessary for the performance of the gift voucher purchase agreement - Article 6 (1) (b) of the GDPR

6. Legal consequences if data are not supplied:

  • the controller is unable to sell the gift voucher; no data processing.

7. Transfer of data:

  • data are transferred only to the data processor company operating the online gift voucher system; name of data processor: MORGENS Design Kft. registered seat: 8800 Nagykanizsa, Csányi László utca 2.
  • data are not transferred to third countries.

8. Legal basis of the data transfer:

  • performance of contract

9. Duration of personal data processing:

  • buyer’s name, residential address – to which the invoice is issued – to be held on record for 8 years in accordance with Section 169 (1) of the Accounting Act,
  • the buyer’s bank account details in the bank statements may be held on record until the end of the limitation period,
  • the buyer’s e-mail address and telephone number will be erased after use,
  • if the gift voucher is not used within 3 months of its expiry, the data of the gift recipient will be erased,

10. Information on the data subject’s general rights

Data subjects have the right to

  • request information from the controller regarding whether their personal data are being processed; if they are, the data subjects may request access to these personal data.
  • request the controller to rectify incorrect personal data without undue delay.
  • request the controller to erase their personal data without undue delay; the controller is under obligation to erase the personal data of the data subject without undue delay if certain other conditions apply
  • request the controller to restrict the data processing if
    • the data subject disputes the accuracy of the personal data /such restriction shall be in force while the controller verifies the accuracy of the personal data/;
    • the data processing is unlawful but the data subject is against the erasure of data and prefers a restriction of use instead;
    • whereas the controller no longer needs the personal data, but the data subject does for purposes of presenting, enforcing or protecting legal demands.
    • the data subject has objected to the data processing; in such a case, the restriction will apply for the duration of establishing whether the controller’s legitimate interests prevail over the data subject’s legitimate interests.
  • receive their personal data, provided by them to the controller, in a structured, commonly used format, and forward the data to another controller without this being prevented by a controller to whom they had provided such personal data, where the data processing is based on voluntary consent or contract, and is automated.
  • if personal data are processed for direct marketing purposes, the data subject has the right to object to the processing of their personal data for that purpose, including any profiling that is associated with direct marketing.
  • object to being subject to decisions based solely on automated data processing – including profiling – that would have a legal effect or similar significant consequence on them.

11. Information on profiling and automated decisions:

  • there are no profiling or automated decisions

12. Data storage, data security

The controller declares that, with reference to the latest advancements in technology, the controller will employ technical, procedural and organisational measures at all times in order to protect the processing at a level appropriate to the risks arising in relation to the processing.

13. Right to seek help from authorities:

Data subjects may take the controller to court if their rights have been breached. Lawsuits will be adjudicated by the Regional Court (Zalaegerszeg Regional Court contact information: 8900 Zalaegerszeg, Várkör u. 2.). The data subject may choose whether to bring a lawsuit before a regional court with competence at the data subject’s permanent or temporary place of residence. In such matters, the court will expedite its procedures.

Legal remedy is available and complaints may be filed at the National Authority for Data Protection and Freedom of Information: Name: National Authority for Data Protection and Freedom of Information. Registered seat: 1055 Budapest, Falk Miksa utca 9-11. Postal address: 1363 Budapest, Pf.: 9. Telephone: 06.1.391.1400 Fax: 06.1.391.1410 E-mail: Website:

14. Link to Privacy Policy

The controller’s Privacy Policy is available at