in which we inform you, as a visitor to our website, as well as a user of our services, about our company's data management and data protection regulations.

1. What principles do we follow during our data management?

Our company follows the following principles during data management:

• We handle personal data lawfully and fairly, as well as transparently for you.

• Personal data is collected only for specified, explicit, and legitimate purposes and not processed in a manner incompatible with those purposes.

• The personal data we collect and process are adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

• Our company takes every reasonable step to ensure that the data we process is accurate and, where necessary, kept up to date; we promptly delete or correct inaccurate personal data.

• We store personal data in a form that allows identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.

• We ensure appropriate security of personal data through appropriate technical and organisational measures against unauthorised or unlawful processing, accidental loss, destruction, or damage.

• Our company processes your personal data

• Based on your informed and voluntary consent, and only to the necessary extent, we collect, record, organise, store, and use them, always with a purpose.

• In certain cases, processing of your data is based on legal requirements and is mandatory; in such cases, we will specifically draw your attention to this fact.

• In certain cases, our company or a third party may have a legitimate interest in processing your personal data, for example, to operate, develop, and secure our website.

2. Who are we?

• Company name: BiztoSport Ltd.

• Registered office: 4100 Berettyóújfalu, Bajcsy-Zsilinszky Street 12, 1st floor, 5a.

• Website: biztosport.hu

• Mailing address: 4100 Berettyóújfalu, József Attila Street 9, Office 1.3

• Email address: info@biztosport.hu

• Tax number: 32436433-1-09

• Company registration number: 09-09-035665

Our company is not required to appoint a Data Protection Officer according to Article 37 of the GDPR.

Our company's hosting provider:

• Our company's hosting provider:

• Hosting provider name: Framer B. V.

• Hosting provider headquarters: Amsterdam, Netherlands

• Hosting provider website: framer.com

During data management, our company – for the high-standard service of our clients – engages the following data processors:

• Data Controller (1): BiztoSport Ltd.

• Address (1): 4100 Berettyóújfalu, Bajcsy-Zsilinszky Street 12, 1st floor, 5a.

• Responsibilities (1): All activities

Should we amend the scope of our data processors, we will reflect these changes in this notice.

The data we process:

We only request personal data from visitors to our website if they wish to register, log in, or participate in a prize draw.

We do not link personal data provided during registration or marketing services, and identifying our visitors is not our primary goal.

If you have questions regarding data management, you can request additional information at info@biztosport.hu or by mail, and we will respond within 15 days (or at most within 1 month) to your provided contact address.

3. What are cookies, and how do we manage them?

Cookies are small data files (hereinafter referred to as cookies) that are placed on your computer through a website and saved by your internet browser. Most commonly used internet browsers (Chrome, Firefox, etc.) accept and allow cookies by default; however, it depends on you to change the browser settings to reject or disable them, and you can also delete cookies already stored on your computer. More information about cookie usage can be found in the help section of each browser.

Some cookies do not require your prior consent. We provide brief information about these when you first visit our website, including authentication, multimedia player, load balancing, user interface customisation, session cookies, and user-centred security cookies.

For cookies requiring consent – if data processing begins with visiting the page – our company will inform you at the start of your first visit and ask for your consent.

Our company neither uses nor allows cookies that third parties can use to collect data without your consent.

Acceptance of cookies is not mandatory, and our company cannot be held liable if our website does not function as expected due to the lack of cookie permissions.

What cookies do we use?

Name: _ga
Provider: biztosport.hu
Purpose: Registers a unique ID that generates statistical data on how the visitor uses the website.
Expiry: 2 years
Type: HTTP

Name: _gat
Provider: biztosport.hu
Purpose: Stores the request rate used by Google Analytics.
Expiry: Session
Type: HTTP

Name: _gid
Provider: biztosport.hu
Purpose: Registers a unique ID that generates statistical data on how the visitor uses the website.
Expiry: Session
Type: HTTP

Name: _fbp
Provider: biztosport.hu
Purpose: Used by Facebook to deliver a series of advertisement products on Facebook.
Expiry: 3 months
Type: HTTP

Name: fr
Provider: facebook.com
Purpose: Used by Facebook to deliver advertisement products from third-party advertisers.
Expiry: 3 months
Type: HTTP

You can read more about third-party cookies on this page.

4. What else should you know about our website-related data management?

You voluntarily provide personal data in the course of registration or your communication with our company; therefore, please ensure the authenticity, accuracy, and correctness of the data when communicating it, as you are responsible for these. Incorrect, inaccurate, or incomplete data may be an obstacle to using our services.

If you provide personal data of another person instead of your own, we presume that you possess the necessary authorisation.

You can withdraw your consent to data management at any time, free of charge, by:

• deleting your registration,

• withdrawing consent to data management, or

• withdrawing or requesting the blocking of consent to handle or utilise any data that must be completed during registration.

We undertake to register the withdrawal of consent, for technical reasons, with a 30-day deadline; however, please note that in light of legal obligations or the enforcement of legitimate interests, we may still process certain data even after the withdrawal of consent.

In the case of misleading use of personal data or if any of our visitors commits a crime or attacks our system, we will immediately terminate the registration of the implicated visitor and delete his/her data at the same time, or – if necessary – retain such data for the duration of civil liability establishment or criminal proceedings.

5. What should you know about direct marketing and newsletter data management?

With the statement made during registration or later by modifying your personal data stored on the newsletter and/or direct marketing registration interface (i.e., with a clearly expressed consent), you grant your consent to use your personal data for marketing purposes. In this case – until the consent is withdrawn – we manage your data for direct marketing and/or newsletter delivery purposes and send advertising and other dispatches to you, as well as informative materials and offers (Grtv. 6. §).

You can provide or withdraw your consent for direct marketing and newsletters collectively or separately, free of charge, at any time.

We always consider the deletion of the registration as the withdrawal of consent. Withdrawing consent for direct marketing and/or newsletter purposes is not interpreted as a withdrawal of consent for website-related data management. How does it work? What do we retain and on what basis if the newsletter consent is withdrawn? For each consent, there is a specific purpose; thus, registration on the website and newsletter subscription represent two different purposes, belonging to two separate databases, and they cannot be interlinked.

The registration of consent withdrawals or cancellations is undertaken with a technical deadline of 15 days.

6. What should you know about prize draws?

Our company may organise promotional prize draws, the specific conditions of which are included in separate regulations. The current action regulation can always be found on the homepage of our website, placed in a central location via a link.

7. Other data management issues

Your data can only be forwarded within the legal framework, and in the case of our data processors, we ensure by contractual terms that they can't use your personal data for purposes other than those you have consented to. More information can be found in section 2.

Our company does not transfer data abroad.

The court, the prosecutor's office, and other authorities (e.g., police, tax office, National Authority for Data Protection and Freedom of Information) can contact our company for information provisioning, data sharing, or providing documents. In these cases, we must comply with our data provision obligations, but only to the extent that is essential for fulfilling the request's purpose.

Our collaborators and employees participating in our data management and/or data processing are entitled to know your personal data to a predefined extent, under the obligation of confidentiality.

We protect your personal data with adequate technical and other measures, and we ensure the security, availability of the data, and protect it from unauthorised access, alteration, damage, or publicity and any other unauthorised uses.

With organisational measures, we monitor physical access in our buildings, constantly educate our employees, and securely store paper-based documents. As part of the technical measures, we use encryption, password protection, and antivirus software. Please note, however, that data transmission through the internet is not completely secure data transmission. Our company does everything to make the processes as secure as possible, yet we cannot take full responsibility for data transmission through our website; however, regarding the data reaching our company, we adhere to stringent protocols to ensure the security of your data and prevent unlawful access.

Regarding the security questions, we ask for your cooperation in carefully retaining your access passwords for our website and not sharing them with anyone.

8. What are your rights and means of legal redress?

You may request

• information about data management,

• correction, modification, or completion of the personal data we handle,

• object to data management and request the deletion or blocking of your data (except for mandatory data processing),

• seek legal remedy in court,

• file a complaint or initiate proceedings with the supervisory authority (https://www.naih.hu/panasz-vagy-kozerdeku-bejelentes-a-panasztorveny-szerint).

Supervisory Authority: National Authority for Data Protection and Freedom of Information

• Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.

• Mailing Address: 1530 Budapest, P.O. Box: 5.

• Phone: +36 (1) 391-1400

• Fax: +36 (1) 391-1410

• Email: ugyfelszolgalat@naih.hu

• Website: https://naih.hu/

Upon your request, we provide information about your data we handle, or process by us or our appointed data processor:

• data,

• its source,

• the purpose and legal basis of data handling,

• its duration, and if not possible, the criteria for determining this duration,

• the names, addresses of our data processors, and their activities related to data handling,

• circumstances, effects of data protection incidents, measures taken for prevention and avoidance, and

• in case of data transmission of your personal data, the legal basis and recipient of data transmission.

We will provide the information within 15 days (or at most within 1 month) from the submission of the request. The information is free of charge except when you submitted a request for the same data range in the current year. The cost reimbursement you have already paid will be refunded if we handled the data unlawfully or the request for information led to a correction. We may only refuse the information in cases prescribed by law, indicating the place of the legislation, as well as the possibility of judicial redress or information on contacting the Authority.
Our Company will inform you, as well as all those to whom the data was previously transmitted for data management purposes, about the correction, blocking, marking, and deletion of the personal data, except when the omission of notification does not violate your legitimate interest.

If your request for correction, blocking, or deletion is not fulfilled, we will notify you within 15 days (or at most within 1 month) of receipt of the request in writing or, with your consent, electronically of the reasons for the refusal and inform you of the possibility of legal remedy and contacting the Authority.

If you object to the handling of your personal data, we will investigate the objection within 15 days (or at most within 1 month) of the submission of the request and inform you in writing of the decision. If we determine that your objection is justified, we will cease the data handling – including any further data collection and transmission – and block the data, as well as inform all those to whom we previously transmitted the personal data affected by the objection, and who are required to act to enforce the right of objection.

We will refuse to fulfil the request if we can prove that data processing is justified by compelling legitimate grounds that override your interests, rights, and freedoms, or are related to the establishment, exercise, or defence of legal claims. If you disagree with our decision, or if we fail to comply with the deadline, you may bring the matter to court within 30 days of notification of the decision, or from the last day of the deadline.

The jurisdiction of data protection lawsuits is within the competence of the court, which may be initiated before the court competent for the place of residence or place of stay of the data subject, according to the data subject's choice. Foreign citizens may also submit a complaint to the supervisory authority competent in their place of residence.

We kindly ask you to contact our company before you file a complaint with the supervisory authority or court, to resolve any problems that have arisen as quickly as possible.

9. What are the main applicable laws for our activities?

• Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons about the processing of personal data (GDPR)

• Act CXII of 2011 on the Right to Informational Self-Determination and on Freedom of Information - (Info tv.)

• Act V of 2013 on the Civil Code (Ptk.)

• Act CVIII of 2001 on Electronic Commerce and on Information Society Services - (Eker tv.)

• Act C of 2003 on Electronic Communications - (Ehtv)

• Act CLV of 1997 on Consumer Protection (Fogyv tv.)

• Act CLXV of 2013 on Complaints and Public Interest Announcements. (Pktv.)

• Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (Grtv.)

10. Modification of Data Management Information

Our company reserves the right to modify this Data Management Information, which will be duly notified to the affected parties. Information about data management is published on the website biztosport.hu.

Berettyóújfalu, 2024.04.23.