Skip to content Skip to footer
Menu Close
Close
Request a custom offer
Request a custom quote!

Privacy policy

Personal Data Protection and Processing Policy

I. Introduction

1. M and M Productions Limited Liability Company (registered office: Floor 6 Bldg. B 1 Alíz street Budapest 1117; company registry number: 01-09-341359; VAT no.: 25460171-2-43), as data controller (hereinafter referred to as: Data Controller) agrees to be bound by this Personal Data Protection and Processing Policy (hereinafter referred to as: Policy). The Data Controller hereby warrants that any data processing related to the services provided by the Data Controller is in compliance with requirements set forth in national laws and regulations as well as in the legal acts of the European Union and the provisions of this Policy.

2. M and M Productions Limited Liability Company is committed to protecting the personal data of its customers and places special emphasis on respecting the right of its customers to informational self-determination. The M and M Productions Limited Liability Company shall process personal data in a confidential manner and take all security, technical and organisational measures to ensure the security of data.

3. The Data Controller reserves the right to change this Policy. The effective version of this Policy is available at https://b2b.etelburg.com (hereinafter referred to as: Website) at all times.

II. Terms, definition

1. “personal data” means any information relating to the data subject;

2. “consent” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

3. “data controller” means a natural or legal person, or other organisation without a legal personality which, alone or jointly with others, determines the purposes of the processing of personal data, makes the decisions with regard to data processing (including its means) and implements such decisions or causes the data processor to implement such decisions in compliance with any applicable laws or the binding legal acts of the European Union;

4. “data processing” means any operation or set of operations which is performed on personal data, regardless of its means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; and prevention of the re-use of the data, taking photos, making audio or video recordings, recording biometric data allowing personal identification (e.g. fingerprints or palm prints, DNA samples, iris scans);

5. “data transfer” means the provision of access to a specific third party to personal data;

6. “disclosure” means the provision of public access to personal data;

7. “data erasure” means an operation intended to make the data unrecognisable without the possibility to be restored;

8. “data destruction” means the total physical destruction of the data carrier containing the personal data;

9. “sub-processing” means any set of data processing operations performed by a data processor contracted by a data controller;

10. “data processor” means a natural or legal person, or other organisation without a legal personality which processes personal data contracted by a data controller in compliance with the terms and conditions of any applicable laws and the binding legal acts of the European Union;

11. “data set” means all data processed in a single file;

12. “third party” means a natural or legal person, or organisation without a legal personality other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

13. “personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, modification, unauthorised disclosure or access to personal data transmitted, stored or otherwise processed.

  • M and M Productions Limited Liability Company is committed to protecting its clients’ personal data and considers the respect of its clients’ informational self-determination rights to be of paramount importance. M and M Productions Limited Liability Company handles personal data confidentially and takes all security, technical, and organizational measures necessary to ensure the safety of the data.
  • The Controller reserves the right to modify this Policy. The current version of the Policy is continuously available on the https://etelburg.com website (hereinafter: the “Website”).

III. Data and contact details of the Data Controller

Name: M and M Productions Limited Liability Company

Registered office: Floor 6 Bldg. B 1 Alíz street Budapest 1117 6. em.

Email address: etelburg@etelburg.com

IV. The legal basis, purpose and method of Data Processing

1. Data processing is based on the freely given, informed statement of the users of the Website, which statement contains the explicit consent of such users for the use of their personal data disclosed during the use of the Website. Users shall have the right to withdraw such consent any time during the data processing.

2. The Data Controller uses https://b2b.etelburg.com to inform the public on its products also describing any related research and development efforts. Additional information is offered electronically and communication with interested users is also carried out by mainly electronic means. The Data Controller therefore collects, stores and processes personal data that are indispensably necessary to achieve the above mentioned purposes.

3. The Data Controller shall comply with the purpose of the data processing in every phase of the data processing and the collection and processing of personal data shall be based on a fair and lawful procedure at all times.

4. During the above mentioned data processing, the Data Controller shall ensure that personal data are accurate, complete, and where necessary in relation to the purpose of the processing, are kept up to date and that the identification of data subjects is permitted for no longer than necessary for the purpose of the processing.

5. The Data Controller shall ensure the security of the personal data, shall take the necessary technical measures to safeguard the personal data collected, stored and processed and shall take every reasonable step to prevent the destruction, unauthorised use or alteration of the personal data.

6. The Data Controller shall use personal data provided by users exclusively for the purpose specified in this Policy. Unless otherwise specified by applicable laws, personal data provided by users may only be transferred to third parties or authorities with the prior and explicit consent of such users.

7. The Data Controller is not required to verify the accuracy of personal data provided by users; the accuracy of data is the responsibility of the persons providing such data. By disclosing their email address, users shall assume the responsibility to be the only persons to use the services of the Website via the registered email address. As a result, any and all responsibility related to access via a specific email address shall be assumed by the user who disclosed that email address.

8. The Data Controller’s principles relating to the processing of personal data are consistent with any effective laws and regulations relating to data protection, including in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and Act CXII of 2011 on the right to informational self-determination and on the freedom of information (Privacy Act) and Act V of 2013 on the Civil Code (Civil Code).

9. Pursuant to point (a), paragraph 1. of article 6 of the General Data Protection Regulation, data processing is subject to the consent of the data subject.

10. Only the Data Controller’s own employees are authorised to have access to personal data provided by users.

11. In order to use the personal data of users for the purpose described above, the Data Controller shall share the personal data with third parties. For example, Etelburg shop uses the Shopify platform to operate its website. For more information on the use of personal data by Shopify, visit https://www.shopify.com/legal/privacy. Etelburg shop also uses Google Analytics to help understand how customers use the Website. For more information on the use of personal data by Google, visit https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.

V. The scope of the processed data, the duration of processing

1. The use of the Website is not subject to registration. When a user visits the Website, certain information is automatically collected about their device, including information about their web browser, IP address, time zone, and some of the cookies that are installed on their device. Additionally, as a user browses the Website, information about the individual web pages or products that they view, what websites or search terms referred them to the Website, and information about how they interact with the Website. This automatically-collected information is referred by the Data Controller as Device Information.
Device Information is collected using the following technologies:
  • “cookies” are data files that are placed on a user’s device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
  • “log files” track actions occurring on the Website, and collect data including a user’s IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
  • “web beacons”, “tags”, and “pixels” are electronic files used to record information about how a user browses the Website.

2. The following data may consequently be automatically collected during the operation of the information technology system supporting the Website: data of the user’s log-in computer that are generated while the service is used and are collected by the Data Processor’s system as the automatic results of the technical processes. Automatically collected data are automatically logged without a specific statement or action of users when a website is accessed and/or exited. Except in cases required by law, these data may not be linked to other personal data of users.

3. The Data Controller may act as a technical facilitator to ensure that during a Website visit third parties engaging with the Data Controller, in particular Google Inc. use cookies to store that a user has previously visited the Data Controller’s Website and may show advertisements to such users based on that. Users may delete cookies from their computer or block cookies through their browser. Google also allows users to block cookies placed by Google on the site for turning off advertisements placed by Google.

4. Additionally, when a user makes a purchase or attempts to make a purchase through the Website, certain information is collected from them, including their name, billing address, shipping address, payment information (including credit card numbers), email address, and phone number. This information is referred to as Order Information.

5. Information referred to as personal data in this Policy includes both Device Information and Order Information.

6. Personal data provided on the Website shall be processed by the Data Controller until they are erased. The erasure of personal data may be performed at any time based on a user’s request by a written request sent by the user through one of the communication channels of the Data Controller indicated in this Policy (email or ordinary mail).

VI. Newsletters and other notices

1. The Data Controller shall importantly ensure that electronic mail addresses processed by the Data Controller are lawfully used, i.e. the Data Controller shall only use the email addresses provided by users to send emails as required below.

2. The processing of email addresses is mainly for the purpose of identifying users, completing orders and interacting with users during the use of the Website’s services.

3. The Data Controller regularly informs users in the form of newsletters who specifically signed up to receive newsletters. The content of the newsletters sent may vary based on the information provided by the users. Users may unsubscribe from the newsletter at any time using the link at the bottom of the email message.

VII. The rights of data subjects, remedies

1. Data subjects shall have the right to obtain from the Data Controller access to personal data concerning them, rectification, erasure, restriction of processing of their personal data in certain cases and may object to the processing of their personal data. Furthermore, data subjects shall have the right of data portability, to submit complaints to the supervisory authority, to obtain redress, to decide whether to be subject to the decision in individual automated decision-making and to obtain human intervention. If the processing of personal data is based on consent, data subjects shall also have the right to withdraw their consent at any time, which shall not affect the lawfulness of processing based on consent before its withdrawal.

VII.1 Right of access

Data subjects shall have the right to obtain from the controller confirmation as to whether or not, and if yes, in what manner personal data concerning them are being processed including the purposes of the processing, the recipients to whom the personal data have been disclosed, the source from which the Data Controller received the data, the period of data storage, any right concerning the processing. The right of access also allows data subjects to request a copy of the data and where data subjects make the request by electronic means, unless otherwise requested by data subjects, the information shall be provided in electronic form. If the right of access by data subjects adversely affects the rights and freedoms of others, in particular trade secrets or intellectual property of others, the Data Controller shall have the right to refuse to provide the information requested by the data subject to the necessary and proportionate extent.

VII.2 Right to rectification

Based on a request from data subjects, the Data Controller shall correct or complete personal data concerning them. If there are concerns about the corrected data, the Data Controller may request the data subject to provide adequate proof, primarily by presenting official documents, for the corrected data for the Data Controller.

VII.3 Right to Erasure (“Right to be forgotten”)

If data subjects request the erasure of some or all of the personal data concerning them, the Data Controller shall erase such data without undue delay if:

  • the personal data are no longer necessary for the Data Controller in relation to the purposes for which they were collected or otherwise processed;
  • the request concerns processing that was based on the data subject’s consent but such consent has been withdrawn by the data subject and thus there is no legal ground for the processing;
  • the request concerns processing that was based on the legitimate interest of the Data Controller or a third party but the data subject objected to the processing and, with the exception of objection to processing for direct marketing purposes, there are no overriding legitimate grounds for the processing;
  • the personal data have been unlawfully processed by the Data Controller;
  • the personal data have to be erased for compliance with a legal obligation.
VII.4 Right to restriction of processing

Data subjects shall have the right to obtain restriction of their personal data where one of the following applies:

  • the accuracy of the personal data is contested by the data subject, the restriction in this case applies for a period enabling the Data Controller to verify the accuracy of the personal data;
  • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or
  • the data subject has objected to the processing, the restriction in this case applies to the period until it is verified whether the legitimate grounds of the Data Controller override those of the data subject.

The restriction of processing means that personal data subject to the restriction are not processed by the Data Controller, with the exception of storage, or only personal data to the processing of which the data subject has given consent are processed.

VII.5 Right to Data Portability

Data subjects shall have the right to receive the personal data concerning them, which they have provided to the Data Controller and are being processed using automated means (e.g. in a computer system), in a structured format and have the right to transmit those data to another controller or to have the personal data transmitted directly from one controller to another, where technically feasible. If the exercise of the data subject’s right to data portability adversely affects the rights and freedoms of others, the Data Controller shall have the right to refuse the data subject’s request to the extent necessary. Measures concerning data portability do not entail the erasure of such data only if the data subject simultaneously requests the erasure of the personal data, which means that the Data Controller shall maintain the data as long as the Data Controller has a legitimate purpose and/or legal ground for processing such data.

2. If data subjects consider that the processing of their personal data by the Data Controller is in breach of the applicable data protection laws and regulations including in particular the provisions of the General Data Protection Regulation, they shall have the right to lodge a complaint with the National Authority for Data Protection and Freedom of Information (NAIH).

NAIH contact details:
  • Website: http://naih.hu/
  • Address: 9-11 Falk Miksa Street Budapest 1055
  • Postal address: PO Box: 9 Budapest 1363
  • Telephone: +36-1-391-1400
  • Fax: +36-1-391-1410
  • Email: ugyfelszolgalat@naih.hu

Data subjects shall have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of their habitual residence, place of work or place of the alleged infringement.

Without prejudice to their right to lodge a complaint, data subjects shall have the right to seek legal redress in a court in case of the above mentioned infringement. In case of the Data Controller, the competent court is the Court of Budapest but data subjects shall have the right to file a court case with the competent court at the place of their residence. Contact details of courts in Hungary are available here: http://birosag.hu/torvenyszekek. Furthermore, data subjects shall have the right to file a court case with the court in the EU member state of their habitual residence if the habitual residence of the data subject is in another member state of the European Union. Data subjects shall have the right to judicial remedy against a legally binding decision of a supervisory authority concerning them.

Entry into force: December 1, 2021.