Data Protection Policy

Data Protection Policy by Flanker Plusz Kft.

Flanker Plusz Kft. (H-2040 Budaörs, Gyár u. 2., hereinafter referred to as service provider, data controller), as the operator of flanker.hu website and as data controller expresses their consent to be bound by the content of the present legal notice. They are committed to ensuring that all data handling related to their activities comply with requirements stipulated in the present regulation and in legislations in force.

Flanker Plusz Kft. is committed to the protection of personal data of their users and partners, and they consider it to be extremely important to respect the right of their customers to informational self-determination. Flanker Plusz Kft., as the operator and data controller of this present website, shall treat all personal data as confidential and shall provide for adequate technical and organizational security measures to guarantee the protection of data.

The operator describes the principles of data handling, as well as activities and rules related to data handled by the website, below in the present document. Principles of data handling related to the operation of the website are aligned with legislations on data protection in force, in particular with the following:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;
  • Act CXII of 2011 on the right of informational self-determination and on freedom of information (hereinafter referred to as: Privacy Act);
  • Act CVIII of 2001 on certain issues of electronic commerce services and information society services (E-Commerce Act);
  • Act XLVIII of 2008 on essential conditions of and certain limitations to business advertising activity (Advertising Act).
  1. Definitions

1.1. data subject: means a natural person who is identified or can be identified – directly or indirectly – based on personal data;

1.2. personal data: means any information relating to a data subject, in particular the name, the identification number or one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that data subject or any conclusion relating to the data subject that can be drawn from those;

1.3. consent: means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the – complete or partial – processing of personal data relating to them;

1.4. objection: means the expression of the data subject’s right to object to the processing of their personal data and to request the termination of data processing and the deletion of processed data;

1.5. data controller: means the natural or legal person or partnership without legal status who or which, alone or jointly with others, determines the purposes of the processing of personal data, makes and implements the decisions in relation to data processing (including resources used) or has them implemented by the authorized data processor;

1.6. data handling: means any operation or set of operations that is performed upon data, whether or not by automatic means, such as in particular collection, recording, organisation, storage, adaptation or alteration, use, retrieval, transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction, and blocking them from further use, photographing, sound and video recording, and the recording of physical attributes for identification purposes (such as fingerprints and palm prints, DNA samples and retinal images);

1.7. data transmission: means making data available to a specific third party;

1.8. disclosure: means making data available to anyone;

1.9. deletion of data: means making data unrecognizable in a way so that it is no longer possible to recover;

1.10. marking of data: means assigning an identification number to the data for the purpose of differentiation;

1.11. blocking of data: means assigning an identification number to the data for the purpose of restricting further data processing either permanently or for a definite period of time;

1.12. data destruction: means the complete physical destruction of the data medium containing data;

1.13. data processing: means the technical operations involved in data processing, irrespective of the method and instruments employed for such operations and the venue where it takes place, provided that such technical operations are carried out on the data;

1.14. data processor: means the natural or legal person or partnership without legal status who or which, in accordance with their agreement made with the data controller – including agreements based on legislative provisions –, processes the data;

1.15. third person: means the natural or legal person or partnership without legal status who or which is not the data subject, data controller or data processor;

1.16. third country: any state which is not an EEA state.

2. Principles of data handling related to the operation of the website

Personal data can be processed if

  1. a data subject consented to processing or
  2. it is required by law or – on the basis of law, within that specific power – by a decree of a local government due to public interest (mandatory data handling).

Personal data can also be processed if it is not possible to obtain the consent of the data subject or it would entail disproportionate costs, and data processing is required either due to compliance with the legal obligations of the data controller or due to legitimate interests pursued by the data controller or by a third party, and pursuing these legitimate interests is proportionate to the restriction of the right to the protection of personal data.

If personal data has been recorded with the consent of the data subject, the data controller can process the data recorded – unless otherwise provided for by law – without further consent and following the withdrawal of the consent of the data subject

  1. to comply with applicable legal obligations or
  2. due to legitimate interests pursued by the data controller or by a third party, if pursuing these legitimate interests is proportionate to the restriction of the right to the protection of personal data.

Personal data shall be processed only for a specific purpose, to exercise rights and to comply with obligations. Data processing shall comply with this objective during all phases, furthermore, recording and handling of data shall also be fair.

Only personal data that is absolutely necessary for compliance with the objective of data processing and that is suitable for complying with the objective can be processed, and only to a degree and for a period of time necessary to comply with the objective.

Personal data can be processed only with an informed consent.

Prior to data handling, the data subject shall be informed if data handling is based on consent or if it is mandatory. The data subject shall be – unambiguously, clearly and fully – informed of all facts related to the process of their personal data, in particular the purpose and legal basis of data processing; the identity of the entity having the right to data handling and data processing; the duration of data processing; the fact if the data controller processes the personal data of the data subject with the consent of the data subject and due to compliance with a legal obligation to the data controller or due to legitimate interests pursued by a third party; and who can access the data. Information shall also include the rights and legal remedies available to the data subject in relation to data processing.

During data processing, one shall ensure that data is accurate, complete and up to date, as well as that the data subject can be identified only for a time necessary for the purpose of data processing.

Personal data can be transmitted to a data controller or data processor in a third country only if the data subject has given explicit consent to it or if the conditions of data processing stipulated above are fulfilled, and if the adequate level of protection of personal data is ensured in the third country during the handling and processing of data transmitted. Data transmission to EEA states shall be regarded as data transmission within Hungary.

3. The scope of personal data processed and characteristics of data processing

Data processing related to activities in the website is based on voluntary consent. In certain cases, however, the processing, storage and transmission of a certain scope of data recorded is required by legislations, which we expressly inform our visitors and users of.

3.1. Data of the website’s visitors

Purpose of data processing: during visiting the website, the hosting service provider of the website records visitor data to check the operation of the service and to prevent misuse.
Legal basis of data processing: consent of the data subjects and Article 13(A)(3) of Act CVIII of 2001 on certain issues of electronic commerce services and information society services.
Scope of data processed: date and time, IP address of the user’s computer, address of the website visited, address of the website previously visited, data on the operating system and browser of the user.
The web analytics software and external server of Google Analytics conducts the independent measurement and auditing of the website’s data on visits and other web analytics data. The data controller provides detailed information on the processing of measurement data at www.google-analytics.com.
For a customized service, external service providers place a small data package, so-called cookie on the user’s computer and read that data. If the browser sends back a previously stored cookie, service providers processing that data can combine the user’s current visit with the previous ones, but only in relation to their own content.
So-called web beacons are not used in the website.

3.2. Data related to contact, registration, requesting information

Purpose of data processing: contact, communication, requesting information.
Legal basis of data processing: voluntary consent of the data subjects.
Scope of data processed: name, e-mail address, phone number, subject and text of the message, date and time and other personal data provided by the data subject.
Time limit of deleting the data: termination of the purpose of data processing or withdrawal of the consent.

3.3. Subscription to newsletter

Purpose of data processing: sending newsletters
Legal basis of data processing: voluntary consent of the data subjects
Scope of data processed: Last name, first name, e-mail address
Time limit of deleting the data: withdrawal of the consent or termination of the purpose of data processing.

Deletion or amendment of personal data can be requested by the following means:

  • by post: at the address of H-2040 Budaörs, Gyár u. 2.,
  • in e-mail at the address of This email address is being protected from spambots. You need JavaScript enabled to view it..

Data protection rights of users and how they can exercise their rights: Statutory rights and obligations of users are stipulated in Articles 14-21 of the Privacy Act. In accordance with the law, users shall have the right to information, and they can request the correction, deletion and blocking of their personal data. Detailed information on rights and obligations is provided in the indicated sections of the act, at the following website: http://njt.hu/cgi_bin/njt_doc.cgi?docid=139257.296244 (Articles 14-21)

Legal remedy in relation to data processing: Legal remedies available to users who are data subjects are specified in Articles 22-23 of the Privacy Act: http://njt.hu/cgi_bin/njt_doc.cgi?docid=139257.296244

More information on data processing can be requested from the Data Controller of the website at the e-mail address of This email address is being protected from spambots. You need JavaScript enabled to view it., and from the National Authority for Data Protection and Freedom of Information (Head office: H-1125 Budapest, Szilágyi Erzsébet fasor 22/c, Postal address: H-1530 Budapest, P.O. Box: 5., Phone: +36 (1) 391-1400).

4. Storing personal data, data processing

IT equipment and data storing solutions of Flanker Plusz Kft. are located at their head office at the address of H-2040 Budaörs, Gyár u. 2.

5. Data and contact of the data controller

Name: Flanker Plusz Kft. and its employees being in an employment relationship and performing job-related tasks specified in the contracts of employment.
Head office: H-2040 Budaörs, Gyár u. 2.
Online contact: This email address is being protected from spambots. You need JavaScript enabled to view it.

6. Data and contact of the data processor

Name: Flanker Plusz Kft. and its employees being in an employment relationship and performing job-related tasks specified in the contracts of employment.
Head office: H-2040 Budaörs, Gyár u. 2.
Online contact: This email address is being protected from spambots. You need JavaScript enabled to view it.

7. Legal remedy

Legal remedy is available to and complaints can be filed by the owner of the personal data at the National Authority for Data Protection and Freedom of Information. Contact details of the authority:
National Authority for Data Protection and Freedom of Information
H-1024 [H-1125] Budapest, Szilágyi Erzsébet fasor 22/C.
Website: http://www.naih.hu


© All Rights Reserved – Flanker Plusz Kft. | Site by Meraki